From e5085353b017a5cbf39ba4d255262af66a5e381a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Feb 24 2022 18:01:27 +0000 Subject: 249.4-2.13: Move to dist-git layout and add back removed files To enable a more streamlined way of pulling in changes from rawhide, let's work to reduce the diff between the c8s-hyperscale-sig branch and the rawhide branch as much as possible. The first step is to stop using the SOURCES/ and SPECS/ directories as those aren't used by the rawhide branch. Instead, everything exists in the root repository directory. Additionally, this diff pulls in the .gitignore file from the rawhide branch as our own .gitignore/ relied on the SOURCES/ directory which means it didn't work anymore after moving the files out of that directory. To further reduce the diff with the main branch, let's also add back the deleted files from the main branch . Note that while we add back the files, we don't add them back to the spec itself, so they'll exist but won't be used. Adding the files back allows us to merge changes from the main branch into the hyperscale branch without running into merge conflicts because the file was modified in the main branch but we deleted it. It also makes it easier at a glance to compare the diff from the hyperscale branch with the main branch since the diff will be smaller. The files were taken from commit 46a40810, which is the commit that c8s-hyperscale-sig was based on for the 249-4 release. We don't add back the sources file because then we'd need to modify it to specify the current release which would result in a merge conflict when merging changes from Fedora so we keep it deleted. --- diff --git a/.gitignore b/.gitignore index 3f15024..6cf7897 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,9 @@ -BUILD/ -BUILDROOT/ -RPMS/ -SOURCES/*.tar.gz -SRPMS/ +*~ +/.mail.list +/systemd-*/ +/.build-*.log +/x86_64/ +/systemd-*src.rpm +/systemd-*.tar.xz +/systemd-*.tar.gz +/*.rpm diff --git a/.systemd.metadata b/.systemd.metadata index 052ad4c..6e599db 100644 --- a/.systemd.metadata +++ b/.systemd.metadata @@ -1 +1 @@ -5e3b9df64a15cb3b446c0e74556ea9020ce50b8b SOURCES/systemd-249.4.tar.gz +5e3b9df64a15cb3b446c0e74556ea9020ce50b8b systemd-249.4.tar.gz diff --git a/.zuul.yaml b/.zuul.yaml new file mode 100644 index 0000000..591bb8a --- /dev/null +++ b/.zuul.yaml @@ -0,0 +1,5 @@ +- project: + vars: + install_repo_exclude: + - systemd-standalone-tmpfiles + - systemd-standalone-sysuser diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch new file mode 100644 index 0000000..f7b3a61 --- /dev/null +++ b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch @@ -0,0 +1,257 @@ +From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Jul 2021 14:02:36 +0200 +Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other + commands + +We can make things a bit simpler and more readable by not specifying the path. +Since we didn't specify the full path for all commands (including those invoked +recursively by anythign we invoke), this didn't really privide any security or +robustness benefits. I guess that full paths were used because this style of +rpm packagnig was popular in the past, with macros used for everything +possible, with special macros for common commands like %{__ln} and %{__mkdir}. + +(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef) +--- + src/rpm/macros.systemd.in | 24 ++++++++++++------------ + src/rpm/triggers.systemd.in | 18 +++++++++--------- + src/rpm/triggers.systemd.sh.in | 18 +++++++++--------- + 3 files changed, 30 insertions(+), 30 deletions(-) + +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index 3a0169a85f..3129ab2d61 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \ + + %systemd_post() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ +-if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ + # Initial installation \ +- %{_bindir}/systemctl --no-reload preset %{?*} || : \ ++ systemctl --no-reload preset %{?*} || : \ + fi \ + %{nil} + +@@ -56,21 +56,21 @@ fi \ + + %systemd_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ +-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ + # Package removal, not upgrade \ + if [ -d /run/systemd/system ]; then \ +- %{_bindir}/systemctl --no-reload disable --now %{?*} || : \ ++ systemctl --no-reload disable --now %{?*} || : \ + else \ +- %{_bindir}/systemctl --no-reload disable %{?*} || : \ ++ systemctl --no-reload disable %{?*} || : \ + fi \ + fi \ + %{nil} + + %systemd_user_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ +-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ + # Package removal, not upgrade \ +- %{_bindir}/systemctl --global disable %{?*} || : \ ++ systemctl --global disable %{?*} || : \ + fi \ + %{nil} + +@@ -84,10 +84,10 @@ fi \ + + %systemd_postun_with_restart() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ +-if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ + # Package upgrade, not uninstall \ + for unit in %{?*}; do \ +- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ ++ systemctl set-property $unit Markers=+needs-restart || : \ + done \ + fi \ + %{nil} +@@ -105,17 +105,17 @@ fi \ + # Deprecated. Use %tmpfiles_create_package instead + %tmpfiles_create() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \ +-[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \ ++command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \ + %{nil} + + # Deprecated. Use %sysusers_create_package instead + %sysusers_create() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \ +-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \ ++command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \ + %{nil} + + %sysusers_create_inline() \ +-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - </dev/null && systemd-sysusers - < 0 then + posix.wait(pid) + end + + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) ++ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -38,7 +38,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemctl", "daemon-reload")) ++ assert(posix.execp("systemctl", "daemon-reload")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -49,7 +49,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) ++ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -62,7 +62,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-sysusers")) ++ assert(posix.execp("systemd-sysusers")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -74,7 +74,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) ++ assert(posix.execp("systemd-hwdb", "update")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -86,7 +86,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) ++ assert(posix.execp("journalctl", "--update-catalog")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -111,7 +111,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create")) ++ assert(posix.execp("systemd-tmpfiles", "--create")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -123,7 +123,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/udevadm", "control", "--reload")) ++ assert(posix.execp("udevadm", "control", "--reload")) + elseif pid > 0 then + posix.wait(pid) + end +diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in +index 22abad9812..1631be18c9 100644 +--- a/src/rpm/triggers.systemd.sh.in ++++ b/src/rpm/triggers.systemd.sh.in +@@ -15,8 +15,8 @@ + # installed, because other cases are covered by the *un scriptlets, + # so sometimes we will reload needlessly. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemctl daemon-reload || : +- %{_bindir}/systemctl reload-or-restart --marked || : ++ systemctl daemon-reload || : ++ systemctl reload-or-restart --marked || : + fi + + %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +@@ -26,13 +26,13 @@ fi + # have been installed, but before %postun scripts in packages get + # executed. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemctl daemon-reload || : ++ systemctl daemon-reload || : + fi + + %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # We restart remaining services that should be restarted here. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemctl reload-or-restart --marked || : ++ systemctl reload-or-restart --marked || : + fi + + %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} +@@ -40,21 +40,21 @@ fi + # specified users automatically. The priority is set such that it + # will run before the tmpfiles file trigger. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemd-sysusers || : ++ systemd-sysusers || : + fi + + %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} + # This script will automatically invoke hwdb update if files have been + # installed or updated in {{UDEV_HWDB_DIR}}. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemd-hwdb update || : ++ systemd-hwdb update || : + fi + + %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} + # This script will automatically invoke journal catalog update if files + # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. + if test -d "/run/systemd/system"; then +- %{_bindir}/journalctl --update-catalog || : ++ journalctl --update-catalog || : + fi + + %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} +@@ -71,14 +71,14 @@ fi + # tmpfiles automatically. The priority is set such that it will run + # after the sysusers file trigger, but before any other triggers. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemd-tmpfiles --create || : ++ systemd-tmpfiles --create || : + fi + + %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}} + # This script will automatically update udev with new rules if files + # have been installed or updated in {{UDEV_RULES_DIR}}. + if test -e /run/udev/control; then +- %{_bindir}/udevadm control --reload || : ++ udevadm control --reload || : + fi + + %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} +-- +2.31.1 + diff --git a/0001-sysv-generator-downgrade-log-warning-about-autogener.patch b/0001-sysv-generator-downgrade-log-warning-about-autogener.patch new file mode 100644 index 0000000..df2bbee --- /dev/null +++ b/0001-sysv-generator-downgrade-log-warning-about-autogener.patch @@ -0,0 +1,30 @@ +From 0c21535392bf6296d213c35fd1a0b0bc89dbddb3 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Wed, 31 Mar 2021 14:04:09 -0700 +Subject: [PATCH] sysv-generator: downgrade log warning about autogenerated to + debug + +--- + src/sysv-generator/sysv-generator.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index 8c7aef23c3..89599a69ee 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -786,9 +786,9 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { + if (!fpath) + return log_oom(); + +- log_warning("SysV service '%s' lacks a native systemd unit file. " +- "Automatically generating a unit file for compatibility. " +- "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); ++ log_debug("SysV service '%s' lacks a native systemd unit file. " ++ "Automatically generating a unit file for compatibility. " ++ "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); + + service = new(SysvStub, 1); + if (!service) +-- +2.30.2 + diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch new file mode 100644 index 0000000..32047c5 --- /dev/null +++ b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch @@ -0,0 +1,337 @@ +From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 22 Jul 2021 11:22:33 +0200 +Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl + commands +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Instead of embedding the commands to invoke directly in the macros, +let's use a helper script as indirection. This has a couple of advantages: + +- the macro language is awkward, we need to suffix most commands by "|| :" + and "\", which is easy to get wrong. In the new scheme, the macro becomes + a single simple command. +- in the script we can use normal syntax highlighting, shellcheck, etc. +- it's also easier to test the invoked commands by invoking the helper + manually. +- most importantly, the logic is contained in the helper, i.e. we can + update systemd rpm and everything uses the new helper. Before, we would + have to rebuild all packages to update the macro definition. + +This raises the question whether it makes sense to use the lua scriptlets when +the real work is done in a bash script. I think it's OK: we still have the +efficient lua scripts that do the short scripts, and we use a single shared +implementation in bash to do the more complex stuff. + +The meson version is raised to 0.47 because that's needed for install_mode. +We were planning to raise the required version anyway… + +(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4) +--- + README | 2 +- + meson.build | 3 +- + src/rpm/macros.systemd.in | 30 ++++++++-------- + src/rpm/meson.build | 13 ++++--- + src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++ + src/rpm/triggers.systemd.in | 43 ++++++++--------------- + src/rpm/triggers.systemd.sh.in | 13 ++----- + 7 files changed, 105 insertions(+), 59 deletions(-) + create mode 100755 src/rpm/systemd-update-helper.in + +diff --git a/README b/README +index 0e5c326deb..a8f23a0d5b 100644 +--- a/README ++++ b/README +@@ -193,7 +193,7 @@ REQUIREMENTS: + python-jinja2 + python-lxml (optional, required to build the indices) + python >= 3.5 +- meson >= 0.46 (>= 0.49 is required to build position-independent executables) ++ meson >= 0.47 (>= 0.49 is required to build position-independent executables) + ninja + gcc, awk, sed, grep, and similar tools + clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs +diff --git a/meson.build b/meson.build +index 738879eb21..fb986e84f7 100644 +--- a/meson.build ++++ b/meson.build +@@ -10,7 +10,7 @@ project('systemd', 'c', + 'localstatedir=/var', + 'warning_level=2', + ], +- meson_version : '>= 0.46', ++ meson_version : '>= 0.47', + ) + + libsystemd_version = '0.32.0' +@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib + conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) + conf.set_quoted('SYSTEMD_TEST_DATA', join_paths(testsdir, 'testdata')) + conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) ++conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', join_paths(rootlibexecdir, 'systemd-update-helper')) + conf.set_quoted('SYSTEMD_USERWORK_PATH', join_paths(rootlibexecdir, 'systemd-userwork')) + conf.set_quoted('SYSTEMD_VERITYSETUP_PATH', join_paths(rootlibexecdir, 'systemd-veritysetup')) + conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'system')) +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index 3129ab2d61..bbdf036da7 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \ + + %systemd_post() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ +-if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Initial installation \ +- systemctl --no-reload preset %{?*} || : \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \ + fi \ + %{nil} + +-%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} ++%systemd_user_post() \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \ ++if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Initial installation \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \ ++fi \ ++%{nil} + + %systemd_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ +-if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package removal, not upgrade \ +- if [ -d /run/systemd/system ]; then \ +- systemctl --no-reload disable --now %{?*} || : \ +- else \ +- systemctl --no-reload disable %{?*} || : \ +- fi \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \ + fi \ + %{nil} + + %systemd_user_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ +-if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package removal, not upgrade \ +- systemctl --global disable %{?*} || : \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \ + fi \ + %{nil} + +@@ -84,11 +86,9 @@ fi \ + + %systemd_postun_with_restart() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ +-if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package upgrade, not uninstall \ +- for unit in %{?*}; do \ +- systemctl set-property $unit Markers=+needs-restart || : \ +- done \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ + fi \ + %{nil} + +diff --git a/src/rpm/meson.build b/src/rpm/meson.build +index fc72fee73c..2ad3308cc1 100644 +--- a/src/rpm/meson.build ++++ b/src/rpm/meson.build +@@ -1,9 +1,13 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + + in_files = [ +- ['macros.systemd', rpmmacrosdir != 'no'], +- ['triggers.systemd', false], +- ['triggers.systemd.sh', false]] ++ ['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir], ++ ++ # we conditionalize on rpmmacrosdir, but install into rootlibexecdir ++ ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'], ++ ++ ['triggers.systemd', false], ++ ['triggers.systemd.sh', false]] + + # The last two don't get installed anywhere, one of them needs to included in + # the rpm spec file definition instead. +@@ -17,6 +21,7 @@ foreach tuple : in_files + command : [meson_render_jinja2, config_h, '@INPUT@'], + capture : true, + install : tuple[1], +- install_dir : rpmmacrosdir, ++ install_dir : tuple.length() > 2 ? tuple[2] : '', ++ install_mode : tuple.length() > 3 ? tuple[3] : false, + build_by_default : true) + endforeach +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +new file mode 100755 +index 0000000000..9fa49fa131 +--- /dev/null ++++ b/src/rpm/systemd-update-helper.in +@@ -0,0 +1,60 @@ ++#!/bin/bash ++set -eu ++set -o pipefail ++ ++command="${1:?}" ++shift ++ ++command -v systemctl >/dev/null || exit 0 ++ ++case "$command" in ++ install-system-units) ++ systemctl --no-reload preset "$@" ++ ;; ++ ++ install-user-units) ++ systemctl --no-reload preset --global "$@" ++ ;; ++ ++ remove-system-units) ++ if [ -d /run/systemd/system ]; then ++ systemctl --no-reload disable --now "$@" ++ else ++ systemctl --no-reload disable "$@" ++ fi ++ ;; ++ ++ remove-user-units) ++ systemctl --global disable "$@" ++ ;; ++ ++ mark-restart-system-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ for unit in "$@"; do ++ systemctl set-property "$unit" Markers=+needs-restart || : ++ done ++ ;; ++ ++ system-reload-restart|system-reload|system-restart) ++ if [ -n "$*" ]; then ++ echo "Unexpected arguments for '$command': $*" ++ exit 2 ++ fi ++ ++ [ -d /run/systemd/system ] || exit 0 ++ ++ if [[ "$command" =~ reload ]]; then ++ systemctl daemon-reload ++ fi ++ ++ if [[ "$command" =~ restart ]]; then ++ systemctl reload-or-restart --marked ++ fi ++ ;; ++ ++ *) ++ echo "Unknown verb '$command'" ++ exit 3 ++ ;; ++esac +diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in +index 247358008a..d29cc33dfd 100644 +--- a/src/rpm/triggers.systemd.in ++++ b/src/rpm/triggers.systemd.in +@@ -13,20 +13,11 @@ + -- upgraded. We care about the case where a package is initially + -- installed, because other cases are covered by the *un scriptlets, + -- so sometimes we will reload needlessly. +-if posix.access("/run/systemd/system") then +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "daemon-reload")) +- elseif pid > 0 then +- posix.wait(pid) +- end +- +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) +- elseif pid > 0 then +- posix.wait(pid) +- end ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart")) ++elseif pid > 0 then ++ posix.wait(pid) + end + + %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +@@ -35,24 +26,20 @@ end + -- On upgrade, we need to run daemon-reload after any new unit files + -- have been installed, but before %postun scripts in packages get + -- executed. +-if posix.access("/run/systemd/system") then +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "daemon-reload")) +- elseif pid > 0 then +- posix.wait(pid) +- end ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload")) ++elseif pid > 0 then ++ posix.wait(pid) + end + + %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + -- We restart remaining services that should be restarted here. +-if posix.access("/run/systemd/system") then +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) +- elseif pid > 0 then +- posix.wait(pid) +- end ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) ++elseif pid > 0 then ++ posix.wait(pid) + end + + %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} +diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in +index 1631be18c9..83cd7617f8 100644 +--- a/src/rpm/triggers.systemd.sh.in ++++ b/src/rpm/triggers.systemd.sh.in +@@ -14,10 +14,7 @@ + # upgraded. We care about the case where a package is initially + # installed, because other cases are covered by the *un scriptlets, + # so sometimes we will reload needlessly. +-if test -d "/run/systemd/system"; then +- systemctl daemon-reload || : +- systemctl reload-or-restart --marked || : +-fi ++{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : + + %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # On removal, we need to run daemon-reload after any units have been +@@ -25,15 +22,11 @@ fi + # On upgrade, we need to run daemon-reload after any new unit files + # have been installed, but before %postun scripts in packages get + # executed. +-if test -d "/run/systemd/system"; then +- systemctl daemon-reload || : +-fi ++{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : + + %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # We restart remaining services that should be restarted here. +-if test -d "/run/systemd/system"; then +- systemctl reload-or-restart --marked || : +-fi ++{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : + + %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} + # This script will process files installed in {{SYSUSERS_DIR}} to create +-- +2.31.1 + diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch new file mode 100644 index 0000000..4637f3e --- /dev/null +++ b/0003-rpm-call-needs-restart-in-parallel.patch @@ -0,0 +1,35 @@ +From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 22 Jul 2021 11:28:36 +0200 +Subject: [PATCH 3/5] rpm: call +needs-restart in parallel +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some rpms install a bunch of units… It seems nicer to invoke them all in +parallel. In particular, timeouts in systemctl also run in parallel, so if +there's some communication mishap, we will wait less. + +(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c) +--- + src/rpm/systemd-update-helper.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index 9fa49fa131..f3c75b75fa 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -32,8 +32,9 @@ case "$command" in + [ -d /run/systemd/system ] || exit 0 + + for unit in "$@"; do +- systemctl set-property "$unit" Markers=+needs-restart || : ++ systemctl set-property "$unit" Markers=+needs-restart & + done ++ wait + ;; + + system-reload-restart|system-reload|system-restart) +-- +2.31.1 + diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch new file mode 100644 index 0000000..eac9b89 --- /dev/null +++ b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch @@ -0,0 +1,259 @@ +From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Jul 2021 14:37:57 +0200 +Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction + +This closes an important gap: so far we would reexecute the system manager and +restart system services that were configured to do so, but we wouldn't do the +same for user managers or user services. + +The scheme used for user managers is very similar to the system one, except +that there can be multiple user managers running, so we query the system +manager to get a list of them, and then tell each one to do the equivalent +operations: daemon-reload, disable --now, set-property Markers=+needs-restart, +reload-or-restart --marked. + +The total time that can be spend on this is bounded: we execute the commands in +parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT +to a lower value (15 s by default). User managers should not have too many +units running, and they should be able to do all those operations very +quickly (<< 1s). The final restart operation may take longer, but it's done +asynchronously, so we only wait for the queuing to happen. + +The advantage of doing this synchronously is that we can wait for each step to +happen, and for example daemon-reloads can finish before we execute the service +restarts, etc. We can also order various steps wrt. to the phases in the rpm +transaction. + +When this was initially proposed, we discussed a more relaxed scheme with bus +property notifications. Such an approach would be more complex because a bunch +of infrastructure would have to be added to system manager to propagate +appropriate notifications to the user managers, and then the user managers +would have to wait for them. Instead, now there is no new code in the managers, +all new functionality is contained in src/rpm/. The ability to call 'systemctl +--user user@' makes this approach very easy. Also, it would be very hard to +order the user manager steps and the rpm transaction steps. + +Note: 'systemctl --user disable' is only called for a user managers that are +running. I don't see a nice way around this, and it shouldn't matter too much: +we'll just leave a dangling symlink in the case where the user enabled the +service manually. + +A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and +fa97d2fcf64e0558054bee673f734f523373b146. + +(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7) +--- + meson.build | 1 + + meson_options.txt | 2 ++ + src/rpm/macros.systemd.in | 6 +++- + src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++ + src/rpm/triggers.systemd.in | 28 ++++++++++++++++++- + src/rpm/triggers.systemd.sh.in | 13 ++++++++- + 6 files changed, 94 insertions(+), 3 deletions(-) + +diff --git a/meson.build b/meson.build +index fb986e84f7..d898d9ccd0 100644 +--- a/meson.build ++++ b/meson.build +@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) + conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) + conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) + conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) ++conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT', get_option('update-helper-user-timeout')) + conf.set_quoted('USER_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'user')) + conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) + conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) +diff --git a/meson_options.txt b/meson_options.txt +index 163c8df87d..9383c7da6a 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', + description : 'directory for xinitrc files') + option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', + description : 'directory for rpm macros ["no" disables]') ++option('update-helper-user-timeout', type : 'string', value : '15s', ++ description : 'how long to wait for user manager operations') + option('pamlibdir', type : 'string', + description : 'directory for PAM modules') + option('pamconfdir', type : 'string', +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index bbdf036da7..caa2e45595 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -93,7 +93,11 @@ fi \ + %{nil} + + %systemd_user_postun_with_restart() \ +-%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Package upgrade, not uninstall \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \ ++fi \ + %{nil} + + %udev_hwdb_update() %{nil} +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index f3c75b75fa..f3466ab3c0 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -26,6 +26,15 @@ case "$command" in + + remove-user-units) + systemctl --global disable "$@" ++ ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" disable --now "$@" & ++ done ++ wait + ;; + + mark-restart-system-units) +@@ -37,6 +46,17 @@ case "$command" in + wait + ;; + ++ mark-restart-user-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & ++ done ++ wait ++ ;; ++ + system-reload-restart|system-reload|system-restart) + if [ -n "$*" ]; then + echo "Unexpected arguments for '$command': $*" +@@ -54,6 +74,33 @@ case "$command" in + fi + ;; + ++ user-reload-restart|user-reload|user-restart) ++ if [ -n "$*" ]; then ++ echo "Unexpected arguments for '$command': $*" ++ exit 2 ++ fi ++ ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ ++ if [[ "$command" =~ reload ]]; then ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" daemon-reload & ++ done ++ wait ++ fi ++ ++ if [[ "$command" =~ restart ]]; then ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" reload-or-restart --marked & ++ done ++ wait ++ fi ++ ;; ++ + *) + echo "Unknown verb '$command'" + exit 3 +diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in +index d29cc33dfd..8aeb2049c1 100644 +--- a/src/rpm/triggers.systemd.in ++++ b/src/rpm/triggers.systemd.in +@@ -20,6 +20,14 @@ elseif pid > 0 then + posix.wait(pid) + end + ++%transfiletriggerin -P 900899 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart")) ++elseif pid > 0 then ++ posix.wait(pid) ++end ++ + %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + -- On removal, we need to run daemon-reload after any units have been + -- removed. +@@ -33,8 +41,17 @@ elseif pid > 0 then + posix.wait(pid) + end + ++%transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system ++-- Execute daemon-reload in user managers. ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload")) ++elseif pid > 0 then ++ posix.wait(pid) ++end ++ + %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +--- We restart remaining services that should be restarted here. ++-- We restart remaining system services that should be restarted here. + pid = posix.fork() + if pid == 0 then + assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) +@@ -42,6 +59,15 @@ elseif pid > 0 then + posix.wait(pid) + end + ++%transfiletriggerpostun -P 9999 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++-- We restart remaining user services that should be restarted here. ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart")) ++elseif pid > 0 then ++ posix.wait(pid) ++end ++ + %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} + -- This script will process files installed in {{SYSUSERS_DIR}} to create + -- specified users automatically. The priority is set such that it +diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in +index 83cd7617f8..694cd94e8d 100644 +--- a/src/rpm/triggers.systemd.sh.in ++++ b/src/rpm/triggers.systemd.sh.in +@@ -16,6 +16,9 @@ + # so sometimes we will reload needlessly. + {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : + ++%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || : ++ + %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # On removal, we need to run daemon-reload after any units have been + # removed. +@@ -24,10 +27,18 @@ + # executed. + {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : + ++%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++# Execute daemon-reload in user managers. ++{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || : ++ + %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +-# We restart remaining services that should be restarted here. ++# We restart remaining system services that should be restarted here. + {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : + ++%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++# We restart remaining user services that should be restarted here. ++{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || : ++ + %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} + # This script will process files installed in {{SYSUSERS_DIR}} to create + # specified users automatically. The priority is set such that it +-- +2.31.1 + diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch new file mode 100644 index 0000000..7c4f7ba --- /dev/null +++ b/0005-update-helper-also-add-user-reexec-verb.patch @@ -0,0 +1,47 @@ +From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 23 Jul 2021 15:35:23 +0200 +Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb + +This is not called from the systemd.triggers or systemd.macros files. Instead, +it would be called from the scriptlets in systemd rpm package itself, at the +place where we call systemctl daemon-reexec. + +See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . + +(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533) +--- + src/rpm/systemd-update-helper.in | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index f3466ab3c0..0c6675a9db 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -74,7 +74,7 @@ case "$command" in + fi + ;; + +- user-reload-restart|user-reload|user-restart) ++ user-reload-restart|user-reload|user-restart|user-reexec) + if [ -n "$*" ]; then + echo "Unexpected arguments for '$command': $*" + exit 2 +@@ -84,6 +84,14 @@ case "$command" in + + users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') + ++ if [[ "$command" =~ reexec ]]; then ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" daemon-reexec & ++ done ++ wait ++ fi ++ + if [[ "$command" =~ reload ]]; then + for user in $users; do + SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ +-- +2.31.1 + diff --git a/10-oomd-defaults.conf b/10-oomd-defaults.conf new file mode 100644 index 0000000..0254657 --- /dev/null +++ b/10-oomd-defaults.conf @@ -0,0 +1,2 @@ +[OOM] +DefaultMemoryPressureDurationSec=20s diff --git a/10-oomd-root-slice-defaults.conf b/10-oomd-root-slice-defaults.conf new file mode 100644 index 0000000..49958e8 --- /dev/null +++ b/10-oomd-root-slice-defaults.conf @@ -0,0 +1,2 @@ +[Slice] +ManagedOOMSwap=kill diff --git a/10-oomd-user-service-defaults.conf b/10-oomd-user-service-defaults.conf new file mode 100644 index 0000000..94d5c87 --- /dev/null +++ b/10-oomd-user-service-defaults.conf @@ -0,0 +1,3 @@ +[Service] +ManagedOOMMemoryPressure=kill +ManagedOOMMemoryPressureLimit=50% diff --git a/18621-fb.patch b/18621-fb.patch new file mode 100644 index 0000000..9bd802a --- /dev/null +++ b/18621-fb.patch @@ -0,0 +1,90 @@ +From 0762f129c6a9c7bbdb5d575c486d5cf4f7fdae8d Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Tue, 16 Feb 2021 12:17:36 +0000 +Subject: [PATCH] proc: dont trigger mount error with invalid options on old + kernels + +As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce +ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs +mount options") kernels older than v5.8 generate multple warnings at +boot, as seen in this Yocto build from today: + + qemux86-64 login: root + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# dmesg|grep proc: + [ 16.990706] proc: Bad value for 'hidepid' + [ 28.060178] proc: Bad value for 'hidepid' + [ 28.874229] proc: Bad value for 'hidepid' + [ 32.685107] proc: Bad value for 'hidepid' + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# + +We see reports of the issue as in general its hard to someone to tell +the difference between an error in dmesg which they should worry about and +one that is harmless. This adds support burden to developers so Yocto +Project has added this patch. + +The commit that triggers this is systemd v247-rc1~378^2~3 -- so any +systemd 247 and above plus kernel v5.7 or older will need this. + +As noted in https://github.com/systemd/systemd/issues/16896 +it is possible changes could be backported to different kernel versions +so the test isn't 100% foolproof but does give better results than a +continual stream of bug reports. + +Signed-off-by: Richard Purdie + +Changes from Anita Zhang +- Use 5.6.13-0_fbk9 version comparison for FB build +--- + src/core/namespace.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index d47531408b..8be8352a8e 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -4,7 +4,9 @@ + #include + #include + #include ++#include + #include ++#include + #include + #include + +@@ -1018,12 +1020,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { + _cleanup_free_ char *opts = NULL; + const char *entry_path; + int r, n; ++ struct utsname uts; ++ bool old = false; + + assert(m); + assert(ns_info); + +- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || +- ns_info->proc_subset != PROC_SUBSET_ALL) { ++ /* If uname says that the system is older than v5.6.13-0_fbk9, then the textual hidepid= stuff is not ++ * supported by the kernel, and thus the per-instance hidepid= neither, which means we ++ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's ++ * gracefully fallback to a classic, unrestricted version. */ ++ ++ r = uname(&uts); ++ if (r < 0) ++ return -errno; ++ ++ if (strverscmp(uts.release, "5.6.13-0_fbk9") < 0) { ++ log_debug("Pre v5.6.13-0_fbk9 kernel detected [v%s] - skipping hidepid=", uts.release); ++ old = true; ++ } ++ ++ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || ++ ns_info->proc_subset != PROC_SUBSET_ALL)) { + + /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it + * pretended to be per-instance but actually was per-namespace), hence let's make use of it +-- +2.30.2 + diff --git a/18621.patch b/18621.patch new file mode 100644 index 0000000..80bd969 --- /dev/null +++ b/18621.patch @@ -0,0 +1,84 @@ +From c225bc59b8907de11f389bd8efb82155ccde75a7 Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Tue, 16 Feb 2021 12:17:36 +0000 +Subject: [PATCH] proc: dont trigger mount error with invalid options on old + kernels + +As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce +ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs +mount options") kernels older than v5.8 generate multple warnings at +boot, as seen in this Yocto build from today: + + qemux86-64 login: root + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# dmesg|grep proc: + [ 16.990706] proc: Bad value for 'hidepid' + [ 28.060178] proc: Bad value for 'hidepid' + [ 28.874229] proc: Bad value for 'hidepid' + [ 32.685107] proc: Bad value for 'hidepid' + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# + +We see reports of the issue as in general its hard to someone to tell +the difference between an error in dmesg which they should worry about and +one that is harmless. This adds support burden to developers so Yocto +Project has added this patch. + +The commit that triggers this is systemd v247-rc1~378^2~3 -- so any +systemd 247 and above plus kernel v5.7 or older will need this. + +As noted in https://github.com/systemd/systemd/issues/16896 +it is possible changes could be backported to different kernel versions +so the test isn't 100% foolproof but does give better results than a +continual stream of bug reports. + +Signed-off-by: Richard Purdie +--- + src/core/namespace.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 4ed0991b56d1..3fa2d4e9d640 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -4,7 +4,9 @@ + #include + #include + #include ++#include + #include ++#include + #include + #include + +@@ -881,12 +883,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { + _cleanup_free_ char *opts = NULL; + const char *entry_path; + int r, n; ++ struct utsname uts; ++ bool old = false; + + assert(m); + assert(ns_info); + +- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || +- ns_info->proc_subset != PROC_SUBSET_ALL) { ++ /* If uname says that the system is older than v5.8, then the textual hidepid= stuff is not ++ * supported by the kernel, and thus the per-instance hidepid= neither, which means we ++ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's ++ * gracefully fallback to a classic, unrestricted version. */ ++ ++ r = uname(&uts); ++ if (r < 0) ++ return -errno; ++ ++ if (strverscmp(uts.release, "5.8") < 0) { ++ log_debug("Pre v5.8 kernel detected [v%s] - skipping hidepid=", uts.release); ++ old = true; ++ } ++ ++ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || ++ ns_info->proc_subset != PROC_SUBSET_ALL)) { + + /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it + * pretended to be per-instance but actually was per-namespace), hence let's make use of it diff --git a/20-grubby.install b/20-grubby.install new file mode 100755 index 0000000..e059125 --- /dev/null +++ b/20-grubby.install @@ -0,0 +1,51 @@ +#!/bin/bash + +if [[ ! -x /sbin/new-kernel-pkg ]]; then + exit 0 +fi + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" +[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" +case "$COMMAND" in + add) + if [[ "${KERNEL_DIR}" != "/boot" ]]; then + for i in \ + "$KERNEL_IMAGE" \ + "$KERNEL_DIR"/System.map \ + "$KERNEL_DIR"/config \ + "$KERNEL_DIR"/zImage.stub \ + "$KERNEL_DIR"/dtb \ + ; do + [[ -e "$i" ]] || continue + cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" + command -v restorecon &>/dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + ;; + remove) + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + ;; + *) + ;; +esac + +# skip other installation plugins, if we can't find a boot loader spec conforming setup +if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then + exit 77 +fi diff --git a/20-yama-ptrace.conf b/20-yama-ptrace.conf new file mode 100644 index 0000000..4fbaf97 --- /dev/null +++ b/20-yama-ptrace.conf @@ -0,0 +1,42 @@ +# The ptrace system call is used for interprocess services, +# communication and introspection (like synchronisation, signaling, +# debugging, tracing and profiling) of processes. +# +# Usage of ptrace is restricted by normal user permissions. Normal +# unprivileged processes cannot use ptrace on processes that they +# cannot send signals to or processes that are running set-uid or +# set-gid. Nevertheless, processes running under the same uid will +# usually be able to ptrace one another. +# +# Fedora enables the Yama security mechanism which restricts ptrace +# even further. Sysctl setting kernel.yama.ptrace_scope can have one +# of the following values: +# +# 0 - Normal ptrace security permissions. +# 1 - Restricted ptrace. Only child processes plus normal permissions. +# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. +# 3 - No attach. No process may call ptrace at all. Irrevocable. +# +# For more information see Documentation/security/Yama.txt in the +# kernel sources. +# +# The default is 1., which allows tracing of child processes, but +# forbids tracing of arbitrary processes. This allows programs like +# gdb or strace to work when the most common way of having the +# debugger start the debuggee is used: +# gdb /path/to/program ... +# Attaching to already running programs is NOT allowed: +# gdb -p ... +# This default setting is suitable for the common case, because it +# reduces the risk that one hacked process can be used to attack other +# processes. (For example, a hacked firefox process in a user session +# will not be able to ptrace the keyring process and extract passwords +# stored only in memory.) +# +# Developers and administrators might want to disable those protections +# to be able to attach debuggers to existing processes. Use +# sysctl kernel.yama.ptrace_scope=0 +# for change the setting temporarily, or copy this file to +# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. + +kernel.yama.ptrace_scope = 0 diff --git a/20450.patch b/20450.patch new file mode 100644 index 0000000..e63c3d2 --- /dev/null +++ b/20450.patch @@ -0,0 +1,86 @@ +From 0db68800c756f298ef45584ac01915c2cb2ce359 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 16 Aug 2021 23:47:40 +0900 +Subject: [PATCH 1/2] ethtool: make the size of 'features' array static + +--- + src/shared/ethtool-util.c | 2 +- + src/shared/ethtool-util.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index f77f6943ca4f..699c7a97ab97 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -501,7 +501,7 @@ static int set_features_bit( + return found ? 0 : -ENODATA; + } + +-int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features) { ++int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { + _cleanup_free_ struct ethtool_gstrings *strings = NULL; + struct ethtool_sfeatures *sfeatures; + struct ifreq ifr = {}; +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 7d287666249a..f0fc40b0595f 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -88,7 +88,7 @@ int ethtool_get_link_info(int *ethtool_fd, const char *ifname, + int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct ether_addr *ret); + int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts); + int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netdev_ring_param *ring); +-int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features); ++int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]); + int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, + int autonegotiation, const uint32_t advertise[static N_ADVERTISE], + uint64_t speed, Duplex duplex, NetDevPort port); + +From c2f2250e5c52ec3745a462e3f55a94c133786df8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 17 Aug 2021 00:44:00 +0900 +Subject: [PATCH 2/2] ethtool: make ethtool_set_features() return earlier when + nothing is requested + +--- + src/shared/ethtool-util.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index 699c7a97ab97..4ca90615f3c1 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -505,12 +505,22 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + _cleanup_free_ struct ethtool_gstrings *strings = NULL; + struct ethtool_sfeatures *sfeatures; + struct ifreq ifr = {}; +- int i, r; ++ bool have = false; ++ int r; + + assert(ethtool_fd); + assert(ifname); + assert(features); + ++ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) ++ if (features[i] >= 0) { ++ have = true; ++ break; ++ } ++ ++ if (!have) ++ return 0; ++ + r = ethtool_connect(ethtool_fd); + if (r < 0) + return r; +@@ -525,8 +535,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + sfeatures->cmd = ETHTOOL_SFEATURES; + sfeatures->size = DIV_ROUND_UP(strings->len, 32U); + +- for (i = 0; i < _NET_DEV_FEAT_MAX; i++) +- if (features[i] != -1) { ++ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) ++ if (features[i] >= 0) { + r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); + if (r < 0) { + log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); diff --git a/20458.patch b/20458.patch new file mode 100644 index 0000000..ad916b4 --- /dev/null +++ b/20458.patch @@ -0,0 +1,143 @@ +From e9f92c88163841d3f1d29fa5b44ae4c6f71bb014 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 18 Aug 2021 07:59:13 +0100 +Subject: [PATCH] udev: Support "max" string for BufferSize options (#20458) + +"max" indicates the hardware advertised maximum queue buffer size +should be used. + +The max sizes can be checked by running `ethtool -g ` (Preset maximums). +Since the buffer sizes can't be set to 0 by users, internally we use 0 to +indicate that the hardware advertised maximum should be used. +--- + man/systemd.link.xml | 20 ++++++++++++-------- + src/shared/ethtool-util.c | 40 +++++++++++++++++++++++++-------------- + src/shared/ethtool-util.h | 2 ++ + 3 files changed, 40 insertions(+), 22 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 1c18f35fc8..fd744ebaed 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -735,29 +735,33 @@ + + RxBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC receive buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC receive buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + + RxMiniBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC mini receive buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + + RxJumboBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC jumbo receive buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + + TxBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC transmit buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC transmit buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index f77f6943ca..ed251ec8dd 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -399,16 +399,24 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + return -errno; + + if (ring->rx_pending_set) +- UPDATE(ecmd.rx_pending, ring->rx_pending, need_update); ++ UPDATE(ecmd.rx_pending, ++ ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, ++ need_update); + + if (ring->rx_mini_pending_set) +- UPDATE(ecmd.rx_mini_pending, ring->rx_mini_pending, need_update); ++ UPDATE(ecmd.rx_mini_pending, ++ ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, ++ need_update); + + if (ring->rx_jumbo_pending_set) +- UPDATE(ecmd.rx_jumbo_pending, ring->rx_jumbo_pending, need_update); ++ UPDATE(ecmd.rx_jumbo_pending, ++ ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, ++ need_update); + + if (ring->tx_pending_set) +- UPDATE(ecmd.tx_pending, ring->tx_pending, need_update); ++ UPDATE(ecmd.tx_pending, ++ ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, ++ need_update); + + if (!need_update) + return 0; +@@ -1037,16 +1045,20 @@ int config_parse_nic_buffer_size( + assert(rvalue); + assert(data); + +- r = safe_atou32(rvalue, &k); +- if (r < 0) { +- log_syntax(unit, LOG_WARNING, filename, line, r, +- "Failed to parse interface buffer value, ignoring: %s", rvalue); +- return 0; +- } +- if (k < 1) { +- log_syntax(unit, LOG_WARNING, filename, line, 0, +- "Invalid %s= value, ignoring: %s", lvalue, rvalue); +- return 0; ++ if (streq(rvalue, "max")) ++ k = 0; ++ else { ++ r = safe_atou32(rvalue, &k); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse interface buffer value, ignoring: %s", rvalue); ++ return 0; ++ } ++ if (k < 1) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Invalid %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } + } + + if (streq(lvalue, "RxBufferSize")) { +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 7d28766624..aea131914e 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -70,6 +70,8 @@ typedef struct netdev_channels { + } netdev_channels; + + typedef struct netdev_ring_param { ++ /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should ++ * be used. */ + uint32_t rx_pending; + uint32_t rx_mini_pending; + uint32_t rx_jumbo_pending; +-- +2.31.1 + diff --git a/20472.patch b/20472.patch new file mode 100644 index 0000000..e5eb57b --- /dev/null +++ b/20472.patch @@ -0,0 +1,425 @@ +From 78e57b79c8790448412acca41e5d4495366305a6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Aug 2021 16:41:11 +0900 +Subject: [PATCH] udev: make RxChannels= or friends also accept "max" + +Follow-up for 406041b7de767316674eb6a2f98ad466577ce8a4. + +Also, this makes +- the settings accept an empty string, +- if the specified value is too large, also use the advertised maximum + value. +- mention the range of the value in the man page. +--- + man/systemd.link.xml | 49 ++------ + src/shared/ethtool-util.c | 170 ++++++++++----------------- + src/shared/ethtool-util.h | 36 +++--- + src/udev/net/link-config-gperf.gperf | 16 +-- + 4 files changed, 90 insertions(+), 181 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index fd744ebaed..dfb02073b2 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -710,58 +710,27 @@ + + + RxChannels= +- +- Sets the number of receive channels (a number between 1 and 4294967295) . +- +- +- + TxChannels= +- +- Sets the number of transmit channels (a number between 1 and 4294967295). +- +- +- + OtherChannels= +- +- Sets the number of other channels (a number between 1 and 4294967295). +- +- +- + CombinedChannels= + +- Sets the number of combined set channels (a number between 1 and 4294967295). ++ Specifies the number of receive, transmit, other, or combined channels, respectively. ++ Takes an unsigned integer in the range 1…4294967295 or max. If set to ++ max, the advertised maximum value of the hardware will be used. When ++ unset, the number will not be changed. Defaults to unset. + + + + RxBufferSize= +- +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC receive buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. +- +- +- + RxMiniBufferSize= +- +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. +- +- +- + RxJumboBufferSize= +- +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. +- +- +- + TxBufferSize= + +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC transmit buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. ++ Specifies the maximum number of pending packets in the NIC receive buffer, mini receive ++ buffer, jumbo receive buffer, or transmit buffer, respectively. Takes an unsigned integer in ++ the range 1…4294967295 or max. If set to max, the ++ advertised maximum value of the hardware will be used. When unset, the number will not be ++ changed. Defaults to unset. + + + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index ed251ec8dd..2d41d861ba 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -329,6 +329,17 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et + dest = _v; \ + } while(false) + ++#define UPDATE_WITH_MAX(dest, max, val, updated) \ ++ do { \ ++ typeof(dest) _v = (val); \ ++ typeof(dest) _max = (max); \ ++ if (_v == 0 || _v > _max) \ ++ _v = _max; \ ++ if (dest != _v) \ ++ updated = true; \ ++ dest = _v; \ ++ } while(false) ++ + int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + struct ethtool_wolinfo ecmd = { + .cmd = ETHTOOL_GWOL, +@@ -382,10 +393,10 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + assert(ifname); + assert(ring); + +- if (!ring->rx_pending_set && +- !ring->rx_mini_pending_set && +- !ring->rx_jumbo_pending_set && +- !ring->tx_pending_set) ++ if (!ring->rx.set && ++ !ring->rx_mini.set && ++ !ring->rx_jumbo.set && ++ !ring->tx.set) + return 0; + + r = ethtool_connect(ethtool_fd); +@@ -398,25 +409,17 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + if (r < 0) + return -errno; + +- if (ring->rx_pending_set) +- UPDATE(ecmd.rx_pending, +- ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, +- need_update); ++ if (ring->rx.set) ++ UPDATE_WITH_MAX(ecmd.rx_pending, ecmd.rx_max_pending, ring->rx.value, need_update); + +- if (ring->rx_mini_pending_set) +- UPDATE(ecmd.rx_mini_pending, +- ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, +- need_update); ++ if (ring->rx_mini.set) ++ UPDATE_WITH_MAX(ecmd.rx_mini_pending, ecmd.rx_mini_max_pending, ring->rx_mini.value, need_update); + +- if (ring->rx_jumbo_pending_set) +- UPDATE(ecmd.rx_jumbo_pending, +- ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, +- need_update); ++ if (ring->rx_jumbo.set) ++ UPDATE_WITH_MAX(ecmd.rx_jumbo_pending, ecmd.rx_jumbo_max_pending, ring->rx_jumbo.value, need_update); + +- if (ring->tx_pending_set) +- UPDATE(ecmd.tx_pending, +- ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, +- need_update); ++ if (ring->tx.set) ++ UPDATE_WITH_MAX(ecmd.tx_pending, ecmd.tx_max_pending, ring->tx.value, need_update); + + if (!need_update) + return 0; +@@ -832,10 +835,10 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + assert(ifname); + assert(channels); + +- if (!channels->rx_count_set && +- !channels->tx_count_set && +- !channels->other_count_set && +- !channels->combined_count_set) ++ if (!channels->rx.set && ++ !channels->tx.set && ++ !channels->other.set && ++ !channels->combined.set) + return 0; + + r = ethtool_connect(fd); +@@ -848,17 +851,17 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + if (r < 0) + return -errno; + +- if (channels->rx_count_set) +- UPDATE(ecmd.rx_count, channels->rx_count, need_update); ++ if (channels->rx.set) ++ UPDATE_WITH_MAX(ecmd.rx_count, ecmd.max_rx, channels->rx.value, need_update); + +- if (channels->tx_count_set) +- UPDATE(ecmd.tx_count, channels->tx_count, need_update); ++ if (channels->tx.set) ++ UPDATE_WITH_MAX(ecmd.tx_count, ecmd.max_tx, channels->tx.value, need_update); + +- if (channels->other_count_set) +- UPDATE(ecmd.other_count, channels->other_count, need_update); ++ if (channels->other.set) ++ UPDATE_WITH_MAX(ecmd.other_count, ecmd.max_other, channels->other.value, need_update); + +- if (channels->combined_count_set) +- UPDATE(ecmd.combined_count, channels->combined_count, need_update); ++ if (channels->combined.set) ++ UPDATE_WITH_MAX(ecmd.combined_count, ecmd.max_combined, channels->combined.value, need_update); + + if (!need_update) + return 0; +@@ -917,57 +920,6 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + return 0; + } + +-int config_parse_channel( +- const char *unit, +- const char *filename, +- unsigned line, +- const char *section, +- unsigned section_line, +- const char *lvalue, +- int ltype, +- const char *rvalue, +- void *data, +- void *userdata) { +- +- netdev_channels *channels = data; +- uint32_t k; +- int r; +- +- assert(filename); +- assert(section); +- assert(lvalue); +- assert(rvalue); +- assert(data); +- +- r = safe_atou32(rvalue, &k); +- if (r < 0) { +- log_syntax(unit, LOG_WARNING, filename, line, r, +- "Failed to parse channel value for %s=, ignoring: %s", lvalue, rvalue); +- return 0; +- } +- if (k < 1) { +- log_syntax(unit, LOG_WARNING, filename, line, 0, +- "Invalid %s= value, ignoring: %s", lvalue, rvalue); +- return 0; +- } +- +- if (streq(lvalue, "RxChannels")) { +- channels->rx_count = k; +- channels->rx_count_set = true; +- } else if (streq(lvalue, "TxChannels")) { +- channels->tx_count = k; +- channels->tx_count_set = true; +- } else if (streq(lvalue, "OtherChannels")) { +- channels->other_count = k; +- channels->other_count_set = true; +- } else if (streq(lvalue, "CombinedChannels")) { +- channels->combined_count = k; +- channels->combined_count_set = true; +- } +- +- return 0; +-} +- + int config_parse_advertise( + const char *unit, + const char *filename, +@@ -1023,7 +975,7 @@ int config_parse_advertise( + } + } + +-int config_parse_nic_buffer_size( ++int config_parse_ring_buffer_or_channel( + const char *unit, + const char *filename, + unsigned line, +@@ -1035,7 +987,7 @@ int config_parse_nic_buffer_size( + void *data, + void *userdata) { + +- netdev_ring_param *ring = data; ++ u32_opt *dst = data; + uint32_t k; + int r; + +@@ -1045,36 +997,32 @@ int config_parse_nic_buffer_size( + assert(rvalue); + assert(data); + +- if (streq(rvalue, "max")) +- k = 0; +- else { +- r = safe_atou32(rvalue, &k); +- if (r < 0) { +- log_syntax(unit, LOG_WARNING, filename, line, r, +- "Failed to parse interface buffer value, ignoring: %s", rvalue); +- return 0; +- } +- if (k < 1) { +- log_syntax(unit, LOG_WARNING, filename, line, 0, +- "Invalid %s= value, ignoring: %s", lvalue, rvalue); +- return 0; +- } ++ if (isempty(rvalue)) { ++ dst->value = 0; ++ dst->set = false; ++ return 0; ++ } ++ ++ if (streq(rvalue, "max")) { ++ dst->value = 0; ++ dst->set = true; ++ return 0; + } + +- if (streq(lvalue, "RxBufferSize")) { +- ring->rx_pending = k; +- ring->rx_pending_set = true; +- } else if (streq(lvalue, "RxMiniBufferSize")) { +- ring->rx_mini_pending = k; +- ring->rx_mini_pending_set = true; +- } else if (streq(lvalue, "RxJumboBufferSize")) { +- ring->rx_jumbo_pending = k; +- ring->rx_jumbo_pending_set = true; +- } else if (streq(lvalue, "TxBufferSize")) { +- ring->tx_pending = k; +- ring->tx_pending_set = true; ++ r = safe_atou32(rvalue, &k); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ if (k < 1) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Invalid %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; + } + ++ dst->value = k; ++ dst->set = true; + return 0; + } + +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index aea131914e..8fdbdec39a 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -57,30 +57,23 @@ struct ethtool_link_usettings { + } link_modes; + }; + ++typedef struct u32_opt { ++ uint32_t value; /* a value of 0 indicates the hardware advertised maximum should be used.*/ ++ bool set; ++} u32_opt; ++ + typedef struct netdev_channels { +- uint32_t rx_count; +- uint32_t tx_count; +- uint32_t other_count; +- uint32_t combined_count; +- +- bool rx_count_set; +- bool tx_count_set; +- bool other_count_set; +- bool combined_count_set; ++ u32_opt rx; ++ u32_opt tx; ++ u32_opt other; ++ u32_opt combined; + } netdev_channels; + + typedef struct netdev_ring_param { +- /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should +- * be used. */ +- uint32_t rx_pending; +- uint32_t rx_mini_pending; +- uint32_t rx_jumbo_pending; +- uint32_t tx_pending; +- +- bool rx_pending_set; +- bool rx_mini_pending_set; +- bool rx_jumbo_pending_set; +- bool tx_pending_set; ++ u32_opt rx; ++ u32_opt rx_mini; ++ u32_opt rx_jumbo; ++ u32_opt tx; + } netdev_ring_param; + + int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); +@@ -111,6 +104,5 @@ enum ethtool_link_mode_bit_indices ethtool_link_mode_bit_from_string(const char + CONFIG_PARSER_PROTOTYPE(config_parse_duplex); + CONFIG_PARSER_PROTOTYPE(config_parse_wol); + CONFIG_PARSER_PROTOTYPE(config_parse_port); +-CONFIG_PARSER_PROTOTYPE(config_parse_channel); + CONFIG_PARSER_PROTOTYPE(config_parse_advertise); +-CONFIG_PARSER_PROTOTYPE(config_parse_nic_buffer_size); ++CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index e2f07d758b..d0190da5cb 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -58,15 +58,15 @@ Link.TCP6SegmentationOffload, config_parse_tristate, 0, + Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 + Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) + Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) +-Link.RxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) +-Link.TxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) +-Link.OtherChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) +-Link.CombinedChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) ++Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) ++Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) ++Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) ++Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) + Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) +-Link.RxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) +-Link.RxMiniBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) +-Link.RxJumboBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) +-Link.TxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) ++Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) ++Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) ++Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) ++Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) + Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) + Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) + Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) +-- +2.31.1 + diff --git a/20477.patch b/20477.patch new file mode 100644 index 0000000..6676bff --- /dev/null +++ b/20477.patch @@ -0,0 +1,561 @@ +From a1661a140c97a9e8fd90ee00f2de6baa214c9076 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 18 Aug 2021 13:52:00 +0100 +Subject: [PATCH] udev: Add support for configuring nic coalescing settings + +These are configured via the corresponding ethtool ioctl. +--- + man/systemd.link.xml | 71 +++++++ + src/shared/ethtool-util.c | 205 +++++++++++++++++++++ + src/shared/ethtool-util.h | 29 +++ + src/udev/net/link-config-gperf.gperf | 124 ++++++++----- + src/udev/net/link-config.c | 4 + + src/udev/net/link-config.h | 1 + + test/fuzz/fuzz-link-parser/directives.link | 22 +++ + 7 files changed, 405 insertions(+), 51 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index dfb02073b2..6d8dcb9af7 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -773,6 +773,77 @@ + accept. An unsigned integer in the range 1…65535. Defaults to unset. + + ++ ++ UseAdaptiveRxCoalesce= ++ UseAdaptiveTxCoalesce= ++ ++ Boolean properties that, when set, enable/disable adaptive Rx/Tx coalescing if the hardware ++ supports it. When unset, the kernel's default will be used. ++ ++ ++ ++ RxCoalesceSec= ++ RxCoalesceIrqSec= ++ RxCoalesceLowSec= ++ RxCoalesceHighSec= ++ TxCoalesceSec= ++ TxCoalesceIrqSec= ++ TxCoalesceLowSec= ++ TxCoalesceHighSec= ++ ++ These properties configure the delay before Rx/Tx interrupts are generated after a packet is ++ sent/received. The Irq properties come into effect when the host is servicing an ++ IRQ. The Low and High properties come into effect when the ++ packet rate drops below the low packet rate threshold or exceeds the high packet rate threshold ++ respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's defaults will be ++ used. ++ ++ ++ ++ RxMaxCoalescedFrames= ++ RxMaxCoalescedIrqFrames= ++ RxMaxCoalescedLowFrames= ++ RxMaxCoalescedHighFrames= ++ TxMaxCoalescedFrames= ++ TxMaxCoalescedIrqFrames= ++ TxMaxCoalescedLowFrames= ++ TxMaxCoalescedHighFrames= ++ ++ These properties configure the maximum number of frames that are sent/received before a Rx/Tx ++ interrupt is generated. The Irq properties come into effect when the host is ++ servicing an IRQ. The Low and High properties come into ++ effect when the packet rate drops below the low packet rate threshold or exceeds the high packet ++ rate threshold respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's ++ defaults will be used. ++ ++ ++ ++ CoalescePacketRateLow= ++ CoalescePacketRateHigh= ++ ++ These properties configure the low and high packet rate (expressed in packets per second) ++ threshold respectively and are used to determine when the corresponding coalescing settings for low ++ and high packet rates come into effect if adaptive Rx/Tx coalescing is enabled. If unset, the ++ kernel's defaults will be used. ++ ++ ++ ++ CoalescePacketRateSampleIntervalSec= ++ ++ Configures how often to sample the packet rate used for adaptive Rx/Tx coalescing. This ++ property cannot be zero. This lowest time granularity supported by this property is seconds. ++ Partial seconds will be rounded up before being passed to the kernel. If unset, the kernel's ++ default will be used. ++ ++ ++ ++ StatisticsBlockCoalesceSec= ++ ++ How long to delay driver in-memory statistics block updates. If the driver does not have an ++ in-memory statistic block, this property is ignored. This property cannot be zero. If unset, the ++ kernel's default will be used. ++ ++ + + + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index 2d41d861ba..f7f553dd29 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -14,6 +14,7 @@ + #include "memory-util.h" + #include "socket-util.h" + #include "string-table.h" ++#include "strv.h" + #include "strxcpyx.h" + + static const char* const duplex_table[_DUP_MAX] = { +@@ -1091,3 +1092,207 @@ int config_parse_wol( + + return 0; + } ++ ++int config_parse_coalesce_u32( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ u32_opt *dst = data; ++ uint32_t k; ++ int r; ++ ++ if (isempty(rvalue)) { ++ dst->value = 0; ++ dst->set = false; ++ return 0; ++ } ++ ++ r = safe_atou32(rvalue, &k); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ ++ dst->value = k; ++ dst->set = true; ++ return 0; ++} ++ ++int config_parse_coalesce_sec( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ u32_opt *dst = data; ++ usec_t usec; ++ int r; ++ ++ if (isempty(rvalue)) { ++ dst->value = 0; ++ dst->set = false; ++ return 0; ++ } ++ ++ r = parse_sec(rvalue, &usec); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse coalesce setting value, ignoring: %s", rvalue); ++ return 0; ++ } ++ ++ if (usec > UINT32_MAX) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Too large %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ ++ if (STR_IN_SET(lvalue, "StatisticsBlockCoalesceSec", "CoalescePacketRateSampleIntervalSec") && usec < 1) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Invalid %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ ++ dst->value = (uint32_t) usec; ++ dst->set = true; ++ ++ return 0; ++} ++ ++int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { ++ struct ethtool_coalesce ecmd = { ++ .cmd = ETHTOOL_GCOALESCE, ++ }; ++ struct ifreq ifr = { ++ .ifr_data = (void*) &ecmd, ++ }; ++ bool need_update = false; ++ int r; ++ ++ assert(ethtool_fd); ++ assert(ifname); ++ assert(coalesce); ++ ++ if (coalesce->use_adaptive_rx_coalesce < 0 && ++ coalesce->use_adaptive_tx_coalesce < 0 && ++ !coalesce->rx_coalesce_usecs.set && ++ !coalesce->rx_max_coalesced_frames.set && ++ !coalesce->rx_coalesce_usecs_irq.set && ++ !coalesce->rx_max_coalesced_frames_irq.set && ++ !coalesce->tx_coalesce_usecs.set && ++ !coalesce->tx_max_coalesced_frames.set && ++ !coalesce->tx_coalesce_usecs_irq.set && ++ !coalesce->tx_max_coalesced_frames_irq.set && ++ !coalesce->stats_block_coalesce_usecs.set && ++ !coalesce->pkt_rate_low.set && ++ !coalesce->rx_coalesce_usecs_low.set && ++ !coalesce->rx_max_coalesced_frames_low.set && ++ !coalesce->tx_coalesce_usecs_low.set && ++ !coalesce->tx_max_coalesced_frames_low.set && ++ !coalesce->pkt_rate_high.set && ++ !coalesce->rx_coalesce_usecs_high.set && ++ !coalesce->rx_max_coalesced_frames_high.set && ++ !coalesce->tx_coalesce_usecs_high.set && ++ !coalesce->tx_max_coalesced_frames_high.set && ++ !coalesce->rate_sample_interval.set) ++ return 0; ++ ++ r = ethtool_connect(ethtool_fd); ++ if (r < 0) ++ return r; ++ ++ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ if (coalesce->use_adaptive_rx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); ++ ++ if (coalesce->use_adaptive_tx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); ++ ++ if (coalesce->rx_coalesce_usecs.set) ++ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames.set) ++ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs.set) ++ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames.set) ++ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->stats_block_coalesce_usecs.set) ++ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); ++ ++ if (coalesce->pkt_rate_low.set) ++ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_low.set) ++ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_low.set) ++ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->pkt_rate_high.set) ++ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_high.set) ++ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_high.set) ++ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->rate_sample_interval.set) ++ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); ++ ++ if (!need_update) ++ return 0; ++ ++ ecmd.cmd = ETHTOOL_SCOALESCE; ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ return 0; ++} +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 8fdbdec39a..bb0333775c 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -76,6 +76,31 @@ typedef struct netdev_ring_param { + u32_opt tx; + } netdev_ring_param; + ++typedef struct netdev_coalesce_param { ++ u32_opt rx_coalesce_usecs; ++ u32_opt rx_max_coalesced_frames; ++ u32_opt rx_coalesce_usecs_irq; ++ u32_opt rx_max_coalesced_frames_irq; ++ u32_opt tx_coalesce_usecs; ++ u32_opt tx_max_coalesced_frames; ++ u32_opt tx_coalesce_usecs_irq; ++ u32_opt tx_max_coalesced_frames_irq; ++ u32_opt stats_block_coalesce_usecs; ++ int use_adaptive_rx_coalesce; ++ int use_adaptive_tx_coalesce; ++ u32_opt pkt_rate_low; ++ u32_opt rx_coalesce_usecs_low; ++ u32_opt rx_max_coalesced_frames_low; ++ u32_opt tx_coalesce_usecs_low; ++ u32_opt tx_max_coalesced_frames_low; ++ u32_opt pkt_rate_high; ++ u32_opt rx_coalesce_usecs_high; ++ u32_opt rx_max_coalesced_frames_high; ++ u32_opt tx_coalesce_usecs_high; ++ u32_opt tx_max_coalesced_frames_high; ++ u32_opt rate_sample_interval; ++} netdev_coalesce_param; ++ + int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); + int ethtool_get_link_info(int *ethtool_fd, const char *ifname, + int *ret_autonegotiation, uint64_t *ret_speed, +@@ -89,6 +114,7 @@ int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, + uint64_t speed, Duplex duplex, NetDevPort port); + int ethtool_set_channels(int *ethtool_fd, const char *ifname, const netdev_channels *channels); + int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int autoneg); ++int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce); + + const char *duplex_to_string(Duplex d) _const_; + Duplex duplex_from_string(const char *d) _pure_; +@@ -106,3 +132,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_wol); + CONFIG_PARSER_PROTOTYPE(config_parse_port); + CONFIG_PARSER_PROTOTYPE(config_parse_advertise); + CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); ++CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_u32); ++CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_sec); ++CONFIG_PARSER_PROTOTYPE(config_parse_nic_coalesce_setting); +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index d0190da5cb..f800de8386 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -21,54 +21,76 @@ struct ConfigPerfItem; + %struct-type + %includes + %% +-Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) +-Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) +-Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) +-Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) +-Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) +-Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) +-Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) +-Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) +-Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) +-Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) +-Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) +-Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) +-Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) +-Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) +-Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) +-Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) +-Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) +-Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) +-Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) +-Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) +-Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) +-Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) +-Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) +-Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) +-Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) +-Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) +-Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) +-Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) +-Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) +-Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) +-Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) +-Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) +-Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) +-Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) +-Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 +-Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) +-Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) +-Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) +-Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) +-Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) +-Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) +-Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) +-Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) +-Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) +-Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) +-Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) +-Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) +-Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) +-Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) +-Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) +-Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) ++Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) ++Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) ++Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) ++Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) ++Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) ++Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) ++Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) ++Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) ++Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) ++Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) ++Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) ++Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) ++Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) ++Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) ++Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) ++Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) ++Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) ++Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) ++Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) ++Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) ++Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) ++Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) ++Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) ++Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) ++Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) ++Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) ++Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) ++Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) ++Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) ++Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) ++Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) ++Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) ++Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) ++Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) ++Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 ++Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) ++Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) ++Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) ++Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) ++Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) ++Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) ++Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) ++Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) ++Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) ++Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) ++Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) ++Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) ++Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) ++Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) ++Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) ++Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) ++Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) ++Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) ++Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) ++Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) ++Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) ++Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) ++Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) ++Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) ++Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) ++Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) ++Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) ++Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) ++Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) ++Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) ++Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) ++Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) ++Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) ++Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) ++Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) ++Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) ++Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) ++Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 8dfe23691b..9451bd8b66 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -353,6 +353,10 @@ static int link_config_apply_ethtool_settings(int *ethtool_fd, const LinkConfig + if (r < 0) + log_device_warning_errno(device, r, "Could not set flow control, ignoring: %m"); + ++ r = ethtool_set_nic_coalesce_settings(ethtool_fd, name, &config->coalesce); ++ if (r < 0) ++ log_device_warning_errno(device, r, "Could not set coalesce settings, ignoring: %m"); ++ + return 0; + } + +diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h +index b505c94f95..8a29a92822 100644 +--- a/src/udev/net/link-config.h ++++ b/src/udev/net/link-config.h +@@ -64,6 +64,7 @@ struct LinkConfig { + int rx_flow_control; + int tx_flow_control; + int autoneg_flow_control; ++ netdev_coalesce_param coalesce; + + LIST_FIELDS(LinkConfig, links); + }; +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +index 112a81930f..5f232ce698 100644 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ b/test/fuzz/fuzz-link-parser/directives.link +@@ -51,3 +51,25 @@ TxFlowControl= + AutoNegotiationFlowControl= + GenericSegmentOffloadMaxBytes= + GenericSegmentOffloadMaxSegments= ++RxCoalesceSec= ++RxMaxCoalescedFrames= ++RxCoalesceIrqSec= ++RxMaxCoalescedIrqFrames= ++TxCoalesceSec= ++TxMaxCoalescedFrames= ++TxCoalesceIrqSec= ++TxMaxCoalescedIrqFrames= ++StatisticsBlockCoalesceSec= ++UseAdaptiveRxCoalesce= ++UseAdaptiveTxCoalesce= ++CoalescePacketRateLow= ++RxCoalesceLowSec= ++RxMaxCoalescedLowFrames= ++TxCoalesceLowSec= ++TxMaxCoalescedLowFrames= ++CoalescePacketRateHigh= ++RxCoalesceHighSec= ++RxMaxCoalescedHighFrames= ++TxCoalesceHighSec= ++TxMaxCoalescedHighFrames= ++CoalescePacketRateSampleIntervalSec= +-- +2.31.1 + diff --git a/20484.patch b/20484.patch new file mode 100644 index 0000000..9da073b --- /dev/null +++ b/20484.patch @@ -0,0 +1,96 @@ +From 0e5c20b7a4f47fd3f8edbc2735810ea3513360bb Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Aug 2021 13:44:35 +0100 +Subject: [PATCH] link: Add support for rx-gro-hw nic feature + +--- + man/systemd.link.xml | 7 +++++++ + src/shared/ethtool-util.c | 15 ++++++++------- + src/shared/ethtool-util.h | 1 + + src/udev/net/link-config-gperf.gperf | 1 + + test/fuzz/fuzz-link-parser/directives.link | 1 + + 5 files changed, 18 insertions(+), 7 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 6d8dcb9af7..638a1522cd 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -701,6 +701,13 @@ + When unset, the kernel's default will be used. + + ++ ++ GenericReceiveOffloadHardware= ++ ++ Takes a boolean. If set to true, hardware accelerated Generic Receive Offload (GRO) is ++ enabled. When unset, the kernel's default will be used. ++ ++ + + LargeReceiveOffload= + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index f7f553dd29..a08bb2b7f5 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -70,13 +70,14 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); + DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); + + static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { +- [NET_DEV_FEAT_RX] = "rx-checksum", +- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ +- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", +- [NET_DEV_FEAT_GRO] = "rx-gro", +- [NET_DEV_FEAT_LRO] = "rx-lro", +- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", +- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", ++ [NET_DEV_FEAT_RX] = "rx-checksum", ++ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ ++ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", ++ [NET_DEV_FEAT_GRO] = "rx-gro", ++ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", ++ [NET_DEV_FEAT_LRO] = "rx-lro", ++ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", ++ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", + }; + + static const char* const ethtool_link_mode_bit_table[] = { +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index bb0333775c..2181ab6fd6 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -23,6 +23,7 @@ typedef enum NetDevFeature { + NET_DEV_FEAT_TX, + NET_DEV_FEAT_GSO, + NET_DEV_FEAT_GRO, ++ NET_DEV_FEAT_GRO_HW, + NET_DEV_FEAT_LRO, + NET_DEV_FEAT_TSO, + NET_DEV_FEAT_TSO6, +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index f800de8386..44b46cb17c 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -57,6 +57,7 @@ Link.TCPSegmentationOffload, config_parse_tristate, + Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) + Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 + Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) ++Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) + Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) + Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) + Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +index 5f232ce698..b5cffb1a27 100644 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ b/test/fuzz/fuzz-link-parser/directives.link +@@ -36,6 +36,7 @@ TCPSegmentationOffload= + TCP6SegmentationOffload= + UDPSegmentationOffload= + GenericReceiveOffload= ++GenericReceiveOffloadHardware= + LargeReceiveOffload= + RxChannels= + TxChannels= +-- +2.31.1 + diff --git a/20489.patch b/20489.patch new file mode 100644 index 0000000..0b4f8d9 --- /dev/null +++ b/20489.patch @@ -0,0 +1,127 @@ +From 0a377494bcfcf4e145e260478071be124d56dc6d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 20 Aug 2021 09:41:34 +0900 +Subject: [PATCH] network: add UseMTU= in [IPv6AcceptRA] + +Note that kernel has similar knob in sysctl: accept_ra_mtu. + +Closes #18868. +--- + man/systemd.network.xml | 8 ++++++++ + src/network/networkd-ndisc.c | 14 +++++++------- + src/network/networkd-network-gperf.gperf | 1 + + src/network/networkd-network.c | 3 ++- + src/network/networkd-network.h | 1 + + test/fuzz/fuzz-network-parser/directives.network | 1 + + 6 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index 03100c035b84..573ba959eb4d 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -2265,6 +2265,14 @@ IPv6Token=prefixstable:2002:da8:1:: + + + ++ ++ UseMTU= ++ ++ Takes a boolean. When true, the MTU received in the Router Advertisement will be ++ used. Defaults to true. ++ ++ ++ + + UseAutonomousPrefix= + +diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c +index f58edb8f3cae..fe1f1e0333cf 100644 +--- a/src/network/networkd-ndisc.c ++++ b/src/network/networkd-ndisc.c +@@ -536,9 +536,9 @@ static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) { + static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { + _cleanup_(route_freep) Route *route = NULL; + struct in6_addr gateway; +- uint16_t lifetime; ++ uint32_t table, mtu = 0; + unsigned preference; +- uint32_t table, mtu; ++ uint16_t lifetime; + usec_t time_now; + int r; + +@@ -575,11 +575,11 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { + if (r < 0) + return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); + +- r = sd_ndisc_router_get_mtu(rt, &mtu); +- if (r == -ENODATA) +- mtu = 0; +- else if (r < 0) +- return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); ++ if (link->network->ipv6_accept_ra_use_mtu) { ++ r = sd_ndisc_router_get_mtu(rt, &mtu); ++ if (r < 0 && r != -ENODATA) ++ return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); ++ } + + table = link_get_ipv6_accept_ra_route_table(link); + +diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf +index aa4dc00e55bc..846e54aed759 100644 +--- a/src/network/networkd-network-gperf.gperf ++++ b/src/network/networkd-network-gperf.gperf +@@ -256,6 +256,7 @@ IPv6AcceptRA.UseAutonomousPrefix, config_parse_bool, + IPv6AcceptRA.UseOnLinkPrefix, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_onlink_prefix) + IPv6AcceptRA.UseDNS, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_dns) + IPv6AcceptRA.UseDomains, config_parse_ipv6_accept_ra_use_domains, 0, offsetof(Network, ipv6_accept_ra_use_domains) ++IPv6AcceptRA.UseMTU, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_mtu) + IPv6AcceptRA.DHCPv6Client, config_parse_ipv6_accept_ra_start_dhcp6_client, 0, offsetof(Network, ipv6_accept_ra_start_dhcp6_client) + IPv6AcceptRA.RouteTable, config_parse_section_route_table, 0, 0 + IPv6AcceptRA.RouteMetric, config_parse_dhcp_route_metric, 0, 0 +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index bb09ba9e8933..1928db537e0c 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -400,15 +400,16 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi + .ipv4_accept_local = -1, + .ipv4_route_localnet = -1, + .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, +- .ipv6_accept_ra = -1, + .ipv6_dad_transmits = -1, + .ipv6_hop_limit = -1, + .ipv6_proxy_ndp = -1, + .proxy_arp = -1, + ++ .ipv6_accept_ra = -1, + .ipv6_accept_ra_use_dns = true, + .ipv6_accept_ra_use_autonomous_prefix = true, + .ipv6_accept_ra_use_onlink_prefix = true, ++ .ipv6_accept_ra_use_mtu = true, + .ipv6_accept_ra_route_table = RT_TABLE_MAIN, + .ipv6_accept_ra_route_metric = DHCP_ROUTE_METRIC, + .ipv6_accept_ra_start_dhcp6_client = IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES, +diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h +index 815bcf5023fc..95c86e723040 100644 +--- a/src/network/networkd-network.h ++++ b/src/network/networkd-network.h +@@ -301,6 +301,7 @@ struct Network { + bool ipv6_accept_ra_use_dns; + bool ipv6_accept_ra_use_autonomous_prefix; + bool ipv6_accept_ra_use_onlink_prefix; ++ bool ipv6_accept_ra_use_mtu; + bool active_slave; + bool primary_slave; + DHCPUseDomains ipv6_accept_ra_use_domains; +diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network +index 8fe4ced35154..a3711cb77d9c 100644 +--- a/test/fuzz/fuzz-network-parser/directives.network ++++ b/test/fuzz/fuzz-network-parser/directives.network +@@ -342,6 +342,7 @@ Label= + Prefix= + [IPv6AcceptRA] + UseDomains= ++UseMTU= + RouteTable= + RouteMetric= + UseDNS= diff --git a/20541.patch b/20541.patch new file mode 100644 index 0000000..e41e3b1 --- /dev/null +++ b/20541.patch @@ -0,0 +1,306 @@ +From 72328a5977d240d33b78b24e7a6b65b1074000b9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 26 Aug 2021 03:31:05 +0900 +Subject: [PATCH 1/2] ethtool: move function + +I'd like to locate all conf parsers at end of file. +--- + src/shared/ethtool-util.c | 250 +++++++++++++++++++------------------- + 1 file changed, 125 insertions(+), 125 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index c47d819f0596..af3b917c75cb 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -932,6 +932,131 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + return 0; + } + ++int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { ++ struct ethtool_coalesce ecmd = { ++ .cmd = ETHTOOL_GCOALESCE, ++ }; ++ struct ifreq ifr = { ++ .ifr_data = (void*) &ecmd, ++ }; ++ bool need_update = false; ++ int r; ++ ++ assert(ethtool_fd); ++ assert(ifname); ++ assert(coalesce); ++ ++ if (coalesce->use_adaptive_rx_coalesce < 0 && ++ coalesce->use_adaptive_tx_coalesce < 0 && ++ !coalesce->rx_coalesce_usecs.set && ++ !coalesce->rx_max_coalesced_frames.set && ++ !coalesce->rx_coalesce_usecs_irq.set && ++ !coalesce->rx_max_coalesced_frames_irq.set && ++ !coalesce->tx_coalesce_usecs.set && ++ !coalesce->tx_max_coalesced_frames.set && ++ !coalesce->tx_coalesce_usecs_irq.set && ++ !coalesce->tx_max_coalesced_frames_irq.set && ++ !coalesce->stats_block_coalesce_usecs.set && ++ !coalesce->pkt_rate_low.set && ++ !coalesce->rx_coalesce_usecs_low.set && ++ !coalesce->rx_max_coalesced_frames_low.set && ++ !coalesce->tx_coalesce_usecs_low.set && ++ !coalesce->tx_max_coalesced_frames_low.set && ++ !coalesce->pkt_rate_high.set && ++ !coalesce->rx_coalesce_usecs_high.set && ++ !coalesce->rx_max_coalesced_frames_high.set && ++ !coalesce->tx_coalesce_usecs_high.set && ++ !coalesce->tx_max_coalesced_frames_high.set && ++ !coalesce->rate_sample_interval.set) ++ return 0; ++ ++ r = ethtool_connect(ethtool_fd); ++ if (r < 0) ++ return r; ++ ++ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ if (coalesce->use_adaptive_rx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); ++ ++ if (coalesce->use_adaptive_tx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); ++ ++ if (coalesce->rx_coalesce_usecs.set) ++ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames.set) ++ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs.set) ++ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames.set) ++ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->stats_block_coalesce_usecs.set) ++ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); ++ ++ if (coalesce->pkt_rate_low.set) ++ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_low.set) ++ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_low.set) ++ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->pkt_rate_high.set) ++ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_high.set) ++ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_high.set) ++ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->rate_sample_interval.set) ++ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); ++ ++ if (!need_update) ++ return 0; ++ ++ ecmd.cmd = ETHTOOL_SCOALESCE; ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ return 0; ++} ++ + int config_parse_advertise( + const char *unit, + const char *filename, +@@ -1182,128 +1307,3 @@ int config_parse_coalesce_sec( + + return 0; + } +- +-int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { +- struct ethtool_coalesce ecmd = { +- .cmd = ETHTOOL_GCOALESCE, +- }; +- struct ifreq ifr = { +- .ifr_data = (void*) &ecmd, +- }; +- bool need_update = false; +- int r; +- +- assert(ethtool_fd); +- assert(ifname); +- assert(coalesce); +- +- if (coalesce->use_adaptive_rx_coalesce < 0 && +- coalesce->use_adaptive_tx_coalesce < 0 && +- !coalesce->rx_coalesce_usecs.set && +- !coalesce->rx_max_coalesced_frames.set && +- !coalesce->rx_coalesce_usecs_irq.set && +- !coalesce->rx_max_coalesced_frames_irq.set && +- !coalesce->tx_coalesce_usecs.set && +- !coalesce->tx_max_coalesced_frames.set && +- !coalesce->tx_coalesce_usecs_irq.set && +- !coalesce->tx_max_coalesced_frames_irq.set && +- !coalesce->stats_block_coalesce_usecs.set && +- !coalesce->pkt_rate_low.set && +- !coalesce->rx_coalesce_usecs_low.set && +- !coalesce->rx_max_coalesced_frames_low.set && +- !coalesce->tx_coalesce_usecs_low.set && +- !coalesce->tx_max_coalesced_frames_low.set && +- !coalesce->pkt_rate_high.set && +- !coalesce->rx_coalesce_usecs_high.set && +- !coalesce->rx_max_coalesced_frames_high.set && +- !coalesce->tx_coalesce_usecs_high.set && +- !coalesce->tx_max_coalesced_frames_high.set && +- !coalesce->rate_sample_interval.set) +- return 0; +- +- r = ethtool_connect(ethtool_fd); +- if (r < 0) +- return r; +- +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); +- +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) +- return -errno; +- +- if (coalesce->use_adaptive_rx_coalesce >= 0) +- UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); +- +- if (coalesce->use_adaptive_tx_coalesce >= 0) +- UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); +- +- if (coalesce->rx_coalesce_usecs.set) +- UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames.set) +- UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); +- +- if (coalesce->rx_coalesce_usecs_irq.set) +- UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames_irq.set) +- UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); +- +- if (coalesce->tx_coalesce_usecs.set) +- UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames.set) +- UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); +- +- if (coalesce->tx_coalesce_usecs_irq.set) +- UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames_irq.set) +- UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); +- +- if (coalesce->stats_block_coalesce_usecs.set) +- UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); +- +- if (coalesce->pkt_rate_low.set) +- UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); +- +- if (coalesce->rx_coalesce_usecs_low.set) +- UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames_low.set) +- UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); +- +- if (coalesce->tx_coalesce_usecs_low.set) +- UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames_low.set) +- UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); +- +- if (coalesce->pkt_rate_high.set) +- UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); +- +- if (coalesce->rx_coalesce_usecs_high.set) +- UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames_high.set) +- UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); +- +- if (coalesce->tx_coalesce_usecs_high.set) +- UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames_high.set) +- UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); +- +- if (coalesce->rate_sample_interval.set) +- UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); +- +- if (!need_update) +- return 0; +- +- ecmd.cmd = ETHTOOL_SCOALESCE; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) +- return -errno; +- +- return 0; +-} + +From ee7512404b5de7c5ac36e09436379fada2ed84e7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 26 Aug 2021 03:34:23 +0900 +Subject: [PATCH 2/2] udev/net: initialize coalesce tristate variables + +Otherwise, 99-default.link may introduce something like the +following warnings: +---- +Aug 26 03:23:59 systemd-udevd[519]: wlan0: Could not set coalesce settings, ignoring: Operation not supported +Aug 26 03:24:00 systemd-udevd[547]: wlp59s0: Could not set coalesce settings, ignoring: Operation not supported +---- + +Follow-up for 6c35ea5ef0231d519ff24d43a57a72cebab6a121. +--- + src/udev/net/link-config.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 69f651435034..4963ba2fae81 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -142,6 +142,8 @@ int link_load_one(LinkConfigContext *ctx, const char *filename) { + .tx_flow_control = -1, + .autoneg_flow_control = -1, + .txqueuelen = UINT32_MAX, ++ .coalesce.use_adaptive_rx_coalesce = -1, ++ .coalesce.use_adaptive_tx_coalesce = -1, + }; + + for (i = 0; i < ELEMENTSOF(link->features); i++) diff --git a/20676_cherrypicked.patch b/20676_cherrypicked.patch new file mode 100644 index 0000000..e97a589 --- /dev/null +++ b/20676_cherrypicked.patch @@ -0,0 +1,336 @@ +From 0b9f08931944c2e33c6ed012919157e429eb7be2 Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 12:47:49 +0900 +Subject: [PATCH 1/4] fileio: introduce read_virtual_file_fd() + +--- + src/basic/fileio.c | 24 ++++++++++++++++-------- + src/basic/fileio.h | 1 + + 2 files changed, 17 insertions(+), 8 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 466c6321c7..4a0d060105 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -373,9 +373,8 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { + return 1; + } + +-int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { ++int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size) { + _cleanup_free_ char *buf = NULL; +- _cleanup_close_ int fd = -1; + size_t n, size; + int n_retries; + bool truncated = false; +@@ -393,10 +392,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on + * partial success, 1 if untruncated contents were read. */ + +- fd = open(filename, O_RDONLY|O_CLOEXEC); +- if (fd < 0) +- return -errno; +- ++ assert(fd >= 0); + assert(max_size <= READ_VIRTUAL_BYTES_MAX || max_size == SIZE_MAX); + + /* Limit the number of attempts to read the number of bytes returned by fstat(). */ +@@ -432,8 +428,8 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + + n_retries--; + } else if (n_retries > 1) { +- /* Files in /proc are generally smaller than the page size so let's start with a page size +- * buffer from malloc and only use the max buffer on the final try. */ ++ /* Files in /proc are generally smaller than the page size so let's start with ++ * a page size buffer from malloc and only use the max buffer on the final try. */ + size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); + n_retries = 1; + } else { +@@ -517,6 +513,18 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + return !truncated; + } + ++int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { ++ _cleanup_close_ int fd = -1; ++ ++ assert(filename); ++ ++ fd = open(filename, O_RDONLY | O_NOCTTY | O_CLOEXEC); ++ if (fd < 0) ++ return -errno; ++ ++ return read_virtual_file_fd(fd, max_size, ret_contents, ret_size); ++} ++ + int read_full_stream_full( + FILE *f, + const char *filename, +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 9bd2037f5b..82330840bf 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -66,6 +66,7 @@ static inline int read_full_file(const char *filename, char **ret_contents, size + return read_full_file_full(AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, 0, NULL, ret_contents, ret_size); + } + ++int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size); + int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size); + static inline int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { + return read_virtual_file(filename, SIZE_MAX, ret_contents, ret_size); +-- +2.31.1 + + +From bede594fa1ea4c32a886191b774134effcf71bef Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 12:57:30 +0900 +Subject: [PATCH 2/4] string-util: introduce streq_skip_trailing_chars() + +--- + src/basic/string-util.c | 16 ++++++++++++++++ + src/basic/string-util.h | 2 ++ + src/test/test-string-util.c | 28 ++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/src/basic/string-util.c b/src/basic/string-util.c +index a645958d38..6ceaeaf9df 100644 +--- a/src/basic/string-util.c ++++ b/src/basic/string-util.c +@@ -1146,3 +1146,19 @@ int string_contains_word_strv(const char *string, const char *separators, char * + *ret_word = found; + return !!found; + } ++ ++bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { ++ if (!s1 && !s2) ++ return true; ++ if (!s1 || !s2) ++ return false; ++ ++ if (!ok) ++ ok = WHITESPACE; ++ ++ for (; *s1 && *s2; s1++, s2++) ++ if (*s1 != *s2) ++ break; ++ ++ return in_charset(s1, ok) && in_charset(s2, ok); ++} +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index 9155e50ba8..0bf215827e 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * + static inline int string_contains_word(const char *string, const char *separators, const char *word) { + return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); + } ++ ++bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); +diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c +index 4d9d0260c9..9a9c974332 100644 +--- a/src/test/test-string-util.c ++++ b/src/test/test-string-util.c +@@ -1000,6 +1000,33 @@ static void test_strextendf(void) { + assert_se(streq(p, "<77>,<99>,< 88>,<00001234>")); + } + ++static void test_streq_skip_trailing_chars(void) { ++ log_info("/* %s */", __func__); ++ ++ /* NULL is WHITESPACE by default*/ ++ assert_se(streq_skip_trailing_chars("foo bar", "foo bar", NULL)); ++ assert_se(streq_skip_trailing_chars("foo", "foo", NULL)); ++ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", NULL)); ++ assert_se(streq_skip_trailing_chars("foo bar", "foo bar\t\t", NULL)); ++ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar\t\t", NULL)); ++ assert_se(streq_skip_trailing_chars("foo\nbar", "foo\nbar", NULL)); ++ assert_se(streq_skip_trailing_chars("\t\tfoo bar", "\t\tfoo bar", NULL)); ++ assert_se(streq_skip_trailing_chars(" foo bar\t", " foo bar\n", NULL)); ++ ++ assert_se(!streq_skip_trailing_chars("foobar", "foo bar", NULL)); ++ assert_se(!streq_skip_trailing_chars("foo\nbar", "foo\tbar", NULL)); ++ assert_se(!streq_skip_trailing_chars("\t\nfoo bar", "\t foo bar", NULL)); ++ ++ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", WHITESPACE)); ++ assert_se(!streq_skip_trailing_chars("foo bar ", "foo bar", NEWLINE)); ++ ++ assert_se(streq_skip_trailing_chars(NULL, NULL, NULL)); ++ assert_se(streq_skip_trailing_chars("", "", NULL)); ++ assert_se(!streq_skip_trailing_chars(NULL, "foo bar", NULL)); ++ assert_se(!streq_skip_trailing_chars("foo", NULL, NULL)); ++ assert_se(!streq_skip_trailing_chars("", "f", NULL)); ++} ++ + int main(int argc, char *argv[]) { + test_setup_logging(LOG_DEBUG); + +@@ -1039,6 +1066,7 @@ int main(int argc, char *argv[]) { + test_string_contains_word(); + test_strverscmp_improved(); + test_strextendf(); ++ test_streq_skip_trailing_chars(); + + return 0; + } +-- +2.31.1 + + +From a2552e17829d0090db3ff5f2e6f2d772d0fca3e9 Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 13:06:25 +0900 +Subject: [PATCH 3/4] fileio: introduce new mode to suppress writing the same + value + +--- + src/basic/fileio.c | 29 +++++++++++++++++++++++++++-- + src/basic/fileio.h | 23 ++++++++++++----------- + 2 files changed, 39 insertions(+), 13 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 4a0d060105..729789ce47 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -146,6 +146,30 @@ int write_string_stream_ts( + return -EBADF; + } + ++ if (flags & WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) { ++ _cleanup_free_ char *t = NULL; ++ ++ /* If value to be written is same as that of the existing value, then suppress the write. */ ++ ++ if (fd < 0) { ++ fd = fileno(f); ++ if (fd < 0) ++ return -EBADF; ++ } ++ ++ /* Read an additional byte to detect cases where the prefix matches but the rest ++ * doesn't. Also, 0 returned by read_virtual_file_fd() means the read was truncated and ++ * it won't be equal to the new value. */ ++ if (read_virtual_file_fd(fd, strlen(line)+1, &t, NULL) > 0 && ++ streq_skip_trailing_chars(line, t, NEWLINE)) { ++ log_debug("No change in value '%s', supressing write", line); ++ return 0; ++ } ++ ++ if (lseek(fd, 0, SEEK_SET) < 0) ++ return -errno; ++ } ++ + needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); + + if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { +@@ -261,10 +285,11 @@ int write_string_file_ts( + assert(!ts); + + /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ +- fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | ++ fd = open(fn, O_CLOEXEC|O_NOCTTY | + (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | + (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | +- (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), ++ (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0) | ++ (FLAGS_SET(flags, WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) ? O_RDWR : O_WRONLY), + (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); + if (fd < 0) { + r = -errno; +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 82330840bf..a72b2f3881 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -15,17 +15,18 @@ + #define LONG_LINE_MAX (1U*1024U*1024U) + + typedef enum { +- WRITE_STRING_FILE_CREATE = 1 << 0, +- WRITE_STRING_FILE_TRUNCATE = 1 << 1, +- WRITE_STRING_FILE_ATOMIC = 1 << 2, +- WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, +- WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, +- WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, +- WRITE_STRING_FILE_SYNC = 1 << 6, +- WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, +- WRITE_STRING_FILE_NOFOLLOW = 1 << 8, +- WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, +- WRITE_STRING_FILE_MODE_0600 = 1 << 10, ++ WRITE_STRING_FILE_CREATE = 1 << 0, ++ WRITE_STRING_FILE_TRUNCATE = 1 << 1, ++ WRITE_STRING_FILE_ATOMIC = 1 << 2, ++ WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, ++ WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, ++ WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, ++ WRITE_STRING_FILE_SYNC = 1 << 6, ++ WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, ++ WRITE_STRING_FILE_NOFOLLOW = 1 << 8, ++ WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, ++ WRITE_STRING_FILE_MODE_0600 = 1 << 10, ++ WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL = 1 << 11, + + /* And before you wonder, why write_string_file_atomic_label_ts() is a separate function instead of just one + more flag here: it's about linking: we don't want to pull -lselinux into all users of write_string_file() +-- +2.31.1 + + +From 41d86b627331f432454280714dd5b17d255367ba Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 13:07:42 +0900 +Subject: [PATCH 4/4] sysctl-util: minimize side-effects when running + `systemd-sysctl` + +Currently `systemd-sysctl` binary is used in `systemd-sysctl.service` +which is mostly configured as `oneshot`. There are situations where one +would like to use systemd to maintain Sysctl configurations on a host, +using a configuration managers such as Chef or Puppet, by apply +configurations every X duration. +The problem with using `systemd-sysctl` is that it writes all the Sysctl +settings, even if the values for those settings have not changed. From +experience, we have observed that some Sysctl settings cause actions in +the kernel upon writing(like dropping caches) which in turn cause +undesired side effects. +This patch tries to minimize such side effects by comparing values +before writing. +--- + src/basic/sysctl-util.c | 19 +++++-------------- + 1 file changed, 5 insertions(+), 14 deletions(-) + +diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c +index 8913e6ff85..4da3eaf5f7 100644 +--- a/src/basic/sysctl-util.c ++++ b/src/basic/sysctl-util.c +@@ -44,25 +44,16 @@ char *sysctl_normalize(char *s) { + + int sysctl_write(const char *property, const char *value) { + char *p; +- _cleanup_close_ int fd = -1; +- + assert(property); + assert(value); +- +- log_debug("Setting '%s' to '%.*s'.", property, (int) strcspn(value, NEWLINE), value); +- + p = strjoina("/proc/sys/", property); +- fd = open(p, O_WRONLY|O_CLOEXEC); +- if (fd < 0) +- return -errno; ++ path_simplify(p); ++ if (!path_is_normalized(p)) ++ return -EINVAL; + +- if (!endswith(value, "\n")) +- value = strjoina(value, "\n"); +- +- if (write(fd, value, strlen(value)) < 0) +- return -errno; ++ log_debug("Setting '%s' to '%s'", p, value); + +- return 0; ++ return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); + } + + int sysctl_writef(const char *property, const char *format, ...) { +-- +2.31.1 + diff --git a/20695.patch b/20695.patch new file mode 100644 index 0000000..f7ac0bd --- /dev/null +++ b/20695.patch @@ -0,0 +1,24 @@ +From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 +From: Chris Packham +Date: Fri, 10 Sep 2021 09:51:36 +1200 +Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 + +ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition + +Fixes #20694 +--- + src/basic/linux/if_arp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +index c3cc5a9e5eaf..4783af9fe520 100644 +--- a/src/basic/linux/if_arp.h ++++ b/src/basic/linux/if_arp.h +@@ -54,6 +54,7 @@ + #define ARPHRD_X25 271 /* CCITT X.25 */ + #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ + #define ARPHRD_CAN 280 /* Controller Area Network */ ++#define ARPHRD_MCTP 290 + #define ARPHRD_PPP 512 + #define ARPHRD_CISCO 513 /* Cisco HDLC */ + #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/20729.patch b/20729.patch new file mode 100644 index 0000000..82904e5 --- /dev/null +++ b/20729.patch @@ -0,0 +1,927 @@ +From 6d9a72f3b9b4d00ec80051503e5e3d4d7cd46c05 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Sep 2021 01:28:29 +0900 +Subject: [PATCH 1/5] ethtool-util: use sizeof() + +--- + src/shared/ethtool-util.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index af3b917c75cb..d1f5eac63334 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -214,7 +214,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -254,7 +254,7 @@ int ethtool_get_link_info( + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -303,7 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -362,7 +362,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -405,7 +405,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -538,7 +538,7 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); + if (r < 0) +@@ -787,7 +787,7 @@ int ethtool_set_glinksettings( + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = get_glinksettings(*fd, &ifr, &u); + if (r < 0) { +@@ -857,7 +857,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -906,7 +906,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -974,7 +974,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) + +From 4253dab576b3ff17887c3e0d97380aab2aa29d82 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Sep 2021 01:41:15 +0900 +Subject: [PATCH 2/5] ethtool-util: shorten code a bit + +Also fixes a error code in debugging log. +--- + src/shared/ethtool-util.c | 70 ++++++++++++--------------------------- + 1 file changed, 22 insertions(+), 48 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index d1f5eac63334..ac21ef0f61a8 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -216,8 +216,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (isempty(ecmd.driver)) +@@ -256,8 +255,7 @@ int ethtool_get_link_info( + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (ret_autonegotiation) +@@ -305,8 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (epaddr.addr.size != 6) +@@ -364,8 +361,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + UPDATE(ecmd.wolopts, wolopts, need_update); +@@ -374,8 +370,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + return 0; + + ecmd.cmd = ETHTOOL_SWOL; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -407,8 +402,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (ring->rx.set) +@@ -427,8 +421,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + return 0; + + ecmd.cmd = ETHTOOL_SRINGPARAM; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -446,7 +439,6 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + }, + }; + unsigned len; +- int r; + + assert(ethtool_fd >= 0); + assert(ifr); +@@ -454,8 +446,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + + ifr->ifr_data = (void *) &buffer.info; + +- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + if (!buffer.info.sset_mask) +@@ -478,8 +469,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + + ifr->ifr_data = (void *) strings; + +- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + *ret = TAKE_PTR(strings); +@@ -559,9 +549,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + + ifr.ifr_data = (void *) sfeatures; + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) +- return log_debug_errno(r, "ethtool: could not set ethtool features for %s", ifname); ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) ++ return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); + + return 0; + } +@@ -575,7 +564,6 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset + }; + struct ethtool_link_usettings *u; + unsigned offset; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -591,8 +579,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + if (ecmd.req.link_mode_masks_nwords >= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) +@@ -602,8 +589,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + if (ecmd.req.link_mode_masks_nwords <= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) +@@ -636,7 +622,6 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r + struct ethtool_cmd ecmd = { + .cmd = ETHTOOL_GSET, + }; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -644,8 +629,7 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + e = new(struct ethtool_link_usettings, 1); +@@ -678,7 +662,6 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin + __u32 link_mode_data[3 * ETHTOOL_LINK_MODE_MASK_MAX_KERNEL_NU32]; + } ecmd = {}; + unsigned offset; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -700,8 +683,7 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + return 0; +@@ -711,7 +693,6 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin + struct ethtool_cmd ecmd = { + .cmd = ETHTOOL_SSET, + }; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -736,8 +717,7 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + return 0; +@@ -859,8 +839,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (channels->rx.set) +@@ -879,8 +858,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + return 0; + + ecmd.cmd = ETHTOOL_SCHANNELS; +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -908,8 +886,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (rx >= 0) +@@ -925,8 +902,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + return 0; + + ecmd.cmd = ETHTOOL_SPAUSEPARAM; +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -976,8 +952,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (coalesce->use_adaptive_rx_coalesce >= 0) +@@ -1050,8 +1025,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const + return 0; + + ecmd.cmd = ETHTOOL_SCOALESCE; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; + +From 008d3a370ccdea13290ab9277b32cc582b886b17 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 14 Sep 2021 17:42:52 +0900 +Subject: [PATCH 3/5] ethtool: do not set unavailable or never_changed bits + +--- + src/shared/ethtool-util.c | 138 ++++++++++++++++++++++++++------------ + 1 file changed, 96 insertions(+), 42 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index ac21ef0f61a8..59b1bd86f085 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -427,30 +427,31 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + return 0; + } + +-static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, struct ethtool_gstrings **ret) { ++static int get_stringset(int ethtool_fd, const char *ifname, enum ethtool_stringset stringset_id, struct ethtool_gstrings **ret) { + _cleanup_free_ struct ethtool_gstrings *strings = NULL; + struct { + struct ethtool_sset_info info; + uint32_t space; + } buffer = { +- .info = { +- .cmd = ETHTOOL_GSSET_INFO, +- .sset_mask = UINT64_C(1) << stringset_id, +- }, ++ .info.cmd = ETHTOOL_GSSET_INFO, ++ .info.sset_mask = UINT64_C(1) << stringset_id, + }; +- unsigned len; ++ struct ifreq ifr = { ++ .ifr_data = (void*) &buffer, ++ }; ++ uint32_t len; + + assert(ethtool_fd >= 0); +- assert(ifr); ++ assert(ifname); + assert(ret); + +- ifr->ifr_data = (void *) &buffer.info; ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + +- if (!buffer.info.sset_mask) +- return -EINVAL; ++ if (buffer.info.sset_mask == 0) ++ return -EOPNOTSUPP; + + #pragma GCC diagnostic push + #if HAVE_ZERO_LENGTH_BOUNDS +@@ -458,8 +459,10 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + #endif + len = buffer.info.data[0]; + #pragma GCC diagnostic pop ++ if (len == 0) ++ return -EOPNOTSUPP; + +- strings = malloc0(sizeof(struct ethtool_gstrings) + len * ETH_GSTRING_LEN); ++ strings = malloc0(offsetof(struct ethtool_gstrings, data) + len * ETH_GSTRING_LEN); + if (!strings) + return -ENOMEM; + +@@ -467,47 +470,92 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + strings->string_set = stringset_id; + strings->len = len; + +- ifr->ifr_data = (void *) strings; ++ ifr.ifr_data = (void*) strings; + +- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + *ret = TAKE_PTR(strings); ++ return 0; ++} ++ ++static int get_features(int ethtool_fd, const char *ifname, uint32_t n_features, struct ethtool_gfeatures **ret) { ++ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; ++ struct ifreq ifr; ++ ++ assert(ethtool_fd >= 0); ++ assert(ifname); ++ assert(ret); ++ assert(n_features > 0); ++ ++ gfeatures = malloc0(offsetof(struct ethtool_gfeatures, features) + ++ DIV_ROUND_UP(n_features, 32U) * sizeof(gfeatures->features[0])); ++ if (!gfeatures) ++ return -ENOMEM; ++ ++ gfeatures->cmd = ETHTOOL_GFEATURES; ++ gfeatures->size = DIV_ROUND_UP(n_features, 32U); ++ ++ ifr = (struct ifreq) { ++ .ifr_data = (void*) gfeatures, ++ }; ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); ++ ++ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) ++ return -errno; + ++ *ret = TAKE_PTR(gfeatures); + return 0; + } + + static int set_features_bit( + const struct ethtool_gstrings *strings, ++ const struct ethtool_gfeatures *gfeatures, ++ struct ethtool_sfeatures *sfeatures, + const char *feature, +- bool flag, +- struct ethtool_sfeatures *sfeatures) { ++ int flag) { ++ + bool found = false; ++ int r = -ENODATA; + + assert(strings); +- assert(feature); ++ assert(gfeatures); + assert(sfeatures); ++ assert(feature); ++ ++ if (flag < 0) ++ return 0; ++ ++ for (uint32_t i = 0; i < strings->len; i++) { ++ uint32_t block, mask; + +- for (size_t i = 0; i < strings->len; i++) +- if (streq((char *) &strings->data[i * ETH_GSTRING_LEN], feature) || +- (endswith(feature, "-") && startswith((char *) &strings->data[i * ETH_GSTRING_LEN], feature))) { +- size_t block, bit; ++ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && ++ !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) ++ continue; + +- block = i / 32; +- bit = i % 32; ++ block = i / 32; ++ mask = UINT32_C(1) << (i % 32); + +- sfeatures->features[block].valid |= 1 << bit; +- SET_FLAG(sfeatures->features[block].requested, 1 << bit, flag); +- found = true; ++ if (!FLAGS_SET(gfeatures->features[block].available, mask) || ++ FLAGS_SET(gfeatures->features[block].never_changed, mask)) { ++ r = -EOPNOTSUPP; ++ continue; + } + +- return found ? 0 : -ENODATA; ++ sfeatures->features[block].valid |= mask; ++ SET_FLAG(sfeatures->features[block].requested, mask, flag); ++ ++ found = true; ++ } ++ ++ return found ? 0 : r; + } + + int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { + _cleanup_free_ struct ethtool_gstrings *strings = NULL; +- struct ethtool_sfeatures *sfeatures; +- struct ifreq ifr = {}; ++ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; ++ _cleanup_free_ struct ethtool_sfeatures *sfeatures = NULL; ++ struct ifreq ifr; + bool have = false; + int r; + +@@ -528,26 +576,32 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); ++ r = get_stringset(*ethtool_fd, ifname, ETH_SS_FEATURES, &strings); ++ if (r < 0) ++ return log_debug_errno(r, "ethtool: could not get ethtool feature strings: %m"); + +- r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); ++ r = get_features(*ethtool_fd, ifname, strings->len, &gfeatures); + if (r < 0) +- return log_debug_errno(r, "ethtool: could not get ethtool features for %s", ifname); ++ return log_debug_errno(r, "ethtool: could not get ethtool features for %s: %m", ifname); ++ ++ sfeatures = malloc0(offsetof(struct ethtool_sfeatures, features) + ++ DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); ++ if (!sfeatures) ++ return log_oom_debug(); + +- sfeatures = alloca0(sizeof(struct ethtool_sfeatures) + DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); + sfeatures->cmd = ETHTOOL_SFEATURES; + sfeatures->size = DIV_ROUND_UP(strings->len, 32U); + +- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) +- if (features[i] >= 0) { +- r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); +- if (r < 0) { +- log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); +- continue; +- } +- } ++ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { ++ r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); ++ if (r < 0) ++ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); ++ } + +- ifr.ifr_data = (void *) sfeatures; ++ ifr = (struct ifreq) { ++ .ifr_data = (void*) sfeatures, ++ }; ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); + +From 7a4f203547c62cdc7611f38d97058b530570048f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Sep 2021 01:48:59 +0900 +Subject: [PATCH 4/5] ethtool-util: apply tx-checksum-* features at last + +NET_DEV_FEAT_TX matches multiple features. In the next commit, all +features whose strings start with "tx-checksum-" will be added. +To make them take precedence over NET_DEV_FEAT_TX, it will be applied +only when each explicit feature is not applied. +--- + src/shared/ethtool-util.c | 55 ++++++++++++++++++++++++++++++++++++--- + src/shared/ethtool-util.h | 4 ++- + 2 files changed, 54 insertions(+), 5 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index 59b1bd86f085..e95ce1a20917 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -71,13 +71,14 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse P + + static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { + [NET_DEV_FEAT_RX] = "rx-checksum", +- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ + [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", + [NET_DEV_FEAT_GRO] = "rx-gro", + [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", + [NET_DEV_FEAT_LRO] = "rx-lro", + [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", + [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", ++ ++ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ + }; + + static const char* const ethtool_link_mode_bit_table[] = { +@@ -515,6 +516,43 @@ static int set_features_bit( + const char *feature, + int flag) { + ++ assert(strings); ++ assert(gfeatures); ++ assert(sfeatures); ++ assert(feature); ++ ++ if (flag < 0) ++ return 0; ++ ++ for (uint32_t i = 0; i < strings->len; i++) { ++ uint32_t block, mask; ++ ++ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN)) ++ continue; ++ ++ block = i / 32; ++ mask = UINT32_C(1) << (i % 32); ++ ++ if (!FLAGS_SET(gfeatures->features[block].available, mask) || ++ FLAGS_SET(gfeatures->features[block].never_changed, mask)) ++ return -EOPNOTSUPP; ++ ++ sfeatures->features[block].valid |= mask; ++ SET_FLAG(sfeatures->features[block].requested, mask, flag); ++ ++ return 0; ++ } ++ ++ return -ENODATA; ++} ++ ++static int set_features_multiple_bit( ++ const struct ethtool_gstrings *strings, ++ const struct ethtool_gfeatures *gfeatures, ++ struct ethtool_sfeatures *sfeatures, ++ const char *feature, ++ int flag) { ++ + bool found = false; + int r = -ENODATA; + +@@ -529,8 +567,7 @@ static int set_features_bit( + for (uint32_t i = 0; i < strings->len; i++) { + uint32_t block, mask; + +- if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && +- !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) ++ if (!startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature)) + continue; + + block = i / 32; +@@ -542,6 +579,10 @@ static int set_features_bit( + continue; + } + ++ /* The flags is explicitly set by set_features_bit() */ ++ if (FLAGS_SET(sfeatures->features[block].valid, mask)) ++ continue; ++ + sfeatures->features[block].valid |= mask; + SET_FLAG(sfeatures->features[block].requested, mask, flag); + +@@ -592,12 +633,18 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + sfeatures->cmd = ETHTOOL_SFEATURES; + sfeatures->size = DIV_ROUND_UP(strings->len, 32U); + +- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { ++ for (size_t i = 0; i < _NET_DEV_FEAT_SIMPLE_MAX; i++) { + r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); + if (r < 0) + log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); + } + ++ for (size_t i = _NET_DEV_FEAT_SIMPLE_MAX; i < _NET_DEV_FEAT_MAX; i++) { ++ r = set_features_multiple_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); ++ if (r < 0) ++ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); ++ } ++ + ifr = (struct ifreq) { + .ifr_data = (void*) sfeatures, + }; +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 6e180995055b..3f2252563304 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -20,13 +20,15 @@ typedef enum Duplex { + + typedef enum NetDevFeature { + NET_DEV_FEAT_RX, +- NET_DEV_FEAT_TX, + NET_DEV_FEAT_GSO, + NET_DEV_FEAT_GRO, + NET_DEV_FEAT_GRO_HW, + NET_DEV_FEAT_LRO, + NET_DEV_FEAT_TSO, + NET_DEV_FEAT_TSO6, ++ _NET_DEV_FEAT_SIMPLE_MAX, ++ ++ NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, + _NET_DEV_FEAT_MAX, + _NET_DEV_FEAT_INVALID = -EINVAL, + } NetDevFeature; + +From 77bf5c31de1d01edd49ac6aa25cdbe7734a11a25 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 14 Sep 2021 22:12:42 +0900 +Subject: [PATCH 5/5] ethtool-util: add more network device features + +Then, we can easily add new settings to configure features in .link +file. +--- + src/shared/ethtool-util.c | 73 ++++++++++++++++++++++++---- + src/shared/ethtool-util.h | 59 +++++++++++++++++++++- + src/udev/net/link-config-gperf.gperf | 4 +- + 3 files changed, 123 insertions(+), 13 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index e95ce1a20917..00060abff40f 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -70,15 +70,70 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); + DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); + + static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { +- [NET_DEV_FEAT_RX] = "rx-checksum", +- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", +- [NET_DEV_FEAT_GRO] = "rx-gro", +- [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", +- [NET_DEV_FEAT_LRO] = "rx-lro", +- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", +- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", +- +- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ ++ [NET_DEV_FEAT_SG] = "tx-scatter-gather", ++ [NET_DEV_FEAT_IP_CSUM] = "tx-checksum-ipv4", ++ [NET_DEV_FEAT_HW_CSUM] = "tx-checksum-ip-generic", ++ [NET_DEV_FEAT_IPV6_CSUM] = "tx-checksum-ipv6", ++ [NET_DEV_FEAT_HIGHDMA] = "highdma", ++ [NET_DEV_FEAT_FRAGLIST] = "tx-scatter-gather-fraglist", ++ [NET_DEV_FEAT_HW_VLAN_CTAG_TX] = "tx-vlan-hw-insert", ++ [NET_DEV_FEAT_HW_VLAN_CTAG_RX] = "rx-vlan-hw-parse", ++ [NET_DEV_FEAT_HW_VLAN_CTAG_FILTER] = "rx-vlan-filter", ++ [NET_DEV_FEAT_HW_VLAN_STAG_TX] = "tx-vlan-stag-hw-insert", ++ [NET_DEV_FEAT_HW_VLAN_STAG_RX] = "rx-vlan-stag-hw-parse", ++ [NET_DEV_FEAT_HW_VLAN_STAG_FILTER] = "rx-vlan-stag-filter", ++ [NET_DEV_FEAT_VLAN_CHALLENGED] = "vlan-challenged", ++ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", ++ [NET_DEV_FEAT_LLTX] = "tx-lockless", ++ [NET_DEV_FEAT_NETNS_LOCAL] = "netns-local", ++ [NET_DEV_FEAT_GRO] = "rx-gro", ++ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", ++ [NET_DEV_FEAT_LRO] = "rx-lro", ++ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", ++ [NET_DEV_FEAT_GSO_ROBUST] = "tx-gso-robust", ++ [NET_DEV_FEAT_TSO_ECN] = "tx-tcp-ecn-segmentation", ++ [NET_DEV_FEAT_TSO_MANGLEID] = "tx-tcp-mangleid-segmentation", ++ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", ++ [NET_DEV_FEAT_FSO] = "tx-fcoe-segmentation", ++ [NET_DEV_FEAT_GSO_GRE] = "tx-gre-segmentation", ++ [NET_DEV_FEAT_GSO_GRE_CSUM] = "tx-gre-csum-segmentation", ++ [NET_DEV_FEAT_GSO_IPXIP4] = "tx-ipxip4-segmentation", ++ [NET_DEV_FEAT_GSO_IPXIP6] = "tx-ipxip6-segmentation", ++ [NET_DEV_FEAT_GSO_UDP_TUNNEL] = "tx-udp_tnl-segmentation", ++ [NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM] = "tx-udp_tnl-csum-segmentation", ++ [NET_DEV_FEAT_GSO_PARTIAL] = "tx-gso-partial", ++ [NET_DEV_FEAT_GSO_TUNNEL_REMCSUM] = "tx-tunnel-remcsum-segmentation", ++ [NET_DEV_FEAT_GSO_SCTP] = "tx-sctp-segmentation", ++ [NET_DEV_FEAT_GSO_ESP] = "tx-esp-segmentation", ++ [NET_DEV_FEAT_GSO_UDP_L4] = "tx-udp-segmentation", ++ [NET_DEV_FEAT_GSO_FRAGLIST] = "tx-gso-list", ++ [NET_DEV_FEAT_FCOE_CRC] = "tx-checksum-fcoe-crc", ++ [NET_DEV_FEAT_SCTP_CRC] = "tx-checksum-sctp", ++ [NET_DEV_FEAT_FCOE_MTU] = "fcoe-mtu", ++ [NET_DEV_FEAT_NTUPLE] = "rx-ntuple-filter", ++ [NET_DEV_FEAT_RXHASH] = "rx-hashing", ++ [NET_DEV_FEAT_RXCSUM] = "rx-checksum", ++ [NET_DEV_FEAT_NOCACHE_COPY] = "tx-nocache-copy", ++ [NET_DEV_FEAT_LOOPBACK] = "loopback", ++ [NET_DEV_FEAT_RXFCS] = "rx-fcs", ++ [NET_DEV_FEAT_RXALL] = "rx-all", ++ [NET_DEV_FEAT_HW_L2FW_DOFFLOAD] = "l2-fwd-offload", ++ [NET_DEV_FEAT_HW_TC] = "hw-tc-offload", ++ [NET_DEV_FEAT_HW_ESP] = "esp-hw-offload", ++ [NET_DEV_FEAT_HW_ESP_TX_CSUM] = "esp-tx-csum-hw-offload", ++ [NET_DEV_FEAT_RX_UDP_TUNNEL_PORT] = "rx-udp_tunnel-port-offload", ++ [NET_DEV_FEAT_HW_TLS_RECORD] = "tls-hw-record", ++ [NET_DEV_FEAT_HW_TLS_TX] = "tls-hw-tx-offload", ++ [NET_DEV_FEAT_HW_TLS_RX] = "tls-hw-rx-offload", ++ [NET_DEV_FEAT_GRO_FRAGLIST] = "rx-gro-list", ++ [NET_DEV_FEAT_HW_MACSEC] = "macsec-hw-offload", ++ [NET_DEV_FEAT_GRO_UDP_FWD] = "rx-udp-gro-forwarding", ++ [NET_DEV_FEAT_HW_HSR_TAG_INS] = "hsr-tag-ins-offload", ++ [NET_DEV_FEAT_HW_HSR_TAG_RM] = "hsr-tag-rm-offload", ++ [NET_DEV_FEAT_HW_HSR_FWD] = "hsr-fwd-offload", ++ [NET_DEV_FEAT_HW_HSR_DUP] = "hsr-dup-offload", ++ ++ [NET_DEV_FEAT_TXCSUM] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ + }; + + static const char* const ethtool_link_mode_bit_table[] = { +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 3f2252563304..cc0655893175 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -19,16 +19,71 @@ typedef enum Duplex { + } Duplex; + + typedef enum NetDevFeature { +- NET_DEV_FEAT_RX, ++ NET_DEV_FEAT_SG, ++ NET_DEV_FEAT_IP_CSUM, ++ NET_DEV_FEAT_HW_CSUM, ++ NET_DEV_FEAT_IPV6_CSUM, ++ NET_DEV_FEAT_HIGHDMA, ++ NET_DEV_FEAT_FRAGLIST, ++ NET_DEV_FEAT_HW_VLAN_CTAG_TX, ++ NET_DEV_FEAT_HW_VLAN_CTAG_RX, ++ NET_DEV_FEAT_HW_VLAN_CTAG_FILTER, ++ NET_DEV_FEAT_HW_VLAN_STAG_TX, ++ NET_DEV_FEAT_HW_VLAN_STAG_RX, ++ NET_DEV_FEAT_HW_VLAN_STAG_FILTER, ++ NET_DEV_FEAT_VLAN_CHALLENGED, + NET_DEV_FEAT_GSO, ++ NET_DEV_FEAT_LLTX, ++ NET_DEV_FEAT_NETNS_LOCAL, + NET_DEV_FEAT_GRO, + NET_DEV_FEAT_GRO_HW, + NET_DEV_FEAT_LRO, + NET_DEV_FEAT_TSO, ++ NET_DEV_FEAT_GSO_ROBUST, ++ NET_DEV_FEAT_TSO_ECN, ++ NET_DEV_FEAT_TSO_MANGLEID, + NET_DEV_FEAT_TSO6, ++ NET_DEV_FEAT_FSO, ++ NET_DEV_FEAT_GSO_GRE, ++ NET_DEV_FEAT_GSO_GRE_CSUM, ++ NET_DEV_FEAT_GSO_IPXIP4, ++ NET_DEV_FEAT_GSO_IPXIP6, ++ NET_DEV_FEAT_GSO_UDP_TUNNEL, ++ NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM, ++ NET_DEV_FEAT_GSO_PARTIAL, ++ NET_DEV_FEAT_GSO_TUNNEL_REMCSUM, ++ NET_DEV_FEAT_GSO_SCTP, ++ NET_DEV_FEAT_GSO_ESP, ++ NET_DEV_FEAT_GSO_UDP_L4, ++ NET_DEV_FEAT_GSO_FRAGLIST, ++ NET_DEV_FEAT_FCOE_CRC, ++ NET_DEV_FEAT_SCTP_CRC, ++ NET_DEV_FEAT_FCOE_MTU, ++ NET_DEV_FEAT_NTUPLE, ++ NET_DEV_FEAT_RXHASH, ++ NET_DEV_FEAT_RXCSUM, ++ NET_DEV_FEAT_NOCACHE_COPY, ++ NET_DEV_FEAT_LOOPBACK, ++ NET_DEV_FEAT_RXFCS, ++ NET_DEV_FEAT_RXALL, ++ NET_DEV_FEAT_HW_L2FW_DOFFLOAD, ++ NET_DEV_FEAT_HW_TC, ++ NET_DEV_FEAT_HW_ESP, ++ NET_DEV_FEAT_HW_ESP_TX_CSUM, ++ NET_DEV_FEAT_RX_UDP_TUNNEL_PORT, ++ NET_DEV_FEAT_HW_TLS_RECORD, ++ NET_DEV_FEAT_HW_TLS_TX, ++ NET_DEV_FEAT_HW_TLS_RX, ++ NET_DEV_FEAT_GRO_FRAGLIST, ++ NET_DEV_FEAT_HW_MACSEC, ++ NET_DEV_FEAT_GRO_UDP_FWD, ++ NET_DEV_FEAT_HW_HSR_TAG_INS, ++ NET_DEV_FEAT_HW_HSR_TAG_RM, ++ NET_DEV_FEAT_HW_HSR_FWD, ++ NET_DEV_FEAT_HW_HSR_DUP, + _NET_DEV_FEAT_SIMPLE_MAX, + +- NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, ++ NET_DEV_FEAT_TXCSUM = _NET_DEV_FEAT_SIMPLE_MAX, + _NET_DEV_FEAT_MAX, + _NET_DEV_FEAT_INVALID = -EINVAL, + } NetDevFeature; +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index 44b46cb17c0b..e3cdaaee0509 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -50,8 +50,8 @@ Link.Duplex, config_parse_duplex, + Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) + Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) + Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) +-Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) +-Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) ++Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) ++Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) + Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) + Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) + Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) diff --git a/20743.patch b/20743.patch new file mode 100644 index 0000000..0975ce8 --- /dev/null +++ b/20743.patch @@ -0,0 +1,41 @@ +From 0fc51b569570e8bf5aecd5ee03a88eb668b7b385 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 14 Sep 2021 16:33:10 -0700 +Subject: [PATCH] fileio: start with 4k buffer for procfs + +There's a very gradual increase of anonymous memory in systemd-journald that +blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. + +systemd-journald makes many calls to read /proc/PID/cmdline and +/proc/PID/status, both of which tend to be well under 4K. However the +combination of allocating 4M read buffers, then using `realloc()` to +shrink the buffer in `read_virtual_file()` appears to be creating +fragmentation in the heap (when combined with the other allocations +systemd-journald is doing). + +To help mitigate this, try reading /proc with a 4K buffer as +`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. +If it isn't big enough then try again with the larger buffers. +--- + src/basic/fileio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 99a44fdea2..466c6321c7 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -431,6 +431,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + } + + n_retries--; ++ } else if (n_retries > 1) { ++ /* Files in /proc are generally smaller than the page size so let's start with a page size ++ * buffer from malloc and only use the max buffer on the final try. */ ++ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); ++ n_retries = 1; + } else { + size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); + n_retries = 0; +-- +2.31.1 + diff --git a/20828.patch b/20828.patch new file mode 100644 index 0000000..2b55bd4 --- /dev/null +++ b/20828.patch @@ -0,0 +1,240 @@ +From 88eca13f57194765d184ca227320df83f48020e2 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Fri, 24 Sep 2021 01:19:00 -0700 +Subject: [PATCH] link: connect 5 more properties to ethtool features + +Sets up the follow properties and their corresponding ethtool feature: +- ReceiveVLANCTAGHardwareAcceleration == rx-vlan-hw-parse (or rxvlan) +- TransmitVLANCTAGHardwareAcceleration == tx-vlan-hw-insert (or txvlan) +- ReceiveVLANCTAGFilter == rx-vlan-filter +- TransmitVLANSTAGHardwareAcceleration == tx-vlan-stag-hw-insert +- NTupleFilter == rx-ntuple-filter (or ntuple) +--- + man/systemd.link.xml | 35 +++++ + src/udev/net/link-config-gperf.gperf | 153 +++++++++++---------- + test/fuzz/fuzz-link-parser/directives.link | 5 + + 3 files changed, 119 insertions(+), 74 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 638a1522cd38..c8d3c5137459 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -715,6 +715,41 @@ + When unset, the kernel's default will be used. + + ++ ++ ReceiveVLANCTAGHardwareAcceleration= ++ ++ Takes a boolean. If set to true, receive VLAN CTAG hardware acceleration is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ TransmitVLANCTAGHardwareAcceleration= ++ ++ Takes a boolean. If set to true, transmit VLAN CTAG hardware acceleration is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ ReceiveVLANCTAGFilter= ++ ++ Takes a boolean. If set to true, receive filtering on VLAN CTAGs is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ TransmitVLANSTAGHardwareAcceleration= ++ ++ Takes a boolean. If set to true, transmit VLAN STAG HW acceleration is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ NTupleFilter= ++ ++ Takes a boolean. If set to true, receive N-tuple filters and actions are enabled. ++ When unset, the kernel's default will be used. ++ ++ + + RxChannels= + TxChannels= +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index e3cdaaee0509..04c255ce514c 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -21,77 +21,82 @@ struct ConfigPerfItem; + %struct-type + %includes + %% +-Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) +-Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) +-Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) +-Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) +-Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) +-Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) +-Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) +-Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) +-Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) +-Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) +-Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) +-Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) +-Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) +-Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) +-Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) +-Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) +-Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) +-Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) +-Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) +-Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) +-Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) +-Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) +-Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) +-Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) +-Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) +-Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) +-Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) +-Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) +-Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) +-Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) +-Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) +-Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) +-Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) +-Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) +-Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 +-Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) +-Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) +-Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) +-Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) +-Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) +-Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) +-Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) +-Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) +-Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) +-Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) +-Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) +-Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) +-Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) +-Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) +-Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) +-Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) +-Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) +-Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) +-Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) +-Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) +-Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) +-Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) +-Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) +-Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) +-Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) +-Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) +-Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) +-Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) +-Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) +-Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) +-Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) +-Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) +-Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) +-Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) +-Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) +-Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) +-Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) +-Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) +-Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) ++Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) ++Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) ++Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) ++Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) ++Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) ++Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) ++Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) ++Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) ++Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) ++Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) ++Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) ++Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) ++Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) ++Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) ++Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) ++Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) ++Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) ++Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) ++Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) ++Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) ++Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) ++Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) ++Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) ++Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) ++Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) ++Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) ++Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) ++Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) ++Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) ++Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) ++Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) ++Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) ++Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) ++Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) ++Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 ++Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) ++Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) ++Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) ++Link.ReceiveVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_RX]) ++Link.TransmitVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_TX]) ++Link.ReceiveVLANCTAGFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_FILTER]) ++Link.TransmitVLANSTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_STAG_TX]) ++Link.NTupleFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_NTUPLE]) ++Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) ++Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) ++Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) ++Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) ++Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) ++Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) ++Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) ++Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) ++Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) ++Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) ++Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) ++Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) ++Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) ++Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) ++Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) ++Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) ++Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) ++Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) ++Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) ++Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) ++Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) ++Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) ++Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) ++Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) ++Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) ++Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) ++Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) ++Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) ++Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) ++Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) ++Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) ++Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) ++Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) ++Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) ++Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) ++Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +index b5cffb1a271f..8be2434665a7 100644 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ b/test/fuzz/fuzz-link-parser/directives.link +@@ -38,6 +38,11 @@ UDPSegmentationOffload= + GenericReceiveOffload= + GenericReceiveOffloadHardware= + LargeReceiveOffload= ++ReceiveVLANCTAGHardwareAcceleration= ++TransmitVLANCTAGHardwareAcceleration= ++ReceiveVLANCTAGFilter= ++TransmitVLANSTAGHardwareAcceleration= ++NTupleFilter= + RxChannels= + TxChannels= + OtherChannels= diff --git a/20875.patch b/20875.patch new file mode 100644 index 0000000..610ee4c --- /dev/null +++ b/20875.patch @@ -0,0 +1,26 @@ +From 84e1818ce1dc9f5f7eb7b4d4bc87124d82c5080f Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 28 Sep 2021 23:52:39 -0700 +Subject: [PATCH] basic/unit-file: don't filter out names starting with dot + +Fixes #20859 +--- + src/basic/unit-file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..0d58b1c4fe 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -284,7 +284,7 @@ int unit_file_build_name_map( + continue; + } + +- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { ++ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { + char *filename; + _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; + const char *suffix, *dst = NULL; +-- +2.31.1 + diff --git a/20978.patch b/20978.patch new file mode 100644 index 0000000..8330e00 --- /dev/null +++ b/20978.patch @@ -0,0 +1,126 @@ +From a58dea6130fdcccd8cdf50633c939b45e2b32189 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Mon, 11 Oct 2021 00:25:20 -0700 +Subject: [PATCH] core: serialize device cgroup bpf progs across + daemon-reload/reexec + +Follows what was done in b57d75232615f98aefcf41cb145ec2ea3262857d and +adds a test that verifies the device BPF program is not detached during +reload/reexec. +--- + src/core/unit-serialize.c | 4 ++++ + test/TEST-66-DEVICE-ISOLATION/Makefile | 1 + + test/TEST-66-DEVICE-ISOLATION/test.sh | 10 ++++++++ + .../testsuite-66-deviceisolation.service | 9 ++++++++ + test/units/testsuite-66.service | 7 ++++++ + test/units/testsuite-66.sh | 23 +++++++++++++++++++ + 6 files changed, 54 insertions(+) + create mode 120000 test/TEST-66-DEVICE-ISOLATION/Makefile + create mode 100755 test/TEST-66-DEVICE-ISOLATION/test.sh + create mode 100644 test/units/testsuite-66-deviceisolation.service + create mode 100644 test/units/testsuite-66.service + create mode 100755 test/units/testsuite-66.sh + +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index 9e1664ff53af..3458d7017bd5 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -171,6 +171,7 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool switching_root) { + + (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-ingress-installed", u->ip_bpf_ingress_installed); + (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-egress-installed", u->ip_bpf_egress_installed); ++ (void) bpf_program_serialize_attachment(f, fds, "bpf-device-control-installed", u->bpf_device_control_installed); + (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-ingress-installed", u->ip_bpf_custom_ingress_installed); + (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-egress-installed", u->ip_bpf_custom_egress_installed); + +@@ -408,6 +409,9 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { + } else if (streq(l, "ip-bpf-egress-installed")) { + (void) bpf_program_deserialize_attachment(v, fds, &u->ip_bpf_egress_installed); + continue; ++ } else if (streq(l, "bpf-device-control-installed")) { ++ (void) bpf_program_deserialize_attachment(v, fds, &u->bpf_device_control_installed); ++ continue; + + } else if (streq(l, "ip-bpf-custom-ingress-installed")) { + (void) bpf_program_deserialize_attachment_set(v, fds, &u->ip_bpf_custom_ingress_installed); +diff --git a/test/TEST-66-DEVICE-ISOLATION/Makefile b/test/TEST-66-DEVICE-ISOLATION/Makefile +new file mode 120000 +index 000000000000..e9f93b1104cd +--- /dev/null ++++ b/test/TEST-66-DEVICE-ISOLATION/Makefile +@@ -0,0 +1 @@ ++../TEST-01-BASIC/Makefile +\ No newline at end of file +diff --git a/test/TEST-66-DEVICE-ISOLATION/test.sh b/test/TEST-66-DEVICE-ISOLATION/test.sh +new file mode 100755 +index 000000000000..534e43e493e6 +--- /dev/null ++++ b/test/TEST-66-DEVICE-ISOLATION/test.sh +@@ -0,0 +1,10 @@ ++#!/usr/bin/env bash ++set -e ++ ++TEST_DESCRIPTION="test device isolation" ++TEST_NO_NSPAWN=1 ++ ++# shellcheck source=test/test-functions ++. "${TEST_BASE_DIR:?}/test-functions" ++ ++do_test "$@" +diff --git a/test/units/testsuite-66-deviceisolation.service b/test/units/testsuite-66-deviceisolation.service +new file mode 100644 +index 000000000000..0022a9a45724 +--- /dev/null ++++ b/test/units/testsuite-66-deviceisolation.service +@@ -0,0 +1,9 @@ ++[Unit] ++Description=Service that uses device isolation ++ ++[Service] ++DevicePolicy=strict ++DeviceAllow=/dev/null r ++StandardOutput=file:/testsuite66serviceresults ++ExecStartPre=rm -f /testsuite66serviceresults ++ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow > /dev/null && echo thisshouldnotbehere; done" +diff --git a/test/units/testsuite-66.service b/test/units/testsuite-66.service +new file mode 100644 +index 000000000000..a97974a4262d +--- /dev/null ++++ b/test/units/testsuite-66.service +@@ -0,0 +1,7 @@ ++[Unit] ++Description=TESTSUITE-66-DEVICEISOLATION ++ ++[Service] ++ExecStartPre=rm -f /failed /testok ++ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh ++Type=oneshot +diff --git a/test/units/testsuite-66.sh b/test/units/testsuite-66.sh +new file mode 100755 +index 000000000000..870dca42e169 +--- /dev/null ++++ b/test/units/testsuite-66.sh +@@ -0,0 +1,23 @@ ++#!/usr/bin/env bash ++set -eux ++set -o pipefail ++ ++systemd-analyze log-level debug ++systemd-analyze log-target console ++ ++systemctl start testsuite-66-deviceisolation.service ++ ++grep -q "Operation not permitted" /testsuite66serviceresults ++ ++systemctl daemon-reload ++systemctl daemon-reexec ++ ++systemctl stop testsuite-66-deviceisolation.service ++ ++grep -q "thisshouldnotbehere" /testsuite66serviceresults && exit 42 ++ ++systemd-analyze log-level info ++ ++echo OK >/testok ++ ++exit 0 diff --git a/21221.patch b/21221.patch new file mode 100644 index 0000000..cfe113e --- /dev/null +++ b/21221.patch @@ -0,0 +1,172 @@ +From fbdc87679cc4f3c9fc3653636e94be20f06d18e4 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 9 Nov 2021 15:26:28 -0800 +Subject: [PATCH] core: replace slice dependencies as they get added + +Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that +is used when adding slices to the dependencies hashmap. This type is +used to remove slice dependencies when they get overridden by new ones. + +Fixes #20182 +--- + src/core/dbus-unit.c | 2 +- + src/core/load-fragment.c | 2 +- + src/core/unit-serialize.c | 1 + + src/core/unit.c | 10 +++++++--- + src/core/unit.h | 7 +++++-- + src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- + 6 files changed, 45 insertions(+), 8 deletions(-) + +diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c +index fe320f1b05a8..d4ec789a7c11 100644 +--- a/src/core/dbus-unit.c ++++ b/src/core/dbus-unit.c +@@ -2273,7 +2273,7 @@ static int bus_unit_set_transient_property( + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); + + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { +- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ r = unit_set_slice(u, slice); + if (r < 0) + return r; + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 62cadaf2286f..830048ae1915 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3792,7 +3792,7 @@ int config_parse_unit_slice( + return 0; + } + +- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ r = unit_set_slice(u, slice); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); + return 0; +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index 3458d7017bd5..7d2e6bc130de 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -593,6 +593,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency + { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, + { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, + { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, ++ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, + }; + + assert(f); +diff --git a/src/core/unit.c b/src/core/unit.c +index 4c55827a6511..a3bca43566e0 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3284,7 +3284,7 @@ int unit_set_invocation_id(Unit *u, sd_id128_t id) { + return r; + } + +-int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { ++int unit_set_slice(Unit *u, Unit *slice) { + int r; + + assert(u); +@@ -3317,7 +3317,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { + if (UNIT_GET_SLICE(u) && u->cgroup_realized) + return -EBUSY; + +- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); ++ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ ++ if (UNIT_GET_SLICE(u)) ++ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); ++ ++ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); + if (r < 0) + return r; + +@@ -3373,7 +3377,7 @@ int unit_set_default_slice(Unit *u) { + if (r < 0) + return r; + +- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ return unit_set_slice(u, slice); + } + + const char *unit_slice_name(Unit *u) { +diff --git a/src/core/unit.h b/src/core/unit.h +index 0dd6a9591d96..ba12fe4ac1ef 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -89,7 +89,10 @@ typedef enum UnitDependencyMask { + /* A dependency created because of data read from /proc/swaps and no other configuration source */ + UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, + +- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, ++ /* A dependency for units in slices assigned by directly setting Slice= */ ++ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, ++ ++ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, + } UnitDependencyMask; + + /* The Unit's dependencies[] hashmaps use this structure as value. It has the same size as a void pointer, and thus can +@@ -782,7 +785,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; + int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); + int unit_load(Unit *unit); + +-int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); ++int unit_set_slice(Unit *u, Unit *slice); + int unit_set_default_slice(Unit *u); + + const char *unit_description(Unit *u) _pure_; +diff --git a/src/test/test-engine.c b/src/test/test-engine.c +index 880af36fb523..673c66561240 100644 +--- a/src/test/test-engine.c ++++ b/src/test/test-engine.c +@@ -8,6 +8,7 @@ + #include "manager-dump.h" + #include "rm-rf.h" + #include "service.h" ++#include "slice.h" + #include "special.h" + #include "strv.h" + #include "tests.h" +@@ -75,7 +76,8 @@ int main(int argc, char *argv[]) { + _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; + _cleanup_(manager_freep) Manager *m = NULL; + Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, +- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; ++ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, ++ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; + Job *j; + int r; + +@@ -260,5 +262,32 @@ int main(int argc, char *argv[]) { + + verify_dependency_atoms(); + ++ /* Test adding multiple Slice= dependencies; only the last should remain */ ++ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); ++ ++ unit_set_slice(tomato, sauce); ++ unit_set_slice(tomato, fruit); ++ unit_set_slice(tomato, zupa); ++ ++ assert_se(UNIT_GET_SLICE(tomato) == zupa); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); ++ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); ++ ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); ++ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); ++ ++ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); ++ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); ++ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); ++ ++ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); ++ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); ++ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); ++ + return 0; + } diff --git a/21241.patch b/21241.patch new file mode 100644 index 0000000..5889a9c --- /dev/null +++ b/21241.patch @@ -0,0 +1,128 @@ +From 084d0849fc864b0377551b211def7a89b642c5e9 Mon Sep 17 00:00:00 2001 +From: Julia Kartseva +Date: Thu, 4 Nov 2021 18:52:02 -0700 +Subject: [PATCH 1/2] core: fix bpf-foreign cg controller realization + +Requiring /sys/fs/bpf path to be a mount point at the moment of cgroup +controllers realization does more harm than good, because: +* Realization happens early on boot, the mount point may not be ready at +the time. That happens if mounts are made by a .mount unit (the issue we +encountered). +* BPF filesystem may be mounted on another point. + +Remove the check. Instead verify that path provided by BPFProgram= is +within BPF fs when unit properties are parsed. + +Split in two commits for simple backport. +--- + src/core/bpf-foreign.c | 10 ---------- + src/core/bpf-foreign.h | 5 ++++- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c +index 6b93b9785fb5..686c14ce1f18 100644 +--- a/src/core/bpf-foreign.c ++++ b/src/core/bpf-foreign.c +@@ -111,16 +111,6 @@ static int bpf_foreign_prepare( + return 0; + } + +-int bpf_foreign_supported(void) { +- int r; +- +- r = cg_all_unified(); +- if (r <= 0) +- return r; +- +- return path_is_mount_point("/sys/fs/bpf", NULL, 0); +-} +- + int bpf_foreign_install(Unit *u) { + _cleanup_free_ char *cgroup_path = NULL; + CGroupBPFForeignProgram *p; +diff --git a/src/core/bpf-foreign.h b/src/core/bpf-foreign.h +index 9559cd79812b..e387b1b1d389 100644 +--- a/src/core/bpf-foreign.h ++++ b/src/core/bpf-foreign.h +@@ -4,7 +4,10 @@ + + #include "unit.h" + +-int bpf_foreign_supported(void); ++static inline int bpf_foreign_supported(void) { ++ return cg_all_unified(); ++} ++ + /* + * Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity + * external to systemd. + +From dedca960afdee5797d19929c43853513711e3e3d Mon Sep 17 00:00:00 2001 +From: Julia Kartseva +Date: Thu, 4 Nov 2021 18:55:55 -0700 +Subject: [PATCH 2/2] core: check fs type of BPFProgram= property path + +Tests: + +``` +% stat --file-system --format="%T" /root/bpf/trivial/ +bpf_fs + +% systemd-nspawn -D/ --volatile=yes \ +--property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \ +--quiet -- ping -c 5 -W 1 ::1 +PING ::1(::1) 56 data bytes + +--- ::1 ping statistics --- +5 packets transmitted, 0 received, 100% packet loss, time 4110ms +``` + +``` +% stat --file-system --format='%T' /root/meh +btrfs + +% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh +--quiet -- ping -c 5 -W 1 ::1 +``` +sudo ./build/systemd-nspawn \ +-D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \ +ping -c 1 -W 1 ::1 +PING ::1(::1) 56 data bytes +64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms + +--- ::1 ping statistics --- +1 packets transmitted, 1 received, 0% packet loss, time 0ms +--- + src/core/bpf-foreign.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c +index 686c14ce1f18..8538792b60db 100644 +--- a/src/core/bpf-foreign.c ++++ b/src/core/bpf-foreign.c +@@ -4,8 +4,10 @@ + #include "bpf-program.h" + #include "cgroup.h" + #include "memory-util.h" ++#include "missing_magic.h" + #include "mountpoint-util.h" + #include "set.h" ++#include "stat-util.h" + + typedef struct BPFForeignKey BPFForeignKey; + struct BPFForeignKey { +@@ -84,6 +86,14 @@ static int bpf_foreign_prepare( + assert(u); + assert(bpffs_path); + ++ r = path_is_fs_type(bpffs_path, BPF_FS_MAGIC); ++ if (r < 0) ++ return log_unit_error_errno(u, r, ++ "Failed to determine filesystem type of %s: %m", bpffs_path); ++ if (r == 0) ++ return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), ++ "Path in BPF filesystem is expected."); ++ + r = bpf_program_new_from_bpffs_path(bpffs_path, &prog); + if (r < 0) + return log_unit_error_errno(u, r, "Failed to create foreign BPFProgram: %m"); diff --git a/22426-fb.patch b/22426-fb.patch new file mode 100644 index 0000000..41310df --- /dev/null +++ b/22426-fb.patch @@ -0,0 +1,580 @@ +From 3dbc067d326c600a92822037118961641fc76575 Mon Sep 17 00:00:00 2001 +From: Pasha Vorobyev +Date: Fri, 4 Feb 2022 11:49:46 -0800 +Subject: [PATCH] MemoryZSwapMax directive to configure new memory.zswap.max + cgroup file + +--- + man/org.freedesktop.systemd1.xml | 36 +++++++++++++++++++ + src/basic/cgroup-util.c | 36 +++++++++++++++++++ + src/basic/cgroup-util.h | 2 ++ + src/core/cgroup.c | 17 +++++++-- + src/core/cgroup.h | 1 + + src/core/dbus-cgroup.c | 8 +++++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/load-fragment.c | 4 ++- + src/shared/bus-print-properties.c | 2 +- + src/shared/bus-unit-util.c | 1 + + src/systemctl/systemctl-show.c | 8 +++++ + .../fuzz-unit-file/directives-all.service | 1 + + test/fuzz/fuzz-unit-file/directives.mount | 1 + + test/fuzz/fuzz-unit-file/directives.scope | 1 + + test/fuzz/fuzz-unit-file/directives.service | 1 + + test/fuzz/fuzz-unit-file/directives.slice | 1 + + test/fuzz/fuzz-unit-file/directives.socket | 1 + + test/fuzz/fuzz-unit-file/directives.swap | 1 + + 18 files changed, 118 insertions(+), 5 deletions(-) + +diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml +index c14c5b6601..cc37de4fb4 100644 +--- a/man/org.freedesktop.systemd1.xml ++++ b/man/org.freedesktop.systemd1.xml +@@ -2493,6 +2493,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -3030,6 +3032,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + + ++ ++ + + + +@@ -3594,6 +3598,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + + ++ ++ + + + +@@ -4293,6 +4299,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -4858,6 +4866,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ ++ + + + +@@ -5420,6 +5430,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ ++ + + + +@@ -6016,6 +6028,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -6509,6 +6523,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + + + ++ ++ + + + +@@ -6989,6 +7005,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + + + ++ ++ + + + +@@ -7706,6 +7724,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -8185,6 +8205,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + + + ++ ++ + + + +@@ -8651,6 +8673,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + + + ++ ++ + + + +@@ -9221,6 +9245,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -9364,6 +9390,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + + + ++ ++ + + + +@@ -9514,6 +9542,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + + + ++ ++ + + + +@@ -9684,6 +9714,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -9843,6 +9875,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + ++ ++ + + + +@@ -10019,6 +10053,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + ++ ++ + + + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 1ff6160dc8..00b1e71520 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -160,6 +160,42 @@ bool cg_freezer_supported(void) { + return supported; + } + ++bool cg_kill_supported(void) { ++ static thread_local int supported = -1; ++ ++ if (supported >= 0) ++ return supported; ++ ++ if (cg_all_unified() <= 0) ++ supported = false; ++ else if (access("/sys/fs/cgroup/init.scope/cgroup.kill", F_OK) < 0) { ++ if (errno != ENOENT) ++ log_debug_errno(errno, "Failed to check if cgroup.kill is available, assuming not: %m"); ++ supported = false; ++ } else ++ supported = true; ++ ++ return supported; ++} ++ ++bool cg_zswap_supported(void) { ++ static thread_local int supported = -1; ++ ++ if (supported >= 0) ++ return supported; ++ ++ if (cg_all_unified() <= 0) ++ supported = false; ++ else if (access("/sys/fs/cgroup/init.scope/memory.zswap.max", F_OK) < 0) { ++ if (errno != ENOENT) ++ log_debug_errno(errno, "Failed to check if cgroup memory.zswap.max is available, assuming not: %m"); ++ supported = false; ++ } else ++ supported = true; ++ ++ return supported; ++} ++ + int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) { + _cleanup_free_ char *fs = NULL; + int r; +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index ce2f4c6589..8ea94b8870 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -272,6 +272,8 @@ int cg_kernel_controllers(Set **controllers); + + bool cg_ns_supported(void); + bool cg_freezer_supported(void); ++bool cg_kill_supported(void); ++bool cg_zswap_supported(void); + + int cg_all_unified(void); + int cg_hybrid_unified(void); +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 5c07aa71d1..4a0aa65037 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -123,6 +123,7 @@ void cgroup_context_init(CGroupContext *c) { + .memory_high = CGROUP_LIMIT_MAX, + .memory_max = CGROUP_LIMIT_MAX, + .memory_swap_max = CGROUP_LIMIT_MAX, ++ .memory_zswap_max = CGROUP_LIMIT_MAX, + + .memory_limit = CGROUP_LIMIT_MAX, + +@@ -322,6 +323,9 @@ static int unit_compare_memory_limit(Unit *u, const char *property_name, uint64_ + } else if (streq(property_name, "MemorySwapMax")) { + unit_value = c->memory_swap_max; + file = "memory.swap.max"; ++ } else if (streq(property_name, "MemoryZSwapMax")) { ++ unit_value = c->memory_zswap_max; ++ file = "memory.zswap.max"; + } else + return -EINVAL; + +@@ -364,9 +368,10 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, + + /* memory.swap.max is special in that it relies on CONFIG_MEMCG_SWAP (and the default swapaccount=1). + * In the absence of reliably being able to detect whether memcg swap support is available or not, +- * only complain if the error is not ENOENT. */ ++ * only complain if the error is not ENOENT. This is similarly the case for memory.zswap.max relying on CONFIG_ZSWAP. */ + if (r > 0 || IN_SET(r, -ENODATA, -EOWNERDEAD) || +- (r == -ENOENT && streq(property_name, "MemorySwapMax"))) { ++ (r == -ENOENT && (streq(property_name, "MemorySwapMax") || ++ streq(property_name, "MemoryZSwapMax")))) { + buf[0] = 0; + return buf; + } +@@ -441,6 +446,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryHigh: %" PRIu64 "%s\n" + "%sMemoryMax: %" PRIu64 "%s\n" + "%sMemorySwapMax: %" PRIu64 "%s\n" ++ "%sMemoryZSwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" + "%sTasksMax: %" PRIu64 "\n" + "%sDevicePolicy: %s\n" +@@ -475,6 +481,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_high, format_cgroup_memory_limit_comparison(cdc, sizeof(cdc), u, "MemoryHigh"), + prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), + prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), ++ prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"), + prefix, c->memory_limit, + prefix, tasks_max_resolve(&c->tasks_max), + prefix, cgroup_device_policy_to_string(c->device_policy), +@@ -1075,7 +1082,7 @@ static bool unit_has_unified_memory_config(Unit *u) { + + return unit_get_ancestor_memory_min(u) > 0 || unit_get_ancestor_memory_low(u) > 0 || + c->memory_high != CGROUP_LIMIT_MAX || c->memory_max != CGROUP_LIMIT_MAX || +- c->memory_swap_max != CGROUP_LIMIT_MAX; ++ c->memory_swap_max != CGROUP_LIMIT_MAX || c->memory_zswap_max != CGROUP_LIMIT_MAX; + } + + static void cgroup_apply_unified_memory_limit(Unit *u, const char *file, uint64_t v) { +@@ -1442,10 +1449,12 @@ static void cgroup_context_apply( + + if (cg_all_unified() > 0) { + uint64_t max, swap_max = CGROUP_LIMIT_MAX; ++ uint64_t zswap_max = CGROUP_LIMIT_MAX; + + if (unit_has_unified_memory_config(u)) { + max = c->memory_max; + swap_max = c->memory_swap_max; ++ zswap_max = c->memory_zswap_max; + } else { + max = c->memory_limit; + +@@ -1458,6 +1467,8 @@ static void cgroup_context_apply( + cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high); + cgroup_apply_unified_memory_limit(u, "memory.max", max); + cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max); ++ if (cg_zswap_supported()) ++ cgroup_apply_unified_memory_limit(u, "memory.zswap.max", zswap_max); + + (void) set_attribute_and_warn(u, "memory", "memory.oom.group", one_zero(c->memory_oom_group)); + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 3f8cad899d..d40ac0fadc 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -147,6 +147,7 @@ struct CGroupContext { + uint64_t memory_high; + uint64_t memory_max; + uint64_t memory_swap_max; ++ uint64_t memory_zswap_max; + + bool default_memory_min_set; + bool default_memory_low_set; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 84c3caf3a5..e57ceff6f4 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -439,6 +439,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), + SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), + SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), ++ SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), +@@ -860,6 +861,7 @@ BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEI + BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); + BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); + BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); ++BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); + REENABLE_WARNING; + + static int bus_cgroup_set_tasks_max( +@@ -1019,6 +1021,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemorySwapMax")) + return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); + ++ if (streq(name, "MemoryZSwapMax")) ++ return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error); ++ + if (streq(name, "MemoryMax")) + return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); + +@@ -1059,6 +1064,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemorySwapMaxScale")) + return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); + ++ if (streq(name, "MemoryZSwapMaxScale")) ++ return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error); ++ + if (streq(name, "MemoryMaxScale")) + return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); + +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 42441eab6e..27860fb973 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -196,6 +196,7 @@ + {{type}}.MemoryHigh, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) + {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index a068fdf313..b64e64d90f 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3690,7 +3690,7 @@ int config_parse_memory_limit( + bytes = physical_memory_scale(r, 10000U); + + if (bytes >= UINT64_MAX || +- (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { ++ (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryZSwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { + log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue); + return 0; + } +@@ -3714,6 +3714,8 @@ int config_parse_memory_limit( + c->memory_max = bytes; + else if (streq(lvalue, "MemorySwapMax")) + c->memory_swap_max = bytes; ++ else if (streq(lvalue, "MemoryZSwapMax")) ++ c->memory_zswap_max = bytes; + else if (streq(lvalue, "MemoryLimit")) + c->memory_limit = bytes; + else +diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c +index b45921943a..31c2e3cd35 100644 +--- a/src/shared/bus-print-properties.c ++++ b/src/shared/bus-print-properties.c +@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b + + bus_print_property_value(name, expected_value, flags, "[not set]"); + +- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || ++ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || + (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || + (startswith(name, "Limit") && u == UINT64_MAX) || + (startswith(name, "DefaultLimit") && u == UINT64_MAX)) +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index d3a5b25d18..f89b6e7428 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -516,6 +516,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "MemoryHigh", + "MemoryMax", + "MemorySwapMax", ++ "MemoryZSwapMax", + "MemoryLimit", + "TasksMax")) { + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 1f524626bf..2bba11936e 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -247,6 +247,7 @@ typedef struct UnitStatusInfo { + uint64_t memory_high; + uint64_t memory_max; + uint64_t memory_swap_max; ++ uint64_t memory_zswap_max; + uint64_t memory_limit; + uint64_t memory_available; + uint64_t cpu_usage_nsec; +@@ -684,6 +685,7 @@ static void print_status_info( + if (i->memory_min > 0 || i->memory_low > 0 || + i->memory_high != CGROUP_LIMIT_MAX || i->memory_max != CGROUP_LIMIT_MAX || + i->memory_swap_max != CGROUP_LIMIT_MAX || ++ i->memory_zswap_max != CGROUP_LIMIT_MAX || + i->memory_available != CGROUP_LIMIT_MAX || + i->memory_limit != CGROUP_LIMIT_MAX) { + const char *prefix = ""; +@@ -709,6 +711,10 @@ static void print_status_info( + printf("%sswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_swap_max)); + prefix = " "; + } ++ if (i->memory_zswap_max != CGROUP_LIMIT_MAX) { ++ printf("%szswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_zswap_max)); ++ prefix = " "; ++ } + if (i->memory_limit != CGROUP_LIMIT_MAX) { + printf("%slimit: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_limit)); + prefix = " "; +@@ -1850,6 +1856,7 @@ static int show_one( + { "MemoryHigh", "t", NULL, offsetof(UnitStatusInfo, memory_high) }, + { "MemoryMax", "t", NULL, offsetof(UnitStatusInfo, memory_max) }, + { "MemorySwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_swap_max) }, ++ { "MemoryZSwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_zswap_max) }, + { "MemoryLimit", "t", NULL, offsetof(UnitStatusInfo, memory_limit) }, + { "CPUUsageNSec", "t", NULL, offsetof(UnitStatusInfo, cpu_usage_nsec) }, + { "TasksCurrent", "t", NULL, offsetof(UnitStatusInfo, tasks_current) }, +@@ -1884,6 +1891,7 @@ static int show_one( + .memory_high = CGROUP_LIMIT_MAX, + .memory_max = CGROUP_LIMIT_MAX, + .memory_swap_max = CGROUP_LIMIT_MAX, ++ .memory_zswap_max = CGROUP_LIMIT_MAX, + .memory_limit = UINT64_MAX, + .memory_available = CGROUP_LIMIT_MAX, + .cpu_usage_nsec = UINT64_MAX, +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 3039d1c0cd..81ffe4fc86 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -152,6 +152,7 @@ MemoryLimit= + MemoryLow= + MemoryMax= + MemorySwapMax= ++MemoryZSwapMax= + MessageQueueMaxMessages= + MessageQueueMessageSize= + MountAPIVFS= +diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount +index 451f291988..ba5d03cc4b 100644 +--- a/test/fuzz/fuzz-unit-file/directives.mount ++++ b/test/fuzz/fuzz-unit-file/directives.mount +@@ -103,6 +103,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MountAPIVFS= + MountFlags= + MountImages= +diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope +index 7e69cf816b..12e3f02b9b 100644 +--- a/test/fuzz/fuzz-unit-file/directives.scope ++++ b/test/fuzz/fuzz-unit-file/directives.scope +@@ -46,6 +46,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + NetClass= + RestartKillSignal= + RuntimeMaxSec= +diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service +index de7d2c7daf..b27b100f1a 100644 +--- a/test/fuzz/fuzz-unit-file/directives.service ++++ b/test/fuzz/fuzz-unit-file/directives.service +@@ -225,6 +225,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MountAPIVFS= + MountFlags= + MountImages= +diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice +index 789ac8f0db..0004d4dfd4 100644 +--- a/test/fuzz/fuzz-unit-file/directives.slice ++++ b/test/fuzz/fuzz-unit-file/directives.slice +@@ -43,6 +43,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + NetClass= + Slice= + SocketBindAllow= +diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket +index 11f589e22c..02e0349009 100644 +--- a/test/fuzz/fuzz-unit-file/directives.socket ++++ b/test/fuzz/fuzz-unit-file/directives.socket +@@ -131,6 +131,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MessageQueueMaxMessages= + MessageQueueMessageSize= + MountAPIVFS= +diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap +index 582a136531..4536b2a606 100644 +--- a/test/fuzz/fuzz-unit-file/directives.swap ++++ b/test/fuzz/fuzz-unit-file/directives.swap +@@ -100,6 +100,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MountAPIVFS= + MountFlags= + MountImages= +-- +2.34.1 + diff --git a/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch b/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch new file mode 100644 index 0000000..6b148ad --- /dev/null +++ b/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch @@ -0,0 +1,116 @@ +From 1035e36675e10522824476c9084ff1001039c054 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 1 Oct 2021 09:22:18 +0900 +Subject: [PATCH] network: drop and warn duplicated Address= settings + +Fixes #20891. +--- + src/network/networkd-address.c | 43 +++++++++++++++++++++++++++++++--- + src/network/networkd-address.h | 2 +- + src/network/networkd-network.c | 6 ++++- + 3 files changed, 46 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 7b221516d7..e1bc6aa474 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -304,6 +304,12 @@ bool address_equal(const Address *a1, const Address *a2) { + return address_compare_func(a1, a2) == 0; + } + ++DEFINE_PRIVATE_HASH_OPS( ++ address_hash_ops_new, ++ Address, ++ address_hash_func, ++ address_compare_func); ++ + int address_dup(const Address *src, Address **ret) { + _cleanup_(address_freep) Address *dest = NULL; + int r; +@@ -1988,12 +1994,43 @@ static int address_section_verify(Address *address) { + return 0; + } + +-void network_drop_invalid_addresses(Network *network) { ++int network_drop_invalid_addresses(Network *network) { ++ _cleanup_set_free_ Set *addresses = NULL; + Address *address; ++ int r; + + assert(network); + +- ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) +- if (address_section_verify(address) < 0) ++ ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) { ++ Address *dup; ++ ++ if (address_section_verify(address) < 0) { ++ /* Drop invalid [Address] sections or Address= settings in [Network]. ++ * Note that address_free() will drop the address from addresses_by_section. */ + address_free(address); ++ continue; ++ } ++ ++ /* Always use the setting specified later. So, remove the previously assigned setting. */ ++ dup = set_remove(addresses, address); ++ if (dup) { ++ _cleanup_free_ char *buf = NULL; ++ ++ (void) in_addr_prefix_to_string(address->family, &address->in_addr, address->prefixlen, &buf); ++ log_warning("%s: Duplicated address %s is specified at line %u and %u, " ++ "dropping the address setting specified at line %u.", ++ dup->section->filename, strna(buf), address->section->line, ++ dup->section->line, dup->section->line); ++ /* address_free() will drop the address from addresses_by_section. */ ++ address_free(dup); ++ } ++ ++ /* Do not use address_hash_ops_free here. Otherwise, all address settings will be freed. */ ++ r = set_ensure_put(&addresses, &address_hash_ops_new, address); ++ if (r < 0) ++ return log_oom(); ++ assert(r > 0); ++ } ++ ++ return 0; + } +diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h +index ff3d46abdd..55d22ad221 100644 +--- a/src/network/networkd-address.h ++++ b/src/network/networkd-address.h +@@ -85,7 +85,7 @@ int request_process_address(Request *req); + + int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, Manager *m); + +-void network_drop_invalid_addresses(Network *network); ++int network_drop_invalid_addresses(Network *network); + + void address_hash_func(const Address *a, struct siphash *state); + int address_compare_func(const Address *a1, const Address *a2); +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 2a864a38b1..920f7851ba 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -119,6 +119,8 @@ static int network_resolve_stacked_netdevs(Network *network) { + } + + int network_verify(Network *network) { ++ int r; ++ + assert(network); + assert(network->filename); + +@@ -252,7 +254,9 @@ int network_verify(Network *network) { + network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses); + } + +- network_drop_invalid_addresses(network); ++ r = network_drop_invalid_addresses(network); ++ if (r < 0) ++ return r; + network_drop_invalid_routes(network); + network_drop_invalid_nexthops(network); + network_drop_invalid_bridge_fdb_entries(network); +-- +2.31.1 + diff --git a/Makefile.selinux b/Makefile.selinux new file mode 100644 index 0000000..bc159a5 --- /dev/null +++ b/Makefile.selinux @@ -0,0 +1,16 @@ +TARGETS ?= systemd_hs +SHARE ?= /usr/share +MODULES ?= ${TARGETS:=.pp.bz2} + +all: ${TARGETS:=.pp.bz2} + +%.pp.bz2: %.pp + @echo Compressing $^ -\ $@ + bzip2 -9 $^ + +%.pp: %.te + make -f ${SHARE}/selinux/devel/Makefile $@ + +clean: + rm -f *~ *.tc *.pp *.pp.bz2 + rm -rf tmp diff --git a/README.build-in-place b/README.build-in-place new file mode 100644 index 0000000..8b66077 --- /dev/null +++ b/README.build-in-place @@ -0,0 +1,14 @@ +== Building systemd rpms for local development using rpmbuild --build-in-place == + +This approach is based on https://github.com/filbranden/git-rpmbuild +and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/]. + +``` +git clone https://github.com/systemd/systemd +fedpkg clone systemd fedora-systemd +cd systemd +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec +sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm +``` + +`--without lto` and `--without tests` may be useful to speed up the build. diff --git a/SOURCES/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/SOURCES/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch deleted file mode 100644 index f7b3a61..0000000 --- a/SOURCES/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ /dev/null @@ -1,257 +0,0 @@ -From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other - commands - -We can make things a bit simpler and more readable by not specifying the path. -Since we didn't specify the full path for all commands (including those invoked -recursively by anythign we invoke), this didn't really privide any security or -robustness benefits. I guess that full paths were used because this style of -rpm packagnig was popular in the past, with macros used for everything -possible, with special macros for common commands like %{__ln} and %{__mkdir}. - -(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef) ---- - src/rpm/macros.systemd.in | 24 ++++++++++++------------ - src/rpm/triggers.systemd.in | 18 +++++++++--------- - src/rpm/triggers.systemd.sh.in | 18 +++++++++--------- - 3 files changed, 30 insertions(+), 30 deletions(-) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3a0169a85f..3129ab2d61 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ - # Initial installation \ -- %{_bindir}/systemctl --no-reload preset %{?*} || : \ -+ systemctl --no-reload preset %{?*} || : \ - fi \ - %{nil} - -@@ -56,21 +56,21 @@ fi \ - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ - if [ -d /run/systemd/system ]; then \ -- %{_bindir}/systemctl --no-reload disable --now %{?*} || : \ -+ systemctl --no-reload disable --now %{?*} || : \ - else \ -- %{_bindir}/systemctl --no-reload disable %{?*} || : \ -+ systemctl --no-reload disable %{?*} || : \ - fi \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ -- %{_bindir}/systemctl --global disable %{?*} || : \ -+ systemctl --global disable %{?*} || : \ - fi \ - %{nil} - -@@ -84,10 +84,10 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ - # Package upgrade, not uninstall \ - for unit in %{?*}; do \ -- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ -+ systemctl set-property $unit Markers=+needs-restart || : \ - done \ - fi \ - %{nil} -@@ -105,17 +105,17 @@ fi \ - # Deprecated. Use %tmpfiles_create_package instead - %tmpfiles_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \ --[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \ -+command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \ - %{nil} - - # Deprecated. Use %sysusers_create_package instead - %sysusers_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \ -+command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \ - %{nil} - - %sysusers_create_inline() \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - </dev/null && systemd-sysusers - < 0 then - posix.wait(pid) - end - - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -38,7 +38,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "daemon-reload")) -+ assert(posix.execp("systemctl", "daemon-reload")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -49,7 +49,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -62,7 +62,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-sysusers")) -+ assert(posix.execp("systemd-sysusers")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -74,7 +74,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) -+ assert(posix.execp("systemd-hwdb", "update")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -86,7 +86,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) -+ assert(posix.execp("journalctl", "--update-catalog")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -111,7 +111,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create")) -+ assert(posix.execp("systemd-tmpfiles", "--create")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -123,7 +123,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/udevadm", "control", "--reload")) -+ assert(posix.execp("udevadm", "control", "--reload")) - elseif pid > 0 then - posix.wait(pid) - end -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 22abad9812..1631be18c9 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -15,8 +15,8 @@ - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl daemon-reload || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -26,13 +26,13 @@ fi - # have been installed, but before %postun scripts in packages get - # executed. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -+ systemctl daemon-reload || : - fi - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} -@@ -40,21 +40,21 @@ fi - # specified users automatically. The priority is set such that it - # will run before the tmpfiles file trigger. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-sysusers || : -+ systemd-sysusers || : - fi - - %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} - # This script will automatically invoke hwdb update if files have been - # installed or updated in {{UDEV_HWDB_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-hwdb update || : -+ systemd-hwdb update || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} - # This script will automatically invoke journal catalog update if files - # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/journalctl --update-catalog || : -+ journalctl --update-catalog || : - fi - - %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} -@@ -71,14 +71,14 @@ fi - # tmpfiles automatically. The priority is set such that it will run - # after the sysusers file trigger, but before any other triggers. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-tmpfiles --create || : -+ systemd-tmpfiles --create || : - fi - - %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}} - # This script will automatically update udev with new rules if files - # have been installed or updated in {{UDEV_RULES_DIR}}. - if test -e /run/udev/control; then -- %{_bindir}/udevadm control --reload || : -+ udevadm control --reload || : - fi - - %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} --- -2.31.1 - diff --git a/SOURCES/0001-sysv-generator-downgrade-log-warning-about-autogener.patch b/SOURCES/0001-sysv-generator-downgrade-log-warning-about-autogener.patch deleted file mode 100644 index df2bbee..0000000 --- a/SOURCES/0001-sysv-generator-downgrade-log-warning-about-autogener.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0c21535392bf6296d213c35fd1a0b0bc89dbddb3 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Wed, 31 Mar 2021 14:04:09 -0700 -Subject: [PATCH] sysv-generator: downgrade log warning about autogenerated to - debug - ---- - src/sysv-generator/sysv-generator.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c -index 8c7aef23c3..89599a69ee 100644 ---- a/src/sysv-generator/sysv-generator.c -+++ b/src/sysv-generator/sysv-generator.c -@@ -786,9 +786,9 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { - if (!fpath) - return log_oom(); - -- log_warning("SysV service '%s' lacks a native systemd unit file. " -- "Automatically generating a unit file for compatibility. " -- "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); -+ log_debug("SysV service '%s' lacks a native systemd unit file. " -+ "Automatically generating a unit file for compatibility. " -+ "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); - - service = new(SysvStub, 1); - if (!service) --- -2.30.2 - diff --git a/SOURCES/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/SOURCES/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch deleted file mode 100644 index 32047c5..0000000 --- a/SOURCES/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ /dev/null @@ -1,337 +0,0 @@ -From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl - commands -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Instead of embedding the commands to invoke directly in the macros, -let's use a helper script as indirection. This has a couple of advantages: - -- the macro language is awkward, we need to suffix most commands by "|| :" - and "\", which is easy to get wrong. In the new scheme, the macro becomes - a single simple command. -- in the script we can use normal syntax highlighting, shellcheck, etc. -- it's also easier to test the invoked commands by invoking the helper - manually. -- most importantly, the logic is contained in the helper, i.e. we can - update systemd rpm and everything uses the new helper. Before, we would - have to rebuild all packages to update the macro definition. - -This raises the question whether it makes sense to use the lua scriptlets when -the real work is done in a bash script. I think it's OK: we still have the -efficient lua scripts that do the short scripts, and we use a single shared -implementation in bash to do the more complex stuff. - -The meson version is raised to 0.47 because that's needed for install_mode. -We were planning to raise the required version anyway… - -(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4) ---- - README | 2 +- - meson.build | 3 +- - src/rpm/macros.systemd.in | 30 ++++++++-------- - src/rpm/meson.build | 13 ++++--- - src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 43 ++++++++--------------- - src/rpm/triggers.systemd.sh.in | 13 ++----- - 7 files changed, 105 insertions(+), 59 deletions(-) - create mode 100755 src/rpm/systemd-update-helper.in - -diff --git a/README b/README -index 0e5c326deb..a8f23a0d5b 100644 ---- a/README -+++ b/README -@@ -193,7 +193,7 @@ REQUIREMENTS: - python-jinja2 - python-lxml (optional, required to build the indices) - python >= 3.5 -- meson >= 0.46 (>= 0.49 is required to build position-independent executables) -+ meson >= 0.47 (>= 0.49 is required to build position-independent executables) - ninja - gcc, awk, sed, grep, and similar tools - clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs -diff --git a/meson.build b/meson.build -index 738879eb21..fb986e84f7 100644 ---- a/meson.build -+++ b/meson.build -@@ -10,7 +10,7 @@ project('systemd', 'c', - 'localstatedir=/var', - 'warning_level=2', - ], -- meson_version : '>= 0.46', -+ meson_version : '>= 0.47', - ) - - libsystemd_version = '0.32.0' -@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib - conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) - conf.set_quoted('SYSTEMD_TEST_DATA', join_paths(testsdir, 'testdata')) - conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) -+conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', join_paths(rootlibexecdir, 'systemd-update-helper')) - conf.set_quoted('SYSTEMD_USERWORK_PATH', join_paths(rootlibexecdir, 'systemd-userwork')) - conf.set_quoted('SYSTEMD_VERITYSETUP_PATH', join_paths(rootlibexecdir, 'systemd-veritysetup')) - conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'system')) -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3129ab2d61..bbdf036da7 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Initial installation \ -- systemctl --no-reload preset %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \ - fi \ - %{nil} - --%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} -+%systemd_user_post() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Initial installation \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \ -+fi \ -+%{nil} - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- if [ -d /run/systemd/system ]; then \ -- systemctl --no-reload disable --now %{?*} || : \ -- else \ -- systemctl --no-reload disable %{?*} || : \ -- fi \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- systemctl --global disable %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \ - fi \ - %{nil} - -@@ -84,11 +86,9 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package upgrade, not uninstall \ -- for unit in %{?*}; do \ -- systemctl set-property $unit Markers=+needs-restart || : \ -- done \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ - fi \ - %{nil} - -diff --git a/src/rpm/meson.build b/src/rpm/meson.build -index fc72fee73c..2ad3308cc1 100644 ---- a/src/rpm/meson.build -+++ b/src/rpm/meson.build -@@ -1,9 +1,13 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - - in_files = [ -- ['macros.systemd', rpmmacrosdir != 'no'], -- ['triggers.systemd', false], -- ['triggers.systemd.sh', false]] -+ ['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir], -+ -+ # we conditionalize on rpmmacrosdir, but install into rootlibexecdir -+ ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'], -+ -+ ['triggers.systemd', false], -+ ['triggers.systemd.sh', false]] - - # The last two don't get installed anywhere, one of them needs to included in - # the rpm spec file definition instead. -@@ -17,6 +21,7 @@ foreach tuple : in_files - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, - install : tuple[1], -- install_dir : rpmmacrosdir, -+ install_dir : tuple.length() > 2 ? tuple[2] : '', -+ install_mode : tuple.length() > 3 ? tuple[3] : false, - build_by_default : true) - endforeach -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -new file mode 100755 -index 0000000000..9fa49fa131 ---- /dev/null -+++ b/src/rpm/systemd-update-helper.in -@@ -0,0 +1,60 @@ -+#!/bin/bash -+set -eu -+set -o pipefail -+ -+command="${1:?}" -+shift -+ -+command -v systemctl >/dev/null || exit 0 -+ -+case "$command" in -+ install-system-units) -+ systemctl --no-reload preset "$@" -+ ;; -+ -+ install-user-units) -+ systemctl --no-reload preset --global "$@" -+ ;; -+ -+ remove-system-units) -+ if [ -d /run/systemd/system ]; then -+ systemctl --no-reload disable --now "$@" -+ else -+ systemctl --no-reload disable "$@" -+ fi -+ ;; -+ -+ remove-user-units) -+ systemctl --global disable "$@" -+ ;; -+ -+ mark-restart-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-restart || : -+ done -+ ;; -+ -+ system-reload-restart|system-reload|system-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ if [[ "$command" =~ reload ]]; then -+ systemctl daemon-reload -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ systemctl reload-or-restart --marked -+ fi -+ ;; -+ -+ *) -+ echo "Unknown verb '$command'" -+ exit 3 -+ ;; -+esac -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index 247358008a..d29cc33dfd 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -13,20 +13,11 @@ - -- upgraded. We care about the case where a package is initially - -- installed, because other cases are covered by the *un scriptlets, - -- so sometimes we will reload needlessly. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -- -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -35,24 +26,20 @@ end - -- On upgrade, we need to run daemon-reload after any new unit files - -- have been installed, but before %postun scripts in packages get - -- executed. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- We restart remaining services that should be restarted here. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 1631be18c9..83cd7617f8 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -14,10 +14,7 @@ - # upgraded. We care about the case where a package is initially - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been -@@ -25,15 +22,11 @@ fi - # On upgrade, we need to run daemon-reload after any new unit files - # have been installed, but before %postun scripts in packages get - # executed. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. --if test -d "/run/systemd/system"; then -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create --- -2.31.1 - diff --git a/SOURCES/0003-rpm-call-needs-restart-in-parallel.patch b/SOURCES/0003-rpm-call-needs-restart-in-parallel.patch deleted file mode 100644 index 4637f3e..0000000 --- a/SOURCES/0003-rpm-call-needs-restart-in-parallel.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH 3/5] rpm: call +needs-restart in parallel -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some rpms install a bunch of units… It seems nicer to invoke them all in -parallel. In particular, timeouts in systemctl also run in parallel, so if -there's some communication mishap, we will wait less. - -(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c) ---- - src/rpm/systemd-update-helper.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index 9fa49fa131..f3c75b75fa 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -32,8 +32,9 @@ case "$command" in - [ -d /run/systemd/system ] || exit 0 - - for unit in "$@"; do -- systemctl set-property "$unit" Markers=+needs-restart || : -+ systemctl set-property "$unit" Markers=+needs-restart & - done -+ wait - ;; - - system-reload-restart|system-reload|system-restart) --- -2.31.1 - diff --git a/SOURCES/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/SOURCES/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch deleted file mode 100644 index eac9b89..0000000 --- a/SOURCES/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ /dev/null @@ -1,259 +0,0 @@ -From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction - -This closes an important gap: so far we would reexecute the system manager and -restart system services that were configured to do so, but we wouldn't do the -same for user managers or user services. - -The scheme used for user managers is very similar to the system one, except -that there can be multiple user managers running, so we query the system -manager to get a list of them, and then tell each one to do the equivalent -operations: daemon-reload, disable --now, set-property Markers=+needs-restart, -reload-or-restart --marked. - -The total time that can be spend on this is bounded: we execute the commands in -parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT -to a lower value (15 s by default). User managers should not have too many -units running, and they should be able to do all those operations very -quickly (<< 1s). The final restart operation may take longer, but it's done -asynchronously, so we only wait for the queuing to happen. - -The advantage of doing this synchronously is that we can wait for each step to -happen, and for example daemon-reloads can finish before we execute the service -restarts, etc. We can also order various steps wrt. to the phases in the rpm -transaction. - -When this was initially proposed, we discussed a more relaxed scheme with bus -property notifications. Such an approach would be more complex because a bunch -of infrastructure would have to be added to system manager to propagate -appropriate notifications to the user managers, and then the user managers -would have to wait for them. Instead, now there is no new code in the managers, -all new functionality is contained in src/rpm/. The ability to call 'systemctl ---user user@' makes this approach very easy. Also, it would be very hard to -order the user manager steps and the rpm transaction steps. - -Note: 'systemctl --user disable' is only called for a user managers that are -running. I don't see a nice way around this, and it shouldn't matter too much: -we'll just leave a dangling symlink in the case where the user enabled the -service manually. - -A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and -fa97d2fcf64e0558054bee673f734f523373b146. - -(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7) ---- - meson.build | 1 + - meson_options.txt | 2 ++ - src/rpm/macros.systemd.in | 6 +++- - src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 28 ++++++++++++++++++- - src/rpm/triggers.systemd.sh.in | 13 ++++++++- - 6 files changed, 94 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index fb986e84f7..d898d9ccd0 100644 ---- a/meson.build -+++ b/meson.build -@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) - conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) - conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) - conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) -+conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT', get_option('update-helper-user-timeout')) - conf.set_quoted('USER_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'user')) - conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) - conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) -diff --git a/meson_options.txt b/meson_options.txt -index 163c8df87d..9383c7da6a 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', - description : 'directory for xinitrc files') - option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', - description : 'directory for rpm macros ["no" disables]') -+option('update-helper-user-timeout', type : 'string', value : '15s', -+ description : 'how long to wait for user manager operations') - option('pamlibdir', type : 'string', - description : 'directory for PAM modules') - option('pamconfdir', type : 'string', -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index bbdf036da7..caa2e45595 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -93,7 +93,11 @@ fi \ - %{nil} - - %systemd_user_postun_with_restart() \ --%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \ -+fi \ - %{nil} - - %udev_hwdb_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3c75b75fa..f3466ab3c0 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -26,6 +26,15 @@ case "$command" in - - remove-user-units) - systemctl --global disable "$@" -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" disable --now "$@" & -+ done -+ wait - ;; - - mark-restart-system-units) -@@ -37,6 +46,17 @@ case "$command" in - wait - ;; - -+ mark-restart-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" -@@ -54,6 +74,33 @@ case "$command" in - fi - ;; - -+ user-reload-restart|user-reload|user-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ -+ if [[ "$command" =~ reload ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reload & -+ done -+ wait -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" reload-or-restart --marked & -+ done -+ wait -+ fi -+ ;; -+ - *) - echo "Unknown verb '$command'" - exit 3 -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index d29cc33dfd..8aeb2049c1 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -20,6 +20,14 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerin -P 900899 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- On removal, we need to run daemon-reload after any units have been - -- removed. -@@ -33,8 +41,17 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -+-- Execute daemon-reload in user managers. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system ---- We restart remaining services that should be restarted here. -+-- We restart remaining system services that should be restarted here. - pid = posix.fork() - if pid == 0 then - assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -@@ -42,6 +59,15 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 9999 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+-- We restart remaining user services that should be restarted here. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} - -- This script will process files installed in {{SYSUSERS_DIR}} to create - -- specified users automatically. The priority is set such that it -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 83cd7617f8..694cd94e8d 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -16,6 +16,9 @@ - # so sometimes we will reload needlessly. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - -+%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || : -+ - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been - # removed. -@@ -24,10 +27,18 @@ - # executed. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - -+%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# Execute daemon-reload in user managers. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || : -+ - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system --# We restart remaining services that should be restarted here. -+# We restart remaining system services that should be restarted here. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - -+%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# We restart remaining user services that should be restarted here. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || : -+ - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create - # specified users automatically. The priority is set such that it --- -2.31.1 - diff --git a/SOURCES/0005-update-helper-also-add-user-reexec-verb.patch b/SOURCES/0005-update-helper-also-add-user-reexec-verb.patch deleted file mode 100644 index 7c4f7ba..0000000 --- a/SOURCES/0005-update-helper-also-add-user-reexec-verb.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb - -This is not called from the systemd.triggers or systemd.macros files. Instead, -it would be called from the scriptlets in systemd rpm package itself, at the -place where we call systemctl daemon-reexec. - -See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . - -(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533) ---- - src/rpm/systemd-update-helper.in | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3466ab3c0..0c6675a9db 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -74,7 +74,7 @@ case "$command" in - fi - ;; - -- user-reload-restart|user-reload|user-restart) -+ user-reload-restart|user-reload|user-restart|user-reexec) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" - exit 2 -@@ -84,6 +84,14 @@ case "$command" in - - users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') - -+ if [[ "$command" =~ reexec ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reexec & -+ done -+ wait -+ fi -+ - if [[ "$command" =~ reload ]]; then - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ --- -2.31.1 - diff --git a/SOURCES/10-oomd-defaults.conf b/SOURCES/10-oomd-defaults.conf deleted file mode 100644 index 0254657..0000000 --- a/SOURCES/10-oomd-defaults.conf +++ /dev/null @@ -1,2 +0,0 @@ -[OOM] -DefaultMemoryPressureDurationSec=20s diff --git a/SOURCES/10-oomd-root-slice-defaults.conf b/SOURCES/10-oomd-root-slice-defaults.conf deleted file mode 100644 index 49958e8..0000000 --- a/SOURCES/10-oomd-root-slice-defaults.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Slice] -ManagedOOMSwap=kill diff --git a/SOURCES/10-oomd-user-service-defaults.conf b/SOURCES/10-oomd-user-service-defaults.conf deleted file mode 100644 index 94d5c87..0000000 --- a/SOURCES/10-oomd-user-service-defaults.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ManagedOOMMemoryPressure=kill -ManagedOOMMemoryPressureLimit=50% diff --git a/SOURCES/18621-fb.patch b/SOURCES/18621-fb.patch deleted file mode 100644 index 9bd802a..0000000 --- a/SOURCES/18621-fb.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 0762f129c6a9c7bbdb5d575c486d5cf4f7fdae8d Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Tue, 16 Feb 2021 12:17:36 +0000 -Subject: [PATCH] proc: dont trigger mount error with invalid options on old - kernels - -As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce -ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs -mount options") kernels older than v5.8 generate multple warnings at -boot, as seen in this Yocto build from today: - - qemux86-64 login: root - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# dmesg|grep proc: - [ 16.990706] proc: Bad value for 'hidepid' - [ 28.060178] proc: Bad value for 'hidepid' - [ 28.874229] proc: Bad value for 'hidepid' - [ 32.685107] proc: Bad value for 'hidepid' - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# - -We see reports of the issue as in general its hard to someone to tell -the difference between an error in dmesg which they should worry about and -one that is harmless. This adds support burden to developers so Yocto -Project has added this patch. - -The commit that triggers this is systemd v247-rc1~378^2~3 -- so any -systemd 247 and above plus kernel v5.7 or older will need this. - -As noted in https://github.com/systemd/systemd/issues/16896 -it is possible changes could be backported to different kernel versions -so the test isn't 100% foolproof but does give better results than a -continual stream of bug reports. - -Signed-off-by: Richard Purdie - -Changes from Anita Zhang -- Use 5.6.13-0_fbk9 version comparison for FB build ---- - src/core/namespace.c | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index d47531408b..8be8352a8e 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -4,7 +4,9 @@ - #include - #include - #include -+#include - #include -+#include - #include - #include - -@@ -1018,12 +1020,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { - _cleanup_free_ char *opts = NULL; - const char *entry_path; - int r, n; -+ struct utsname uts; -+ bool old = false; - - assert(m); - assert(ns_info); - -- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -- ns_info->proc_subset != PROC_SUBSET_ALL) { -+ /* If uname says that the system is older than v5.6.13-0_fbk9, then the textual hidepid= stuff is not -+ * supported by the kernel, and thus the per-instance hidepid= neither, which means we -+ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's -+ * gracefully fallback to a classic, unrestricted version. */ -+ -+ r = uname(&uts); -+ if (r < 0) -+ return -errno; -+ -+ if (strverscmp(uts.release, "5.6.13-0_fbk9") < 0) { -+ log_debug("Pre v5.6.13-0_fbk9 kernel detected [v%s] - skipping hidepid=", uts.release); -+ old = true; -+ } -+ -+ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -+ ns_info->proc_subset != PROC_SUBSET_ALL)) { - - /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it --- -2.30.2 - diff --git a/SOURCES/18621.patch b/SOURCES/18621.patch deleted file mode 100644 index 80bd969..0000000 --- a/SOURCES/18621.patch +++ /dev/null @@ -1,84 +0,0 @@ -From c225bc59b8907de11f389bd8efb82155ccde75a7 Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Tue, 16 Feb 2021 12:17:36 +0000 -Subject: [PATCH] proc: dont trigger mount error with invalid options on old - kernels - -As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce -ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs -mount options") kernels older than v5.8 generate multple warnings at -boot, as seen in this Yocto build from today: - - qemux86-64 login: root - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# dmesg|grep proc: - [ 16.990706] proc: Bad value for 'hidepid' - [ 28.060178] proc: Bad value for 'hidepid' - [ 28.874229] proc: Bad value for 'hidepid' - [ 32.685107] proc: Bad value for 'hidepid' - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# - -We see reports of the issue as in general its hard to someone to tell -the difference between an error in dmesg which they should worry about and -one that is harmless. This adds support burden to developers so Yocto -Project has added this patch. - -The commit that triggers this is systemd v247-rc1~378^2~3 -- so any -systemd 247 and above plus kernel v5.7 or older will need this. - -As noted in https://github.com/systemd/systemd/issues/16896 -it is possible changes could be backported to different kernel versions -so the test isn't 100% foolproof but does give better results than a -continual stream of bug reports. - -Signed-off-by: Richard Purdie ---- - src/core/namespace.c | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 4ed0991b56d1..3fa2d4e9d640 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -4,7 +4,9 @@ - #include - #include - #include -+#include - #include -+#include - #include - #include - -@@ -881,12 +883,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { - _cleanup_free_ char *opts = NULL; - const char *entry_path; - int r, n; -+ struct utsname uts; -+ bool old = false; - - assert(m); - assert(ns_info); - -- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -- ns_info->proc_subset != PROC_SUBSET_ALL) { -+ /* If uname says that the system is older than v5.8, then the textual hidepid= stuff is not -+ * supported by the kernel, and thus the per-instance hidepid= neither, which means we -+ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's -+ * gracefully fallback to a classic, unrestricted version. */ -+ -+ r = uname(&uts); -+ if (r < 0) -+ return -errno; -+ -+ if (strverscmp(uts.release, "5.8") < 0) { -+ log_debug("Pre v5.8 kernel detected [v%s] - skipping hidepid=", uts.release); -+ old = true; -+ } -+ -+ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -+ ns_info->proc_subset != PROC_SUBSET_ALL)) { - - /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it diff --git a/SOURCES/20-grubby.install b/SOURCES/20-grubby.install deleted file mode 100755 index e059125..0000000 --- a/SOURCES/20-grubby.install +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -if [[ ! -x /sbin/new-kernel-pkg ]]; then - exit 0 -fi - -COMMAND="$1" -KERNEL_VERSION="$2" -BOOT_DIR_ABS="$3" -KERNEL_IMAGE="$4" - -KERNEL_DIR="${KERNEL_IMAGE%/*}" -[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" -case "$COMMAND" in - add) - if [[ "${KERNEL_DIR}" != "/boot" ]]; then - for i in \ - "$KERNEL_IMAGE" \ - "$KERNEL_DIR"/System.map \ - "$KERNEL_DIR"/config \ - "$KERNEL_DIR"/zImage.stub \ - "$KERNEL_DIR"/dtb \ - ; do - [[ -e "$i" ]] || continue - cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" - command -v restorecon &>/dev/null && \ - restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" - done - # hmac is .vmlinuz-.hmac so needs a special treatment - i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" - if [[ -e "$i" ]]; then - cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" - command -v restorecon &>/dev/null && \ - restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" - fi - fi - /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? - /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? - /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? - ;; - remove) - /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? - ;; - *) - ;; -esac - -# skip other installation plugins, if we can't find a boot loader spec conforming setup -if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then - exit 77 -fi diff --git a/SOURCES/20-yama-ptrace.conf b/SOURCES/20-yama-ptrace.conf deleted file mode 100644 index 4fbaf97..0000000 --- a/SOURCES/20-yama-ptrace.conf +++ /dev/null @@ -1,42 +0,0 @@ -# The ptrace system call is used for interprocess services, -# communication and introspection (like synchronisation, signaling, -# debugging, tracing and profiling) of processes. -# -# Usage of ptrace is restricted by normal user permissions. Normal -# unprivileged processes cannot use ptrace on processes that they -# cannot send signals to or processes that are running set-uid or -# set-gid. Nevertheless, processes running under the same uid will -# usually be able to ptrace one another. -# -# Fedora enables the Yama security mechanism which restricts ptrace -# even further. Sysctl setting kernel.yama.ptrace_scope can have one -# of the following values: -# -# 0 - Normal ptrace security permissions. -# 1 - Restricted ptrace. Only child processes plus normal permissions. -# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. -# 3 - No attach. No process may call ptrace at all. Irrevocable. -# -# For more information see Documentation/security/Yama.txt in the -# kernel sources. -# -# The default is 1., which allows tracing of child processes, but -# forbids tracing of arbitrary processes. This allows programs like -# gdb or strace to work when the most common way of having the -# debugger start the debuggee is used: -# gdb /path/to/program ... -# Attaching to already running programs is NOT allowed: -# gdb -p ... -# This default setting is suitable for the common case, because it -# reduces the risk that one hacked process can be used to attack other -# processes. (For example, a hacked firefox process in a user session -# will not be able to ptrace the keyring process and extract passwords -# stored only in memory.) -# -# Developers and administrators might want to disable those protections -# to be able to attach debuggers to existing processes. Use -# sysctl kernel.yama.ptrace_scope=0 -# for change the setting temporarily, or copy this file to -# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. - -kernel.yama.ptrace_scope = 0 diff --git a/SOURCES/20450.patch b/SOURCES/20450.patch deleted file mode 100644 index e63c3d2..0000000 --- a/SOURCES/20450.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 0db68800c756f298ef45584ac01915c2cb2ce359 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 16 Aug 2021 23:47:40 +0900 -Subject: [PATCH 1/2] ethtool: make the size of 'features' array static - ---- - src/shared/ethtool-util.c | 2 +- - src/shared/ethtool-util.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index f77f6943ca4f..699c7a97ab97 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -501,7 +501,7 @@ static int set_features_bit( - return found ? 0 : -ENODATA; - } - --int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features) { -+int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { - _cleanup_free_ struct ethtool_gstrings *strings = NULL; - struct ethtool_sfeatures *sfeatures; - struct ifreq ifr = {}; -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 7d287666249a..f0fc40b0595f 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -88,7 +88,7 @@ int ethtool_get_link_info(int *ethtool_fd, const char *ifname, - int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct ether_addr *ret); - int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts); - int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netdev_ring_param *ring); --int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features); -+int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]); - int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, - int autonegotiation, const uint32_t advertise[static N_ADVERTISE], - uint64_t speed, Duplex duplex, NetDevPort port); - -From c2f2250e5c52ec3745a462e3f55a94c133786df8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 17 Aug 2021 00:44:00 +0900 -Subject: [PATCH 2/2] ethtool: make ethtool_set_features() return earlier when - nothing is requested - ---- - src/shared/ethtool-util.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index 699c7a97ab97..4ca90615f3c1 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -505,12 +505,22 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - _cleanup_free_ struct ethtool_gstrings *strings = NULL; - struct ethtool_sfeatures *sfeatures; - struct ifreq ifr = {}; -- int i, r; -+ bool have = false; -+ int r; - - assert(ethtool_fd); - assert(ifname); - assert(features); - -+ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) -+ if (features[i] >= 0) { -+ have = true; -+ break; -+ } -+ -+ if (!have) -+ return 0; -+ - r = ethtool_connect(ethtool_fd); - if (r < 0) - return r; -@@ -525,8 +535,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - sfeatures->cmd = ETHTOOL_SFEATURES; - sfeatures->size = DIV_ROUND_UP(strings->len, 32U); - -- for (i = 0; i < _NET_DEV_FEAT_MAX; i++) -- if (features[i] != -1) { -+ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) -+ if (features[i] >= 0) { - r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); - if (r < 0) { - log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); diff --git a/SOURCES/20458.patch b/SOURCES/20458.patch deleted file mode 100644 index ad916b4..0000000 --- a/SOURCES/20458.patch +++ /dev/null @@ -1,143 +0,0 @@ -From e9f92c88163841d3f1d29fa5b44ae4c6f71bb014 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 18 Aug 2021 07:59:13 +0100 -Subject: [PATCH] udev: Support "max" string for BufferSize options (#20458) - -"max" indicates the hardware advertised maximum queue buffer size -should be used. - -The max sizes can be checked by running `ethtool -g ` (Preset maximums). -Since the buffer sizes can't be set to 0 by users, internally we use 0 to -indicate that the hardware advertised maximum should be used. ---- - man/systemd.link.xml | 20 ++++++++++++-------- - src/shared/ethtool-util.c | 40 +++++++++++++++++++++++++-------------- - src/shared/ethtool-util.h | 2 ++ - 3 files changed, 40 insertions(+), 22 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 1c18f35fc8..fd744ebaed 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -735,29 +735,33 @@ - - RxBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC receive buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC receive buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - - RxMiniBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC mini receive buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - - RxJumboBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC jumbo receive buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - - TxBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC transmit buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC transmit buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index f77f6943ca..ed251ec8dd 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -399,16 +399,24 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - return -errno; - - if (ring->rx_pending_set) -- UPDATE(ecmd.rx_pending, ring->rx_pending, need_update); -+ UPDATE(ecmd.rx_pending, -+ ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, -+ need_update); - - if (ring->rx_mini_pending_set) -- UPDATE(ecmd.rx_mini_pending, ring->rx_mini_pending, need_update); -+ UPDATE(ecmd.rx_mini_pending, -+ ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, -+ need_update); - - if (ring->rx_jumbo_pending_set) -- UPDATE(ecmd.rx_jumbo_pending, ring->rx_jumbo_pending, need_update); -+ UPDATE(ecmd.rx_jumbo_pending, -+ ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, -+ need_update); - - if (ring->tx_pending_set) -- UPDATE(ecmd.tx_pending, ring->tx_pending, need_update); -+ UPDATE(ecmd.tx_pending, -+ ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, -+ need_update); - - if (!need_update) - return 0; -@@ -1037,16 +1045,20 @@ int config_parse_nic_buffer_size( - assert(rvalue); - assert(data); - -- r = safe_atou32(rvalue, &k); -- if (r < 0) { -- log_syntax(unit, LOG_WARNING, filename, line, r, -- "Failed to parse interface buffer value, ignoring: %s", rvalue); -- return 0; -- } -- if (k < 1) { -- log_syntax(unit, LOG_WARNING, filename, line, 0, -- "Invalid %s= value, ignoring: %s", lvalue, rvalue); -- return 0; -+ if (streq(rvalue, "max")) -+ k = 0; -+ else { -+ r = safe_atou32(rvalue, &k); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse interface buffer value, ignoring: %s", rvalue); -+ return 0; -+ } -+ if (k < 1) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Invalid %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } - } - - if (streq(lvalue, "RxBufferSize")) { -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 7d28766624..aea131914e 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -70,6 +70,8 @@ typedef struct netdev_channels { - } netdev_channels; - - typedef struct netdev_ring_param { -+ /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should -+ * be used. */ - uint32_t rx_pending; - uint32_t rx_mini_pending; - uint32_t rx_jumbo_pending; --- -2.31.1 - diff --git a/SOURCES/20472.patch b/SOURCES/20472.patch deleted file mode 100644 index e5eb57b..0000000 --- a/SOURCES/20472.patch +++ /dev/null @@ -1,425 +0,0 @@ -From 78e57b79c8790448412acca41e5d4495366305a6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 18 Aug 2021 16:41:11 +0900 -Subject: [PATCH] udev: make RxChannels= or friends also accept "max" - -Follow-up for 406041b7de767316674eb6a2f98ad466577ce8a4. - -Also, this makes -- the settings accept an empty string, -- if the specified value is too large, also use the advertised maximum - value. -- mention the range of the value in the man page. ---- - man/systemd.link.xml | 49 ++------ - src/shared/ethtool-util.c | 170 ++++++++++----------------- - src/shared/ethtool-util.h | 36 +++--- - src/udev/net/link-config-gperf.gperf | 16 +-- - 4 files changed, 90 insertions(+), 181 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index fd744ebaed..dfb02073b2 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -710,58 +710,27 @@ - - - RxChannels= -- -- Sets the number of receive channels (a number between 1 and 4294967295) . -- -- -- - TxChannels= -- -- Sets the number of transmit channels (a number between 1 and 4294967295). -- -- -- - OtherChannels= -- -- Sets the number of other channels (a number between 1 and 4294967295). -- -- -- - CombinedChannels= - -- Sets the number of combined set channels (a number between 1 and 4294967295). -+ Specifies the number of receive, transmit, other, or combined channels, respectively. -+ Takes an unsigned integer in the range 1…4294967295 or max. If set to -+ max, the advertised maximum value of the hardware will be used. When -+ unset, the number will not be changed. Defaults to unset. - - - - RxBufferSize= -- -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC receive buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -- -- -- - RxMiniBufferSize= -- -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -- -- -- - RxJumboBufferSize= -- -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -- -- -- - TxBufferSize= - -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC transmit buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -+ Specifies the maximum number of pending packets in the NIC receive buffer, mini receive -+ buffer, jumbo receive buffer, or transmit buffer, respectively. Takes an unsigned integer in -+ the range 1…4294967295 or max. If set to max, the -+ advertised maximum value of the hardware will be used. When unset, the number will not be -+ changed. Defaults to unset. - - - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index ed251ec8dd..2d41d861ba 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -329,6 +329,17 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et - dest = _v; \ - } while(false) - -+#define UPDATE_WITH_MAX(dest, max, val, updated) \ -+ do { \ -+ typeof(dest) _v = (val); \ -+ typeof(dest) _max = (max); \ -+ if (_v == 0 || _v > _max) \ -+ _v = _max; \ -+ if (dest != _v) \ -+ updated = true; \ -+ dest = _v; \ -+ } while(false) -+ - int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - struct ethtool_wolinfo ecmd = { - .cmd = ETHTOOL_GWOL, -@@ -382,10 +393,10 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - assert(ifname); - assert(ring); - -- if (!ring->rx_pending_set && -- !ring->rx_mini_pending_set && -- !ring->rx_jumbo_pending_set && -- !ring->tx_pending_set) -+ if (!ring->rx.set && -+ !ring->rx_mini.set && -+ !ring->rx_jumbo.set && -+ !ring->tx.set) - return 0; - - r = ethtool_connect(ethtool_fd); -@@ -398,25 +409,17 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - if (r < 0) - return -errno; - -- if (ring->rx_pending_set) -- UPDATE(ecmd.rx_pending, -- ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, -- need_update); -+ if (ring->rx.set) -+ UPDATE_WITH_MAX(ecmd.rx_pending, ecmd.rx_max_pending, ring->rx.value, need_update); - -- if (ring->rx_mini_pending_set) -- UPDATE(ecmd.rx_mini_pending, -- ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, -- need_update); -+ if (ring->rx_mini.set) -+ UPDATE_WITH_MAX(ecmd.rx_mini_pending, ecmd.rx_mini_max_pending, ring->rx_mini.value, need_update); - -- if (ring->rx_jumbo_pending_set) -- UPDATE(ecmd.rx_jumbo_pending, -- ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, -- need_update); -+ if (ring->rx_jumbo.set) -+ UPDATE_WITH_MAX(ecmd.rx_jumbo_pending, ecmd.rx_jumbo_max_pending, ring->rx_jumbo.value, need_update); - -- if (ring->tx_pending_set) -- UPDATE(ecmd.tx_pending, -- ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, -- need_update); -+ if (ring->tx.set) -+ UPDATE_WITH_MAX(ecmd.tx_pending, ecmd.tx_max_pending, ring->tx.value, need_update); - - if (!need_update) - return 0; -@@ -832,10 +835,10 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - assert(ifname); - assert(channels); - -- if (!channels->rx_count_set && -- !channels->tx_count_set && -- !channels->other_count_set && -- !channels->combined_count_set) -+ if (!channels->rx.set && -+ !channels->tx.set && -+ !channels->other.set && -+ !channels->combined.set) - return 0; - - r = ethtool_connect(fd); -@@ -848,17 +851,17 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - if (r < 0) - return -errno; - -- if (channels->rx_count_set) -- UPDATE(ecmd.rx_count, channels->rx_count, need_update); -+ if (channels->rx.set) -+ UPDATE_WITH_MAX(ecmd.rx_count, ecmd.max_rx, channels->rx.value, need_update); - -- if (channels->tx_count_set) -- UPDATE(ecmd.tx_count, channels->tx_count, need_update); -+ if (channels->tx.set) -+ UPDATE_WITH_MAX(ecmd.tx_count, ecmd.max_tx, channels->tx.value, need_update); - -- if (channels->other_count_set) -- UPDATE(ecmd.other_count, channels->other_count, need_update); -+ if (channels->other.set) -+ UPDATE_WITH_MAX(ecmd.other_count, ecmd.max_other, channels->other.value, need_update); - -- if (channels->combined_count_set) -- UPDATE(ecmd.combined_count, channels->combined_count, need_update); -+ if (channels->combined.set) -+ UPDATE_WITH_MAX(ecmd.combined_count, ecmd.max_combined, channels->combined.value, need_update); - - if (!need_update) - return 0; -@@ -917,57 +920,6 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - return 0; - } - --int config_parse_channel( -- const char *unit, -- const char *filename, -- unsigned line, -- const char *section, -- unsigned section_line, -- const char *lvalue, -- int ltype, -- const char *rvalue, -- void *data, -- void *userdata) { -- -- netdev_channels *channels = data; -- uint32_t k; -- int r; -- -- assert(filename); -- assert(section); -- assert(lvalue); -- assert(rvalue); -- assert(data); -- -- r = safe_atou32(rvalue, &k); -- if (r < 0) { -- log_syntax(unit, LOG_WARNING, filename, line, r, -- "Failed to parse channel value for %s=, ignoring: %s", lvalue, rvalue); -- return 0; -- } -- if (k < 1) { -- log_syntax(unit, LOG_WARNING, filename, line, 0, -- "Invalid %s= value, ignoring: %s", lvalue, rvalue); -- return 0; -- } -- -- if (streq(lvalue, "RxChannels")) { -- channels->rx_count = k; -- channels->rx_count_set = true; -- } else if (streq(lvalue, "TxChannels")) { -- channels->tx_count = k; -- channels->tx_count_set = true; -- } else if (streq(lvalue, "OtherChannels")) { -- channels->other_count = k; -- channels->other_count_set = true; -- } else if (streq(lvalue, "CombinedChannels")) { -- channels->combined_count = k; -- channels->combined_count_set = true; -- } -- -- return 0; --} -- - int config_parse_advertise( - const char *unit, - const char *filename, -@@ -1023,7 +975,7 @@ int config_parse_advertise( - } - } - --int config_parse_nic_buffer_size( -+int config_parse_ring_buffer_or_channel( - const char *unit, - const char *filename, - unsigned line, -@@ -1035,7 +987,7 @@ int config_parse_nic_buffer_size( - void *data, - void *userdata) { - -- netdev_ring_param *ring = data; -+ u32_opt *dst = data; - uint32_t k; - int r; - -@@ -1045,36 +997,32 @@ int config_parse_nic_buffer_size( - assert(rvalue); - assert(data); - -- if (streq(rvalue, "max")) -- k = 0; -- else { -- r = safe_atou32(rvalue, &k); -- if (r < 0) { -- log_syntax(unit, LOG_WARNING, filename, line, r, -- "Failed to parse interface buffer value, ignoring: %s", rvalue); -- return 0; -- } -- if (k < 1) { -- log_syntax(unit, LOG_WARNING, filename, line, 0, -- "Invalid %s= value, ignoring: %s", lvalue, rvalue); -- return 0; -- } -+ if (isempty(rvalue)) { -+ dst->value = 0; -+ dst->set = false; -+ return 0; -+ } -+ -+ if (streq(rvalue, "max")) { -+ dst->value = 0; -+ dst->set = true; -+ return 0; - } - -- if (streq(lvalue, "RxBufferSize")) { -- ring->rx_pending = k; -- ring->rx_pending_set = true; -- } else if (streq(lvalue, "RxMiniBufferSize")) { -- ring->rx_mini_pending = k; -- ring->rx_mini_pending_set = true; -- } else if (streq(lvalue, "RxJumboBufferSize")) { -- ring->rx_jumbo_pending = k; -- ring->rx_jumbo_pending_set = true; -- } else if (streq(lvalue, "TxBufferSize")) { -- ring->tx_pending = k; -- ring->tx_pending_set = true; -+ r = safe_atou32(rvalue, &k); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ if (k < 1) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Invalid %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; - } - -+ dst->value = k; -+ dst->set = true; - return 0; - } - -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index aea131914e..8fdbdec39a 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -57,30 +57,23 @@ struct ethtool_link_usettings { - } link_modes; - }; - -+typedef struct u32_opt { -+ uint32_t value; /* a value of 0 indicates the hardware advertised maximum should be used.*/ -+ bool set; -+} u32_opt; -+ - typedef struct netdev_channels { -- uint32_t rx_count; -- uint32_t tx_count; -- uint32_t other_count; -- uint32_t combined_count; -- -- bool rx_count_set; -- bool tx_count_set; -- bool other_count_set; -- bool combined_count_set; -+ u32_opt rx; -+ u32_opt tx; -+ u32_opt other; -+ u32_opt combined; - } netdev_channels; - - typedef struct netdev_ring_param { -- /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should -- * be used. */ -- uint32_t rx_pending; -- uint32_t rx_mini_pending; -- uint32_t rx_jumbo_pending; -- uint32_t tx_pending; -- -- bool rx_pending_set; -- bool rx_mini_pending_set; -- bool rx_jumbo_pending_set; -- bool tx_pending_set; -+ u32_opt rx; -+ u32_opt rx_mini; -+ u32_opt rx_jumbo; -+ u32_opt tx; - } netdev_ring_param; - - int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); -@@ -111,6 +104,5 @@ enum ethtool_link_mode_bit_indices ethtool_link_mode_bit_from_string(const char - CONFIG_PARSER_PROTOTYPE(config_parse_duplex); - CONFIG_PARSER_PROTOTYPE(config_parse_wol); - CONFIG_PARSER_PROTOTYPE(config_parse_port); --CONFIG_PARSER_PROTOTYPE(config_parse_channel); - CONFIG_PARSER_PROTOTYPE(config_parse_advertise); --CONFIG_PARSER_PROTOTYPE(config_parse_nic_buffer_size); -+CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index e2f07d758b..d0190da5cb 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -58,15 +58,15 @@ Link.TCP6SegmentationOffload, config_parse_tristate, 0, - Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 - Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) - Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) --Link.RxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) --Link.TxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) --Link.OtherChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) --Link.CombinedChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) -+Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) -+Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -+Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) -+Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) - Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) --Link.RxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) --Link.RxMiniBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) --Link.RxJumboBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) --Link.TxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) -+Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) -+Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) -+Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) -+Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) - Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) - Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) - Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) --- -2.31.1 - diff --git a/SOURCES/20477.patch b/SOURCES/20477.patch deleted file mode 100644 index 6676bff..0000000 --- a/SOURCES/20477.patch +++ /dev/null @@ -1,561 +0,0 @@ -From a1661a140c97a9e8fd90ee00f2de6baa214c9076 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 18 Aug 2021 13:52:00 +0100 -Subject: [PATCH] udev: Add support for configuring nic coalescing settings - -These are configured via the corresponding ethtool ioctl. ---- - man/systemd.link.xml | 71 +++++++ - src/shared/ethtool-util.c | 205 +++++++++++++++++++++ - src/shared/ethtool-util.h | 29 +++ - src/udev/net/link-config-gperf.gperf | 124 ++++++++----- - src/udev/net/link-config.c | 4 + - src/udev/net/link-config.h | 1 + - test/fuzz/fuzz-link-parser/directives.link | 22 +++ - 7 files changed, 405 insertions(+), 51 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index dfb02073b2..6d8dcb9af7 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -773,6 +773,77 @@ - accept. An unsigned integer in the range 1…65535. Defaults to unset. - - -+ -+ UseAdaptiveRxCoalesce= -+ UseAdaptiveTxCoalesce= -+ -+ Boolean properties that, when set, enable/disable adaptive Rx/Tx coalescing if the hardware -+ supports it. When unset, the kernel's default will be used. -+ -+ -+ -+ RxCoalesceSec= -+ RxCoalesceIrqSec= -+ RxCoalesceLowSec= -+ RxCoalesceHighSec= -+ TxCoalesceSec= -+ TxCoalesceIrqSec= -+ TxCoalesceLowSec= -+ TxCoalesceHighSec= -+ -+ These properties configure the delay before Rx/Tx interrupts are generated after a packet is -+ sent/received. The Irq properties come into effect when the host is servicing an -+ IRQ. The Low and High properties come into effect when the -+ packet rate drops below the low packet rate threshold or exceeds the high packet rate threshold -+ respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's defaults will be -+ used. -+ -+ -+ -+ RxMaxCoalescedFrames= -+ RxMaxCoalescedIrqFrames= -+ RxMaxCoalescedLowFrames= -+ RxMaxCoalescedHighFrames= -+ TxMaxCoalescedFrames= -+ TxMaxCoalescedIrqFrames= -+ TxMaxCoalescedLowFrames= -+ TxMaxCoalescedHighFrames= -+ -+ These properties configure the maximum number of frames that are sent/received before a Rx/Tx -+ interrupt is generated. The Irq properties come into effect when the host is -+ servicing an IRQ. The Low and High properties come into -+ effect when the packet rate drops below the low packet rate threshold or exceeds the high packet -+ rate threshold respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's -+ defaults will be used. -+ -+ -+ -+ CoalescePacketRateLow= -+ CoalescePacketRateHigh= -+ -+ These properties configure the low and high packet rate (expressed in packets per second) -+ threshold respectively and are used to determine when the corresponding coalescing settings for low -+ and high packet rates come into effect if adaptive Rx/Tx coalescing is enabled. If unset, the -+ kernel's defaults will be used. -+ -+ -+ -+ CoalescePacketRateSampleIntervalSec= -+ -+ Configures how often to sample the packet rate used for adaptive Rx/Tx coalescing. This -+ property cannot be zero. This lowest time granularity supported by this property is seconds. -+ Partial seconds will be rounded up before being passed to the kernel. If unset, the kernel's -+ default will be used. -+ -+ -+ -+ StatisticsBlockCoalesceSec= -+ -+ How long to delay driver in-memory statistics block updates. If the driver does not have an -+ in-memory statistic block, this property is ignored. This property cannot be zero. If unset, the -+ kernel's default will be used. -+ -+ - - - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index 2d41d861ba..f7f553dd29 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -14,6 +14,7 @@ - #include "memory-util.h" - #include "socket-util.h" - #include "string-table.h" -+#include "strv.h" - #include "strxcpyx.h" - - static const char* const duplex_table[_DUP_MAX] = { -@@ -1091,3 +1092,207 @@ int config_parse_wol( - - return 0; - } -+ -+int config_parse_coalesce_u32( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) { -+ u32_opt *dst = data; -+ uint32_t k; -+ int r; -+ -+ if (isempty(rvalue)) { -+ dst->value = 0; -+ dst->set = false; -+ return 0; -+ } -+ -+ r = safe_atou32(rvalue, &k); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ -+ dst->value = k; -+ dst->set = true; -+ return 0; -+} -+ -+int config_parse_coalesce_sec( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) { -+ u32_opt *dst = data; -+ usec_t usec; -+ int r; -+ -+ if (isempty(rvalue)) { -+ dst->value = 0; -+ dst->set = false; -+ return 0; -+ } -+ -+ r = parse_sec(rvalue, &usec); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse coalesce setting value, ignoring: %s", rvalue); -+ return 0; -+ } -+ -+ if (usec > UINT32_MAX) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Too large %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ -+ if (STR_IN_SET(lvalue, "StatisticsBlockCoalesceSec", "CoalescePacketRateSampleIntervalSec") && usec < 1) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Invalid %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ -+ dst->value = (uint32_t) usec; -+ dst->set = true; -+ -+ return 0; -+} -+ -+int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { -+ struct ethtool_coalesce ecmd = { -+ .cmd = ETHTOOL_GCOALESCE, -+ }; -+ struct ifreq ifr = { -+ .ifr_data = (void*) &ecmd, -+ }; -+ bool need_update = false; -+ int r; -+ -+ assert(ethtool_fd); -+ assert(ifname); -+ assert(coalesce); -+ -+ if (coalesce->use_adaptive_rx_coalesce < 0 && -+ coalesce->use_adaptive_tx_coalesce < 0 && -+ !coalesce->rx_coalesce_usecs.set && -+ !coalesce->rx_max_coalesced_frames.set && -+ !coalesce->rx_coalesce_usecs_irq.set && -+ !coalesce->rx_max_coalesced_frames_irq.set && -+ !coalesce->tx_coalesce_usecs.set && -+ !coalesce->tx_max_coalesced_frames.set && -+ !coalesce->tx_coalesce_usecs_irq.set && -+ !coalesce->tx_max_coalesced_frames_irq.set && -+ !coalesce->stats_block_coalesce_usecs.set && -+ !coalesce->pkt_rate_low.set && -+ !coalesce->rx_coalesce_usecs_low.set && -+ !coalesce->rx_max_coalesced_frames_low.set && -+ !coalesce->tx_coalesce_usecs_low.set && -+ !coalesce->tx_max_coalesced_frames_low.set && -+ !coalesce->pkt_rate_high.set && -+ !coalesce->rx_coalesce_usecs_high.set && -+ !coalesce->rx_max_coalesced_frames_high.set && -+ !coalesce->tx_coalesce_usecs_high.set && -+ !coalesce->tx_max_coalesced_frames_high.set && -+ !coalesce->rate_sample_interval.set) -+ return 0; -+ -+ r = ethtool_connect(ethtool_fd); -+ if (r < 0) -+ return r; -+ -+ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ if (coalesce->use_adaptive_rx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); -+ -+ if (coalesce->use_adaptive_tx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); -+ -+ if (coalesce->rx_coalesce_usecs.set) -+ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames.set) -+ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs.set) -+ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames.set) -+ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->stats_block_coalesce_usecs.set) -+ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); -+ -+ if (coalesce->pkt_rate_low.set) -+ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_low.set) -+ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_low.set) -+ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->pkt_rate_high.set) -+ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_high.set) -+ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_high.set) -+ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->rate_sample_interval.set) -+ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); -+ -+ if (!need_update) -+ return 0; -+ -+ ecmd.cmd = ETHTOOL_SCOALESCE; -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ return 0; -+} -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 8fdbdec39a..bb0333775c 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -76,6 +76,31 @@ typedef struct netdev_ring_param { - u32_opt tx; - } netdev_ring_param; - -+typedef struct netdev_coalesce_param { -+ u32_opt rx_coalesce_usecs; -+ u32_opt rx_max_coalesced_frames; -+ u32_opt rx_coalesce_usecs_irq; -+ u32_opt rx_max_coalesced_frames_irq; -+ u32_opt tx_coalesce_usecs; -+ u32_opt tx_max_coalesced_frames; -+ u32_opt tx_coalesce_usecs_irq; -+ u32_opt tx_max_coalesced_frames_irq; -+ u32_opt stats_block_coalesce_usecs; -+ int use_adaptive_rx_coalesce; -+ int use_adaptive_tx_coalesce; -+ u32_opt pkt_rate_low; -+ u32_opt rx_coalesce_usecs_low; -+ u32_opt rx_max_coalesced_frames_low; -+ u32_opt tx_coalesce_usecs_low; -+ u32_opt tx_max_coalesced_frames_low; -+ u32_opt pkt_rate_high; -+ u32_opt rx_coalesce_usecs_high; -+ u32_opt rx_max_coalesced_frames_high; -+ u32_opt tx_coalesce_usecs_high; -+ u32_opt tx_max_coalesced_frames_high; -+ u32_opt rate_sample_interval; -+} netdev_coalesce_param; -+ - int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); - int ethtool_get_link_info(int *ethtool_fd, const char *ifname, - int *ret_autonegotiation, uint64_t *ret_speed, -@@ -89,6 +114,7 @@ int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, - uint64_t speed, Duplex duplex, NetDevPort port); - int ethtool_set_channels(int *ethtool_fd, const char *ifname, const netdev_channels *channels); - int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int autoneg); -+int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce); - - const char *duplex_to_string(Duplex d) _const_; - Duplex duplex_from_string(const char *d) _pure_; -@@ -106,3 +132,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_wol); - CONFIG_PARSER_PROTOTYPE(config_parse_port); - CONFIG_PARSER_PROTOTYPE(config_parse_advertise); - CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); -+CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_u32); -+CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_sec); -+CONFIG_PARSER_PROTOTYPE(config_parse_nic_coalesce_setting); -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index d0190da5cb..f800de8386 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -21,54 +21,76 @@ struct ConfigPerfItem; - %struct-type - %includes - %% --Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) --Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) --Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) --Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) --Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) --Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) --Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) --Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) --Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) --Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) --Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) --Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) --Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) --Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) --Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) --Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) --Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) --Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) --Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) --Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) --Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) --Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) --Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) --Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) --Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) --Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) --Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) --Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) --Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) --Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) --Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) --Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) --Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) --Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) --Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 --Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) --Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) --Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) --Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) --Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) --Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) --Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) --Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) --Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) --Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) --Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) --Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) --Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) --Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) --Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) --Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) -+Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) -+Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) -+Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) -+Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) -+Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) -+Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) -+Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) -+Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) -+Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) -+Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) -+Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) -+Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) -+Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) -+Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) -+Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) -+Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) -+Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) -+Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) -+Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) -+Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) -+Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) -+Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) -+Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) -+Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) -+Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) -+Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) -+Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) -+Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) -+Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) -+Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) -+Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) -+Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) -+Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) -+Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) -+Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 -+Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) -+Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) -+Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) -+Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -+Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) -+Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) -+Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) -+Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) -+Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) -+Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) -+Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) -+Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) -+Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) -+Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) -+Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) -+Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) -+Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) -+Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) -+Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) -+Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) -+Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) -+Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) -+Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) -+Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) -+Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) -+Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) -+Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) -+Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) -+Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) -+Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) -+Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) -+Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) -+Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) -+Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) -+Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) -+Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) -+Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) -+Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) -diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c -index 8dfe23691b..9451bd8b66 100644 ---- a/src/udev/net/link-config.c -+++ b/src/udev/net/link-config.c -@@ -353,6 +353,10 @@ static int link_config_apply_ethtool_settings(int *ethtool_fd, const LinkConfig - if (r < 0) - log_device_warning_errno(device, r, "Could not set flow control, ignoring: %m"); - -+ r = ethtool_set_nic_coalesce_settings(ethtool_fd, name, &config->coalesce); -+ if (r < 0) -+ log_device_warning_errno(device, r, "Could not set coalesce settings, ignoring: %m"); -+ - return 0; - } - -diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h -index b505c94f95..8a29a92822 100644 ---- a/src/udev/net/link-config.h -+++ b/src/udev/net/link-config.h -@@ -64,6 +64,7 @@ struct LinkConfig { - int rx_flow_control; - int tx_flow_control; - int autoneg_flow_control; -+ netdev_coalesce_param coalesce; - - LIST_FIELDS(LinkConfig, links); - }; -diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link -index 112a81930f..5f232ce698 100644 ---- a/test/fuzz/fuzz-link-parser/directives.link -+++ b/test/fuzz/fuzz-link-parser/directives.link -@@ -51,3 +51,25 @@ TxFlowControl= - AutoNegotiationFlowControl= - GenericSegmentOffloadMaxBytes= - GenericSegmentOffloadMaxSegments= -+RxCoalesceSec= -+RxMaxCoalescedFrames= -+RxCoalesceIrqSec= -+RxMaxCoalescedIrqFrames= -+TxCoalesceSec= -+TxMaxCoalescedFrames= -+TxCoalesceIrqSec= -+TxMaxCoalescedIrqFrames= -+StatisticsBlockCoalesceSec= -+UseAdaptiveRxCoalesce= -+UseAdaptiveTxCoalesce= -+CoalescePacketRateLow= -+RxCoalesceLowSec= -+RxMaxCoalescedLowFrames= -+TxCoalesceLowSec= -+TxMaxCoalescedLowFrames= -+CoalescePacketRateHigh= -+RxCoalesceHighSec= -+RxMaxCoalescedHighFrames= -+TxCoalesceHighSec= -+TxMaxCoalescedHighFrames= -+CoalescePacketRateSampleIntervalSec= --- -2.31.1 - diff --git a/SOURCES/20484.patch b/SOURCES/20484.patch deleted file mode 100644 index 9da073b..0000000 --- a/SOURCES/20484.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 0e5c20b7a4f47fd3f8edbc2735810ea3513360bb Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 19 Aug 2021 13:44:35 +0100 -Subject: [PATCH] link: Add support for rx-gro-hw nic feature - ---- - man/systemd.link.xml | 7 +++++++ - src/shared/ethtool-util.c | 15 ++++++++------- - src/shared/ethtool-util.h | 1 + - src/udev/net/link-config-gperf.gperf | 1 + - test/fuzz/fuzz-link-parser/directives.link | 1 + - 5 files changed, 18 insertions(+), 7 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 6d8dcb9af7..638a1522cd 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -701,6 +701,13 @@ - When unset, the kernel's default will be used. - - -+ -+ GenericReceiveOffloadHardware= -+ -+ Takes a boolean. If set to true, hardware accelerated Generic Receive Offload (GRO) is -+ enabled. When unset, the kernel's default will be used. -+ -+ - - LargeReceiveOffload= - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index f7f553dd29..a08bb2b7f5 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -70,13 +70,14 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); - DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); - - static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { -- [NET_DEV_FEAT_RX] = "rx-checksum", -- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ -- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -- [NET_DEV_FEAT_GRO] = "rx-gro", -- [NET_DEV_FEAT_LRO] = "rx-lro", -- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -+ [NET_DEV_FEAT_RX] = "rx-checksum", -+ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ -+ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -+ [NET_DEV_FEAT_GRO] = "rx-gro", -+ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", -+ [NET_DEV_FEAT_LRO] = "rx-lro", -+ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -+ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", - }; - - static const char* const ethtool_link_mode_bit_table[] = { -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index bb0333775c..2181ab6fd6 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -23,6 +23,7 @@ typedef enum NetDevFeature { - NET_DEV_FEAT_TX, - NET_DEV_FEAT_GSO, - NET_DEV_FEAT_GRO, -+ NET_DEV_FEAT_GRO_HW, - NET_DEV_FEAT_LRO, - NET_DEV_FEAT_TSO, - NET_DEV_FEAT_TSO6, -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index f800de8386..44b46cb17c 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -57,6 +57,7 @@ Link.TCPSegmentationOffload, config_parse_tristate, - Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) - Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 - Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) -+Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) - Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) - Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) - Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link -index 5f232ce698..b5cffb1a27 100644 ---- a/test/fuzz/fuzz-link-parser/directives.link -+++ b/test/fuzz/fuzz-link-parser/directives.link -@@ -36,6 +36,7 @@ TCPSegmentationOffload= - TCP6SegmentationOffload= - UDPSegmentationOffload= - GenericReceiveOffload= -+GenericReceiveOffloadHardware= - LargeReceiveOffload= - RxChannels= - TxChannels= --- -2.31.1 - diff --git a/SOURCES/20489.patch b/SOURCES/20489.patch deleted file mode 100644 index 0b4f8d9..0000000 --- a/SOURCES/20489.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0a377494bcfcf4e145e260478071be124d56dc6d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 Aug 2021 09:41:34 +0900 -Subject: [PATCH] network: add UseMTU= in [IPv6AcceptRA] - -Note that kernel has similar knob in sysctl: accept_ra_mtu. - -Closes #18868. ---- - man/systemd.network.xml | 8 ++++++++ - src/network/networkd-ndisc.c | 14 +++++++------- - src/network/networkd-network-gperf.gperf | 1 + - src/network/networkd-network.c | 3 ++- - src/network/networkd-network.h | 1 + - test/fuzz/fuzz-network-parser/directives.network | 1 + - 6 files changed, 20 insertions(+), 8 deletions(-) - -diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index 03100c035b84..573ba959eb4d 100644 ---- a/man/systemd.network.xml -+++ b/man/systemd.network.xml -@@ -2265,6 +2265,14 @@ IPv6Token=prefixstable:2002:da8:1:: - - - -+ -+ UseMTU= -+ -+ Takes a boolean. When true, the MTU received in the Router Advertisement will be -+ used. Defaults to true. -+ -+ -+ - - UseAutonomousPrefix= - -diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c -index f58edb8f3cae..fe1f1e0333cf 100644 ---- a/src/network/networkd-ndisc.c -+++ b/src/network/networkd-ndisc.c -@@ -536,9 +536,9 @@ static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) { - static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { - _cleanup_(route_freep) Route *route = NULL; - struct in6_addr gateway; -- uint16_t lifetime; -+ uint32_t table, mtu = 0; - unsigned preference; -- uint32_t table, mtu; -+ uint16_t lifetime; - usec_t time_now; - int r; - -@@ -575,11 +575,11 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { - if (r < 0) - return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); - -- r = sd_ndisc_router_get_mtu(rt, &mtu); -- if (r == -ENODATA) -- mtu = 0; -- else if (r < 0) -- return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); -+ if (link->network->ipv6_accept_ra_use_mtu) { -+ r = sd_ndisc_router_get_mtu(rt, &mtu); -+ if (r < 0 && r != -ENODATA) -+ return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); -+ } - - table = link_get_ipv6_accept_ra_route_table(link); - -diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf -index aa4dc00e55bc..846e54aed759 100644 ---- a/src/network/networkd-network-gperf.gperf -+++ b/src/network/networkd-network-gperf.gperf -@@ -256,6 +256,7 @@ IPv6AcceptRA.UseAutonomousPrefix, config_parse_bool, - IPv6AcceptRA.UseOnLinkPrefix, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_onlink_prefix) - IPv6AcceptRA.UseDNS, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_dns) - IPv6AcceptRA.UseDomains, config_parse_ipv6_accept_ra_use_domains, 0, offsetof(Network, ipv6_accept_ra_use_domains) -+IPv6AcceptRA.UseMTU, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_mtu) - IPv6AcceptRA.DHCPv6Client, config_parse_ipv6_accept_ra_start_dhcp6_client, 0, offsetof(Network, ipv6_accept_ra_start_dhcp6_client) - IPv6AcceptRA.RouteTable, config_parse_section_route_table, 0, 0 - IPv6AcceptRA.RouteMetric, config_parse_dhcp_route_metric, 0, 0 -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index bb09ba9e8933..1928db537e0c 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -400,15 +400,16 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .ipv4_accept_local = -1, - .ipv4_route_localnet = -1, - .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, -- .ipv6_accept_ra = -1, - .ipv6_dad_transmits = -1, - .ipv6_hop_limit = -1, - .ipv6_proxy_ndp = -1, - .proxy_arp = -1, - -+ .ipv6_accept_ra = -1, - .ipv6_accept_ra_use_dns = true, - .ipv6_accept_ra_use_autonomous_prefix = true, - .ipv6_accept_ra_use_onlink_prefix = true, -+ .ipv6_accept_ra_use_mtu = true, - .ipv6_accept_ra_route_table = RT_TABLE_MAIN, - .ipv6_accept_ra_route_metric = DHCP_ROUTE_METRIC, - .ipv6_accept_ra_start_dhcp6_client = IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES, -diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h -index 815bcf5023fc..95c86e723040 100644 ---- a/src/network/networkd-network.h -+++ b/src/network/networkd-network.h -@@ -301,6 +301,7 @@ struct Network { - bool ipv6_accept_ra_use_dns; - bool ipv6_accept_ra_use_autonomous_prefix; - bool ipv6_accept_ra_use_onlink_prefix; -+ bool ipv6_accept_ra_use_mtu; - bool active_slave; - bool primary_slave; - DHCPUseDomains ipv6_accept_ra_use_domains; -diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network -index 8fe4ced35154..a3711cb77d9c 100644 ---- a/test/fuzz/fuzz-network-parser/directives.network -+++ b/test/fuzz/fuzz-network-parser/directives.network -@@ -342,6 +342,7 @@ Label= - Prefix= - [IPv6AcceptRA] - UseDomains= -+UseMTU= - RouteTable= - RouteMetric= - UseDNS= diff --git a/SOURCES/20541.patch b/SOURCES/20541.patch deleted file mode 100644 index e41e3b1..0000000 --- a/SOURCES/20541.patch +++ /dev/null @@ -1,306 +0,0 @@ -From 72328a5977d240d33b78b24e7a6b65b1074000b9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 26 Aug 2021 03:31:05 +0900 -Subject: [PATCH 1/2] ethtool: move function - -I'd like to locate all conf parsers at end of file. ---- - src/shared/ethtool-util.c | 250 +++++++++++++++++++------------------- - 1 file changed, 125 insertions(+), 125 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index c47d819f0596..af3b917c75cb 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -932,6 +932,131 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - return 0; - } - -+int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { -+ struct ethtool_coalesce ecmd = { -+ .cmd = ETHTOOL_GCOALESCE, -+ }; -+ struct ifreq ifr = { -+ .ifr_data = (void*) &ecmd, -+ }; -+ bool need_update = false; -+ int r; -+ -+ assert(ethtool_fd); -+ assert(ifname); -+ assert(coalesce); -+ -+ if (coalesce->use_adaptive_rx_coalesce < 0 && -+ coalesce->use_adaptive_tx_coalesce < 0 && -+ !coalesce->rx_coalesce_usecs.set && -+ !coalesce->rx_max_coalesced_frames.set && -+ !coalesce->rx_coalesce_usecs_irq.set && -+ !coalesce->rx_max_coalesced_frames_irq.set && -+ !coalesce->tx_coalesce_usecs.set && -+ !coalesce->tx_max_coalesced_frames.set && -+ !coalesce->tx_coalesce_usecs_irq.set && -+ !coalesce->tx_max_coalesced_frames_irq.set && -+ !coalesce->stats_block_coalesce_usecs.set && -+ !coalesce->pkt_rate_low.set && -+ !coalesce->rx_coalesce_usecs_low.set && -+ !coalesce->rx_max_coalesced_frames_low.set && -+ !coalesce->tx_coalesce_usecs_low.set && -+ !coalesce->tx_max_coalesced_frames_low.set && -+ !coalesce->pkt_rate_high.set && -+ !coalesce->rx_coalesce_usecs_high.set && -+ !coalesce->rx_max_coalesced_frames_high.set && -+ !coalesce->tx_coalesce_usecs_high.set && -+ !coalesce->tx_max_coalesced_frames_high.set && -+ !coalesce->rate_sample_interval.set) -+ return 0; -+ -+ r = ethtool_connect(ethtool_fd); -+ if (r < 0) -+ return r; -+ -+ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ if (coalesce->use_adaptive_rx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); -+ -+ if (coalesce->use_adaptive_tx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); -+ -+ if (coalesce->rx_coalesce_usecs.set) -+ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames.set) -+ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs.set) -+ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames.set) -+ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->stats_block_coalesce_usecs.set) -+ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); -+ -+ if (coalesce->pkt_rate_low.set) -+ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_low.set) -+ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_low.set) -+ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->pkt_rate_high.set) -+ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_high.set) -+ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_high.set) -+ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->rate_sample_interval.set) -+ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); -+ -+ if (!need_update) -+ return 0; -+ -+ ecmd.cmd = ETHTOOL_SCOALESCE; -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ return 0; -+} -+ - int config_parse_advertise( - const char *unit, - const char *filename, -@@ -1182,128 +1307,3 @@ int config_parse_coalesce_sec( - - return 0; - } -- --int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { -- struct ethtool_coalesce ecmd = { -- .cmd = ETHTOOL_GCOALESCE, -- }; -- struct ifreq ifr = { -- .ifr_data = (void*) &ecmd, -- }; -- bool need_update = false; -- int r; -- -- assert(ethtool_fd); -- assert(ifname); -- assert(coalesce); -- -- if (coalesce->use_adaptive_rx_coalesce < 0 && -- coalesce->use_adaptive_tx_coalesce < 0 && -- !coalesce->rx_coalesce_usecs.set && -- !coalesce->rx_max_coalesced_frames.set && -- !coalesce->rx_coalesce_usecs_irq.set && -- !coalesce->rx_max_coalesced_frames_irq.set && -- !coalesce->tx_coalesce_usecs.set && -- !coalesce->tx_max_coalesced_frames.set && -- !coalesce->tx_coalesce_usecs_irq.set && -- !coalesce->tx_max_coalesced_frames_irq.set && -- !coalesce->stats_block_coalesce_usecs.set && -- !coalesce->pkt_rate_low.set && -- !coalesce->rx_coalesce_usecs_low.set && -- !coalesce->rx_max_coalesced_frames_low.set && -- !coalesce->tx_coalesce_usecs_low.set && -- !coalesce->tx_max_coalesced_frames_low.set && -- !coalesce->pkt_rate_high.set && -- !coalesce->rx_coalesce_usecs_high.set && -- !coalesce->rx_max_coalesced_frames_high.set && -- !coalesce->tx_coalesce_usecs_high.set && -- !coalesce->tx_max_coalesced_frames_high.set && -- !coalesce->rate_sample_interval.set) -- return 0; -- -- r = ethtool_connect(ethtool_fd); -- if (r < 0) -- return r; -- -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -- -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -- return -errno; -- -- if (coalesce->use_adaptive_rx_coalesce >= 0) -- UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); -- -- if (coalesce->use_adaptive_tx_coalesce >= 0) -- UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); -- -- if (coalesce->rx_coalesce_usecs.set) -- UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames.set) -- UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); -- -- if (coalesce->rx_coalesce_usecs_irq.set) -- UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames_irq.set) -- UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); -- -- if (coalesce->tx_coalesce_usecs.set) -- UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames.set) -- UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); -- -- if (coalesce->tx_coalesce_usecs_irq.set) -- UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames_irq.set) -- UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); -- -- if (coalesce->stats_block_coalesce_usecs.set) -- UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); -- -- if (coalesce->pkt_rate_low.set) -- UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); -- -- if (coalesce->rx_coalesce_usecs_low.set) -- UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames_low.set) -- UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); -- -- if (coalesce->tx_coalesce_usecs_low.set) -- UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames_low.set) -- UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); -- -- if (coalesce->pkt_rate_high.set) -- UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); -- -- if (coalesce->rx_coalesce_usecs_high.set) -- UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames_high.set) -- UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); -- -- if (coalesce->tx_coalesce_usecs_high.set) -- UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames_high.set) -- UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); -- -- if (coalesce->rate_sample_interval.set) -- UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); -- -- if (!need_update) -- return 0; -- -- ecmd.cmd = ETHTOOL_SCOALESCE; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -- return -errno; -- -- return 0; --} - -From ee7512404b5de7c5ac36e09436379fada2ed84e7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 26 Aug 2021 03:34:23 +0900 -Subject: [PATCH 2/2] udev/net: initialize coalesce tristate variables - -Otherwise, 99-default.link may introduce something like the -following warnings: ----- -Aug 26 03:23:59 systemd-udevd[519]: wlan0: Could not set coalesce settings, ignoring: Operation not supported -Aug 26 03:24:00 systemd-udevd[547]: wlp59s0: Could not set coalesce settings, ignoring: Operation not supported ----- - -Follow-up for 6c35ea5ef0231d519ff24d43a57a72cebab6a121. ---- - src/udev/net/link-config.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c -index 69f651435034..4963ba2fae81 100644 ---- a/src/udev/net/link-config.c -+++ b/src/udev/net/link-config.c -@@ -142,6 +142,8 @@ int link_load_one(LinkConfigContext *ctx, const char *filename) { - .tx_flow_control = -1, - .autoneg_flow_control = -1, - .txqueuelen = UINT32_MAX, -+ .coalesce.use_adaptive_rx_coalesce = -1, -+ .coalesce.use_adaptive_tx_coalesce = -1, - }; - - for (i = 0; i < ELEMENTSOF(link->features); i++) diff --git a/SOURCES/20676_cherrypicked.patch b/SOURCES/20676_cherrypicked.patch deleted file mode 100644 index e97a589..0000000 --- a/SOURCES/20676_cherrypicked.patch +++ /dev/null @@ -1,336 +0,0 @@ -From 0b9f08931944c2e33c6ed012919157e429eb7be2 Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 12:47:49 +0900 -Subject: [PATCH 1/4] fileio: introduce read_virtual_file_fd() - ---- - src/basic/fileio.c | 24 ++++++++++++++++-------- - src/basic/fileio.h | 1 + - 2 files changed, 17 insertions(+), 8 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 466c6321c7..4a0d060105 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -373,9 +373,8 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { - return 1; - } - --int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { -+int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size) { - _cleanup_free_ char *buf = NULL; -- _cleanup_close_ int fd = -1; - size_t n, size; - int n_retries; - bool truncated = false; -@@ -393,10 +392,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on - * partial success, 1 if untruncated contents were read. */ - -- fd = open(filename, O_RDONLY|O_CLOEXEC); -- if (fd < 0) -- return -errno; -- -+ assert(fd >= 0); - assert(max_size <= READ_VIRTUAL_BYTES_MAX || max_size == SIZE_MAX); - - /* Limit the number of attempts to read the number of bytes returned by fstat(). */ -@@ -432,8 +428,8 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - - n_retries--; - } else if (n_retries > 1) { -- /* Files in /proc are generally smaller than the page size so let's start with a page size -- * buffer from malloc and only use the max buffer on the final try. */ -+ /* Files in /proc are generally smaller than the page size so let's start with -+ * a page size buffer from malloc and only use the max buffer on the final try. */ - size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); - n_retries = 1; - } else { -@@ -517,6 +513,18 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - return !truncated; - } - -+int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { -+ _cleanup_close_ int fd = -1; -+ -+ assert(filename); -+ -+ fd = open(filename, O_RDONLY | O_NOCTTY | O_CLOEXEC); -+ if (fd < 0) -+ return -errno; -+ -+ return read_virtual_file_fd(fd, max_size, ret_contents, ret_size); -+} -+ - int read_full_stream_full( - FILE *f, - const char *filename, -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 9bd2037f5b..82330840bf 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -66,6 +66,7 @@ static inline int read_full_file(const char *filename, char **ret_contents, size - return read_full_file_full(AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, 0, NULL, ret_contents, ret_size); - } - -+int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size); - int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size); - static inline int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { - return read_virtual_file(filename, SIZE_MAX, ret_contents, ret_size); --- -2.31.1 - - -From bede594fa1ea4c32a886191b774134effcf71bef Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 12:57:30 +0900 -Subject: [PATCH 2/4] string-util: introduce streq_skip_trailing_chars() - ---- - src/basic/string-util.c | 16 ++++++++++++++++ - src/basic/string-util.h | 2 ++ - src/test/test-string-util.c | 28 ++++++++++++++++++++++++++++ - 3 files changed, 46 insertions(+) - -diff --git a/src/basic/string-util.c b/src/basic/string-util.c -index a645958d38..6ceaeaf9df 100644 ---- a/src/basic/string-util.c -+++ b/src/basic/string-util.c -@@ -1146,3 +1146,19 @@ int string_contains_word_strv(const char *string, const char *separators, char * - *ret_word = found; - return !!found; - } -+ -+bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { -+ if (!s1 && !s2) -+ return true; -+ if (!s1 || !s2) -+ return false; -+ -+ if (!ok) -+ ok = WHITESPACE; -+ -+ for (; *s1 && *s2; s1++, s2++) -+ if (*s1 != *s2) -+ break; -+ -+ return in_charset(s1, ok) && in_charset(s2, ok); -+} -diff --git a/src/basic/string-util.h b/src/basic/string-util.h -index 9155e50ba8..0bf215827e 100644 ---- a/src/basic/string-util.h -+++ b/src/basic/string-util.h -@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * - static inline int string_contains_word(const char *string, const char *separators, const char *word) { - return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); - } -+ -+bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); -diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c -index 4d9d0260c9..9a9c974332 100644 ---- a/src/test/test-string-util.c -+++ b/src/test/test-string-util.c -@@ -1000,6 +1000,33 @@ static void test_strextendf(void) { - assert_se(streq(p, "<77>,<99>,< 88>,<00001234>")); - } - -+static void test_streq_skip_trailing_chars(void) { -+ log_info("/* %s */", __func__); -+ -+ /* NULL is WHITESPACE by default*/ -+ assert_se(streq_skip_trailing_chars("foo bar", "foo bar", NULL)); -+ assert_se(streq_skip_trailing_chars("foo", "foo", NULL)); -+ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", NULL)); -+ assert_se(streq_skip_trailing_chars("foo bar", "foo bar\t\t", NULL)); -+ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar\t\t", NULL)); -+ assert_se(streq_skip_trailing_chars("foo\nbar", "foo\nbar", NULL)); -+ assert_se(streq_skip_trailing_chars("\t\tfoo bar", "\t\tfoo bar", NULL)); -+ assert_se(streq_skip_trailing_chars(" foo bar\t", " foo bar\n", NULL)); -+ -+ assert_se(!streq_skip_trailing_chars("foobar", "foo bar", NULL)); -+ assert_se(!streq_skip_trailing_chars("foo\nbar", "foo\tbar", NULL)); -+ assert_se(!streq_skip_trailing_chars("\t\nfoo bar", "\t foo bar", NULL)); -+ -+ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", WHITESPACE)); -+ assert_se(!streq_skip_trailing_chars("foo bar ", "foo bar", NEWLINE)); -+ -+ assert_se(streq_skip_trailing_chars(NULL, NULL, NULL)); -+ assert_se(streq_skip_trailing_chars("", "", NULL)); -+ assert_se(!streq_skip_trailing_chars(NULL, "foo bar", NULL)); -+ assert_se(!streq_skip_trailing_chars("foo", NULL, NULL)); -+ assert_se(!streq_skip_trailing_chars("", "f", NULL)); -+} -+ - int main(int argc, char *argv[]) { - test_setup_logging(LOG_DEBUG); - -@@ -1039,6 +1066,7 @@ int main(int argc, char *argv[]) { - test_string_contains_word(); - test_strverscmp_improved(); - test_strextendf(); -+ test_streq_skip_trailing_chars(); - - return 0; - } --- -2.31.1 - - -From a2552e17829d0090db3ff5f2e6f2d772d0fca3e9 Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 13:06:25 +0900 -Subject: [PATCH 3/4] fileio: introduce new mode to suppress writing the same - value - ---- - src/basic/fileio.c | 29 +++++++++++++++++++++++++++-- - src/basic/fileio.h | 23 ++++++++++++----------- - 2 files changed, 39 insertions(+), 13 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 4a0d060105..729789ce47 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -146,6 +146,30 @@ int write_string_stream_ts( - return -EBADF; - } - -+ if (flags & WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) { -+ _cleanup_free_ char *t = NULL; -+ -+ /* If value to be written is same as that of the existing value, then suppress the write. */ -+ -+ if (fd < 0) { -+ fd = fileno(f); -+ if (fd < 0) -+ return -EBADF; -+ } -+ -+ /* Read an additional byte to detect cases where the prefix matches but the rest -+ * doesn't. Also, 0 returned by read_virtual_file_fd() means the read was truncated and -+ * it won't be equal to the new value. */ -+ if (read_virtual_file_fd(fd, strlen(line)+1, &t, NULL) > 0 && -+ streq_skip_trailing_chars(line, t, NEWLINE)) { -+ log_debug("No change in value '%s', supressing write", line); -+ return 0; -+ } -+ -+ if (lseek(fd, 0, SEEK_SET) < 0) -+ return -errno; -+ } -+ - needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); - - if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { -@@ -261,10 +285,11 @@ int write_string_file_ts( - assert(!ts); - - /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ -- fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | -+ fd = open(fn, O_CLOEXEC|O_NOCTTY | - (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | - (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | -- (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), -+ (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0) | -+ (FLAGS_SET(flags, WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) ? O_RDWR : O_WRONLY), - (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); - if (fd < 0) { - r = -errno; -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 82330840bf..a72b2f3881 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -15,17 +15,18 @@ - #define LONG_LINE_MAX (1U*1024U*1024U) - - typedef enum { -- WRITE_STRING_FILE_CREATE = 1 << 0, -- WRITE_STRING_FILE_TRUNCATE = 1 << 1, -- WRITE_STRING_FILE_ATOMIC = 1 << 2, -- WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, -- WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, -- WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, -- WRITE_STRING_FILE_SYNC = 1 << 6, -- WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, -- WRITE_STRING_FILE_NOFOLLOW = 1 << 8, -- WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, -- WRITE_STRING_FILE_MODE_0600 = 1 << 10, -+ WRITE_STRING_FILE_CREATE = 1 << 0, -+ WRITE_STRING_FILE_TRUNCATE = 1 << 1, -+ WRITE_STRING_FILE_ATOMIC = 1 << 2, -+ WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, -+ WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, -+ WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, -+ WRITE_STRING_FILE_SYNC = 1 << 6, -+ WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, -+ WRITE_STRING_FILE_NOFOLLOW = 1 << 8, -+ WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, -+ WRITE_STRING_FILE_MODE_0600 = 1 << 10, -+ WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL = 1 << 11, - - /* And before you wonder, why write_string_file_atomic_label_ts() is a separate function instead of just one - more flag here: it's about linking: we don't want to pull -lselinux into all users of write_string_file() --- -2.31.1 - - -From 41d86b627331f432454280714dd5b17d255367ba Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 13:07:42 +0900 -Subject: [PATCH 4/4] sysctl-util: minimize side-effects when running - `systemd-sysctl` - -Currently `systemd-sysctl` binary is used in `systemd-sysctl.service` -which is mostly configured as `oneshot`. There are situations where one -would like to use systemd to maintain Sysctl configurations on a host, -using a configuration managers such as Chef or Puppet, by apply -configurations every X duration. -The problem with using `systemd-sysctl` is that it writes all the Sysctl -settings, even if the values for those settings have not changed. From -experience, we have observed that some Sysctl settings cause actions in -the kernel upon writing(like dropping caches) which in turn cause -undesired side effects. -This patch tries to minimize such side effects by comparing values -before writing. ---- - src/basic/sysctl-util.c | 19 +++++-------------- - 1 file changed, 5 insertions(+), 14 deletions(-) - -diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c -index 8913e6ff85..4da3eaf5f7 100644 ---- a/src/basic/sysctl-util.c -+++ b/src/basic/sysctl-util.c -@@ -44,25 +44,16 @@ char *sysctl_normalize(char *s) { - - int sysctl_write(const char *property, const char *value) { - char *p; -- _cleanup_close_ int fd = -1; -- - assert(property); - assert(value); -- -- log_debug("Setting '%s' to '%.*s'.", property, (int) strcspn(value, NEWLINE), value); -- - p = strjoina("/proc/sys/", property); -- fd = open(p, O_WRONLY|O_CLOEXEC); -- if (fd < 0) -- return -errno; -+ path_simplify(p); -+ if (!path_is_normalized(p)) -+ return -EINVAL; - -- if (!endswith(value, "\n")) -- value = strjoina(value, "\n"); -- -- if (write(fd, value, strlen(value)) < 0) -- return -errno; -+ log_debug("Setting '%s' to '%s'", p, value); - -- return 0; -+ return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); - } - - int sysctl_writef(const char *property, const char *format, ...) { --- -2.31.1 - diff --git a/SOURCES/20695.patch b/SOURCES/20695.patch deleted file mode 100644 index f7ac0bd..0000000 --- a/SOURCES/20695.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 -From: Chris Packham -Date: Fri, 10 Sep 2021 09:51:36 +1200 -Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 - -ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition - -Fixes #20694 ---- - src/basic/linux/if_arp.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -index c3cc5a9e5eaf..4783af9fe520 100644 ---- a/src/basic/linux/if_arp.h -+++ b/src/basic/linux/if_arp.h -@@ -54,6 +54,7 @@ - #define ARPHRD_X25 271 /* CCITT X.25 */ - #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ - #define ARPHRD_CAN 280 /* Controller Area Network */ -+#define ARPHRD_MCTP 290 - #define ARPHRD_PPP 512 - #define ARPHRD_CISCO 513 /* Cisco HDLC */ - #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/SOURCES/20729.patch b/SOURCES/20729.patch deleted file mode 100644 index 82904e5..0000000 --- a/SOURCES/20729.patch +++ /dev/null @@ -1,927 +0,0 @@ -From 6d9a72f3b9b4d00ec80051503e5e3d4d7cd46c05 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 01:28:29 +0900 -Subject: [PATCH 1/5] ethtool-util: use sizeof() - ---- - src/shared/ethtool-util.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index af3b917c75cb..d1f5eac63334 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -214,7 +214,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -254,7 +254,7 @@ int ethtool_get_link_info( - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -303,7 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -362,7 +362,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -405,7 +405,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -538,7 +538,7 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); - if (r < 0) -@@ -787,7 +787,7 @@ int ethtool_set_glinksettings( - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = get_glinksettings(*fd, &ifr, &u); - if (r < 0) { -@@ -857,7 +857,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -906,7 +906,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -974,7 +974,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) - -From 4253dab576b3ff17887c3e0d97380aab2aa29d82 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 01:41:15 +0900 -Subject: [PATCH 2/5] ethtool-util: shorten code a bit - -Also fixes a error code in debugging log. ---- - src/shared/ethtool-util.c | 70 ++++++++++++--------------------------- - 1 file changed, 22 insertions(+), 48 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index d1f5eac63334..ac21ef0f61a8 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -216,8 +216,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (isempty(ecmd.driver)) -@@ -256,8 +255,7 @@ int ethtool_get_link_info( - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (ret_autonegotiation) -@@ -305,8 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (epaddr.addr.size != 6) -@@ -364,8 +361,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - UPDATE(ecmd.wolopts, wolopts, need_update); -@@ -374,8 +370,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - return 0; - - ecmd.cmd = ETHTOOL_SWOL; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -407,8 +402,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (ring->rx.set) -@@ -427,8 +421,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - return 0; - - ecmd.cmd = ETHTOOL_SRINGPARAM; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -446,7 +439,6 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - }, - }; - unsigned len; -- int r; - - assert(ethtool_fd >= 0); - assert(ifr); -@@ -454,8 +446,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - - ifr->ifr_data = (void *) &buffer.info; - -- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - if (!buffer.info.sset_mask) -@@ -478,8 +469,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - - ifr->ifr_data = (void *) strings; - -- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - *ret = TAKE_PTR(strings); -@@ -559,9 +549,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - - ifr.ifr_data = (void *) sfeatures; - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -- return log_debug_errno(r, "ethtool: could not set ethtool features for %s", ifname); -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) -+ return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); - - return 0; - } -@@ -575,7 +564,6 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset - }; - struct ethtool_link_usettings *u; - unsigned offset; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -591,8 +579,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - if (ecmd.req.link_mode_masks_nwords >= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) -@@ -602,8 +589,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - if (ecmd.req.link_mode_masks_nwords <= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) -@@ -636,7 +622,6 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r - struct ethtool_cmd ecmd = { - .cmd = ETHTOOL_GSET, - }; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -644,8 +629,7 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - e = new(struct ethtool_link_usettings, 1); -@@ -678,7 +662,6 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin - __u32 link_mode_data[3 * ETHTOOL_LINK_MODE_MASK_MAX_KERNEL_NU32]; - } ecmd = {}; - unsigned offset; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -700,8 +683,7 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - return 0; -@@ -711,7 +693,6 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin - struct ethtool_cmd ecmd = { - .cmd = ETHTOOL_SSET, - }; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -736,8 +717,7 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - return 0; -@@ -859,8 +839,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (channels->rx.set) -@@ -879,8 +858,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - return 0; - - ecmd.cmd = ETHTOOL_SCHANNELS; -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -908,8 +886,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (rx >= 0) -@@ -925,8 +902,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - return 0; - - ecmd.cmd = ETHTOOL_SPAUSEPARAM; -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -976,8 +952,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (coalesce->use_adaptive_rx_coalesce >= 0) -@@ -1050,8 +1025,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const - return 0; - - ecmd.cmd = ETHTOOL_SCOALESCE; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; - -From 008d3a370ccdea13290ab9277b32cc582b886b17 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 14 Sep 2021 17:42:52 +0900 -Subject: [PATCH 3/5] ethtool: do not set unavailable or never_changed bits - ---- - src/shared/ethtool-util.c | 138 ++++++++++++++++++++++++++------------ - 1 file changed, 96 insertions(+), 42 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index ac21ef0f61a8..59b1bd86f085 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -427,30 +427,31 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - return 0; - } - --static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, struct ethtool_gstrings **ret) { -+static int get_stringset(int ethtool_fd, const char *ifname, enum ethtool_stringset stringset_id, struct ethtool_gstrings **ret) { - _cleanup_free_ struct ethtool_gstrings *strings = NULL; - struct { - struct ethtool_sset_info info; - uint32_t space; - } buffer = { -- .info = { -- .cmd = ETHTOOL_GSSET_INFO, -- .sset_mask = UINT64_C(1) << stringset_id, -- }, -+ .info.cmd = ETHTOOL_GSSET_INFO, -+ .info.sset_mask = UINT64_C(1) << stringset_id, - }; -- unsigned len; -+ struct ifreq ifr = { -+ .ifr_data = (void*) &buffer, -+ }; -+ uint32_t len; - - assert(ethtool_fd >= 0); -- assert(ifr); -+ assert(ifname); - assert(ret); - -- ifr->ifr_data = (void *) &buffer.info; -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - -- if (!buffer.info.sset_mask) -- return -EINVAL; -+ if (buffer.info.sset_mask == 0) -+ return -EOPNOTSUPP; - - #pragma GCC diagnostic push - #if HAVE_ZERO_LENGTH_BOUNDS -@@ -458,8 +459,10 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - #endif - len = buffer.info.data[0]; - #pragma GCC diagnostic pop -+ if (len == 0) -+ return -EOPNOTSUPP; - -- strings = malloc0(sizeof(struct ethtool_gstrings) + len * ETH_GSTRING_LEN); -+ strings = malloc0(offsetof(struct ethtool_gstrings, data) + len * ETH_GSTRING_LEN); - if (!strings) - return -ENOMEM; - -@@ -467,47 +470,92 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - strings->string_set = stringset_id; - strings->len = len; - -- ifr->ifr_data = (void *) strings; -+ ifr.ifr_data = (void*) strings; - -- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - *ret = TAKE_PTR(strings); -+ return 0; -+} -+ -+static int get_features(int ethtool_fd, const char *ifname, uint32_t n_features, struct ethtool_gfeatures **ret) { -+ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; -+ struct ifreq ifr; -+ -+ assert(ethtool_fd >= 0); -+ assert(ifname); -+ assert(ret); -+ assert(n_features > 0); -+ -+ gfeatures = malloc0(offsetof(struct ethtool_gfeatures, features) + -+ DIV_ROUND_UP(n_features, 32U) * sizeof(gfeatures->features[0])); -+ if (!gfeatures) -+ return -ENOMEM; -+ -+ gfeatures->cmd = ETHTOOL_GFEATURES; -+ gfeatures->size = DIV_ROUND_UP(n_features, 32U); -+ -+ ifr = (struct ifreq) { -+ .ifr_data = (void*) gfeatures, -+ }; -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); -+ -+ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) -+ return -errno; - -+ *ret = TAKE_PTR(gfeatures); - return 0; - } - - static int set_features_bit( - const struct ethtool_gstrings *strings, -+ const struct ethtool_gfeatures *gfeatures, -+ struct ethtool_sfeatures *sfeatures, - const char *feature, -- bool flag, -- struct ethtool_sfeatures *sfeatures) { -+ int flag) { -+ - bool found = false; -+ int r = -ENODATA; - - assert(strings); -- assert(feature); -+ assert(gfeatures); - assert(sfeatures); -+ assert(feature); -+ -+ if (flag < 0) -+ return 0; -+ -+ for (uint32_t i = 0; i < strings->len; i++) { -+ uint32_t block, mask; - -- for (size_t i = 0; i < strings->len; i++) -- if (streq((char *) &strings->data[i * ETH_GSTRING_LEN], feature) || -- (endswith(feature, "-") && startswith((char *) &strings->data[i * ETH_GSTRING_LEN], feature))) { -- size_t block, bit; -+ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && -+ !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) -+ continue; - -- block = i / 32; -- bit = i % 32; -+ block = i / 32; -+ mask = UINT32_C(1) << (i % 32); - -- sfeatures->features[block].valid |= 1 << bit; -- SET_FLAG(sfeatures->features[block].requested, 1 << bit, flag); -- found = true; -+ if (!FLAGS_SET(gfeatures->features[block].available, mask) || -+ FLAGS_SET(gfeatures->features[block].never_changed, mask)) { -+ r = -EOPNOTSUPP; -+ continue; - } - -- return found ? 0 : -ENODATA; -+ sfeatures->features[block].valid |= mask; -+ SET_FLAG(sfeatures->features[block].requested, mask, flag); -+ -+ found = true; -+ } -+ -+ return found ? 0 : r; - } - - int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { - _cleanup_free_ struct ethtool_gstrings *strings = NULL; -- struct ethtool_sfeatures *sfeatures; -- struct ifreq ifr = {}; -+ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; -+ _cleanup_free_ struct ethtool_sfeatures *sfeatures = NULL; -+ struct ifreq ifr; - bool have = false; - int r; - -@@ -528,26 +576,32 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); -+ r = get_stringset(*ethtool_fd, ifname, ETH_SS_FEATURES, &strings); -+ if (r < 0) -+ return log_debug_errno(r, "ethtool: could not get ethtool feature strings: %m"); - -- r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); -+ r = get_features(*ethtool_fd, ifname, strings->len, &gfeatures); - if (r < 0) -- return log_debug_errno(r, "ethtool: could not get ethtool features for %s", ifname); -+ return log_debug_errno(r, "ethtool: could not get ethtool features for %s: %m", ifname); -+ -+ sfeatures = malloc0(offsetof(struct ethtool_sfeatures, features) + -+ DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); -+ if (!sfeatures) -+ return log_oom_debug(); - -- sfeatures = alloca0(sizeof(struct ethtool_sfeatures) + DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); - sfeatures->cmd = ETHTOOL_SFEATURES; - sfeatures->size = DIV_ROUND_UP(strings->len, 32U); - -- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) -- if (features[i] >= 0) { -- r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); -- if (r < 0) { -- log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); -- continue; -- } -- } -+ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { -+ r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); -+ if (r < 0) -+ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); -+ } - -- ifr.ifr_data = (void *) sfeatures; -+ ifr = (struct ifreq) { -+ .ifr_data = (void*) sfeatures, -+ }; -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); - -From 7a4f203547c62cdc7611f38d97058b530570048f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 01:48:59 +0900 -Subject: [PATCH 4/5] ethtool-util: apply tx-checksum-* features at last - -NET_DEV_FEAT_TX matches multiple features. In the next commit, all -features whose strings start with "tx-checksum-" will be added. -To make them take precedence over NET_DEV_FEAT_TX, it will be applied -only when each explicit feature is not applied. ---- - src/shared/ethtool-util.c | 55 ++++++++++++++++++++++++++++++++++++--- - src/shared/ethtool-util.h | 4 ++- - 2 files changed, 54 insertions(+), 5 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index 59b1bd86f085..e95ce1a20917 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -71,13 +71,14 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse P - - static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { - [NET_DEV_FEAT_RX] = "rx-checksum", -- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ - [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", - [NET_DEV_FEAT_GRO] = "rx-gro", - [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", - [NET_DEV_FEAT_LRO] = "rx-lro", - [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", - [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -+ -+ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ - }; - - static const char* const ethtool_link_mode_bit_table[] = { -@@ -515,6 +516,43 @@ static int set_features_bit( - const char *feature, - int flag) { - -+ assert(strings); -+ assert(gfeatures); -+ assert(sfeatures); -+ assert(feature); -+ -+ if (flag < 0) -+ return 0; -+ -+ for (uint32_t i = 0; i < strings->len; i++) { -+ uint32_t block, mask; -+ -+ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN)) -+ continue; -+ -+ block = i / 32; -+ mask = UINT32_C(1) << (i % 32); -+ -+ if (!FLAGS_SET(gfeatures->features[block].available, mask) || -+ FLAGS_SET(gfeatures->features[block].never_changed, mask)) -+ return -EOPNOTSUPP; -+ -+ sfeatures->features[block].valid |= mask; -+ SET_FLAG(sfeatures->features[block].requested, mask, flag); -+ -+ return 0; -+ } -+ -+ return -ENODATA; -+} -+ -+static int set_features_multiple_bit( -+ const struct ethtool_gstrings *strings, -+ const struct ethtool_gfeatures *gfeatures, -+ struct ethtool_sfeatures *sfeatures, -+ const char *feature, -+ int flag) { -+ - bool found = false; - int r = -ENODATA; - -@@ -529,8 +567,7 @@ static int set_features_bit( - for (uint32_t i = 0; i < strings->len; i++) { - uint32_t block, mask; - -- if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && -- !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) -+ if (!startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature)) - continue; - - block = i / 32; -@@ -542,6 +579,10 @@ static int set_features_bit( - continue; - } - -+ /* The flags is explicitly set by set_features_bit() */ -+ if (FLAGS_SET(sfeatures->features[block].valid, mask)) -+ continue; -+ - sfeatures->features[block].valid |= mask; - SET_FLAG(sfeatures->features[block].requested, mask, flag); - -@@ -592,12 +633,18 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - sfeatures->cmd = ETHTOOL_SFEATURES; - sfeatures->size = DIV_ROUND_UP(strings->len, 32U); - -- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { -+ for (size_t i = 0; i < _NET_DEV_FEAT_SIMPLE_MAX; i++) { - r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); - if (r < 0) - log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); - } - -+ for (size_t i = _NET_DEV_FEAT_SIMPLE_MAX; i < _NET_DEV_FEAT_MAX; i++) { -+ r = set_features_multiple_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); -+ if (r < 0) -+ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); -+ } -+ - ifr = (struct ifreq) { - .ifr_data = (void*) sfeatures, - }; -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 6e180995055b..3f2252563304 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -20,13 +20,15 @@ typedef enum Duplex { - - typedef enum NetDevFeature { - NET_DEV_FEAT_RX, -- NET_DEV_FEAT_TX, - NET_DEV_FEAT_GSO, - NET_DEV_FEAT_GRO, - NET_DEV_FEAT_GRO_HW, - NET_DEV_FEAT_LRO, - NET_DEV_FEAT_TSO, - NET_DEV_FEAT_TSO6, -+ _NET_DEV_FEAT_SIMPLE_MAX, -+ -+ NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, - _NET_DEV_FEAT_MAX, - _NET_DEV_FEAT_INVALID = -EINVAL, - } NetDevFeature; - -From 77bf5c31de1d01edd49ac6aa25cdbe7734a11a25 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 14 Sep 2021 22:12:42 +0900 -Subject: [PATCH 5/5] ethtool-util: add more network device features - -Then, we can easily add new settings to configure features in .link -file. ---- - src/shared/ethtool-util.c | 73 ++++++++++++++++++++++++---- - src/shared/ethtool-util.h | 59 +++++++++++++++++++++- - src/udev/net/link-config-gperf.gperf | 4 +- - 3 files changed, 123 insertions(+), 13 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index e95ce1a20917..00060abff40f 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -70,15 +70,70 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); - DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); - - static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { -- [NET_DEV_FEAT_RX] = "rx-checksum", -- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -- [NET_DEV_FEAT_GRO] = "rx-gro", -- [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", -- [NET_DEV_FEAT_LRO] = "rx-lro", -- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -- -- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ -+ [NET_DEV_FEAT_SG] = "tx-scatter-gather", -+ [NET_DEV_FEAT_IP_CSUM] = "tx-checksum-ipv4", -+ [NET_DEV_FEAT_HW_CSUM] = "tx-checksum-ip-generic", -+ [NET_DEV_FEAT_IPV6_CSUM] = "tx-checksum-ipv6", -+ [NET_DEV_FEAT_HIGHDMA] = "highdma", -+ [NET_DEV_FEAT_FRAGLIST] = "tx-scatter-gather-fraglist", -+ [NET_DEV_FEAT_HW_VLAN_CTAG_TX] = "tx-vlan-hw-insert", -+ [NET_DEV_FEAT_HW_VLAN_CTAG_RX] = "rx-vlan-hw-parse", -+ [NET_DEV_FEAT_HW_VLAN_CTAG_FILTER] = "rx-vlan-filter", -+ [NET_DEV_FEAT_HW_VLAN_STAG_TX] = "tx-vlan-stag-hw-insert", -+ [NET_DEV_FEAT_HW_VLAN_STAG_RX] = "rx-vlan-stag-hw-parse", -+ [NET_DEV_FEAT_HW_VLAN_STAG_FILTER] = "rx-vlan-stag-filter", -+ [NET_DEV_FEAT_VLAN_CHALLENGED] = "vlan-challenged", -+ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -+ [NET_DEV_FEAT_LLTX] = "tx-lockless", -+ [NET_DEV_FEAT_NETNS_LOCAL] = "netns-local", -+ [NET_DEV_FEAT_GRO] = "rx-gro", -+ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", -+ [NET_DEV_FEAT_LRO] = "rx-lro", -+ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -+ [NET_DEV_FEAT_GSO_ROBUST] = "tx-gso-robust", -+ [NET_DEV_FEAT_TSO_ECN] = "tx-tcp-ecn-segmentation", -+ [NET_DEV_FEAT_TSO_MANGLEID] = "tx-tcp-mangleid-segmentation", -+ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -+ [NET_DEV_FEAT_FSO] = "tx-fcoe-segmentation", -+ [NET_DEV_FEAT_GSO_GRE] = "tx-gre-segmentation", -+ [NET_DEV_FEAT_GSO_GRE_CSUM] = "tx-gre-csum-segmentation", -+ [NET_DEV_FEAT_GSO_IPXIP4] = "tx-ipxip4-segmentation", -+ [NET_DEV_FEAT_GSO_IPXIP6] = "tx-ipxip6-segmentation", -+ [NET_DEV_FEAT_GSO_UDP_TUNNEL] = "tx-udp_tnl-segmentation", -+ [NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM] = "tx-udp_tnl-csum-segmentation", -+ [NET_DEV_FEAT_GSO_PARTIAL] = "tx-gso-partial", -+ [NET_DEV_FEAT_GSO_TUNNEL_REMCSUM] = "tx-tunnel-remcsum-segmentation", -+ [NET_DEV_FEAT_GSO_SCTP] = "tx-sctp-segmentation", -+ [NET_DEV_FEAT_GSO_ESP] = "tx-esp-segmentation", -+ [NET_DEV_FEAT_GSO_UDP_L4] = "tx-udp-segmentation", -+ [NET_DEV_FEAT_GSO_FRAGLIST] = "tx-gso-list", -+ [NET_DEV_FEAT_FCOE_CRC] = "tx-checksum-fcoe-crc", -+ [NET_DEV_FEAT_SCTP_CRC] = "tx-checksum-sctp", -+ [NET_DEV_FEAT_FCOE_MTU] = "fcoe-mtu", -+ [NET_DEV_FEAT_NTUPLE] = "rx-ntuple-filter", -+ [NET_DEV_FEAT_RXHASH] = "rx-hashing", -+ [NET_DEV_FEAT_RXCSUM] = "rx-checksum", -+ [NET_DEV_FEAT_NOCACHE_COPY] = "tx-nocache-copy", -+ [NET_DEV_FEAT_LOOPBACK] = "loopback", -+ [NET_DEV_FEAT_RXFCS] = "rx-fcs", -+ [NET_DEV_FEAT_RXALL] = "rx-all", -+ [NET_DEV_FEAT_HW_L2FW_DOFFLOAD] = "l2-fwd-offload", -+ [NET_DEV_FEAT_HW_TC] = "hw-tc-offload", -+ [NET_DEV_FEAT_HW_ESP] = "esp-hw-offload", -+ [NET_DEV_FEAT_HW_ESP_TX_CSUM] = "esp-tx-csum-hw-offload", -+ [NET_DEV_FEAT_RX_UDP_TUNNEL_PORT] = "rx-udp_tunnel-port-offload", -+ [NET_DEV_FEAT_HW_TLS_RECORD] = "tls-hw-record", -+ [NET_DEV_FEAT_HW_TLS_TX] = "tls-hw-tx-offload", -+ [NET_DEV_FEAT_HW_TLS_RX] = "tls-hw-rx-offload", -+ [NET_DEV_FEAT_GRO_FRAGLIST] = "rx-gro-list", -+ [NET_DEV_FEAT_HW_MACSEC] = "macsec-hw-offload", -+ [NET_DEV_FEAT_GRO_UDP_FWD] = "rx-udp-gro-forwarding", -+ [NET_DEV_FEAT_HW_HSR_TAG_INS] = "hsr-tag-ins-offload", -+ [NET_DEV_FEAT_HW_HSR_TAG_RM] = "hsr-tag-rm-offload", -+ [NET_DEV_FEAT_HW_HSR_FWD] = "hsr-fwd-offload", -+ [NET_DEV_FEAT_HW_HSR_DUP] = "hsr-dup-offload", -+ -+ [NET_DEV_FEAT_TXCSUM] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ - }; - - static const char* const ethtool_link_mode_bit_table[] = { -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 3f2252563304..cc0655893175 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -19,16 +19,71 @@ typedef enum Duplex { - } Duplex; - - typedef enum NetDevFeature { -- NET_DEV_FEAT_RX, -+ NET_DEV_FEAT_SG, -+ NET_DEV_FEAT_IP_CSUM, -+ NET_DEV_FEAT_HW_CSUM, -+ NET_DEV_FEAT_IPV6_CSUM, -+ NET_DEV_FEAT_HIGHDMA, -+ NET_DEV_FEAT_FRAGLIST, -+ NET_DEV_FEAT_HW_VLAN_CTAG_TX, -+ NET_DEV_FEAT_HW_VLAN_CTAG_RX, -+ NET_DEV_FEAT_HW_VLAN_CTAG_FILTER, -+ NET_DEV_FEAT_HW_VLAN_STAG_TX, -+ NET_DEV_FEAT_HW_VLAN_STAG_RX, -+ NET_DEV_FEAT_HW_VLAN_STAG_FILTER, -+ NET_DEV_FEAT_VLAN_CHALLENGED, - NET_DEV_FEAT_GSO, -+ NET_DEV_FEAT_LLTX, -+ NET_DEV_FEAT_NETNS_LOCAL, - NET_DEV_FEAT_GRO, - NET_DEV_FEAT_GRO_HW, - NET_DEV_FEAT_LRO, - NET_DEV_FEAT_TSO, -+ NET_DEV_FEAT_GSO_ROBUST, -+ NET_DEV_FEAT_TSO_ECN, -+ NET_DEV_FEAT_TSO_MANGLEID, - NET_DEV_FEAT_TSO6, -+ NET_DEV_FEAT_FSO, -+ NET_DEV_FEAT_GSO_GRE, -+ NET_DEV_FEAT_GSO_GRE_CSUM, -+ NET_DEV_FEAT_GSO_IPXIP4, -+ NET_DEV_FEAT_GSO_IPXIP6, -+ NET_DEV_FEAT_GSO_UDP_TUNNEL, -+ NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM, -+ NET_DEV_FEAT_GSO_PARTIAL, -+ NET_DEV_FEAT_GSO_TUNNEL_REMCSUM, -+ NET_DEV_FEAT_GSO_SCTP, -+ NET_DEV_FEAT_GSO_ESP, -+ NET_DEV_FEAT_GSO_UDP_L4, -+ NET_DEV_FEAT_GSO_FRAGLIST, -+ NET_DEV_FEAT_FCOE_CRC, -+ NET_DEV_FEAT_SCTP_CRC, -+ NET_DEV_FEAT_FCOE_MTU, -+ NET_DEV_FEAT_NTUPLE, -+ NET_DEV_FEAT_RXHASH, -+ NET_DEV_FEAT_RXCSUM, -+ NET_DEV_FEAT_NOCACHE_COPY, -+ NET_DEV_FEAT_LOOPBACK, -+ NET_DEV_FEAT_RXFCS, -+ NET_DEV_FEAT_RXALL, -+ NET_DEV_FEAT_HW_L2FW_DOFFLOAD, -+ NET_DEV_FEAT_HW_TC, -+ NET_DEV_FEAT_HW_ESP, -+ NET_DEV_FEAT_HW_ESP_TX_CSUM, -+ NET_DEV_FEAT_RX_UDP_TUNNEL_PORT, -+ NET_DEV_FEAT_HW_TLS_RECORD, -+ NET_DEV_FEAT_HW_TLS_TX, -+ NET_DEV_FEAT_HW_TLS_RX, -+ NET_DEV_FEAT_GRO_FRAGLIST, -+ NET_DEV_FEAT_HW_MACSEC, -+ NET_DEV_FEAT_GRO_UDP_FWD, -+ NET_DEV_FEAT_HW_HSR_TAG_INS, -+ NET_DEV_FEAT_HW_HSR_TAG_RM, -+ NET_DEV_FEAT_HW_HSR_FWD, -+ NET_DEV_FEAT_HW_HSR_DUP, - _NET_DEV_FEAT_SIMPLE_MAX, - -- NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, -+ NET_DEV_FEAT_TXCSUM = _NET_DEV_FEAT_SIMPLE_MAX, - _NET_DEV_FEAT_MAX, - _NET_DEV_FEAT_INVALID = -EINVAL, - } NetDevFeature; -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index 44b46cb17c0b..e3cdaaee0509 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -50,8 +50,8 @@ Link.Duplex, config_parse_duplex, - Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) - Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) - Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) --Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) --Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) -+Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) -+Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) - Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) - Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) - Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) diff --git a/SOURCES/20743.patch b/SOURCES/20743.patch deleted file mode 100644 index 0975ce8..0000000 --- a/SOURCES/20743.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0fc51b569570e8bf5aecd5ee03a88eb668b7b385 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 14 Sep 2021 16:33:10 -0700 -Subject: [PATCH] fileio: start with 4k buffer for procfs - -There's a very gradual increase of anonymous memory in systemd-journald that -blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. - -systemd-journald makes many calls to read /proc/PID/cmdline and -/proc/PID/status, both of which tend to be well under 4K. However the -combination of allocating 4M read buffers, then using `realloc()` to -shrink the buffer in `read_virtual_file()` appears to be creating -fragmentation in the heap (when combined with the other allocations -systemd-journald is doing). - -To help mitigate this, try reading /proc with a 4K buffer as -`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. -If it isn't big enough then try again with the larger buffers. ---- - src/basic/fileio.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 99a44fdea2..466c6321c7 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -431,6 +431,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - } - - n_retries--; -+ } else if (n_retries > 1) { -+ /* Files in /proc are generally smaller than the page size so let's start with a page size -+ * buffer from malloc and only use the max buffer on the final try. */ -+ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); -+ n_retries = 1; - } else { - size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); - n_retries = 0; --- -2.31.1 - diff --git a/SOURCES/20828.patch b/SOURCES/20828.patch deleted file mode 100644 index 2b55bd4..0000000 --- a/SOURCES/20828.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 88eca13f57194765d184ca227320df83f48020e2 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Fri, 24 Sep 2021 01:19:00 -0700 -Subject: [PATCH] link: connect 5 more properties to ethtool features - -Sets up the follow properties and their corresponding ethtool feature: -- ReceiveVLANCTAGHardwareAcceleration == rx-vlan-hw-parse (or rxvlan) -- TransmitVLANCTAGHardwareAcceleration == tx-vlan-hw-insert (or txvlan) -- ReceiveVLANCTAGFilter == rx-vlan-filter -- TransmitVLANSTAGHardwareAcceleration == tx-vlan-stag-hw-insert -- NTupleFilter == rx-ntuple-filter (or ntuple) ---- - man/systemd.link.xml | 35 +++++ - src/udev/net/link-config-gperf.gperf | 153 +++++++++++---------- - test/fuzz/fuzz-link-parser/directives.link | 5 + - 3 files changed, 119 insertions(+), 74 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 638a1522cd38..c8d3c5137459 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -715,6 +715,41 @@ - When unset, the kernel's default will be used. - - -+ -+ ReceiveVLANCTAGHardwareAcceleration= -+ -+ Takes a boolean. If set to true, receive VLAN CTAG hardware acceleration is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ TransmitVLANCTAGHardwareAcceleration= -+ -+ Takes a boolean. If set to true, transmit VLAN CTAG hardware acceleration is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ ReceiveVLANCTAGFilter= -+ -+ Takes a boolean. If set to true, receive filtering on VLAN CTAGs is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ TransmitVLANSTAGHardwareAcceleration= -+ -+ Takes a boolean. If set to true, transmit VLAN STAG HW acceleration is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ NTupleFilter= -+ -+ Takes a boolean. If set to true, receive N-tuple filters and actions are enabled. -+ When unset, the kernel's default will be used. -+ -+ - - RxChannels= - TxChannels= -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index e3cdaaee0509..04c255ce514c 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -21,77 +21,82 @@ struct ConfigPerfItem; - %struct-type - %includes - %% --Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) --Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) --Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) --Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) --Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) --Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) --Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) --Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) --Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) --Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) --Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) --Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) --Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) --Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) --Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) --Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) --Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) --Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) --Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) --Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) --Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) --Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) --Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) --Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) --Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) --Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) --Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) --Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) --Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) --Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) --Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) --Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) --Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) --Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) --Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 --Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) --Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) --Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) --Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) --Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) --Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) --Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) --Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) --Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) --Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) --Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) --Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) --Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) --Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) --Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) --Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) --Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) --Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) --Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) --Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) --Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) --Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) --Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) --Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) --Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) --Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) --Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) --Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) --Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) --Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) --Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) --Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) --Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) --Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) --Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) --Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) --Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) --Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) --Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) -+Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) -+Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) -+Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) -+Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) -+Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) -+Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) -+Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) -+Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) -+Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) -+Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) -+Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) -+Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) -+Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) -+Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) -+Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) -+Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) -+Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) -+Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) -+Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) -+Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) -+Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) -+Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) -+Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) -+Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) -+Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) -+Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) -+Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) -+Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) -+Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) -+Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) -+Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) -+Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) -+Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) -+Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) -+Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 -+Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) -+Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) -+Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) -+Link.ReceiveVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_RX]) -+Link.TransmitVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_TX]) -+Link.ReceiveVLANCTAGFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_FILTER]) -+Link.TransmitVLANSTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_STAG_TX]) -+Link.NTupleFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_NTUPLE]) -+Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) -+Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -+Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) -+Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) -+Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) -+Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) -+Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) -+Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) -+Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) -+Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) -+Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) -+Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) -+Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) -+Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) -+Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) -+Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) -+Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) -+Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) -+Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) -+Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) -+Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) -+Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) -+Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) -+Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) -+Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) -+Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) -+Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) -+Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) -+Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) -+Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) -+Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) -+Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) -+Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) -+Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) -+Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) -+Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) -diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link -index b5cffb1a271f..8be2434665a7 100644 ---- a/test/fuzz/fuzz-link-parser/directives.link -+++ b/test/fuzz/fuzz-link-parser/directives.link -@@ -38,6 +38,11 @@ UDPSegmentationOffload= - GenericReceiveOffload= - GenericReceiveOffloadHardware= - LargeReceiveOffload= -+ReceiveVLANCTAGHardwareAcceleration= -+TransmitVLANCTAGHardwareAcceleration= -+ReceiveVLANCTAGFilter= -+TransmitVLANSTAGHardwareAcceleration= -+NTupleFilter= - RxChannels= - TxChannels= - OtherChannels= diff --git a/SOURCES/20875.patch b/SOURCES/20875.patch deleted file mode 100644 index 610ee4c..0000000 --- a/SOURCES/20875.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 84e1818ce1dc9f5f7eb7b4d4bc87124d82c5080f Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 28 Sep 2021 23:52:39 -0700 -Subject: [PATCH] basic/unit-file: don't filter out names starting with dot - -Fixes #20859 ---- - src/basic/unit-file.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index 884a0674a9..0d58b1c4fe 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -284,7 +284,7 @@ int unit_file_build_name_map( - continue; - } - -- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { -+ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; - _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; - const char *suffix, *dst = NULL; --- -2.31.1 - diff --git a/SOURCES/20978.patch b/SOURCES/20978.patch deleted file mode 100644 index 8330e00..0000000 --- a/SOURCES/20978.patch +++ /dev/null @@ -1,126 +0,0 @@ -From a58dea6130fdcccd8cdf50633c939b45e2b32189 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Mon, 11 Oct 2021 00:25:20 -0700 -Subject: [PATCH] core: serialize device cgroup bpf progs across - daemon-reload/reexec - -Follows what was done in b57d75232615f98aefcf41cb145ec2ea3262857d and -adds a test that verifies the device BPF program is not detached during -reload/reexec. ---- - src/core/unit-serialize.c | 4 ++++ - test/TEST-66-DEVICE-ISOLATION/Makefile | 1 + - test/TEST-66-DEVICE-ISOLATION/test.sh | 10 ++++++++ - .../testsuite-66-deviceisolation.service | 9 ++++++++ - test/units/testsuite-66.service | 7 ++++++ - test/units/testsuite-66.sh | 23 +++++++++++++++++++ - 6 files changed, 54 insertions(+) - create mode 120000 test/TEST-66-DEVICE-ISOLATION/Makefile - create mode 100755 test/TEST-66-DEVICE-ISOLATION/test.sh - create mode 100644 test/units/testsuite-66-deviceisolation.service - create mode 100644 test/units/testsuite-66.service - create mode 100755 test/units/testsuite-66.sh - -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 9e1664ff53af..3458d7017bd5 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -171,6 +171,7 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool switching_root) { - - (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-ingress-installed", u->ip_bpf_ingress_installed); - (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-egress-installed", u->ip_bpf_egress_installed); -+ (void) bpf_program_serialize_attachment(f, fds, "bpf-device-control-installed", u->bpf_device_control_installed); - (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-ingress-installed", u->ip_bpf_custom_ingress_installed); - (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-egress-installed", u->ip_bpf_custom_egress_installed); - -@@ -408,6 +409,9 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { - } else if (streq(l, "ip-bpf-egress-installed")) { - (void) bpf_program_deserialize_attachment(v, fds, &u->ip_bpf_egress_installed); - continue; -+ } else if (streq(l, "bpf-device-control-installed")) { -+ (void) bpf_program_deserialize_attachment(v, fds, &u->bpf_device_control_installed); -+ continue; - - } else if (streq(l, "ip-bpf-custom-ingress-installed")) { - (void) bpf_program_deserialize_attachment_set(v, fds, &u->ip_bpf_custom_ingress_installed); -diff --git a/test/TEST-66-DEVICE-ISOLATION/Makefile b/test/TEST-66-DEVICE-ISOLATION/Makefile -new file mode 120000 -index 000000000000..e9f93b1104cd ---- /dev/null -+++ b/test/TEST-66-DEVICE-ISOLATION/Makefile -@@ -0,0 +1 @@ -+../TEST-01-BASIC/Makefile -\ No newline at end of file -diff --git a/test/TEST-66-DEVICE-ISOLATION/test.sh b/test/TEST-66-DEVICE-ISOLATION/test.sh -new file mode 100755 -index 000000000000..534e43e493e6 ---- /dev/null -+++ b/test/TEST-66-DEVICE-ISOLATION/test.sh -@@ -0,0 +1,10 @@ -+#!/usr/bin/env bash -+set -e -+ -+TEST_DESCRIPTION="test device isolation" -+TEST_NO_NSPAWN=1 -+ -+# shellcheck source=test/test-functions -+. "${TEST_BASE_DIR:?}/test-functions" -+ -+do_test "$@" -diff --git a/test/units/testsuite-66-deviceisolation.service b/test/units/testsuite-66-deviceisolation.service -new file mode 100644 -index 000000000000..0022a9a45724 ---- /dev/null -+++ b/test/units/testsuite-66-deviceisolation.service -@@ -0,0 +1,9 @@ -+[Unit] -+Description=Service that uses device isolation -+ -+[Service] -+DevicePolicy=strict -+DeviceAllow=/dev/null r -+StandardOutput=file:/testsuite66serviceresults -+ExecStartPre=rm -f /testsuite66serviceresults -+ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow > /dev/null && echo thisshouldnotbehere; done" -diff --git a/test/units/testsuite-66.service b/test/units/testsuite-66.service -new file mode 100644 -index 000000000000..a97974a4262d ---- /dev/null -+++ b/test/units/testsuite-66.service -@@ -0,0 +1,7 @@ -+[Unit] -+Description=TESTSUITE-66-DEVICEISOLATION -+ -+[Service] -+ExecStartPre=rm -f /failed /testok -+ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh -+Type=oneshot -diff --git a/test/units/testsuite-66.sh b/test/units/testsuite-66.sh -new file mode 100755 -index 000000000000..870dca42e169 ---- /dev/null -+++ b/test/units/testsuite-66.sh -@@ -0,0 +1,23 @@ -+#!/usr/bin/env bash -+set -eux -+set -o pipefail -+ -+systemd-analyze log-level debug -+systemd-analyze log-target console -+ -+systemctl start testsuite-66-deviceisolation.service -+ -+grep -q "Operation not permitted" /testsuite66serviceresults -+ -+systemctl daemon-reload -+systemctl daemon-reexec -+ -+systemctl stop testsuite-66-deviceisolation.service -+ -+grep -q "thisshouldnotbehere" /testsuite66serviceresults && exit 42 -+ -+systemd-analyze log-level info -+ -+echo OK >/testok -+ -+exit 0 diff --git a/SOURCES/21221.patch b/SOURCES/21221.patch deleted file mode 100644 index cfe113e..0000000 --- a/SOURCES/21221.patch +++ /dev/null @@ -1,172 +0,0 @@ -From fbdc87679cc4f3c9fc3653636e94be20f06d18e4 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 9 Nov 2021 15:26:28 -0800 -Subject: [PATCH] core: replace slice dependencies as they get added - -Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that -is used when adding slices to the dependencies hashmap. This type is -used to remove slice dependencies when they get overridden by new ones. - -Fixes #20182 ---- - src/core/dbus-unit.c | 2 +- - src/core/load-fragment.c | 2 +- - src/core/unit-serialize.c | 1 + - src/core/unit.c | 10 +++++++--- - src/core/unit.h | 7 +++++-- - src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- - 6 files changed, 45 insertions(+), 8 deletions(-) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index fe320f1b05a8..d4ec789a7c11 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -2273,7 +2273,7 @@ static int bus_unit_set_transient_property( - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) - return r; - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 62cadaf2286f..830048ae1915 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3792,7 +3792,7 @@ int config_parse_unit_slice( - return 0; - } - -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); - return 0; -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 3458d7017bd5..7d2e6bc130de 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -593,6 +593,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency - { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, - { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, - { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, -+ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, - }; - - assert(f); -diff --git a/src/core/unit.c b/src/core/unit.c -index 4c55827a6511..a3bca43566e0 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3284,7 +3284,7 @@ int unit_set_invocation_id(Unit *u, sd_id128_t id) { - return r; - } - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { -+int unit_set_slice(Unit *u, Unit *slice) { - int r; - - assert(u); -@@ -3317,7 +3317,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { - if (UNIT_GET_SLICE(u) && u->cgroup_realized) - return -EBUSY; - -- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); -+ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ -+ if (UNIT_GET_SLICE(u)) -+ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); -+ -+ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); - if (r < 0) - return r; - -@@ -3373,7 +3377,7 @@ int unit_set_default_slice(Unit *u) { - if (r < 0) - return r; - -- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ return unit_set_slice(u, slice); - } - - const char *unit_slice_name(Unit *u) { -diff --git a/src/core/unit.h b/src/core/unit.h -index 0dd6a9591d96..ba12fe4ac1ef 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -89,7 +89,10 @@ typedef enum UnitDependencyMask { - /* A dependency created because of data read from /proc/swaps and no other configuration source */ - UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, - -- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, -+ /* A dependency for units in slices assigned by directly setting Slice= */ -+ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, -+ -+ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, - } UnitDependencyMask; - - /* The Unit's dependencies[] hashmaps use this structure as value. It has the same size as a void pointer, and thus can -@@ -782,7 +785,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; - int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); - int unit_load(Unit *unit); - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); -+int unit_set_slice(Unit *u, Unit *slice); - int unit_set_default_slice(Unit *u); - - const char *unit_description(Unit *u) _pure_; -diff --git a/src/test/test-engine.c b/src/test/test-engine.c -index 880af36fb523..673c66561240 100644 ---- a/src/test/test-engine.c -+++ b/src/test/test-engine.c -@@ -8,6 +8,7 @@ - #include "manager-dump.h" - #include "rm-rf.h" - #include "service.h" -+#include "slice.h" - #include "special.h" - #include "strv.h" - #include "tests.h" -@@ -75,7 +76,8 @@ int main(int argc, char *argv[]) { - _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; - _cleanup_(manager_freep) Manager *m = NULL; - Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, -- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; -+ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, -+ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; - Job *j; - int r; - -@@ -260,5 +262,32 @@ int main(int argc, char *argv[]) { - - verify_dependency_atoms(); - -+ /* Test adding multiple Slice= dependencies; only the last should remain */ -+ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); -+ -+ unit_set_slice(tomato, sauce); -+ unit_set_slice(tomato, fruit); -+ unit_set_slice(tomato, zupa); -+ -+ assert_se(UNIT_GET_SLICE(tomato) == zupa); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); -+ -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); -+ - return 0; - } diff --git a/SOURCES/21241.patch b/SOURCES/21241.patch deleted file mode 100644 index 5889a9c..0000000 --- a/SOURCES/21241.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 084d0849fc864b0377551b211def7a89b642c5e9 Mon Sep 17 00:00:00 2001 -From: Julia Kartseva -Date: Thu, 4 Nov 2021 18:52:02 -0700 -Subject: [PATCH 1/2] core: fix bpf-foreign cg controller realization - -Requiring /sys/fs/bpf path to be a mount point at the moment of cgroup -controllers realization does more harm than good, because: -* Realization happens early on boot, the mount point may not be ready at -the time. That happens if mounts are made by a .mount unit (the issue we -encountered). -* BPF filesystem may be mounted on another point. - -Remove the check. Instead verify that path provided by BPFProgram= is -within BPF fs when unit properties are parsed. - -Split in two commits for simple backport. ---- - src/core/bpf-foreign.c | 10 ---------- - src/core/bpf-foreign.h | 5 ++++- - 2 files changed, 4 insertions(+), 11 deletions(-) - -diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c -index 6b93b9785fb5..686c14ce1f18 100644 ---- a/src/core/bpf-foreign.c -+++ b/src/core/bpf-foreign.c -@@ -111,16 +111,6 @@ static int bpf_foreign_prepare( - return 0; - } - --int bpf_foreign_supported(void) { -- int r; -- -- r = cg_all_unified(); -- if (r <= 0) -- return r; -- -- return path_is_mount_point("/sys/fs/bpf", NULL, 0); --} -- - int bpf_foreign_install(Unit *u) { - _cleanup_free_ char *cgroup_path = NULL; - CGroupBPFForeignProgram *p; -diff --git a/src/core/bpf-foreign.h b/src/core/bpf-foreign.h -index 9559cd79812b..e387b1b1d389 100644 ---- a/src/core/bpf-foreign.h -+++ b/src/core/bpf-foreign.h -@@ -4,7 +4,10 @@ - - #include "unit.h" - --int bpf_foreign_supported(void); -+static inline int bpf_foreign_supported(void) { -+ return cg_all_unified(); -+} -+ - /* - * Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity - * external to systemd. - -From dedca960afdee5797d19929c43853513711e3e3d Mon Sep 17 00:00:00 2001 -From: Julia Kartseva -Date: Thu, 4 Nov 2021 18:55:55 -0700 -Subject: [PATCH 2/2] core: check fs type of BPFProgram= property path - -Tests: - -``` -% stat --file-system --format="%T" /root/bpf/trivial/ -bpf_fs - -% systemd-nspawn -D/ --volatile=yes \ ---property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \ ---quiet -- ping -c 5 -W 1 ::1 -PING ::1(::1) 56 data bytes - ---- ::1 ping statistics --- -5 packets transmitted, 0 received, 100% packet loss, time 4110ms -``` - -``` -% stat --file-system --format='%T' /root/meh -btrfs - -% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh ---quiet -- ping -c 5 -W 1 ::1 -``` -sudo ./build/systemd-nspawn \ --D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \ -ping -c 1 -W 1 ::1 -PING ::1(::1) 56 data bytes -64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms - ---- ::1 ping statistics --- -1 packets transmitted, 1 received, 0% packet loss, time 0ms ---- - src/core/bpf-foreign.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c -index 686c14ce1f18..8538792b60db 100644 ---- a/src/core/bpf-foreign.c -+++ b/src/core/bpf-foreign.c -@@ -4,8 +4,10 @@ - #include "bpf-program.h" - #include "cgroup.h" - #include "memory-util.h" -+#include "missing_magic.h" - #include "mountpoint-util.h" - #include "set.h" -+#include "stat-util.h" - - typedef struct BPFForeignKey BPFForeignKey; - struct BPFForeignKey { -@@ -84,6 +86,14 @@ static int bpf_foreign_prepare( - assert(u); - assert(bpffs_path); - -+ r = path_is_fs_type(bpffs_path, BPF_FS_MAGIC); -+ if (r < 0) -+ return log_unit_error_errno(u, r, -+ "Failed to determine filesystem type of %s: %m", bpffs_path); -+ if (r == 0) -+ return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), -+ "Path in BPF filesystem is expected."); -+ - r = bpf_program_new_from_bpffs_path(bpffs_path, &prog); - if (r < 0) - return log_unit_error_errno(u, r, "Failed to create foreign BPFProgram: %m"); diff --git a/SOURCES/22426-fb.patch b/SOURCES/22426-fb.patch deleted file mode 100644 index 41310df..0000000 --- a/SOURCES/22426-fb.patch +++ /dev/null @@ -1,580 +0,0 @@ -From 3dbc067d326c600a92822037118961641fc76575 Mon Sep 17 00:00:00 2001 -From: Pasha Vorobyev -Date: Fri, 4 Feb 2022 11:49:46 -0800 -Subject: [PATCH] MemoryZSwapMax directive to configure new memory.zswap.max - cgroup file - ---- - man/org.freedesktop.systemd1.xml | 36 +++++++++++++++++++ - src/basic/cgroup-util.c | 36 +++++++++++++++++++ - src/basic/cgroup-util.h | 2 ++ - src/core/cgroup.c | 17 +++++++-- - src/core/cgroup.h | 1 + - src/core/dbus-cgroup.c | 8 +++++ - src/core/load-fragment-gperf.gperf.in | 1 + - src/core/load-fragment.c | 4 ++- - src/shared/bus-print-properties.c | 2 +- - src/shared/bus-unit-util.c | 1 + - src/systemctl/systemctl-show.c | 8 +++++ - .../fuzz-unit-file/directives-all.service | 1 + - test/fuzz/fuzz-unit-file/directives.mount | 1 + - test/fuzz/fuzz-unit-file/directives.scope | 1 + - test/fuzz/fuzz-unit-file/directives.service | 1 + - test/fuzz/fuzz-unit-file/directives.slice | 1 + - test/fuzz/fuzz-unit-file/directives.socket | 1 + - test/fuzz/fuzz-unit-file/directives.swap | 1 + - 18 files changed, 118 insertions(+), 5 deletions(-) - -diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml -index c14c5b6601..cc37de4fb4 100644 ---- a/man/org.freedesktop.systemd1.xml -+++ b/man/org.freedesktop.systemd1.xml -@@ -2493,6 +2493,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -3030,6 +3032,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - - - -+ -+ - - - -@@ -3594,6 +3598,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - - - -+ -+ - - - -@@ -4293,6 +4299,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -4858,6 +4866,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ - - - -@@ -5420,6 +5430,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ - - - -@@ -6016,6 +6028,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -6509,6 +6523,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { - - - -+ -+ - - - -@@ -6989,6 +7005,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { - - - -+ -+ - - - -@@ -7706,6 +7724,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -8185,6 +8205,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { - - - -+ -+ - - - -@@ -8651,6 +8673,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { - - - -+ -+ - - - -@@ -9221,6 +9245,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -9364,6 +9390,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { - - - -+ -+ - - - -@@ -9514,6 +9542,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { - - - -+ -+ - - - -@@ -9684,6 +9714,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -9843,6 +9875,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { - - - -+ -+ - - - -@@ -10019,6 +10053,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { - - - -+ -+ - - - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 1ff6160dc8..00b1e71520 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -160,6 +160,42 @@ bool cg_freezer_supported(void) { - return supported; - } - -+bool cg_kill_supported(void) { -+ static thread_local int supported = -1; -+ -+ if (supported >= 0) -+ return supported; -+ -+ if (cg_all_unified() <= 0) -+ supported = false; -+ else if (access("/sys/fs/cgroup/init.scope/cgroup.kill", F_OK) < 0) { -+ if (errno != ENOENT) -+ log_debug_errno(errno, "Failed to check if cgroup.kill is available, assuming not: %m"); -+ supported = false; -+ } else -+ supported = true; -+ -+ return supported; -+} -+ -+bool cg_zswap_supported(void) { -+ static thread_local int supported = -1; -+ -+ if (supported >= 0) -+ return supported; -+ -+ if (cg_all_unified() <= 0) -+ supported = false; -+ else if (access("/sys/fs/cgroup/init.scope/memory.zswap.max", F_OK) < 0) { -+ if (errno != ENOENT) -+ log_debug_errno(errno, "Failed to check if cgroup memory.zswap.max is available, assuming not: %m"); -+ supported = false; -+ } else -+ supported = true; -+ -+ return supported; -+} -+ - int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) { - _cleanup_free_ char *fs = NULL; - int r; -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index ce2f4c6589..8ea94b8870 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -272,6 +272,8 @@ int cg_kernel_controllers(Set **controllers); - - bool cg_ns_supported(void); - bool cg_freezer_supported(void); -+bool cg_kill_supported(void); -+bool cg_zswap_supported(void); - - int cg_all_unified(void); - int cg_hybrid_unified(void); -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 5c07aa71d1..4a0aa65037 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -123,6 +123,7 @@ void cgroup_context_init(CGroupContext *c) { - .memory_high = CGROUP_LIMIT_MAX, - .memory_max = CGROUP_LIMIT_MAX, - .memory_swap_max = CGROUP_LIMIT_MAX, -+ .memory_zswap_max = CGROUP_LIMIT_MAX, - - .memory_limit = CGROUP_LIMIT_MAX, - -@@ -322,6 +323,9 @@ static int unit_compare_memory_limit(Unit *u, const char *property_name, uint64_ - } else if (streq(property_name, "MemorySwapMax")) { - unit_value = c->memory_swap_max; - file = "memory.swap.max"; -+ } else if (streq(property_name, "MemoryZSwapMax")) { -+ unit_value = c->memory_zswap_max; -+ file = "memory.zswap.max"; - } else - return -EINVAL; - -@@ -364,9 +368,10 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, - - /* memory.swap.max is special in that it relies on CONFIG_MEMCG_SWAP (and the default swapaccount=1). - * In the absence of reliably being able to detect whether memcg swap support is available or not, -- * only complain if the error is not ENOENT. */ -+ * only complain if the error is not ENOENT. This is similarly the case for memory.zswap.max relying on CONFIG_ZSWAP. */ - if (r > 0 || IN_SET(r, -ENODATA, -EOWNERDEAD) || -- (r == -ENOENT && streq(property_name, "MemorySwapMax"))) { -+ (r == -ENOENT && (streq(property_name, "MemorySwapMax") || -+ streq(property_name, "MemoryZSwapMax")))) { - buf[0] = 0; - return buf; - } -@@ -441,6 +446,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sMemoryHigh: %" PRIu64 "%s\n" - "%sMemoryMax: %" PRIu64 "%s\n" - "%sMemorySwapMax: %" PRIu64 "%s\n" -+ "%sMemoryZSwapMax: %" PRIu64 "%s\n" - "%sMemoryLimit: %" PRIu64 "\n" - "%sTasksMax: %" PRIu64 "\n" - "%sDevicePolicy: %s\n" -@@ -475,6 +481,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->memory_high, format_cgroup_memory_limit_comparison(cdc, sizeof(cdc), u, "MemoryHigh"), - prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), - prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), -+ prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"), - prefix, c->memory_limit, - prefix, tasks_max_resolve(&c->tasks_max), - prefix, cgroup_device_policy_to_string(c->device_policy), -@@ -1075,7 +1082,7 @@ static bool unit_has_unified_memory_config(Unit *u) { - - return unit_get_ancestor_memory_min(u) > 0 || unit_get_ancestor_memory_low(u) > 0 || - c->memory_high != CGROUP_LIMIT_MAX || c->memory_max != CGROUP_LIMIT_MAX || -- c->memory_swap_max != CGROUP_LIMIT_MAX; -+ c->memory_swap_max != CGROUP_LIMIT_MAX || c->memory_zswap_max != CGROUP_LIMIT_MAX; - } - - static void cgroup_apply_unified_memory_limit(Unit *u, const char *file, uint64_t v) { -@@ -1442,10 +1449,12 @@ static void cgroup_context_apply( - - if (cg_all_unified() > 0) { - uint64_t max, swap_max = CGROUP_LIMIT_MAX; -+ uint64_t zswap_max = CGROUP_LIMIT_MAX; - - if (unit_has_unified_memory_config(u)) { - max = c->memory_max; - swap_max = c->memory_swap_max; -+ zswap_max = c->memory_zswap_max; - } else { - max = c->memory_limit; - -@@ -1458,6 +1467,8 @@ static void cgroup_context_apply( - cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high); - cgroup_apply_unified_memory_limit(u, "memory.max", max); - cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max); -+ if (cg_zswap_supported()) -+ cgroup_apply_unified_memory_limit(u, "memory.zswap.max", zswap_max); - - (void) set_attribute_and_warn(u, "memory", "memory.oom.group", one_zero(c->memory_oom_group)); - -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index 3f8cad899d..d40ac0fadc 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -147,6 +147,7 @@ struct CGroupContext { - uint64_t memory_high; - uint64_t memory_max; - uint64_t memory_swap_max; -+ uint64_t memory_zswap_max; - - bool default_memory_min_set; - bool default_memory_low_set; -diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 84c3caf3a5..e57ceff6f4 100644 ---- a/src/core/dbus-cgroup.c -+++ b/src/core/dbus-cgroup.c -@@ -439,6 +439,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), - SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), - SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), -+ SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), - SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), - SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), - SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), -@@ -860,6 +861,7 @@ BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEI - BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); - BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); - BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); -+BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); - REENABLE_WARNING; - - static int bus_cgroup_set_tasks_max( -@@ -1019,6 +1021,9 @@ int bus_cgroup_set_property( - if (streq(name, "MemorySwapMax")) - return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); - -+ if (streq(name, "MemoryZSwapMax")) -+ return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error); -+ - if (streq(name, "MemoryMax")) - return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); - -@@ -1059,6 +1064,9 @@ int bus_cgroup_set_property( - if (streq(name, "MemorySwapMaxScale")) - return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); - -+ if (streq(name, "MemoryZSwapMaxScale")) -+ return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error); -+ - if (streq(name, "MemoryMaxScale")) - return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); - -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 42441eab6e..27860fb973 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -196,6 +196,7 @@ - {{type}}.MemoryHigh, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) -+{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) - {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index a068fdf313..b64e64d90f 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3690,7 +3690,7 @@ int config_parse_memory_limit( - bytes = physical_memory_scale(r, 10000U); - - if (bytes >= UINT64_MAX || -- (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { -+ (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryZSwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { - log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue); - return 0; - } -@@ -3714,6 +3714,8 @@ int config_parse_memory_limit( - c->memory_max = bytes; - else if (streq(lvalue, "MemorySwapMax")) - c->memory_swap_max = bytes; -+ else if (streq(lvalue, "MemoryZSwapMax")) -+ c->memory_zswap_max = bytes; - else if (streq(lvalue, "MemoryLimit")) - c->memory_limit = bytes; - else -diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c -index b45921943a..31c2e3cd35 100644 ---- a/src/shared/bus-print-properties.c -+++ b/src/shared/bus-print-properties.c -@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b - - bus_print_property_value(name, expected_value, flags, "[not set]"); - -- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || -+ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || - (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || - (startswith(name, "Limit") && u == UINT64_MAX) || - (startswith(name, "DefaultLimit") && u == UINT64_MAX)) -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index d3a5b25d18..f89b6e7428 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -516,6 +516,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - "MemoryHigh", - "MemoryMax", - "MemorySwapMax", -+ "MemoryZSwapMax", - "MemoryLimit", - "TasksMax")) { - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 1f524626bf..2bba11936e 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -247,6 +247,7 @@ typedef struct UnitStatusInfo { - uint64_t memory_high; - uint64_t memory_max; - uint64_t memory_swap_max; -+ uint64_t memory_zswap_max; - uint64_t memory_limit; - uint64_t memory_available; - uint64_t cpu_usage_nsec; -@@ -684,6 +685,7 @@ static void print_status_info( - if (i->memory_min > 0 || i->memory_low > 0 || - i->memory_high != CGROUP_LIMIT_MAX || i->memory_max != CGROUP_LIMIT_MAX || - i->memory_swap_max != CGROUP_LIMIT_MAX || -+ i->memory_zswap_max != CGROUP_LIMIT_MAX || - i->memory_available != CGROUP_LIMIT_MAX || - i->memory_limit != CGROUP_LIMIT_MAX) { - const char *prefix = ""; -@@ -709,6 +711,10 @@ static void print_status_info( - printf("%sswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_swap_max)); - prefix = " "; - } -+ if (i->memory_zswap_max != CGROUP_LIMIT_MAX) { -+ printf("%szswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_zswap_max)); -+ prefix = " "; -+ } - if (i->memory_limit != CGROUP_LIMIT_MAX) { - printf("%slimit: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_limit)); - prefix = " "; -@@ -1850,6 +1856,7 @@ static int show_one( - { "MemoryHigh", "t", NULL, offsetof(UnitStatusInfo, memory_high) }, - { "MemoryMax", "t", NULL, offsetof(UnitStatusInfo, memory_max) }, - { "MemorySwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_swap_max) }, -+ { "MemoryZSwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_zswap_max) }, - { "MemoryLimit", "t", NULL, offsetof(UnitStatusInfo, memory_limit) }, - { "CPUUsageNSec", "t", NULL, offsetof(UnitStatusInfo, cpu_usage_nsec) }, - { "TasksCurrent", "t", NULL, offsetof(UnitStatusInfo, tasks_current) }, -@@ -1884,6 +1891,7 @@ static int show_one( - .memory_high = CGROUP_LIMIT_MAX, - .memory_max = CGROUP_LIMIT_MAX, - .memory_swap_max = CGROUP_LIMIT_MAX, -+ .memory_zswap_max = CGROUP_LIMIT_MAX, - .memory_limit = UINT64_MAX, - .memory_available = CGROUP_LIMIT_MAX, - .cpu_usage_nsec = UINT64_MAX, -diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 3039d1c0cd..81ffe4fc86 100644 ---- a/test/fuzz/fuzz-unit-file/directives-all.service -+++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -152,6 +152,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemorySwapMax= -+MemoryZSwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= - MountAPIVFS= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 451f291988..ba5d03cc4b 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -103,6 +103,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MountAPIVFS= - MountFlags= - MountImages= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index 7e69cf816b..12e3f02b9b 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -46,6 +46,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - NetClass= - RestartKillSignal= - RuntimeMaxSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index de7d2c7daf..b27b100f1a 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -225,6 +225,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MountAPIVFS= - MountFlags= - MountImages= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 789ac8f0db..0004d4dfd4 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -43,6 +43,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - NetClass= - Slice= - SocketBindAllow= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index 11f589e22c..02e0349009 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -131,6 +131,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= - MountAPIVFS= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index 582a136531..4536b2a606 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -100,6 +100,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MountAPIVFS= - MountFlags= - MountImages= --- -2.34.1 - diff --git a/SOURCES/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch b/SOURCES/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch deleted file mode 100644 index 6b148ad..0000000 --- a/SOURCES/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 1035e36675e10522824476c9084ff1001039c054 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 1 Oct 2021 09:22:18 +0900 -Subject: [PATCH] network: drop and warn duplicated Address= settings - -Fixes #20891. ---- - src/network/networkd-address.c | 43 +++++++++++++++++++++++++++++++--- - src/network/networkd-address.h | 2 +- - src/network/networkd-network.c | 6 ++++- - 3 files changed, 46 insertions(+), 5 deletions(-) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 7b221516d7..e1bc6aa474 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -304,6 +304,12 @@ bool address_equal(const Address *a1, const Address *a2) { - return address_compare_func(a1, a2) == 0; - } - -+DEFINE_PRIVATE_HASH_OPS( -+ address_hash_ops_new, -+ Address, -+ address_hash_func, -+ address_compare_func); -+ - int address_dup(const Address *src, Address **ret) { - _cleanup_(address_freep) Address *dest = NULL; - int r; -@@ -1988,12 +1994,43 @@ static int address_section_verify(Address *address) { - return 0; - } - --void network_drop_invalid_addresses(Network *network) { -+int network_drop_invalid_addresses(Network *network) { -+ _cleanup_set_free_ Set *addresses = NULL; - Address *address; -+ int r; - - assert(network); - -- ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) -- if (address_section_verify(address) < 0) -+ ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) { -+ Address *dup; -+ -+ if (address_section_verify(address) < 0) { -+ /* Drop invalid [Address] sections or Address= settings in [Network]. -+ * Note that address_free() will drop the address from addresses_by_section. */ - address_free(address); -+ continue; -+ } -+ -+ /* Always use the setting specified later. So, remove the previously assigned setting. */ -+ dup = set_remove(addresses, address); -+ if (dup) { -+ _cleanup_free_ char *buf = NULL; -+ -+ (void) in_addr_prefix_to_string(address->family, &address->in_addr, address->prefixlen, &buf); -+ log_warning("%s: Duplicated address %s is specified at line %u and %u, " -+ "dropping the address setting specified at line %u.", -+ dup->section->filename, strna(buf), address->section->line, -+ dup->section->line, dup->section->line); -+ /* address_free() will drop the address from addresses_by_section. */ -+ address_free(dup); -+ } -+ -+ /* Do not use address_hash_ops_free here. Otherwise, all address settings will be freed. */ -+ r = set_ensure_put(&addresses, &address_hash_ops_new, address); -+ if (r < 0) -+ return log_oom(); -+ assert(r > 0); -+ } -+ -+ return 0; - } -diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h -index ff3d46abdd..55d22ad221 100644 ---- a/src/network/networkd-address.h -+++ b/src/network/networkd-address.h -@@ -85,7 +85,7 @@ int request_process_address(Request *req); - - int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, Manager *m); - --void network_drop_invalid_addresses(Network *network); -+int network_drop_invalid_addresses(Network *network); - - void address_hash_func(const Address *a, struct siphash *state); - int address_compare_func(const Address *a1, const Address *a2); -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index 2a864a38b1..920f7851ba 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -119,6 +119,8 @@ static int network_resolve_stacked_netdevs(Network *network) { - } - - int network_verify(Network *network) { -+ int r; -+ - assert(network); - assert(network->filename); - -@@ -252,7 +254,9 @@ int network_verify(Network *network) { - network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses); - } - -- network_drop_invalid_addresses(network); -+ r = network_drop_invalid_addresses(network); -+ if (r < 0) -+ return r; - network_drop_invalid_routes(network); - network_drop_invalid_nexthops(network); - network_drop_invalid_bridge_fdb_entries(network); --- -2.31.1 - diff --git a/SOURCES/Makefile.selinux b/SOURCES/Makefile.selinux deleted file mode 100644 index bc159a5..0000000 --- a/SOURCES/Makefile.selinux +++ /dev/null @@ -1,16 +0,0 @@ -TARGETS ?= systemd_hs -SHARE ?= /usr/share -MODULES ?= ${TARGETS:=.pp.bz2} - -all: ${TARGETS:=.pp.bz2} - -%.pp.bz2: %.pp - @echo Compressing $^ -\ $@ - bzip2 -9 $^ - -%.pp: %.te - make -f ${SHARE}/selinux/devel/Makefile $@ - -clean: - rm -f *~ *.tc *.pp *.pp.bz2 - rm -rf tmp diff --git a/SOURCES/README.build-in-place b/SOURCES/README.build-in-place deleted file mode 100644 index 8b66077..0000000 --- a/SOURCES/README.build-in-place +++ /dev/null @@ -1,14 +0,0 @@ -== Building systemd rpms for local development using rpmbuild --build-in-place == - -This approach is based on https://github.com/filbranden/git-rpmbuild -and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/]. - -``` -git clone https://github.com/systemd/systemd -fedpkg clone systemd fedora-systemd -cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec -sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm -``` - -`--without lto` and `--without tests` may be useful to speed up the build. diff --git a/SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch deleted file mode 100644 index 84497ad..0000000 --- a/SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +++ /dev/null @@ -1,129 +0,0 @@ -From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 14 Sep 2020 17:58:03 +0200 -Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() - -https://bugzilla.redhat.com/show_bug.cgi?id=1803070 - -I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different -than the one we get from /proc/self/fdinfo/. This only matters when both statx and -name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: - -(gdb) !uname -r -5.6.19-200.fc31.ppc64le - -(gdb) !cat /proc/self/mountinfo -697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== -701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel -702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw -703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 -704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel -705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 -706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 -722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel -725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel -614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate -615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 - -The test process does -name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then -openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then -read(open("/proc/self/fdinfo/4", ...)) which gives -"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" - -and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. - -We could either drop the fallback path (and fail name_to_handle_at() is not -avaliable) or ignore the error in the test. Not sure what is better. I think -this issue only occurs sometimes and with older kernels, so probably continuing -with the current flaky implementation is better than ripping out the fallback. - -Another strace: -writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 -) = 28 -name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 -writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 -) = 20 -name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 -writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 -) = 30 -name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 -writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 -) = 23 -name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) -openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 -openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 -read(5, "", 1024) = 0 -close(5) = 0 -close(4) = 0 -writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 -) = 42 -writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc -) = 39 -writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. -) = 109 -rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 -rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 -getpid() = 20 -gettid() = 20 -tgkill(20, 20, SIGABRT) = 0 -rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ---- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- -+++ killed by SIGABRT (core dumped) +++ ---- - src/test/test-mountpoint-util.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 30b00ae4d8b..ffe5144b04a 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -89,8 +89,12 @@ static void test_mnt_id(void) { - /* The ids don't match? If so, then there are two mounts on the same path, let's check if - * that's really the case */ - char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); -+ -+ if (!path_equal(p, t)) -+ /* Apparent kernel bug in /proc/self/fdinfo */ -+ log_warning("Bad mount id given for %s: %d, should be %d", -+ p, mnt_id2, mnt_id); - } - } - diff --git a/SOURCES/libfdisk_version_for_centos.patch b/SOURCES/libfdisk_version_for_centos.patch deleted file mode 100644 index 1a8535b..0000000 --- a/SOURCES/libfdisk_version_for_centos.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 69443affcaa711a9a3355994458542d3732631a5 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 30 Nov 2021 12:08:50 -0800 -Subject: [PATCH] Re-enable repart if libfdisk ver. has range fix - ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 6263e7c0fc..35e6c4f376 100644 ---- a/meson.build -+++ b/meson.build -@@ -1011,7 +1011,7 @@ libmount = dependency('mount', - want_libfdisk = get_option('fdisk') - if want_libfdisk != 'false' and not skip_deps - libfdisk = dependency('fdisk', -- version : '>= 2.33', -+ version : '>= 2.32.1', - required : want_libfdisk == 'true') - have = libfdisk.found() - else --- -2.31.1 - diff --git a/SOURCES/libsystemd-shared.abignore b/SOURCES/libsystemd-shared.abignore deleted file mode 100644 index e412d8b..0000000 --- a/SOURCES/libsystemd-shared.abignore +++ /dev/null @@ -1,3 +0,0 @@ -[suppress_file] -# This shared object is private to systemd -file_name_regexp=libsystemd-shared-.*.so diff --git a/SOURCES/macros.sysusers b/SOURCES/macros.sysusers deleted file mode 100644 index d8d8c1d..0000000 --- a/SOURCES/macros.sysusers +++ /dev/null @@ -1,10 +0,0 @@ -# RPM macros for packages creating system accounts -# -# Turn a sysusers.d file into macros specified by -# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation - -%sysusers_requires_compat Requires(pre): shadow-utils - -%sysusers_create_compat() \ -%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ -%{nil} diff --git a/SOURCES/purge-nobody-user b/SOURCES/purge-nobody-user deleted file mode 100755 index 66404fe..0000000 --- a/SOURCES/purge-nobody-user +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -eu - -if [ $UID -ne 0 ]; then - echo "WARNING: This script needs to run as root to be effective" - exit 1 -fi - -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 - -if [ "${1:-}" = "--ignore-journal" ]; then - shift - ignore_journal=1 -else - ignore_journal=0 -fi - -echo "Checking processes..." -if ps h -u 99 | grep .; then - echo "ERROR: ps reports processes with UID 99!" - exit 2 -fi -echo "... not found" - -echo "Checking UTMP..." -if w -h 199 | grep . ; then - echo "ERROR: w reports UID 99 as active!" - exit 2 -fi -if w -h nobody | grep . ; then - echo "ERROR: w reports user nobody as active!" - exit 2 -fi -echo "... not found" - -echo "Checking the journal..." -if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then - echo "ERROR: journalctl reports messages from UID 99 in current boot!" - exit 2 -fi -echo "... not found" - -echo "Looking for files in /etc, /run, /tmp, and /var..." -if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then - echo "ERROR: found files belonging to UID 99" - exit 2 -fi -echo "... not found" - -echo "Checking if nobody is defined correctly..." -if getent passwd nobody | - grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; -then - echo "OK, nothing to do." - exit 0 -else - echo "NOTICE: User nobody is not defined correctly" -fi - -echo "Checking if nfsnobody or something else is using the uid..." -if getent passwd 65534 | grep . ; then - echo "NOTICE: will have to remove this user" -else - echo "... not found" -fi - -if [ "${1:-}" = "-x" ]; then - if getent passwd nobody >/dev/null; then - # this will remove both the user and the group. - ( set -x - userdel nobody - ) - fi - - if getent passwd 65534 >/dev/null; then - # Make sure the uid is unused. This should free gid too. - name="$(getent passwd 65534 | cut -d: -f1)" - ( set -x - userdel "$name" - ) - fi - - if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then - echo "Sleeping, so sss can catch up" - sleep 3 - fi - - if getent group 65534; then - # Make sure the gid is unused, even if uid wasn't. - name="$(getent group 65534 | cut -d: -f1)" - ( set -x - groupdel "$name" - ) - fi - - # systemd-sysusers uses the same gid and uid - ( set -x - systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' - ) -else - echo "Pass '-x' to perform changes" -fi diff --git a/SOURCES/split-files.py b/SOURCES/split-files.py deleted file mode 100644 index f883f73..0000000 --- a/SOURCES/split-files.py +++ /dev/null @@ -1,157 +0,0 @@ -import re, sys, os, collections - -buildroot = sys.argv[1] -known_files = sys.stdin.read().splitlines() -known_files = {line.split()[-1]:line for line in known_files} - -def files(root): - os.chdir(root) - todo = collections.deque(['.']) - while todo: - n = todo.pop() - files = os.scandir(n) - for file in files: - yield file - if file.is_dir() and not file.is_symlink(): - todo.append(file) - -o_libs = open('.file-list-libs', 'w') -o_udev = open('.file-list-udev', 'w') -o_pam = open('.file-list-pam', 'w') -o_rpm_macros = open('.file-list-rpm-macros', 'w') -o_devel = open('.file-list-devel', 'w') -o_container = open('.file-list-container', 'w') -o_networkd = open('.file-list-networkd', 'w') -o_oomd_defaults = open('.file-list-oomd-defaults', 'w') -o_remote = open('.file-list-remote', 'w') -o_resolve = open('.file-list-resolve', 'w') -o_tests = open('.file-list-tests', 'w') -o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') -o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_rest = open('.file-list-rest', 'w') -for file in files(buildroot): - n = file.path[1:] - if re.match(r'''/usr/(share|include)$| - /usr/share/man(/man.|)$| - /usr/share/zsh(/site-functions|)$| - /usr/share/dbus-1$| - /usr/share/dbus-1/system.d$| - /usr/share/dbus-1/(system-|)services$| - /usr/share/polkit-1(/actions|/rules.d|)$| - /usr/share/pkgconfig$| - /usr/share/bash-completion(/completions|)$| - /usr(/lib|/lib64|/bin|/sbin|)$| - /usr/lib.*/(security|pkgconfig)$| - /usr/lib/rpm(/macros.d|)$| - /usr/lib/firewalld(/services|)$| - /usr/share/(locale|licenses|doc)| # no $ - /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| - /etc/(dnf|dnf/protected.d)$| - /usr/(src|lib/debug)| # no $ - /run$| - /var(/cache|/log|/lib|/run|)$ - ''', n, re.X): - continue - if '/security/pam_' in n or '/man8/pam_' in n: - o = o_pam - elif '/rpm/' in n: - o = o_rpm_macros - elif '/usr/lib/systemd/tests' in n: - o = o_tests - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? - - systemd-journal-gatewayd - Journal Gateway Service - - diff --git a/SOURCES/systemd-journal-remote.xml b/SOURCES/systemd-journal-remote.xml deleted file mode 100644 index e115a12..0000000 --- a/SOURCES/systemd-journal-remote.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - systemd-journal-remote - Journal Remote Sink - - diff --git a/SOURCES/systemd-udev-trigger-no-reload.conf b/SOURCES/systemd-udev-trigger-no-reload.conf deleted file mode 100644 index c879427..0000000 --- a/SOURCES/systemd-udev-trigger-no-reload.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Unit] -# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 -RefuseManualStop=true diff --git a/SOURCES/systemd-user b/SOURCES/systemd-user deleted file mode 100644 index 2725df9..0000000 --- a/SOURCES/systemd-user +++ /dev/null @@ -1,10 +0,0 @@ -# This file is part of systemd. -# -# Used by systemd --user instances. - -account include system-auth - -session required pam_selinux.so close -session required pam_selinux.so nottys open -session required pam_loginuid.so -session include system-auth diff --git a/SOURCES/systemd_hs.if b/SOURCES/systemd_hs.if deleted file mode 100644 index 6695e0e..0000000 --- a/SOURCES/systemd_hs.if +++ /dev/null @@ -1,20 +0,0 @@ -######################################## -## -## Allows the caller to use the SELinux status page. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`selinux_use_status_page',` - gen_require(` - type security_t; - ') - - dev_search_sysfs($1) - allow $1 security_t:dir list_dir_perms; - allow $1 security_t:file mmap_read_file_perms; -') diff --git a/SOURCES/systemd_hs.te b/SOURCES/systemd_hs.te deleted file mode 100644 index ce80487..0000000 --- a/SOURCES/systemd_hs.te +++ /dev/null @@ -1,68 +0,0 @@ -policy_module(systemd_hs,0.0.1) - -# systemd overrides for 247 -gen_require(` - type avahi_t; - type cgroup_t; - type init_t; - type init_var_run_t; - type initrc_t; - class dbus send_msg; - type install_t; - type kmsg_device_t; - type policykit_auth_t; - type policykit_t; - type proc_kmsg_t; - type rpm_t; - type system_dbusd_t; - type system_dbusd_var_run_t; - type systemd_hostnamed_t; - type systemd_localed_t; - type systemd_logind_t; - type systemd_machined_t; - type systemd_resolved_t; - type systemd_tmpfiles_t; - type security_t; - type sssd_t; - type syslogd_t; - type udev_var_run_t; - type user_tmp_t; - type useradd_t; - type xdm_t; -') - -allow avahi_t init_var_run_t:dir read; -allow init_t kmsg_device_t:chr_file mounton; -allow init_t proc_kmsg_t:file { getattr mounton }; -allow init_t system_dbusd_var_run_t:sock_file read; -allow init_t systemd_machined_t:unix_stream_socket connectto; -allow policykit_auth_t init_var_run_t:dir read; -allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto; -allow policykit_t systemd_machined_t:unix_stream_socket connectto; -allow sssd_t cgroup_t:filesystem getattr; -allow syslogd_t user_tmp_t:lnk_file read; -allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto; -allow systemd_hostnamed_t init_var_run_t:dir write; -allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read }; -allow systemd_hostnamed_t initrc_t:dbus send_msg; -allow systemd_hostnamed_t install_t:dbus send_msg; -allow systemd_hostnamed_t udev_var_run_t:file getattr; -allow systemd_hostnamed_t udev_var_run_t:file open; -allow systemd_hostnamed_t udev_var_run_t:file read; -allow systemd_logind_t self:netlink_selinux_socket bind; -allow systemd_logind_t self:netlink_selinux_socket create; -allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto; -allow systemd_logind_t user_tmp_t:chr_file unlink; -allow systemd_machined_t init_var_run_t:sock_file create; -allow sssd_t cgroup_t:dir search; -allow sssd_t cgroup_t:filesystem getattr; -allow useradd_t init_var_run_t:dir read; -allow xdm_t systemd_machined_t:unix_stream_socket connectto; - -selinux_use_status_page(init_t) -selinux_use_status_page(rpm_t) -selinux_use_status_page(systemd_hostnamed_t) -selinux_use_status_page(systemd_localed_t) -selinux_use_status_page(systemd_logind_t) -selinux_use_status_page(systemd_resolved_t) -selinux_use_status_page(systemd_tmpfiles_t) diff --git a/SOURCES/sysusers.attr b/SOURCES/sysusers.attr deleted file mode 100644 index 367c137..0000000 --- a/SOURCES/sysusers.attr +++ /dev/null @@ -1,2 +0,0 @@ -%__sysusers_provides %{_rpmconfigdir}/sysusers.prov -%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/SOURCES/sysusers.generate-pre.sh b/SOURCES/sysusers.generate-pre.sh deleted file mode 100755 index fd9938d..0000000 --- a/SOURCES/sysusers.generate-pre.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -# This script turns sysuser.d files into scriptlets mandated by Fedora -# packaging guidelines. The general idea is to define users using the -# declarative syntax but to turn this into traditional scriptlets. - -user() { - user="$1" - uid="$2" - desc="$3" - group="$4" - home="$5" - shell="$6" - - [ "$desc" = '-' ] && desc= - { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ - { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin - - if [ "$uid" = '-' ] || [ "$uid" = '' ]; then - cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' -EOF - else - cat </dev/null ; then - if ! getent passwd '$uid' >/dev/null ; then - useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' - else - useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' - fi -fi - -EOF - fi -} - -group() { - group="$1" - gid="$2" - if [ "$gid" = '-' ]; then - cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' - EOF - else - cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' - EOF - fi -} - -parse() { - while read -r line || [ -n "$line" ] ; do - { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue - line="${line## *}" - [ -z "$line" ] && continue - eval "arr=( $line )" - case "${arr[0]}" in - ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support - ;; - ('g') - group "${arr[1]}" "${arr[2]}" - ;; - ('m') - group "${arr[2]}" "-" - user "${arr[1]}" "-" "" "${arr[2]}" - ;; - esac - done -} - -for fn in "$@"; do - [ -e "$fn" ] || continue - echo "# generated from $(basename "$fn")" - parse <"$fn" -done diff --git a/SOURCES/sysusers.prov b/SOURCES/sysusers.prov deleted file mode 100755 index a6eda5d..0000000 --- a/SOURCES/sysusers.prov +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -parse() { - while read line; do - [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue - line="${line## *}" - [ -z "$line" ] && continue - set -- $line - case "$1" in - ('u') - echo "user($2)" - echo "group($2)" - # TODO: user:group support - ;; - ('g') - echo "group($2)" - ;; - ('m') - echo "user($2)" - echo "group($3)" - ;; - esac - done -} - -while read fn; do - parse < "$fn" -done diff --git a/SOURCES/triggers.systemd b/SOURCES/triggers.systemd deleted file mode 100644 index 6c57d71..0000000 --- a/SOURCES/triggers.systemd +++ /dev/null @@ -1,89 +0,0 @@ -# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ -# SPDX-License-Identifier: LGPL-2.1-or-later -# -# This file is part of systemd. -# -# Copyright 2018 Neal Gompa - -# The contents of this are an example to be copied into systemd.spec. -# -# Minimum rpm version supported: 4.14.0 - -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system -# This script will run after any package is initially installed or -# upgraded. We care about the case where a package is initially -# installed, because other cases are covered by the *un scriptlets, -# so sometimes we will reload needlessly. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : - %{_bindir}/systemctl reload-or-restart --marked || : -fi - -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system -# On removal, we need to run daemon-reload after any units have been -# removed. -# On upgrade, we need to run daemon-reload after any new unit files -# have been installed, but before %postun scripts in packages get -# executed. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : -fi - -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining services that should be restarted here. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl reload-or-restart --marked || : -fi - -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d -# This script will process files installed in /usr/lib/sysusers.d to create -# specified users automatically. The priority is set such that it -# will run before the tmpfiles file trigger. -if test -d "/run/systemd/system"; then - %{_bindir}/systemd-sysusers || : -fi - -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d -# This script will automatically invoke hwdb update if files have been -# installed or updated in /usr/lib/udev/hwdb.d. -if test -d "/run/systemd/system"; then - %{_bindir}/systemd-hwdb update || : -fi - -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog -# This script will automatically invoke journal catalog update if files -# have been installed or updated in /usr/lib/systemd/catalog. -if test -d "/run/systemd/system"; then - %{_bindir}/journalctl --update-catalog || : -fi - -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d -# This script will automatically apply binfmt rules if files have been -# installed or updated in /usr/lib/binfmt.d. -if test -d "/run/systemd/system"; then - # systemd-binfmt might fail if binfmt_misc kernel module is not loaded - # during install - /usr/lib/systemd/systemd-binfmt || : -fi - -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d -# This script will process files installed in /usr/lib/tmpfiles.d to create -# tmpfiles automatically. The priority is set such that it will run -# after the sysusers file trigger, but before any other triggers. -if test -d "/run/systemd/system"; then - %{_bindir}/systemd-tmpfiles --create || : -fi - -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d -# This script will automatically update udev with new rules if files -# have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - %{_bindir}/udevadm control --reload || : -fi - -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d -# This script will automatically apply sysctl rules if files have been -# installed or updated in /usr/lib/sysctl.d. -if test -d "/run/systemd/system"; then - /usr/lib/systemd/systemd-sysctl || : -fi diff --git a/SOURCES/yum-protect-systemd.conf b/SOURCES/yum-protect-systemd.conf deleted file mode 100644 index 39426d7..0000000 --- a/SOURCES/yum-protect-systemd.conf +++ /dev/null @@ -1,2 +0,0 @@ -systemd -systemd-udev diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec deleted file mode 100644 index 1df35bb..0000000 --- a/SPECS/systemd.spec +++ /dev/null @@ -1,3734 +0,0 @@ -#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa -%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} - -%global stable 1 - -# We ship a .pc file but don't want to have a dep on pkg-config. We -# strip the automatically generated dep here and instead co-own the -# directory. -%global __requires_exclude pkg-config - -%global pkgdir %{_prefix}/lib/systemd -%global system_unit_dir %{pkgdir}/system -%global user_unit_dir %{pkgdir}/user - -%if 0%{?__isa_bits} == 64 -%global elf_bits (64bit) -%global elf_suffix ()%{elf_bits} -%endif - -# Bootstrap may be needed to break intercircular dependencies with -# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. -%bcond_with bootstrap -%bcond_without tests -%bcond_without lto - -# Support for quick builds with rpmbuild --build-in-place. -# See README.build-in-place. -%bcond_with inplace - -%if 0%{?facebook} -%bcond_with selinux -%else -%bcond_without selinux -%endif - -# Remove this when the macro exists in CentOS -%global version_no_tilde %(c=%{version}; echo ${c}|tr '~' '-') - -Name: systemd -Url: https://www.freedesktop.org/wiki/Software/systemd -%if %{without inplace} -Version: 249.4 -Release: 2.12%{?dist} -%else -# determine the build information from local checkout -Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') -Release: 1 -%endif -# For a breakdown of the licensing, see README -License: LGPLv2+ and MIT and GPLv2+ -Summary: System and Service Manager - -# download tarballs with "spectool -g systemd.spec" -%if %{defined commit} -Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -%if 0%{?stable} -Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz -%else -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz -%endif -%endif -# This file must be available before %%prep. -# It is generated during systemd build and can be found in build/src/core/. -Source1: triggers.systemd -Source2: split-files.py -Source3: purge-nobody-user - -# Prevent accidental removal of the systemd package -Source4: yum-protect-systemd.conf - -Source9: 20-yama-ptrace.conf -Source10: systemd-udev-trigger-no-reload.conf -Source11: 20-grubby.install -Source12: systemd-user -Source13: libsystemd-shared.abignore - -Source14: 10-oomd-defaults.conf -Source15: 10-oomd-root-slice-defaults.conf -Source16: 10-oomd-user-service-defaults.conf - -Source21: macros.sysusers -Source22: sysusers.attr -Source23: sysusers.prov -Source24: sysusers.generate-pre.sh - -# Needed for selinux subpackage -Source100: Makefile.selinux -Source101: systemd_hs.te -Source102: systemd_hs.if - -%if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch -%endif - -# Backports of patches from upstream (0000–0499) -# -# Any patches which are "in preparation" upstream should be listed -# here, rather than in the next section. Packit CI will drop any -# patches in this range before applying upstream pull requests. - -%if 0%{?facebook} -Patch0001: 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch -Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch -Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch -Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch -Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch - -# PR 18621: FB variant of quieting "proc: Bad value for 'hidepid'" messages -Patch0006: 18621-fb.patch -%else -# PR 18621: Quiet "proc: Bad value for 'hidepid'" messages -Patch0006: https://github.com/systemd/systemd/pull/18621.patch -%endif - -# PRs to support additional systemd.network and systemd.link features -Patch0007: https://github.com/systemd/systemd/pull/20743.patch -Patch0008: https://github.com/systemd/systemd/pull/20458.patch -Patch0009: https://github.com/systemd/systemd/pull/20472.patch -Patch0010: https://github.com/systemd/systemd/pull/20477.patch -Patch0011: https://github.com/systemd/systemd/pull/20484.patch -Patch0012: https://github.com/systemd/systemd/pull/20489.patch -Patch0013: https://github.com/systemd/systemd/pull/20450.patch -Patch0014: https://github.com/systemd/systemd/pull/20541.patch -Patch0015: https://github.com/systemd/systemd/pull/20729.patch -Patch0016: https://github.com/systemd/systemd/pull/20828.patch -# Part of PR #20892; it was difficult to backport the whole PR -Patch0017: 50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch - -# PR 20875: allow verifying hidden (dot) files again -Patch0018: https://github.com/systemd/systemd/pull/20875.patch - -# PR 20978: serialize bpf device programs across reloads/reexecs -Patch0019: https://github.com/systemd/systemd/pull/20978.patch - -# PR 20676: don't rewrite sysctls that are already set -Patch0020: 20676_cherrypicked.patch - -# PR 21221: Fixes non-deterministic Slice= assignments -Patch0021: 21221.patch - -# PR 21241: fix bpf-foreign cgroup controller realization -Patch0022: 21241.patch - -# PR 20695: Sync if_arp.h with Linux 5.14 -Patch0023: 20695.patch - -%if 0%{?facebook} -# PR 22426: MemoryZSwapMax= to configure memory.zswap.max -Patch0024: 22426-fb.patch -%endif - -# Downstream-only patches (0500–9999) - -# https://github.com/systemd/systemd/pull/17050 -Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch -# Downgrade sysv-generator messages from warning to debug -Patch0502: 0001-sysv-generator-downgrade-log-warning-about-autogener.patch -# Update libfdisk dep version to 2.32.1-26 (has the fix for repart tests to pass) -Patch0503: libfdisk_version_for_centos.patch - -%ifarch %{ix86} x86_64 aarch64 -%global have_gnu_efi 1 -%endif - -BuildRequires: gcc -BuildRequires: gcc-c++ -BuildRequires: coreutils -BuildRequires: libcap-devel -BuildRequires: libmount-devel -BuildRequires: libfdisk-devel >= 2.32.1-26 -BuildRequires: libpwquality-devel -BuildRequires: pam-devel -BuildRequires: libselinux-devel -BuildRequires: audit-libs-devel -%if %{without bootstrap} -BuildRequires: cryptsetup-devel -%endif -BuildRequires: dbus-devel -BuildRequires: /usr/sbin/sfdisk -# /usr/bin/getfacl is needed by test-acl-util -BuildRequires: /usr/bin/getfacl -BuildRequires: libacl-devel -BuildRequires: gobject-introspection-devel -BuildRequires: libblkid-devel -BuildRequires: xz-devel -BuildRequires: xz -BuildRequires: lz4-devel -BuildRequires: lz4 -BuildRequires: bzip2-devel -BuildRequires: libzstd-devel -BuildRequires: libidn2-devel -BuildRequires: libcurl-devel -BuildRequires: kmod-devel -BuildRequires: elfutils-devel -BuildRequires: openssl-devel -BuildRequires: libgcrypt-devel -BuildRequires: libgpg-error-devel -BuildRequires: gnutls-devel -BuildRequires: libmicrohttpd-devel -BuildRequires: libxkbcommon-devel -BuildRequires: iptables-devel -BuildRequires: pkgconfig(tss2-esys) -BuildRequires: pkgconfig(tss2-rc) -BuildRequires: pkgconfig(tss2-mu) -BuildRequires: systemtap-sdt-devel -BuildRequires: libxslt -BuildRequires: docbook-style-xsl -BuildRequires: pkgconfig -BuildRequires: gperf -BuildRequires: gawk -BuildRequires: tree -BuildRequires: hostname -BuildRequires: python3-devel -BuildRequires: python3-lxml -BuildRequires: python3-jinja2 -%if 0%{?have_gnu_efi} -BuildRequires: gnu-efi gnu-efi-devel -%endif -BuildRequires: libseccomp-devel -%if 0%{?el8} -BuildRequires: meson >= 0.57 -%else -BuildRequires: meson >= 0.43 -%endif -BuildRequires: gettext -# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available -BuildRequires: valgrind-devel -BuildRequires: pkgconfig(bash-completion) -BuildRequires: perl -BuildRequires: perl(IPC::SysV) - -Requires(post): coreutils -Requires(post): sed -Requires(post): acl -Requires(post): grep -# systemd-machine-id-setup requires libssl -Requires(post): openssl-libs -Requires(pre): coreutils -Requires: dbus >= 1.9.18 -Requires: %{name}-pam = %{version}-%{release} -Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs = %{version}-%{release} -%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} -%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} -Recommends: diffutils -Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{?_isa} -Provides: /bin/systemctl -Provides: /sbin/shutdown -Provides: syslog -Provides: systemd-units = %{version}-%{release} -Obsoletes: system-setup-keyboard < 0.9 -Provides: system-setup-keyboard = 0.9 -# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 -Obsoletes: systemd-sysv < 206 -%if 0%{?facebook} == 0 -# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: %{name} < 249~~ -Conflicts: initscripts < 9.56.1 -%endif -Provides: systemd-sysv = 206 -%if 0%{?fedora} -Conflicts: fedora-release < 23-0.12 -%endif -Obsoletes: timedatex < 0.6-3 -Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release} -Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release} -Conflicts: %{name}-standalone-sysusers < %{version}-%{release} -Obsoletes: %{name}-standalone-sysusers < %{version}-%{release} - -# Recommends to replace normal Requires deps for stuff that is dlopen()ed -Recommends: libidn2.so.0%{?elf_suffix} -Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} -Recommends: libpcre2-8.so.0%{?elf_suffix} -Recommends: libpwquality.so.1%{?elf_suffix} -Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} - -%if %{with selinux} -# Force the SELinux module to be installed -Requires: %{name}-selinux = %{version}-%{release} -%endif - -%description -systemd is a system and service manager that runs as PID 1 and starts -the rest of the system. It provides aggressive parallelization -capabilities, uses socket and D-Bus activation for starting services, -offers on-demand starting of daemons, keeps track of processes using -Linux control groups, maintains mount and automount points, and -implements an elaborate transactional dependency-based service control -logic. systemd supports SysV and LSB init scripts and works as a -replacement for sysvinit. Other parts of this package are a logging daemon, -utilities to control basic system configuration like the hostname, -date, locale, maintain a list of logged-in users, system accounts, -runtime directories and settings, and daemons to manage simple network -configuration, network time synchronization, log forwarding, and name -resolution. -%if 0%{?stable} -This package was built from the %{version}-stable branch of systemd. -%endif - -%package libs -Summary: systemd libraries -License: LGPLv2+ and MIT -Obsoletes: libudev < 183 -Obsoletes: systemd < 185-4 -Conflicts: systemd < 185-4 -Obsoletes: systemd-compat-libs < 230 -Obsoletes: nss-myhostname < 0.4 -Provides: nss-myhostname = 0.4 -Provides: nss-myhostname%{_isa} = 0.4 -Requires(post): coreutils -Requires(post): sed -Requires(post): grep -Requires(post): /usr/bin/getent - -%description libs -Libraries for systemd and udev. - -%package pam -Summary: systemd PAM module -Requires: %{name} = %{version}-%{release} - -%description pam -Systemd PAM module registers the session with systemd-logind. - -%package rpm-macros -Summary: Macros that define paths and scriptlets related to systemd -BuildArch: noarch - -%description rpm-macros -Just the definitions of rpm macros. - -See -https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd -for information how to use those macros. - -%package devel -Summary: Development headers for systemd -License: LGPLv2+ and MIT -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Provides: libudev-devel = %{version} -Provides: libudev-devel%{_isa} = %{version} -Obsoletes: libudev-devel < 183 -# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153) -Requires: %{name}-pam = %{version}-%{release} - -%description devel -Development headers and auxiliary files for developing applications linking -to libudev or libsystemd. - -%package udev -Summary: Rule-based device node and kernel event manager -License: LGPLv2+ - -Requires: systemd%{?_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -Requires(post): grep -Requires: kmod >= 18-4 -%if 0%{?facebook} == 0 -# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 -Obsoletes: systemd < 245.6-1 -%endif -Provides: udev = %{version} -Provides: udev%{_isa} = %{version} -Obsoletes: udev < 183 - -# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 -Suggests: systemd-bootchart -# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 -Requires: kbd - -# https://bugzilla.redhat.com/show_bug.cgi?id=1753381 -Provides: u2f-hidraw-policy = 1.0.2-40 -Obsoletes: u2f-hidraw-policy < 1.0.2-40 - -%description udev -This package contains systemd-udev and the rules and hardware database -needed to manage device nodes. This package is necessary on physical -machines and in virtual machines, but not in containers. - -%package container -# Name is the same as in Debian -Summary: Tools for containers and VMs -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) -Obsoletes: %{name} < 229-5 -License: LGPLv2+ - -%description container -Systemd tools to spawn and manage containers and virtual machines. - -This package contains systemd-nspawn, machinectl, systemd-machined, -and systemd-importd. - -%package journal-remote -# Name is the same as in Debian -Summary: Tools to send journal events over the network -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ -Requires(pre): /usr/bin/getent -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -Provides: %{name}-journal-gateway = %{version}-%{release} -Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} -Obsoletes: %{name}-journal-gateway < 227-7 - -%description journal-remote -Programs to forward journal entries over the network, using encrypted HTTP, -and to write journal files from serialized journal contents. - -This package contains systemd-journal-gatewayd, -systemd-journal-remote, and systemd-journal-upload. - -%package networkd -Summary: System daemon that manages network configurations -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ - -%description networkd -systemd-networkd is a system service that manages networks. It detects -and configures network devices as they appear, as well as creating virtual -network devices. - -%package resolved -Summary: Network Name Resolution manager -Requires: %{name}%{?_isa} = %{version}-%{release} - -%description resolved -systemd-resolved is a system service that provides network name resolution -to local applications. It implements a caching and validating DNS/DNSSEC -stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. - -%package oomd-defaults -Summary: Configuration files for systemd-oomd -Requires: %{name} = %{version}-%{release} -License: LGPLv2+ -BuildArch: noarch - -%description oomd-defaults -A set of drop-in files for systemd units to enable action from systemd-oomd, -a userspace out-of-memory (OOM) killer. - -%package tests -Summary: Internal unit tests for systemd -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ - -%description tests -"Installed tests" that are usually run as part of the build system. -They can be useful to test systemd internals. - -%if %{with selinux} -%package selinux -Summary: SELinux module for systemd -BuildArch: noarch -BuildRequires: bzip2 -BuildRequires: make -BuildRequires: selinux-policy -BuildRequires: selinux-policy-devel -Requires(post): selinux-policy-base >= %{_selinux_policy_version} -Requires(post): policycoreutils -Requires(post): policycoreutils-python-utils -Requires(pre): libselinux-utils -Requires(post): libselinux-utils - -%description selinux -This package provides the SELinux policy module to ensure systemd -runs properly under an environment with SELinux enabled. -%endif - -%prep -%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 - -%if %{with selinux} -mkdir selinux -cp %SOURCE100 %SOURCE101 %SOURCE102 selinux -%endif - -%build -%define ntpvendor %(source /etc/os-release; echo ${ID}) -%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} - -CONFIGURE_OPTS=( - -Dmode=release - -Dsysvinit-path=/etc/rc.d/init.d - -Drc-local=/etc/rc.d/rc.local - -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' - -Ddns-servers= - -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin - -Dservice-watchdog= - -Ddev-kvm-mode=0666 - -Dkmod=true - -Dxkbcommon=true - -Dblkid=true - -Dfdisk=true - -Dseccomp=true - -Dima=true - -Dselinux=true - -Dapparmor=false - -Dpolkit=true - -Dxz=true - -Dzlib=true - -Dbzip2=true - -Dlz4=true - -Dzstd=true - -Dpam=true - -Dacl=true - -Dsmack=true - -Dopenssl=true - -Dgcrypt=true - -Daudit=true - -Delfutils=true -%if %{without bootstrap} - -Dlibcryptsetup=true -%else - -Dlibcryptsetup=false -%endif - -Delfutils=true - -Dgnutls=true - -Dmicrohttpd=true - -Dlibidn2=true - -Dlibiptc=false - -Dlibcurl=true - -Defi=true - -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false} - -Dtpm=true - -Dtpm2=true - -Dhwdb=true - -Dsysusers=true - -Ddefault-kill-user-processes=false - -Dtests=unsafe - -Dinstall-tests=true - -Dtty-gid=5 - -Dusers-gid=100 - -Dnobody-user=nobody - -Dnobody-group=nobody - -Dcompat-mutable-uid-boundaries=true - -Dsplit-usr=false - -Dsplit-bin=true -%if %{with lto} - -Db_lto=true -%else - -Db_lto=false -%endif - -Db_ndebug=false - -Dman=true - -Dversion-tag=v%{version}-%{release} -%if 0%{?fedora} - -Dfallback-hostname=fedora -%else - -Dfallback-hostname=localhost -%endif - -Ddefault-dnssec=no - -Ddefault-dns-over-tls=opportunistic - # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 - -Ddefault-mdns=no - -Ddefault-llmnr=resolve - -Doomd=true - -Dadm-gid=4 - -Daudio-gid=63 - -Dcdrom-gid=11 - -Ddialout-gid=18 - -Ddisk-gid=6 - -Dinput-gid=104 # https://pagure.io/setup/pull-request/27 - -Dkmem-gid=9 - -Dkvm-gid=36 - -Dlp-gid=7 - -Drender-gid=105 # https://pagure.io/setup/pull-request/27 - -Dsgx-gid=106 # https://pagure.io/setup/pull-request/27 - -Dtape-gid=33 - -Dtty-gid=5 - -Dusers-gid=100 - -Dutmp-gid=22 - -Dvideo-gid=39 - -Dwheel-gid=10 - -Dsystemd-journal-gid=190 - -Dsystemd-network-uid=192 - -Dsystemd-resolve-uid=193 - # -Dsystemd-timesync-uid=, not set yet - # Need to set this for CentOS build - -Ddocdir=%{_pkgdocdir} - # CentOS is missing newer deps required to include these - # But also these aren't as relevant for the hyperscale use case - -Dp11kit=false - -Duserdb=false - -Dhomed=false - -Dpwquality=false - -Dqrencode=false - -Dlibfido2=false - # Old version of PAM might not support files in /usr/lib/pam.d/ so - # stick with the old /etc/pam.d - -Dpamconfdir=/etc/pam.d - # Standalone binaries are only relevant on non-systemd systems - -Dstandalone-binaries=false -) - -%if 0%{?facebook} -CONFIGURE_OPTS+=( - -Dntp-servers='1.ntp.vip.facebook.com 2.ntp.vip.facebook.com 3.ntp.vip.facebook.com 4.ntp.vip.facebook.com' - -Ddns-servers='10.127.255.51 10.191.255.51 2401:db00:eef0:a53:: 2401:db00:eef0:b53::' - -Dsupport-url='https://www.facebook.com/groups/systemd.and.friends/' - -Dcontainer-uid-base-min=10485760 -) -%endif - -%if %{without lto} -%global _lto_cflags %nil -%endif - -export LANG=en_US.UTF-8 -export LC_ALL=en_US.UTF-8 -# Do configuration. If doing an inplace build, try to do -# reconfiguration to pick up new options. -%if %{with inplace} - command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } - - [ -e %{_vpath_builddir}/build.ninja ] && - %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || -%endif -{ %meson "${CONFIGURE_OPTS[@]}"; } - -%meson_build - -new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh -if ! diff -u %{SOURCE1} ${new_triggers}; then - echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" - echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" - sleep 5 -fi - -%if %{with selinux} -cd selinux -%{__make} -f Makefile.selinux SHARE="%{_datadir}" TARGETS="systemd_hs" -%endif - -%install -export LANG=en_US.UTF-8 -export LC_ALL=en_US.UTF-8 -%meson_install - -# udev links -mkdir -p %{buildroot}/%{_sbindir} -ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm - -# Compatiblity and documentation files -touch %{buildroot}/etc/crypttab -chmod 600 %{buildroot}/etc/crypttab - -# /etc/sysctl.conf compat -ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf - -# Make sure these directories are properly owned -mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants -mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants -mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants -mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants -mkdir -p %{buildroot}/run -mkdir -p %{buildroot}%{_localstatedir}/log -touch %{buildroot}/run/utmp -touch %{buildroot}%{_localstatedir}/log/{w,b}tmp - -# Make sure the user generators dir exists too -mkdir -p %{buildroot}%{pkgdir}/system-generators -mkdir -p %{buildroot}%{pkgdir}/user-generators - -# Create new-style configuration files so that we can ghost-own them -touch %{buildroot}%{_sysconfdir}/hostname -touch %{buildroot}%{_sysconfdir}/vconsole.conf -touch %{buildroot}%{_sysconfdir}/locale.conf -touch %{buildroot}%{_sysconfdir}/machine-id -touch %{buildroot}%{_sysconfdir}/machine-info -touch %{buildroot}%{_sysconfdir}/localtime -mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d -touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf - -# Make sure the shutdown/sleep drop-in dirs exist -mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ -mkdir -p %{buildroot}%{pkgdir}/system-sleep/ - -# Make sure directories in /var exist -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger -mkdir -p %{buildroot}%{_localstatedir}/lib/private -mkdir -p %{buildroot}%{_localstatedir}/log/private -mkdir -p %{buildroot}%{_localstatedir}/cache/private -mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync -ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload -mkdir -p %{buildroot}%{_localstatedir}/log/journal -touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database -touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin -touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed -touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock -touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state - -# Install yum protection fragment -install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf - -# Restore systemd-user pam config from before "removal of Fedora-specific bits" -install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} - -# Install additional docs -# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 -install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} - -# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ -install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} - -# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ -cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || : - -# FIXME: move to %postun. We want to restart systemd *after* removing -# files from the old rpm. Right now we may still have bits the old -# setup if the files are not present in the new version. But before -# implement restarting of *other* services after the transaction, moving -# this would make things worse, increasing the number of warnings we get -# about needed daemon-reload. - -oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) - -systemctl daemon-reexec &>/dev/null || { - # systemd v239 had bug #9553 in D-Bus authentication of the private socket, - # which was later fixed in v240 by #9625. - # - # The end result is that a `systemctl daemon-reexec` call as root will fail - # when upgrading from systemd v239, which means the system will not start - # running the new version of systemd after this post install script runs. - # - # To work around this issue, let's fall back to using a `kill -TERM 1` to - # re-execute the daemon when the `systemctl daemon-reexec` call fails. - # - # In order to prevent issues when the reason why the daemon-reexec failed is - # not the aforementioned bug, let's only use this fallback when: - # - we're upgrading this RPM package; and - # - we confirm that systemd is running as PID1 on this system. - if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then - kill -TERM 1 &>/dev/null || : - fi -} - -if [ "$oomd_state" == "active" ]; then - systemctl start -q systemd-oomd 2>/dev/null || : -fi - -[ $1 -eq 1 ] || exit 0 - -# create /var/log/journal only on initial installation, -# and only if it's writable (it won't be in rpm-ostree). -[ -w %{_localstatedir} ] && mkdir -p %{_localstatedir}/log/journal - -[ -w %{_localstatedir} ] && journalctl --update-catalog || : -systemd-sysusers || : -systemd-tmpfiles --create &>/dev/null || : - -# We reset the enablement of all services upon initial installation -# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 -# This will fix up enablement of any preset services that got installed -# before systemd due to rpm ordering problems: -# https://bugzilla.redhat.com/show_bug.cgi?id=1647172. -# We also do this for user units, see -# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. -systemctl preset-all &>/dev/null || : -systemctl --global preset-all &>/dev/null || : - -%postun -if [ $1 -eq 1 ]; then - [ -w %{_localstatedir} ] && journalctl --update-catalog || : - systemd-tmpfiles --create &>/dev/null || : -fi - -%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service - -# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec - -%triggerpostun -- systemd < 247.3-2 -# This is for upgrades from previous versions before oomd-defaults is available. -# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with -# a different package version. -systemctl --no-reload preset systemd-oomd.service &>/dev/null || : - -%post libs -%{?ldconfig} - -function mod_nss() { - if [ -f "$1" ] ; then - # Add nss-systemd to passwd and group - grep -E -q '^(passwd|group):.* systemd' "$1" || - sed -i.bak -r -e ' - s/^(passwd|group):(.*)/\1:\2 systemd/ - ' "$1" &>/dev/null || : - fi -} - -FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" -if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then - mod_nss "/etc/authselect/user-nsswitch.conf" - authselect apply-changes &> /dev/null || : -else - mod_nss "$FILE" - # also apply the same changes to user-nsswitch.conf to affect - # possible future authselect configuration - mod_nss "/etc/authselect/user-nsswitch.conf" -fi - -# check if nobody or nfsnobody is defined -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 -if getent passwd nfsnobody &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -fi - -%{?ldconfig:%postun libs -p %ldconfig} - -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service - -%post udev -# Move old stuff around in /var/lib -mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null -mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null -if [ -L %{_localstatedir}/lib/systemd/timesync ]; then - rm %{_localstatedir}/lib/systemd/timesync - mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync -fi -if [ -f %{_localstatedir}/lib/systemd/clock ] ; then - mkdir -p %{_localstatedir}/lib/systemd/timesync - mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. -fi - -udevadm hwdb --update &>/dev/null - -%systemd_post %udev_services - -# Try to save the random seed, but don't complain if /dev/urandom is unavailable -/usr/lib/systemd/systemd-random-seed save 2>&1 | \ - grep -v 'Failed to open /dev/urandom' || : - -# Replace obsolete keymaps -# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 -grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && - sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : - -%preun udev -%systemd_preun %udev_services - -%postun udev -# Restart some services. -# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service - -%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service -%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket -%post journal-remote -%systemd_post %journal_remote_units_restart %journal_remote_units_norestart - -%preun journal-remote -%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart -if [ $1 -eq 1 ] ; then - if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then - mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload - mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. - rmdir %{_localstatedir}/lib/systemd/journal-upload || : - fi -fi - -%postun journal-remote -%systemd_postun_with_restart %journal_remote_units_restart - -%post networkd -# systemd-networkd was split out in systemd-246.6-2. -# Ideally, we would have a trigger scriptlet to record enablement -# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS, -# rpm doesn't allow us to trigger on another package, short of -# querying the rpm database ourselves, which seems risky. For rpm, -# systemd and systemd-networkd are completely unrelated. So let's use -# a hack to detect if an old systemd version is currently present in -# the file system. -# https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then - echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." -else - %systemd_post systemd-networkd.service systemd-networkd-wait-online.service -fi - -%preun networkd -%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service - -%preun resolved -if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : -fi - -%post resolved -[ $1 -gt 1 ] && exit 0 - -# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then - echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." - exit 0 -fi - -%systemd_post systemd-resolved.service - -# Create /etc/resolv.conf symlink. -# We would also create it using tmpfiles, but let's do this here -# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above -# does not do this, because it's marked with ! and we don't specify --boot.) -# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 -# -# If systemd is not running, don't overwrite the symlink because that -# will immediately break DNS resolution, since systemd-resolved is -# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). -# -# Also don't create the symlink to the stub when the stub is disabled (#1891847 again). -if test -d /run/systemd/system/ && - systemctl -q is-enabled systemd-resolved.service &>/dev/null && - ! mountpoint /etc/resolv.conf &>/dev/null && - ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \ - grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf -fi - -%if %{with selinux} -%pre selinux -%selinux_relabel_pre - -%post selinux -%selinux_modules_install %{_datadir}/selinux/packages/systemd_hs.pp.bz2 -%selinux_relabel_post - -%posttrans selinux -%selinux_relabel_post - -%postun selinux -%selinux_modules_uninstall systemd_hs - -if [ $1 -eq 0 ]; then - %selinux_relabel_post -fi -%endif - -%global _docdir_fmt %{name} - -%files -f %{name}.lang -f .file-list-rest -%doc %{_pkgdocdir} -%exclude %{_pkgdocdir}/LICENSE.* -%license LICENSE.GPL2 LICENSE.LGPL2.1 -%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants -%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd - -%files libs -f .file-list-libs -%license LICENSE.LGPL2.1 - -%files pam -f .file-list-pam - -%files rpm-macros -f .file-list-rpm-macros - -%files resolved -f .file-list-resolve - -%files devel -f .file-list-devel - -%files udev -f .file-list-udev - -%files container -f .file-list-container - -%files journal-remote -f .file-list-remote - -%files networkd -f .file-list-networkd - -%files oomd-defaults -f .file-list-oomd-defaults - -%files tests -f .file-list-tests - -%if %{with selinux} -%files selinux -%{_datadir}/selinux/devel/include/contrib/systemd_hs.if -%{_datadir}/selinux/packages/systemd_hs.pp.bz2 -%endif - -%changelog -* Wed Feb 09 2022 Anita Zhang - 249.4-2.12 -- Backport PR #20695: Sync if_arp.h with Linux 5.14 -- FB-only backport PR #22426: MemoryZSwapMax= to configure memory.zswap.max - -* Tue Nov 30 2021 Anita Zhang - 249.4-2.11 -- Backport PR #21241: fix bpf-foreign cgroup controller realization - -* Tue Nov 30 2021 Anita Zhang - 249.4-2.10 -- Re-enable fdisk and repart since util-linux-2.32.1-26 in C8s has the fix - it needs for tests to pass. - -* Wed Nov 24 2021 Davide Cavalca - 249.4-2.9 -- Disable legacy iptables support - -* Thu Nov 11 2021 Anita Zhang - 249.4-2.8 -- Remove revert_d219a2b07cc5dc8ffd5010f08561fab2780d8616.patch and replace with - proper fix (PR #21221) - -* Wed Nov 10 2021 Anita Zhang - 249.4-2.7 -- Add meson >= 0.57 for el8 builds. This version uses python 3.8. - -* Wed Oct 20 2021 Anita Zhang - 249.4-2.6 -- Revert d219a2b because it creates non-determinisitic Slice= assignments - -* Mon Oct 11 2021 Anita Zhang - 249.4-2.5 -- Remove duplicate Address= properties in network configs (part of PR #20892) -- Serialize bpf device programs across reloads/reexecs (PR #20978) -- Don't rewrite sysctls that are already set (PR #20676) - -* Wed Oct 06 2021 Davide Cavalca - 249.4-2.4 -- Drop qrencode-devel from BuildRequires as it's not actually used - -* Wed Sep 29 2021 Anita Zhang - 249.4-2.3 -- Fix to allow verifying hidden (dot) files again (PR #20875) - -* Fri Sep 24 2021 Anita Zhang - 249.4-2.2 -- Backport more feature support for systemd-networkd - (#20450, #20541, #20729, #20828) - -* Wed Sep 22 2021 Anita Zhang - 249.4-2.1 -- Sync changes from Fedora -- Backport one more feature for systemd-networkd (#20489) - -* Mon Sep 20 2021 Anita Zhang - 249.4-1.1 -- New stable point release -- Backport optimization for read_virtual_file() (#20743) -- Backport new features for systemd-networkd (#20743, #20472, #20477, #20484) - -* Tue Sep 14 2021 Sahana Prasad -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 -- Latest bugfix release: various fixes for systemd-networkd, - systemd-resolved, systemd, systemd-boot. -- Backport of macros to restart systemd user units (#1993244) - -* Fri Aug 6 2021 Zbigniew Jędrzejewski-Szmek - 249.3-1 -- Latest bugfix release: improved compatibility with latest glibc, - various small documentation fixes, and fixes for systemd-networkd bridging, - other minor fixes. -- systemctl set-property accepts glob patterns now (#1986258) - -* Thu Jul 29 2021 Anita Zhang - 249.2-1.2 -- Remove Obsoletes lines on systemd-resolved and systemd-networkd since we don't - want to install these by default. - -* Wed Jul 28 2021 Anita Zhang - 249.2-1.1 -- New release for 249 -- Drop merged patches -- Split networkd and resolved into their own subpackages. - -* Tue Jul 27 2021 Davide Cavalca - 248.5-1.3 -- Add missing SELinux rules for the GNOME and KDE LiveDVD spins - (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/7) - -* Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 -- Latest bugfix release (a minor hwdb regression bugfix, and correction - to kernel commandline handling when reexecuting PID 1 in a container) - -* Fri Jul 23 2021 Michael Catanzaro - 249.2-1 -- Build with -Ddefault-dns-over-tls=opportunistic - (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) - -* Wed Jul 21 2021 Davide Cavalca - 248.5-1.2 -- Add missing SELinux rules for 248 - (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1) - -* Wed Jul 21 2021 Anita Zhang - 248.5-1.1 -- Update to systemd-stable 248.5 (includes fix for CVE-2021-33910) - -* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 248.5-1 -- Various minor documentation and correctness fixes. -- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to - crash systemd and cause the system to reboot by creating a very long - fuse mountpoint path. - -* Mon Jul 12 2021 Zbigniew Jędrzejewski-Szmek - 248.4-1 -- Assorted fixes (some systemd-resolved crashes, invalid - systemd-tmpfiles assertion, etc.) -- systemd-networkd workaround for TALOS-2020-1142, CVE-2020-13529. -- A big update of hardware descriptions. - -* Wed Jul 7 2021 Neal Gompa - 249-2 -- Use correct NEWS URLs for systemd 249 releases in changelog entries - -* Wed Jul 7 2021 Zbigniew Jędrzejewski-Szmek - 249-1 -- Latest upstream release with minor bugfixes, see - https://github.com/systemd/systemd/blob/v249/NEWS. -- systemd-oomd cpu usage is reduced (#1944646) - -* Thu Jul 1 2021 Zbigniew Jędrzejewski-Szmek - 249~rc3-1 -- Latest upstream prerelease with various bugfixes, see - https://github.com/systemd/systemd/blob/v249-rc3/NEWS. - -* Fri Jun 25 2021 Zbigniew Jędrzejewski-Szmek - 249~rc2-1 -- Latest upstream prerelease with various bugfixes, see - https://github.com/systemd/systemd/blob/v249-rc2/NEWS. -- Ignore FORCERENEW DHCP packets (TALOS-2020-1142, CVE-2020-13529, #1959398) - -* Thu Jun 17 2021 Adam Williamson - 249~rc1-2 -- Stop systemd providing systemd-resolved, now the subpackage exists (#1973462) - -* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v249-rc1/NEWS. - Fixes #1963428. -- Use systemd-sysusers to create users (#1965815) -- Move systemd-resolved into systemd-resolved subpackage (#1923727) - [patch from Petr Menšík] - -* Mon Jun 14 2021 Anita Zhang - 248.2-1.5 -- Remove backport PR #19811 since it's still buggy -- Remove d586f642fd90e3bb378f7b6d3e3a64a753e51756 to fix rate limiting instead - (at least until sd-event rate limiting is fixed in 249). - -* Thu Jun 10 2021 Anita Zhang - 248.2-1.4 -- Backport PR #19811 to fix issues with mount sd-event rate limiting - -* Wed May 19 2021 Davide Cavalca - 248.2-1.3 -- Add BuildRequires for python-jinja2 in preparation for 249 (see PR#19630) - -* Mon May 17 2021 Davide Cavalca - 248.2-1.2 -- Add systemd-oomd-defaults subpackage from Fedora - -* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 -- A fix for resolved crashes (#1946386, #1960227, #1950241) -- Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. - -* Mon May 10 2021 Anita Zhang - 248.2-1.1 -- New release for 248 -- Drop patches merged in 248.2 -- FB only backport PR #13496 (Extend bpf cgroup program support) - -* Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 -- Pull in some more patches from upstream (#1944646, #1885090, #1941340) -- Adjust modes of some %%ghost files (#1956059) - -* Thu May 6 2021 Zbigniew Jędrzejewski-Szmek - 248.1-1 -- Latest stable version: a long list of minor correctness fixes all around - (#1955475, #911766, #1958167, #1952919) -- Enable tpm2-tss dependency (#1949505) - -* Wed Apr 14 2021 Anita Zhang - 247.3-10 -- Remove systemd-resolved enablement - -* Wed Apr 7 2021 Davide Cavalca - 247.3-9 -- Reenable LTO now that binutils has been fixed -- Update FB configure options - -* Tue Apr 6 2021 Adam Williamson - 248-2 -- Re-enable resolved caching, we hope all major bugs are resolved now - -* Thu Apr 1 2021 Davide Cavalca - 247.3-8 -- Backport https://github.com/SELinuxProject/refpolicy/pull/308 to fix - systemd-hostnamed and systemd-localed when SELinux is enabled. - -* Thu Apr 1 2021 Anita Zhang - 247.3-7 -- Downgrade sysv-generator warning even more (to debug) - -* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 -- Latest upstream release, see - https://github.com/systemd/systemd/blob/v248/NEWS. -- The changes since -rc4 are rather small, various fixes all over the place. - A fix to how systemd-oomd selects a candidate to kill, and more debug logging - to make this more transparent. - -* Wed Mar 31 2021 Anita Zhang - 247.3-6 -- Backport PR#18621 (Ignore attempts at hidepid and subset for older kernels) -- Downgrade sysv-generator warning about missing native systemd unit - -* Wed Mar 31 2021 Davide Cavalca - 247.3-5 -- Add selinux subpackage - -* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 -- Increase oomd user memory pressure limit to 50% (#1941170) - -* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 -- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service - on upgrades from before systemd-networkd was split out (#1943263) -- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) - -* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 -- Revert patch that seems to cause problems with dns resolution - (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) - -* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 -- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) -- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) - (But note that the disablement of caching added previously is - retained until we can do more testing.) -- Minor fix to interface naming by udev -- Fix for systemd-repart --size - -* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 -- Disable resolved cache via config snippet (#1940715) - -* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc4/NEWS. -- A bunch of documentation updates, and correctness fixes. - -* Wed Mar 17 2021 Anita Zhang - 247.3-4 -- Backport PR #18955 (Fixes fstab parsing) -- FB only backport PR #18886 (systemd-shutdown logs to /dev/console not stderr) -- Reenable tests by disabling LTO (work around binutils bug) - -* Tue Mar 16 2021 Adam Williamson - 248~rc3-2 -- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) - -* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc3-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc3/NEWS. -- A bunch of documentation updates, correctness fixes, and systemd-networkd - features. -- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. - -* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 -- Fix crash in pid1 during daemon-reexec (#1931034) - -* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 -- Fix stub resolver CNAME chain resolving (#1933433) - -* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 -- Don't set the fallback hostname to Fedora on non-Fedora OSes - -* Wed Feb 24 2021 Davide Cavalca - 247.3-3 -- Remove careinversion usage to make the package usable on older mock versions - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 -- Latest upstream prelease, just a bunch of small fixes. -- Fixes #1931957. - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 -- Rebuild with the newest scriptlets - -* Fri Feb 19 2021 Davide Cavalca - 247.3-2 -- Disable some tests to workaround a binutils bug triggered by enabling audit -- Refresh patches - -* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 -- Increase oomd user memory pressure limit to 10% (#1929856) - -* Wed Feb 17 2021 Anita Zhang - 247.3-1 -- New release for 247 -- Backport PR #18211 (Fixes ExecCondition= dependency bug) -- Backport PR #17872 (Fixes PrivateUsers=yes with other sandboxing properties) -- FB only backport PR #17495 (Fixes BPF pinning post-coldplug) -- Reenable audit support - -* Sun Feb 7 2021 Davide Cavalca - 246.1-2 -- Initial Hyperscale SIG package -- Update release to use %%dist macro -- Drop el7 logic -- Explicitly default non-FB built to the legacy hierarchy -- Drop no longer needed FB FusionIO patch -- Temporarily disable audit support while debugging a link issue - -* Fri Feb 5 2021 Anita Zhang - 247.3-2 -- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. -- Backports consist primarily of PR #18361, #18444, and #18401 (plus some - additional ones to handle merge conflicts). -- Create systemd-oomd-defaults subpackage to install unit drop-ins that will - configure systemd-oomd to monitor and act. - -* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 -- Minor stable release -- Fixes #1895937, #1813219, #1903106. - -* Wed Jan 27 2021 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Mon Jan 25 2021 Anita Zhang - 246.1-1.fb6 -- Backport PR #16803 to fix ConditionEnvironment= - -* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 -- Fix bfq patch again (#1813219) - -* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 -- Add patch to enable crypttab to support disabling of luks read and - write workqueues (corresponding to - https://github.com/systemd/systemd/pull/18062/). - -* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 -- Minor stable release -- Fixes #1908071. - -* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 -- Rebuild with fallback hostname change reverted. - -* Fri Dec 4 2020 Bastien Nocera - 247.1-2 -- Unset fallback-hostname as plenty of applications expected localhost - to mean "default hostname" without ever standardising it (#1892235) - -* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 -- Latest stable release -- Fixes #1902819. -- Files to configure networking with systemd-networkd in a VM or container are - moved to systemd-networkd subpackage. (They were previously in the -container - subpackage, which is for container/VM management.) - -* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 -- Update to the latest version -- #1900878 should be fixed - -* Thu Nov 19 2020 Chris Down - 246.1-1.fb5 -- Updated version of PR #17495 to fix program leak - -* Thu Nov 19 2020 Chris Down - 246.1-1.fb4 -- Backport PR #17495 to fix BPF program lifecycle -- Backport PR #17422 to clean up cgroups more reliably after exit -- Backport PR #17497 to add FixedRandomDelay= support - -* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 -- New upstream pre-release. See - https://github.com/systemd/systemd/blob/v247-rc1/NEWS. - Many smaller and bigger improvements and features are introduced. - (#1885101, #1890632, #1879216) - - A backwards-incompatible change affects PCI network devices which - are connected through a bridge which is itself associated with a - slot. When more than one device was associated with the same slot, - one of the devices would pseudo-randomly get named after the slot. - That name is now not generated at all. This changed behaviour is - causes the net naming scheme to be changed to "v247". To restore - previous behaviour, specify net.naming-scheme=v245. - - systemd-oomd is built, but should not be considered "production - ready" at this point. Testing and bug reports are welcome. - -* Wed Sep 30 2020 Dusty Mabe - 246.6-3 -- Try to make files in subpackages (especially the networkd subpackage) - more appropriate. - -* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 -- Build a package with standalone binaries for non-systemd systems. - For now, only systemd-sysusers is included. - -* Thu Sep 24 2020 Christian Glombek - 246.6-2 -- Split out networkd sub-package and add to main package as recommended dependency - -* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 -- Update to latest stable release (various minor fixes: manager, - networking, bootct, kernel-install, systemd-dissect, systemd-homed, - fstab-generator, documentation) (#1876905) -- Do not fail in test because of kernel bug (#1803070) - -* Fri Sep 18 2020 Anita Zhang - 246.1-1.fb3 -- Backport PR #16838 and #16857 to improve $PATH handling -- Backport PR #16940 to fix ECONN handling in sockets -- Backport PR #17031 to fix rate limiting on units in restart loop -- Backport PR #17082 to get nspawn TTY tweaks - -* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 -- Update to latest stable release (a bunch of small network-related - fixes in systemd-networkd and socket handling, documentation updates, - a bunch of fixes for error handling). -- Also remove existing file when creating /etc/resolv.conf symlink - upon installation (#1873856 again) - -* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 -- Update to latest stable version: a rework of how the unit cache mtime works - (hopefully #1872068, #1871327, #1867930), plus various fixes to - systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, - systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for - instantiated units, documentation and shell completions. -- Create /etc/resolv.conf symlink upon installation (#1873856) -- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable - mdns by default in systemd-resolved (#1867830) - -* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 -- Update to bugfix version (some networkd fixes, minor documentation - fixes, relax handling of various error conditions, other fixlets for - bugs without bugzilla numbers). - -* Tue Aug 18 2020 Anita Zhang - 246.1-1.fb2 -- Gate "Obsoletes: systemd < 245.6-1" out due to dependency issues on Facebook - systems - -* Mon Aug 17 2020 Anita Zhang - 246.1-1.fb1 -- Facebook rebuild -- Don't compile in systemd-repart (needs libfdisk >= 2.33 and C8 has 2.32) -- Remove unused systemd-journal-remote.xml and systemd-journal-gatewayd.xml - files since we never used firewalld - -* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 -- A few minor bugfixes -- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so - that systemd-resolved can take over the management of the symlink. - -* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 -- Update to released version. Only some minor bugfixes since the pre-release. - -* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 -- Make /tmp be 50% of RAM again (#1856514) -- Re-run 'systemctl preset systemd-resolved' on upgrades. - /etc/resolv.conf is not modified, by a hint is emitted if it is - managed by NetworkManager. - -* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 -- New pre-release with incremental fixes - (#1856037, #1858845, #1856122, #1857783) -- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR - and mDNS support in resolve-only mode by default). - See https://fedoraproject.org/wiki/Changes/systemd-resolved. - -* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 -- New upstream release, see - https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. - - This release includes many new unit settings, related inter alia to - cgroupsv2 freezer support and cpu affinity, encryption and verification. - systemd-networkd has a ton of new functionality and many other tools gained - smaller enhancements. systemd-homed gained FIDO2 support. - - Documentation has been significantly improved: sd-bus and sd-hwdb - libraries are now fully documented; man pages have been added for - the D-BUS APIs of systemd daemons and various new interfaces. - - Closes #1392925, #1790972, #1197886, #1525593. - -* Wed Jun 24 2020 Bastien Nocera - 245.6-3 -- Set fallback-hostname to fedora so that unset hostnames are still - recognisable (#1392925) - -* Fri Jun 5 2020 Anita Zhang - 245.5-2.fb3 -- Backport 156a5fd to mitigate CVE-2020-13776 - -* Thu Jun 4 2020 Anita Zhang - 245.5-2.fb2 -- Revert c7d26ac which is causing SMI count to go up leading to increased - microstalls during Chef runs - -* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 -- Add self-obsoletes to fix upgrades from F31 - -* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 -- Update to latest stable version (some documentation updates, minor - memory correctness issues) (#1815605, #1827467, #1842067) - -* Thu Apr 30 2020 Anita Zhang - 245.5-2.fb1 -- Facebook rebuild -- Don't compile in systemd-homed, systemd-userdb, and p11kit -- Backport PR #15544 and #15551 (drops FB rlimit_memlock patch) - -* Tue Apr 21 2020 Björn Esser - 245.5-2 -- Add explicit BuildRequires: acl -- Bootstrapping for json-c SONAME bump - -* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 -- Update to latest stable version (#1819313, #1815412, #1800875) - -* Thu Apr 16 2020 Björn Esser - 245.4-2 -- Add bootstrap option to break circular deps on cryptsetup - -* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 -- Update to latest stable version (#1814454) - -* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 -- Update to latest stable version (no issue that got reported in bugzilla) - -* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 -- Update to latest stable version (a few bug fixes for random things) (#1798776) - -* Wed Mar 18 2020 Andrew Gallagher - 244-2.fb4 -- Bump HIGH_RLIMIT_MEMLOCK to 512M - -* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 -- Update to latest version (#1807485) - -* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 -- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) -- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) -- Move systemd-bless-boot.service and systemd-boot-system-token.service to - systemd-udev subpackage (#1807462) -- Move a bunch of other services to systemd-udev: - systemd-pstore.service, all fsck-related functionality, - systemd-volatile-root.service, systemd-verity-setup.service, and a few - other related files. -- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) -- Fix namespace-related failure when starting systemd-homed (#1807465) and - group lookup failure in nss_systemd (#1809147) -- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines - (#1716164) -- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) - -* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 -- Update daemon-reexec fallback to check whether the system is booted with - systemd as PID 1 and check whether we're upgrading before using kill -TERM - on PID 1 (#1803240) - -* Thu Feb 20 2020 Filipe Brandenburger - 244-2.fb3 -- Only kill -TERM 1 when systemd is actually running. - -* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 -- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) - -* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 -- Add default 'disable *' preset for user units (#1792474, #1468501), - see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. -- Add macro to generate "compat" scriptlets based off sysusers.d format - and autogenerate user() and group() virtual provides (#1792462), - see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. -- Revert patch to udev rules causing regression with usb hubs (#1800820). - -* Thu Feb 6 2020 Anita Zhang - 244-2.fb2 -- Backport PR#14815 (Permissive syscall filtering in dbus-execute) - -* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 -- New upstream release, see - https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. - - This release includes completely new functionality: systemd-repart, - systemd-homed, user reconds in json, and multi-instantiable - journald, and a partial rework of internal communcation to use - varlink, and bunch of more incremental changes. - - The "predictable" interface name naming scheme is changed, - net.naming-scheme= can be used to undo the change. The change applies - to container interface names on the host. - -- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. - -* Fri Jan 31 2020 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Jan 9 2020 Anita Zhang - 244-2.fb1 -- Facebook rebuild -- Backport PR#13823 (PrivateUsers=true for unprivileged user managers) -- Backport PR#14441 (Fix type.d drop-in ordering) - -* Sat Dec 21 2019 - 244.1-2 -- Disable service watchdogs (for systemd units) - -* Sun Dec 15 2019 - 244.1-1 -- Update to latest stable batch (systemd-networkd fixups, better - support for seccomp on s390x, minor cleanups to documentation). -- Drop patch to revert addition of NoNewPrivileges to systemd units - -* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 -- Update to latest version. Just minor bugs fixed since the pre-release. - -* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 -- Update to latest pre-release version, - see https://github.com/systemd/systemd/blob/master/NEWS#L3. - Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, - systemd-networkd does not create a default route for link local addressing, - systemd-networkd supports dynamic reconfiguration and a bunch of new settings. - Network files support matching on WLAN SSID and BSSID. -- Better error messages when preset/enable/disable are used with a glob (#1763488) -- u2f-hidraw-policy package is obsoleted (#1753381) - -* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 -- Latest bugfix release. Systemd-stable snapshots will now be numbered. -- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) -- systemd-modules-load.service should only warn, not fail, on error (#1254340) -- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, - CVE-2018-21029) -- Fix regression with crypttab keys with colons -- Various memleaks and minor memory access issues, warning adjustments - -* Thu Oct 31 2019 Davide Cavalca - 243-2.fb3 -- Backport PR#13754 (allow restart for oneshot units) -- Misc specfiles fixes to support building on el8 as well -- Default el8 builds to the unified hierarchy - -* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 -- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) - -* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 -- Various minor documentation and error message cleanups -- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) - -* Wed Oct 2 2019 Davide Cavalca - 243-2.fb2 -- Backport PR#13689 (a bunch of protection-related fixes) - -* Fri Sep 27 2019 Davide Cavalca - 243-2.fb1 -- Facebook rebuild -- drop "use bfq as the default scheduler" patch -- backport PR#13369 (ExecXYZEx= bus hook ups) -- disable udev-test.pl for now due to flakiness - -* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 -- Backport a bunch of patches (memory access issues, improvements to error - reporting and handling in networkd, some misleading man page contents #1751363) -- Fix permissions on static nodes (#1740664) -- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts -- Fix one crash in systemd-resolved (#1703598) -- Make journal catalog creation reproducible (avoid unordered hashmap use) -- Mark the accelerometer in HP laptops as part of the laptop base -- Fix relabeling of directories with relabel-extra.d/ -- Fix potential stuck noop jobs in pid1 -- Obsolete timedatex package (#1735584) - -* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 -- Update to latest release -- Emission of Session property-changed notifications from logind is fixed - (this was breaking the switching of sessions to and from gnome). -- Security issue: unprivileged users were allowed to change DNS - servers configured in systemd-resolved. Now proper polkit authorization - is required. - -* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 -- Backport PR #13406 to solve PATH ordering issue (#1744059) - -* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 -- Update to latest pre-release. Fixes #1740113, #1717712. -- The default scheduler for disks is set to BFQ (1738828) -- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). - Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. - See https://fedoraproject.org/wiki/Changes/CGroupsV2. - -* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 -- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) - -* Wed Aug 7 2019 Anita Zhang - 242-2.fb4 -- Backport PR#12933 (core: ExecCondition= for services) -- Backport PR#13096 (Preparatory work for the unit loading rework) -- Backport PR#13119 (Rework unit loading to take into account all aliases) - -* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 -- Update to latest version (#1715699, #1696373, #1711065, #1718192) - -* Sat Jul 27 2019 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 -- Ignore bad rdrand output on AMD CPUs (#1729268) -- A bunch of backported patches from upstream: documentation, memory - access fixups, command output tweaks (#1708996) - -* Thu Jul 18 2019 Anita Zhang - 242-2.fb3 -- Backport PR#12346 (make sure accept_flush() doesn't hang on EOPNOTSUPP) -- Backport PR#12979 (add SystemCallErrorNumber=EPERM to systemd-portabled.service) - -* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 -- Rebuilt (libqrencode.so.4) - -* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 -- Rebuilt for iptables update (libip4tc.so.2) - -* Thu Jun 20 2019 Anita Zhang - 242-2.fb2 -- Backport PR#11778 (ExecStartXYZEx= dbus support) -- Backport PR#12729 (nspawn: don't hard fail when setting capabilities) -- Backport PR#12745 (IPAddressXYZ="any" for users with CAP_NET_ADMIN) - -* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 -- Add symbol to mark vtable format changes (anything using sd_add_object_vtable - or sd_add_fallback_vtable needs to be rebuilt) -- Fix wireguard ListenPort handling in systemd-networkd -- Fix hang in flush_accept (#1702358) -- Fix handling of RUN keys in udevd -- Some documentation and shell completion updates and minor fixes - -* Thu Apr 25 2019 Davide Cavalca - 242-2.fb1 -- Facebook rebuild -- Backport PR#12336 (support DisableControllers= for transient units) - -* Tue Apr 16 2019 Adam Williamson - 242-2 -- Rebuild with Meson fix for #1699099 - -* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 -- Update to latest release -- Make scriptlet failure non-fatal - -* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 -- Update to latest prerelease - -* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 -- Update to latest prerelease - -* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 -- Update to the latest prerelease. -- The bug reported on latest update that systemd-resolved and systemd-networkd are - re-enabled after upgrade is fixed. - -* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 -- Backport various patches from the v241..v242 range: - kernel-install will not create the boot loader entry automatically (#1648907), - various bash completion improvements (#1183769), - memory leaks and such (#1685286). - -* Fri Mar 22 2019 Davide Cavalca - 241-1.fb2 -- Backport PR#11754 (sd-bus fixes for CVE-2019-6454) -- Backport PR#12078 (nspawn fix) - -* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 -- Declare hyperv and framebuffer devices master-of-seat again (#1683197) - -* Wed Feb 27 2019 Davide Cavalca - 241-1.fb1 -- Facebook rebuild -- Rebase fio udev patch (this will likely be dropped in the next release) -- Drop the mock testing patches, not needed anymore -- Ignore errors for Python bytecompiling due to run-unit-tests.py -- Fix the run-unit-tests.py shebang to use python36 -- Backport PR#11831 (missing include) and PR#11836 (test-chown-rec fix) - -* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 -- Prevent buffer overread in systemd-udevd -- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) - -* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 -- Turn LTO back on - -* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 -- Update to latest release -rc2 - -* Sun Feb 03 2019 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 -- Backport a patch for kernel-install - -* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 -- Update to latest release -rc1 - -* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 -- Add a work-around for #1663040 - -* Mon Jan 14 2019 Björn Esser -- Rebuilt for libcrypt.so.2 (#1666033) - -* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 -- Add a work-around for selinux issue on live images (#1663040) - -* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 -- systemd-journald and systemd-journal-remote reject entries which - contain too many fields (CVE-2018-16865, #1664973) and set limits on the - process' command line length (CVE-2018-16864, #1664972) -- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) -- A fix for systemd-udevd crash (#1662303) - -* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 -- Add two more patches that revert recent udev changes - -* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 -- Update to latest release - See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. - -* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 -- Hibernation checks for resume= are rescinded (#1645870) -- Various patches: - - memory issues in logind, networkd, journald (#1653068), sd-device, etc. - - Adaptations for newer meson, lz4, kernel - - Fixes for misleading bugs in documentation -- net.ipv4.conf.all.rp_filter is changed from 1 to 2 - -* Mon Dec 10 2018 Davide Cavalca - 239-1.fb6 -- Backport PR#10411 and PR#10493 (systemd-analyze timespan command) -- Rebase our PR#10507 and PR#10567 backports onto the version merged upstream -- Backport PR#10757 (cgroup2 BPF devices fixes) -- Backport PR#10876 (cgroup_subtree_mask propagation fix) - -* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek -- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf - (see https://github.com/pbrezina/authselect/issues/77) -- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve - -* Sun Nov 18 2018 Alejandro Domínguez Muñoz -- Remove link creation for rsyslog.service - -* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 -- Go back to using systemctl preset-all in %%post (#1647172, #1118740) - -* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 -- Requires(post) openssl-libs to fix live image build machine-id issue - See: https://pagure.io/dusty/failed-composes/issue/960 - -* Mon Nov 5 2018 Yu Watanabe -- Set proper attributes to private directories - -* Fri Nov 2 2018 Davide Cavalca - 239-1.fb5 -- Backport PR#10507 (don't require CPU controller for CPU accounting) -- Backport PR#10567 (DisableControllers= directive) - -* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 -- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) - -* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 -- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) -- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) -- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) -- The DHCP server is started only when link is UP -- DHCPv6 prefix delegation is improved -- Downgrade logging of various messages and add loging in other places -- Many many fixes in error handling and minor memory leaks and such -- Fix typos and omissions in documentation -- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) -- Matching by MACAddress= in systemd-networkd is fixed -- Creation of user runtime directories is improved, and the user - manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) -- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 -- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. -- "systemctl --wait start" exits immediately if no valid units are named -- zram devices are not considered as candidates for hibernation -- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) -- Various smaller improvements to unit ordering and dependencies -- generators are now called with the manager's environment -- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues -- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where - the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. -- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user - threads are used by bpfilter. -- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present -- Hibernation is not advertised if resume= is not present on the kernenl command line -- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, - AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= -- LOGO= and DOCUMENTATION_URL= are documented for the os-release file -- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries -- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects -- Catalog entries for the journal are improved (#1639482) -- If suspend fails, the post-suspend hooks are still called. -- Various build issues on less-common architectures are fixed - -* Fri Oct 12 2018 Davide Cavalca - 239-1.fb4 -- Backport PR#10062 (cgroup2 BPF device controller support) -- Backport PR#10203, PR#10363 (tests fixes for supplementary groups) -- Backport PR#10368 (%g, %G specifiers support) -- Add hostname to BuildRequires (it's needed by test-execute) -- Reenable test-execute now that it's finally working - -* Wed Oct 3 2018 Jan Synáček - 239-5 -- Fix meson using -Ddebug, which results in FTBFS -- Fix line_begins() to accept word matching full string (#1631840) - -* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 -- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) - -* Fri Aug 24 2018 Davide Cavalca - 239-1.fb3 -- backport new version of guro's cgroup2 BPF device controller patch - -* Wed Jul 18 2018 Terje Rosten - 239-3 -- Ignore return value from systemd-binfmt in scriptlet (#1565425) - -* Sun Jul 15 2018 Filipe Brandenburger -- Override systemd-user PAM config in install and not prep - -* Sat Jul 14 2018 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed Jul 4 2018 Davide Cavalca - 239-1.fb2 -- backport PR#9460 (followup to PR#9410) -- backport PR#9500 (support for StandardOutput=append:) -- revert c58fd46 (part of PR#8403) to workaround a FB-specific build issue - -* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek -- Rebuild for Python 3.7 again - -* Mon Jun 25 2018 Davide Cavalca - 239-1.fb1 -- Facebook rebuild -- backport PR#9244 and PR#9247 (new cgroup2 features) -- backport PR#9410 (gnutls detection, fix for #9403) - -* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 -- Update to latest version, mostly bug fixes and new functionality, - very little breaking changes. See - https://github.com/systemd/systemd/blob/v239/NEWS for details. - -* Tue Jun 19 2018 Miro Hrončok -- Rebuilt for Python 3.7 - -* Thu May 31 2018 Davide Cavalca - 238-7.fb3 -- Update cgroup2 BPF device controller patches -- Backport PR#9148 to mitigate pid watching issue on git - -* Tue May 15 2018 Davide Cavalca - 238-7.fb2 -- Backport htejun's io.latency patch -- Backport guro's cgroup2 BPF device controller patch - -* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 -- Backport a number of patches (documentation, hwdb updates) -- Fixes for tmpfiles 'e' entries -- systemd-networkd crashes -- XEN virtualization detection on hyper-v -- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) - -* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 -- Allow fake Delegate= setting on slices (#1568594) - -* Thu Apr 5 2018 Davide Cavalca - 238-7.fb1 -- Facebook rebuild -- Reenable tests (except test-execute which is still broken) - -* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 -- Move udev transfiletriggers to the right package, fix quoting - -* Tue Mar 27 2018 Colin Walters - 238-6 -- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 - This fixes compatibility with rpm-ostree. - -* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 -- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) - -* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 -- Do not close dbus connection during dbus reload call (#1554578) - -* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 -- Revert the patches for GRUB BootLoaderSpec support -- Add patch for /etc/machine-id creation (#1552843) - -* Tue Mar 6 2018 Yu Watanabe - 238-2 -- Fix transfiletrigger script (#1551793) - -* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 -- Update to latest version -- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) -- New transfiletriggers are installed for udev hwdb and rules, the journal - catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. - -* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 -- Add patch to install kernel images for GRUB BootLoaderSpec support - -* Mon Feb 26 2018 Davide Cavalca - 237-1.fb3 -- Backport PR#8115 to properly fix GH#8194 - -* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 -- Create /etc/systemd in %%post libs if necessary (#1548607) - -* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 -- Use : not touch to create file in -libs %%post - -* Thu Feb 22 2018 Davide Cavalca - 237-1.fb2 -- Add workaround for an issue with systemd-nspawn -u affecting mock (GH#8194) - -* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 -- Add coreutils dep for systemd-libs %%post -- Add patch to typecast USB IDs to avoid compile failure - -* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 -- Update some patches for test skipping that were updated upstream - before merging -- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined - correctly and possibly replace existing mappings - -* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 -- Backport a bunch of patches, most notably for the journal and various - memory issues. Some minor build fixes. -- Switch to new ldconfig macros that do nothing in F28+ -- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody - or nobody users are defined (#1537262) - -* Mon Feb 12 2018 Davide Cavalca - 237-1.fb1 -- Facebook rebuild -- Backport configurable docdir patch from master (PR#8068) -- Ensure split-files.py is run with python36 -- Set nfs/nfsnobody as nobody users -- Add pcre2-devel dependecy for journalctl --grep -- Disable tests for now as they're failing randomly when building in mock -- Use 10485760 as container base for Facebook to avoid conflicting with LDAP -- Backport PID file symlink chain checks fix from master (PR#8133) - -* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 -- Update to first stable snapshot (various minor memory leaks and misaccesses, - some documentation bugs, build fixes). - -* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 -- Update to latest version - -* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c -- Add patch to include if needed - -* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c -- Rebuilt for switch to libxcrypt - -* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 -- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 - various memory corruptions in systemd-networkd) -- /dev/kvm is marked as a static node which fixes permissions on s390x - and ppc64 (#1532382) - -* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 -- Update to latest version - -* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 -- Update to latest git snapshot, do not build for realz -- Switch to libidn2 again (#1449145) - -* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 -- Rebuild for cryptsetup-2.0.0-0.2.fc28 - -* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 -- Backport a bunch of patches, including LP#172535 - -* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 -- Patches for cryptsetup _netdev - -* Mon Oct 9 2017 Davide Cavalca - 235-1.fb1 -- Facebook rebuild - -* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 -- Update to latest version - -* Tue Sep 26 2017 Nathaniel McCallum - 234-8 -- Backport /etc/crypttab _netdev feature from upstream - -* Thu Sep 21 2017 Michal Sekletar - 234-7 -- Make sure to remove all device units sharing the same sysfs path (#1475570) - -* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 -- Bump xslt recursion limit for libxslt-1.30 - -* Mon Sep 18 2017 Davide Cavalca - 234-5.fb2 -- backport build fix for O_TMPFILE from PR#6816 - -* Tue Aug 8 2017 Davide Cavalca - 234-5.fb1 -- new upstream release -- drop compat-libs patch in favor of separate systemd-compat-libs project -- force locale to UTF-8 to make meson happy -- disable broken test-execute -- backport nsdelegate support from PR#6294 - -* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 -- Backport more patches (#1476005, hopefully #1462378) - -* Thu Jul 27 2017 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 -- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) -- Minor patches (memleaks, --help fixes, seccomp on arm64) - -* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 -- Create kvm group (#1431876) - -* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 -- Latest release - -* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c -- Update to snapshot -- Build with meson again - -* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 -- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) - -* Sat Jun 17 2017 Peter Blair - 233-2.fb2 -- Apply patch from CVE-2017-9445 - -* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 -- Update to snapshot version, build with meson - -* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 -- Backport a bunch of small fixes (memleaks, wrong format strings, - man page clarifications, shell completion) -- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) -- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) -- Drop soft-static uid for systemd-journal-gateway -- Use ID from /etc/os-release as ntpvendor - -* Thu Apr 13 2017 Davide Cavalca - 233-2.fb1 -- New upstream release -- disable a couple of broken tests -- default to legacy hierarchy for now - -* Wed Apr 12 2017 Davide Cavalca - 231-11.fb2 -- fix lz4 depends to pick the right package - -* Mon Apr 3 2017 Davide Cavalca - 231-11.fb1 -- use facebook macro to gate Facebook-specific settings -- rebuild against new RPM backport -- update patches - -* Thu Mar 16 2017 Michal Sekletar - 233-3 -- Backport bugfixes from upstream -- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) - -* Tue Mar 14 2017 Patrick White - 231-2.fb4 -- add poettering patch to fix hitting an assert (PR#4447) - -* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 -- Fix installation conflict with polkit - -* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 -- New upstream release (#1416201, #1405439, #1420753, many others) -- New systemd-tests subpackage with "installed tests" - -* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 -- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) - -* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 -- Ignore the hwdb parser test - -* Tue Feb 14 2017 Jan Synáček - 232-14 -- machinectl fails when virtual machine is running (#1419501) - -* Sat Feb 11 2017 Fedora Release Engineering - 232-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 -- Backport patch for initrd-switch-root.service getting killed (#1414904) -- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE - extraction by sd-coredump. - -* Sun Jan 29 2017 zbyszek - 232-11 -- Backport a number of patches (#1411299, #1413075, #1415745, - ##1415358, #1416588, #1408884) -- Fix various memleaks and unitialized variable access -- Shell completion enhancements -- Enable TPM logging by default (#1411156) -- Update hwdb (#1270124) - -* Thu Jan 19 2017 Adam Williamson - 232-10 -- Backport fix for boot failure in initrd-switch-root (#1414904) - -* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 -- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam - is available as multilib (#1414153) - -* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 -- Fix buildsystem to check for lz4 correctly (#1404406) - -* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 -- Various small tweaks to scriplets - -* Sat Jan 07 2017 Kevin Fenzi - 232-6 -- Fix scriptlets to never fail in libs post - -* Fri Jan 06 2017 Kevin Fenzi - 232-5 -- Add patch from Michal Schmidt to avoid process substitution (#1392236) - -* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 -- Rebuild (#1392236) - -* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 -- Make /etc/dbus-1/system.d directory non-%%ghost - -* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 -- Fix kernel-install (#1391829) -- Restore previous systemd-user PAM config (#1391836) -- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) -- Fix permissions on /var/lib/systemd/journal-upload (#1262665) - -* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 -- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) -- Add %%{_isa} to Provides on arch-full packages (#1387912) -- Create systemd-coredump user in %%pre (#1309574) -- Replace grubby patch with a short-circuiting install.d "plugin" -- Enable nss-systemd in the passwd, group lines in nsswith.conf -- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf -- Move systemd-nspawn man pages to the right subpackage (#1391703) - -* Tue Oct 18 2016 Jan Synáček - 231-11 -- SPC - Cannot restart host operating from container (#1384523) - -* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 -- Do not recreate /var/log/journal on upgrades (#1383066) -- Move nss-myhostname provides to systemd-libs (#1383271) - -* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 -- Fix systemctl set-default (#1374371) -- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) - -* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 -- Apply fix for #1378974 - -* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 -- Apply patches properly - -* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 -- Better fix for (#1380286) - -* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 -- Denial-of-service bug against pid1 (#1380286) - -* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 -- Fix preset-all (#1363858) -- Fix issue with daemon-reload messing up graphics (#1367766) -- A few other bugfixes - -* Wed Aug 10 2016 Davide Cavalca - 231-2.fb3 -- add mpawlowski root filesystem namespace patch for #12621017 -- add htejun patch for cgroup2 cpu controller (PR#3905) -- update htejun logind patch from PR#3835 - -* Wed Aug 03 2016 Adam Williamson - 231-3 -- Revert preset-all change, it broke stuff (#1363858) - -* Thu Jul 28 2016 Davide Cavalca - 231-2.fb2 -- add /dev/fio patch from bwann for GH#3718 -- import PR#3821 updates and rebase patches on github -- add htejun logind patch for UserTasksMax (#12460186, PR#3835) - -* Wed Jul 27 2016 Davide Cavalca - 231-2.fb1 -- Facebook rebuild -- Fix test failures in mock (#7950934, PR#3821) -- drop fsck on root patch now that we have the new dracut (see PR#3822) -- Rework LTO disable patch to be conditional (#11565880, PR#3823) -- update compat-libs and rebase onto public branch - (https://github.com/davide125/systemd/tree/compat-libs) -- add back python support now that we have python34-lxml -- add back xkbcommon support as it's available in rolling os updates - -* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 -- Call preset-all on initial installation (#1118740) -- Fix botched Recommends for libxkbcommon - -* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 -- Update to latest version - -* Tue Jul 19 2016 Davide Cavalca - 230-2.fb2 -- fix fsck for root filesystem on firstboot after install (#11352467) - -* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 -- Update to latest git snapshot (fixes for systemctl set-default, - polkit lingering policy, reversal of the framebuffer rules, - unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). - Those changes are interspersed with other changes and new features - (mostly in lldp, networkd, and nspawn). Some of those new features - might not work, but I think that existing functionality should not - be broken, so it seems worthwile to update to the snapshot. - -* Thu May 26 2016 Davide Cavalca - 230-2.fb1 -- Facebook rebuild -- backport htejun PRs for cgroup2 (#3337, #3329, #3315, #3417, #3418) -- add back compat-libs - -* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 -- Remove systemd-compat-libs on upgrade - -* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 -- New version -- Drop compat-libs -- Require libxkbcommon explictly, since the automatic dependency will - not be generated anymore - -* Thu May 12 2016 Tejun Heo - 229-1.fb6 -- backport https://github.com/systemd/systemd/pull/3246 to fix slice overrides - -* Mon May 09 2016 Davide Cavalca - 229-1.fb5 -- update Tejun Heo patches for cgroup2 io controller support - -* Fri Apr 29 2016 Davide Cavalca - 229-1.fb4 -- add Tejun Heo test patch for cgroup2 IO controllers support (#10638181) - -* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 -- Remove duplicated entries in -container %%files (#1330395) - -* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 -- Move installation of udev services to udev subpackage (#1329023) - -* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 -- Split out systemd-pam subpackage (#1327402) - -* Mon Apr 18 2016 Harald Hoyer - 229-12 -- move more binaries and services from the main package to subpackages - -* Mon Apr 18 2016 Harald Hoyer - 229-11 -- move more binaries and services from the main package to subpackages - -* Mon Apr 18 2016 Harald Hoyer - 229-10 -- move device dependant stuff to the udev subpackage - -* Thu Mar 24 2016 Davide Cavalca - 229-1.fb3 -- add Tejun Heo patches for cgroups v2 support (#10268183) - -* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 -- Add myhostname to /etc/nsswitch.conf (#1318303) - -* Mon Mar 21 2016 Harald Hoyer - 229-8 -- fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 - -* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 -- Moar patches (#1316964, #1317928) -- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev -- Protect systemd-udev from deinstallation - -* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 -- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) - -* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 -- Split out systemd-container subpackage (#1163412) -- Split out system-udev subpackage -- Add various bugfix patches, incl. a tentative fix for #1308771 - -* Wed Mar 02 2016 Davide Cavalca - 229-1.fb2 -- revert RPM trigger macros for #10119506 - -* Tue Mar 1 2016 Peter Robinson 229-4 -- Power64 and s390(x) now have libseccomp support -- aarch64 has gnu-efi - -* Tue Feb 23 2016 Jan Synáček - 229-3 -- Fix build failures on ppc64 (#1310800) - -* Tue Feb 16 2016 Dennis Gilmore - 229-2 -- revert: fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 -- this causes the dtb files to not get installed at all and the fdtdir -- line in extlinux.conf to not get updated correctly - -* Tue Feb 16 2016 Davide Cavalca - 229-1.fb1 -- Facebook rebuilt -- disable LTO to fix a build segfault with LTO - -* Thu Feb 11 2016 Michal Sekletar - 229-1 -- New upstream release - -* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 -- fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 - -* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 -- Rebuild for binutils on aarch64 fix - -* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 -- apply the conflict with fedora-release only in Fedora - -* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 -- Fix rawhide build failures on ppc64 (#1286249) - -* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 -- Create /etc/systemd/network (#1286397) - -* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 -- Do not install nss modules by default - -* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 -- Update to latest upstream git: there is a bunch of fixes - (nss-mymachines overflow bug, networkd fixes, more completions are - properly installed), mixed with some new resolved features. -- Rework file triggers so that they always run before daemons are restarted - -* Mon Nov 23 2015 Davide Cavalca - 228-3.fb1 -- Facebook rebuilt -- disable test-namespace -- revert rpm file triggers as they don't work on el7 - -* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 -- Enable rpm file triggers for daemon-reload - -* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 -- Fix version number in obsoleted package name (#1283452) - -* Wed Nov 18 2015 Kay Sievers - 228-1 -- New upstream release - -* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 -- Rename journal-gateway subpackage to journal-remote -- Ignore the access mode on /var/log/journal (#1048424) -- Do not assume fstab is present (#1281606) - -* Wed Nov 11 2015 Fedora Release Engineering - 227-6 -- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 - -* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 -- Rebuild for libmicrohttpd soname bump - -* Fri Nov 06 2015 Robert Kuska - 227-4 -- Rebuilt for Python3.5 rebuild - -* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 -- Fix syntax in kernel-install (#1277264) - -* Tue Nov 03 2015 Michal Schmidt - 227-2 -- Rebuild for libmicrohttpd soname bump. - -* Fri Oct 09 2015 Davide Cavalca - 227-1.fb1 -- disable tests broken on centos6 -- fix build with centos7 curl -- kernel-install: add fedora specific callouts to new-kernel-pkg - -* Wed Oct 7 2015 Kay Sievers - 227-1 -- New upstream release - -* Fri Sep 18 2015 Jan Synáček - 226-3 -- user systemd-journal-upload should be in systemd-journal group (#1262743) - -* Fri Sep 18 2015 Kay Sievers - 226-2 -- Add selinux to system-user PAM config - -* Tue Sep 8 2015 Kay Sievers - 226-1 -- New upstream release - -* Thu Aug 27 2015 Kay Sievers - 225-1 -- New upstream release - -* Fri Jul 31 2015 Kay Sievers - 224-1 -- New upstream release - -* Wed Jul 29 2015 Kay Sievers - 223-2 -- update to git snapshot - -* Wed Jul 29 2015 Kay Sievers - 223-1 -- New upstream release - -* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 -- Remove python subpackages (python-systemd in now standalone) - -* Tue Jul 7 2015 Kay Sievers - 222-1 -- New upstream release - -* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a -- update to git snapshot - -* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a -- Add example file with yama config (#1234951) - -* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a -- update to git snapshot - -* Mon Jun 22 2015 Kay Sievers - 221-2 -- build systemd-boot EFI tools - -* Fri Jun 19 2015 Lennart Poettering - 221-1 -- New upstream release -- Undoes botched translation check, should be reinstated later? - -* Fri Jun 19 2015 Fedora Release Engineering - 220-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Thu Jun 11 2015 Peter Robinson 220-9 -- The gold linker is now fixed on aarch64 - -* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 -- Remove gudev which is now provided as separate package (libgudev) -- Fix for spurious selinux denials (#1224211) -- Udev change events (#1225905) -- Patches for some potential crashes -- ProtectSystem=yes does not touch /home -- Man page fixes, hwdb updates, shell completion updates -- Restored persistent device symlinks for bcache, xen block devices -- Tag all DRM cards as master-of-seat - -* Tue Jun 09 2015 Harald Hoyer 220-7 -- fix udev block device watch - -* Tue Jun 09 2015 Harald Hoyer 220-6 -- add support for network disk encryption - -* Sun Jun 7 2015 Peter Robinson 220-5 -- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) - -* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 -- systemd-devel should require systemd-libs, not the main package (#1226301) -- Check for botched translations (#1226566) -- Make /etc/udev/hwdb.d part of the rpm (#1226379) - -* Thu May 28 2015 Richard W.M. Jones - 220-3 -- Add patch to fix udev --daemon not cleaning child processes - (upstream commit 86c3bece38bcf5). - -* Wed May 27 2015 Richard W.M. Jones - 220-2 -- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). - -* Thu May 21 2015 Lennart Poettering - 220-1 -- New upstream release -- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) -- Remove ghosting for /etc/systemd/system/runlevel*.target, these - targets are not configurable anymore in systemd upstream -- Drop work-around for #1002806, since this is solved upstream now - -* Wed May 20 2015 Dennis Gilmore - 219-15 -- fix up the conflicts version for fedora-release - -* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 -- Remove presets (#1221340) -- Fix (potential) crash and memory leak in timedated, locking failure - in systemd-nspawn, crash in resolved. -- journalctl --list-boots should be faster -- zsh completions are improved -- various ommissions in docs are corrected (#1147651) -- VARIANT and VARIANT_ID fields in os-release are documented -- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) -- systemd-tmpfiles should behave better on read-only file systems (#1207083) - -* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 -- Patches for some outstanding annoyances -- Small keyboard hwdb updates - -* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 -- Tighten requirements between subpackages (#1207381). - -* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 -- Move all parts systemd-journal-{remote,upload} to - systemd-journal-gatewayd subpackage (#1193143). -- Create /var/lib/systemd/journal-upload directory (#1193145). -- Cut out lots of stupid messages at debug level which were obscuring more - important stuff. -- Apply "tentative" state for devices only when they are added, not removed. -- Ignore invalid swap pri= settings (#1204336) -- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) -- Fix comparing of filesystem paths (#1184016) - -* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 -- Fixes for bugs 1186018, 1195294, 1185604, 1196452. -- Hardware database update. -- Documentation fixes. -- A fix for journalctl performance regression. -- Fix detection of inability to open files in journalctl. -- Detect SuperH architecture properly. -- The first of duplicate lines in tmpfiles wins again. -- Do vconsole setup after loading vconsole driver, not fbcon. -- Fix problem where some units were restarted during systemd reexec. -- Fix race in udevadm settle tripping up NetworkManager. -- Downgrade various log messages. -- Fix issue where journal-remote would process some messages with a delay. -- GPT /srv partition autodiscovery is fixed. -- Reconfigure old Finnish keymaps in post (#1151958) - -* Tue Mar 10 2015 Jan Synáček - 219-9 -- Buttons on Lenovo X6* tablets broken (#1198939) - -* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 -- Reworked device handling (#1195761) -- ACL handling fixes (with a script in %%post) -- Various log messages downgraded (#1184712) -- Allow PIE on s390 again (#1197721) - -* Wed Feb 25 2015 Michal Schmidt - 219-7 -- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) - -* Tue Feb 24 2015 Colin Walters - 219-6 -- Revert patch that breaks Atomic/OSTree (#1195761) - -* Fri Feb 20 2015 Michal Schmidt - 219-5 -- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. - -* Fri Feb 20 2015 Michal Schmidt - 219-4 -- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. - -* Wed Feb 18 2015 Michal Schmidt - 219-3 -- arm: disabling gold did not help; disable lto instead (#1193212) - -* Tue Feb 17 2015 Peter Jones - 219-2 -- Update 90-default.present for dbxtool. - -* Mon Feb 16 2015 Lennart Poettering - 219-1 -- New upstream release -- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) -- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink -- This enables "%%check" -- disable gold on arm, as that is broken (see #1193212) - -* Mon Feb 16 2015 Peter Robinson 218-6 -- aarch64 now has seccomp support - -* Thu Feb 05 2015 Michal Schmidt - 218-5 -- Don't overwrite systemd.macros with unrelated Source file. - -* Thu Feb 5 2015 Jan Synáček - 218-4 -- Add a touchpad hwdb (#1189319) - -* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 -- Enable xkbcommon dependency to allow checking of keymaps -- Fix permissions of /var/log/journal (#1048424) -- Enable timedatex in presets (#1187072) -- Disable rpcbind in presets (#1099595) - -* Wed Jan 7 2015 Jan Synáček - 218-3 -- RFE: journal: automatically rotate the file if it is unlinked (#1171719) - -* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 -- Add firewall description files (#1176626) - -* Thu Dec 18 2014 Jan Synáček - 218-2 -- systemd-nspawn doesn't work on s390/s390x (#1175394) - -* Wed Dec 10 2014 Lennart Poettering - 218-1 -- New upstream release -- Enable "nss-mymachines" in /etc/nsswitch.conf - -* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 -- Change libgudev1 to only require systemd-libs (#727499), there's - no need to require full systemd stack. -- Fixes for bugs #1159448, #1152220, #1158035. -- Bash completions updates to allow propose more units for start/restart, - and completions for set-default,get-default. -- Again allow systemctl enable of instances. -- Hardware database update and fixes. -- Udev crash on invalid options and kernel commandline timeout parsing are fixed. -- Add "embedded" chassis type. -- Sync before 'reboot -f'. -- Fix restarting of timer units. - -* Wed Nov 05 2014 Michal Schmidt - 217-3 -- Fix hanging journal flush (#1159641) - -* Fri Oct 31 2014 Michal Schmidt - 217-2 -- Fix ordering cycles involving systemd-journal-flush.service and - remote-fs.target (#1159117) - -* Tue Oct 28 2014 Lennart Poettering - 217-1 -- New upstream release - -* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 -- Drop PackageKit.service from presets (#1154126) - -* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 -- Conflict with old versions of initscripts (#1152183) -- Remove obsolete Finnish keymap (#1151958) - -* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 -- Fix a problem with voluntary daemon exits and some other bugs - (#1150477, #1095962, #1150289) - -* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 -- Update to latest git, but without the readahead removal patch - (#1114786, #634736) - -* Wed Oct 01 2014 Kay Sievers - 216-8 -- revert "don't reset selinux context during CHANGE events" - -* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 -- add temporary workaround for #1147910 -- don't reset selinux context during CHANGE events - -* Wed Sep 10 2014 Michal Schmidt - 216-6 -- Update timesyncd with patches to avoid hitting NTP pool too often. - -* Tue Sep 09 2014 Michal Schmidt - 216-5 -- Use common CONFIGURE_OPTS for build2 and build3. -- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. - -* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 -- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) - -* Thu Aug 28 2014 Peter Robinson 216-3 -- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) - -* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 -- Re-add patch to disable resolve.conf symlink (#1043119) - -* Wed Aug 20 2014 Lennart Poettering - 216-1 -- New upstream release - -* Mon Aug 18 2014 Fedora Release Engineering - 215-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Wed Aug 13 2014 Dan Horák 215-11 -- disable LTO also on s390(x) - -* Sat Aug 09 2014 Harald Hoyer 215-10 -- fixed PPC64LE - -* Wed Aug 6 2014 Tom Callaway - 215-9 -- fix license handling - -* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 -- Create systemd-journal-remote and systemd-journal-upload users (#1118907) - -* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 -- Split out systemd-compat-libs subpackage - -* Tue Jul 22 2014 Kalev Lember - 215-6 -- Rebuilt for gobject-introspection 1.41.4 - -* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 -- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) -- Add missing BR so gnutls and elfutils are used - -* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 -- Various man page updates -- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD - for better behaviour in containers -- Some small networkd link handling fixes -- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) -- New systemd-escape tool -- XZ compression settings are tweaked to greatly improve journald performance -- "watch" is accepted as chassis type -- Various sysusers fixes, most importantly correct selinux labels -- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) -- Shell completion improvements -- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access -- XEN and s390 virtualization is properly detected - -* Mon Jul 07 2014 Colin Walters - 215-3 -- Add patch to disable resolve.conf symlink (#1043119) - -* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 -- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) -- Disable /etc/mtab handling temporarily (#1116158) - -* Thu Jul 03 2014 Lennart Poettering - 215-1 -- New upstream release -- Enable coredump logic (which abrt would normally override) - -* Sun Jun 29 2014 Peter Robinson 214-5 -- On aarch64 disable LTO as it still has issues on that arch - -* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 -- Bugfixes (#996133, #1112908) - -* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 -- Actually create input group (#1054549) - -* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 -- Do not restart systemd-logind on upgrades (#1110697) -- Add some patches (#1081429, #1054549, #1108568, #928962) - -* Wed Jun 11 2014 Lennart Poettering - 214-1 -- New upstream release -- Get rid of "floppy" group, since udev uses "disk" now -- Reenable LTO - -* Sun Jun 08 2014 Fedora Release Engineering - 213-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Wed May 28 2014 Kay Sievers - 213-3 -- fix systemd-timesync user creation - -* Wed May 28 2014 Michal Sekletar - 213-2 -- Create temporary files after installation (#1101983) -- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) - -* Wed May 28 2014 Kay Sievers - 213-1 -- New upstream release - -* Tue May 27 2014 Kalev Lember - 212-6 -- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 - -* Fri May 23 2014 Adam Williamson - 212-5 -- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) - -* Wed May 07 2014 Kay Sievers - 212-4 -- add netns udev workaround - -* Wed May 07 2014 Michal Sekletar - 212-3 -- enable uuidd.socket by default (#1095353) - -* Sat Apr 26 2014 Peter Robinson 212-2 -- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) - -* Tue Mar 25 2014 Lennart Poettering - 212-1 -- New upstream release - -* Mon Mar 17 2014 Peter Robinson 211-2 -- Explicitly define which upstream platforms support libseccomp - -* Tue Mar 11 2014 Lennart Poettering - 211-1 -- New upstream release - -* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 -- Fix logind unpriviledged reboot issue and a few other minor fixes -- Limit generator execution time -- Recognize buttonless joystick types - -* Fri Mar 07 2014 Karsten Hopp 210-7 -- ppc64le needs link warnings disabled, too - -* Fri Mar 07 2014 Karsten Hopp 210-6 -- move ifarch ppc64le to correct place (libseccomp req) - -* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 -- Bugfixes: #1047568, #1047039, #1071128, #1073402 -- Bash completions for more systemd tools -- Bluetooth database update -- Manpage fixes - -* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 -- Apply work-around for ppc64le too (#1073647). - -* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 -- Backport a few patches, add completion for systemd-nspawn. - -* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 -- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 - -* Mon Feb 24 2014 Lennart Poettering - 210-2 -- Check more services against preset list and enable by default - -* Mon Feb 24 2014 Lennart Poettering - 210-1 -- new upstream release - -* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 -- Enable dnssec-triggerd.service by default (#1060754) - -* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 -- git snapshot to sort out ARM build issues - -* Thu Feb 20 2014 Lennart Poettering - 209-1 -- new upstream release - -* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 -- Make gpsd lazily activated (#1066421) - -* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 -- Back out patch which causes user manager to be destroyed when unneeded - and spams logs (#1053315) - -* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 -- A different fix for #1023820 taken from Mageia -- Backported fix for #997031 -- Hardward database updates, man pages improvements, a few small memory - leaks, utf-8 correctness and completion fixes -- Support for key-slot option in crypttab - -* Sat Jan 25 2014 Ville Skyttä - 208-12 -- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 -- Backport a few fixes, relevant documentation updates, and HWDB changes - (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, - #1043212, #1039351, #1031325, #1023820, #1017509, #953077) -- Flip journalctl to --full by default (#984758) - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 -- Apply two patches for #1026860 - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 -- Bump release to stay ahead of f20 - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 -- Backport patches (#1023041, #1036845, #1006386?) -- HWDB update -- Some small new features: nspawn --drop-capability=, running PID 1 under - valgrind, "yearly" and "annually" in calendar specifications -- Some small documentation and logging updates - -* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 -- Bump release to stay ahead of f20 - -* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 -- Use unit name in PrivateTmp= directories (#957439) -- Update manual pages, completion scripts, and hardware database -- Configurable Timeouts/Restarts default values -- Support printing of timestamps on the console -- Fix some corner cases in detecting when writing to the console is safe -- Python API: convert keyword values to string, fix sd_is_booted() wrapper -- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) -- Allow masking of fsck units -- Advertise hibernation to swap files -- Fix SO_REUSEPORT settings -- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) -- Make use of newer kmod -- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 - -* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 -- Add temporary fix for #1002806 - -* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 -- Backport a bunch of fixes and hwdb updates - -* Wed Oct 2 2013 Lennart Poettering - 208-2 -- Move old random seed and backlight files into the right place - -* Wed Oct 2 2013 Lennart Poettering - 208-1 -- New upstream release - -* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 -- Do not create /var/var/... dirs - -* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 -- Fix policykit authentication -- Resolves: rhbz#1006680 - -* Tue Sep 17 2013 Harald Hoyer 207-3 -- fixed login -- Resolves: rhbz#1005233 - -* Mon Sep 16 2013 Harald Hoyer 207-2 -- add some upstream fixes for 207 -- fixed swap activation -- Resolves: rhbz#1008604 - -* Fri Sep 13 2013 Lennart Poettering - 207-1 -- New upstream release - -* Fri Sep 06 2013 Harald Hoyer 206-11 -- support "debug" kernel command line parameter -- journald: fix fd leak in journal_file_empty -- journald: fix vacuuming of archived journals -- libudev: enumerate - do not try to match against an empty subsystem -- cgtop: fixup the online help -- libudev: fix memleak when enumerating childs - -* Wed Sep 04 2013 Harald Hoyer 206-10 -- Do not require grubby, lorax now takes care of grubby -- cherry-picked a lot of patches from upstream - -* Tue Aug 27 2013 Dennis Gilmore - 206-9 -- Require grubby, Fedora installs require grubby, -- kernel-install took over from new-kernel-pkg -- without the Requires we are unable to compose Fedora -- everyone else says that since kernel-install took over -- it is responsible for ensuring that grubby is in place -- this is really what we want for Fedora - -* Tue Aug 27 2013 Kay Sievers - 206-8 -- Revert "Require grubby its needed by kernel-install" - -* Mon Aug 26 2013 Dennis Gilmore 206-7 -- Require grubby its needed by kernel-install - -* Thu Aug 22 2013 Harald Hoyer 206-6 -- kernel-install now understands kernel flavors like PAE - -* Tue Aug 20 2013 Rex Dieter - 206-5 -- add sddm.service to preset file (#998978) - -* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 -- Filter out provides for private python modules. -- Add requires on kmod >= 14 (#990994). - -* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 -- New systemd-python3 package (#976427). -- Add ownership of a few directories that we create (#894202). - -* Sun Aug 04 2013 Fedora Release Engineering - 206-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Tue Jul 23 2013 Kay Sievers - 206-1 -- New upstream release - Resolves (#984152) - -* Wed Jul 3 2013 Lennart Poettering - 205-1 -- New upstream release - -* Wed Jun 26 2013 Michal Schmidt 204-10 -- Split systemd-journal-gateway subpackage (#908081). - -* Mon Jun 24 2013 Michal Schmidt 204-9 -- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) - -* Fri Jun 14 2013 Harald Hoyer 204-8 -- fix, which helps to sucessfully browse journals with - duplicated seqnums - -* Fri Jun 14 2013 Harald Hoyer 204-7 -- fix duplicate message ID bug -Resolves: rhbz#974132 - -* Thu Jun 06 2013 Harald Hoyer 204-6 -- introduce 99-default-disable.preset - -* Thu Jun 6 2013 Lennart Poettering - 204-5 -- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) - -* Tue May 28 2013 Harald Hoyer 204-4 -- Fix kernel-install (#965897) - -* Wed May 22 2013 Kay Sievers - 204-3 -- Fix kernel-install (#965897) - -* Thu May 9 2013 Lennart Poettering - 204-2 -- New upstream release -- disable isdn by default (#959793) - -* Tue May 07 2013 Harald Hoyer 203-2 -- forward port kernel-install-grubby.patch - -* Tue May 7 2013 Lennart Poettering - 203-1 -- New upstream release - -* Wed Apr 24 2013 Harald Hoyer 202-3 -- fix ENOENT for getaddrinfo -- Resolves: rhbz#954012 rhbz#956035 -- crypt-setup-generator: correctly check return of strdup -- logind-dbus: initialize result variable -- prevent library underlinking - -* Fri Apr 19 2013 Harald Hoyer 202-2 -- nspawn create empty /etc/resolv.conf if necessary -- python wrapper: add sd_journal_add_conjunction() -- fix s390 booting -- Resolves: rhbz#953217 - -* Thu Apr 18 2013 Lennart Poettering - 202-1 -- New upstream release - -* Tue Apr 09 2013 Michal Schmidt - 201-2 -- Automatically discover whether to run autoreconf and add autotools and git - BuildRequires based on the presence of patches to be applied. -- Use find -delete. - -* Mon Apr 8 2013 Lennart Poettering - 201-1 -- New upstream release - -* Mon Apr 8 2013 Lennart Poettering - 200-4 -- Update preset file - -* Fri Mar 29 2013 Lennart Poettering - 200-3 -- Remove NetworkManager-wait-online.service from presets file again, it should default to off - -* Fri Mar 29 2013 Lennart Poettering - 200-2 -- New upstream release - -* Tue Mar 26 2013 Lennart Poettering - 199-2 -- Add NetworkManager-wait-online.service to the presets file - -* Tue Mar 26 2013 Lennart Poettering - 199-1 -- New upstream release - -* Mon Mar 18 2013 Michal Schmidt 198-7 -- Drop /usr/s?bin/ prefixes. - -* Fri Mar 15 2013 Harald Hoyer 198-6 -- run autogen to pickup all changes - -* Fri Mar 15 2013 Harald Hoyer 198-5 -- do not mount anything, when not running as pid 1 -- add initrd.target for systemd in the initrd - -* Wed Mar 13 2013 Harald Hoyer 198-4 -- fix switch-root and local-fs.target problem -- patch kernel-install to use grubby, if available - -* Fri Mar 08 2013 Harald Hoyer 198-3 -- add Conflict with dracut < 026 because of the new switch-root isolate - -* Thu Mar 7 2013 Lennart Poettering - 198-2 -- Create required users - -* Thu Mar 7 2013 Lennart Poettering - 198-1 -- New release -- Enable journal persistancy by default - -* Sun Feb 10 2013 Peter Robinson 197-3 -- Bump for ARM - -* Fri Jan 18 2013 Michal Schmidt - 197-2 -- Added qemu-guest-agent.service to presets (Lennart, #885406). -- Add missing pygobject3-base to systemd-analyze deps (Lennart). -- Do not require hwdata, it is all in the hwdb now (Kay). -- Drop dependency on dbus-python. - -* Tue Jan 8 2013 Lennart Poettering - 197-1 -- New upstream release - -* Mon Dec 10 2012 Michal Schmidt - 196-4 -- Enable rngd.service by default (#857765). - -* Mon Dec 10 2012 Michal Schmidt - 196-3 -- Disable hardening on s390(x) because PIE is broken there and produces - text relocations with __thread (#868839). - -* Wed Dec 05 2012 Michal Schmidt - 196-2 -- added spice-vdagentd.service to presets (Lennart, #876237) -- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name - (requested by Milan Brož). -- verbose make to see the actual build flags - -* Wed Nov 21 2012 Lennart Poettering - 196-1 -- New upstream release - -* Tue Nov 20 2012 Lennart Poettering - 195-8 -- https://bugzilla.redhat.com/show_bug.cgi?id=873459 -- https://bugzilla.redhat.com/show_bug.cgi?id=878093 - -* Thu Nov 15 2012 Michal Schmidt - 195-7 -- Revert udev killing cgroup patch for F18 Beta. -- https://bugzilla.redhat.com/show_bug.cgi?id=873576 - -* Fri Nov 09 2012 Michal Schmidt - 195-6 -- Fix cyclical dep between systemd and systemd-libs. -- Avoid broken build of test-journal-syslog. -- https://bugzilla.redhat.com/show_bug.cgi?id=873387 -- https://bugzilla.redhat.com/show_bug.cgi?id=872638 - -* Thu Oct 25 2012 Kay Sievers - 195-5 -- require 'sed', limit HOSTNAME= match - -* Wed Oct 24 2012 Michal Schmidt - 195-4 -- add dmraid-activation.service to the default preset -- add yum protected.d fragment -- https://bugzilla.redhat.com/show_bug.cgi?id=869619 -- https://bugzilla.redhat.com/show_bug.cgi?id=869717 - -* Wed Oct 24 2012 Kay Sievers - 195-3 -- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to - systemd native files - -* Tue Oct 23 2012 Lennart Poettering - 195-2 -- Provide syslog because the journal is fine as a syslog implementation - -* Tue Oct 23 2012 Lennart Poettering - 195-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=831665 -- https://bugzilla.redhat.com/show_bug.cgi?id=847720 -- https://bugzilla.redhat.com/show_bug.cgi?id=858693 -- https://bugzilla.redhat.com/show_bug.cgi?id=863481 -- https://bugzilla.redhat.com/show_bug.cgi?id=864629 -- https://bugzilla.redhat.com/show_bug.cgi?id=864672 -- https://bugzilla.redhat.com/show_bug.cgi?id=864674 -- https://bugzilla.redhat.com/show_bug.cgi?id=865128 -- https://bugzilla.redhat.com/show_bug.cgi?id=866346 -- https://bugzilla.redhat.com/show_bug.cgi?id=867407 -- https://bugzilla.redhat.com/show_bug.cgi?id=868603 - -* Wed Oct 10 2012 Michal Schmidt - 194-2 -- Add scriptlets for migration away from systemd-timedated-ntp.target - -* Wed Oct 3 2012 Lennart Poettering - 194-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=859614 -- https://bugzilla.redhat.com/show_bug.cgi?id=859655 - -* Fri Sep 28 2012 Lennart Poettering - 193-1 -- New upstream release - -* Tue Sep 25 2012 Lennart Poettering - 192-1 -- New upstream release - -* Fri Sep 21 2012 Lennart Poettering - 191-2 -- Fix journal mmap header prototype definition to fix compilation on 32bit - -* Fri Sep 21 2012 Lennart Poettering - 191-1 -- New upstream release -- Enable all display managers by default, as discussed with Adam Williamson - -* Thu Sep 20 2012 Lennart Poettering - 190-1 -- New upstream release -- Take possession of /etc/localtime, and remove /etc/sysconfig/clock -- https://bugzilla.redhat.com/show_bug.cgi?id=858780 -- https://bugzilla.redhat.com/show_bug.cgi?id=858787 -- https://bugzilla.redhat.com/show_bug.cgi?id=858771 -- https://bugzilla.redhat.com/show_bug.cgi?id=858754 -- https://bugzilla.redhat.com/show_bug.cgi?id=858746 -- https://bugzilla.redhat.com/show_bug.cgi?id=858266 -- https://bugzilla.redhat.com/show_bug.cgi?id=858224 -- https://bugzilla.redhat.com/show_bug.cgi?id=857670 -- https://bugzilla.redhat.com/show_bug.cgi?id=856975 -- https://bugzilla.redhat.com/show_bug.cgi?id=855863 -- https://bugzilla.redhat.com/show_bug.cgi?id=851970 -- https://bugzilla.redhat.com/show_bug.cgi?id=851275 -- https://bugzilla.redhat.com/show_bug.cgi?id=851131 -- https://bugzilla.redhat.com/show_bug.cgi?id=847472 -- https://bugzilla.redhat.com/show_bug.cgi?id=847207 -- https://bugzilla.redhat.com/show_bug.cgi?id=846483 -- https://bugzilla.redhat.com/show_bug.cgi?id=846085 -- https://bugzilla.redhat.com/show_bug.cgi?id=845973 -- https://bugzilla.redhat.com/show_bug.cgi?id=845194 -- https://bugzilla.redhat.com/show_bug.cgi?id=845028 -- https://bugzilla.redhat.com/show_bug.cgi?id=844630 -- https://bugzilla.redhat.com/show_bug.cgi?id=839736 -- https://bugzilla.redhat.com/show_bug.cgi?id=835848 -- https://bugzilla.redhat.com/show_bug.cgi?id=831740 -- https://bugzilla.redhat.com/show_bug.cgi?id=823485 -- https://bugzilla.redhat.com/show_bug.cgi?id=821813 -- https://bugzilla.redhat.com/show_bug.cgi?id=807886 -- https://bugzilla.redhat.com/show_bug.cgi?id=802198 -- https://bugzilla.redhat.com/show_bug.cgi?id=767795 -- https://bugzilla.redhat.com/show_bug.cgi?id=767561 -- https://bugzilla.redhat.com/show_bug.cgi?id=752774 -- https://bugzilla.redhat.com/show_bug.cgi?id=732874 -- https://bugzilla.redhat.com/show_bug.cgi?id=858735 - -* Thu Sep 13 2012 Lennart Poettering - 189-4 -- Don't pull in pkg-config as dep -- https://bugzilla.redhat.com/show_bug.cgi?id=852828 - -* Wed Sep 12 2012 Lennart Poettering - 189-3 -- Update preset policy -- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish - -* Thu Aug 23 2012 Lennart Poettering - 189-2 -- Update preset policy -- https://bugzilla.redhat.com/show_bug.cgi?id=850814 - -* Thu Aug 23 2012 Lennart Poettering - 189-1 -- New upstream release - -* Thu Aug 16 2012 Ray Strode 188-4 -- more scriptlet fixes - (move dm migration logic to %%posttrans so the service - files it's looking for are available at the time - the logic is run) - -* Sat Aug 11 2012 Lennart Poettering - 188-3 -- Remount file systems MS_PRIVATE before switching roots -- https://bugzilla.redhat.com/show_bug.cgi?id=847418 - -* Wed Aug 08 2012 Rex Dieter - 188-2 -- fix scriptlets - -* Wed Aug 8 2012 Lennart Poettering - 188-1 -- New upstream release -- Enable gdm and avahi by default via the preset file -- Convert /etc/sysconfig/desktop to display-manager.service symlink -- Enable hardened build - -* Mon Jul 30 2012 Kay Sievers - 187-3 -- Obsolete: system-setup-keyboard - -* Wed Jul 25 2012 Kalev Lember - 187-2 -- Run ldconfig for the new -libs subpackage - -* Thu Jul 19 2012 Lennart Poettering - 187-1 -- New upstream release - -* Mon Jul 09 2012 Harald Hoyer 186-2 -- fixed dracut conflict version - -* Tue Jul 3 2012 Lennart Poettering - 186-1 -- New upstream release - -* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 -- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work - -* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 -- Update to current git - -* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 -- disable plymouth in configure, to drop the .wants/ symlinks - -* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 -- Update to current git snapshot - - Add systemd-readahead-analyze - - Drop upstream patch -- Split systemd-libs -- Drop duplicate doc files -- Fixed License headers of subpackages - -* Wed Jun 06 2012 Ray Strode - 185-3 -- Drop plymouth files -- Conflict with old plymouth - -* Tue Jun 05 2012 Kay Sievers - 185-2 -- selinux udev labeling fix -- conflict with older dracut versions for new udev file names - -* Mon Jun 04 2012 Kay Sievers - 185-1 -- New upstream release - - udev selinux labeling fixes - - new man pages - - systemctl help - -* Thu May 31 2012 Lennart Poettering - 184-1 -- New upstream release - -* Thu May 24 2012 Kay Sievers - 183-1 -- New upstream release including udev merge. - -* Wed Mar 28 2012 Michal Schmidt - 44-4 -- Add triggers from Bill Nottingham to correct the damage done by - the obsoleted systemd-units's preun scriptlet (#807457). - -* Mon Mar 26 2012 Dennis Gilmore - 44-3 -- apply patch from upstream so we can build systemd on arm and ppc -- and likely the rest of the secondary arches - -* Tue Mar 20 2012 Michal Schmidt - 44-2 -- Don't build the gtk parts anymore. They're moving into systemd-ui. -- Remove a dead patch file. - -* Fri Mar 16 2012 Lennart Poettering - 44-1 -- New upstream release -- Closes #798760, #784921, #783134, #768523, #781735 - -* Mon Feb 27 2012 Dennis Gilmore - 43-2 -- don't conflict with fedora-release systemd never actually provided -- /etc/os-release so there is no actual conflict - -* Wed Feb 15 2012 Lennart Poettering - 43-1 -- New upstream release -- Closes #789758, #790260, #790522 - -* Sat Feb 11 2012 Lennart Poettering - 42-1 -- New upstream release -- Save a bit of entropy during system installation (#789407) -- Don't own /etc/os-release anymore, leave that to fedora-release - -* Thu Feb 9 2012 Adam Williamson - 41-2 -- rebuild for fixed binutils - -* Thu Feb 9 2012 Lennart Poettering - 41-1 -- New upstream release - -* Tue Feb 7 2012 Lennart Poettering - 40-1 -- New upstream release - -* Thu Jan 26 2012 Kay Sievers - 39-3 -- provide /sbin/shutdown - -* Wed Jan 25 2012 Harald Hoyer 39-2 -- increment release - -* Wed Jan 25 2012 Kay Sievers - 39-1.1 -- install everything in /usr - https://fedoraproject.org/wiki/Features/UsrMove - -* Wed Jan 25 2012 Lennart Poettering - 39-1 -- New upstream release - -* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 -- Update to a current git snapshot. -- Resolves: #781657 - -* Sun Jan 22 2012 Michal Schmidt - 38-5 -- Build against libgee06. Reenable gtk tools. -- Delete unused patches. -- Add easy building of git snapshots. -- Remove legacy spec file elements. -- Don't mention implicit BuildRequires. -- Configure with --disable-static. -- Merge -units into the main package. -- Move section 3 manpages to -devel. -- Fix unowned directory. -- Run ldconfig in scriptlets. -- Split systemd-analyze to a subpackage. - -* Sat Jan 21 2012 Dan Horák - 38-4 -- fix build on big-endians - -* Wed Jan 11 2012 Lennart Poettering - 38-3 -- Disable building of gtk tools for now - -* Wed Jan 11 2012 Lennart Poettering - 38-2 -- Fix a few (build) dependencies - -* Wed Jan 11 2012 Lennart Poettering - 38-1 -- New upstream release - -* Tue Nov 15 2011 Michal Schmidt - 37-4 -- Run authconfig if /etc/pam.d/system-auth is not a symlink. -- Resolves: #753160 - -* Wed Nov 02 2011 Michal Schmidt - 37-3 -- Fix remote-fs-pre.target and its ordering. -- Resolves: #749940 - -* Wed Oct 19 2011 Michal Schmidt - 37-2 -- A couple of fixes from upstream: -- Fix a regression in bash-completion reported in Bodhi. -- Fix a crash in isolating. -- Resolves: #717325 - -* Tue Oct 11 2011 Lennart Poettering - 37-1 -- New upstream release -- Resolves: #744726, #718464, #713567, #713707, #736756 - -* Thu Sep 29 2011 Michal Schmidt - 36-5 -- Undo the workaround. Kay says it does not belong in systemd. -- Unresolves: #741655 - -* Thu Sep 29 2011 Michal Schmidt - 36-4 -- Workaround for the crypto-on-lvm-on-crypto disk layout -- Resolves: #741655 - -* Sun Sep 25 2011 Michal Schmidt - 36-3 -- Revert an upstream patch that caused ordering cycles -- Resolves: #741078 - -* Fri Sep 23 2011 Lennart Poettering - 36-2 -- Add /etc/timezone to ghosted files - -* Fri Sep 23 2011 Lennart Poettering - 36-1 -- New upstream release -- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 - -* Thu Sep 1 2011 Lennart Poettering - 35-1 -- New upstream release -- Update post scripts -- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 - -* Thu Aug 25 2011 Lennart Poettering - 34-1 -- New upstream release - -* Fri Aug 19 2011 Harald Hoyer 33-2 -- fix ABRT on service file reloading -- Resolves: rhbz#732020 - -* Wed Aug 3 2011 Lennart Poettering - 33-1 -- New upstream release - -* Fri Jul 29 2011 Lennart Poettering - 32-1 -- New upstream release - -* Wed Jul 27 2011 Lennart Poettering - 31-2 -- Fix access mode of modprobe file, restart logind after upgrade - -* Wed Jul 27 2011 Lennart Poettering - 31-1 -- New upstream release - -* Wed Jul 13 2011 Lennart Poettering - 30-1 -- New upstream release - -* Thu Jun 16 2011 Lennart Poettering - 29-1 -- New upstream release - -* Mon Jun 13 2011 Michal Schmidt - 28-4 -- Apply patches from current upstream. -- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) - -* Wed Jun 08 2011 Michal Schmidt - 28-3 -- Apply patches from current upstream -- https://bugzilla.redhat.com/show_bug.cgi?id=709909 -- https://bugzilla.redhat.com/show_bug.cgi?id=710839 -- https://bugzilla.redhat.com/show_bug.cgi?id=711015 - -* Sat May 28 2011 Lennart Poettering - 28-2 -- Pull in nss-myhostname - -* Thu May 26 2011 Lennart Poettering - 28-1 -- New upstream release - -* Wed May 25 2011 Lennart Poettering - 26-2 -- Bugfix release -- https://bugzilla.redhat.com/show_bug.cgi?id=707507 -- https://bugzilla.redhat.com/show_bug.cgi?id=707483 -- https://bugzilla.redhat.com/show_bug.cgi?id=705427 -- https://bugzilla.redhat.com/show_bug.cgi?id=707577 - -* Sat Apr 30 2011 Lennart Poettering - 26-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=699394 -- https://bugzilla.redhat.com/show_bug.cgi?id=698198 -- https://bugzilla.redhat.com/show_bug.cgi?id=698674 -- https://bugzilla.redhat.com/show_bug.cgi?id=699114 -- https://bugzilla.redhat.com/show_bug.cgi?id=699128 - -* Thu Apr 21 2011 Lennart Poettering - 25-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=694788 -- https://bugzilla.redhat.com/show_bug.cgi?id=694321 -- https://bugzilla.redhat.com/show_bug.cgi?id=690253 -- https://bugzilla.redhat.com/show_bug.cgi?id=688661 -- https://bugzilla.redhat.com/show_bug.cgi?id=682662 -- https://bugzilla.redhat.com/show_bug.cgi?id=678555 -- https://bugzilla.redhat.com/show_bug.cgi?id=628004 - -* Wed Apr 6 2011 Lennart Poettering - 24-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=694079 -- https://bugzilla.redhat.com/show_bug.cgi?id=693289 -- https://bugzilla.redhat.com/show_bug.cgi?id=693274 -- https://bugzilla.redhat.com/show_bug.cgi?id=693161 - -* Tue Apr 5 2011 Lennart Poettering - 23-1 -- New upstream release -- Include systemd-sysv-convert - -* Fri Apr 1 2011 Lennart Poettering - 22-1 -- New upstream release - -* Wed Mar 30 2011 Lennart Poettering - 21-2 -- The quota services are now pulled in by mount points, hence no need to enable them explicitly - -* Tue Mar 29 2011 Lennart Poettering - 21-1 -- New upstream release - -* Mon Mar 28 2011 Matthias Clasen - 20-2 -- Apply upstream patch to not send untranslated messages to plymouth - -* Tue Mar 8 2011 Lennart Poettering - 20-1 -- New upstream release - -* Tue Mar 1 2011 Lennart Poettering - 19-1 -- New upstream release - -* Wed Feb 16 2011 Lennart Poettering - 18-1 -- New upstream release - -* Mon Feb 14 2011 Bill Nottingham - 17-6 -- bump upstart obsoletes (#676815) - -* Wed Feb 9 2011 Tom Callaway - 17-5 -- add macros.systemd file for %%{_unitdir} - -* Wed Feb 09 2011 Fedora Release Engineering - 17-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Wed Feb 9 2011 Lennart Poettering - 17-3 -- Fix popen() of systemctl, #674916 - -* Mon Feb 7 2011 Bill Nottingham - 17-2 -- add epoch to readahead obsolete - -* Sat Jan 22 2011 Lennart Poettering - 17-1 -- New upstream release - -* Tue Jan 18 2011 Lennart Poettering - 16-2 -- Drop console.conf again, since it is not shipped in pamtmp.conf - -* Sat Jan 8 2011 Lennart Poettering - 16-1 -- New upstream release - -* Thu Nov 25 2010 Lennart Poettering - 15-1 -- New upstream release - -* Thu Nov 25 2010 Lennart Poettering - 14-1 -- Upstream update -- Enable hwclock-load by default -- Obsolete readahead -- Enable /var/run and /var/lock on tmpfs - -* Fri Nov 19 2010 Lennart Poettering - 13-1 -- new upstream release - -* Wed Nov 17 2010 Bill Nottingham 12-3 -- Fix clash - -* Wed Nov 17 2010 Lennart Poettering - 12-2 -- Don't clash with initscripts for now, so that we don't break the builders - -* Wed Nov 17 2010 Lennart Poettering - 12-1 -- New upstream release - -* Fri Nov 12 2010 Matthias Clasen - 11-2 -- Rebuild with newer vala, libnotify - -* Thu Oct 7 2010 Lennart Poettering - 11-1 -- New upstream release - -* Wed Sep 29 2010 Jesse Keating - 10-6 -- Rebuilt for gcc bug 634757 - -* Thu Sep 23 2010 Bill Nottingham - 10-5 -- merge -sysvinit into main package - -* Mon Sep 20 2010 Bill Nottingham - 10-4 -- obsolete upstart-sysvinit too - -* Fri Sep 17 2010 Bill Nottingham - 10-3 -- Drop upstart requires - -* Tue Sep 14 2010 Lennart Poettering - 10-2 -- Enable audit -- https://bugzilla.redhat.com/show_bug.cgi?id=633771 - -* Tue Sep 14 2010 Lennart Poettering - 10-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=630401 -- https://bugzilla.redhat.com/show_bug.cgi?id=630225 -- https://bugzilla.redhat.com/show_bug.cgi?id=626966 -- https://bugzilla.redhat.com/show_bug.cgi?id=623456 - -* Fri Sep 3 2010 Bill Nottingham - 9-3 -- move fedora-specific units to initscripts; require newer version thereof - -* Fri Sep 3 2010 Lennart Poettering - 9-2 -- Add missing tarball - -* Fri Sep 3 2010 Lennart Poettering - 9-1 -- New upstream version -- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 - -* Fri Aug 27 2010 Lennart Poettering - 8-3 -- Reexecute after installation, take ownership of /var/run/user -- https://bugzilla.redhat.com/show_bug.cgi?id=627457 -- https://bugzilla.redhat.com/show_bug.cgi?id=627634 - -* Thu Aug 26 2010 Lennart Poettering - 8-2 -- Properly create default.target link - -* Wed Aug 25 2010 Lennart Poettering - 8-1 -- New upstream release - -* Thu Aug 12 2010 Lennart Poettering - 7-3 -- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 - -* Thu Aug 12 2010 Lennart Poettering - 7-2 -- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 - -* Tue Aug 10 2010 Lennart Poettering - 7-1 -- New upstream release - -* Fri Aug 6 2010 Lennart Poettering - 6-2 -- properly hide output on package installation -- pull in coreutils during package installtion - -* Fri Aug 6 2010 Lennart Poettering - 6-1 -- New upstream release -- Fixes #621200 - -* Wed Aug 4 2010 Lennart Poettering - 5-2 -- Add tarball - -* Wed Aug 4 2010 Lennart Poettering - 5-1 -- Prepare release 5 - -* Tue Jul 27 2010 Bill Nottingham - 4-4 -- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) - -* Sat Jul 24 2010 Lennart Poettering - 4-3 -- Add libselinux to build dependencies - -* Sat Jul 24 2010 Lennart Poettering - 4-2 -- Use the right tarball - -* Sat Jul 24 2010 Lennart Poettering - 4-1 -- New upstream release, and make default - -* Tue Jul 13 2010 Lennart Poettering - 3-3 -- Used wrong tarball - -* Tue Jul 13 2010 Lennart Poettering - 3-2 -- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore - -* Tue Jul 13 2010 Lennart Poettering - 3-1 -- New upstream release - -* Fri Jul 9 2010 Lennart Poettering - 2-0 -- New upstream release - -* Wed Jul 7 2010 Lennart Poettering - 1-0 -- First upstream release - -* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 -- New snapshot -- Split off -units package where other packages can depend on without pulling in the whole of systemd - -* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b -- Add missing libtool dependency. - -* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b -- Update snapshot - -* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 -- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 - -* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e -- More minor fixes as per review - -* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e -- Spec improvements from David Hollis - -* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e -- Address review comments - -* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 -- Initial spec (adopted from Kay Sievers) diff --git a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch new file mode 100644 index 0000000..84497ad --- /dev/null +++ b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch @@ -0,0 +1,129 @@ +From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 14 Sep 2020 17:58:03 +0200 +Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() + +https://bugzilla.redhat.com/show_bug.cgi?id=1803070 + +I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different +than the one we get from /proc/self/fdinfo/. This only matters when both statx and +name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: + +(gdb) !uname -r +5.6.19-200.fc31.ppc64le + +(gdb) !cat /proc/self/mountinfo +697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== +701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel +702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw +703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 +704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel +705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 +706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 +722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel +725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel +614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate +615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 + +The test process does +name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then +openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then +read(open("/proc/self/fdinfo/4", ...)) which gives +"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" + +and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. + +We could either drop the fallback path (and fail name_to_handle_at() is not +avaliable) or ignore the error in the test. Not sure what is better. I think +this issue only occurs sometimes and with older kernels, so probably continuing +with the current flaky implementation is better than ripping out the fallback. + +Another strace: +writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 +) = 28 +name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 +writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 +) = 20 +name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 +writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 +) = 30 +name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 +writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 +) = 23 +name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) +openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 +openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 +read(5, "", 1024) = 0 +close(5) = 0 +close(4) = 0 +writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 +) = 42 +writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc +) = 39 +writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. +) = 109 +rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 +rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 +getpid() = 20 +gettid() = 20 +tgkill(20, 20, SIGABRT) = 0 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 +--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- ++++ killed by SIGABRT (core dumped) +++ +--- + src/test/test-mountpoint-util.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 30b00ae4d8b..ffe5144b04a 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -89,8 +89,12 @@ static void test_mnt_id(void) { + /* The ids don't match? If so, then there are two mounts on the same path, let's check if + * that's really the case */ + char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); +- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); +- assert_se(path_equal(p, t)); ++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); ++ ++ if (!path_equal(p, t)) ++ /* Apparent kernel bug in /proc/self/fdinfo */ ++ log_warning("Bad mount id given for %s: %d, should be %d", ++ p, mnt_id2, mnt_id); + } + } + diff --git a/inittab b/inittab new file mode 100644 index 0000000..3f5e83c --- /dev/null +++ b/inittab @@ -0,0 +1,16 @@ +# inittab is no longer used. +# +# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. +# +# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target +# +# systemd uses 'targets' instead of runlevels. By default, there are two main targets: +# +# multi-user.target: analogous to runlevel 3 +# graphical.target: analogous to runlevel 5 +# +# To view current default target, run: +# systemctl get-default +# +# To set a default target, run: +# systemctl set-default TARGET.target diff --git a/libfdisk_version_for_centos.patch b/libfdisk_version_for_centos.patch new file mode 100644 index 0000000..1a8535b --- /dev/null +++ b/libfdisk_version_for_centos.patch @@ -0,0 +1,25 @@ +From 69443affcaa711a9a3355994458542d3732631a5 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 30 Nov 2021 12:08:50 -0800 +Subject: [PATCH] Re-enable repart if libfdisk ver. has range fix + +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 6263e7c0fc..35e6c4f376 100644 +--- a/meson.build ++++ b/meson.build +@@ -1011,7 +1011,7 @@ libmount = dependency('mount', + want_libfdisk = get_option('fdisk') + if want_libfdisk != 'false' and not skip_deps + libfdisk = dependency('fdisk', +- version : '>= 2.33', ++ version : '>= 2.32.1', + required : want_libfdisk == 'true') + have = libfdisk.found() + else +-- +2.31.1 + diff --git a/libsystemd-shared.abignore b/libsystemd-shared.abignore new file mode 100644 index 0000000..e412d8b --- /dev/null +++ b/libsystemd-shared.abignore @@ -0,0 +1,3 @@ +[suppress_file] +# This shared object is private to systemd +file_name_regexp=libsystemd-shared-.*.so diff --git a/macros.sysusers b/macros.sysusers new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/macros.sysusers @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/owner-check.sh b/owner-check.sh new file mode 100755 index 0000000..3273a3f --- /dev/null +++ b/owner-check.sh @@ -0,0 +1,53 @@ +#!/bin/bash +set -e + +verb="$1" + +[ "$verb" = "-s" ] && do_send=1 || do_send= + +[ -n "$do_send" ] && [ -z "$server" -o -z "login" ] && { echo '$server and $login need to be set'; exit 1; } + +header= +from=systemd-maint@fedoraproject.org +time='2 years ago' +# time='1 day ago' +port=587 + +for user in "$@"; do + echo "checking $user…" + + p=$(git log -1 --all --author "$user") + if [ -z "$p" ]; then + echo "No commits from $user, check spelling" + exit 1 + fi + + t=$(git shortlog --all --author "$user" --since "@{$time}" | wc -l) + if [ $t != 0 ]; then + echo "$t commits in the last two years, OK" + echo + continue + fi + + echo "$p" | head -n6 + echo ".. adding to list" + + if [ -z "$header" ]; then + echo '$USER$;$EMAIL$' >.mail.list + header=done + fi + + echo "$user;$user@fedoraproject.org" >>.mail.list + echo +done + +[ -z "$header" ] && exit 0 +[ -n "$do_send" ] || exit 0 + +echo "Sending mails…" +set -x +massmail -F "$from" \ + -C "$from" \ + -S 'write access to the fedora systemd package' \ + -z "$server" -u "$login" -P "$port" \ + .mail.list /dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..174fbd2 --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,13 @@ + # Disable badfuncs check that has tons of false positives. +badfuncs: + exclude_path: .* + +# don't report changed content of compiled files +# that is expected with every update +changedfiles: + exclude_path: .* + +# completely disabled inspections: +inspections: + # we know about our patches, no need to report anything + patches: off diff --git a/split-files.py b/split-files.py new file mode 100644 index 0000000..f883f73 --- /dev/null +++ b/split-files.py @@ -0,0 +1,157 @@ +import re, sys, os, collections + +buildroot = sys.argv[1] +known_files = sys.stdin.read().splitlines() +known_files = {line.split()[-1]:line for line in known_files} + +def files(root): + os.chdir(root) + todo = collections.deque(['.']) + while todo: + n = todo.pop() + files = os.scandir(n) + for file in files: + yield file + if file.is_dir() and not file.is_symlink(): + todo.append(file) + +o_libs = open('.file-list-libs', 'w') +o_udev = open('.file-list-udev', 'w') +o_pam = open('.file-list-pam', 'w') +o_rpm_macros = open('.file-list-rpm-macros', 'w') +o_devel = open('.file-list-devel', 'w') +o_container = open('.file-list-container', 'w') +o_networkd = open('.file-list-networkd', 'w') +o_oomd_defaults = open('.file-list-oomd-defaults', 'w') +o_remote = open('.file-list-remote', 'w') +o_resolve = open('.file-list-resolve', 'w') +o_tests = open('.file-list-tests', 'w') +o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') +o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') +o_rest = open('.file-list-rest', 'w') +for file in files(buildroot): + n = file.path[1:] + if re.match(r'''/usr/(share|include)$| + /usr/share/man(/man.|)$| + /usr/share/zsh(/site-functions|)$| + /usr/share/dbus-1$| + /usr/share/dbus-1/system.d$| + /usr/share/dbus-1/(system-|)services$| + /usr/share/polkit-1(/actions|/rules.d|)$| + /usr/share/pkgconfig$| + /usr/share/bash-completion(/completions|)$| + /usr(/lib|/lib64|/bin|/sbin|)$| + /usr/lib.*/(security|pkgconfig)$| + /usr/lib/rpm(/macros.d|)$| + /usr/lib/firewalld(/services|)$| + /usr/share/(locale|licenses|doc)| # no $ + /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| + /etc/(dnf|dnf/protected.d)$| + /usr/(src|lib/debug)| # no $ + /run$| + /var(/cache|/log|/lib|/run|)$ + ''', n, re.X): + continue + if '/security/pam_' in n or '/man8/pam_' in n: + o = o_pam + elif '/rpm/' in n: + o = o_rpm_macros + elif '/usr/lib/systemd/tests' in n: + o = o_tests + elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? + + systemd-journal-gatewayd + Journal Gateway Service + + diff --git a/systemd-journal-remote.xml b/systemd-journal-remote.xml new file mode 100644 index 0000000..e115a12 --- /dev/null +++ b/systemd-journal-remote.xml @@ -0,0 +1,6 @@ + + + systemd-journal-remote + Journal Remote Sink + + diff --git a/systemd-udev-trigger-no-reload.conf b/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000..c879427 --- /dev/null +++ b/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..2725df9 --- /dev/null +++ b/systemd-user @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth diff --git a/systemd.rpmlintrc b/systemd.rpmlintrc new file mode 100644 index 0000000..9db0ab0 --- /dev/null +++ b/systemd.rpmlintrc @@ -0,0 +1,50 @@ +# Just kill all warnings about README being wrong in every possible way +addFilter(r'README') + +addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)') + +addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh') + +addFilter(r'non-readable /etc/crypttab') + +addFilter(r'non-conffile-in-etc /etc/inittab') + +addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants') + +addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment') + +addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc') + +addFilter(r'non-standard-dir-perm /var/cache/private 700') + +addFilter(r'non-root-group-log-file /var/log/btmp utmp') + +addFilter(r'non-standard-dir-perm /var/log/private 700') + +addFilter(r'non-root-group-log-file /var/log/wtmp utmp') + +addFilter(r'dangerous-command-in-') + +addFilter(r'summary-not-capitalized C systemd') + +addFilter(r'obsolete-not-provided') + +addFilter(r'postin-without-ldconfig') + +addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib') + +addFilter(r'systemd-rpm-macros.noarch: W: no-documentation') + +addFilter(r'systemd-tests\..*: W: no-documentation') + +addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo') + +addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)') + +# everybody does it this way: systemd, syslog-ng, rsyslog +addFilter(r'unversioned-explicit-provides syslog') + +# systemd-machine-id-setup requires libssl +addFilter(r'explicit-lib-dependency openssl-libs') + +addFilter(r'systemd.src:.*strange-permission') diff --git a/systemd.spec b/systemd.spec new file mode 100644 index 0000000..5eb7653 --- /dev/null +++ b/systemd.spec @@ -0,0 +1,3740 @@ +#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} + +%global stable 1 + +# We ship a .pc file but don't want to have a dep on pkg-config. We +# strip the automatically generated dep here and instead co-own the +# directory. +%global __requires_exclude pkg-config + +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user + +%if 0%{?__isa_bits} == 64 +%global elf_bits (64bit) +%global elf_suffix ()%{elf_bits} +%endif + +# Bootstrap may be needed to break intercircular dependencies with +# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. +%bcond_with bootstrap +%bcond_without tests +%bcond_without lto + +# Support for quick builds with rpmbuild --build-in-place. +# See README.build-in-place. +%bcond_with inplace + +%if 0%{?facebook} +%bcond_with selinux +%else +%bcond_without selinux +%endif + +# Remove this when the macro exists in CentOS +%global version_no_tilde %(c=%{version}; echo ${c}|tr '~' '-') + +Name: systemd +Url: https://www.freedesktop.org/wiki/Software/systemd +%if %{without inplace} +Version: 249.4 +Release: 2.13%{?dist} +%else +# determine the build information from local checkout +Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') +Release: 1 +%endif +# For a breakdown of the licensing, see README +License: LGPLv2+ and MIT and GPLv2+ +Summary: System and Service Manager + +# download tarballs with "spectool -g systemd.spec" +%if %{defined commit} +Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +%else +%if 0%{?stable} +Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%else +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%endif +%endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found in build/src/core/. +Source1: triggers.systemd +Source2: split-files.py +Source3: purge-nobody-user + +# Prevent accidental removal of the systemd package +Source4: yum-protect-systemd.conf + +Source9: 20-yama-ptrace.conf +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: libsystemd-shared.abignore + +Source14: 10-oomd-defaults.conf +Source15: 10-oomd-root-slice-defaults.conf +Source16: 10-oomd-user-service-defaults.conf + +Source21: macros.sysusers +Source22: sysusers.attr +Source23: sysusers.prov +Source24: sysusers.generate-pre.sh + +# Needed for selinux subpackage +Source100: Makefile.selinux +Source101: systemd_hs.te +Source102: systemd_hs.if + +%if 0 +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable +i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch +%endif + +# Backports of patches from upstream (0000–0499) +# +# Any patches which are "in preparation" upstream should be listed +# here, rather than in the next section. Packit CI will drop any +# patches in this range before applying upstream pull requests. + +%if 0%{?facebook} +Patch0001: 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch +Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch + +# PR 18621: FB variant of quieting "proc: Bad value for 'hidepid'" messages +Patch0006: 18621-fb.patch +%else +# PR 18621: Quiet "proc: Bad value for 'hidepid'" messages +Patch0006: https://github.com/systemd/systemd/pull/18621.patch +%endif + +# PRs to support additional systemd.network and systemd.link features +Patch0007: https://github.com/systemd/systemd/pull/20743.patch +Patch0008: https://github.com/systemd/systemd/pull/20458.patch +Patch0009: https://github.com/systemd/systemd/pull/20472.patch +Patch0010: https://github.com/systemd/systemd/pull/20477.patch +Patch0011: https://github.com/systemd/systemd/pull/20484.patch +Patch0012: https://github.com/systemd/systemd/pull/20489.patch +Patch0013: https://github.com/systemd/systemd/pull/20450.patch +Patch0014: https://github.com/systemd/systemd/pull/20541.patch +Patch0015: https://github.com/systemd/systemd/pull/20729.patch +Patch0016: https://github.com/systemd/systemd/pull/20828.patch +# Part of PR #20892; it was difficult to backport the whole PR +Patch0017: 50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch + +# PR 20875: allow verifying hidden (dot) files again +Patch0018: https://github.com/systemd/systemd/pull/20875.patch + +# PR 20978: serialize bpf device programs across reloads/reexecs +Patch0019: https://github.com/systemd/systemd/pull/20978.patch + +# PR 20676: don't rewrite sysctls that are already set +Patch0020: 20676_cherrypicked.patch + +# PR 21221: Fixes non-deterministic Slice= assignments +Patch0021: 21221.patch + +# PR 21241: fix bpf-foreign cgroup controller realization +Patch0022: 21241.patch + +# PR 20695: Sync if_arp.h with Linux 5.14 +Patch0023: 20695.patch + +%if 0%{?facebook} +# PR 22426: MemoryZSwapMax= to configure memory.zswap.max +Patch0024: 22426-fb.patch +%endif + +# Downstream-only patches (0500–9999) + +# https://github.com/systemd/systemd/pull/17050 +Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +# Downgrade sysv-generator messages from warning to debug +Patch0502: 0001-sysv-generator-downgrade-log-warning-about-autogener.patch +# Update libfdisk dep version to 2.32.1-26 (has the fix for repart tests to pass) +Patch0503: libfdisk_version_for_centos.patch + +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 +%endif + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: coreutils +BuildRequires: libcap-devel +BuildRequires: libmount-devel +BuildRequires: libfdisk-devel >= 2.32.1-26 +BuildRequires: libpwquality-devel +BuildRequires: pam-devel +BuildRequires: libselinux-devel +BuildRequires: audit-libs-devel +%if %{without bootstrap} +BuildRequires: cryptsetup-devel +%endif +BuildRequires: dbus-devel +BuildRequires: /usr/sbin/sfdisk +# /usr/bin/getfacl is needed by test-acl-util +BuildRequires: /usr/bin/getfacl +BuildRequires: libacl-devel +BuildRequires: gobject-introspection-devel +BuildRequires: libblkid-devel +BuildRequires: xz-devel +BuildRequires: xz +BuildRequires: lz4-devel +BuildRequires: lz4 +BuildRequires: bzip2-devel +BuildRequires: libzstd-devel +BuildRequires: libidn2-devel +BuildRequires: libcurl-devel +BuildRequires: kmod-devel +BuildRequires: elfutils-devel +BuildRequires: openssl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libgpg-error-devel +BuildRequires: gnutls-devel +BuildRequires: libmicrohttpd-devel +BuildRequires: libxkbcommon-devel +BuildRequires: iptables-devel +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(tss2-rc) +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: systemtap-sdt-devel +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +BuildRequires: pkgconfig +BuildRequires: gperf +BuildRequires: gawk +BuildRequires: tree +BuildRequires: hostname +BuildRequires: python3-devel +BuildRequires: python3-lxml +BuildRequires: python3-jinja2 +%if 0%{?have_gnu_efi} +BuildRequires: gnu-efi gnu-efi-devel +%endif +BuildRequires: libseccomp-devel +%if 0%{?el8} +BuildRequires: meson >= 0.57 +%else +BuildRequires: meson >= 0.43 +%endif +BuildRequires: gettext +# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +BuildRequires: valgrind-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: perl +BuildRequires: perl(IPC::SysV) + +Requires(post): coreutils +Requires(post): sed +Requires(post): acl +Requires(post): grep +# systemd-machine-id-setup requires libssl +Requires(post): openssl-libs +Requires(pre): coreutils +Requires: dbus >= 1.9.18 +Requires: %{name}-pam = %{version}-%{release} +Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: %{name}-libs = %{version}-%{release} +%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} +%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} +Recommends: diffutils +Requires: (util-linux-core or util-linux) +Recommends: libxkbcommon%{?_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 +Obsoletes: systemd-sysv < 206 +%if 0%{?facebook} == 0 +# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) +Obsoletes: %{name} < 249~~ +Conflicts: initscripts < 9.56.1 +%endif +Provides: systemd-sysv = 206 +%if 0%{?fedora} +Conflicts: fedora-release < 23-0.12 +%endif +Obsoletes: timedatex < 0.6-3 +Provides: timedatex = 0.6-3 +Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release} +Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release} +Conflicts: %{name}-standalone-sysusers < %{version}-%{release} +Obsoletes: %{name}-standalone-sysusers < %{version}-%{release} + +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +Recommends: libidn2.so.0%{?elf_suffix} +Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Recommends: libpcre2-8.so.0%{?elf_suffix} +Recommends: libpwquality.so.1%{?elf_suffix} +Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} + +%if %{with selinux} +# Force the SELinux module to be installed +Requires: %{name}-selinux = %{version}-%{release} +%endif + +%description +systemd is a system and service manager that runs as PID 1 and starts +the rest of the system. It provides aggressive parallelization +capabilities, uses socket and D-Bus activation for starting services, +offers on-demand starting of daemons, keeps track of processes using +Linux control groups, maintains mount and automount points, and +implements an elaborate transactional dependency-based service control +logic. systemd supports SysV and LSB init scripts and works as a +replacement for sysvinit. Other parts of this package are a logging daemon, +utilities to control basic system configuration like the hostname, +date, locale, maintain a list of logged-in users, system accounts, +runtime directories and settings, and daemons to manage simple network +configuration, network time synchronization, log forwarding, and name +resolution. +%if 0%{?stable} +This package was built from the %{version}-stable branch of systemd. +%endif + +%package libs +Summary: systemd libraries +License: LGPLv2+ and MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 +Requires(post): coreutils +Requires(post): sed +Requires(post): grep +Requires(post): /usr/bin/getent + +%description libs +Libraries for systemd and udev. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package rpm-macros +Summary: Macros that define paths and scriptlets related to systemd +BuildArch: noarch + +%description rpm-macros +Just the definitions of rpm macros. + +See +https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd +for information how to use those macros. + +%package devel +Summary: Development headers for systemd +License: LGPLv2+ and MIT +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 +# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153) +Requires: %{name}-pam = %{version}-%{release} + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package udev +Summary: Rule-based device node and kernel event manager +License: LGPLv2+ + +Requires: systemd%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +%if 0%{?facebook} == 0 +# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 +Obsoletes: systemd < 245.6-1 +%endif +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 + +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Suggests: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Requires: kbd + +# https://bugzilla.redhat.com/show_bug.cgi?id=1753381 +Provides: u2f-hidraw-policy = 1.0.2-40 +Obsoletes: u2f-hidraw-policy < 1.0.2-40 + +%description udev +This package contains systemd-udev and the rules and hardware database +needed to manage device nodes. This package is necessary on physical +machines and in virtual machines, but not in containers. + +%package container +# Name is the same as in Debian +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +License: LGPLv2+ + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains systemd-nspawn, machinectl, systemd-machined, +and systemd-importd. + +%package journal-remote +# Name is the same as in Debian +Summary: Tools to send journal events over the network +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 + +%description journal-remote +Programs to forward journal entries over the network, using encrypted HTTP, +and to write journal files from serialized journal contents. + +This package contains systemd-journal-gatewayd, +systemd-journal-remote, and systemd-journal-upload. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ + +%description networkd +systemd-networkd is a system service that manages networks. It detects +and configures network devices as they appear, as well as creating virtual +network devices. + +%package resolved +Summary: Network Name Resolution manager +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description resolved +systemd-resolved is a system service that provides network name resolution +to local applications. It implements a caching and validating DNS/DNSSEC +stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package oomd-defaults +Summary: Configuration files for systemd-oomd +Requires: %{name} = %{version}-%{release} +License: LGPLv2+ +BuildArch: noarch + +%description oomd-defaults +A set of drop-in files for systemd units to enable action from systemd-oomd, +a userspace out-of-memory (OOM) killer. + +%package tests +Summary: Internal unit tests for systemd +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ + +%description tests +"Installed tests" that are usually run as part of the build system. +They can be useful to test systemd internals. + +%if %{with selinux} +%package selinux +Summary: SELinux module for systemd +BuildArch: noarch +BuildRequires: bzip2 +BuildRequires: make +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +Requires(post): selinux-policy-base >= %{_selinux_policy_version} +Requires(post): policycoreutils +Requires(post): policycoreutils-python-utils +Requires(pre): libselinux-utils +Requires(post): libselinux-utils + +%description selinux +This package provides the SELinux policy module to ensure systemd +runs properly under an environment with SELinux enabled. +%endif + +%prep +%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 + +%if %{with selinux} +mkdir selinux +cp %SOURCE100 %SOURCE101 %SOURCE102 selinux +%endif + +%build +%define ntpvendor %(source /etc/os-release; echo ${ID}) +%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} + +CONFIGURE_OPTS=( + -Dmode=release + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' + -Ddns-servers= + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin + -Dservice-watchdog= + -Ddev-kvm-mode=0666 + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dfdisk=true + -Dseccomp=true + -Dima=true + -Dselinux=true + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dzstd=true + -Dpam=true + -Dacl=true + -Dsmack=true + -Dopenssl=true + -Dgcrypt=true + -Daudit=true + -Delfutils=true +%if %{without bootstrap} + -Dlibcryptsetup=true +%else + -Dlibcryptsetup=false +%endif + -Delfutils=true + -Dgnutls=true + -Dmicrohttpd=true + -Dlibidn2=true + -Dlibiptc=false + -Dlibcurl=true + -Defi=true + -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false} + -Dtpm=true + -Dtpm2=true + -Dhwdb=true + -Dsysusers=true + -Ddefault-kill-user-processes=false + -Dtests=unsafe + -Dinstall-tests=true + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dcompat-mutable-uid-boundaries=true + -Dsplit-usr=false + -Dsplit-bin=true +%if %{with lto} + -Db_lto=true +%else + -Db_lto=false +%endif + -Db_ndebug=false + -Dman=true + -Dversion-tag=v%{version}-%{release} +%if 0%{?fedora} + -Dfallback-hostname=fedora +%else + -Dfallback-hostname=localhost +%endif + -Ddefault-dnssec=no + -Ddefault-dns-over-tls=opportunistic + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=no + -Ddefault-llmnr=resolve + -Doomd=true + -Dadm-gid=4 + -Daudio-gid=63 + -Dcdrom-gid=11 + -Ddialout-gid=18 + -Ddisk-gid=6 + -Dinput-gid=104 # https://pagure.io/setup/pull-request/27 + -Dkmem-gid=9 + -Dkvm-gid=36 + -Dlp-gid=7 + -Drender-gid=105 # https://pagure.io/setup/pull-request/27 + -Dsgx-gid=106 # https://pagure.io/setup/pull-request/27 + -Dtape-gid=33 + -Dtty-gid=5 + -Dusers-gid=100 + -Dutmp-gid=22 + -Dvideo-gid=39 + -Dwheel-gid=10 + -Dsystemd-journal-gid=190 + -Dsystemd-network-uid=192 + -Dsystemd-resolve-uid=193 + # -Dsystemd-timesync-uid=, not set yet + # Need to set this for CentOS build + -Ddocdir=%{_pkgdocdir} + # CentOS is missing newer deps required to include these + # But also these aren't as relevant for the hyperscale use case + -Dp11kit=false + -Duserdb=false + -Dhomed=false + -Dpwquality=false + -Dqrencode=false + -Dlibfido2=false + # Old version of PAM might not support files in /usr/lib/pam.d/ so + # stick with the old /etc/pam.d + -Dpamconfdir=/etc/pam.d + # Standalone binaries are only relevant on non-systemd systems + -Dstandalone-binaries=false +) + +%if 0%{?facebook} +CONFIGURE_OPTS+=( + -Dntp-servers='1.ntp.vip.facebook.com 2.ntp.vip.facebook.com 3.ntp.vip.facebook.com 4.ntp.vip.facebook.com' + -Ddns-servers='10.127.255.51 10.191.255.51 2401:db00:eef0:a53:: 2401:db00:eef0:b53::' + -Dsupport-url='https://www.facebook.com/groups/systemd.and.friends/' + -Dcontainer-uid-base-min=10485760 +) +%endif + +%if %{without lto} +%global _lto_cflags %nil +%endif + +export LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 +# Do configuration. If doing an inplace build, try to do +# reconfiguration to pick up new options. +%if %{with inplace} + command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } + + [ -e %{_vpath_builddir}/build.ninja ] && + %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || +%endif +{ %meson "${CONFIGURE_OPTS[@]}"; } + +%meson_build + +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi + +%if %{with selinux} +cd selinux +%{__make} -f Makefile.selinux SHARE="%{_datadir}" TARGETS="systemd_hs" +%endif + +%install +export LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/sysctl.conf compat +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync +ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock +touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + +# Install additional docs +# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || : + +# FIXME: move to %postun. We want to restart systemd *after* removing +# files from the old rpm. Right now we may still have bits the old +# setup if the files are not present in the new version. But before +# implement restarting of *other* services after the transaction, moving +# this would make things worse, increasing the number of warnings we get +# about needed daemon-reload. + +oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) + +systemctl daemon-reexec &>/dev/null || { + # systemd v239 had bug #9553 in D-Bus authentication of the private socket, + # which was later fixed in v240 by #9625. + # + # The end result is that a `systemctl daemon-reexec` call as root will fail + # when upgrading from systemd v239, which means the system will not start + # running the new version of systemd after this post install script runs. + # + # To work around this issue, let's fall back to using a `kill -TERM 1` to + # re-execute the daemon when the `systemctl daemon-reexec` call fails. + # + # In order to prevent issues when the reason why the daemon-reexec failed is + # not the aforementioned bug, let's only use this fallback when: + # - we're upgrading this RPM package; and + # - we confirm that systemd is running as PID1 on this system. + if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then + kill -TERM 1 &>/dev/null || : + fi +} + +if [ "$oomd_state" == "active" ]; then + systemctl start -q systemd-oomd 2>/dev/null || : +fi + +[ $1 -eq 1 ] || exit 0 + +# create /var/log/journal only on initial installation, +# and only if it's writable (it won't be in rpm-ostree). +[ -w %{_localstatedir} ] && mkdir -p %{_localstatedir}/log/journal + +[ -w %{_localstatedir} ] && journalctl --update-catalog || : +systemd-sysusers || : +systemd-tmpfiles --create &>/dev/null || : + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172. +# We also do this for user units, see +# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +systemctl preset-all &>/dev/null || : +systemctl --global preset-all &>/dev/null || : + +%postun +if [ $1 -eq 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + systemd-tmpfiles --create &>/dev/null || : +fi + +%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service + +# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) +# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec + +%triggerpostun -- systemd < 247.3-2 +# This is for upgrades from previous versions before oomd-defaults is available. +# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with +# a different package version. +systemctl --no-reload preset systemd-oomd.service &>/dev/null || : + +%post libs +%{?ldconfig} + +function mod_nss() { + if [ -f "$1" ] ; then + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1:\2 systemd/ + ' "$1" &>/dev/null || : + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + +# check if nobody or nfsnobody is defined +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 +if getent passwd nfsnobody &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +fi + +%{?ldconfig:%postun libs -p %ldconfig} + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null +if [ -L %{_localstatedir}/lib/systemd/timesync ]; then + rm %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync +fi +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then + mkdir -p %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. +fi + +udevadm hwdb --update &>/dev/null + +%systemd_post %udev_services + +# Try to save the random seed, but don't complain if /dev/urandom is unavailable +/usr/lib/systemd/systemd-random-seed save 2>&1 | \ + grep -v 'Failed to open /dev/urandom' || : + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Restart some services. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service + +%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service +%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket +%post journal-remote +%systemd_post %journal_remote_units_restart %journal_remote_units_norestart + +%preun journal-remote +%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart +if [ $1 -eq 1 ] ; then + if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then + mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload + mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. + rmdir %{_localstatedir}/lib/systemd/journal-upload || : + fi +fi + +%postun journal-remote +%systemd_postun_with_restart %journal_remote_units_restart + +%post networkd +# systemd-networkd was split out in systemd-246.6-2. +# Ideally, we would have a trigger scriptlet to record enablement +# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS, +# rpm doesn't allow us to trigger on another package, short of +# querying the rpm database ourselves, which seems risky. For rpm, +# systemd and systemd-networkd are completely unrelated. So let's use +# a hack to detect if an old systemd version is currently present in +# the file system. +# https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then + echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." +else + %systemd_post systemd-networkd.service systemd-networkd-wait-online.service +fi + +%preun networkd +%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : +fi + +%post resolved +[ $1 -gt 1 ] && exit 0 + +# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then + echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." + exit 0 +fi + +%systemd_post systemd-resolved.service + +# Create /etc/resolv.conf symlink. +# We would also create it using tmpfiles, but let's do this here +# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above +# does not do this, because it's marked with ! and we don't specify --boot.) +# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 +# +# If systemd is not running, don't overwrite the symlink because that +# will immediately break DNS resolution, since systemd-resolved is +# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). +# +# Also don't create the symlink to the stub when the stub is disabled (#1891847 again). +if test -d /run/systemd/system/ && + systemctl -q is-enabled systemd-resolved.service &>/dev/null && + ! mountpoint /etc/resolv.conf &>/dev/null && + ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \ + grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf +fi + +%if %{with selinux} +%pre selinux +%selinux_relabel_pre + +%post selinux +%selinux_modules_install %{_datadir}/selinux/packages/systemd_hs.pp.bz2 +%selinux_relabel_post + +%posttrans selinux +%selinux_relabel_post + +%postun selinux +%selinux_modules_uninstall systemd_hs + +if [ $1 -eq 0 ]; then + %selinux_relabel_post +fi +%endif + +%global _docdir_fmt %{name} + +%files -f %{name}.lang -f .file-list-rest +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE.* +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%files libs -f .file-list-libs +%license LICENSE.LGPL2.1 + +%files pam -f .file-list-pam + +%files rpm-macros -f .file-list-rpm-macros + +%files resolved -f .file-list-resolve + +%files devel -f .file-list-devel + +%files udev -f .file-list-udev + +%files container -f .file-list-container + +%files journal-remote -f .file-list-remote + +%files networkd -f .file-list-networkd + +%files oomd-defaults -f .file-list-oomd-defaults + +%files tests -f .file-list-tests + +%if %{with selinux} +%files selinux +%{_datadir}/selinux/devel/include/contrib/systemd_hs.if +%{_datadir}/selinux/packages/systemd_hs.pp.bz2 +%endif + +%changelog +* Thu Feb 24 2022 Daan De Meyer - 249-2.13 +- Move to dist-git layout used by Fedora (no more SOURCES/ and SPECS/) +- Switch to .gitignore from commit 46a40810 from the Fedora RPM repo +- Add back removed files from commit 46a40810 from the Fedora RPM repo except + sources + +* Wed Feb 09 2022 Anita Zhang - 249.4-2.12 +- Backport PR #20695: Sync if_arp.h with Linux 5.14 +- FB-only backport PR #22426: MemoryZSwapMax= to configure memory.zswap.max + +* Tue Nov 30 2021 Anita Zhang - 249.4-2.11 +- Backport PR #21241: fix bpf-foreign cgroup controller realization + +* Tue Nov 30 2021 Anita Zhang - 249.4-2.10 +- Re-enable fdisk and repart since util-linux-2.32.1-26 in C8s has the fix + it needs for tests to pass. + +* Wed Nov 24 2021 Davide Cavalca - 249.4-2.9 +- Disable legacy iptables support + +* Thu Nov 11 2021 Anita Zhang - 249.4-2.8 +- Remove revert_d219a2b07cc5dc8ffd5010f08561fab2780d8616.patch and replace with + proper fix (PR #21221) + +* Wed Nov 10 2021 Anita Zhang - 249.4-2.7 +- Add meson >= 0.57 for el8 builds. This version uses python 3.8. + +* Wed Oct 20 2021 Anita Zhang - 249.4-2.6 +- Revert d219a2b because it creates non-determinisitic Slice= assignments + +* Mon Oct 11 2021 Anita Zhang - 249.4-2.5 +- Remove duplicate Address= properties in network configs (part of PR #20892) +- Serialize bpf device programs across reloads/reexecs (PR #20978) +- Don't rewrite sysctls that are already set (PR #20676) + +* Wed Oct 06 2021 Davide Cavalca - 249.4-2.4 +- Drop qrencode-devel from BuildRequires as it's not actually used + +* Wed Sep 29 2021 Anita Zhang - 249.4-2.3 +- Fix to allow verifying hidden (dot) files again (PR #20875) + +* Fri Sep 24 2021 Anita Zhang - 249.4-2.2 +- Backport more feature support for systemd-networkd + (#20450, #20541, #20729, #20828) + +* Wed Sep 22 2021 Anita Zhang - 249.4-2.1 +- Sync changes from Fedora +- Backport one more feature for systemd-networkd (#20489) + +* Mon Sep 20 2021 Anita Zhang - 249.4-1.1 +- New stable point release +- Backport optimization for read_virtual_file() (#20743) +- Backport new features for systemd-networkd (#20743, #20472, #20477, #20484) + +* Tue Sep 14 2021 Sahana Prasad +- Rebuilt with OpenSSL 3.0.0 + +* Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 +- Latest bugfix release: various fixes for systemd-networkd, + systemd-resolved, systemd, systemd-boot. +- Backport of macros to restart systemd user units (#1993244) + +* Fri Aug 6 2021 Zbigniew Jędrzejewski-Szmek - 249.3-1 +- Latest bugfix release: improved compatibility with latest glibc, + various small documentation fixes, and fixes for systemd-networkd bridging, + other minor fixes. +- systemctl set-property accepts glob patterns now (#1986258) + +* Thu Jul 29 2021 Anita Zhang - 249.2-1.2 +- Remove Obsoletes lines on systemd-resolved and systemd-networkd since we don't + want to install these by default. + +* Wed Jul 28 2021 Anita Zhang - 249.2-1.1 +- New release for 249 +- Drop merged patches +- Split networkd and resolved into their own subpackages. + +* Tue Jul 27 2021 Davide Cavalca - 248.5-1.3 +- Add missing SELinux rules for the GNOME and KDE LiveDVD spins + (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/7) + +* Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 +- Latest bugfix release (a minor hwdb regression bugfix, and correction + to kernel commandline handling when reexecuting PID 1 in a container) + +* Fri Jul 23 2021 Michael Catanzaro - 249.2-1 +- Build with -Ddefault-dns-over-tls=opportunistic + (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) + +* Wed Jul 21 2021 Davide Cavalca - 248.5-1.2 +- Add missing SELinux rules for 248 + (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1) + +* Wed Jul 21 2021 Anita Zhang - 248.5-1.1 +- Update to systemd-stable 248.5 (includes fix for CVE-2021-33910) + +* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 248.5-1 +- Various minor documentation and correctness fixes. +- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to + crash systemd and cause the system to reboot by creating a very long + fuse mountpoint path. + +* Mon Jul 12 2021 Zbigniew Jędrzejewski-Szmek - 248.4-1 +- Assorted fixes (some systemd-resolved crashes, invalid + systemd-tmpfiles assertion, etc.) +- systemd-networkd workaround for TALOS-2020-1142, CVE-2020-13529. +- A big update of hardware descriptions. + +* Wed Jul 7 2021 Neal Gompa - 249-2 +- Use correct NEWS URLs for systemd 249 releases in changelog entries + +* Wed Jul 7 2021 Zbigniew Jędrzejewski-Szmek - 249-1 +- Latest upstream release with minor bugfixes, see + https://github.com/systemd/systemd/blob/v249/NEWS. +- systemd-oomd cpu usage is reduced (#1944646) + +* Thu Jul 1 2021 Zbigniew Jędrzejewski-Szmek - 249~rc3-1 +- Latest upstream prerelease with various bugfixes, see + https://github.com/systemd/systemd/blob/v249-rc3/NEWS. + +* Fri Jun 25 2021 Zbigniew Jędrzejewski-Szmek - 249~rc2-1 +- Latest upstream prerelease with various bugfixes, see + https://github.com/systemd/systemd/blob/v249-rc2/NEWS. +- Ignore FORCERENEW DHCP packets (TALOS-2020-1142, CVE-2020-13529, #1959398) + +* Thu Jun 17 2021 Adam Williamson - 249~rc1-2 +- Stop systemd providing systemd-resolved, now the subpackage exists (#1973462) + +* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v249-rc1/NEWS. + Fixes #1963428. +- Use systemd-sysusers to create users (#1965815) +- Move systemd-resolved into systemd-resolved subpackage (#1923727) + [patch from Petr Menšík] + +* Mon Jun 14 2021 Anita Zhang - 248.2-1.5 +- Remove backport PR #19811 since it's still buggy +- Remove d586f642fd90e3bb378f7b6d3e3a64a753e51756 to fix rate limiting instead + (at least until sd-event rate limiting is fixed in 249). + +* Thu Jun 10 2021 Anita Zhang - 248.2-1.4 +- Backport PR #19811 to fix issues with mount sd-event rate limiting + +* Wed May 19 2021 Davide Cavalca - 248.2-1.3 +- Add BuildRequires for python-jinja2 in preparation for 249 (see PR#19630) + +* Mon May 17 2021 Davide Cavalca - 248.2-1.2 +- Add systemd-oomd-defaults subpackage from Fedora + +* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 +- A fix for resolved crashes (#1946386, #1960227, #1950241) +- Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. + +* Mon May 10 2021 Anita Zhang - 248.2-1.1 +- New release for 248 +- Drop patches merged in 248.2 +- FB only backport PR #13496 (Extend bpf cgroup program support) + +* Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 +- Pull in some more patches from upstream (#1944646, #1885090, #1941340) +- Adjust modes of some %%ghost files (#1956059) + +* Thu May 6 2021 Zbigniew Jędrzejewski-Szmek - 248.1-1 +- Latest stable version: a long list of minor correctness fixes all around + (#1955475, #911766, #1958167, #1952919) +- Enable tpm2-tss dependency (#1949505) + +* Wed Apr 14 2021 Anita Zhang - 247.3-10 +- Remove systemd-resolved enablement + +* Wed Apr 7 2021 Davide Cavalca - 247.3-9 +- Reenable LTO now that binutils has been fixed +- Update FB configure options + +* Tue Apr 6 2021 Adam Williamson - 248-2 +- Re-enable resolved caching, we hope all major bugs are resolved now + +* Thu Apr 1 2021 Davide Cavalca - 247.3-8 +- Backport https://github.com/SELinuxProject/refpolicy/pull/308 to fix + systemd-hostnamed and systemd-localed when SELinux is enabled. + +* Thu Apr 1 2021 Anita Zhang - 247.3-7 +- Downgrade sysv-generator warning even more (to debug) + +* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 +- Latest upstream release, see + https://github.com/systemd/systemd/blob/v248/NEWS. +- The changes since -rc4 are rather small, various fixes all over the place. + A fix to how systemd-oomd selects a candidate to kill, and more debug logging + to make this more transparent. + +* Wed Mar 31 2021 Anita Zhang - 247.3-6 +- Backport PR#18621 (Ignore attempts at hidepid and subset for older kernels) +- Downgrade sysv-generator warning about missing native systemd unit + +* Wed Mar 31 2021 Davide Cavalca - 247.3-5 +- Add selinux subpackage + +* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 +- Increase oomd user memory pressure limit to 50% (#1941170) + +* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 +- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service + on upgrades from before systemd-networkd was split out (#1943263) +- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) + +* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 +- Revert patch that seems to cause problems with dns resolution + (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) + +* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 +- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) +- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) + (But note that the disablement of caching added previously is + retained until we can do more testing.) +- Minor fix to interface naming by udev +- Fix for systemd-repart --size + +* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 +- Disable resolved cache via config snippet (#1940715) + +* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc4/NEWS. +- A bunch of documentation updates, and correctness fixes. + +* Wed Mar 17 2021 Anita Zhang - 247.3-4 +- Backport PR #18955 (Fixes fstab parsing) +- FB only backport PR #18886 (systemd-shutdown logs to /dev/console not stderr) +- Reenable tests by disabling LTO (work around binutils bug) + +* Tue Mar 16 2021 Adam Williamson - 248~rc3-2 +- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc3-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc3/NEWS. +- A bunch of documentation updates, correctness fixes, and systemd-networkd + features. +- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 +- Fix crash in pid1 during daemon-reexec (#1931034) + +* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 +- Fix stub resolver CNAME chain resolving (#1933433) + +* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 +- Don't set the fallback hostname to Fedora on non-Fedora OSes + +* Wed Feb 24 2021 Davide Cavalca - 247.3-3 +- Remove careinversion usage to make the package usable on older mock versions + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 +- Latest upstream prelease, just a bunch of small fixes. +- Fixes #1931957. + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 +- Rebuild with the newest scriptlets + +* Fri Feb 19 2021 Davide Cavalca - 247.3-2 +- Disable some tests to workaround a binutils bug triggered by enabling audit +- Refresh patches + +* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 +- Increase oomd user memory pressure limit to 10% (#1929856) + +* Wed Feb 17 2021 Anita Zhang - 247.3-1 +- New release for 247 +- Backport PR #18211 (Fixes ExecCondition= dependency bug) +- Backport PR #17872 (Fixes PrivateUsers=yes with other sandboxing properties) +- FB only backport PR #17495 (Fixes BPF pinning post-coldplug) +- Reenable audit support + +* Sun Feb 7 2021 Davide Cavalca - 246.1-2 +- Initial Hyperscale SIG package +- Update release to use %%dist macro +- Drop el7 logic +- Explicitly default non-FB built to the legacy hierarchy +- Drop no longer needed FB FusionIO patch +- Temporarily disable audit support while debugging a link issue + +* Fri Feb 5 2021 Anita Zhang - 247.3-2 +- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. +- Backports consist primarily of PR #18361, #18444, and #18401 (plus some + additional ones to handle merge conflicts). +- Create systemd-oomd-defaults subpackage to install unit drop-ins that will + configure systemd-oomd to monitor and act. + +* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 +- Minor stable release +- Fixes #1895937, #1813219, #1903106. + +* Wed Jan 27 2021 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 25 2021 Anita Zhang - 246.1-1.fb6 +- Backport PR #16803 to fix ConditionEnvironment= + +* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 +- Fix bfq patch again (#1813219) + +* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 +- Add patch to enable crypttab to support disabling of luks read and + write workqueues (corresponding to + https://github.com/systemd/systemd/pull/18062/). + +* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 +- Minor stable release +- Fixes #1908071. + +* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 +- Rebuild with fallback hostname change reverted. + +* Fri Dec 4 2020 Bastien Nocera - 247.1-2 +- Unset fallback-hostname as plenty of applications expected localhost + to mean "default hostname" without ever standardising it (#1892235) + +* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 +- Latest stable release +- Fixes #1902819. +- Files to configure networking with systemd-networkd in a VM or container are + moved to systemd-networkd subpackage. (They were previously in the -container + subpackage, which is for container/VM management.) + +* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 +- Update to the latest version +- #1900878 should be fixed + +* Thu Nov 19 2020 Chris Down - 246.1-1.fb5 +- Updated version of PR #17495 to fix program leak + +* Thu Nov 19 2020 Chris Down - 246.1-1.fb4 +- Backport PR #17495 to fix BPF program lifecycle +- Backport PR #17422 to clean up cgroups more reliably after exit +- Backport PR #17497 to add FixedRandomDelay= support + +* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 +- New upstream pre-release. See + https://github.com/systemd/systemd/blob/v247-rc1/NEWS. + Many smaller and bigger improvements and features are introduced. + (#1885101, #1890632, #1879216) + + A backwards-incompatible change affects PCI network devices which + are connected through a bridge which is itself associated with a + slot. When more than one device was associated with the same slot, + one of the devices would pseudo-randomly get named after the slot. + That name is now not generated at all. This changed behaviour is + causes the net naming scheme to be changed to "v247". To restore + previous behaviour, specify net.naming-scheme=v245. + + systemd-oomd is built, but should not be considered "production + ready" at this point. Testing and bug reports are welcome. + +* Wed Sep 30 2020 Dusty Mabe - 246.6-3 +- Try to make files in subpackages (especially the networkd subpackage) + more appropriate. + +* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 +- Build a package with standalone binaries for non-systemd systems. + For now, only systemd-sysusers is included. + +* Thu Sep 24 2020 Christian Glombek - 246.6-2 +- Split out networkd sub-package and add to main package as recommended dependency + +* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 +- Update to latest stable release (various minor fixes: manager, + networking, bootct, kernel-install, systemd-dissect, systemd-homed, + fstab-generator, documentation) (#1876905) +- Do not fail in test because of kernel bug (#1803070) + +* Fri Sep 18 2020 Anita Zhang - 246.1-1.fb3 +- Backport PR #16838 and #16857 to improve $PATH handling +- Backport PR #16940 to fix ECONN handling in sockets +- Backport PR #17031 to fix rate limiting on units in restart loop +- Backport PR #17082 to get nspawn TTY tweaks + +* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 +- Update to latest stable release (a bunch of small network-related + fixes in systemd-networkd and socket handling, documentation updates, + a bunch of fixes for error handling). +- Also remove existing file when creating /etc/resolv.conf symlink + upon installation (#1873856 again) + +* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 +- Update to latest stable version: a rework of how the unit cache mtime works + (hopefully #1872068, #1871327, #1867930), plus various fixes to + systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, + systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for + instantiated units, documentation and shell completions. +- Create /etc/resolv.conf symlink upon installation (#1873856) +- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable + mdns by default in systemd-resolved (#1867830) + +* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 +- Update to bugfix version (some networkd fixes, minor documentation + fixes, relax handling of various error conditions, other fixlets for + bugs without bugzilla numbers). + +* Tue Aug 18 2020 Anita Zhang - 246.1-1.fb2 +- Gate "Obsoletes: systemd < 245.6-1" out due to dependency issues on Facebook + systems + +* Mon Aug 17 2020 Anita Zhang - 246.1-1.fb1 +- Facebook rebuild +- Don't compile in systemd-repart (needs libfdisk >= 2.33 and C8 has 2.32) +- Remove unused systemd-journal-remote.xml and systemd-journal-gatewayd.xml + files since we never used firewalld + +* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 +- A few minor bugfixes +- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so + that systemd-resolved can take over the management of the symlink. + +* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 +- Update to released version. Only some minor bugfixes since the pre-release. + +* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 +- Make /tmp be 50% of RAM again (#1856514) +- Re-run 'systemctl preset systemd-resolved' on upgrades. + /etc/resolv.conf is not modified, by a hint is emitted if it is + managed by NetworkManager. + +* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 +- New pre-release with incremental fixes + (#1856037, #1858845, #1856122, #1857783) +- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR + and mDNS support in resolve-only mode by default). + See https://fedoraproject.org/wiki/Changes/systemd-resolved. + +* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. + + This release includes many new unit settings, related inter alia to + cgroupsv2 freezer support and cpu affinity, encryption and verification. + systemd-networkd has a ton of new functionality and many other tools gained + smaller enhancements. systemd-homed gained FIDO2 support. + + Documentation has been significantly improved: sd-bus and sd-hwdb + libraries are now fully documented; man pages have been added for + the D-BUS APIs of systemd daemons and various new interfaces. + + Closes #1392925, #1790972, #1197886, #1525593. + +* Wed Jun 24 2020 Bastien Nocera - 245.6-3 +- Set fallback-hostname to fedora so that unset hostnames are still + recognisable (#1392925) + +* Fri Jun 5 2020 Anita Zhang - 245.5-2.fb3 +- Backport 156a5fd to mitigate CVE-2020-13776 + +* Thu Jun 4 2020 Anita Zhang - 245.5-2.fb2 +- Revert c7d26ac which is causing SMI count to go up leading to increased + microstalls during Chef runs + +* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 +- Add self-obsoletes to fix upgrades from F31 + +* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 +- Update to latest stable version (some documentation updates, minor + memory correctness issues) (#1815605, #1827467, #1842067) + +* Thu Apr 30 2020 Anita Zhang - 245.5-2.fb1 +- Facebook rebuild +- Don't compile in systemd-homed, systemd-userdb, and p11kit +- Backport PR #15544 and #15551 (drops FB rlimit_memlock patch) + +* Tue Apr 21 2020 Björn Esser - 245.5-2 +- Add explicit BuildRequires: acl +- Bootstrapping for json-c SONAME bump + +* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 +- Update to latest stable version (#1819313, #1815412, #1800875) + +* Thu Apr 16 2020 Björn Esser - 245.4-2 +- Add bootstrap option to break circular deps on cryptsetup + +* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 +- Update to latest stable version (#1814454) + +* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 +- Update to latest stable version (no issue that got reported in bugzilla) + +* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 +- Update to latest stable version (a few bug fixes for random things) (#1798776) + +* Wed Mar 18 2020 Andrew Gallagher - 244-2.fb4 +- Bump HIGH_RLIMIT_MEMLOCK to 512M + +* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 +- Update to latest version (#1807485) + +* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 +- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) +- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) +- Move systemd-bless-boot.service and systemd-boot-system-token.service to + systemd-udev subpackage (#1807462) +- Move a bunch of other services to systemd-udev: + systemd-pstore.service, all fsck-related functionality, + systemd-volatile-root.service, systemd-verity-setup.service, and a few + other related files. +- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) +- Fix namespace-related failure when starting systemd-homed (#1807465) and + group lookup failure in nss_systemd (#1809147) +- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines + (#1716164) +- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) + +* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 +- Update daemon-reexec fallback to check whether the system is booted with + systemd as PID 1 and check whether we're upgrading before using kill -TERM + on PID 1 (#1803240) + +* Thu Feb 20 2020 Filipe Brandenburger - 244-2.fb3 +- Only kill -TERM 1 when systemd is actually running. + +* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 +- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) + +* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 +- Add default 'disable *' preset for user units (#1792474, #1468501), + see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +- Add macro to generate "compat" scriptlets based off sysusers.d format + and autogenerate user() and group() virtual provides (#1792462), + see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. +- Revert patch to udev rules causing regression with usb hubs (#1800820). + +* Thu Feb 6 2020 Anita Zhang - 244-2.fb2 +- Backport PR#14815 (Permissive syscall filtering in dbus-execute) + +* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. + + This release includes completely new functionality: systemd-repart, + systemd-homed, user reconds in json, and multi-instantiable + journald, and a partial rework of internal communcation to use + varlink, and bunch of more incremental changes. + + The "predictable" interface name naming scheme is changed, + net.naming-scheme= can be used to undo the change. The change applies + to container interface names on the host. + +- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. + +* Fri Jan 31 2020 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 9 2020 Anita Zhang - 244-2.fb1 +- Facebook rebuild +- Backport PR#13823 (PrivateUsers=true for unprivileged user managers) +- Backport PR#14441 (Fix type.d drop-in ordering) + +* Sat Dec 21 2019 - 244.1-2 +- Disable service watchdogs (for systemd units) + +* Sun Dec 15 2019 - 244.1-1 +- Update to latest stable batch (systemd-networkd fixups, better + support for seccomp on s390x, minor cleanups to documentation). +- Drop patch to revert addition of NoNewPrivileges to systemd units + +* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 +- Update to latest version. Just minor bugs fixed since the pre-release. + +* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 +- Update to latest pre-release version, + see https://github.com/systemd/systemd/blob/master/NEWS#L3. + Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, + systemd-networkd does not create a default route for link local addressing, + systemd-networkd supports dynamic reconfiguration and a bunch of new settings. + Network files support matching on WLAN SSID and BSSID. +- Better error messages when preset/enable/disable are used with a glob (#1763488) +- u2f-hidraw-policy package is obsoleted (#1753381) + +* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 +- Latest bugfix release. Systemd-stable snapshots will now be numbered. +- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) +- systemd-modules-load.service should only warn, not fail, on error (#1254340) +- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, + CVE-2018-21029) +- Fix regression with crypttab keys with colons +- Various memleaks and minor memory access issues, warning adjustments + +* Thu Oct 31 2019 Davide Cavalca - 243-2.fb3 +- Backport PR#13754 (allow restart for oneshot units) +- Misc specfiles fixes to support building on el8 as well +- Default el8 builds to the unified hierarchy + +* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 +- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) + +* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 +- Various minor documentation and error message cleanups +- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) + +* Wed Oct 2 2019 Davide Cavalca - 243-2.fb2 +- Backport PR#13689 (a bunch of protection-related fixes) + +* Fri Sep 27 2019 Davide Cavalca - 243-2.fb1 +- Facebook rebuild +- drop "use bfq as the default scheduler" patch +- backport PR#13369 (ExecXYZEx= bus hook ups) +- disable udev-test.pl for now due to flakiness + +* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 +- Backport a bunch of patches (memory access issues, improvements to error + reporting and handling in networkd, some misleading man page contents #1751363) +- Fix permissions on static nodes (#1740664) +- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts +- Fix one crash in systemd-resolved (#1703598) +- Make journal catalog creation reproducible (avoid unordered hashmap use) +- Mark the accelerometer in HP laptops as part of the laptop base +- Fix relabeling of directories with relabel-extra.d/ +- Fix potential stuck noop jobs in pid1 +- Obsolete timedatex package (#1735584) + +* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 +- Update to latest release +- Emission of Session property-changed notifications from logind is fixed + (this was breaking the switching of sessions to and from gnome). +- Security issue: unprivileged users were allowed to change DNS + servers configured in systemd-resolved. Now proper polkit authorization + is required. + +* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 +- Backport PR #13406 to solve PATH ordering issue (#1744059) + +* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 +- Update to latest pre-release. Fixes #1740113, #1717712. +- The default scheduler for disks is set to BFQ (1738828) +- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). + Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. + See https://fedoraproject.org/wiki/Changes/CGroupsV2. + +* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 +- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) + +* Wed Aug 7 2019 Anita Zhang - 242-2.fb4 +- Backport PR#12933 (core: ExecCondition= for services) +- Backport PR#13096 (Preparatory work for the unit loading rework) +- Backport PR#13119 (Rework unit loading to take into account all aliases) + +* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 +- Update to latest version (#1715699, #1696373, #1711065, #1718192) + +* Sat Jul 27 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 +- Ignore bad rdrand output on AMD CPUs (#1729268) +- A bunch of backported patches from upstream: documentation, memory + access fixups, command output tweaks (#1708996) + +* Thu Jul 18 2019 Anita Zhang - 242-2.fb3 +- Backport PR#12346 (make sure accept_flush() doesn't hang on EOPNOTSUPP) +- Backport PR#12979 (add SystemCallErrorNumber=EPERM to systemd-portabled.service) + +* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 +- Rebuilt (libqrencode.so.4) + +* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 +- Rebuilt for iptables update (libip4tc.so.2) + +* Thu Jun 20 2019 Anita Zhang - 242-2.fb2 +- Backport PR#11778 (ExecStartXYZEx= dbus support) +- Backport PR#12729 (nspawn: don't hard fail when setting capabilities) +- Backport PR#12745 (IPAddressXYZ="any" for users with CAP_NET_ADMIN) + +* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 +- Add symbol to mark vtable format changes (anything using sd_add_object_vtable + or sd_add_fallback_vtable needs to be rebuilt) +- Fix wireguard ListenPort handling in systemd-networkd +- Fix hang in flush_accept (#1702358) +- Fix handling of RUN keys in udevd +- Some documentation and shell completion updates and minor fixes + +* Thu Apr 25 2019 Davide Cavalca - 242-2.fb1 +- Facebook rebuild +- Backport PR#12336 (support DisableControllers= for transient units) + +* Tue Apr 16 2019 Adam Williamson - 242-2 +- Rebuild with Meson fix for #1699099 + +* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 +- Update to latest release +- Make scriptlet failure non-fatal + +* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 +- Update to latest prerelease + +* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 +- Update to latest prerelease + +* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 +- Update to the latest prerelease. +- The bug reported on latest update that systemd-resolved and systemd-networkd are + re-enabled after upgrade is fixed. + +* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 +- Backport various patches from the v241..v242 range: + kernel-install will not create the boot loader entry automatically (#1648907), + various bash completion improvements (#1183769), + memory leaks and such (#1685286). + +* Fri Mar 22 2019 Davide Cavalca - 241-1.fb2 +- Backport PR#11754 (sd-bus fixes for CVE-2019-6454) +- Backport PR#12078 (nspawn fix) + +* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 +- Declare hyperv and framebuffer devices master-of-seat again (#1683197) + +* Wed Feb 27 2019 Davide Cavalca - 241-1.fb1 +- Facebook rebuild +- Rebase fio udev patch (this will likely be dropped in the next release) +- Drop the mock testing patches, not needed anymore +- Ignore errors for Python bytecompiling due to run-unit-tests.py +- Fix the run-unit-tests.py shebang to use python36 +- Backport PR#11831 (missing include) and PR#11836 (test-chown-rec fix) + +* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 +- Prevent buffer overread in systemd-udevd +- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) + +* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 +- Turn LTO back on + +* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 +- Update to latest release -rc2 + +* Sun Feb 03 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 +- Backport a patch for kernel-install + +* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 +- Update to latest release -rc1 + +* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 +- Add a work-around for #1663040 + +* Mon Jan 14 2019 Björn Esser +- Rebuilt for libcrypt.so.2 (#1666033) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 +- Add a work-around for selinux issue on live images (#1663040) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 +- systemd-journald and systemd-journal-remote reject entries which + contain too many fields (CVE-2018-16865, #1664973) and set limits on the + process' command line length (CVE-2018-16864, #1664972) +- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) +- A fix for systemd-udevd crash (#1662303) + +* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 +- Add two more patches that revert recent udev changes + +* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 +- Update to latest release + See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. + +* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 +- Hibernation checks for resume= are rescinded (#1645870) +- Various patches: + - memory issues in logind, networkd, journald (#1653068), sd-device, etc. + - Adaptations for newer meson, lz4, kernel + - Fixes for misleading bugs in documentation +- net.ipv4.conf.all.rp_filter is changed from 1 to 2 + +* Mon Dec 10 2018 Davide Cavalca - 239-1.fb6 +- Backport PR#10411 and PR#10493 (systemd-analyze timespan command) +- Rebase our PR#10507 and PR#10567 backports onto the version merged upstream +- Backport PR#10757 (cgroup2 BPF devices fixes) +- Backport PR#10876 (cgroup_subtree_mask propagation fix) + +* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek +- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf + (see https://github.com/pbrezina/authselect/issues/77) +- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve + +* Sun Nov 18 2018 Alejandro Domínguez Muñoz +- Remove link creation for rsyslog.service + +* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 +- Go back to using systemctl preset-all in %%post (#1647172, #1118740) + +* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 +- Requires(post) openssl-libs to fix live image build machine-id issue + See: https://pagure.io/dusty/failed-composes/issue/960 + +* Mon Nov 5 2018 Yu Watanabe +- Set proper attributes to private directories + +* Fri Nov 2 2018 Davide Cavalca - 239-1.fb5 +- Backport PR#10507 (don't require CPU controller for CPU accounting) +- Backport PR#10567 (DisableControllers= directive) + +* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 +- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) + +* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 +- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) +- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) +- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) +- The DHCP server is started only when link is UP +- DHCPv6 prefix delegation is improved +- Downgrade logging of various messages and add loging in other places +- Many many fixes in error handling and minor memory leaks and such +- Fix typos and omissions in documentation +- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) +- Matching by MACAddress= in systemd-networkd is fixed +- Creation of user runtime directories is improved, and the user + manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) +- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 +- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. +- "systemctl --wait start" exits immediately if no valid units are named +- zram devices are not considered as candidates for hibernation +- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) +- Various smaller improvements to unit ordering and dependencies +- generators are now called with the manager's environment +- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues +- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where + the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. +- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user + threads are used by bpfilter. +- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present +- Hibernation is not advertised if resume= is not present on the kernenl command line +- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, + AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= +- LOGO= and DOCUMENTATION_URL= are documented for the os-release file +- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries +- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects +- Catalog entries for the journal are improved (#1639482) +- If suspend fails, the post-suspend hooks are still called. +- Various build issues on less-common architectures are fixed + +* Fri Oct 12 2018 Davide Cavalca - 239-1.fb4 +- Backport PR#10062 (cgroup2 BPF device controller support) +- Backport PR#10203, PR#10363 (tests fixes for supplementary groups) +- Backport PR#10368 (%g, %G specifiers support) +- Add hostname to BuildRequires (it's needed by test-execute) +- Reenable test-execute now that it's finally working + +* Wed Oct 3 2018 Jan Synáček - 239-5 +- Fix meson using -Ddebug, which results in FTBFS +- Fix line_begins() to accept word matching full string (#1631840) + +* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 +- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) + +* Fri Aug 24 2018 Davide Cavalca - 239-1.fb3 +- backport new version of guro's cgroup2 BPF device controller patch + +* Wed Jul 18 2018 Terje Rosten - 239-3 +- Ignore return value from systemd-binfmt in scriptlet (#1565425) + +* Sun Jul 15 2018 Filipe Brandenburger +- Override systemd-user PAM config in install and not prep + +* Sat Jul 14 2018 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 4 2018 Davide Cavalca - 239-1.fb2 +- backport PR#9460 (followup to PR#9410) +- backport PR#9500 (support for StandardOutput=append:) +- revert c58fd46 (part of PR#8403) to workaround a FB-specific build issue + +* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek +- Rebuild for Python 3.7 again + +* Mon Jun 25 2018 Davide Cavalca - 239-1.fb1 +- Facebook rebuild +- backport PR#9244 and PR#9247 (new cgroup2 features) +- backport PR#9410 (gnutls detection, fix for #9403) + +* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 +- Update to latest version, mostly bug fixes and new functionality, + very little breaking changes. See + https://github.com/systemd/systemd/blob/v239/NEWS for details. + +* Tue Jun 19 2018 Miro Hrončok +- Rebuilt for Python 3.7 + +* Thu May 31 2018 Davide Cavalca - 238-7.fb3 +- Update cgroup2 BPF device controller patches +- Backport PR#9148 to mitigate pid watching issue on git + +* Tue May 15 2018 Davide Cavalca - 238-7.fb2 +- Backport htejun's io.latency patch +- Backport guro's cgroup2 BPF device controller patch + +* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 +- Backport a number of patches (documentation, hwdb updates) +- Fixes for tmpfiles 'e' entries +- systemd-networkd crashes +- XEN virtualization detection on hyper-v +- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) + +* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 +- Allow fake Delegate= setting on slices (#1568594) + +* Thu Apr 5 2018 Davide Cavalca - 238-7.fb1 +- Facebook rebuild +- Reenable tests (except test-execute which is still broken) + +* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 +- Move udev transfiletriggers to the right package, fix quoting + +* Tue Mar 27 2018 Colin Walters - 238-6 +- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 + This fixes compatibility with rpm-ostree. + +* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 +- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) + +* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 +- Do not close dbus connection during dbus reload call (#1554578) + +* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 +- Revert the patches for GRUB BootLoaderSpec support +- Add patch for /etc/machine-id creation (#1552843) + +* Tue Mar 6 2018 Yu Watanabe - 238-2 +- Fix transfiletrigger script (#1551793) + +* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 +- Update to latest version +- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) +- New transfiletriggers are installed for udev hwdb and rules, the journal + catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. + +* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 +- Add patch to install kernel images for GRUB BootLoaderSpec support + +* Mon Feb 26 2018 Davide Cavalca - 237-1.fb3 +- Backport PR#8115 to properly fix GH#8194 + +* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 +- Create /etc/systemd in %%post libs if necessary (#1548607) + +* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 +- Use : not touch to create file in -libs %%post + +* Thu Feb 22 2018 Davide Cavalca - 237-1.fb2 +- Add workaround for an issue with systemd-nspawn -u affecting mock (GH#8194) + +* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 +- Add coreutils dep for systemd-libs %%post +- Add patch to typecast USB IDs to avoid compile failure + +* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 +- Update some patches for test skipping that were updated upstream + before merging +- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined + correctly and possibly replace existing mappings + +* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 +- Backport a bunch of patches, most notably for the journal and various + memory issues. Some minor build fixes. +- Switch to new ldconfig macros that do nothing in F28+ +- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody + or nobody users are defined (#1537262) + +* Mon Feb 12 2018 Davide Cavalca - 237-1.fb1 +- Facebook rebuild +- Backport configurable docdir patch from master (PR#8068) +- Ensure split-files.py is run with python36 +- Set nfs/nfsnobody as nobody users +- Add pcre2-devel dependecy for journalctl --grep +- Disable tests for now as they're failing randomly when building in mock +- Use 10485760 as container base for Facebook to avoid conflicting with LDAP +- Backport PID file symlink chain checks fix from master (PR#8133) + +* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 +- Update to first stable snapshot (various minor memory leaks and misaccesses, + some documentation bugs, build fixes). + +* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 +- Update to latest version + +* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c +- Add patch to include if needed + +* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c +- Rebuilt for switch to libxcrypt + +* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 +- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 + various memory corruptions in systemd-networkd) +- /dev/kvm is marked as a static node which fixes permissions on s390x + and ppc64 (#1532382) + +* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 +- Update to latest version + +* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 +- Update to latest git snapshot, do not build for realz +- Switch to libidn2 again (#1449145) + +* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 +- Rebuild for cryptsetup-2.0.0-0.2.fc28 + +* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 +- Backport a bunch of patches, including LP#172535 + +* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 +- Patches for cryptsetup _netdev + +* Mon Oct 9 2017 Davide Cavalca - 235-1.fb1 +- Facebook rebuild + +* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 +- Update to latest version + +* Tue Sep 26 2017 Nathaniel McCallum - 234-8 +- Backport /etc/crypttab _netdev feature from upstream + +* Thu Sep 21 2017 Michal Sekletar - 234-7 +- Make sure to remove all device units sharing the same sysfs path (#1475570) + +* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 +- Bump xslt recursion limit for libxslt-1.30 + +* Mon Sep 18 2017 Davide Cavalca - 234-5.fb2 +- backport build fix for O_TMPFILE from PR#6816 + +* Tue Aug 8 2017 Davide Cavalca - 234-5.fb1 +- new upstream release +- drop compat-libs patch in favor of separate systemd-compat-libs project +- force locale to UTF-8 to make meson happy +- disable broken test-execute +- backport nsdelegate support from PR#6294 + +* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 +- Backport more patches (#1476005, hopefully #1462378) + +* Thu Jul 27 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 +- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) +- Minor patches (memleaks, --help fixes, seccomp on arm64) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 +- Create kvm group (#1431876) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 +- Latest release + +* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c +- Update to snapshot +- Build with meson again + +* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 +- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) + +* Sat Jun 17 2017 Peter Blair - 233-2.fb2 +- Apply patch from CVE-2017-9445 + +* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 +- Update to snapshot version, build with meson + +* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 +- Backport a bunch of small fixes (memleaks, wrong format strings, + man page clarifications, shell completion) +- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) +- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) +- Drop soft-static uid for systemd-journal-gateway +- Use ID from /etc/os-release as ntpvendor + +* Thu Apr 13 2017 Davide Cavalca - 233-2.fb1 +- New upstream release +- disable a couple of broken tests +- default to legacy hierarchy for now + +* Wed Apr 12 2017 Davide Cavalca - 231-11.fb2 +- fix lz4 depends to pick the right package + +* Mon Apr 3 2017 Davide Cavalca - 231-11.fb1 +- use facebook macro to gate Facebook-specific settings +- rebuild against new RPM backport +- update patches + +* Thu Mar 16 2017 Michal Sekletar - 233-3 +- Backport bugfixes from upstream +- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) + +* Tue Mar 14 2017 Patrick White - 231-2.fb4 +- add poettering patch to fix hitting an assert (PR#4447) + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 +- Fix installation conflict with polkit + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 +- New upstream release (#1416201, #1405439, #1420753, many others) +- New systemd-tests subpackage with "installed tests" + +* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 +- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) + +* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 +- Ignore the hwdb parser test + +* Tue Feb 14 2017 Jan Synáček - 232-14 +- machinectl fails when virtual machine is running (#1419501) + +* Sat Feb 11 2017 Fedora Release Engineering - 232-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 +- Backport patch for initrd-switch-root.service getting killed (#1414904) +- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE + extraction by sd-coredump. + +* Sun Jan 29 2017 zbyszek - 232-11 +- Backport a number of patches (#1411299, #1413075, #1415745, + ##1415358, #1416588, #1408884) +- Fix various memleaks and unitialized variable access +- Shell completion enhancements +- Enable TPM logging by default (#1411156) +- Update hwdb (#1270124) + +* Thu Jan 19 2017 Adam Williamson - 232-10 +- Backport fix for boot failure in initrd-switch-root (#1414904) + +* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 +- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam + is available as multilib (#1414153) + +* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 +- Fix buildsystem to check for lz4 correctly (#1404406) + +* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 +- Various small tweaks to scriplets + +* Sat Jan 07 2017 Kevin Fenzi - 232-6 +- Fix scriptlets to never fail in libs post + +* Fri Jan 06 2017 Kevin Fenzi - 232-5 +- Add patch from Michal Schmidt to avoid process substitution (#1392236) + +* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 +- Rebuild (#1392236) + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 +- Make /etc/dbus-1/system.d directory non-%%ghost + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 +- Fix kernel-install (#1391829) +- Restore previous systemd-user PAM config (#1391836) +- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) +- Fix permissions on /var/lib/systemd/journal-upload (#1262665) + +* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 +- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) +- Add %%{_isa} to Provides on arch-full packages (#1387912) +- Create systemd-coredump user in %%pre (#1309574) +- Replace grubby patch with a short-circuiting install.d "plugin" +- Enable nss-systemd in the passwd, group lines in nsswith.conf +- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf +- Move systemd-nspawn man pages to the right subpackage (#1391703) + +* Tue Oct 18 2016 Jan Synáček - 231-11 +- SPC - Cannot restart host operating from container (#1384523) + +* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 +- Do not recreate /var/log/journal on upgrades (#1383066) +- Move nss-myhostname provides to systemd-libs (#1383271) + +* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 +- Fix systemctl set-default (#1374371) +- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) + +* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 +- Apply fix for #1378974 + +* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 +- Apply patches properly + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 +- Better fix for (#1380286) + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 +- Denial-of-service bug against pid1 (#1380286) + +* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 +- Fix preset-all (#1363858) +- Fix issue with daemon-reload messing up graphics (#1367766) +- A few other bugfixes + +* Wed Aug 10 2016 Davide Cavalca - 231-2.fb3 +- add mpawlowski root filesystem namespace patch for #12621017 +- add htejun patch for cgroup2 cpu controller (PR#3905) +- update htejun logind patch from PR#3835 + +* Wed Aug 03 2016 Adam Williamson - 231-3 +- Revert preset-all change, it broke stuff (#1363858) + +* Thu Jul 28 2016 Davide Cavalca - 231-2.fb2 +- add /dev/fio patch from bwann for GH#3718 +- import PR#3821 updates and rebase patches on github +- add htejun logind patch for UserTasksMax (#12460186, PR#3835) + +* Wed Jul 27 2016 Davide Cavalca - 231-2.fb1 +- Facebook rebuild +- Fix test failures in mock (#7950934, PR#3821) +- drop fsck on root patch now that we have the new dracut (see PR#3822) +- Rework LTO disable patch to be conditional (#11565880, PR#3823) +- update compat-libs and rebase onto public branch + (https://github.com/davide125/systemd/tree/compat-libs) +- add back python support now that we have python34-lxml +- add back xkbcommon support as it's available in rolling os updates + +* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 +- Call preset-all on initial installation (#1118740) +- Fix botched Recommends for libxkbcommon + +* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 +- Update to latest version + +* Tue Jul 19 2016 Davide Cavalca - 230-2.fb2 +- fix fsck for root filesystem on firstboot after install (#11352467) + +* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 +- Update to latest git snapshot (fixes for systemctl set-default, + polkit lingering policy, reversal of the framebuffer rules, + unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). + Those changes are interspersed with other changes and new features + (mostly in lldp, networkd, and nspawn). Some of those new features + might not work, but I think that existing functionality should not + be broken, so it seems worthwile to update to the snapshot. + +* Thu May 26 2016 Davide Cavalca - 230-2.fb1 +- Facebook rebuild +- backport htejun PRs for cgroup2 (#3337, #3329, #3315, #3417, #3418) +- add back compat-libs + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 +- Remove systemd-compat-libs on upgrade + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 +- New version +- Drop compat-libs +- Require libxkbcommon explictly, since the automatic dependency will + not be generated anymore + +* Thu May 12 2016 Tejun Heo - 229-1.fb6 +- backport https://github.com/systemd/systemd/pull/3246 to fix slice overrides + +* Mon May 09 2016 Davide Cavalca - 229-1.fb5 +- update Tejun Heo patches for cgroup2 io controller support + +* Fri Apr 29 2016 Davide Cavalca - 229-1.fb4 +- add Tejun Heo test patch for cgroup2 IO controllers support (#10638181) + +* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 +- Remove duplicated entries in -container %%files (#1330395) + +* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 +- Move installation of udev services to udev subpackage (#1329023) + +* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 +- Split out systemd-pam subpackage (#1327402) + +* Mon Apr 18 2016 Harald Hoyer - 229-12 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-11 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-10 +- move device dependant stuff to the udev subpackage + +* Thu Mar 24 2016 Davide Cavalca - 229-1.fb3 +- add Tejun Heo patches for cgroups v2 support (#10268183) + +* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 +- Add myhostname to /etc/nsswitch.conf (#1318303) + +* Mon Mar 21 2016 Harald Hoyer - 229-8 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 +- Moar patches (#1316964, #1317928) +- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev +- Protect systemd-udev from deinstallation + +* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 +- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) + +* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 +- Split out systemd-container subpackage (#1163412) +- Split out system-udev subpackage +- Add various bugfix patches, incl. a tentative fix for #1308771 + +* Wed Mar 02 2016 Davide Cavalca - 229-1.fb2 +- revert RPM trigger macros for #10119506 + +* Tue Mar 1 2016 Peter Robinson 229-4 +- Power64 and s390(x) now have libseccomp support +- aarch64 has gnu-efi + +* Tue Feb 23 2016 Jan Synáček - 229-3 +- Fix build failures on ppc64 (#1310800) + +* Tue Feb 16 2016 Dennis Gilmore - 229-2 +- revert: fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 +- this causes the dtb files to not get installed at all and the fdtdir +- line in extlinux.conf to not get updated correctly + +* Tue Feb 16 2016 Davide Cavalca - 229-1.fb1 +- Facebook rebuilt +- disable LTO to fix a build segfault with LTO + +* Thu Feb 11 2016 Michal Sekletar - 229-1 +- New upstream release + +* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 +- Rebuild for binutils on aarch64 fix + +* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 +- apply the conflict with fedora-release only in Fedora + +* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 +- Fix rawhide build failures on ppc64 (#1286249) + +* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 +- Create /etc/systemd/network (#1286397) + +* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 +- Do not install nss modules by default + +* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 +- Update to latest upstream git: there is a bunch of fixes + (nss-mymachines overflow bug, networkd fixes, more completions are + properly installed), mixed with some new resolved features. +- Rework file triggers so that they always run before daemons are restarted + +* Mon Nov 23 2015 Davide Cavalca - 228-3.fb1 +- Facebook rebuilt +- disable test-namespace +- revert rpm file triggers as they don't work on el7 + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 +- Enable rpm file triggers for daemon-reload + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 +- Fix version number in obsoleted package name (#1283452) + +* Wed Nov 18 2015 Kay Sievers - 228-1 +- New upstream release + +* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 +- Rename journal-gateway subpackage to journal-remote +- Ignore the access mode on /var/log/journal (#1048424) +- Do not assume fstab is present (#1281606) + +* Wed Nov 11 2015 Fedora Release Engineering - 227-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 +- Rebuild for libmicrohttpd soname bump + +* Fri Nov 06 2015 Robert Kuska - 227-4 +- Rebuilt for Python3.5 rebuild + +* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 +- Fix syntax in kernel-install (#1277264) + +* Tue Nov 03 2015 Michal Schmidt - 227-2 +- Rebuild for libmicrohttpd soname bump. + +* Fri Oct 09 2015 Davide Cavalca - 227-1.fb1 +- disable tests broken on centos6 +- fix build with centos7 curl +- kernel-install: add fedora specific callouts to new-kernel-pkg + +* Wed Oct 7 2015 Kay Sievers - 227-1 +- New upstream release + +* Fri Sep 18 2015 Jan Synáček - 226-3 +- user systemd-journal-upload should be in systemd-journal group (#1262743) + +* Fri Sep 18 2015 Kay Sievers - 226-2 +- Add selinux to system-user PAM config + +* Tue Sep 8 2015 Kay Sievers - 226-1 +- New upstream release + +* Thu Aug 27 2015 Kay Sievers - 225-1 +- New upstream release + +* Fri Jul 31 2015 Kay Sievers - 224-1 +- New upstream release + +* Wed Jul 29 2015 Kay Sievers - 223-2 +- update to git snapshot + +* Wed Jul 29 2015 Kay Sievers - 223-1 +- New upstream release + +* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 +- Remove python subpackages (python-systemd in now standalone) + +* Tue Jul 7 2015 Kay Sievers - 222-1 +- New upstream release + +* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a +- update to git snapshot + +* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a +- Add example file with yama config (#1234951) + +* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a +- update to git snapshot + +* Mon Jun 22 2015 Kay Sievers - 221-2 +- build systemd-boot EFI tools + +* Fri Jun 19 2015 Lennart Poettering - 221-1 +- New upstream release +- Undoes botched translation check, should be reinstated later? + +* Fri Jun 19 2015 Fedora Release Engineering - 220-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 11 2015 Peter Robinson 220-9 +- The gold linker is now fixed on aarch64 + +* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 +- Remove gudev which is now provided as separate package (libgudev) +- Fix for spurious selinux denials (#1224211) +- Udev change events (#1225905) +- Patches for some potential crashes +- ProtectSystem=yes does not touch /home +- Man page fixes, hwdb updates, shell completion updates +- Restored persistent device symlinks for bcache, xen block devices +- Tag all DRM cards as master-of-seat + +* Tue Jun 09 2015 Harald Hoyer 220-7 +- fix udev block device watch + +* Tue Jun 09 2015 Harald Hoyer 220-6 +- add support for network disk encryption + +* Sun Jun 7 2015 Peter Robinson 220-5 +- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) + +* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 +- systemd-devel should require systemd-libs, not the main package (#1226301) +- Check for botched translations (#1226566) +- Make /etc/udev/hwdb.d part of the rpm (#1226379) + +* Thu May 28 2015 Richard W.M. Jones - 220-3 +- Add patch to fix udev --daemon not cleaning child processes + (upstream commit 86c3bece38bcf5). + +* Wed May 27 2015 Richard W.M. Jones - 220-2 +- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). + +* Thu May 21 2015 Lennart Poettering - 220-1 +- New upstream release +- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) +- Remove ghosting for /etc/systemd/system/runlevel*.target, these + targets are not configurable anymore in systemd upstream +- Drop work-around for #1002806, since this is solved upstream now + +* Wed May 20 2015 Dennis Gilmore - 219-15 +- fix up the conflicts version for fedora-release + +* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 +- Remove presets (#1221340) +- Fix (potential) crash and memory leak in timedated, locking failure + in systemd-nspawn, crash in resolved. +- journalctl --list-boots should be faster +- zsh completions are improved +- various ommissions in docs are corrected (#1147651) +- VARIANT and VARIANT_ID fields in os-release are documented +- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) +- systemd-tmpfiles should behave better on read-only file systems (#1207083) + +* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 +- Patches for some outstanding annoyances +- Small keyboard hwdb updates + +* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 +- Tighten requirements between subpackages (#1207381). + +* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 +- Move all parts systemd-journal-{remote,upload} to + systemd-journal-gatewayd subpackage (#1193143). +- Create /var/lib/systemd/journal-upload directory (#1193145). +- Cut out lots of stupid messages at debug level which were obscuring more + important stuff. +- Apply "tentative" state for devices only when they are added, not removed. +- Ignore invalid swap pri= settings (#1204336) +- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) +- Fix comparing of filesystem paths (#1184016) + +* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 +- Fixes for bugs 1186018, 1195294, 1185604, 1196452. +- Hardware database update. +- Documentation fixes. +- A fix for journalctl performance regression. +- Fix detection of inability to open files in journalctl. +- Detect SuperH architecture properly. +- The first of duplicate lines in tmpfiles wins again. +- Do vconsole setup after loading vconsole driver, not fbcon. +- Fix problem where some units were restarted during systemd reexec. +- Fix race in udevadm settle tripping up NetworkManager. +- Downgrade various log messages. +- Fix issue where journal-remote would process some messages with a delay. +- GPT /srv partition autodiscovery is fixed. +- Reconfigure old Finnish keymaps in post (#1151958) + +* Tue Mar 10 2015 Jan Synáček - 219-9 +- Buttons on Lenovo X6* tablets broken (#1198939) + +* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 +- Reworked device handling (#1195761) +- ACL handling fixes (with a script in %%post) +- Various log messages downgraded (#1184712) +- Allow PIE on s390 again (#1197721) + +* Wed Feb 25 2015 Michal Schmidt - 219-7 +- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) + +* Tue Feb 24 2015 Colin Walters - 219-6 +- Revert patch that breaks Atomic/OSTree (#1195761) + +* Fri Feb 20 2015 Michal Schmidt - 219-5 +- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. + +* Fri Feb 20 2015 Michal Schmidt - 219-4 +- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. + +* Wed Feb 18 2015 Michal Schmidt - 219-3 +- arm: disabling gold did not help; disable lto instead (#1193212) + +* Tue Feb 17 2015 Peter Jones - 219-2 +- Update 90-default.present for dbxtool. + +* Mon Feb 16 2015 Lennart Poettering - 219-1 +- New upstream release +- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) +- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink +- This enables "%%check" +- disable gold on arm, as that is broken (see #1193212) + +* Mon Feb 16 2015 Peter Robinson 218-6 +- aarch64 now has seccomp support + +* Thu Feb 05 2015 Michal Schmidt - 218-5 +- Don't overwrite systemd.macros with unrelated Source file. + +* Thu Feb 5 2015 Jan Synáček - 218-4 +- Add a touchpad hwdb (#1189319) + +* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 +- Enable xkbcommon dependency to allow checking of keymaps +- Fix permissions of /var/log/journal (#1048424) +- Enable timedatex in presets (#1187072) +- Disable rpcbind in presets (#1099595) + +* Wed Jan 7 2015 Jan Synáček - 218-3 +- RFE: journal: automatically rotate the file if it is unlinked (#1171719) + +* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 +- Add firewall description files (#1176626) + +* Thu Dec 18 2014 Jan Synáček - 218-2 +- systemd-nspawn doesn't work on s390/s390x (#1175394) + +* Wed Dec 10 2014 Lennart Poettering - 218-1 +- New upstream release +- Enable "nss-mymachines" in /etc/nsswitch.conf + +* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 +- Change libgudev1 to only require systemd-libs (#727499), there's + no need to require full systemd stack. +- Fixes for bugs #1159448, #1152220, #1158035. +- Bash completions updates to allow propose more units for start/restart, + and completions for set-default,get-default. +- Again allow systemctl enable of instances. +- Hardware database update and fixes. +- Udev crash on invalid options and kernel commandline timeout parsing are fixed. +- Add "embedded" chassis type. +- Sync before 'reboot -f'. +- Fix restarting of timer units. + +* Wed Nov 05 2014 Michal Schmidt - 217-3 +- Fix hanging journal flush (#1159641) + +* Fri Oct 31 2014 Michal Schmidt - 217-2 +- Fix ordering cycles involving systemd-journal-flush.service and + remote-fs.target (#1159117) + +* Tue Oct 28 2014 Lennart Poettering - 217-1 +- New upstream release + +* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 +- Drop PackageKit.service from presets (#1154126) + +* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 +- Conflict with old versions of initscripts (#1152183) +- Remove obsolete Finnish keymap (#1151958) + +* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 +- Fix a problem with voluntary daemon exits and some other bugs + (#1150477, #1095962, #1150289) + +* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 +- Update to latest git, but without the readahead removal patch + (#1114786, #634736) + +* Wed Oct 01 2014 Kay Sievers - 216-8 +- revert "don't reset selinux context during CHANGE events" + +* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 +- add temporary workaround for #1147910 +- don't reset selinux context during CHANGE events + +* Wed Sep 10 2014 Michal Schmidt - 216-6 +- Update timesyncd with patches to avoid hitting NTP pool too often. + +* Tue Sep 09 2014 Michal Schmidt - 216-5 +- Use common CONFIGURE_OPTS for build2 and build3. +- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. + +* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 +- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) + +* Thu Aug 28 2014 Peter Robinson 216-3 +- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) + +* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 +- Re-add patch to disable resolve.conf symlink (#1043119) + +* Wed Aug 20 2014 Lennart Poettering - 216-1 +- New upstream release + +* Mon Aug 18 2014 Fedora Release Engineering - 215-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Dan Horák 215-11 +- disable LTO also on s390(x) + +* Sat Aug 09 2014 Harald Hoyer 215-10 +- fixed PPC64LE + +* Wed Aug 6 2014 Tom Callaway - 215-9 +- fix license handling + +* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 +- Create systemd-journal-remote and systemd-journal-upload users (#1118907) + +* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 +- Split out systemd-compat-libs subpackage + +* Tue Jul 22 2014 Kalev Lember - 215-6 +- Rebuilt for gobject-introspection 1.41.4 + +* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 +- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) +- Add missing BR so gnutls and elfutils are used + +* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 +- Various man page updates +- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD + for better behaviour in containers +- Some small networkd link handling fixes +- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) +- New systemd-escape tool +- XZ compression settings are tweaked to greatly improve journald performance +- "watch" is accepted as chassis type +- Various sysusers fixes, most importantly correct selinux labels +- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) +- Shell completion improvements +- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access +- XEN and s390 virtualization is properly detected + +* Mon Jul 07 2014 Colin Walters - 215-3 +- Add patch to disable resolve.conf symlink (#1043119) + +* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 +- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) +- Disable /etc/mtab handling temporarily (#1116158) + +* Thu Jul 03 2014 Lennart Poettering - 215-1 +- New upstream release +- Enable coredump logic (which abrt would normally override) + +* Sun Jun 29 2014 Peter Robinson 214-5 +- On aarch64 disable LTO as it still has issues on that arch + +* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 +- Bugfixes (#996133, #1112908) + +* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 +- Actually create input group (#1054549) + +* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 +- Do not restart systemd-logind on upgrades (#1110697) +- Add some patches (#1081429, #1054549, #1108568, #928962) + +* Wed Jun 11 2014 Lennart Poettering - 214-1 +- New upstream release +- Get rid of "floppy" group, since udev uses "disk" now +- Reenable LTO + +* Sun Jun 08 2014 Fedora Release Engineering - 213-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kay Sievers - 213-3 +- fix systemd-timesync user creation + +* Wed May 28 2014 Michal Sekletar - 213-2 +- Create temporary files after installation (#1101983) +- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) + +* Wed May 28 2014 Kay Sievers - 213-1 +- New upstream release + +* Tue May 27 2014 Kalev Lember - 212-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Fri May 23 2014 Adam Williamson - 212-5 +- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) + +* Wed May 07 2014 Kay Sievers - 212-4 +- add netns udev workaround + +* Wed May 07 2014 Michal Sekletar - 212-3 +- enable uuidd.socket by default (#1095353) + +* Sat Apr 26 2014 Peter Robinson 212-2 +- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) + +* Tue Mar 25 2014 Lennart Poettering - 212-1 +- New upstream release + +* Mon Mar 17 2014 Peter Robinson 211-2 +- Explicitly define which upstream platforms support libseccomp + +* Tue Mar 11 2014 Lennart Poettering - 211-1 +- New upstream release + +* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 +- Fix logind unpriviledged reboot issue and a few other minor fixes +- Limit generator execution time +- Recognize buttonless joystick types + +* Fri Mar 07 2014 Karsten Hopp 210-7 +- ppc64le needs link warnings disabled, too + +* Fri Mar 07 2014 Karsten Hopp 210-6 +- move ifarch ppc64le to correct place (libseccomp req) + +* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 +- Bugfixes: #1047568, #1047039, #1071128, #1073402 +- Bash completions for more systemd tools +- Bluetooth database update +- Manpage fixes + +* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 +- Apply work-around for ppc64le too (#1073647). + +* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Backport a few patches, add completion for systemd-nspawn. + +* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 + +* Mon Feb 24 2014 Lennart Poettering - 210-2 +- Check more services against preset list and enable by default + +* Mon Feb 24 2014 Lennart Poettering - 210-1 +- new upstream release + +* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 +- Enable dnssec-triggerd.service by default (#1060754) + +* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 +- git snapshot to sort out ARM build issues + +* Thu Feb 20 2014 Lennart Poettering - 209-1 +- new upstream release + +* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 +- Make gpsd lazily activated (#1066421) + +* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 +- Back out patch which causes user manager to be destroyed when unneeded + and spams logs (#1053315) + +* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 +- A different fix for #1023820 taken from Mageia +- Backported fix for #997031 +- Hardward database updates, man pages improvements, a few small memory + leaks, utf-8 correctness and completion fixes +- Support for key-slot option in crypttab + +* Sat Jan 25 2014 Ville Skyttä - 208-12 +- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 +- Backport a few fixes, relevant documentation updates, and HWDB changes + (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, + #1043212, #1039351, #1031325, #1023820, #1017509, #953077) +- Flip journalctl to --full by default (#984758) + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 +- Apply two patches for #1026860 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 +- Bump release to stay ahead of f20 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 +- Backport patches (#1023041, #1036845, #1006386?) +- HWDB update +- Some small new features: nspawn --drop-capability=, running PID 1 under + valgrind, "yearly" and "annually" in calendar specifications +- Some small documentation and logging updates + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 +- Bump release to stay ahead of f20 + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 +- Use unit name in PrivateTmp= directories (#957439) +- Update manual pages, completion scripts, and hardware database +- Configurable Timeouts/Restarts default values +- Support printing of timestamps on the console +- Fix some corner cases in detecting when writing to the console is safe +- Python API: convert keyword values to string, fix sd_is_booted() wrapper +- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) +- Allow masking of fsck units +- Advertise hibernation to swap files +- Fix SO_REUSEPORT settings +- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) +- Make use of newer kmod +- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 + +* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 +- Add temporary fix for #1002806 + +* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 +- Backport a bunch of fixes and hwdb updates + +* Wed Oct 2 2013 Lennart Poettering - 208-2 +- Move old random seed and backlight files into the right place + +* Wed Oct 2 2013 Lennart Poettering - 208-1 +- New upstream release + +* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 +- Do not create /var/var/... dirs + +* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 +- Fix policykit authentication +- Resolves: rhbz#1006680 + +* Tue Sep 17 2013 Harald Hoyer 207-3 +- fixed login +- Resolves: rhbz#1005233 + +* Mon Sep 16 2013 Harald Hoyer 207-2 +- add some upstream fixes for 207 +- fixed swap activation +- Resolves: rhbz#1008604 + +* Fri Sep 13 2013 Lennart Poettering - 207-1 +- New upstream release + +* Fri Sep 06 2013 Harald Hoyer 206-11 +- support "debug" kernel command line parameter +- journald: fix fd leak in journal_file_empty +- journald: fix vacuuming of archived journals +- libudev: enumerate - do not try to match against an empty subsystem +- cgtop: fixup the online help +- libudev: fix memleak when enumerating childs + +* Wed Sep 04 2013 Harald Hoyer 206-10 +- Do not require grubby, lorax now takes care of grubby +- cherry-picked a lot of patches from upstream + +* Tue Aug 27 2013 Dennis Gilmore - 206-9 +- Require grubby, Fedora installs require grubby, +- kernel-install took over from new-kernel-pkg +- without the Requires we are unable to compose Fedora +- everyone else says that since kernel-install took over +- it is responsible for ensuring that grubby is in place +- this is really what we want for Fedora + +* Tue Aug 27 2013 Kay Sievers - 206-8 +- Revert "Require grubby its needed by kernel-install" + +* Mon Aug 26 2013 Dennis Gilmore 206-7 +- Require grubby its needed by kernel-install + +* Thu Aug 22 2013 Harald Hoyer 206-6 +- kernel-install now understands kernel flavors like PAE + +* Tue Aug 20 2013 Rex Dieter - 206-5 +- add sddm.service to preset file (#998978) + +* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 +- Filter out provides for private python modules. +- Add requires on kmod >= 14 (#990994). + +* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 +- New systemd-python3 package (#976427). +- Add ownership of a few directories that we create (#894202). + +* Sun Aug 04 2013 Fedora Release Engineering - 206-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Kay Sievers - 206-1 +- New upstream release + Resolves (#984152) + +* Wed Jul 3 2013 Lennart Poettering - 205-1 +- New upstream release + +* Wed Jun 26 2013 Michal Schmidt 204-10 +- Split systemd-journal-gateway subpackage (#908081). + +* Mon Jun 24 2013 Michal Schmidt 204-9 +- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) + +* Fri Jun 14 2013 Harald Hoyer 204-8 +- fix, which helps to sucessfully browse journals with + duplicated seqnums + +* Fri Jun 14 2013 Harald Hoyer 204-7 +- fix duplicate message ID bug +Resolves: rhbz#974132 + +* Thu Jun 06 2013 Harald Hoyer 204-6 +- introduce 99-default-disable.preset + +* Thu Jun 6 2013 Lennart Poettering - 204-5 +- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) + +* Tue May 28 2013 Harald Hoyer 204-4 +- Fix kernel-install (#965897) + +* Wed May 22 2013 Kay Sievers - 204-3 +- Fix kernel-install (#965897) + +* Thu May 9 2013 Lennart Poettering - 204-2 +- New upstream release +- disable isdn by default (#959793) + +* Tue May 07 2013 Harald Hoyer 203-2 +- forward port kernel-install-grubby.patch + +* Tue May 7 2013 Lennart Poettering - 203-1 +- New upstream release + +* Wed Apr 24 2013 Harald Hoyer 202-3 +- fix ENOENT for getaddrinfo +- Resolves: rhbz#954012 rhbz#956035 +- crypt-setup-generator: correctly check return of strdup +- logind-dbus: initialize result variable +- prevent library underlinking + +* Fri Apr 19 2013 Harald Hoyer 202-2 +- nspawn create empty /etc/resolv.conf if necessary +- python wrapper: add sd_journal_add_conjunction() +- fix s390 booting +- Resolves: rhbz#953217 + +* Thu Apr 18 2013 Lennart Poettering - 202-1 +- New upstream release + +* Tue Apr 09 2013 Michal Schmidt - 201-2 +- Automatically discover whether to run autoreconf and add autotools and git + BuildRequires based on the presence of patches to be applied. +- Use find -delete. + +* Mon Apr 8 2013 Lennart Poettering - 201-1 +- New upstream release + +* Mon Apr 8 2013 Lennart Poettering - 200-4 +- Update preset file + +* Fri Mar 29 2013 Lennart Poettering - 200-3 +- Remove NetworkManager-wait-online.service from presets file again, it should default to off + +* Fri Mar 29 2013 Lennart Poettering - 200-2 +- New upstream release + +* Tue Mar 26 2013 Lennart Poettering - 199-2 +- Add NetworkManager-wait-online.service to the presets file + +* Tue Mar 26 2013 Lennart Poettering - 199-1 +- New upstream release + +* Mon Mar 18 2013 Michal Schmidt 198-7 +- Drop /usr/s?bin/ prefixes. + +* Fri Mar 15 2013 Harald Hoyer 198-6 +- run autogen to pickup all changes + +* Fri Mar 15 2013 Harald Hoyer 198-5 +- do not mount anything, when not running as pid 1 +- add initrd.target for systemd in the initrd + +* Wed Mar 13 2013 Harald Hoyer 198-4 +- fix switch-root and local-fs.target problem +- patch kernel-install to use grubby, if available + +* Fri Mar 08 2013 Harald Hoyer 198-3 +- add Conflict with dracut < 026 because of the new switch-root isolate + +* Thu Mar 7 2013 Lennart Poettering - 198-2 +- Create required users + +* Thu Mar 7 2013 Lennart Poettering - 198-1 +- New release +- Enable journal persistancy by default + +* Sun Feb 10 2013 Peter Robinson 197-3 +- Bump for ARM + +* Fri Jan 18 2013 Michal Schmidt - 197-2 +- Added qemu-guest-agent.service to presets (Lennart, #885406). +- Add missing pygobject3-base to systemd-analyze deps (Lennart). +- Do not require hwdata, it is all in the hwdb now (Kay). +- Drop dependency on dbus-python. + +* Tue Jan 8 2013 Lennart Poettering - 197-1 +- New upstream release + +* Mon Dec 10 2012 Michal Schmidt - 196-4 +- Enable rngd.service by default (#857765). + +* Mon Dec 10 2012 Michal Schmidt - 196-3 +- Disable hardening on s390(x) because PIE is broken there and produces + text relocations with __thread (#868839). + +* Wed Dec 05 2012 Michal Schmidt - 196-2 +- added spice-vdagentd.service to presets (Lennart, #876237) +- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name + (requested by Milan Brož). +- verbose make to see the actual build flags + +* Wed Nov 21 2012 Lennart Poettering - 196-1 +- New upstream release + +* Tue Nov 20 2012 Lennart Poettering - 195-8 +- https://bugzilla.redhat.com/show_bug.cgi?id=873459 +- https://bugzilla.redhat.com/show_bug.cgi?id=878093 + +* Thu Nov 15 2012 Michal Schmidt - 195-7 +- Revert udev killing cgroup patch for F18 Beta. +- https://bugzilla.redhat.com/show_bug.cgi?id=873576 + +* Fri Nov 09 2012 Michal Schmidt - 195-6 +- Fix cyclical dep between systemd and systemd-libs. +- Avoid broken build of test-journal-syslog. +- https://bugzilla.redhat.com/show_bug.cgi?id=873387 +- https://bugzilla.redhat.com/show_bug.cgi?id=872638 + +* Thu Oct 25 2012 Kay Sievers - 195-5 +- require 'sed', limit HOSTNAME= match + +* Wed Oct 24 2012 Michal Schmidt - 195-4 +- add dmraid-activation.service to the default preset +- add yum protected.d fragment +- https://bugzilla.redhat.com/show_bug.cgi?id=869619 +- https://bugzilla.redhat.com/show_bug.cgi?id=869717 + +* Wed Oct 24 2012 Kay Sievers - 195-3 +- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to + systemd native files + +* Tue Oct 23 2012 Lennart Poettering - 195-2 +- Provide syslog because the journal is fine as a syslog implementation + +* Tue Oct 23 2012 Lennart Poettering - 195-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=831665 +- https://bugzilla.redhat.com/show_bug.cgi?id=847720 +- https://bugzilla.redhat.com/show_bug.cgi?id=858693 +- https://bugzilla.redhat.com/show_bug.cgi?id=863481 +- https://bugzilla.redhat.com/show_bug.cgi?id=864629 +- https://bugzilla.redhat.com/show_bug.cgi?id=864672 +- https://bugzilla.redhat.com/show_bug.cgi?id=864674 +- https://bugzilla.redhat.com/show_bug.cgi?id=865128 +- https://bugzilla.redhat.com/show_bug.cgi?id=866346 +- https://bugzilla.redhat.com/show_bug.cgi?id=867407 +- https://bugzilla.redhat.com/show_bug.cgi?id=868603 + +* Wed Oct 10 2012 Michal Schmidt - 194-2 +- Add scriptlets for migration away from systemd-timedated-ntp.target + +* Wed Oct 3 2012 Lennart Poettering - 194-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=859614 +- https://bugzilla.redhat.com/show_bug.cgi?id=859655 + +* Fri Sep 28 2012 Lennart Poettering - 193-1 +- New upstream release + +* Tue Sep 25 2012 Lennart Poettering - 192-1 +- New upstream release + +* Fri Sep 21 2012 Lennart Poettering - 191-2 +- Fix journal mmap header prototype definition to fix compilation on 32bit + +* Fri Sep 21 2012 Lennart Poettering - 191-1 +- New upstream release +- Enable all display managers by default, as discussed with Adam Williamson + +* Thu Sep 20 2012 Lennart Poettering - 190-1 +- New upstream release +- Take possession of /etc/localtime, and remove /etc/sysconfig/clock +- https://bugzilla.redhat.com/show_bug.cgi?id=858780 +- https://bugzilla.redhat.com/show_bug.cgi?id=858787 +- https://bugzilla.redhat.com/show_bug.cgi?id=858771 +- https://bugzilla.redhat.com/show_bug.cgi?id=858754 +- https://bugzilla.redhat.com/show_bug.cgi?id=858746 +- https://bugzilla.redhat.com/show_bug.cgi?id=858266 +- https://bugzilla.redhat.com/show_bug.cgi?id=858224 +- https://bugzilla.redhat.com/show_bug.cgi?id=857670 +- https://bugzilla.redhat.com/show_bug.cgi?id=856975 +- https://bugzilla.redhat.com/show_bug.cgi?id=855863 +- https://bugzilla.redhat.com/show_bug.cgi?id=851970 +- https://bugzilla.redhat.com/show_bug.cgi?id=851275 +- https://bugzilla.redhat.com/show_bug.cgi?id=851131 +- https://bugzilla.redhat.com/show_bug.cgi?id=847472 +- https://bugzilla.redhat.com/show_bug.cgi?id=847207 +- https://bugzilla.redhat.com/show_bug.cgi?id=846483 +- https://bugzilla.redhat.com/show_bug.cgi?id=846085 +- https://bugzilla.redhat.com/show_bug.cgi?id=845973 +- https://bugzilla.redhat.com/show_bug.cgi?id=845194 +- https://bugzilla.redhat.com/show_bug.cgi?id=845028 +- https://bugzilla.redhat.com/show_bug.cgi?id=844630 +- https://bugzilla.redhat.com/show_bug.cgi?id=839736 +- https://bugzilla.redhat.com/show_bug.cgi?id=835848 +- https://bugzilla.redhat.com/show_bug.cgi?id=831740 +- https://bugzilla.redhat.com/show_bug.cgi?id=823485 +- https://bugzilla.redhat.com/show_bug.cgi?id=821813 +- https://bugzilla.redhat.com/show_bug.cgi?id=807886 +- https://bugzilla.redhat.com/show_bug.cgi?id=802198 +- https://bugzilla.redhat.com/show_bug.cgi?id=767795 +- https://bugzilla.redhat.com/show_bug.cgi?id=767561 +- https://bugzilla.redhat.com/show_bug.cgi?id=752774 +- https://bugzilla.redhat.com/show_bug.cgi?id=732874 +- https://bugzilla.redhat.com/show_bug.cgi?id=858735 + +* Thu Sep 13 2012 Lennart Poettering - 189-4 +- Don't pull in pkg-config as dep +- https://bugzilla.redhat.com/show_bug.cgi?id=852828 + +* Wed Sep 12 2012 Lennart Poettering - 189-3 +- Update preset policy +- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish + +* Thu Aug 23 2012 Lennart Poettering - 189-2 +- Update preset policy +- https://bugzilla.redhat.com/show_bug.cgi?id=850814 + +* Thu Aug 23 2012 Lennart Poettering - 189-1 +- New upstream release + +* Thu Aug 16 2012 Ray Strode 188-4 +- more scriptlet fixes + (move dm migration logic to %%posttrans so the service + files it's looking for are available at the time + the logic is run) + +* Sat Aug 11 2012 Lennart Poettering - 188-3 +- Remount file systems MS_PRIVATE before switching roots +- https://bugzilla.redhat.com/show_bug.cgi?id=847418 + +* Wed Aug 08 2012 Rex Dieter - 188-2 +- fix scriptlets + +* Wed Aug 8 2012 Lennart Poettering - 188-1 +- New upstream release +- Enable gdm and avahi by default via the preset file +- Convert /etc/sysconfig/desktop to display-manager.service symlink +- Enable hardened build + +* Mon Jul 30 2012 Kay Sievers - 187-3 +- Obsolete: system-setup-keyboard + +* Wed Jul 25 2012 Kalev Lember - 187-2 +- Run ldconfig for the new -libs subpackage + +* Thu Jul 19 2012 Lennart Poettering - 187-1 +- New upstream release + +* Mon Jul 09 2012 Harald Hoyer 186-2 +- fixed dracut conflict version + +* Tue Jul 3 2012 Lennart Poettering - 186-1 +- New upstream release + +* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 +- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work + +* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 +- Update to current git + +* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 +- disable plymouth in configure, to drop the .wants/ symlinks + +* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 +- Update to current git snapshot + - Add systemd-readahead-analyze + - Drop upstream patch +- Split systemd-libs +- Drop duplicate doc files +- Fixed License headers of subpackages + +* Wed Jun 06 2012 Ray Strode - 185-3 +- Drop plymouth files +- Conflict with old plymouth + +* Tue Jun 05 2012 Kay Sievers - 185-2 +- selinux udev labeling fix +- conflict with older dracut versions for new udev file names + +* Mon Jun 04 2012 Kay Sievers - 185-1 +- New upstream release + - udev selinux labeling fixes + - new man pages + - systemctl help + +* Thu May 31 2012 Lennart Poettering - 184-1 +- New upstream release + +* Thu May 24 2012 Kay Sievers - 183-1 +- New upstream release including udev merge. + +* Wed Mar 28 2012 Michal Schmidt - 44-4 +- Add triggers from Bill Nottingham to correct the damage done by + the obsoleted systemd-units's preun scriptlet (#807457). + +* Mon Mar 26 2012 Dennis Gilmore - 44-3 +- apply patch from upstream so we can build systemd on arm and ppc +- and likely the rest of the secondary arches + +* Tue Mar 20 2012 Michal Schmidt - 44-2 +- Don't build the gtk parts anymore. They're moving into systemd-ui. +- Remove a dead patch file. + +* Fri Mar 16 2012 Lennart Poettering - 44-1 +- New upstream release +- Closes #798760, #784921, #783134, #768523, #781735 + +* Mon Feb 27 2012 Dennis Gilmore - 43-2 +- don't conflict with fedora-release systemd never actually provided +- /etc/os-release so there is no actual conflict + +* Wed Feb 15 2012 Lennart Poettering - 43-1 +- New upstream release +- Closes #789758, #790260, #790522 + +* Sat Feb 11 2012 Lennart Poettering - 42-1 +- New upstream release +- Save a bit of entropy during system installation (#789407) +- Don't own /etc/os-release anymore, leave that to fedora-release + +* Thu Feb 9 2012 Adam Williamson - 41-2 +- rebuild for fixed binutils + +* Thu Feb 9 2012 Lennart Poettering - 41-1 +- New upstream release + +* Tue Feb 7 2012 Lennart Poettering - 40-1 +- New upstream release + +* Thu Jan 26 2012 Kay Sievers - 39-3 +- provide /sbin/shutdown + +* Wed Jan 25 2012 Harald Hoyer 39-2 +- increment release + +* Wed Jan 25 2012 Kay Sievers - 39-1.1 +- install everything in /usr + https://fedoraproject.org/wiki/Features/UsrMove + +* Wed Jan 25 2012 Lennart Poettering - 39-1 +- New upstream release + +* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 +- Update to a current git snapshot. +- Resolves: #781657 + +* Sun Jan 22 2012 Michal Schmidt - 38-5 +- Build against libgee06. Reenable gtk tools. +- Delete unused patches. +- Add easy building of git snapshots. +- Remove legacy spec file elements. +- Don't mention implicit BuildRequires. +- Configure with --disable-static. +- Merge -units into the main package. +- Move section 3 manpages to -devel. +- Fix unowned directory. +- Run ldconfig in scriptlets. +- Split systemd-analyze to a subpackage. + +* Sat Jan 21 2012 Dan Horák - 38-4 +- fix build on big-endians + +* Wed Jan 11 2012 Lennart Poettering - 38-3 +- Disable building of gtk tools for now + +* Wed Jan 11 2012 Lennart Poettering - 38-2 +- Fix a few (build) dependencies + +* Wed Jan 11 2012 Lennart Poettering - 38-1 +- New upstream release + +* Tue Nov 15 2011 Michal Schmidt - 37-4 +- Run authconfig if /etc/pam.d/system-auth is not a symlink. +- Resolves: #753160 + +* Wed Nov 02 2011 Michal Schmidt - 37-3 +- Fix remote-fs-pre.target and its ordering. +- Resolves: #749940 + +* Wed Oct 19 2011 Michal Schmidt - 37-2 +- A couple of fixes from upstream: +- Fix a regression in bash-completion reported in Bodhi. +- Fix a crash in isolating. +- Resolves: #717325 + +* Tue Oct 11 2011 Lennart Poettering - 37-1 +- New upstream release +- Resolves: #744726, #718464, #713567, #713707, #736756 + +* Thu Sep 29 2011 Michal Schmidt - 36-5 +- Undo the workaround. Kay says it does not belong in systemd. +- Unresolves: #741655 + +* Thu Sep 29 2011 Michal Schmidt - 36-4 +- Workaround for the crypto-on-lvm-on-crypto disk layout +- Resolves: #741655 + +* Sun Sep 25 2011 Michal Schmidt - 36-3 +- Revert an upstream patch that caused ordering cycles +- Resolves: #741078 + +* Fri Sep 23 2011 Lennart Poettering - 36-2 +- Add /etc/timezone to ghosted files + +* Fri Sep 23 2011 Lennart Poettering - 36-1 +- New upstream release +- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 + +* Thu Sep 1 2011 Lennart Poettering - 35-1 +- New upstream release +- Update post scripts +- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 + +* Thu Aug 25 2011 Lennart Poettering - 34-1 +- New upstream release + +* Fri Aug 19 2011 Harald Hoyer 33-2 +- fix ABRT on service file reloading +- Resolves: rhbz#732020 + +* Wed Aug 3 2011 Lennart Poettering - 33-1 +- New upstream release + +* Fri Jul 29 2011 Lennart Poettering - 32-1 +- New upstream release + +* Wed Jul 27 2011 Lennart Poettering - 31-2 +- Fix access mode of modprobe file, restart logind after upgrade + +* Wed Jul 27 2011 Lennart Poettering - 31-1 +- New upstream release + +* Wed Jul 13 2011 Lennart Poettering - 30-1 +- New upstream release + +* Thu Jun 16 2011 Lennart Poettering - 29-1 +- New upstream release + +* Mon Jun 13 2011 Michal Schmidt - 28-4 +- Apply patches from current upstream. +- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) + +* Wed Jun 08 2011 Michal Schmidt - 28-3 +- Apply patches from current upstream +- https://bugzilla.redhat.com/show_bug.cgi?id=709909 +- https://bugzilla.redhat.com/show_bug.cgi?id=710839 +- https://bugzilla.redhat.com/show_bug.cgi?id=711015 + +* Sat May 28 2011 Lennart Poettering - 28-2 +- Pull in nss-myhostname + +* Thu May 26 2011 Lennart Poettering - 28-1 +- New upstream release + +* Wed May 25 2011 Lennart Poettering - 26-2 +- Bugfix release +- https://bugzilla.redhat.com/show_bug.cgi?id=707507 +- https://bugzilla.redhat.com/show_bug.cgi?id=707483 +- https://bugzilla.redhat.com/show_bug.cgi?id=705427 +- https://bugzilla.redhat.com/show_bug.cgi?id=707577 + +* Sat Apr 30 2011 Lennart Poettering - 26-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=699394 +- https://bugzilla.redhat.com/show_bug.cgi?id=698198 +- https://bugzilla.redhat.com/show_bug.cgi?id=698674 +- https://bugzilla.redhat.com/show_bug.cgi?id=699114 +- https://bugzilla.redhat.com/show_bug.cgi?id=699128 + +* Thu Apr 21 2011 Lennart Poettering - 25-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694788 +- https://bugzilla.redhat.com/show_bug.cgi?id=694321 +- https://bugzilla.redhat.com/show_bug.cgi?id=690253 +- https://bugzilla.redhat.com/show_bug.cgi?id=688661 +- https://bugzilla.redhat.com/show_bug.cgi?id=682662 +- https://bugzilla.redhat.com/show_bug.cgi?id=678555 +- https://bugzilla.redhat.com/show_bug.cgi?id=628004 + +* Wed Apr 6 2011 Lennart Poettering - 24-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694079 +- https://bugzilla.redhat.com/show_bug.cgi?id=693289 +- https://bugzilla.redhat.com/show_bug.cgi?id=693274 +- https://bugzilla.redhat.com/show_bug.cgi?id=693161 + +* Tue Apr 5 2011 Lennart Poettering - 23-1 +- New upstream release +- Include systemd-sysv-convert + +* Fri Apr 1 2011 Lennart Poettering - 22-1 +- New upstream release + +* Wed Mar 30 2011 Lennart Poettering - 21-2 +- The quota services are now pulled in by mount points, hence no need to enable them explicitly + +* Tue Mar 29 2011 Lennart Poettering - 21-1 +- New upstream release + +* Mon Mar 28 2011 Matthias Clasen - 20-2 +- Apply upstream patch to not send untranslated messages to plymouth + +* Tue Mar 8 2011 Lennart Poettering - 20-1 +- New upstream release + +* Tue Mar 1 2011 Lennart Poettering - 19-1 +- New upstream release + +* Wed Feb 16 2011 Lennart Poettering - 18-1 +- New upstream release + +* Mon Feb 14 2011 Bill Nottingham - 17-6 +- bump upstart obsoletes (#676815) + +* Wed Feb 9 2011 Tom Callaway - 17-5 +- add macros.systemd file for %%{_unitdir} + +* Wed Feb 09 2011 Fedora Release Engineering - 17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 9 2011 Lennart Poettering - 17-3 +- Fix popen() of systemctl, #674916 + +* Mon Feb 7 2011 Bill Nottingham - 17-2 +- add epoch to readahead obsolete + +* Sat Jan 22 2011 Lennart Poettering - 17-1 +- New upstream release + +* Tue Jan 18 2011 Lennart Poettering - 16-2 +- Drop console.conf again, since it is not shipped in pamtmp.conf + +* Sat Jan 8 2011 Lennart Poettering - 16-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 15-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 14-1 +- Upstream update +- Enable hwclock-load by default +- Obsolete readahead +- Enable /var/run and /var/lock on tmpfs + +* Fri Nov 19 2010 Lennart Poettering - 13-1 +- new upstream release + +* Wed Nov 17 2010 Bill Nottingham 12-3 +- Fix clash + +* Wed Nov 17 2010 Lennart Poettering - 12-2 +- Don't clash with initscripts for now, so that we don't break the builders + +* Wed Nov 17 2010 Lennart Poettering - 12-1 +- New upstream release + +* Fri Nov 12 2010 Matthias Clasen - 11-2 +- Rebuild with newer vala, libnotify + +* Thu Oct 7 2010 Lennart Poettering - 11-1 +- New upstream release + +* Wed Sep 29 2010 Jesse Keating - 10-6 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Bill Nottingham - 10-5 +- merge -sysvinit into main package + +* Mon Sep 20 2010 Bill Nottingham - 10-4 +- obsolete upstart-sysvinit too + +* Fri Sep 17 2010 Bill Nottingham - 10-3 +- Drop upstart requires + +* Tue Sep 14 2010 Lennart Poettering - 10-2 +- Enable audit +- https://bugzilla.redhat.com/show_bug.cgi?id=633771 + +* Tue Sep 14 2010 Lennart Poettering - 10-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=630401 +- https://bugzilla.redhat.com/show_bug.cgi?id=630225 +- https://bugzilla.redhat.com/show_bug.cgi?id=626966 +- https://bugzilla.redhat.com/show_bug.cgi?id=623456 + +* Fri Sep 3 2010 Bill Nottingham - 9-3 +- move fedora-specific units to initscripts; require newer version thereof + +* Fri Sep 3 2010 Lennart Poettering - 9-2 +- Add missing tarball + +* Fri Sep 3 2010 Lennart Poettering - 9-1 +- New upstream version +- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 + +* Fri Aug 27 2010 Lennart Poettering - 8-3 +- Reexecute after installation, take ownership of /var/run/user +- https://bugzilla.redhat.com/show_bug.cgi?id=627457 +- https://bugzilla.redhat.com/show_bug.cgi?id=627634 + +* Thu Aug 26 2010 Lennart Poettering - 8-2 +- Properly create default.target link + +* Wed Aug 25 2010 Lennart Poettering - 8-1 +- New upstream release + +* Thu Aug 12 2010 Lennart Poettering - 7-3 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 + +* Thu Aug 12 2010 Lennart Poettering - 7-2 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 + +* Tue Aug 10 2010 Lennart Poettering - 7-1 +- New upstream release + +* Fri Aug 6 2010 Lennart Poettering - 6-2 +- properly hide output on package installation +- pull in coreutils during package installtion + +* Fri Aug 6 2010 Lennart Poettering - 6-1 +- New upstream release +- Fixes #621200 + +* Wed Aug 4 2010 Lennart Poettering - 5-2 +- Add tarball + +* Wed Aug 4 2010 Lennart Poettering - 5-1 +- Prepare release 5 + +* Tue Jul 27 2010 Bill Nottingham - 4-4 +- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) + +* Sat Jul 24 2010 Lennart Poettering - 4-3 +- Add libselinux to build dependencies + +* Sat Jul 24 2010 Lennart Poettering - 4-2 +- Use the right tarball + +* Sat Jul 24 2010 Lennart Poettering - 4-1 +- New upstream release, and make default + +* Tue Jul 13 2010 Lennart Poettering - 3-3 +- Used wrong tarball + +* Tue Jul 13 2010 Lennart Poettering - 3-2 +- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore + +* Tue Jul 13 2010 Lennart Poettering - 3-1 +- New upstream release + +* Fri Jul 9 2010 Lennart Poettering - 2-0 +- New upstream release + +* Wed Jul 7 2010 Lennart Poettering - 1-0 +- First upstream release + +* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 +- New snapshot +- Split off -units package where other packages can depend on without pulling in the whole of systemd + +* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b +- Add missing libtool dependency. + +* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b +- Update snapshot + +* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 +- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 + +* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e +- More minor fixes as per review + +* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e +- Spec improvements from David Hollis + +* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e +- Address review comments + +* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 +- Initial spec (adopted from Kay Sievers) diff --git a/systemd_hs.if b/systemd_hs.if new file mode 100644 index 0000000..6695e0e --- /dev/null +++ b/systemd_hs.if @@ -0,0 +1,20 @@ +######################################## +## +## Allows the caller to use the SELinux status page. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`selinux_use_status_page',` + gen_require(` + type security_t; + ') + + dev_search_sysfs($1) + allow $1 security_t:dir list_dir_perms; + allow $1 security_t:file mmap_read_file_perms; +') diff --git a/systemd_hs.te b/systemd_hs.te new file mode 100644 index 0000000..ce80487 --- /dev/null +++ b/systemd_hs.te @@ -0,0 +1,68 @@ +policy_module(systemd_hs,0.0.1) + +# systemd overrides for 247 +gen_require(` + type avahi_t; + type cgroup_t; + type init_t; + type init_var_run_t; + type initrc_t; + class dbus send_msg; + type install_t; + type kmsg_device_t; + type policykit_auth_t; + type policykit_t; + type proc_kmsg_t; + type rpm_t; + type system_dbusd_t; + type system_dbusd_var_run_t; + type systemd_hostnamed_t; + type systemd_localed_t; + type systemd_logind_t; + type systemd_machined_t; + type systemd_resolved_t; + type systemd_tmpfiles_t; + type security_t; + type sssd_t; + type syslogd_t; + type udev_var_run_t; + type user_tmp_t; + type useradd_t; + type xdm_t; +') + +allow avahi_t init_var_run_t:dir read; +allow init_t kmsg_device_t:chr_file mounton; +allow init_t proc_kmsg_t:file { getattr mounton }; +allow init_t system_dbusd_var_run_t:sock_file read; +allow init_t systemd_machined_t:unix_stream_socket connectto; +allow policykit_auth_t init_var_run_t:dir read; +allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto; +allow policykit_t systemd_machined_t:unix_stream_socket connectto; +allow sssd_t cgroup_t:filesystem getattr; +allow syslogd_t user_tmp_t:lnk_file read; +allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto; +allow systemd_hostnamed_t init_var_run_t:dir write; +allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read }; +allow systemd_hostnamed_t initrc_t:dbus send_msg; +allow systemd_hostnamed_t install_t:dbus send_msg; +allow systemd_hostnamed_t udev_var_run_t:file getattr; +allow systemd_hostnamed_t udev_var_run_t:file open; +allow systemd_hostnamed_t udev_var_run_t:file read; +allow systemd_logind_t self:netlink_selinux_socket bind; +allow systemd_logind_t self:netlink_selinux_socket create; +allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto; +allow systemd_logind_t user_tmp_t:chr_file unlink; +allow systemd_machined_t init_var_run_t:sock_file create; +allow sssd_t cgroup_t:dir search; +allow sssd_t cgroup_t:filesystem getattr; +allow useradd_t init_var_run_t:dir read; +allow xdm_t systemd_machined_t:unix_stream_socket connectto; + +selinux_use_status_page(init_t) +selinux_use_status_page(rpm_t) +selinux_use_status_page(systemd_hostnamed_t) +selinux_use_status_page(systemd_localed_t) +selinux_use_status_page(systemd_logind_t) +selinux_use_status_page(systemd_resolved_t) +selinux_use_status_page(systemd_tmpfiles_t) diff --git a/sysusers.attr b/sysusers.attr new file mode 100644 index 0000000..367c137 --- /dev/null +++ b/sysusers.attr @@ -0,0 +1,2 @@ +%__sysusers_provides %{_rpmconfigdir}/sysusers.prov +%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh new file mode 100755 index 0000000..fd9938d --- /dev/null +++ b/sysusers.generate-pre.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# This script turns sysuser.d files into scriptlets mandated by Fedora +# packaging guidelines. The general idea is to define users using the +# declarative syntax but to turn this into traditional scriptlets. + +user() { + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" + + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin + + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat </dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' +EOF + else + cat </dev/null ; then + if ! getent passwd '$uid' >/dev/null ; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + else + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + fi +fi + +EOF + fi +} + +group() { + group="$1" + gid="$2" + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group '$group' >/dev/null || groupadd -r '$group' + EOF + else + cat <<-EOF + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' + EOF + fi +} + +parse() { + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + # TODO: user:group support + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[2]}" + ;; + esac + done +} + +for fn in "$@"; do + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" +done diff --git a/sysusers.prov b/sysusers.prov new file mode 100755 index 0000000..a6eda5d --- /dev/null +++ b/sysusers.prov @@ -0,0 +1,28 @@ +#!/bin/bash + +parse() { + while read line; do + [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue + line="${line## *}" + [ -z "$line" ] && continue + set -- $line + case "$1" in + ('u') + echo "user($2)" + echo "group($2)" + # TODO: user:group support + ;; + ('g') + echo "group($2)" + ;; + ('m') + echo "user($2)" + echo "group($3)" + ;; + esac + done +} + +while read fn; do + parse < "$fn" +done diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml new file mode 100644 index 0000000..94ea8a5 --- /dev/null +++ b/tests/tests-reboot.yml @@ -0,0 +1,50 @@ +--- +- hosts: localhost + vars: + - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" + tags: + - classic + tasks: + # switch SELinux to permissive mode + - name: Get default kernel + command: "grubby --default-kernel" + register: default_kernel + - debug: msg="{{ default_kernel.stdout }}" + - name: Set permissive mode + command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" + + - name: reboot + block: + - name: restart host + shell: sleep 2 && shutdown -r now "Ansible updates triggered" + async: 1 + poll: 0 + ignore_errors: true + + - name: wait for host to come back + wait_for_connection: + delay: 10 + timeout: 300 + + - name: Re-create /tmp/artifacts + command: mkdir /tmp/artifacts + + - name: Gather SELinux denials since boot + shell: | + result=pass + dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail + ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log + grep -q '' /tmp/avc.log || result=fail + echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml + ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log + + always: + - name: Pull out the artifacts + fetch: + dest: "{{ artifacts }}/" + src: "{{ item }}" + flat: yes + with_items: + - /tmp/test.log + - /tmp/avc.log + - /tmp/results.yml diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000..6c57d71 --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,89 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl daemon-reload || : + %{_bindir}/systemctl reload-or-restart --marked || : +fi + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl daemon-reload || : +fi + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining services that should be restarted here. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl reload-or-restart --marked || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-sysusers || : +fi + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-hwdb update || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +if test -d "/run/systemd/system"; then + %{_bindir}/journalctl --update-catalog || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + %{_bindir}/udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch new file mode 100644 index 0000000..d0e6762 --- /dev/null +++ b/use-bfq-scheduler.patch @@ -0,0 +1,41 @@ +From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Aug 2019 15:57:42 +0200 +Subject: [PATCH] udev: use bfq as the default scheduler + +As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. +Test results are that bfq seems to behave better and more consistently on +typical hardware. The kernel does not have a configuration option to set +the default scheduler, and it currently needs to be set by userspace. + +See the bug for more discussion and links. +--- + rules.d/60-block-scheduler.rules | 5 +++++ + rules.d/meson.build | 1 + + 2 files changed, 6 insertions(+) + create mode 100644 rules.d/60-block-scheduler.rules + +diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules +new file mode 100644 +index 0000000000..480b941761 +--- /dev/null ++++ b/rules.d/60-block-scheduler.rules +@@ -0,0 +1,6 @@ ++# do not edit this file, it will be overwritten on update ++ ++ACTION=="add", SUBSYSTEM=="block", \ ++ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ ++ ENV{DEVTYPE}=="disk", \ ++ ATTR{queue/scheduler}="bfq" +diff --git a/rules.d/meson.build b/rules.d/meson.build +index ca4445d774..38d6aa6970 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -3,6 +3,7 @@ + rules = files(''' + 60-autosuspend.rules + 60-block.rules ++ 60-block-scheduler.rules + 60-cdrom_id.rules + 60-drm.rules + 60-evdev.rules diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev