diff --git a/.gitignore b/.gitignore index 3f15024..6cf7897 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,9 @@ -BUILD/ -BUILDROOT/ -RPMS/ -SOURCES/*.tar.gz -SRPMS/ +*~ +/.mail.list +/systemd-*/ +/.build-*.log +/x86_64/ +/systemd-*src.rpm +/systemd-*.tar.xz +/systemd-*.tar.gz +/*.rpm diff --git a/.systemd.metadata b/.systemd.metadata index 052ad4c..6e599db 100644 --- a/.systemd.metadata +++ b/.systemd.metadata @@ -1 +1 @@ -5e3b9df64a15cb3b446c0e74556ea9020ce50b8b SOURCES/systemd-249.4.tar.gz +5e3b9df64a15cb3b446c0e74556ea9020ce50b8b systemd-249.4.tar.gz diff --git a/.zuul.yaml b/.zuul.yaml new file mode 100644 index 0000000..591bb8a --- /dev/null +++ b/.zuul.yaml @@ -0,0 +1,5 @@ +- project: + vars: + install_repo_exclude: + - systemd-standalone-tmpfiles + - systemd-standalone-sysuser diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch new file mode 100644 index 0000000..f7b3a61 --- /dev/null +++ b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch @@ -0,0 +1,257 @@ +From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Jul 2021 14:02:36 +0200 +Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other + commands + +We can make things a bit simpler and more readable by not specifying the path. +Since we didn't specify the full path for all commands (including those invoked +recursively by anythign we invoke), this didn't really privide any security or +robustness benefits. I guess that full paths were used because this style of +rpm packagnig was popular in the past, with macros used for everything +possible, with special macros for common commands like %{__ln} and %{__mkdir}. + +(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef) +--- + src/rpm/macros.systemd.in | 24 ++++++++++++------------ + src/rpm/triggers.systemd.in | 18 +++++++++--------- + src/rpm/triggers.systemd.sh.in | 18 +++++++++--------- + 3 files changed, 30 insertions(+), 30 deletions(-) + +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index 3a0169a85f..3129ab2d61 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \ + + %systemd_post() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ +-if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ + # Initial installation \ +- %{_bindir}/systemctl --no-reload preset %{?*} || : \ ++ systemctl --no-reload preset %{?*} || : \ + fi \ + %{nil} + +@@ -56,21 +56,21 @@ fi \ + + %systemd_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ +-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ + # Package removal, not upgrade \ + if [ -d /run/systemd/system ]; then \ +- %{_bindir}/systemctl --no-reload disable --now %{?*} || : \ ++ systemctl --no-reload disable --now %{?*} || : \ + else \ +- %{_bindir}/systemctl --no-reload disable %{?*} || : \ ++ systemctl --no-reload disable %{?*} || : \ + fi \ + fi \ + %{nil} + + %systemd_user_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ +-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ + # Package removal, not upgrade \ +- %{_bindir}/systemctl --global disable %{?*} || : \ ++ systemctl --global disable %{?*} || : \ + fi \ + %{nil} + +@@ -84,10 +84,10 @@ fi \ + + %systemd_postun_with_restart() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ +-if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ ++if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ + # Package upgrade, not uninstall \ + for unit in %{?*}; do \ +- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ ++ systemctl set-property $unit Markers=+needs-restart || : \ + done \ + fi \ + %{nil} +@@ -105,17 +105,17 @@ fi \ + # Deprecated. Use %tmpfiles_create_package instead + %tmpfiles_create() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \ +-[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \ ++command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \ + %{nil} + + # Deprecated. Use %sysusers_create_package instead + %sysusers_create() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \ +-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \ ++command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \ + %{nil} + + %sysusers_create_inline() \ +-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - </dev/null && systemd-sysusers - < 0 then + posix.wait(pid) + end + + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) ++ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -38,7 +38,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemctl", "daemon-reload")) ++ assert(posix.execp("systemctl", "daemon-reload")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -49,7 +49,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) ++ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -62,7 +62,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-sysusers")) ++ assert(posix.execp("systemd-sysusers")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -74,7 +74,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) ++ assert(posix.execp("systemd-hwdb", "update")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -86,7 +86,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) ++ assert(posix.execp("journalctl", "--update-catalog")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -111,7 +111,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create")) ++ assert(posix.execp("systemd-tmpfiles", "--create")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -123,7 +123,7 @@ end + if posix.access("/run/systemd/system") then + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/udevadm", "control", "--reload")) ++ assert(posix.execp("udevadm", "control", "--reload")) + elseif pid > 0 then + posix.wait(pid) + end +diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in +index 22abad9812..1631be18c9 100644 +--- a/src/rpm/triggers.systemd.sh.in ++++ b/src/rpm/triggers.systemd.sh.in +@@ -15,8 +15,8 @@ + # installed, because other cases are covered by the *un scriptlets, + # so sometimes we will reload needlessly. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemctl daemon-reload || : +- %{_bindir}/systemctl reload-or-restart --marked || : ++ systemctl daemon-reload || : ++ systemctl reload-or-restart --marked || : + fi + + %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +@@ -26,13 +26,13 @@ fi + # have been installed, but before %postun scripts in packages get + # executed. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemctl daemon-reload || : ++ systemctl daemon-reload || : + fi + + %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # We restart remaining services that should be restarted here. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemctl reload-or-restart --marked || : ++ systemctl reload-or-restart --marked || : + fi + + %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} +@@ -40,21 +40,21 @@ fi + # specified users automatically. The priority is set such that it + # will run before the tmpfiles file trigger. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemd-sysusers || : ++ systemd-sysusers || : + fi + + %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} + # This script will automatically invoke hwdb update if files have been + # installed or updated in {{UDEV_HWDB_DIR}}. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemd-hwdb update || : ++ systemd-hwdb update || : + fi + + %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} + # This script will automatically invoke journal catalog update if files + # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. + if test -d "/run/systemd/system"; then +- %{_bindir}/journalctl --update-catalog || : ++ journalctl --update-catalog || : + fi + + %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} +@@ -71,14 +71,14 @@ fi + # tmpfiles automatically. The priority is set such that it will run + # after the sysusers file trigger, but before any other triggers. + if test -d "/run/systemd/system"; then +- %{_bindir}/systemd-tmpfiles --create || : ++ systemd-tmpfiles --create || : + fi + + %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}} + # This script will automatically update udev with new rules if files + # have been installed or updated in {{UDEV_RULES_DIR}}. + if test -e /run/udev/control; then +- %{_bindir}/udevadm control --reload || : ++ udevadm control --reload || : + fi + + %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} +-- +2.31.1 + diff --git a/0001-sysv-generator-downgrade-log-warning-about-autogener.patch b/0001-sysv-generator-downgrade-log-warning-about-autogener.patch new file mode 100644 index 0000000..df2bbee --- /dev/null +++ b/0001-sysv-generator-downgrade-log-warning-about-autogener.patch @@ -0,0 +1,30 @@ +From 0c21535392bf6296d213c35fd1a0b0bc89dbddb3 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Wed, 31 Mar 2021 14:04:09 -0700 +Subject: [PATCH] sysv-generator: downgrade log warning about autogenerated to + debug + +--- + src/sysv-generator/sysv-generator.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index 8c7aef23c3..89599a69ee 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -786,9 +786,9 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { + if (!fpath) + return log_oom(); + +- log_warning("SysV service '%s' lacks a native systemd unit file. " +- "Automatically generating a unit file for compatibility. " +- "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); ++ log_debug("SysV service '%s' lacks a native systemd unit file. " ++ "Automatically generating a unit file for compatibility. " ++ "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); + + service = new(SysvStub, 1); + if (!service) +-- +2.30.2 + diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch new file mode 100644 index 0000000..32047c5 --- /dev/null +++ b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch @@ -0,0 +1,337 @@ +From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 22 Jul 2021 11:22:33 +0200 +Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl + commands +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Instead of embedding the commands to invoke directly in the macros, +let's use a helper script as indirection. This has a couple of advantages: + +- the macro language is awkward, we need to suffix most commands by "|| :" + and "\", which is easy to get wrong. In the new scheme, the macro becomes + a single simple command. +- in the script we can use normal syntax highlighting, shellcheck, etc. +- it's also easier to test the invoked commands by invoking the helper + manually. +- most importantly, the logic is contained in the helper, i.e. we can + update systemd rpm and everything uses the new helper. Before, we would + have to rebuild all packages to update the macro definition. + +This raises the question whether it makes sense to use the lua scriptlets when +the real work is done in a bash script. I think it's OK: we still have the +efficient lua scripts that do the short scripts, and we use a single shared +implementation in bash to do the more complex stuff. + +The meson version is raised to 0.47 because that's needed for install_mode. +We were planning to raise the required version anyway… + +(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4) +--- + README | 2 +- + meson.build | 3 +- + src/rpm/macros.systemd.in | 30 ++++++++-------- + src/rpm/meson.build | 13 ++++--- + src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++ + src/rpm/triggers.systemd.in | 43 ++++++++--------------- + src/rpm/triggers.systemd.sh.in | 13 ++----- + 7 files changed, 105 insertions(+), 59 deletions(-) + create mode 100755 src/rpm/systemd-update-helper.in + +diff --git a/README b/README +index 0e5c326deb..a8f23a0d5b 100644 +--- a/README ++++ b/README +@@ -193,7 +193,7 @@ REQUIREMENTS: + python-jinja2 + python-lxml (optional, required to build the indices) + python >= 3.5 +- meson >= 0.46 (>= 0.49 is required to build position-independent executables) ++ meson >= 0.47 (>= 0.49 is required to build position-independent executables) + ninja + gcc, awk, sed, grep, and similar tools + clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs +diff --git a/meson.build b/meson.build +index 738879eb21..fb986e84f7 100644 +--- a/meson.build ++++ b/meson.build +@@ -10,7 +10,7 @@ project('systemd', 'c', + 'localstatedir=/var', + 'warning_level=2', + ], +- meson_version : '>= 0.46', ++ meson_version : '>= 0.47', + ) + + libsystemd_version = '0.32.0' +@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib + conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) + conf.set_quoted('SYSTEMD_TEST_DATA', join_paths(testsdir, 'testdata')) + conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) ++conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', join_paths(rootlibexecdir, 'systemd-update-helper')) + conf.set_quoted('SYSTEMD_USERWORK_PATH', join_paths(rootlibexecdir, 'systemd-userwork')) + conf.set_quoted('SYSTEMD_VERITYSETUP_PATH', join_paths(rootlibexecdir, 'systemd-veritysetup')) + conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'system')) +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index 3129ab2d61..bbdf036da7 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \ + + %systemd_post() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ +-if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Initial installation \ +- systemctl --no-reload preset %{?*} || : \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \ + fi \ + %{nil} + +-%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} ++%systemd_user_post() \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \ ++if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Initial installation \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \ ++fi \ ++%{nil} + + %systemd_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ +-if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package removal, not upgrade \ +- if [ -d /run/systemd/system ]; then \ +- systemctl --no-reload disable --now %{?*} || : \ +- else \ +- systemctl --no-reload disable %{?*} || : \ +- fi \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \ + fi \ + %{nil} + + %systemd_user_preun() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ +-if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package removal, not upgrade \ +- systemctl --global disable %{?*} || : \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \ + fi \ + %{nil} + +@@ -84,11 +86,9 @@ fi \ + + %systemd_postun_with_restart() \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ +-if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package upgrade, not uninstall \ +- for unit in %{?*}; do \ +- systemctl set-property $unit Markers=+needs-restart || : \ +- done \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ + fi \ + %{nil} + +diff --git a/src/rpm/meson.build b/src/rpm/meson.build +index fc72fee73c..2ad3308cc1 100644 +--- a/src/rpm/meson.build ++++ b/src/rpm/meson.build +@@ -1,9 +1,13 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + + in_files = [ +- ['macros.systemd', rpmmacrosdir != 'no'], +- ['triggers.systemd', false], +- ['triggers.systemd.sh', false]] ++ ['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir], ++ ++ # we conditionalize on rpmmacrosdir, but install into rootlibexecdir ++ ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'], ++ ++ ['triggers.systemd', false], ++ ['triggers.systemd.sh', false]] + + # The last two don't get installed anywhere, one of them needs to included in + # the rpm spec file definition instead. +@@ -17,6 +21,7 @@ foreach tuple : in_files + command : [meson_render_jinja2, config_h, '@INPUT@'], + capture : true, + install : tuple[1], +- install_dir : rpmmacrosdir, ++ install_dir : tuple.length() > 2 ? tuple[2] : '', ++ install_mode : tuple.length() > 3 ? tuple[3] : false, + build_by_default : true) + endforeach +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +new file mode 100755 +index 0000000000..9fa49fa131 +--- /dev/null ++++ b/src/rpm/systemd-update-helper.in +@@ -0,0 +1,60 @@ ++#!/bin/bash ++set -eu ++set -o pipefail ++ ++command="${1:?}" ++shift ++ ++command -v systemctl >/dev/null || exit 0 ++ ++case "$command" in ++ install-system-units) ++ systemctl --no-reload preset "$@" ++ ;; ++ ++ install-user-units) ++ systemctl --no-reload preset --global "$@" ++ ;; ++ ++ remove-system-units) ++ if [ -d /run/systemd/system ]; then ++ systemctl --no-reload disable --now "$@" ++ else ++ systemctl --no-reload disable "$@" ++ fi ++ ;; ++ ++ remove-user-units) ++ systemctl --global disable "$@" ++ ;; ++ ++ mark-restart-system-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ for unit in "$@"; do ++ systemctl set-property "$unit" Markers=+needs-restart || : ++ done ++ ;; ++ ++ system-reload-restart|system-reload|system-restart) ++ if [ -n "$*" ]; then ++ echo "Unexpected arguments for '$command': $*" ++ exit 2 ++ fi ++ ++ [ -d /run/systemd/system ] || exit 0 ++ ++ if [[ "$command" =~ reload ]]; then ++ systemctl daemon-reload ++ fi ++ ++ if [[ "$command" =~ restart ]]; then ++ systemctl reload-or-restart --marked ++ fi ++ ;; ++ ++ *) ++ echo "Unknown verb '$command'" ++ exit 3 ++ ;; ++esac +diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in +index 247358008a..d29cc33dfd 100644 +--- a/src/rpm/triggers.systemd.in ++++ b/src/rpm/triggers.systemd.in +@@ -13,20 +13,11 @@ + -- upgraded. We care about the case where a package is initially + -- installed, because other cases are covered by the *un scriptlets, + -- so sometimes we will reload needlessly. +-if posix.access("/run/systemd/system") then +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "daemon-reload")) +- elseif pid > 0 then +- posix.wait(pid) +- end +- +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) +- elseif pid > 0 then +- posix.wait(pid) +- end ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart")) ++elseif pid > 0 then ++ posix.wait(pid) + end + + %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +@@ -35,24 +26,20 @@ end + -- On upgrade, we need to run daemon-reload after any new unit files + -- have been installed, but before %postun scripts in packages get + -- executed. +-if posix.access("/run/systemd/system") then +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "daemon-reload")) +- elseif pid > 0 then +- posix.wait(pid) +- end ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload")) ++elseif pid > 0 then ++ posix.wait(pid) + end + + %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + -- We restart remaining services that should be restarted here. +-if posix.access("/run/systemd/system") then +- pid = posix.fork() +- if pid == 0 then +- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) +- elseif pid > 0 then +- posix.wait(pid) +- end ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) ++elseif pid > 0 then ++ posix.wait(pid) + end + + %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} +diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in +index 1631be18c9..83cd7617f8 100644 +--- a/src/rpm/triggers.systemd.sh.in ++++ b/src/rpm/triggers.systemd.sh.in +@@ -14,10 +14,7 @@ + # upgraded. We care about the case where a package is initially + # installed, because other cases are covered by the *un scriptlets, + # so sometimes we will reload needlessly. +-if test -d "/run/systemd/system"; then +- systemctl daemon-reload || : +- systemctl reload-or-restart --marked || : +-fi ++{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : + + %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # On removal, we need to run daemon-reload after any units have been +@@ -25,15 +22,11 @@ fi + # On upgrade, we need to run daemon-reload after any new unit files + # have been installed, but before %postun scripts in packages get + # executed. +-if test -d "/run/systemd/system"; then +- systemctl daemon-reload || : +-fi ++{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : + + %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # We restart remaining services that should be restarted here. +-if test -d "/run/systemd/system"; then +- systemctl reload-or-restart --marked || : +-fi ++{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : + + %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} + # This script will process files installed in {{SYSUSERS_DIR}} to create +-- +2.31.1 + diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch new file mode 100644 index 0000000..4637f3e --- /dev/null +++ b/0003-rpm-call-needs-restart-in-parallel.patch @@ -0,0 +1,35 @@ +From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 22 Jul 2021 11:28:36 +0200 +Subject: [PATCH 3/5] rpm: call +needs-restart in parallel +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some rpms install a bunch of units… It seems nicer to invoke them all in +parallel. In particular, timeouts in systemctl also run in parallel, so if +there's some communication mishap, we will wait less. + +(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c) +--- + src/rpm/systemd-update-helper.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index 9fa49fa131..f3c75b75fa 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -32,8 +32,9 @@ case "$command" in + [ -d /run/systemd/system ] || exit 0 + + for unit in "$@"; do +- systemctl set-property "$unit" Markers=+needs-restart || : ++ systemctl set-property "$unit" Markers=+needs-restart & + done ++ wait + ;; + + system-reload-restart|system-reload|system-restart) +-- +2.31.1 + diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch new file mode 100644 index 0000000..eac9b89 --- /dev/null +++ b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch @@ -0,0 +1,259 @@ +From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Jul 2021 14:37:57 +0200 +Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction + +This closes an important gap: so far we would reexecute the system manager and +restart system services that were configured to do so, but we wouldn't do the +same for user managers or user services. + +The scheme used for user managers is very similar to the system one, except +that there can be multiple user managers running, so we query the system +manager to get a list of them, and then tell each one to do the equivalent +operations: daemon-reload, disable --now, set-property Markers=+needs-restart, +reload-or-restart --marked. + +The total time that can be spend on this is bounded: we execute the commands in +parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT +to a lower value (15 s by default). User managers should not have too many +units running, and they should be able to do all those operations very +quickly (<< 1s). The final restart operation may take longer, but it's done +asynchronously, so we only wait for the queuing to happen. + +The advantage of doing this synchronously is that we can wait for each step to +happen, and for example daemon-reloads can finish before we execute the service +restarts, etc. We can also order various steps wrt. to the phases in the rpm +transaction. + +When this was initially proposed, we discussed a more relaxed scheme with bus +property notifications. Such an approach would be more complex because a bunch +of infrastructure would have to be added to system manager to propagate +appropriate notifications to the user managers, and then the user managers +would have to wait for them. Instead, now there is no new code in the managers, +all new functionality is contained in src/rpm/. The ability to call 'systemctl +--user user@' makes this approach very easy. Also, it would be very hard to +order the user manager steps and the rpm transaction steps. + +Note: 'systemctl --user disable' is only called for a user managers that are +running. I don't see a nice way around this, and it shouldn't matter too much: +we'll just leave a dangling symlink in the case where the user enabled the +service manually. + +A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and +fa97d2fcf64e0558054bee673f734f523373b146. + +(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7) +--- + meson.build | 1 + + meson_options.txt | 2 ++ + src/rpm/macros.systemd.in | 6 +++- + src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++ + src/rpm/triggers.systemd.in | 28 ++++++++++++++++++- + src/rpm/triggers.systemd.sh.in | 13 ++++++++- + 6 files changed, 94 insertions(+), 3 deletions(-) + +diff --git a/meson.build b/meson.build +index fb986e84f7..d898d9ccd0 100644 +--- a/meson.build ++++ b/meson.build +@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) + conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) + conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) + conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) ++conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT', get_option('update-helper-user-timeout')) + conf.set_quoted('USER_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'user')) + conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) + conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) +diff --git a/meson_options.txt b/meson_options.txt +index 163c8df87d..9383c7da6a 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', + description : 'directory for xinitrc files') + option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', + description : 'directory for rpm macros ["no" disables]') ++option('update-helper-user-timeout', type : 'string', value : '15s', ++ description : 'how long to wait for user manager operations') + option('pamlibdir', type : 'string', + description : 'directory for PAM modules') + option('pamconfdir', type : 'string', +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index bbdf036da7..caa2e45595 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -93,7 +93,11 @@ fi \ + %{nil} + + %systemd_user_postun_with_restart() \ +-%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Package upgrade, not uninstall \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \ ++fi \ + %{nil} + + %udev_hwdb_update() %{nil} +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index f3c75b75fa..f3466ab3c0 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -26,6 +26,15 @@ case "$command" in + + remove-user-units) + systemctl --global disable "$@" ++ ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" disable --now "$@" & ++ done ++ wait + ;; + + mark-restart-system-units) +@@ -37,6 +46,17 @@ case "$command" in + wait + ;; + ++ mark-restart-user-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & ++ done ++ wait ++ ;; ++ + system-reload-restart|system-reload|system-restart) + if [ -n "$*" ]; then + echo "Unexpected arguments for '$command': $*" +@@ -54,6 +74,33 @@ case "$command" in + fi + ;; + ++ user-reload-restart|user-reload|user-restart) ++ if [ -n "$*" ]; then ++ echo "Unexpected arguments for '$command': $*" ++ exit 2 ++ fi ++ ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ ++ if [[ "$command" =~ reload ]]; then ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" daemon-reload & ++ done ++ wait ++ fi ++ ++ if [[ "$command" =~ restart ]]; then ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" reload-or-restart --marked & ++ done ++ wait ++ fi ++ ;; ++ + *) + echo "Unknown verb '$command'" + exit 3 +diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in +index d29cc33dfd..8aeb2049c1 100644 +--- a/src/rpm/triggers.systemd.in ++++ b/src/rpm/triggers.systemd.in +@@ -20,6 +20,14 @@ elseif pid > 0 then + posix.wait(pid) + end + ++%transfiletriggerin -P 900899 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart")) ++elseif pid > 0 then ++ posix.wait(pid) ++end ++ + %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + -- On removal, we need to run daemon-reload after any units have been + -- removed. +@@ -33,8 +41,17 @@ elseif pid > 0 then + posix.wait(pid) + end + ++%transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system ++-- Execute daemon-reload in user managers. ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload")) ++elseif pid > 0 then ++ posix.wait(pid) ++end ++ + %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +--- We restart remaining services that should be restarted here. ++-- We restart remaining system services that should be restarted here. + pid = posix.fork() + if pid == 0 then + assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) +@@ -42,6 +59,15 @@ elseif pid > 0 then + posix.wait(pid) + end + ++%transfiletriggerpostun -P 9999 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++-- We restart remaining user services that should be restarted here. ++pid = posix.fork() ++if pid == 0 then ++ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart")) ++elseif pid > 0 then ++ posix.wait(pid) ++end ++ + %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} + -- This script will process files installed in {{SYSUSERS_DIR}} to create + -- specified users automatically. The priority is set such that it +diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in +index 83cd7617f8..694cd94e8d 100644 +--- a/src/rpm/triggers.systemd.sh.in ++++ b/src/rpm/triggers.systemd.sh.in +@@ -16,6 +16,9 @@ + # so sometimes we will reload needlessly. + {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : + ++%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || : ++ + %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system + # On removal, we need to run daemon-reload after any units have been + # removed. +@@ -24,10 +27,18 @@ + # executed. + {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : + ++%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++# Execute daemon-reload in user managers. ++{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || : ++ + %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system +-# We restart remaining services that should be restarted here. ++# We restart remaining system services that should be restarted here. + {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : + ++%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user ++# We restart remaining user services that should be restarted here. ++{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || : ++ + %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} + # This script will process files installed in {{SYSUSERS_DIR}} to create + # specified users automatically. The priority is set such that it +-- +2.31.1 + diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch new file mode 100644 index 0000000..7c4f7ba --- /dev/null +++ b/0005-update-helper-also-add-user-reexec-verb.patch @@ -0,0 +1,47 @@ +From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 23 Jul 2021 15:35:23 +0200 +Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb + +This is not called from the systemd.triggers or systemd.macros files. Instead, +it would be called from the scriptlets in systemd rpm package itself, at the +place where we call systemctl daemon-reexec. + +See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . + +(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533) +--- + src/rpm/systemd-update-helper.in | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index f3466ab3c0..0c6675a9db 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -74,7 +74,7 @@ case "$command" in + fi + ;; + +- user-reload-restart|user-reload|user-restart) ++ user-reload-restart|user-reload|user-restart|user-reexec) + if [ -n "$*" ]; then + echo "Unexpected arguments for '$command': $*" + exit 2 +@@ -84,6 +84,14 @@ case "$command" in + + users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') + ++ if [[ "$command" =~ reexec ]]; then ++ for user in $users; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" daemon-reexec & ++ done ++ wait ++ fi ++ + if [[ "$command" =~ reload ]]; then + for user in $users; do + SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ +-- +2.31.1 + diff --git a/10-oomd-defaults.conf b/10-oomd-defaults.conf new file mode 100644 index 0000000..0254657 --- /dev/null +++ b/10-oomd-defaults.conf @@ -0,0 +1,2 @@ +[OOM] +DefaultMemoryPressureDurationSec=20s diff --git a/10-oomd-root-slice-defaults.conf b/10-oomd-root-slice-defaults.conf new file mode 100644 index 0000000..49958e8 --- /dev/null +++ b/10-oomd-root-slice-defaults.conf @@ -0,0 +1,2 @@ +[Slice] +ManagedOOMSwap=kill diff --git a/10-oomd-user-service-defaults.conf b/10-oomd-user-service-defaults.conf new file mode 100644 index 0000000..94d5c87 --- /dev/null +++ b/10-oomd-user-service-defaults.conf @@ -0,0 +1,3 @@ +[Service] +ManagedOOMMemoryPressure=kill +ManagedOOMMemoryPressureLimit=50% diff --git a/18621-fb.patch b/18621-fb.patch new file mode 100644 index 0000000..9bd802a --- /dev/null +++ b/18621-fb.patch @@ -0,0 +1,90 @@ +From 0762f129c6a9c7bbdb5d575c486d5cf4f7fdae8d Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Tue, 16 Feb 2021 12:17:36 +0000 +Subject: [PATCH] proc: dont trigger mount error with invalid options on old + kernels + +As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce +ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs +mount options") kernels older than v5.8 generate multple warnings at +boot, as seen in this Yocto build from today: + + qemux86-64 login: root + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# dmesg|grep proc: + [ 16.990706] proc: Bad value for 'hidepid' + [ 28.060178] proc: Bad value for 'hidepid' + [ 28.874229] proc: Bad value for 'hidepid' + [ 32.685107] proc: Bad value for 'hidepid' + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# + +We see reports of the issue as in general its hard to someone to tell +the difference between an error in dmesg which they should worry about and +one that is harmless. This adds support burden to developers so Yocto +Project has added this patch. + +The commit that triggers this is systemd v247-rc1~378^2~3 -- so any +systemd 247 and above plus kernel v5.7 or older will need this. + +As noted in https://github.com/systemd/systemd/issues/16896 +it is possible changes could be backported to different kernel versions +so the test isn't 100% foolproof but does give better results than a +continual stream of bug reports. + +Signed-off-by: Richard Purdie + +Changes from Anita Zhang +- Use 5.6.13-0_fbk9 version comparison for FB build +--- + src/core/namespace.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index d47531408b..8be8352a8e 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -4,7 +4,9 @@ + #include + #include + #include ++#include + #include ++#include + #include + #include + +@@ -1018,12 +1020,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { + _cleanup_free_ char *opts = NULL; + const char *entry_path; + int r, n; ++ struct utsname uts; ++ bool old = false; + + assert(m); + assert(ns_info); + +- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || +- ns_info->proc_subset != PROC_SUBSET_ALL) { ++ /* If uname says that the system is older than v5.6.13-0_fbk9, then the textual hidepid= stuff is not ++ * supported by the kernel, and thus the per-instance hidepid= neither, which means we ++ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's ++ * gracefully fallback to a classic, unrestricted version. */ ++ ++ r = uname(&uts); ++ if (r < 0) ++ return -errno; ++ ++ if (strverscmp(uts.release, "5.6.13-0_fbk9") < 0) { ++ log_debug("Pre v5.6.13-0_fbk9 kernel detected [v%s] - skipping hidepid=", uts.release); ++ old = true; ++ } ++ ++ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || ++ ns_info->proc_subset != PROC_SUBSET_ALL)) { + + /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it + * pretended to be per-instance but actually was per-namespace), hence let's make use of it +-- +2.30.2 + diff --git a/18621.patch b/18621.patch new file mode 100644 index 0000000..80bd969 --- /dev/null +++ b/18621.patch @@ -0,0 +1,84 @@ +From c225bc59b8907de11f389bd8efb82155ccde75a7 Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Tue, 16 Feb 2021 12:17:36 +0000 +Subject: [PATCH] proc: dont trigger mount error with invalid options on old + kernels + +As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce +ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs +mount options") kernels older than v5.8 generate multple warnings at +boot, as seen in this Yocto build from today: + + qemux86-64 login: root + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# dmesg|grep proc: + [ 16.990706] proc: Bad value for 'hidepid' + [ 28.060178] proc: Bad value for 'hidepid' + [ 28.874229] proc: Bad value for 'hidepid' + [ 32.685107] proc: Bad value for 'hidepid' + [ 65.829009] proc: Bad value for 'hidepid' + root@qemux86-64:~# + +We see reports of the issue as in general its hard to someone to tell +the difference between an error in dmesg which they should worry about and +one that is harmless. This adds support burden to developers so Yocto +Project has added this patch. + +The commit that triggers this is systemd v247-rc1~378^2~3 -- so any +systemd 247 and above plus kernel v5.7 or older will need this. + +As noted in https://github.com/systemd/systemd/issues/16896 +it is possible changes could be backported to different kernel versions +so the test isn't 100% foolproof but does give better results than a +continual stream of bug reports. + +Signed-off-by: Richard Purdie +--- + src/core/namespace.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 4ed0991b56d1..3fa2d4e9d640 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -4,7 +4,9 @@ + #include + #include + #include ++#include + #include ++#include + #include + #include + +@@ -881,12 +883,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { + _cleanup_free_ char *opts = NULL; + const char *entry_path; + int r, n; ++ struct utsname uts; ++ bool old = false; + + assert(m); + assert(ns_info); + +- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || +- ns_info->proc_subset != PROC_SUBSET_ALL) { ++ /* If uname says that the system is older than v5.8, then the textual hidepid= stuff is not ++ * supported by the kernel, and thus the per-instance hidepid= neither, which means we ++ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's ++ * gracefully fallback to a classic, unrestricted version. */ ++ ++ r = uname(&uts); ++ if (r < 0) ++ return -errno; ++ ++ if (strverscmp(uts.release, "5.8") < 0) { ++ log_debug("Pre v5.8 kernel detected [v%s] - skipping hidepid=", uts.release); ++ old = true; ++ } ++ ++ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || ++ ns_info->proc_subset != PROC_SUBSET_ALL)) { + + /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it + * pretended to be per-instance but actually was per-namespace), hence let's make use of it diff --git a/20-grubby.install b/20-grubby.install new file mode 100755 index 0000000..e059125 --- /dev/null +++ b/20-grubby.install @@ -0,0 +1,51 @@ +#!/bin/bash + +if [[ ! -x /sbin/new-kernel-pkg ]]; then + exit 0 +fi + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" +[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" +case "$COMMAND" in + add) + if [[ "${KERNEL_DIR}" != "/boot" ]]; then + for i in \ + "$KERNEL_IMAGE" \ + "$KERNEL_DIR"/System.map \ + "$KERNEL_DIR"/config \ + "$KERNEL_DIR"/zImage.stub \ + "$KERNEL_DIR"/dtb \ + ; do + [[ -e "$i" ]] || continue + cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" + command -v restorecon &>/dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + ;; + remove) + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + ;; + *) + ;; +esac + +# skip other installation plugins, if we can't find a boot loader spec conforming setup +if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then + exit 77 +fi diff --git a/20-yama-ptrace.conf b/20-yama-ptrace.conf new file mode 100644 index 0000000..4fbaf97 --- /dev/null +++ b/20-yama-ptrace.conf @@ -0,0 +1,42 @@ +# The ptrace system call is used for interprocess services, +# communication and introspection (like synchronisation, signaling, +# debugging, tracing and profiling) of processes. +# +# Usage of ptrace is restricted by normal user permissions. Normal +# unprivileged processes cannot use ptrace on processes that they +# cannot send signals to or processes that are running set-uid or +# set-gid. Nevertheless, processes running under the same uid will +# usually be able to ptrace one another. +# +# Fedora enables the Yama security mechanism which restricts ptrace +# even further. Sysctl setting kernel.yama.ptrace_scope can have one +# of the following values: +# +# 0 - Normal ptrace security permissions. +# 1 - Restricted ptrace. Only child processes plus normal permissions. +# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. +# 3 - No attach. No process may call ptrace at all. Irrevocable. +# +# For more information see Documentation/security/Yama.txt in the +# kernel sources. +# +# The default is 1., which allows tracing of child processes, but +# forbids tracing of arbitrary processes. This allows programs like +# gdb or strace to work when the most common way of having the +# debugger start the debuggee is used: +# gdb /path/to/program ... +# Attaching to already running programs is NOT allowed: +# gdb -p ... +# This default setting is suitable for the common case, because it +# reduces the risk that one hacked process can be used to attack other +# processes. (For example, a hacked firefox process in a user session +# will not be able to ptrace the keyring process and extract passwords +# stored only in memory.) +# +# Developers and administrators might want to disable those protections +# to be able to attach debuggers to existing processes. Use +# sysctl kernel.yama.ptrace_scope=0 +# for change the setting temporarily, or copy this file to +# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. + +kernel.yama.ptrace_scope = 0 diff --git a/20450.patch b/20450.patch new file mode 100644 index 0000000..e63c3d2 --- /dev/null +++ b/20450.patch @@ -0,0 +1,86 @@ +From 0db68800c756f298ef45584ac01915c2cb2ce359 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 16 Aug 2021 23:47:40 +0900 +Subject: [PATCH 1/2] ethtool: make the size of 'features' array static + +--- + src/shared/ethtool-util.c | 2 +- + src/shared/ethtool-util.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index f77f6943ca4f..699c7a97ab97 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -501,7 +501,7 @@ static int set_features_bit( + return found ? 0 : -ENODATA; + } + +-int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features) { ++int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { + _cleanup_free_ struct ethtool_gstrings *strings = NULL; + struct ethtool_sfeatures *sfeatures; + struct ifreq ifr = {}; +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 7d287666249a..f0fc40b0595f 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -88,7 +88,7 @@ int ethtool_get_link_info(int *ethtool_fd, const char *ifname, + int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct ether_addr *ret); + int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts); + int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netdev_ring_param *ring); +-int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features); ++int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]); + int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, + int autonegotiation, const uint32_t advertise[static N_ADVERTISE], + uint64_t speed, Duplex duplex, NetDevPort port); + +From c2f2250e5c52ec3745a462e3f55a94c133786df8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 17 Aug 2021 00:44:00 +0900 +Subject: [PATCH 2/2] ethtool: make ethtool_set_features() return earlier when + nothing is requested + +--- + src/shared/ethtool-util.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index 699c7a97ab97..4ca90615f3c1 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -505,12 +505,22 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + _cleanup_free_ struct ethtool_gstrings *strings = NULL; + struct ethtool_sfeatures *sfeatures; + struct ifreq ifr = {}; +- int i, r; ++ bool have = false; ++ int r; + + assert(ethtool_fd); + assert(ifname); + assert(features); + ++ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) ++ if (features[i] >= 0) { ++ have = true; ++ break; ++ } ++ ++ if (!have) ++ return 0; ++ + r = ethtool_connect(ethtool_fd); + if (r < 0) + return r; +@@ -525,8 +535,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + sfeatures->cmd = ETHTOOL_SFEATURES; + sfeatures->size = DIV_ROUND_UP(strings->len, 32U); + +- for (i = 0; i < _NET_DEV_FEAT_MAX; i++) +- if (features[i] != -1) { ++ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) ++ if (features[i] >= 0) { + r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); + if (r < 0) { + log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); diff --git a/20458.patch b/20458.patch new file mode 100644 index 0000000..ad916b4 --- /dev/null +++ b/20458.patch @@ -0,0 +1,143 @@ +From e9f92c88163841d3f1d29fa5b44ae4c6f71bb014 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 18 Aug 2021 07:59:13 +0100 +Subject: [PATCH] udev: Support "max" string for BufferSize options (#20458) + +"max" indicates the hardware advertised maximum queue buffer size +should be used. + +The max sizes can be checked by running `ethtool -g ` (Preset maximums). +Since the buffer sizes can't be set to 0 by users, internally we use 0 to +indicate that the hardware advertised maximum should be used. +--- + man/systemd.link.xml | 20 ++++++++++++-------- + src/shared/ethtool-util.c | 40 +++++++++++++++++++++++++-------------- + src/shared/ethtool-util.h | 2 ++ + 3 files changed, 40 insertions(+), 22 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 1c18f35fc8..fd744ebaed 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -735,29 +735,33 @@ + + RxBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC receive buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC receive buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + + RxMiniBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC mini receive buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + + RxJumboBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC jumbo receive buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + + TxBufferSize= + +- Takes an integer. Specifies the maximum number of pending packets in the NIC transmit buffer. +- When unset, the kernel's default will be used. ++ Takes an integer or max. Specifies the maximum number of pending packets ++ in the NIC transmit buffer. When unset, the kernel's default will be used. If set to ++ max, the hardware's advertised maximum size will be used. + + + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index f77f6943ca..ed251ec8dd 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -399,16 +399,24 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + return -errno; + + if (ring->rx_pending_set) +- UPDATE(ecmd.rx_pending, ring->rx_pending, need_update); ++ UPDATE(ecmd.rx_pending, ++ ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, ++ need_update); + + if (ring->rx_mini_pending_set) +- UPDATE(ecmd.rx_mini_pending, ring->rx_mini_pending, need_update); ++ UPDATE(ecmd.rx_mini_pending, ++ ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, ++ need_update); + + if (ring->rx_jumbo_pending_set) +- UPDATE(ecmd.rx_jumbo_pending, ring->rx_jumbo_pending, need_update); ++ UPDATE(ecmd.rx_jumbo_pending, ++ ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, ++ need_update); + + if (ring->tx_pending_set) +- UPDATE(ecmd.tx_pending, ring->tx_pending, need_update); ++ UPDATE(ecmd.tx_pending, ++ ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, ++ need_update); + + if (!need_update) + return 0; +@@ -1037,16 +1045,20 @@ int config_parse_nic_buffer_size( + assert(rvalue); + assert(data); + +- r = safe_atou32(rvalue, &k); +- if (r < 0) { +- log_syntax(unit, LOG_WARNING, filename, line, r, +- "Failed to parse interface buffer value, ignoring: %s", rvalue); +- return 0; +- } +- if (k < 1) { +- log_syntax(unit, LOG_WARNING, filename, line, 0, +- "Invalid %s= value, ignoring: %s", lvalue, rvalue); +- return 0; ++ if (streq(rvalue, "max")) ++ k = 0; ++ else { ++ r = safe_atou32(rvalue, &k); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse interface buffer value, ignoring: %s", rvalue); ++ return 0; ++ } ++ if (k < 1) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Invalid %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } + } + + if (streq(lvalue, "RxBufferSize")) { +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 7d28766624..aea131914e 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -70,6 +70,8 @@ typedef struct netdev_channels { + } netdev_channels; + + typedef struct netdev_ring_param { ++ /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should ++ * be used. */ + uint32_t rx_pending; + uint32_t rx_mini_pending; + uint32_t rx_jumbo_pending; +-- +2.31.1 + diff --git a/20472.patch b/20472.patch new file mode 100644 index 0000000..e5eb57b --- /dev/null +++ b/20472.patch @@ -0,0 +1,425 @@ +From 78e57b79c8790448412acca41e5d4495366305a6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Aug 2021 16:41:11 +0900 +Subject: [PATCH] udev: make RxChannels= or friends also accept "max" + +Follow-up for 406041b7de767316674eb6a2f98ad466577ce8a4. + +Also, this makes +- the settings accept an empty string, +- if the specified value is too large, also use the advertised maximum + value. +- mention the range of the value in the man page. +--- + man/systemd.link.xml | 49 ++------ + src/shared/ethtool-util.c | 170 ++++++++++----------------- + src/shared/ethtool-util.h | 36 +++--- + src/udev/net/link-config-gperf.gperf | 16 +-- + 4 files changed, 90 insertions(+), 181 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index fd744ebaed..dfb02073b2 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -710,58 +710,27 @@ + + + RxChannels= +- +- Sets the number of receive channels (a number between 1 and 4294967295) . +- +- +- + TxChannels= +- +- Sets the number of transmit channels (a number between 1 and 4294967295). +- +- +- + OtherChannels= +- +- Sets the number of other channels (a number between 1 and 4294967295). +- +- +- + CombinedChannels= + +- Sets the number of combined set channels (a number between 1 and 4294967295). ++ Specifies the number of receive, transmit, other, or combined channels, respectively. ++ Takes an unsigned integer in the range 1…4294967295 or max. If set to ++ max, the advertised maximum value of the hardware will be used. When ++ unset, the number will not be changed. Defaults to unset. + + + + RxBufferSize= +- +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC receive buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. +- +- +- + RxMiniBufferSize= +- +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. +- +- +- + RxJumboBufferSize= +- +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. +- +- +- + TxBufferSize= + +- Takes an integer or max. Specifies the maximum number of pending packets +- in the NIC transmit buffer. When unset, the kernel's default will be used. If set to +- max, the hardware's advertised maximum size will be used. ++ Specifies the maximum number of pending packets in the NIC receive buffer, mini receive ++ buffer, jumbo receive buffer, or transmit buffer, respectively. Takes an unsigned integer in ++ the range 1…4294967295 or max. If set to max, the ++ advertised maximum value of the hardware will be used. When unset, the number will not be ++ changed. Defaults to unset. + + + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index ed251ec8dd..2d41d861ba 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -329,6 +329,17 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et + dest = _v; \ + } while(false) + ++#define UPDATE_WITH_MAX(dest, max, val, updated) \ ++ do { \ ++ typeof(dest) _v = (val); \ ++ typeof(dest) _max = (max); \ ++ if (_v == 0 || _v > _max) \ ++ _v = _max; \ ++ if (dest != _v) \ ++ updated = true; \ ++ dest = _v; \ ++ } while(false) ++ + int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + struct ethtool_wolinfo ecmd = { + .cmd = ETHTOOL_GWOL, +@@ -382,10 +393,10 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + assert(ifname); + assert(ring); + +- if (!ring->rx_pending_set && +- !ring->rx_mini_pending_set && +- !ring->rx_jumbo_pending_set && +- !ring->tx_pending_set) ++ if (!ring->rx.set && ++ !ring->rx_mini.set && ++ !ring->rx_jumbo.set && ++ !ring->tx.set) + return 0; + + r = ethtool_connect(ethtool_fd); +@@ -398,25 +409,17 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + if (r < 0) + return -errno; + +- if (ring->rx_pending_set) +- UPDATE(ecmd.rx_pending, +- ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, +- need_update); ++ if (ring->rx.set) ++ UPDATE_WITH_MAX(ecmd.rx_pending, ecmd.rx_max_pending, ring->rx.value, need_update); + +- if (ring->rx_mini_pending_set) +- UPDATE(ecmd.rx_mini_pending, +- ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, +- need_update); ++ if (ring->rx_mini.set) ++ UPDATE_WITH_MAX(ecmd.rx_mini_pending, ecmd.rx_mini_max_pending, ring->rx_mini.value, need_update); + +- if (ring->rx_jumbo_pending_set) +- UPDATE(ecmd.rx_jumbo_pending, +- ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, +- need_update); ++ if (ring->rx_jumbo.set) ++ UPDATE_WITH_MAX(ecmd.rx_jumbo_pending, ecmd.rx_jumbo_max_pending, ring->rx_jumbo.value, need_update); + +- if (ring->tx_pending_set) +- UPDATE(ecmd.tx_pending, +- ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, +- need_update); ++ if (ring->tx.set) ++ UPDATE_WITH_MAX(ecmd.tx_pending, ecmd.tx_max_pending, ring->tx.value, need_update); + + if (!need_update) + return 0; +@@ -832,10 +835,10 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + assert(ifname); + assert(channels); + +- if (!channels->rx_count_set && +- !channels->tx_count_set && +- !channels->other_count_set && +- !channels->combined_count_set) ++ if (!channels->rx.set && ++ !channels->tx.set && ++ !channels->other.set && ++ !channels->combined.set) + return 0; + + r = ethtool_connect(fd); +@@ -848,17 +851,17 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + if (r < 0) + return -errno; + +- if (channels->rx_count_set) +- UPDATE(ecmd.rx_count, channels->rx_count, need_update); ++ if (channels->rx.set) ++ UPDATE_WITH_MAX(ecmd.rx_count, ecmd.max_rx, channels->rx.value, need_update); + +- if (channels->tx_count_set) +- UPDATE(ecmd.tx_count, channels->tx_count, need_update); ++ if (channels->tx.set) ++ UPDATE_WITH_MAX(ecmd.tx_count, ecmd.max_tx, channels->tx.value, need_update); + +- if (channels->other_count_set) +- UPDATE(ecmd.other_count, channels->other_count, need_update); ++ if (channels->other.set) ++ UPDATE_WITH_MAX(ecmd.other_count, ecmd.max_other, channels->other.value, need_update); + +- if (channels->combined_count_set) +- UPDATE(ecmd.combined_count, channels->combined_count, need_update); ++ if (channels->combined.set) ++ UPDATE_WITH_MAX(ecmd.combined_count, ecmd.max_combined, channels->combined.value, need_update); + + if (!need_update) + return 0; +@@ -917,57 +920,6 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + return 0; + } + +-int config_parse_channel( +- const char *unit, +- const char *filename, +- unsigned line, +- const char *section, +- unsigned section_line, +- const char *lvalue, +- int ltype, +- const char *rvalue, +- void *data, +- void *userdata) { +- +- netdev_channels *channels = data; +- uint32_t k; +- int r; +- +- assert(filename); +- assert(section); +- assert(lvalue); +- assert(rvalue); +- assert(data); +- +- r = safe_atou32(rvalue, &k); +- if (r < 0) { +- log_syntax(unit, LOG_WARNING, filename, line, r, +- "Failed to parse channel value for %s=, ignoring: %s", lvalue, rvalue); +- return 0; +- } +- if (k < 1) { +- log_syntax(unit, LOG_WARNING, filename, line, 0, +- "Invalid %s= value, ignoring: %s", lvalue, rvalue); +- return 0; +- } +- +- if (streq(lvalue, "RxChannels")) { +- channels->rx_count = k; +- channels->rx_count_set = true; +- } else if (streq(lvalue, "TxChannels")) { +- channels->tx_count = k; +- channels->tx_count_set = true; +- } else if (streq(lvalue, "OtherChannels")) { +- channels->other_count = k; +- channels->other_count_set = true; +- } else if (streq(lvalue, "CombinedChannels")) { +- channels->combined_count = k; +- channels->combined_count_set = true; +- } +- +- return 0; +-} +- + int config_parse_advertise( + const char *unit, + const char *filename, +@@ -1023,7 +975,7 @@ int config_parse_advertise( + } + } + +-int config_parse_nic_buffer_size( ++int config_parse_ring_buffer_or_channel( + const char *unit, + const char *filename, + unsigned line, +@@ -1035,7 +987,7 @@ int config_parse_nic_buffer_size( + void *data, + void *userdata) { + +- netdev_ring_param *ring = data; ++ u32_opt *dst = data; + uint32_t k; + int r; + +@@ -1045,36 +997,32 @@ int config_parse_nic_buffer_size( + assert(rvalue); + assert(data); + +- if (streq(rvalue, "max")) +- k = 0; +- else { +- r = safe_atou32(rvalue, &k); +- if (r < 0) { +- log_syntax(unit, LOG_WARNING, filename, line, r, +- "Failed to parse interface buffer value, ignoring: %s", rvalue); +- return 0; +- } +- if (k < 1) { +- log_syntax(unit, LOG_WARNING, filename, line, 0, +- "Invalid %s= value, ignoring: %s", lvalue, rvalue); +- return 0; +- } ++ if (isempty(rvalue)) { ++ dst->value = 0; ++ dst->set = false; ++ return 0; ++ } ++ ++ if (streq(rvalue, "max")) { ++ dst->value = 0; ++ dst->set = true; ++ return 0; + } + +- if (streq(lvalue, "RxBufferSize")) { +- ring->rx_pending = k; +- ring->rx_pending_set = true; +- } else if (streq(lvalue, "RxMiniBufferSize")) { +- ring->rx_mini_pending = k; +- ring->rx_mini_pending_set = true; +- } else if (streq(lvalue, "RxJumboBufferSize")) { +- ring->rx_jumbo_pending = k; +- ring->rx_jumbo_pending_set = true; +- } else if (streq(lvalue, "TxBufferSize")) { +- ring->tx_pending = k; +- ring->tx_pending_set = true; ++ r = safe_atou32(rvalue, &k); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ if (k < 1) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Invalid %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; + } + ++ dst->value = k; ++ dst->set = true; + return 0; + } + +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index aea131914e..8fdbdec39a 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -57,30 +57,23 @@ struct ethtool_link_usettings { + } link_modes; + }; + ++typedef struct u32_opt { ++ uint32_t value; /* a value of 0 indicates the hardware advertised maximum should be used.*/ ++ bool set; ++} u32_opt; ++ + typedef struct netdev_channels { +- uint32_t rx_count; +- uint32_t tx_count; +- uint32_t other_count; +- uint32_t combined_count; +- +- bool rx_count_set; +- bool tx_count_set; +- bool other_count_set; +- bool combined_count_set; ++ u32_opt rx; ++ u32_opt tx; ++ u32_opt other; ++ u32_opt combined; + } netdev_channels; + + typedef struct netdev_ring_param { +- /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should +- * be used. */ +- uint32_t rx_pending; +- uint32_t rx_mini_pending; +- uint32_t rx_jumbo_pending; +- uint32_t tx_pending; +- +- bool rx_pending_set; +- bool rx_mini_pending_set; +- bool rx_jumbo_pending_set; +- bool tx_pending_set; ++ u32_opt rx; ++ u32_opt rx_mini; ++ u32_opt rx_jumbo; ++ u32_opt tx; + } netdev_ring_param; + + int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); +@@ -111,6 +104,5 @@ enum ethtool_link_mode_bit_indices ethtool_link_mode_bit_from_string(const char + CONFIG_PARSER_PROTOTYPE(config_parse_duplex); + CONFIG_PARSER_PROTOTYPE(config_parse_wol); + CONFIG_PARSER_PROTOTYPE(config_parse_port); +-CONFIG_PARSER_PROTOTYPE(config_parse_channel); + CONFIG_PARSER_PROTOTYPE(config_parse_advertise); +-CONFIG_PARSER_PROTOTYPE(config_parse_nic_buffer_size); ++CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index e2f07d758b..d0190da5cb 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -58,15 +58,15 @@ Link.TCP6SegmentationOffload, config_parse_tristate, 0, + Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 + Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) + Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) +-Link.RxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) +-Link.TxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) +-Link.OtherChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) +-Link.CombinedChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) ++Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) ++Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) ++Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) ++Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) + Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) +-Link.RxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) +-Link.RxMiniBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) +-Link.RxJumboBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) +-Link.TxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) ++Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) ++Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) ++Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) ++Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) + Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) + Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) + Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) +-- +2.31.1 + diff --git a/20477.patch b/20477.patch new file mode 100644 index 0000000..6676bff --- /dev/null +++ b/20477.patch @@ -0,0 +1,561 @@ +From a1661a140c97a9e8fd90ee00f2de6baa214c9076 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 18 Aug 2021 13:52:00 +0100 +Subject: [PATCH] udev: Add support for configuring nic coalescing settings + +These are configured via the corresponding ethtool ioctl. +--- + man/systemd.link.xml | 71 +++++++ + src/shared/ethtool-util.c | 205 +++++++++++++++++++++ + src/shared/ethtool-util.h | 29 +++ + src/udev/net/link-config-gperf.gperf | 124 ++++++++----- + src/udev/net/link-config.c | 4 + + src/udev/net/link-config.h | 1 + + test/fuzz/fuzz-link-parser/directives.link | 22 +++ + 7 files changed, 405 insertions(+), 51 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index dfb02073b2..6d8dcb9af7 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -773,6 +773,77 @@ + accept. An unsigned integer in the range 1…65535. Defaults to unset. + + ++ ++ UseAdaptiveRxCoalesce= ++ UseAdaptiveTxCoalesce= ++ ++ Boolean properties that, when set, enable/disable adaptive Rx/Tx coalescing if the hardware ++ supports it. When unset, the kernel's default will be used. ++ ++ ++ ++ RxCoalesceSec= ++ RxCoalesceIrqSec= ++ RxCoalesceLowSec= ++ RxCoalesceHighSec= ++ TxCoalesceSec= ++ TxCoalesceIrqSec= ++ TxCoalesceLowSec= ++ TxCoalesceHighSec= ++ ++ These properties configure the delay before Rx/Tx interrupts are generated after a packet is ++ sent/received. The Irq properties come into effect when the host is servicing an ++ IRQ. The Low and High properties come into effect when the ++ packet rate drops below the low packet rate threshold or exceeds the high packet rate threshold ++ respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's defaults will be ++ used. ++ ++ ++ ++ RxMaxCoalescedFrames= ++ RxMaxCoalescedIrqFrames= ++ RxMaxCoalescedLowFrames= ++ RxMaxCoalescedHighFrames= ++ TxMaxCoalescedFrames= ++ TxMaxCoalescedIrqFrames= ++ TxMaxCoalescedLowFrames= ++ TxMaxCoalescedHighFrames= ++ ++ These properties configure the maximum number of frames that are sent/received before a Rx/Tx ++ interrupt is generated. The Irq properties come into effect when the host is ++ servicing an IRQ. The Low and High properties come into ++ effect when the packet rate drops below the low packet rate threshold or exceeds the high packet ++ rate threshold respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's ++ defaults will be used. ++ ++ ++ ++ CoalescePacketRateLow= ++ CoalescePacketRateHigh= ++ ++ These properties configure the low and high packet rate (expressed in packets per second) ++ threshold respectively and are used to determine when the corresponding coalescing settings for low ++ and high packet rates come into effect if adaptive Rx/Tx coalescing is enabled. If unset, the ++ kernel's defaults will be used. ++ ++ ++ ++ CoalescePacketRateSampleIntervalSec= ++ ++ Configures how often to sample the packet rate used for adaptive Rx/Tx coalescing. This ++ property cannot be zero. This lowest time granularity supported by this property is seconds. ++ Partial seconds will be rounded up before being passed to the kernel. If unset, the kernel's ++ default will be used. ++ ++ ++ ++ StatisticsBlockCoalesceSec= ++ ++ How long to delay driver in-memory statistics block updates. If the driver does not have an ++ in-memory statistic block, this property is ignored. This property cannot be zero. If unset, the ++ kernel's default will be used. ++ ++ + + + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index 2d41d861ba..f7f553dd29 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -14,6 +14,7 @@ + #include "memory-util.h" + #include "socket-util.h" + #include "string-table.h" ++#include "strv.h" + #include "strxcpyx.h" + + static const char* const duplex_table[_DUP_MAX] = { +@@ -1091,3 +1092,207 @@ int config_parse_wol( + + return 0; + } ++ ++int config_parse_coalesce_u32( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ u32_opt *dst = data; ++ uint32_t k; ++ int r; ++ ++ if (isempty(rvalue)) { ++ dst->value = 0; ++ dst->set = false; ++ return 0; ++ } ++ ++ r = safe_atou32(rvalue, &k); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ ++ dst->value = k; ++ dst->set = true; ++ return 0; ++} ++ ++int config_parse_coalesce_sec( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ u32_opt *dst = data; ++ usec_t usec; ++ int r; ++ ++ if (isempty(rvalue)) { ++ dst->value = 0; ++ dst->set = false; ++ return 0; ++ } ++ ++ r = parse_sec(rvalue, &usec); ++ if (r < 0) { ++ log_syntax(unit, LOG_WARNING, filename, line, r, ++ "Failed to parse coalesce setting value, ignoring: %s", rvalue); ++ return 0; ++ } ++ ++ if (usec > UINT32_MAX) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Too large %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ ++ if (STR_IN_SET(lvalue, "StatisticsBlockCoalesceSec", "CoalescePacketRateSampleIntervalSec") && usec < 1) { ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "Invalid %s= value, ignoring: %s", lvalue, rvalue); ++ return 0; ++ } ++ ++ dst->value = (uint32_t) usec; ++ dst->set = true; ++ ++ return 0; ++} ++ ++int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { ++ struct ethtool_coalesce ecmd = { ++ .cmd = ETHTOOL_GCOALESCE, ++ }; ++ struct ifreq ifr = { ++ .ifr_data = (void*) &ecmd, ++ }; ++ bool need_update = false; ++ int r; ++ ++ assert(ethtool_fd); ++ assert(ifname); ++ assert(coalesce); ++ ++ if (coalesce->use_adaptive_rx_coalesce < 0 && ++ coalesce->use_adaptive_tx_coalesce < 0 && ++ !coalesce->rx_coalesce_usecs.set && ++ !coalesce->rx_max_coalesced_frames.set && ++ !coalesce->rx_coalesce_usecs_irq.set && ++ !coalesce->rx_max_coalesced_frames_irq.set && ++ !coalesce->tx_coalesce_usecs.set && ++ !coalesce->tx_max_coalesced_frames.set && ++ !coalesce->tx_coalesce_usecs_irq.set && ++ !coalesce->tx_max_coalesced_frames_irq.set && ++ !coalesce->stats_block_coalesce_usecs.set && ++ !coalesce->pkt_rate_low.set && ++ !coalesce->rx_coalesce_usecs_low.set && ++ !coalesce->rx_max_coalesced_frames_low.set && ++ !coalesce->tx_coalesce_usecs_low.set && ++ !coalesce->tx_max_coalesced_frames_low.set && ++ !coalesce->pkt_rate_high.set && ++ !coalesce->rx_coalesce_usecs_high.set && ++ !coalesce->rx_max_coalesced_frames_high.set && ++ !coalesce->tx_coalesce_usecs_high.set && ++ !coalesce->tx_max_coalesced_frames_high.set && ++ !coalesce->rate_sample_interval.set) ++ return 0; ++ ++ r = ethtool_connect(ethtool_fd); ++ if (r < 0) ++ return r; ++ ++ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ if (coalesce->use_adaptive_rx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); ++ ++ if (coalesce->use_adaptive_tx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); ++ ++ if (coalesce->rx_coalesce_usecs.set) ++ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames.set) ++ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs.set) ++ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames.set) ++ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->stats_block_coalesce_usecs.set) ++ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); ++ ++ if (coalesce->pkt_rate_low.set) ++ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_low.set) ++ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_low.set) ++ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->pkt_rate_high.set) ++ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_high.set) ++ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_high.set) ++ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->rate_sample_interval.set) ++ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); ++ ++ if (!need_update) ++ return 0; ++ ++ ecmd.cmd = ETHTOOL_SCOALESCE; ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ return 0; ++} +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 8fdbdec39a..bb0333775c 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -76,6 +76,31 @@ typedef struct netdev_ring_param { + u32_opt tx; + } netdev_ring_param; + ++typedef struct netdev_coalesce_param { ++ u32_opt rx_coalesce_usecs; ++ u32_opt rx_max_coalesced_frames; ++ u32_opt rx_coalesce_usecs_irq; ++ u32_opt rx_max_coalesced_frames_irq; ++ u32_opt tx_coalesce_usecs; ++ u32_opt tx_max_coalesced_frames; ++ u32_opt tx_coalesce_usecs_irq; ++ u32_opt tx_max_coalesced_frames_irq; ++ u32_opt stats_block_coalesce_usecs; ++ int use_adaptive_rx_coalesce; ++ int use_adaptive_tx_coalesce; ++ u32_opt pkt_rate_low; ++ u32_opt rx_coalesce_usecs_low; ++ u32_opt rx_max_coalesced_frames_low; ++ u32_opt tx_coalesce_usecs_low; ++ u32_opt tx_max_coalesced_frames_low; ++ u32_opt pkt_rate_high; ++ u32_opt rx_coalesce_usecs_high; ++ u32_opt rx_max_coalesced_frames_high; ++ u32_opt tx_coalesce_usecs_high; ++ u32_opt tx_max_coalesced_frames_high; ++ u32_opt rate_sample_interval; ++} netdev_coalesce_param; ++ + int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); + int ethtool_get_link_info(int *ethtool_fd, const char *ifname, + int *ret_autonegotiation, uint64_t *ret_speed, +@@ -89,6 +114,7 @@ int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, + uint64_t speed, Duplex duplex, NetDevPort port); + int ethtool_set_channels(int *ethtool_fd, const char *ifname, const netdev_channels *channels); + int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int autoneg); ++int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce); + + const char *duplex_to_string(Duplex d) _const_; + Duplex duplex_from_string(const char *d) _pure_; +@@ -106,3 +132,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_wol); + CONFIG_PARSER_PROTOTYPE(config_parse_port); + CONFIG_PARSER_PROTOTYPE(config_parse_advertise); + CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); ++CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_u32); ++CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_sec); ++CONFIG_PARSER_PROTOTYPE(config_parse_nic_coalesce_setting); +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index d0190da5cb..f800de8386 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -21,54 +21,76 @@ struct ConfigPerfItem; + %struct-type + %includes + %% +-Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) +-Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) +-Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) +-Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) +-Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) +-Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) +-Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) +-Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) +-Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) +-Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) +-Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) +-Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) +-Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) +-Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) +-Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) +-Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) +-Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) +-Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) +-Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) +-Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) +-Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) +-Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) +-Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) +-Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) +-Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) +-Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) +-Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) +-Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) +-Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) +-Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) +-Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) +-Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) +-Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) +-Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) +-Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 +-Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) +-Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) +-Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) +-Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) +-Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) +-Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) +-Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) +-Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) +-Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) +-Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) +-Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) +-Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) +-Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) +-Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) +-Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) +-Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) ++Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) ++Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) ++Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) ++Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) ++Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) ++Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) ++Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) ++Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) ++Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) ++Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) ++Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) ++Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) ++Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) ++Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) ++Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) ++Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) ++Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) ++Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) ++Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) ++Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) ++Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) ++Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) ++Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) ++Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) ++Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) ++Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) ++Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) ++Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) ++Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) ++Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) ++Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) ++Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) ++Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) ++Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) ++Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 ++Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) ++Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) ++Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) ++Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) ++Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) ++Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) ++Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) ++Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) ++Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) ++Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) ++Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) ++Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) ++Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) ++Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) ++Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) ++Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) ++Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) ++Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) ++Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) ++Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) ++Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) ++Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) ++Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) ++Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) ++Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) ++Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) ++Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) ++Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) ++Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) ++Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) ++Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) ++Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) ++Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) ++Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) ++Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) ++Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) ++Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) ++Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 8dfe23691b..9451bd8b66 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -353,6 +353,10 @@ static int link_config_apply_ethtool_settings(int *ethtool_fd, const LinkConfig + if (r < 0) + log_device_warning_errno(device, r, "Could not set flow control, ignoring: %m"); + ++ r = ethtool_set_nic_coalesce_settings(ethtool_fd, name, &config->coalesce); ++ if (r < 0) ++ log_device_warning_errno(device, r, "Could not set coalesce settings, ignoring: %m"); ++ + return 0; + } + +diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h +index b505c94f95..8a29a92822 100644 +--- a/src/udev/net/link-config.h ++++ b/src/udev/net/link-config.h +@@ -64,6 +64,7 @@ struct LinkConfig { + int rx_flow_control; + int tx_flow_control; + int autoneg_flow_control; ++ netdev_coalesce_param coalesce; + + LIST_FIELDS(LinkConfig, links); + }; +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +index 112a81930f..5f232ce698 100644 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ b/test/fuzz/fuzz-link-parser/directives.link +@@ -51,3 +51,25 @@ TxFlowControl= + AutoNegotiationFlowControl= + GenericSegmentOffloadMaxBytes= + GenericSegmentOffloadMaxSegments= ++RxCoalesceSec= ++RxMaxCoalescedFrames= ++RxCoalesceIrqSec= ++RxMaxCoalescedIrqFrames= ++TxCoalesceSec= ++TxMaxCoalescedFrames= ++TxCoalesceIrqSec= ++TxMaxCoalescedIrqFrames= ++StatisticsBlockCoalesceSec= ++UseAdaptiveRxCoalesce= ++UseAdaptiveTxCoalesce= ++CoalescePacketRateLow= ++RxCoalesceLowSec= ++RxMaxCoalescedLowFrames= ++TxCoalesceLowSec= ++TxMaxCoalescedLowFrames= ++CoalescePacketRateHigh= ++RxCoalesceHighSec= ++RxMaxCoalescedHighFrames= ++TxCoalesceHighSec= ++TxMaxCoalescedHighFrames= ++CoalescePacketRateSampleIntervalSec= +-- +2.31.1 + diff --git a/20484.patch b/20484.patch new file mode 100644 index 0000000..9da073b --- /dev/null +++ b/20484.patch @@ -0,0 +1,96 @@ +From 0e5c20b7a4f47fd3f8edbc2735810ea3513360bb Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Aug 2021 13:44:35 +0100 +Subject: [PATCH] link: Add support for rx-gro-hw nic feature + +--- + man/systemd.link.xml | 7 +++++++ + src/shared/ethtool-util.c | 15 ++++++++------- + src/shared/ethtool-util.h | 1 + + src/udev/net/link-config-gperf.gperf | 1 + + test/fuzz/fuzz-link-parser/directives.link | 1 + + 5 files changed, 18 insertions(+), 7 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 6d8dcb9af7..638a1522cd 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -701,6 +701,13 @@ + When unset, the kernel's default will be used. + + ++ ++ GenericReceiveOffloadHardware= ++ ++ Takes a boolean. If set to true, hardware accelerated Generic Receive Offload (GRO) is ++ enabled. When unset, the kernel's default will be used. ++ ++ + + LargeReceiveOffload= + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index f7f553dd29..a08bb2b7f5 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -70,13 +70,14 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); + DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); + + static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { +- [NET_DEV_FEAT_RX] = "rx-checksum", +- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ +- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", +- [NET_DEV_FEAT_GRO] = "rx-gro", +- [NET_DEV_FEAT_LRO] = "rx-lro", +- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", +- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", ++ [NET_DEV_FEAT_RX] = "rx-checksum", ++ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ ++ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", ++ [NET_DEV_FEAT_GRO] = "rx-gro", ++ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", ++ [NET_DEV_FEAT_LRO] = "rx-lro", ++ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", ++ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", + }; + + static const char* const ethtool_link_mode_bit_table[] = { +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index bb0333775c..2181ab6fd6 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -23,6 +23,7 @@ typedef enum NetDevFeature { + NET_DEV_FEAT_TX, + NET_DEV_FEAT_GSO, + NET_DEV_FEAT_GRO, ++ NET_DEV_FEAT_GRO_HW, + NET_DEV_FEAT_LRO, + NET_DEV_FEAT_TSO, + NET_DEV_FEAT_TSO6, +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index f800de8386..44b46cb17c 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -57,6 +57,7 @@ Link.TCPSegmentationOffload, config_parse_tristate, + Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) + Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 + Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) ++Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) + Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) + Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) + Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +index 5f232ce698..b5cffb1a27 100644 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ b/test/fuzz/fuzz-link-parser/directives.link +@@ -36,6 +36,7 @@ TCPSegmentationOffload= + TCP6SegmentationOffload= + UDPSegmentationOffload= + GenericReceiveOffload= ++GenericReceiveOffloadHardware= + LargeReceiveOffload= + RxChannels= + TxChannels= +-- +2.31.1 + diff --git a/20489.patch b/20489.patch new file mode 100644 index 0000000..0b4f8d9 --- /dev/null +++ b/20489.patch @@ -0,0 +1,127 @@ +From 0a377494bcfcf4e145e260478071be124d56dc6d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 20 Aug 2021 09:41:34 +0900 +Subject: [PATCH] network: add UseMTU= in [IPv6AcceptRA] + +Note that kernel has similar knob in sysctl: accept_ra_mtu. + +Closes #18868. +--- + man/systemd.network.xml | 8 ++++++++ + src/network/networkd-ndisc.c | 14 +++++++------- + src/network/networkd-network-gperf.gperf | 1 + + src/network/networkd-network.c | 3 ++- + src/network/networkd-network.h | 1 + + test/fuzz/fuzz-network-parser/directives.network | 1 + + 6 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index 03100c035b84..573ba959eb4d 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -2265,6 +2265,14 @@ IPv6Token=prefixstable:2002:da8:1:: + + + ++ ++ UseMTU= ++ ++ Takes a boolean. When true, the MTU received in the Router Advertisement will be ++ used. Defaults to true. ++ ++ ++ + + UseAutonomousPrefix= + +diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c +index f58edb8f3cae..fe1f1e0333cf 100644 +--- a/src/network/networkd-ndisc.c ++++ b/src/network/networkd-ndisc.c +@@ -536,9 +536,9 @@ static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) { + static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { + _cleanup_(route_freep) Route *route = NULL; + struct in6_addr gateway; +- uint16_t lifetime; ++ uint32_t table, mtu = 0; + unsigned preference; +- uint32_t table, mtu; ++ uint16_t lifetime; + usec_t time_now; + int r; + +@@ -575,11 +575,11 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { + if (r < 0) + return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); + +- r = sd_ndisc_router_get_mtu(rt, &mtu); +- if (r == -ENODATA) +- mtu = 0; +- else if (r < 0) +- return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); ++ if (link->network->ipv6_accept_ra_use_mtu) { ++ r = sd_ndisc_router_get_mtu(rt, &mtu); ++ if (r < 0 && r != -ENODATA) ++ return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); ++ } + + table = link_get_ipv6_accept_ra_route_table(link); + +diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf +index aa4dc00e55bc..846e54aed759 100644 +--- a/src/network/networkd-network-gperf.gperf ++++ b/src/network/networkd-network-gperf.gperf +@@ -256,6 +256,7 @@ IPv6AcceptRA.UseAutonomousPrefix, config_parse_bool, + IPv6AcceptRA.UseOnLinkPrefix, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_onlink_prefix) + IPv6AcceptRA.UseDNS, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_dns) + IPv6AcceptRA.UseDomains, config_parse_ipv6_accept_ra_use_domains, 0, offsetof(Network, ipv6_accept_ra_use_domains) ++IPv6AcceptRA.UseMTU, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_mtu) + IPv6AcceptRA.DHCPv6Client, config_parse_ipv6_accept_ra_start_dhcp6_client, 0, offsetof(Network, ipv6_accept_ra_start_dhcp6_client) + IPv6AcceptRA.RouteTable, config_parse_section_route_table, 0, 0 + IPv6AcceptRA.RouteMetric, config_parse_dhcp_route_metric, 0, 0 +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index bb09ba9e8933..1928db537e0c 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -400,15 +400,16 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi + .ipv4_accept_local = -1, + .ipv4_route_localnet = -1, + .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, +- .ipv6_accept_ra = -1, + .ipv6_dad_transmits = -1, + .ipv6_hop_limit = -1, + .ipv6_proxy_ndp = -1, + .proxy_arp = -1, + ++ .ipv6_accept_ra = -1, + .ipv6_accept_ra_use_dns = true, + .ipv6_accept_ra_use_autonomous_prefix = true, + .ipv6_accept_ra_use_onlink_prefix = true, ++ .ipv6_accept_ra_use_mtu = true, + .ipv6_accept_ra_route_table = RT_TABLE_MAIN, + .ipv6_accept_ra_route_metric = DHCP_ROUTE_METRIC, + .ipv6_accept_ra_start_dhcp6_client = IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES, +diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h +index 815bcf5023fc..95c86e723040 100644 +--- a/src/network/networkd-network.h ++++ b/src/network/networkd-network.h +@@ -301,6 +301,7 @@ struct Network { + bool ipv6_accept_ra_use_dns; + bool ipv6_accept_ra_use_autonomous_prefix; + bool ipv6_accept_ra_use_onlink_prefix; ++ bool ipv6_accept_ra_use_mtu; + bool active_slave; + bool primary_slave; + DHCPUseDomains ipv6_accept_ra_use_domains; +diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network +index 8fe4ced35154..a3711cb77d9c 100644 +--- a/test/fuzz/fuzz-network-parser/directives.network ++++ b/test/fuzz/fuzz-network-parser/directives.network +@@ -342,6 +342,7 @@ Label= + Prefix= + [IPv6AcceptRA] + UseDomains= ++UseMTU= + RouteTable= + RouteMetric= + UseDNS= diff --git a/20541.patch b/20541.patch new file mode 100644 index 0000000..e41e3b1 --- /dev/null +++ b/20541.patch @@ -0,0 +1,306 @@ +From 72328a5977d240d33b78b24e7a6b65b1074000b9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 26 Aug 2021 03:31:05 +0900 +Subject: [PATCH 1/2] ethtool: move function + +I'd like to locate all conf parsers at end of file. +--- + src/shared/ethtool-util.c | 250 +++++++++++++++++++------------------- + 1 file changed, 125 insertions(+), 125 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index c47d819f0596..af3b917c75cb 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -932,6 +932,131 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + return 0; + } + ++int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { ++ struct ethtool_coalesce ecmd = { ++ .cmd = ETHTOOL_GCOALESCE, ++ }; ++ struct ifreq ifr = { ++ .ifr_data = (void*) &ecmd, ++ }; ++ bool need_update = false; ++ int r; ++ ++ assert(ethtool_fd); ++ assert(ifname); ++ assert(coalesce); ++ ++ if (coalesce->use_adaptive_rx_coalesce < 0 && ++ coalesce->use_adaptive_tx_coalesce < 0 && ++ !coalesce->rx_coalesce_usecs.set && ++ !coalesce->rx_max_coalesced_frames.set && ++ !coalesce->rx_coalesce_usecs_irq.set && ++ !coalesce->rx_max_coalesced_frames_irq.set && ++ !coalesce->tx_coalesce_usecs.set && ++ !coalesce->tx_max_coalesced_frames.set && ++ !coalesce->tx_coalesce_usecs_irq.set && ++ !coalesce->tx_max_coalesced_frames_irq.set && ++ !coalesce->stats_block_coalesce_usecs.set && ++ !coalesce->pkt_rate_low.set && ++ !coalesce->rx_coalesce_usecs_low.set && ++ !coalesce->rx_max_coalesced_frames_low.set && ++ !coalesce->tx_coalesce_usecs_low.set && ++ !coalesce->tx_max_coalesced_frames_low.set && ++ !coalesce->pkt_rate_high.set && ++ !coalesce->rx_coalesce_usecs_high.set && ++ !coalesce->rx_max_coalesced_frames_high.set && ++ !coalesce->tx_coalesce_usecs_high.set && ++ !coalesce->tx_max_coalesced_frames_high.set && ++ !coalesce->rate_sample_interval.set) ++ return 0; ++ ++ r = ethtool_connect(ethtool_fd); ++ if (r < 0) ++ return r; ++ ++ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ if (coalesce->use_adaptive_rx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); ++ ++ if (coalesce->use_adaptive_tx_coalesce >= 0) ++ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); ++ ++ if (coalesce->rx_coalesce_usecs.set) ++ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames.set) ++ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs.set) ++ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames.set) ++ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_irq.set) ++ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_irq.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); ++ ++ if (coalesce->stats_block_coalesce_usecs.set) ++ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); ++ ++ if (coalesce->pkt_rate_low.set) ++ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_low.set) ++ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_low.set) ++ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_low.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); ++ ++ if (coalesce->pkt_rate_high.set) ++ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); ++ ++ if (coalesce->rx_coalesce_usecs_high.set) ++ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->rx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->tx_coalesce_usecs_high.set) ++ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); ++ ++ if (coalesce->tx_max_coalesced_frames_high.set) ++ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); ++ ++ if (coalesce->rate_sample_interval.set) ++ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); ++ ++ if (!need_update) ++ return 0; ++ ++ ecmd.cmd = ETHTOOL_SCOALESCE; ++ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); ++ if (r < 0) ++ return -errno; ++ ++ return 0; ++} ++ + int config_parse_advertise( + const char *unit, + const char *filename, +@@ -1182,128 +1307,3 @@ int config_parse_coalesce_sec( + + return 0; + } +- +-int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { +- struct ethtool_coalesce ecmd = { +- .cmd = ETHTOOL_GCOALESCE, +- }; +- struct ifreq ifr = { +- .ifr_data = (void*) &ecmd, +- }; +- bool need_update = false; +- int r; +- +- assert(ethtool_fd); +- assert(ifname); +- assert(coalesce); +- +- if (coalesce->use_adaptive_rx_coalesce < 0 && +- coalesce->use_adaptive_tx_coalesce < 0 && +- !coalesce->rx_coalesce_usecs.set && +- !coalesce->rx_max_coalesced_frames.set && +- !coalesce->rx_coalesce_usecs_irq.set && +- !coalesce->rx_max_coalesced_frames_irq.set && +- !coalesce->tx_coalesce_usecs.set && +- !coalesce->tx_max_coalesced_frames.set && +- !coalesce->tx_coalesce_usecs_irq.set && +- !coalesce->tx_max_coalesced_frames_irq.set && +- !coalesce->stats_block_coalesce_usecs.set && +- !coalesce->pkt_rate_low.set && +- !coalesce->rx_coalesce_usecs_low.set && +- !coalesce->rx_max_coalesced_frames_low.set && +- !coalesce->tx_coalesce_usecs_low.set && +- !coalesce->tx_max_coalesced_frames_low.set && +- !coalesce->pkt_rate_high.set && +- !coalesce->rx_coalesce_usecs_high.set && +- !coalesce->rx_max_coalesced_frames_high.set && +- !coalesce->tx_coalesce_usecs_high.set && +- !coalesce->tx_max_coalesced_frames_high.set && +- !coalesce->rate_sample_interval.set) +- return 0; +- +- r = ethtool_connect(ethtool_fd); +- if (r < 0) +- return r; +- +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); +- +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) +- return -errno; +- +- if (coalesce->use_adaptive_rx_coalesce >= 0) +- UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); +- +- if (coalesce->use_adaptive_tx_coalesce >= 0) +- UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); +- +- if (coalesce->rx_coalesce_usecs.set) +- UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames.set) +- UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); +- +- if (coalesce->rx_coalesce_usecs_irq.set) +- UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames_irq.set) +- UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); +- +- if (coalesce->tx_coalesce_usecs.set) +- UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames.set) +- UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); +- +- if (coalesce->tx_coalesce_usecs_irq.set) +- UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames_irq.set) +- UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); +- +- if (coalesce->stats_block_coalesce_usecs.set) +- UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); +- +- if (coalesce->pkt_rate_low.set) +- UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); +- +- if (coalesce->rx_coalesce_usecs_low.set) +- UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames_low.set) +- UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); +- +- if (coalesce->tx_coalesce_usecs_low.set) +- UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames_low.set) +- UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); +- +- if (coalesce->pkt_rate_high.set) +- UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); +- +- if (coalesce->rx_coalesce_usecs_high.set) +- UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); +- +- if (coalesce->rx_max_coalesced_frames_high.set) +- UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); +- +- if (coalesce->tx_coalesce_usecs_high.set) +- UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); +- +- if (coalesce->tx_max_coalesced_frames_high.set) +- UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); +- +- if (coalesce->rate_sample_interval.set) +- UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); +- +- if (!need_update) +- return 0; +- +- ecmd.cmd = ETHTOOL_SCOALESCE; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) +- return -errno; +- +- return 0; +-} + +From ee7512404b5de7c5ac36e09436379fada2ed84e7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 26 Aug 2021 03:34:23 +0900 +Subject: [PATCH 2/2] udev/net: initialize coalesce tristate variables + +Otherwise, 99-default.link may introduce something like the +following warnings: +---- +Aug 26 03:23:59 systemd-udevd[519]: wlan0: Could not set coalesce settings, ignoring: Operation not supported +Aug 26 03:24:00 systemd-udevd[547]: wlp59s0: Could not set coalesce settings, ignoring: Operation not supported +---- + +Follow-up for 6c35ea5ef0231d519ff24d43a57a72cebab6a121. +--- + src/udev/net/link-config.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 69f651435034..4963ba2fae81 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -142,6 +142,8 @@ int link_load_one(LinkConfigContext *ctx, const char *filename) { + .tx_flow_control = -1, + .autoneg_flow_control = -1, + .txqueuelen = UINT32_MAX, ++ .coalesce.use_adaptive_rx_coalesce = -1, ++ .coalesce.use_adaptive_tx_coalesce = -1, + }; + + for (i = 0; i < ELEMENTSOF(link->features); i++) diff --git a/20676_cherrypicked.patch b/20676_cherrypicked.patch new file mode 100644 index 0000000..e97a589 --- /dev/null +++ b/20676_cherrypicked.patch @@ -0,0 +1,336 @@ +From 0b9f08931944c2e33c6ed012919157e429eb7be2 Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 12:47:49 +0900 +Subject: [PATCH 1/4] fileio: introduce read_virtual_file_fd() + +--- + src/basic/fileio.c | 24 ++++++++++++++++-------- + src/basic/fileio.h | 1 + + 2 files changed, 17 insertions(+), 8 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 466c6321c7..4a0d060105 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -373,9 +373,8 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { + return 1; + } + +-int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { ++int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size) { + _cleanup_free_ char *buf = NULL; +- _cleanup_close_ int fd = -1; + size_t n, size; + int n_retries; + bool truncated = false; +@@ -393,10 +392,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on + * partial success, 1 if untruncated contents were read. */ + +- fd = open(filename, O_RDONLY|O_CLOEXEC); +- if (fd < 0) +- return -errno; +- ++ assert(fd >= 0); + assert(max_size <= READ_VIRTUAL_BYTES_MAX || max_size == SIZE_MAX); + + /* Limit the number of attempts to read the number of bytes returned by fstat(). */ +@@ -432,8 +428,8 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + + n_retries--; + } else if (n_retries > 1) { +- /* Files in /proc are generally smaller than the page size so let's start with a page size +- * buffer from malloc and only use the max buffer on the final try. */ ++ /* Files in /proc are generally smaller than the page size so let's start with ++ * a page size buffer from malloc and only use the max buffer on the final try. */ + size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); + n_retries = 1; + } else { +@@ -517,6 +513,18 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + return !truncated; + } + ++int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { ++ _cleanup_close_ int fd = -1; ++ ++ assert(filename); ++ ++ fd = open(filename, O_RDONLY | O_NOCTTY | O_CLOEXEC); ++ if (fd < 0) ++ return -errno; ++ ++ return read_virtual_file_fd(fd, max_size, ret_contents, ret_size); ++} ++ + int read_full_stream_full( + FILE *f, + const char *filename, +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 9bd2037f5b..82330840bf 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -66,6 +66,7 @@ static inline int read_full_file(const char *filename, char **ret_contents, size + return read_full_file_full(AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, 0, NULL, ret_contents, ret_size); + } + ++int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size); + int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size); + static inline int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { + return read_virtual_file(filename, SIZE_MAX, ret_contents, ret_size); +-- +2.31.1 + + +From bede594fa1ea4c32a886191b774134effcf71bef Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 12:57:30 +0900 +Subject: [PATCH 2/4] string-util: introduce streq_skip_trailing_chars() + +--- + src/basic/string-util.c | 16 ++++++++++++++++ + src/basic/string-util.h | 2 ++ + src/test/test-string-util.c | 28 ++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/src/basic/string-util.c b/src/basic/string-util.c +index a645958d38..6ceaeaf9df 100644 +--- a/src/basic/string-util.c ++++ b/src/basic/string-util.c +@@ -1146,3 +1146,19 @@ int string_contains_word_strv(const char *string, const char *separators, char * + *ret_word = found; + return !!found; + } ++ ++bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { ++ if (!s1 && !s2) ++ return true; ++ if (!s1 || !s2) ++ return false; ++ ++ if (!ok) ++ ok = WHITESPACE; ++ ++ for (; *s1 && *s2; s1++, s2++) ++ if (*s1 != *s2) ++ break; ++ ++ return in_charset(s1, ok) && in_charset(s2, ok); ++} +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index 9155e50ba8..0bf215827e 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * + static inline int string_contains_word(const char *string, const char *separators, const char *word) { + return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); + } ++ ++bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); +diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c +index 4d9d0260c9..9a9c974332 100644 +--- a/src/test/test-string-util.c ++++ b/src/test/test-string-util.c +@@ -1000,6 +1000,33 @@ static void test_strextendf(void) { + assert_se(streq(p, "<77>,<99>,< 88>,<00001234>")); + } + ++static void test_streq_skip_trailing_chars(void) { ++ log_info("/* %s */", __func__); ++ ++ /* NULL is WHITESPACE by default*/ ++ assert_se(streq_skip_trailing_chars("foo bar", "foo bar", NULL)); ++ assert_se(streq_skip_trailing_chars("foo", "foo", NULL)); ++ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", NULL)); ++ assert_se(streq_skip_trailing_chars("foo bar", "foo bar\t\t", NULL)); ++ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar\t\t", NULL)); ++ assert_se(streq_skip_trailing_chars("foo\nbar", "foo\nbar", NULL)); ++ assert_se(streq_skip_trailing_chars("\t\tfoo bar", "\t\tfoo bar", NULL)); ++ assert_se(streq_skip_trailing_chars(" foo bar\t", " foo bar\n", NULL)); ++ ++ assert_se(!streq_skip_trailing_chars("foobar", "foo bar", NULL)); ++ assert_se(!streq_skip_trailing_chars("foo\nbar", "foo\tbar", NULL)); ++ assert_se(!streq_skip_trailing_chars("\t\nfoo bar", "\t foo bar", NULL)); ++ ++ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", WHITESPACE)); ++ assert_se(!streq_skip_trailing_chars("foo bar ", "foo bar", NEWLINE)); ++ ++ assert_se(streq_skip_trailing_chars(NULL, NULL, NULL)); ++ assert_se(streq_skip_trailing_chars("", "", NULL)); ++ assert_se(!streq_skip_trailing_chars(NULL, "foo bar", NULL)); ++ assert_se(!streq_skip_trailing_chars("foo", NULL, NULL)); ++ assert_se(!streq_skip_trailing_chars("", "f", NULL)); ++} ++ + int main(int argc, char *argv[]) { + test_setup_logging(LOG_DEBUG); + +@@ -1039,6 +1066,7 @@ int main(int argc, char *argv[]) { + test_string_contains_word(); + test_strverscmp_improved(); + test_strextendf(); ++ test_streq_skip_trailing_chars(); + + return 0; + } +-- +2.31.1 + + +From a2552e17829d0090db3ff5f2e6f2d772d0fca3e9 Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 13:06:25 +0900 +Subject: [PATCH 3/4] fileio: introduce new mode to suppress writing the same + value + +--- + src/basic/fileio.c | 29 +++++++++++++++++++++++++++-- + src/basic/fileio.h | 23 ++++++++++++----------- + 2 files changed, 39 insertions(+), 13 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 4a0d060105..729789ce47 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -146,6 +146,30 @@ int write_string_stream_ts( + return -EBADF; + } + ++ if (flags & WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) { ++ _cleanup_free_ char *t = NULL; ++ ++ /* If value to be written is same as that of the existing value, then suppress the write. */ ++ ++ if (fd < 0) { ++ fd = fileno(f); ++ if (fd < 0) ++ return -EBADF; ++ } ++ ++ /* Read an additional byte to detect cases where the prefix matches but the rest ++ * doesn't. Also, 0 returned by read_virtual_file_fd() means the read was truncated and ++ * it won't be equal to the new value. */ ++ if (read_virtual_file_fd(fd, strlen(line)+1, &t, NULL) > 0 && ++ streq_skip_trailing_chars(line, t, NEWLINE)) { ++ log_debug("No change in value '%s', supressing write", line); ++ return 0; ++ } ++ ++ if (lseek(fd, 0, SEEK_SET) < 0) ++ return -errno; ++ } ++ + needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); + + if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { +@@ -261,10 +285,11 @@ int write_string_file_ts( + assert(!ts); + + /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ +- fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | ++ fd = open(fn, O_CLOEXEC|O_NOCTTY | + (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | + (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | +- (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), ++ (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0) | ++ (FLAGS_SET(flags, WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) ? O_RDWR : O_WRONLY), + (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); + if (fd < 0) { + r = -errno; +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 82330840bf..a72b2f3881 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -15,17 +15,18 @@ + #define LONG_LINE_MAX (1U*1024U*1024U) + + typedef enum { +- WRITE_STRING_FILE_CREATE = 1 << 0, +- WRITE_STRING_FILE_TRUNCATE = 1 << 1, +- WRITE_STRING_FILE_ATOMIC = 1 << 2, +- WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, +- WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, +- WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, +- WRITE_STRING_FILE_SYNC = 1 << 6, +- WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, +- WRITE_STRING_FILE_NOFOLLOW = 1 << 8, +- WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, +- WRITE_STRING_FILE_MODE_0600 = 1 << 10, ++ WRITE_STRING_FILE_CREATE = 1 << 0, ++ WRITE_STRING_FILE_TRUNCATE = 1 << 1, ++ WRITE_STRING_FILE_ATOMIC = 1 << 2, ++ WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, ++ WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, ++ WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, ++ WRITE_STRING_FILE_SYNC = 1 << 6, ++ WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, ++ WRITE_STRING_FILE_NOFOLLOW = 1 << 8, ++ WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, ++ WRITE_STRING_FILE_MODE_0600 = 1 << 10, ++ WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL = 1 << 11, + + /* And before you wonder, why write_string_file_atomic_label_ts() is a separate function instead of just one + more flag here: it's about linking: we don't want to pull -lselinux into all users of write_string_file() +-- +2.31.1 + + +From 41d86b627331f432454280714dd5b17d255367ba Mon Sep 17 00:00:00 2001 +From: Antony Deepak Thomas +Date: Wed, 29 Sep 2021 13:07:42 +0900 +Subject: [PATCH 4/4] sysctl-util: minimize side-effects when running + `systemd-sysctl` + +Currently `systemd-sysctl` binary is used in `systemd-sysctl.service` +which is mostly configured as `oneshot`. There are situations where one +would like to use systemd to maintain Sysctl configurations on a host, +using a configuration managers such as Chef or Puppet, by apply +configurations every X duration. +The problem with using `systemd-sysctl` is that it writes all the Sysctl +settings, even if the values for those settings have not changed. From +experience, we have observed that some Sysctl settings cause actions in +the kernel upon writing(like dropping caches) which in turn cause +undesired side effects. +This patch tries to minimize such side effects by comparing values +before writing. +--- + src/basic/sysctl-util.c | 19 +++++-------------- + 1 file changed, 5 insertions(+), 14 deletions(-) + +diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c +index 8913e6ff85..4da3eaf5f7 100644 +--- a/src/basic/sysctl-util.c ++++ b/src/basic/sysctl-util.c +@@ -44,25 +44,16 @@ char *sysctl_normalize(char *s) { + + int sysctl_write(const char *property, const char *value) { + char *p; +- _cleanup_close_ int fd = -1; +- + assert(property); + assert(value); +- +- log_debug("Setting '%s' to '%.*s'.", property, (int) strcspn(value, NEWLINE), value); +- + p = strjoina("/proc/sys/", property); +- fd = open(p, O_WRONLY|O_CLOEXEC); +- if (fd < 0) +- return -errno; ++ path_simplify(p); ++ if (!path_is_normalized(p)) ++ return -EINVAL; + +- if (!endswith(value, "\n")) +- value = strjoina(value, "\n"); +- +- if (write(fd, value, strlen(value)) < 0) +- return -errno; ++ log_debug("Setting '%s' to '%s'", p, value); + +- return 0; ++ return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); + } + + int sysctl_writef(const char *property, const char *format, ...) { +-- +2.31.1 + diff --git a/20695.patch b/20695.patch new file mode 100644 index 0000000..f7ac0bd --- /dev/null +++ b/20695.patch @@ -0,0 +1,24 @@ +From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 +From: Chris Packham +Date: Fri, 10 Sep 2021 09:51:36 +1200 +Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 + +ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition + +Fixes #20694 +--- + src/basic/linux/if_arp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +index c3cc5a9e5eaf..4783af9fe520 100644 +--- a/src/basic/linux/if_arp.h ++++ b/src/basic/linux/if_arp.h +@@ -54,6 +54,7 @@ + #define ARPHRD_X25 271 /* CCITT X.25 */ + #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ + #define ARPHRD_CAN 280 /* Controller Area Network */ ++#define ARPHRD_MCTP 290 + #define ARPHRD_PPP 512 + #define ARPHRD_CISCO 513 /* Cisco HDLC */ + #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/20729.patch b/20729.patch new file mode 100644 index 0000000..82904e5 --- /dev/null +++ b/20729.patch @@ -0,0 +1,927 @@ +From 6d9a72f3b9b4d00ec80051503e5e3d4d7cd46c05 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Sep 2021 01:28:29 +0900 +Subject: [PATCH 1/5] ethtool-util: use sizeof() + +--- + src/shared/ethtool-util.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index af3b917c75cb..d1f5eac63334 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -214,7 +214,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -254,7 +254,7 @@ int ethtool_get_link_info( + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -303,7 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -362,7 +362,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -405,7 +405,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -538,7 +538,7 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); + if (r < 0) +@@ -787,7 +787,7 @@ int ethtool_set_glinksettings( + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = get_glinksettings(*fd, &ifr, &u); + if (r < 0) { +@@ -857,7 +857,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -906,7 +906,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*fd, SIOCETHTOOL, &ifr); + if (r < 0) +@@ -974,7 +974,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); + if (r < 0) + +From 4253dab576b3ff17887c3e0d97380aab2aa29d82 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Sep 2021 01:41:15 +0900 +Subject: [PATCH 2/5] ethtool-util: shorten code a bit + +Also fixes a error code in debugging log. +--- + src/shared/ethtool-util.c | 70 ++++++++++++--------------------------- + 1 file changed, 22 insertions(+), 48 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index d1f5eac63334..ac21ef0f61a8 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -216,8 +216,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (isempty(ecmd.driver)) +@@ -256,8 +255,7 @@ int ethtool_get_link_info( + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (ret_autonegotiation) +@@ -305,8 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (epaddr.addr.size != 6) +@@ -364,8 +361,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + UPDATE(ecmd.wolopts, wolopts, need_update); +@@ -374,8 +370,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { + return 0; + + ecmd.cmd = ETHTOOL_SWOL; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -407,8 +402,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (ring->rx.set) +@@ -427,8 +421,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + return 0; + + ecmd.cmd = ETHTOOL_SRINGPARAM; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -446,7 +439,6 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + }, + }; + unsigned len; +- int r; + + assert(ethtool_fd >= 0); + assert(ifr); +@@ -454,8 +446,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + + ifr->ifr_data = (void *) &buffer.info; + +- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + if (!buffer.info.sset_mask) +@@ -478,8 +469,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + + ifr->ifr_data = (void *) strings; + +- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + *ret = TAKE_PTR(strings); +@@ -559,9 +549,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + + ifr.ifr_data = (void *) sfeatures; + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) +- return log_debug_errno(r, "ethtool: could not set ethtool features for %s", ifname); ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) ++ return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); + + return 0; + } +@@ -575,7 +564,6 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset + }; + struct ethtool_link_usettings *u; + unsigned offset; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -591,8 +579,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + if (ecmd.req.link_mode_masks_nwords >= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) +@@ -602,8 +589,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + if (ecmd.req.link_mode_masks_nwords <= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) +@@ -636,7 +622,6 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r + struct ethtool_cmd ecmd = { + .cmd = ETHTOOL_GSET, + }; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -644,8 +629,7 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + e = new(struct ethtool_link_usettings, 1); +@@ -678,7 +662,6 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin + __u32 link_mode_data[3 * ETHTOOL_LINK_MODE_MASK_MAX_KERNEL_NU32]; + } ecmd = {}; + unsigned offset; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -700,8 +683,7 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + return 0; +@@ -711,7 +693,6 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin + struct ethtool_cmd ecmd = { + .cmd = ETHTOOL_SSET, + }; +- int r; + + assert(fd >= 0); + assert(ifr); +@@ -736,8 +717,7 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin + + ifr->ifr_data = (void *) &ecmd; + +- r = ioctl(fd, SIOCETHTOOL, ifr); +- if (r < 0) ++ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) + return -errno; + + return 0; +@@ -859,8 +839,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (channels->rx.set) +@@ -879,8 +858,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha + return 0; + + ecmd.cmd = ETHTOOL_SCHANNELS; +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -908,8 +886,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (rx >= 0) +@@ -925,8 +902,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au + return 0; + + ecmd.cmd = ETHTOOL_SPAUSEPARAM; +- r = ioctl(*fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; +@@ -976,8 +952,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const + + strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + if (coalesce->use_adaptive_rx_coalesce >= 0) +@@ -1050,8 +1025,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const + return 0; + + ecmd.cmd = ETHTOOL_SCOALESCE; +- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); +- if (r < 0) ++ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + return 0; + +From 008d3a370ccdea13290ab9277b32cc582b886b17 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 14 Sep 2021 17:42:52 +0900 +Subject: [PATCH 3/5] ethtool: do not set unavailable or never_changed bits + +--- + src/shared/ethtool-util.c | 138 ++++++++++++++++++++++++++------------ + 1 file changed, 96 insertions(+), 42 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index ac21ef0f61a8..59b1bd86f085 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -427,30 +427,31 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde + return 0; + } + +-static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, struct ethtool_gstrings **ret) { ++static int get_stringset(int ethtool_fd, const char *ifname, enum ethtool_stringset stringset_id, struct ethtool_gstrings **ret) { + _cleanup_free_ struct ethtool_gstrings *strings = NULL; + struct { + struct ethtool_sset_info info; + uint32_t space; + } buffer = { +- .info = { +- .cmd = ETHTOOL_GSSET_INFO, +- .sset_mask = UINT64_C(1) << stringset_id, +- }, ++ .info.cmd = ETHTOOL_GSSET_INFO, ++ .info.sset_mask = UINT64_C(1) << stringset_id, + }; +- unsigned len; ++ struct ifreq ifr = { ++ .ifr_data = (void*) &buffer, ++ }; ++ uint32_t len; + + assert(ethtool_fd >= 0); +- assert(ifr); ++ assert(ifname); + assert(ret); + +- ifr->ifr_data = (void *) &buffer.info; ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + +- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + +- if (!buffer.info.sset_mask) +- return -EINVAL; ++ if (buffer.info.sset_mask == 0) ++ return -EOPNOTSUPP; + + #pragma GCC diagnostic push + #if HAVE_ZERO_LENGTH_BOUNDS +@@ -458,8 +459,10 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + #endif + len = buffer.info.data[0]; + #pragma GCC diagnostic pop ++ if (len == 0) ++ return -EOPNOTSUPP; + +- strings = malloc0(sizeof(struct ethtool_gstrings) + len * ETH_GSTRING_LEN); ++ strings = malloc0(offsetof(struct ethtool_gstrings, data) + len * ETH_GSTRING_LEN); + if (!strings) + return -ENOMEM; + +@@ -467,47 +470,92 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st + strings->string_set = stringset_id; + strings->len = len; + +- ifr->ifr_data = (void *) strings; ++ ifr.ifr_data = (void*) strings; + +- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) ++ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return -errno; + + *ret = TAKE_PTR(strings); ++ return 0; ++} ++ ++static int get_features(int ethtool_fd, const char *ifname, uint32_t n_features, struct ethtool_gfeatures **ret) { ++ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; ++ struct ifreq ifr; ++ ++ assert(ethtool_fd >= 0); ++ assert(ifname); ++ assert(ret); ++ assert(n_features > 0); ++ ++ gfeatures = malloc0(offsetof(struct ethtool_gfeatures, features) + ++ DIV_ROUND_UP(n_features, 32U) * sizeof(gfeatures->features[0])); ++ if (!gfeatures) ++ return -ENOMEM; ++ ++ gfeatures->cmd = ETHTOOL_GFEATURES; ++ gfeatures->size = DIV_ROUND_UP(n_features, 32U); ++ ++ ifr = (struct ifreq) { ++ .ifr_data = (void*) gfeatures, ++ }; ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); ++ ++ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) ++ return -errno; + ++ *ret = TAKE_PTR(gfeatures); + return 0; + } + + static int set_features_bit( + const struct ethtool_gstrings *strings, ++ const struct ethtool_gfeatures *gfeatures, ++ struct ethtool_sfeatures *sfeatures, + const char *feature, +- bool flag, +- struct ethtool_sfeatures *sfeatures) { ++ int flag) { ++ + bool found = false; ++ int r = -ENODATA; + + assert(strings); +- assert(feature); ++ assert(gfeatures); + assert(sfeatures); ++ assert(feature); ++ ++ if (flag < 0) ++ return 0; ++ ++ for (uint32_t i = 0; i < strings->len; i++) { ++ uint32_t block, mask; + +- for (size_t i = 0; i < strings->len; i++) +- if (streq((char *) &strings->data[i * ETH_GSTRING_LEN], feature) || +- (endswith(feature, "-") && startswith((char *) &strings->data[i * ETH_GSTRING_LEN], feature))) { +- size_t block, bit; ++ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && ++ !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) ++ continue; + +- block = i / 32; +- bit = i % 32; ++ block = i / 32; ++ mask = UINT32_C(1) << (i % 32); + +- sfeatures->features[block].valid |= 1 << bit; +- SET_FLAG(sfeatures->features[block].requested, 1 << bit, flag); +- found = true; ++ if (!FLAGS_SET(gfeatures->features[block].available, mask) || ++ FLAGS_SET(gfeatures->features[block].never_changed, mask)) { ++ r = -EOPNOTSUPP; ++ continue; + } + +- return found ? 0 : -ENODATA; ++ sfeatures->features[block].valid |= mask; ++ SET_FLAG(sfeatures->features[block].requested, mask, flag); ++ ++ found = true; ++ } ++ ++ return found ? 0 : r; + } + + int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { + _cleanup_free_ struct ethtool_gstrings *strings = NULL; +- struct ethtool_sfeatures *sfeatures; +- struct ifreq ifr = {}; ++ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; ++ _cleanup_free_ struct ethtool_sfeatures *sfeatures = NULL; ++ struct ifreq ifr; + bool have = false; + int r; + +@@ -528,26 +576,32 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + if (r < 0) + return r; + +- strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); ++ r = get_stringset(*ethtool_fd, ifname, ETH_SS_FEATURES, &strings); ++ if (r < 0) ++ return log_debug_errno(r, "ethtool: could not get ethtool feature strings: %m"); + +- r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); ++ r = get_features(*ethtool_fd, ifname, strings->len, &gfeatures); + if (r < 0) +- return log_debug_errno(r, "ethtool: could not get ethtool features for %s", ifname); ++ return log_debug_errno(r, "ethtool: could not get ethtool features for %s: %m", ifname); ++ ++ sfeatures = malloc0(offsetof(struct ethtool_sfeatures, features) + ++ DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); ++ if (!sfeatures) ++ return log_oom_debug(); + +- sfeatures = alloca0(sizeof(struct ethtool_sfeatures) + DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); + sfeatures->cmd = ETHTOOL_SFEATURES; + sfeatures->size = DIV_ROUND_UP(strings->len, 32U); + +- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) +- if (features[i] >= 0) { +- r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); +- if (r < 0) { +- log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); +- continue; +- } +- } ++ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { ++ r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); ++ if (r < 0) ++ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); ++ } + +- ifr.ifr_data = (void *) sfeatures; ++ ifr = (struct ifreq) { ++ .ifr_data = (void*) sfeatures, ++ }; ++ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); + + if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) + return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); + +From 7a4f203547c62cdc7611f38d97058b530570048f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Sep 2021 01:48:59 +0900 +Subject: [PATCH 4/5] ethtool-util: apply tx-checksum-* features at last + +NET_DEV_FEAT_TX matches multiple features. In the next commit, all +features whose strings start with "tx-checksum-" will be added. +To make them take precedence over NET_DEV_FEAT_TX, it will be applied +only when each explicit feature is not applied. +--- + src/shared/ethtool-util.c | 55 ++++++++++++++++++++++++++++++++++++--- + src/shared/ethtool-util.h | 4 ++- + 2 files changed, 54 insertions(+), 5 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index 59b1bd86f085..e95ce1a20917 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -71,13 +71,14 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse P + + static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { + [NET_DEV_FEAT_RX] = "rx-checksum", +- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ + [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", + [NET_DEV_FEAT_GRO] = "rx-gro", + [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", + [NET_DEV_FEAT_LRO] = "rx-lro", + [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", + [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", ++ ++ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ + }; + + static const char* const ethtool_link_mode_bit_table[] = { +@@ -515,6 +516,43 @@ static int set_features_bit( + const char *feature, + int flag) { + ++ assert(strings); ++ assert(gfeatures); ++ assert(sfeatures); ++ assert(feature); ++ ++ if (flag < 0) ++ return 0; ++ ++ for (uint32_t i = 0; i < strings->len; i++) { ++ uint32_t block, mask; ++ ++ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN)) ++ continue; ++ ++ block = i / 32; ++ mask = UINT32_C(1) << (i % 32); ++ ++ if (!FLAGS_SET(gfeatures->features[block].available, mask) || ++ FLAGS_SET(gfeatures->features[block].never_changed, mask)) ++ return -EOPNOTSUPP; ++ ++ sfeatures->features[block].valid |= mask; ++ SET_FLAG(sfeatures->features[block].requested, mask, flag); ++ ++ return 0; ++ } ++ ++ return -ENODATA; ++} ++ ++static int set_features_multiple_bit( ++ const struct ethtool_gstrings *strings, ++ const struct ethtool_gfeatures *gfeatures, ++ struct ethtool_sfeatures *sfeatures, ++ const char *feature, ++ int flag) { ++ + bool found = false; + int r = -ENODATA; + +@@ -529,8 +567,7 @@ static int set_features_bit( + for (uint32_t i = 0; i < strings->len; i++) { + uint32_t block, mask; + +- if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && +- !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) ++ if (!startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature)) + continue; + + block = i / 32; +@@ -542,6 +579,10 @@ static int set_features_bit( + continue; + } + ++ /* The flags is explicitly set by set_features_bit() */ ++ if (FLAGS_SET(sfeatures->features[block].valid, mask)) ++ continue; ++ + sfeatures->features[block].valid |= mask; + SET_FLAG(sfeatures->features[block].requested, mask, flag); + +@@ -592,12 +633,18 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features + sfeatures->cmd = ETHTOOL_SFEATURES; + sfeatures->size = DIV_ROUND_UP(strings->len, 32U); + +- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { ++ for (size_t i = 0; i < _NET_DEV_FEAT_SIMPLE_MAX; i++) { + r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); + if (r < 0) + log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); + } + ++ for (size_t i = _NET_DEV_FEAT_SIMPLE_MAX; i < _NET_DEV_FEAT_MAX; i++) { ++ r = set_features_multiple_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); ++ if (r < 0) ++ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); ++ } ++ + ifr = (struct ifreq) { + .ifr_data = (void*) sfeatures, + }; +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 6e180995055b..3f2252563304 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -20,13 +20,15 @@ typedef enum Duplex { + + typedef enum NetDevFeature { + NET_DEV_FEAT_RX, +- NET_DEV_FEAT_TX, + NET_DEV_FEAT_GSO, + NET_DEV_FEAT_GRO, + NET_DEV_FEAT_GRO_HW, + NET_DEV_FEAT_LRO, + NET_DEV_FEAT_TSO, + NET_DEV_FEAT_TSO6, ++ _NET_DEV_FEAT_SIMPLE_MAX, ++ ++ NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, + _NET_DEV_FEAT_MAX, + _NET_DEV_FEAT_INVALID = -EINVAL, + } NetDevFeature; + +From 77bf5c31de1d01edd49ac6aa25cdbe7734a11a25 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 14 Sep 2021 22:12:42 +0900 +Subject: [PATCH 5/5] ethtool-util: add more network device features + +Then, we can easily add new settings to configure features in .link +file. +--- + src/shared/ethtool-util.c | 73 ++++++++++++++++++++++++---- + src/shared/ethtool-util.h | 59 +++++++++++++++++++++- + src/udev/net/link-config-gperf.gperf | 4 +- + 3 files changed, 123 insertions(+), 13 deletions(-) + +diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c +index e95ce1a20917..00060abff40f 100644 +--- a/src/shared/ethtool-util.c ++++ b/src/shared/ethtool-util.c +@@ -70,15 +70,70 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); + DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); + + static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { +- [NET_DEV_FEAT_RX] = "rx-checksum", +- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", +- [NET_DEV_FEAT_GRO] = "rx-gro", +- [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", +- [NET_DEV_FEAT_LRO] = "rx-lro", +- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", +- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", +- +- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ ++ [NET_DEV_FEAT_SG] = "tx-scatter-gather", ++ [NET_DEV_FEAT_IP_CSUM] = "tx-checksum-ipv4", ++ [NET_DEV_FEAT_HW_CSUM] = "tx-checksum-ip-generic", ++ [NET_DEV_FEAT_IPV6_CSUM] = "tx-checksum-ipv6", ++ [NET_DEV_FEAT_HIGHDMA] = "highdma", ++ [NET_DEV_FEAT_FRAGLIST] = "tx-scatter-gather-fraglist", ++ [NET_DEV_FEAT_HW_VLAN_CTAG_TX] = "tx-vlan-hw-insert", ++ [NET_DEV_FEAT_HW_VLAN_CTAG_RX] = "rx-vlan-hw-parse", ++ [NET_DEV_FEAT_HW_VLAN_CTAG_FILTER] = "rx-vlan-filter", ++ [NET_DEV_FEAT_HW_VLAN_STAG_TX] = "tx-vlan-stag-hw-insert", ++ [NET_DEV_FEAT_HW_VLAN_STAG_RX] = "rx-vlan-stag-hw-parse", ++ [NET_DEV_FEAT_HW_VLAN_STAG_FILTER] = "rx-vlan-stag-filter", ++ [NET_DEV_FEAT_VLAN_CHALLENGED] = "vlan-challenged", ++ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", ++ [NET_DEV_FEAT_LLTX] = "tx-lockless", ++ [NET_DEV_FEAT_NETNS_LOCAL] = "netns-local", ++ [NET_DEV_FEAT_GRO] = "rx-gro", ++ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", ++ [NET_DEV_FEAT_LRO] = "rx-lro", ++ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", ++ [NET_DEV_FEAT_GSO_ROBUST] = "tx-gso-robust", ++ [NET_DEV_FEAT_TSO_ECN] = "tx-tcp-ecn-segmentation", ++ [NET_DEV_FEAT_TSO_MANGLEID] = "tx-tcp-mangleid-segmentation", ++ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", ++ [NET_DEV_FEAT_FSO] = "tx-fcoe-segmentation", ++ [NET_DEV_FEAT_GSO_GRE] = "tx-gre-segmentation", ++ [NET_DEV_FEAT_GSO_GRE_CSUM] = "tx-gre-csum-segmentation", ++ [NET_DEV_FEAT_GSO_IPXIP4] = "tx-ipxip4-segmentation", ++ [NET_DEV_FEAT_GSO_IPXIP6] = "tx-ipxip6-segmentation", ++ [NET_DEV_FEAT_GSO_UDP_TUNNEL] = "tx-udp_tnl-segmentation", ++ [NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM] = "tx-udp_tnl-csum-segmentation", ++ [NET_DEV_FEAT_GSO_PARTIAL] = "tx-gso-partial", ++ [NET_DEV_FEAT_GSO_TUNNEL_REMCSUM] = "tx-tunnel-remcsum-segmentation", ++ [NET_DEV_FEAT_GSO_SCTP] = "tx-sctp-segmentation", ++ [NET_DEV_FEAT_GSO_ESP] = "tx-esp-segmentation", ++ [NET_DEV_FEAT_GSO_UDP_L4] = "tx-udp-segmentation", ++ [NET_DEV_FEAT_GSO_FRAGLIST] = "tx-gso-list", ++ [NET_DEV_FEAT_FCOE_CRC] = "tx-checksum-fcoe-crc", ++ [NET_DEV_FEAT_SCTP_CRC] = "tx-checksum-sctp", ++ [NET_DEV_FEAT_FCOE_MTU] = "fcoe-mtu", ++ [NET_DEV_FEAT_NTUPLE] = "rx-ntuple-filter", ++ [NET_DEV_FEAT_RXHASH] = "rx-hashing", ++ [NET_DEV_FEAT_RXCSUM] = "rx-checksum", ++ [NET_DEV_FEAT_NOCACHE_COPY] = "tx-nocache-copy", ++ [NET_DEV_FEAT_LOOPBACK] = "loopback", ++ [NET_DEV_FEAT_RXFCS] = "rx-fcs", ++ [NET_DEV_FEAT_RXALL] = "rx-all", ++ [NET_DEV_FEAT_HW_L2FW_DOFFLOAD] = "l2-fwd-offload", ++ [NET_DEV_FEAT_HW_TC] = "hw-tc-offload", ++ [NET_DEV_FEAT_HW_ESP] = "esp-hw-offload", ++ [NET_DEV_FEAT_HW_ESP_TX_CSUM] = "esp-tx-csum-hw-offload", ++ [NET_DEV_FEAT_RX_UDP_TUNNEL_PORT] = "rx-udp_tunnel-port-offload", ++ [NET_DEV_FEAT_HW_TLS_RECORD] = "tls-hw-record", ++ [NET_DEV_FEAT_HW_TLS_TX] = "tls-hw-tx-offload", ++ [NET_DEV_FEAT_HW_TLS_RX] = "tls-hw-rx-offload", ++ [NET_DEV_FEAT_GRO_FRAGLIST] = "rx-gro-list", ++ [NET_DEV_FEAT_HW_MACSEC] = "macsec-hw-offload", ++ [NET_DEV_FEAT_GRO_UDP_FWD] = "rx-udp-gro-forwarding", ++ [NET_DEV_FEAT_HW_HSR_TAG_INS] = "hsr-tag-ins-offload", ++ [NET_DEV_FEAT_HW_HSR_TAG_RM] = "hsr-tag-rm-offload", ++ [NET_DEV_FEAT_HW_HSR_FWD] = "hsr-fwd-offload", ++ [NET_DEV_FEAT_HW_HSR_DUP] = "hsr-dup-offload", ++ ++ [NET_DEV_FEAT_TXCSUM] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ + }; + + static const char* const ethtool_link_mode_bit_table[] = { +diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h +index 3f2252563304..cc0655893175 100644 +--- a/src/shared/ethtool-util.h ++++ b/src/shared/ethtool-util.h +@@ -19,16 +19,71 @@ typedef enum Duplex { + } Duplex; + + typedef enum NetDevFeature { +- NET_DEV_FEAT_RX, ++ NET_DEV_FEAT_SG, ++ NET_DEV_FEAT_IP_CSUM, ++ NET_DEV_FEAT_HW_CSUM, ++ NET_DEV_FEAT_IPV6_CSUM, ++ NET_DEV_FEAT_HIGHDMA, ++ NET_DEV_FEAT_FRAGLIST, ++ NET_DEV_FEAT_HW_VLAN_CTAG_TX, ++ NET_DEV_FEAT_HW_VLAN_CTAG_RX, ++ NET_DEV_FEAT_HW_VLAN_CTAG_FILTER, ++ NET_DEV_FEAT_HW_VLAN_STAG_TX, ++ NET_DEV_FEAT_HW_VLAN_STAG_RX, ++ NET_DEV_FEAT_HW_VLAN_STAG_FILTER, ++ NET_DEV_FEAT_VLAN_CHALLENGED, + NET_DEV_FEAT_GSO, ++ NET_DEV_FEAT_LLTX, ++ NET_DEV_FEAT_NETNS_LOCAL, + NET_DEV_FEAT_GRO, + NET_DEV_FEAT_GRO_HW, + NET_DEV_FEAT_LRO, + NET_DEV_FEAT_TSO, ++ NET_DEV_FEAT_GSO_ROBUST, ++ NET_DEV_FEAT_TSO_ECN, ++ NET_DEV_FEAT_TSO_MANGLEID, + NET_DEV_FEAT_TSO6, ++ NET_DEV_FEAT_FSO, ++ NET_DEV_FEAT_GSO_GRE, ++ NET_DEV_FEAT_GSO_GRE_CSUM, ++ NET_DEV_FEAT_GSO_IPXIP4, ++ NET_DEV_FEAT_GSO_IPXIP6, ++ NET_DEV_FEAT_GSO_UDP_TUNNEL, ++ NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM, ++ NET_DEV_FEAT_GSO_PARTIAL, ++ NET_DEV_FEAT_GSO_TUNNEL_REMCSUM, ++ NET_DEV_FEAT_GSO_SCTP, ++ NET_DEV_FEAT_GSO_ESP, ++ NET_DEV_FEAT_GSO_UDP_L4, ++ NET_DEV_FEAT_GSO_FRAGLIST, ++ NET_DEV_FEAT_FCOE_CRC, ++ NET_DEV_FEAT_SCTP_CRC, ++ NET_DEV_FEAT_FCOE_MTU, ++ NET_DEV_FEAT_NTUPLE, ++ NET_DEV_FEAT_RXHASH, ++ NET_DEV_FEAT_RXCSUM, ++ NET_DEV_FEAT_NOCACHE_COPY, ++ NET_DEV_FEAT_LOOPBACK, ++ NET_DEV_FEAT_RXFCS, ++ NET_DEV_FEAT_RXALL, ++ NET_DEV_FEAT_HW_L2FW_DOFFLOAD, ++ NET_DEV_FEAT_HW_TC, ++ NET_DEV_FEAT_HW_ESP, ++ NET_DEV_FEAT_HW_ESP_TX_CSUM, ++ NET_DEV_FEAT_RX_UDP_TUNNEL_PORT, ++ NET_DEV_FEAT_HW_TLS_RECORD, ++ NET_DEV_FEAT_HW_TLS_TX, ++ NET_DEV_FEAT_HW_TLS_RX, ++ NET_DEV_FEAT_GRO_FRAGLIST, ++ NET_DEV_FEAT_HW_MACSEC, ++ NET_DEV_FEAT_GRO_UDP_FWD, ++ NET_DEV_FEAT_HW_HSR_TAG_INS, ++ NET_DEV_FEAT_HW_HSR_TAG_RM, ++ NET_DEV_FEAT_HW_HSR_FWD, ++ NET_DEV_FEAT_HW_HSR_DUP, + _NET_DEV_FEAT_SIMPLE_MAX, + +- NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, ++ NET_DEV_FEAT_TXCSUM = _NET_DEV_FEAT_SIMPLE_MAX, + _NET_DEV_FEAT_MAX, + _NET_DEV_FEAT_INVALID = -EINVAL, + } NetDevFeature; +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index 44b46cb17c0b..e3cdaaee0509 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -50,8 +50,8 @@ Link.Duplex, config_parse_duplex, + Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) + Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) + Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) +-Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) +-Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) ++Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) ++Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) + Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) + Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) + Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) diff --git a/20743.patch b/20743.patch new file mode 100644 index 0000000..0975ce8 --- /dev/null +++ b/20743.patch @@ -0,0 +1,41 @@ +From 0fc51b569570e8bf5aecd5ee03a88eb668b7b385 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 14 Sep 2021 16:33:10 -0700 +Subject: [PATCH] fileio: start with 4k buffer for procfs + +There's a very gradual increase of anonymous memory in systemd-journald that +blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. + +systemd-journald makes many calls to read /proc/PID/cmdline and +/proc/PID/status, both of which tend to be well under 4K. However the +combination of allocating 4M read buffers, then using `realloc()` to +shrink the buffer in `read_virtual_file()` appears to be creating +fragmentation in the heap (when combined with the other allocations +systemd-journald is doing). + +To help mitigate this, try reading /proc with a 4K buffer as +`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. +If it isn't big enough then try again with the larger buffers. +--- + src/basic/fileio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 99a44fdea2..466c6321c7 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -431,6 +431,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + } + + n_retries--; ++ } else if (n_retries > 1) { ++ /* Files in /proc are generally smaller than the page size so let's start with a page size ++ * buffer from malloc and only use the max buffer on the final try. */ ++ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); ++ n_retries = 1; + } else { + size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); + n_retries = 0; +-- +2.31.1 + diff --git a/20828.patch b/20828.patch new file mode 100644 index 0000000..2b55bd4 --- /dev/null +++ b/20828.patch @@ -0,0 +1,240 @@ +From 88eca13f57194765d184ca227320df83f48020e2 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Fri, 24 Sep 2021 01:19:00 -0700 +Subject: [PATCH] link: connect 5 more properties to ethtool features + +Sets up the follow properties and their corresponding ethtool feature: +- ReceiveVLANCTAGHardwareAcceleration == rx-vlan-hw-parse (or rxvlan) +- TransmitVLANCTAGHardwareAcceleration == tx-vlan-hw-insert (or txvlan) +- ReceiveVLANCTAGFilter == rx-vlan-filter +- TransmitVLANSTAGHardwareAcceleration == tx-vlan-stag-hw-insert +- NTupleFilter == rx-ntuple-filter (or ntuple) +--- + man/systemd.link.xml | 35 +++++ + src/udev/net/link-config-gperf.gperf | 153 +++++++++++---------- + test/fuzz/fuzz-link-parser/directives.link | 5 + + 3 files changed, 119 insertions(+), 74 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 638a1522cd38..c8d3c5137459 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -715,6 +715,41 @@ + When unset, the kernel's default will be used. + + ++ ++ ReceiveVLANCTAGHardwareAcceleration= ++ ++ Takes a boolean. If set to true, receive VLAN CTAG hardware acceleration is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ TransmitVLANCTAGHardwareAcceleration= ++ ++ Takes a boolean. If set to true, transmit VLAN CTAG hardware acceleration is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ ReceiveVLANCTAGFilter= ++ ++ Takes a boolean. If set to true, receive filtering on VLAN CTAGs is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ TransmitVLANSTAGHardwareAcceleration= ++ ++ Takes a boolean. If set to true, transmit VLAN STAG HW acceleration is enabled. ++ When unset, the kernel's default will be used. ++ ++ ++ ++ NTupleFilter= ++ ++ Takes a boolean. If set to true, receive N-tuple filters and actions are enabled. ++ When unset, the kernel's default will be used. ++ ++ + + RxChannels= + TxChannels= +diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf +index e3cdaaee0509..04c255ce514c 100644 +--- a/src/udev/net/link-config-gperf.gperf ++++ b/src/udev/net/link-config-gperf.gperf +@@ -21,77 +21,82 @@ struct ConfigPerfItem; + %struct-type + %includes + %% +-Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) +-Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) +-Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) +-Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) +-Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) +-Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) +-Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) +-Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) +-Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) +-Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) +-Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) +-Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) +-Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) +-Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) +-Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) +-Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) +-Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) +-Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) +-Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) +-Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) +-Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) +-Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) +-Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) +-Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) +-Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) +-Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) +-Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) +-Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) +-Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) +-Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) +-Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) +-Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) +-Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) +-Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) +-Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 +-Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) +-Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) +-Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) +-Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) +-Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) +-Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) +-Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) +-Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) +-Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) +-Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) +-Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) +-Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) +-Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) +-Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) +-Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) +-Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) +-Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) +-Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) +-Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) +-Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) +-Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) +-Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) +-Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) +-Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) +-Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) +-Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) +-Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) +-Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) +-Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) +-Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) +-Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) +-Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) +-Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) +-Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) +-Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) +-Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) +-Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) +-Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) +-Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) ++Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) ++Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) ++Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) ++Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) ++Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) ++Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) ++Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) ++Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) ++Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) ++Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) ++Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) ++Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) ++Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) ++Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) ++Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) ++Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) ++Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) ++Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) ++Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) ++Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) ++Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) ++Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) ++Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) ++Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) ++Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) ++Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) ++Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) ++Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) ++Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) ++Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) ++Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) ++Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) ++Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) ++Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) ++Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 ++Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) ++Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) ++Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) ++Link.ReceiveVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_RX]) ++Link.TransmitVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_TX]) ++Link.ReceiveVLANCTAGFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_FILTER]) ++Link.TransmitVLANSTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_STAG_TX]) ++Link.NTupleFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_NTUPLE]) ++Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) ++Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) ++Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) ++Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) ++Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) ++Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) ++Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) ++Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) ++Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) ++Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) ++Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) ++Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) ++Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) ++Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) ++Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) ++Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) ++Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) ++Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) ++Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) ++Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) ++Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) ++Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) ++Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) ++Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) ++Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) ++Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) ++Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) ++Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) ++Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) ++Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) ++Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) ++Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) ++Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) ++Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) ++Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) ++Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +index b5cffb1a271f..8be2434665a7 100644 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ b/test/fuzz/fuzz-link-parser/directives.link +@@ -38,6 +38,11 @@ UDPSegmentationOffload= + GenericReceiveOffload= + GenericReceiveOffloadHardware= + LargeReceiveOffload= ++ReceiveVLANCTAGHardwareAcceleration= ++TransmitVLANCTAGHardwareAcceleration= ++ReceiveVLANCTAGFilter= ++TransmitVLANSTAGHardwareAcceleration= ++NTupleFilter= + RxChannels= + TxChannels= + OtherChannels= diff --git a/20875.patch b/20875.patch new file mode 100644 index 0000000..610ee4c --- /dev/null +++ b/20875.patch @@ -0,0 +1,26 @@ +From 84e1818ce1dc9f5f7eb7b4d4bc87124d82c5080f Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 28 Sep 2021 23:52:39 -0700 +Subject: [PATCH] basic/unit-file: don't filter out names starting with dot + +Fixes #20859 +--- + src/basic/unit-file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..0d58b1c4fe 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -284,7 +284,7 @@ int unit_file_build_name_map( + continue; + } + +- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { ++ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { + char *filename; + _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; + const char *suffix, *dst = NULL; +-- +2.31.1 + diff --git a/20978.patch b/20978.patch new file mode 100644 index 0000000..8330e00 --- /dev/null +++ b/20978.patch @@ -0,0 +1,126 @@ +From a58dea6130fdcccd8cdf50633c939b45e2b32189 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Mon, 11 Oct 2021 00:25:20 -0700 +Subject: [PATCH] core: serialize device cgroup bpf progs across + daemon-reload/reexec + +Follows what was done in b57d75232615f98aefcf41cb145ec2ea3262857d and +adds a test that verifies the device BPF program is not detached during +reload/reexec. +--- + src/core/unit-serialize.c | 4 ++++ + test/TEST-66-DEVICE-ISOLATION/Makefile | 1 + + test/TEST-66-DEVICE-ISOLATION/test.sh | 10 ++++++++ + .../testsuite-66-deviceisolation.service | 9 ++++++++ + test/units/testsuite-66.service | 7 ++++++ + test/units/testsuite-66.sh | 23 +++++++++++++++++++ + 6 files changed, 54 insertions(+) + create mode 120000 test/TEST-66-DEVICE-ISOLATION/Makefile + create mode 100755 test/TEST-66-DEVICE-ISOLATION/test.sh + create mode 100644 test/units/testsuite-66-deviceisolation.service + create mode 100644 test/units/testsuite-66.service + create mode 100755 test/units/testsuite-66.sh + +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index 9e1664ff53af..3458d7017bd5 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -171,6 +171,7 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool switching_root) { + + (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-ingress-installed", u->ip_bpf_ingress_installed); + (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-egress-installed", u->ip_bpf_egress_installed); ++ (void) bpf_program_serialize_attachment(f, fds, "bpf-device-control-installed", u->bpf_device_control_installed); + (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-ingress-installed", u->ip_bpf_custom_ingress_installed); + (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-egress-installed", u->ip_bpf_custom_egress_installed); + +@@ -408,6 +409,9 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { + } else if (streq(l, "ip-bpf-egress-installed")) { + (void) bpf_program_deserialize_attachment(v, fds, &u->ip_bpf_egress_installed); + continue; ++ } else if (streq(l, "bpf-device-control-installed")) { ++ (void) bpf_program_deserialize_attachment(v, fds, &u->bpf_device_control_installed); ++ continue; + + } else if (streq(l, "ip-bpf-custom-ingress-installed")) { + (void) bpf_program_deserialize_attachment_set(v, fds, &u->ip_bpf_custom_ingress_installed); +diff --git a/test/TEST-66-DEVICE-ISOLATION/Makefile b/test/TEST-66-DEVICE-ISOLATION/Makefile +new file mode 120000 +index 000000000000..e9f93b1104cd +--- /dev/null ++++ b/test/TEST-66-DEVICE-ISOLATION/Makefile +@@ -0,0 +1 @@ ++../TEST-01-BASIC/Makefile +\ No newline at end of file +diff --git a/test/TEST-66-DEVICE-ISOLATION/test.sh b/test/TEST-66-DEVICE-ISOLATION/test.sh +new file mode 100755 +index 000000000000..534e43e493e6 +--- /dev/null ++++ b/test/TEST-66-DEVICE-ISOLATION/test.sh +@@ -0,0 +1,10 @@ ++#!/usr/bin/env bash ++set -e ++ ++TEST_DESCRIPTION="test device isolation" ++TEST_NO_NSPAWN=1 ++ ++# shellcheck source=test/test-functions ++. "${TEST_BASE_DIR:?}/test-functions" ++ ++do_test "$@" +diff --git a/test/units/testsuite-66-deviceisolation.service b/test/units/testsuite-66-deviceisolation.service +new file mode 100644 +index 000000000000..0022a9a45724 +--- /dev/null ++++ b/test/units/testsuite-66-deviceisolation.service +@@ -0,0 +1,9 @@ ++[Unit] ++Description=Service that uses device isolation ++ ++[Service] ++DevicePolicy=strict ++DeviceAllow=/dev/null r ++StandardOutput=file:/testsuite66serviceresults ++ExecStartPre=rm -f /testsuite66serviceresults ++ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow > /dev/null && echo thisshouldnotbehere; done" +diff --git a/test/units/testsuite-66.service b/test/units/testsuite-66.service +new file mode 100644 +index 000000000000..a97974a4262d +--- /dev/null ++++ b/test/units/testsuite-66.service +@@ -0,0 +1,7 @@ ++[Unit] ++Description=TESTSUITE-66-DEVICEISOLATION ++ ++[Service] ++ExecStartPre=rm -f /failed /testok ++ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh ++Type=oneshot +diff --git a/test/units/testsuite-66.sh b/test/units/testsuite-66.sh +new file mode 100755 +index 000000000000..870dca42e169 +--- /dev/null ++++ b/test/units/testsuite-66.sh +@@ -0,0 +1,23 @@ ++#!/usr/bin/env bash ++set -eux ++set -o pipefail ++ ++systemd-analyze log-level debug ++systemd-analyze log-target console ++ ++systemctl start testsuite-66-deviceisolation.service ++ ++grep -q "Operation not permitted" /testsuite66serviceresults ++ ++systemctl daemon-reload ++systemctl daemon-reexec ++ ++systemctl stop testsuite-66-deviceisolation.service ++ ++grep -q "thisshouldnotbehere" /testsuite66serviceresults && exit 42 ++ ++systemd-analyze log-level info ++ ++echo OK >/testok ++ ++exit 0 diff --git a/21221.patch b/21221.patch new file mode 100644 index 0000000..cfe113e --- /dev/null +++ b/21221.patch @@ -0,0 +1,172 @@ +From fbdc87679cc4f3c9fc3653636e94be20f06d18e4 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 9 Nov 2021 15:26:28 -0800 +Subject: [PATCH] core: replace slice dependencies as they get added + +Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that +is used when adding slices to the dependencies hashmap. This type is +used to remove slice dependencies when they get overridden by new ones. + +Fixes #20182 +--- + src/core/dbus-unit.c | 2 +- + src/core/load-fragment.c | 2 +- + src/core/unit-serialize.c | 1 + + src/core/unit.c | 10 +++++++--- + src/core/unit.h | 7 +++++-- + src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- + 6 files changed, 45 insertions(+), 8 deletions(-) + +diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c +index fe320f1b05a8..d4ec789a7c11 100644 +--- a/src/core/dbus-unit.c ++++ b/src/core/dbus-unit.c +@@ -2273,7 +2273,7 @@ static int bus_unit_set_transient_property( + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); + + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { +- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ r = unit_set_slice(u, slice); + if (r < 0) + return r; + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 62cadaf2286f..830048ae1915 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3792,7 +3792,7 @@ int config_parse_unit_slice( + return 0; + } + +- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ r = unit_set_slice(u, slice); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); + return 0; +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index 3458d7017bd5..7d2e6bc130de 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -593,6 +593,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency + { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, + { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, + { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, ++ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, + }; + + assert(f); +diff --git a/src/core/unit.c b/src/core/unit.c +index 4c55827a6511..a3bca43566e0 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3284,7 +3284,7 @@ int unit_set_invocation_id(Unit *u, sd_id128_t id) { + return r; + } + +-int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { ++int unit_set_slice(Unit *u, Unit *slice) { + int r; + + assert(u); +@@ -3317,7 +3317,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { + if (UNIT_GET_SLICE(u) && u->cgroup_realized) + return -EBUSY; + +- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); ++ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ ++ if (UNIT_GET_SLICE(u)) ++ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); ++ ++ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); + if (r < 0) + return r; + +@@ -3373,7 +3377,7 @@ int unit_set_default_slice(Unit *u) { + if (r < 0) + return r; + +- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ return unit_set_slice(u, slice); + } + + const char *unit_slice_name(Unit *u) { +diff --git a/src/core/unit.h b/src/core/unit.h +index 0dd6a9591d96..ba12fe4ac1ef 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -89,7 +89,10 @@ typedef enum UnitDependencyMask { + /* A dependency created because of data read from /proc/swaps and no other configuration source */ + UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, + +- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, ++ /* A dependency for units in slices assigned by directly setting Slice= */ ++ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, ++ ++ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, + } UnitDependencyMask; + + /* The Unit's dependencies[] hashmaps use this structure as value. It has the same size as a void pointer, and thus can +@@ -782,7 +785,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; + int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); + int unit_load(Unit *unit); + +-int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); ++int unit_set_slice(Unit *u, Unit *slice); + int unit_set_default_slice(Unit *u); + + const char *unit_description(Unit *u) _pure_; +diff --git a/src/test/test-engine.c b/src/test/test-engine.c +index 880af36fb523..673c66561240 100644 +--- a/src/test/test-engine.c ++++ b/src/test/test-engine.c +@@ -8,6 +8,7 @@ + #include "manager-dump.h" + #include "rm-rf.h" + #include "service.h" ++#include "slice.h" + #include "special.h" + #include "strv.h" + #include "tests.h" +@@ -75,7 +76,8 @@ int main(int argc, char *argv[]) { + _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; + _cleanup_(manager_freep) Manager *m = NULL; + Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, +- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; ++ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, ++ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; + Job *j; + int r; + +@@ -260,5 +262,32 @@ int main(int argc, char *argv[]) { + + verify_dependency_atoms(); + ++ /* Test adding multiple Slice= dependencies; only the last should remain */ ++ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); ++ ++ unit_set_slice(tomato, sauce); ++ unit_set_slice(tomato, fruit); ++ unit_set_slice(tomato, zupa); ++ ++ assert_se(UNIT_GET_SLICE(tomato) == zupa); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); ++ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); ++ ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); ++ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); ++ ++ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); ++ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); ++ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); ++ ++ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); ++ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); ++ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); ++ + return 0; + } diff --git a/21241.patch b/21241.patch new file mode 100644 index 0000000..5889a9c --- /dev/null +++ b/21241.patch @@ -0,0 +1,128 @@ +From 084d0849fc864b0377551b211def7a89b642c5e9 Mon Sep 17 00:00:00 2001 +From: Julia Kartseva +Date: Thu, 4 Nov 2021 18:52:02 -0700 +Subject: [PATCH 1/2] core: fix bpf-foreign cg controller realization + +Requiring /sys/fs/bpf path to be a mount point at the moment of cgroup +controllers realization does more harm than good, because: +* Realization happens early on boot, the mount point may not be ready at +the time. That happens if mounts are made by a .mount unit (the issue we +encountered). +* BPF filesystem may be mounted on another point. + +Remove the check. Instead verify that path provided by BPFProgram= is +within BPF fs when unit properties are parsed. + +Split in two commits for simple backport. +--- + src/core/bpf-foreign.c | 10 ---------- + src/core/bpf-foreign.h | 5 ++++- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c +index 6b93b9785fb5..686c14ce1f18 100644 +--- a/src/core/bpf-foreign.c ++++ b/src/core/bpf-foreign.c +@@ -111,16 +111,6 @@ static int bpf_foreign_prepare( + return 0; + } + +-int bpf_foreign_supported(void) { +- int r; +- +- r = cg_all_unified(); +- if (r <= 0) +- return r; +- +- return path_is_mount_point("/sys/fs/bpf", NULL, 0); +-} +- + int bpf_foreign_install(Unit *u) { + _cleanup_free_ char *cgroup_path = NULL; + CGroupBPFForeignProgram *p; +diff --git a/src/core/bpf-foreign.h b/src/core/bpf-foreign.h +index 9559cd79812b..e387b1b1d389 100644 +--- a/src/core/bpf-foreign.h ++++ b/src/core/bpf-foreign.h +@@ -4,7 +4,10 @@ + + #include "unit.h" + +-int bpf_foreign_supported(void); ++static inline int bpf_foreign_supported(void) { ++ return cg_all_unified(); ++} ++ + /* + * Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity + * external to systemd. + +From dedca960afdee5797d19929c43853513711e3e3d Mon Sep 17 00:00:00 2001 +From: Julia Kartseva +Date: Thu, 4 Nov 2021 18:55:55 -0700 +Subject: [PATCH 2/2] core: check fs type of BPFProgram= property path + +Tests: + +``` +% stat --file-system --format="%T" /root/bpf/trivial/ +bpf_fs + +% systemd-nspawn -D/ --volatile=yes \ +--property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \ +--quiet -- ping -c 5 -W 1 ::1 +PING ::1(::1) 56 data bytes + +--- ::1 ping statistics --- +5 packets transmitted, 0 received, 100% packet loss, time 4110ms +``` + +``` +% stat --file-system --format='%T' /root/meh +btrfs + +% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh +--quiet -- ping -c 5 -W 1 ::1 +``` +sudo ./build/systemd-nspawn \ +-D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \ +ping -c 1 -W 1 ::1 +PING ::1(::1) 56 data bytes +64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms + +--- ::1 ping statistics --- +1 packets transmitted, 1 received, 0% packet loss, time 0ms +--- + src/core/bpf-foreign.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c +index 686c14ce1f18..8538792b60db 100644 +--- a/src/core/bpf-foreign.c ++++ b/src/core/bpf-foreign.c +@@ -4,8 +4,10 @@ + #include "bpf-program.h" + #include "cgroup.h" + #include "memory-util.h" ++#include "missing_magic.h" + #include "mountpoint-util.h" + #include "set.h" ++#include "stat-util.h" + + typedef struct BPFForeignKey BPFForeignKey; + struct BPFForeignKey { +@@ -84,6 +86,14 @@ static int bpf_foreign_prepare( + assert(u); + assert(bpffs_path); + ++ r = path_is_fs_type(bpffs_path, BPF_FS_MAGIC); ++ if (r < 0) ++ return log_unit_error_errno(u, r, ++ "Failed to determine filesystem type of %s: %m", bpffs_path); ++ if (r == 0) ++ return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), ++ "Path in BPF filesystem is expected."); ++ + r = bpf_program_new_from_bpffs_path(bpffs_path, &prog); + if (r < 0) + return log_unit_error_errno(u, r, "Failed to create foreign BPFProgram: %m"); diff --git a/22426-fb.patch b/22426-fb.patch new file mode 100644 index 0000000..41310df --- /dev/null +++ b/22426-fb.patch @@ -0,0 +1,580 @@ +From 3dbc067d326c600a92822037118961641fc76575 Mon Sep 17 00:00:00 2001 +From: Pasha Vorobyev +Date: Fri, 4 Feb 2022 11:49:46 -0800 +Subject: [PATCH] MemoryZSwapMax directive to configure new memory.zswap.max + cgroup file + +--- + man/org.freedesktop.systemd1.xml | 36 +++++++++++++++++++ + src/basic/cgroup-util.c | 36 +++++++++++++++++++ + src/basic/cgroup-util.h | 2 ++ + src/core/cgroup.c | 17 +++++++-- + src/core/cgroup.h | 1 + + src/core/dbus-cgroup.c | 8 +++++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/load-fragment.c | 4 ++- + src/shared/bus-print-properties.c | 2 +- + src/shared/bus-unit-util.c | 1 + + src/systemctl/systemctl-show.c | 8 +++++ + .../fuzz-unit-file/directives-all.service | 1 + + test/fuzz/fuzz-unit-file/directives.mount | 1 + + test/fuzz/fuzz-unit-file/directives.scope | 1 + + test/fuzz/fuzz-unit-file/directives.service | 1 + + test/fuzz/fuzz-unit-file/directives.slice | 1 + + test/fuzz/fuzz-unit-file/directives.socket | 1 + + test/fuzz/fuzz-unit-file/directives.swap | 1 + + 18 files changed, 118 insertions(+), 5 deletions(-) + +diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml +index c14c5b6601..cc37de4fb4 100644 +--- a/man/org.freedesktop.systemd1.xml ++++ b/man/org.freedesktop.systemd1.xml +@@ -2493,6 +2493,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -3030,6 +3032,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + + ++ ++ + + + +@@ -3594,6 +3598,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + + ++ ++ + + + +@@ -4293,6 +4299,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -4858,6 +4866,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ ++ + + + +@@ -5420,6 +5430,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ ++ + + + +@@ -6016,6 +6028,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -6509,6 +6523,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + + + ++ ++ + + + +@@ -6989,6 +7005,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + + + ++ ++ + + + +@@ -7706,6 +7724,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -8185,6 +8205,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + + + ++ ++ + + + +@@ -8651,6 +8673,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + + + ++ ++ + + + +@@ -9221,6 +9245,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -9364,6 +9390,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + + + ++ ++ + + + +@@ -9514,6 +9542,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + + + ++ ++ + + + +@@ -9684,6 +9714,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemorySwapMax = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") ++ readonly t MemoryZSwapMax = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly t MemoryLimit = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DevicePolicy = '...'; +@@ -9843,6 +9875,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + ++ ++ + + + +@@ -10019,6 +10053,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + ++ ++ + + + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 1ff6160dc8..00b1e71520 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -160,6 +160,42 @@ bool cg_freezer_supported(void) { + return supported; + } + ++bool cg_kill_supported(void) { ++ static thread_local int supported = -1; ++ ++ if (supported >= 0) ++ return supported; ++ ++ if (cg_all_unified() <= 0) ++ supported = false; ++ else if (access("/sys/fs/cgroup/init.scope/cgroup.kill", F_OK) < 0) { ++ if (errno != ENOENT) ++ log_debug_errno(errno, "Failed to check if cgroup.kill is available, assuming not: %m"); ++ supported = false; ++ } else ++ supported = true; ++ ++ return supported; ++} ++ ++bool cg_zswap_supported(void) { ++ static thread_local int supported = -1; ++ ++ if (supported >= 0) ++ return supported; ++ ++ if (cg_all_unified() <= 0) ++ supported = false; ++ else if (access("/sys/fs/cgroup/init.scope/memory.zswap.max", F_OK) < 0) { ++ if (errno != ENOENT) ++ log_debug_errno(errno, "Failed to check if cgroup memory.zswap.max is available, assuming not: %m"); ++ supported = false; ++ } else ++ supported = true; ++ ++ return supported; ++} ++ + int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) { + _cleanup_free_ char *fs = NULL; + int r; +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index ce2f4c6589..8ea94b8870 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -272,6 +272,8 @@ int cg_kernel_controllers(Set **controllers); + + bool cg_ns_supported(void); + bool cg_freezer_supported(void); ++bool cg_kill_supported(void); ++bool cg_zswap_supported(void); + + int cg_all_unified(void); + int cg_hybrid_unified(void); +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 5c07aa71d1..4a0aa65037 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -123,6 +123,7 @@ void cgroup_context_init(CGroupContext *c) { + .memory_high = CGROUP_LIMIT_MAX, + .memory_max = CGROUP_LIMIT_MAX, + .memory_swap_max = CGROUP_LIMIT_MAX, ++ .memory_zswap_max = CGROUP_LIMIT_MAX, + + .memory_limit = CGROUP_LIMIT_MAX, + +@@ -322,6 +323,9 @@ static int unit_compare_memory_limit(Unit *u, const char *property_name, uint64_ + } else if (streq(property_name, "MemorySwapMax")) { + unit_value = c->memory_swap_max; + file = "memory.swap.max"; ++ } else if (streq(property_name, "MemoryZSwapMax")) { ++ unit_value = c->memory_zswap_max; ++ file = "memory.zswap.max"; + } else + return -EINVAL; + +@@ -364,9 +368,10 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, + + /* memory.swap.max is special in that it relies on CONFIG_MEMCG_SWAP (and the default swapaccount=1). + * In the absence of reliably being able to detect whether memcg swap support is available or not, +- * only complain if the error is not ENOENT. */ ++ * only complain if the error is not ENOENT. This is similarly the case for memory.zswap.max relying on CONFIG_ZSWAP. */ + if (r > 0 || IN_SET(r, -ENODATA, -EOWNERDEAD) || +- (r == -ENOENT && streq(property_name, "MemorySwapMax"))) { ++ (r == -ENOENT && (streq(property_name, "MemorySwapMax") || ++ streq(property_name, "MemoryZSwapMax")))) { + buf[0] = 0; + return buf; + } +@@ -441,6 +446,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryHigh: %" PRIu64 "%s\n" + "%sMemoryMax: %" PRIu64 "%s\n" + "%sMemorySwapMax: %" PRIu64 "%s\n" ++ "%sMemoryZSwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" + "%sTasksMax: %" PRIu64 "\n" + "%sDevicePolicy: %s\n" +@@ -475,6 +481,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_high, format_cgroup_memory_limit_comparison(cdc, sizeof(cdc), u, "MemoryHigh"), + prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), + prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), ++ prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"), + prefix, c->memory_limit, + prefix, tasks_max_resolve(&c->tasks_max), + prefix, cgroup_device_policy_to_string(c->device_policy), +@@ -1075,7 +1082,7 @@ static bool unit_has_unified_memory_config(Unit *u) { + + return unit_get_ancestor_memory_min(u) > 0 || unit_get_ancestor_memory_low(u) > 0 || + c->memory_high != CGROUP_LIMIT_MAX || c->memory_max != CGROUP_LIMIT_MAX || +- c->memory_swap_max != CGROUP_LIMIT_MAX; ++ c->memory_swap_max != CGROUP_LIMIT_MAX || c->memory_zswap_max != CGROUP_LIMIT_MAX; + } + + static void cgroup_apply_unified_memory_limit(Unit *u, const char *file, uint64_t v) { +@@ -1442,10 +1449,12 @@ static void cgroup_context_apply( + + if (cg_all_unified() > 0) { + uint64_t max, swap_max = CGROUP_LIMIT_MAX; ++ uint64_t zswap_max = CGROUP_LIMIT_MAX; + + if (unit_has_unified_memory_config(u)) { + max = c->memory_max; + swap_max = c->memory_swap_max; ++ zswap_max = c->memory_zswap_max; + } else { + max = c->memory_limit; + +@@ -1458,6 +1467,8 @@ static void cgroup_context_apply( + cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high); + cgroup_apply_unified_memory_limit(u, "memory.max", max); + cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max); ++ if (cg_zswap_supported()) ++ cgroup_apply_unified_memory_limit(u, "memory.zswap.max", zswap_max); + + (void) set_attribute_and_warn(u, "memory", "memory.oom.group", one_zero(c->memory_oom_group)); + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 3f8cad899d..d40ac0fadc 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -147,6 +147,7 @@ struct CGroupContext { + uint64_t memory_high; + uint64_t memory_max; + uint64_t memory_swap_max; ++ uint64_t memory_zswap_max; + + bool default_memory_min_set; + bool default_memory_low_set; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 84c3caf3a5..e57ceff6f4 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -439,6 +439,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), + SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), + SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), ++ SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), +@@ -860,6 +861,7 @@ BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEI + BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); + BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); + BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); ++BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); + REENABLE_WARNING; + + static int bus_cgroup_set_tasks_max( +@@ -1019,6 +1021,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemorySwapMax")) + return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); + ++ if (streq(name, "MemoryZSwapMax")) ++ return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error); ++ + if (streq(name, "MemoryMax")) + return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); + +@@ -1059,6 +1064,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemorySwapMaxScale")) + return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); + ++ if (streq(name, "MemoryZSwapMaxScale")) ++ return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error); ++ + if (streq(name, "MemoryMaxScale")) + return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); + +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 42441eab6e..27860fb973 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -196,6 +196,7 @@ + {{type}}.MemoryHigh, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) + {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index a068fdf313..b64e64d90f 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3690,7 +3690,7 @@ int config_parse_memory_limit( + bytes = physical_memory_scale(r, 10000U); + + if (bytes >= UINT64_MAX || +- (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { ++ (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryZSwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { + log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue); + return 0; + } +@@ -3714,6 +3714,8 @@ int config_parse_memory_limit( + c->memory_max = bytes; + else if (streq(lvalue, "MemorySwapMax")) + c->memory_swap_max = bytes; ++ else if (streq(lvalue, "MemoryZSwapMax")) ++ c->memory_zswap_max = bytes; + else if (streq(lvalue, "MemoryLimit")) + c->memory_limit = bytes; + else +diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c +index b45921943a..31c2e3cd35 100644 +--- a/src/shared/bus-print-properties.c ++++ b/src/shared/bus-print-properties.c +@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b + + bus_print_property_value(name, expected_value, flags, "[not set]"); + +- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || ++ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || + (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || + (startswith(name, "Limit") && u == UINT64_MAX) || + (startswith(name, "DefaultLimit") && u == UINT64_MAX)) +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index d3a5b25d18..f89b6e7428 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -516,6 +516,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "MemoryHigh", + "MemoryMax", + "MemorySwapMax", ++ "MemoryZSwapMax", + "MemoryLimit", + "TasksMax")) { + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 1f524626bf..2bba11936e 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -247,6 +247,7 @@ typedef struct UnitStatusInfo { + uint64_t memory_high; + uint64_t memory_max; + uint64_t memory_swap_max; ++ uint64_t memory_zswap_max; + uint64_t memory_limit; + uint64_t memory_available; + uint64_t cpu_usage_nsec; +@@ -684,6 +685,7 @@ static void print_status_info( + if (i->memory_min > 0 || i->memory_low > 0 || + i->memory_high != CGROUP_LIMIT_MAX || i->memory_max != CGROUP_LIMIT_MAX || + i->memory_swap_max != CGROUP_LIMIT_MAX || ++ i->memory_zswap_max != CGROUP_LIMIT_MAX || + i->memory_available != CGROUP_LIMIT_MAX || + i->memory_limit != CGROUP_LIMIT_MAX) { + const char *prefix = ""; +@@ -709,6 +711,10 @@ static void print_status_info( + printf("%sswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_swap_max)); + prefix = " "; + } ++ if (i->memory_zswap_max != CGROUP_LIMIT_MAX) { ++ printf("%szswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_zswap_max)); ++ prefix = " "; ++ } + if (i->memory_limit != CGROUP_LIMIT_MAX) { + printf("%slimit: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_limit)); + prefix = " "; +@@ -1850,6 +1856,7 @@ static int show_one( + { "MemoryHigh", "t", NULL, offsetof(UnitStatusInfo, memory_high) }, + { "MemoryMax", "t", NULL, offsetof(UnitStatusInfo, memory_max) }, + { "MemorySwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_swap_max) }, ++ { "MemoryZSwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_zswap_max) }, + { "MemoryLimit", "t", NULL, offsetof(UnitStatusInfo, memory_limit) }, + { "CPUUsageNSec", "t", NULL, offsetof(UnitStatusInfo, cpu_usage_nsec) }, + { "TasksCurrent", "t", NULL, offsetof(UnitStatusInfo, tasks_current) }, +@@ -1884,6 +1891,7 @@ static int show_one( + .memory_high = CGROUP_LIMIT_MAX, + .memory_max = CGROUP_LIMIT_MAX, + .memory_swap_max = CGROUP_LIMIT_MAX, ++ .memory_zswap_max = CGROUP_LIMIT_MAX, + .memory_limit = UINT64_MAX, + .memory_available = CGROUP_LIMIT_MAX, + .cpu_usage_nsec = UINT64_MAX, +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 3039d1c0cd..81ffe4fc86 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -152,6 +152,7 @@ MemoryLimit= + MemoryLow= + MemoryMax= + MemorySwapMax= ++MemoryZSwapMax= + MessageQueueMaxMessages= + MessageQueueMessageSize= + MountAPIVFS= +diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount +index 451f291988..ba5d03cc4b 100644 +--- a/test/fuzz/fuzz-unit-file/directives.mount ++++ b/test/fuzz/fuzz-unit-file/directives.mount +@@ -103,6 +103,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MountAPIVFS= + MountFlags= + MountImages= +diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope +index 7e69cf816b..12e3f02b9b 100644 +--- a/test/fuzz/fuzz-unit-file/directives.scope ++++ b/test/fuzz/fuzz-unit-file/directives.scope +@@ -46,6 +46,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + NetClass= + RestartKillSignal= + RuntimeMaxSec= +diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service +index de7d2c7daf..b27b100f1a 100644 +--- a/test/fuzz/fuzz-unit-file/directives.service ++++ b/test/fuzz/fuzz-unit-file/directives.service +@@ -225,6 +225,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MountAPIVFS= + MountFlags= + MountImages= +diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice +index 789ac8f0db..0004d4dfd4 100644 +--- a/test/fuzz/fuzz-unit-file/directives.slice ++++ b/test/fuzz/fuzz-unit-file/directives.slice +@@ -43,6 +43,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + NetClass= + Slice= + SocketBindAllow= +diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket +index 11f589e22c..02e0349009 100644 +--- a/test/fuzz/fuzz-unit-file/directives.socket ++++ b/test/fuzz/fuzz-unit-file/directives.socket +@@ -131,6 +131,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MessageQueueMaxMessages= + MessageQueueMessageSize= + MountAPIVFS= +diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap +index 582a136531..4536b2a606 100644 +--- a/test/fuzz/fuzz-unit-file/directives.swap ++++ b/test/fuzz/fuzz-unit-file/directives.swap +@@ -100,6 +100,7 @@ MemoryLow= + MemoryMax= + MemoryMin= + MemorySwapMax= ++MemoryZSwapMax= + MountAPIVFS= + MountFlags= + MountImages= +-- +2.34.1 + diff --git a/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch b/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch new file mode 100644 index 0000000..6b148ad --- /dev/null +++ b/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch @@ -0,0 +1,116 @@ +From 1035e36675e10522824476c9084ff1001039c054 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 1 Oct 2021 09:22:18 +0900 +Subject: [PATCH] network: drop and warn duplicated Address= settings + +Fixes #20891. +--- + src/network/networkd-address.c | 43 +++++++++++++++++++++++++++++++--- + src/network/networkd-address.h | 2 +- + src/network/networkd-network.c | 6 ++++- + 3 files changed, 46 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 7b221516d7..e1bc6aa474 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -304,6 +304,12 @@ bool address_equal(const Address *a1, const Address *a2) { + return address_compare_func(a1, a2) == 0; + } + ++DEFINE_PRIVATE_HASH_OPS( ++ address_hash_ops_new, ++ Address, ++ address_hash_func, ++ address_compare_func); ++ + int address_dup(const Address *src, Address **ret) { + _cleanup_(address_freep) Address *dest = NULL; + int r; +@@ -1988,12 +1994,43 @@ static int address_section_verify(Address *address) { + return 0; + } + +-void network_drop_invalid_addresses(Network *network) { ++int network_drop_invalid_addresses(Network *network) { ++ _cleanup_set_free_ Set *addresses = NULL; + Address *address; ++ int r; + + assert(network); + +- ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) +- if (address_section_verify(address) < 0) ++ ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) { ++ Address *dup; ++ ++ if (address_section_verify(address) < 0) { ++ /* Drop invalid [Address] sections or Address= settings in [Network]. ++ * Note that address_free() will drop the address from addresses_by_section. */ + address_free(address); ++ continue; ++ } ++ ++ /* Always use the setting specified later. So, remove the previously assigned setting. */ ++ dup = set_remove(addresses, address); ++ if (dup) { ++ _cleanup_free_ char *buf = NULL; ++ ++ (void) in_addr_prefix_to_string(address->family, &address->in_addr, address->prefixlen, &buf); ++ log_warning("%s: Duplicated address %s is specified at line %u and %u, " ++ "dropping the address setting specified at line %u.", ++ dup->section->filename, strna(buf), address->section->line, ++ dup->section->line, dup->section->line); ++ /* address_free() will drop the address from addresses_by_section. */ ++ address_free(dup); ++ } ++ ++ /* Do not use address_hash_ops_free here. Otherwise, all address settings will be freed. */ ++ r = set_ensure_put(&addresses, &address_hash_ops_new, address); ++ if (r < 0) ++ return log_oom(); ++ assert(r > 0); ++ } ++ ++ return 0; + } +diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h +index ff3d46abdd..55d22ad221 100644 +--- a/src/network/networkd-address.h ++++ b/src/network/networkd-address.h +@@ -85,7 +85,7 @@ int request_process_address(Request *req); + + int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, Manager *m); + +-void network_drop_invalid_addresses(Network *network); ++int network_drop_invalid_addresses(Network *network); + + void address_hash_func(const Address *a, struct siphash *state); + int address_compare_func(const Address *a1, const Address *a2); +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 2a864a38b1..920f7851ba 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -119,6 +119,8 @@ static int network_resolve_stacked_netdevs(Network *network) { + } + + int network_verify(Network *network) { ++ int r; ++ + assert(network); + assert(network->filename); + +@@ -252,7 +254,9 @@ int network_verify(Network *network) { + network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses); + } + +- network_drop_invalid_addresses(network); ++ r = network_drop_invalid_addresses(network); ++ if (r < 0) ++ return r; + network_drop_invalid_routes(network); + network_drop_invalid_nexthops(network); + network_drop_invalid_bridge_fdb_entries(network); +-- +2.31.1 + diff --git a/Makefile.selinux b/Makefile.selinux new file mode 100644 index 0000000..bc159a5 --- /dev/null +++ b/Makefile.selinux @@ -0,0 +1,16 @@ +TARGETS ?= systemd_hs +SHARE ?= /usr/share +MODULES ?= ${TARGETS:=.pp.bz2} + +all: ${TARGETS:=.pp.bz2} + +%.pp.bz2: %.pp + @echo Compressing $^ -\ $@ + bzip2 -9 $^ + +%.pp: %.te + make -f ${SHARE}/selinux/devel/Makefile $@ + +clean: + rm -f *~ *.tc *.pp *.pp.bz2 + rm -rf tmp diff --git a/README.build-in-place b/README.build-in-place new file mode 100644 index 0000000..8b66077 --- /dev/null +++ b/README.build-in-place @@ -0,0 +1,14 @@ +== Building systemd rpms for local development using rpmbuild --build-in-place == + +This approach is based on https://github.com/filbranden/git-rpmbuild +and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/]. + +``` +git clone https://github.com/systemd/systemd +fedpkg clone systemd fedora-systemd +cd systemd +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec +sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm +``` + +`--without lto` and `--without tests` may be useful to speed up the build. diff --git a/SOURCES/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/SOURCES/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch deleted file mode 100644 index f7b3a61..0000000 --- a/SOURCES/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ /dev/null @@ -1,257 +0,0 @@ -From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other - commands - -We can make things a bit simpler and more readable by not specifying the path. -Since we didn't specify the full path for all commands (including those invoked -recursively by anythign we invoke), this didn't really privide any security or -robustness benefits. I guess that full paths were used because this style of -rpm packagnig was popular in the past, with macros used for everything -possible, with special macros for common commands like %{__ln} and %{__mkdir}. - -(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef) ---- - src/rpm/macros.systemd.in | 24 ++++++++++++------------ - src/rpm/triggers.systemd.in | 18 +++++++++--------- - src/rpm/triggers.systemd.sh.in | 18 +++++++++--------- - 3 files changed, 30 insertions(+), 30 deletions(-) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3a0169a85f..3129ab2d61 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ - # Initial installation \ -- %{_bindir}/systemctl --no-reload preset %{?*} || : \ -+ systemctl --no-reload preset %{?*} || : \ - fi \ - %{nil} - -@@ -56,21 +56,21 @@ fi \ - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ - if [ -d /run/systemd/system ]; then \ -- %{_bindir}/systemctl --no-reload disable --now %{?*} || : \ -+ systemctl --no-reload disable --now %{?*} || : \ - else \ -- %{_bindir}/systemctl --no-reload disable %{?*} || : \ -+ systemctl --no-reload disable %{?*} || : \ - fi \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ -- %{_bindir}/systemctl --global disable %{?*} || : \ -+ systemctl --global disable %{?*} || : \ - fi \ - %{nil} - -@@ -84,10 +84,10 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ - # Package upgrade, not uninstall \ - for unit in %{?*}; do \ -- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ -+ systemctl set-property $unit Markers=+needs-restart || : \ - done \ - fi \ - %{nil} -@@ -105,17 +105,17 @@ fi \ - # Deprecated. Use %tmpfiles_create_package instead - %tmpfiles_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \ --[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \ -+command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \ - %{nil} - - # Deprecated. Use %sysusers_create_package instead - %sysusers_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \ -+command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \ - %{nil} - - %sysusers_create_inline() \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - </dev/null && systemd-sysusers - < 0 then - posix.wait(pid) - end - - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -38,7 +38,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "daemon-reload")) -+ assert(posix.execp("systemctl", "daemon-reload")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -49,7 +49,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -62,7 +62,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-sysusers")) -+ assert(posix.execp("systemd-sysusers")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -74,7 +74,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) -+ assert(posix.execp("systemd-hwdb", "update")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -86,7 +86,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) -+ assert(posix.execp("journalctl", "--update-catalog")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -111,7 +111,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create")) -+ assert(posix.execp("systemd-tmpfiles", "--create")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -123,7 +123,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/udevadm", "control", "--reload")) -+ assert(posix.execp("udevadm", "control", "--reload")) - elseif pid > 0 then - posix.wait(pid) - end -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 22abad9812..1631be18c9 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -15,8 +15,8 @@ - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl daemon-reload || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -26,13 +26,13 @@ fi - # have been installed, but before %postun scripts in packages get - # executed. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -+ systemctl daemon-reload || : - fi - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} -@@ -40,21 +40,21 @@ fi - # specified users automatically. The priority is set such that it - # will run before the tmpfiles file trigger. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-sysusers || : -+ systemd-sysusers || : - fi - - %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} - # This script will automatically invoke hwdb update if files have been - # installed or updated in {{UDEV_HWDB_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-hwdb update || : -+ systemd-hwdb update || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} - # This script will automatically invoke journal catalog update if files - # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/journalctl --update-catalog || : -+ journalctl --update-catalog || : - fi - - %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} -@@ -71,14 +71,14 @@ fi - # tmpfiles automatically. The priority is set such that it will run - # after the sysusers file trigger, but before any other triggers. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-tmpfiles --create || : -+ systemd-tmpfiles --create || : - fi - - %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}} - # This script will automatically update udev with new rules if files - # have been installed or updated in {{UDEV_RULES_DIR}}. - if test -e /run/udev/control; then -- %{_bindir}/udevadm control --reload || : -+ udevadm control --reload || : - fi - - %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} --- -2.31.1 - diff --git a/SOURCES/0001-sysv-generator-downgrade-log-warning-about-autogener.patch b/SOURCES/0001-sysv-generator-downgrade-log-warning-about-autogener.patch deleted file mode 100644 index df2bbee..0000000 --- a/SOURCES/0001-sysv-generator-downgrade-log-warning-about-autogener.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0c21535392bf6296d213c35fd1a0b0bc89dbddb3 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Wed, 31 Mar 2021 14:04:09 -0700 -Subject: [PATCH] sysv-generator: downgrade log warning about autogenerated to - debug - ---- - src/sysv-generator/sysv-generator.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c -index 8c7aef23c3..89599a69ee 100644 ---- a/src/sysv-generator/sysv-generator.c -+++ b/src/sysv-generator/sysv-generator.c -@@ -786,9 +786,9 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { - if (!fpath) - return log_oom(); - -- log_warning("SysV service '%s' lacks a native systemd unit file. " -- "Automatically generating a unit file for compatibility. " -- "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); -+ log_debug("SysV service '%s' lacks a native systemd unit file. " -+ "Automatically generating a unit file for compatibility. " -+ "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); - - service = new(SysvStub, 1); - if (!service) --- -2.30.2 - diff --git a/SOURCES/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/SOURCES/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch deleted file mode 100644 index 32047c5..0000000 --- a/SOURCES/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ /dev/null @@ -1,337 +0,0 @@ -From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl - commands -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Instead of embedding the commands to invoke directly in the macros, -let's use a helper script as indirection. This has a couple of advantages: - -- the macro language is awkward, we need to suffix most commands by "|| :" - and "\", which is easy to get wrong. In the new scheme, the macro becomes - a single simple command. -- in the script we can use normal syntax highlighting, shellcheck, etc. -- it's also easier to test the invoked commands by invoking the helper - manually. -- most importantly, the logic is contained in the helper, i.e. we can - update systemd rpm and everything uses the new helper. Before, we would - have to rebuild all packages to update the macro definition. - -This raises the question whether it makes sense to use the lua scriptlets when -the real work is done in a bash script. I think it's OK: we still have the -efficient lua scripts that do the short scripts, and we use a single shared -implementation in bash to do the more complex stuff. - -The meson version is raised to 0.47 because that's needed for install_mode. -We were planning to raise the required version anyway… - -(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4) ---- - README | 2 +- - meson.build | 3 +- - src/rpm/macros.systemd.in | 30 ++++++++-------- - src/rpm/meson.build | 13 ++++--- - src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 43 ++++++++--------------- - src/rpm/triggers.systemd.sh.in | 13 ++----- - 7 files changed, 105 insertions(+), 59 deletions(-) - create mode 100755 src/rpm/systemd-update-helper.in - -diff --git a/README b/README -index 0e5c326deb..a8f23a0d5b 100644 ---- a/README -+++ b/README -@@ -193,7 +193,7 @@ REQUIREMENTS: - python-jinja2 - python-lxml (optional, required to build the indices) - python >= 3.5 -- meson >= 0.46 (>= 0.49 is required to build position-independent executables) -+ meson >= 0.47 (>= 0.49 is required to build position-independent executables) - ninja - gcc, awk, sed, grep, and similar tools - clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs -diff --git a/meson.build b/meson.build -index 738879eb21..fb986e84f7 100644 ---- a/meson.build -+++ b/meson.build -@@ -10,7 +10,7 @@ project('systemd', 'c', - 'localstatedir=/var', - 'warning_level=2', - ], -- meson_version : '>= 0.46', -+ meson_version : '>= 0.47', - ) - - libsystemd_version = '0.32.0' -@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib - conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) - conf.set_quoted('SYSTEMD_TEST_DATA', join_paths(testsdir, 'testdata')) - conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) -+conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', join_paths(rootlibexecdir, 'systemd-update-helper')) - conf.set_quoted('SYSTEMD_USERWORK_PATH', join_paths(rootlibexecdir, 'systemd-userwork')) - conf.set_quoted('SYSTEMD_VERITYSETUP_PATH', join_paths(rootlibexecdir, 'systemd-veritysetup')) - conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'system')) -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3129ab2d61..bbdf036da7 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Initial installation \ -- systemctl --no-reload preset %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \ - fi \ - %{nil} - --%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} -+%systemd_user_post() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Initial installation \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \ -+fi \ -+%{nil} - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- if [ -d /run/systemd/system ]; then \ -- systemctl --no-reload disable --now %{?*} || : \ -- else \ -- systemctl --no-reload disable %{?*} || : \ -- fi \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- systemctl --global disable %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \ - fi \ - %{nil} - -@@ -84,11 +86,9 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package upgrade, not uninstall \ -- for unit in %{?*}; do \ -- systemctl set-property $unit Markers=+needs-restart || : \ -- done \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ - fi \ - %{nil} - -diff --git a/src/rpm/meson.build b/src/rpm/meson.build -index fc72fee73c..2ad3308cc1 100644 ---- a/src/rpm/meson.build -+++ b/src/rpm/meson.build -@@ -1,9 +1,13 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - - in_files = [ -- ['macros.systemd', rpmmacrosdir != 'no'], -- ['triggers.systemd', false], -- ['triggers.systemd.sh', false]] -+ ['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir], -+ -+ # we conditionalize on rpmmacrosdir, but install into rootlibexecdir -+ ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'], -+ -+ ['triggers.systemd', false], -+ ['triggers.systemd.sh', false]] - - # The last two don't get installed anywhere, one of them needs to included in - # the rpm spec file definition instead. -@@ -17,6 +21,7 @@ foreach tuple : in_files - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, - install : tuple[1], -- install_dir : rpmmacrosdir, -+ install_dir : tuple.length() > 2 ? tuple[2] : '', -+ install_mode : tuple.length() > 3 ? tuple[3] : false, - build_by_default : true) - endforeach -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -new file mode 100755 -index 0000000000..9fa49fa131 ---- /dev/null -+++ b/src/rpm/systemd-update-helper.in -@@ -0,0 +1,60 @@ -+#!/bin/bash -+set -eu -+set -o pipefail -+ -+command="${1:?}" -+shift -+ -+command -v systemctl >/dev/null || exit 0 -+ -+case "$command" in -+ install-system-units) -+ systemctl --no-reload preset "$@" -+ ;; -+ -+ install-user-units) -+ systemctl --no-reload preset --global "$@" -+ ;; -+ -+ remove-system-units) -+ if [ -d /run/systemd/system ]; then -+ systemctl --no-reload disable --now "$@" -+ else -+ systemctl --no-reload disable "$@" -+ fi -+ ;; -+ -+ remove-user-units) -+ systemctl --global disable "$@" -+ ;; -+ -+ mark-restart-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-restart || : -+ done -+ ;; -+ -+ system-reload-restart|system-reload|system-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ if [[ "$command" =~ reload ]]; then -+ systemctl daemon-reload -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ systemctl reload-or-restart --marked -+ fi -+ ;; -+ -+ *) -+ echo "Unknown verb '$command'" -+ exit 3 -+ ;; -+esac -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index 247358008a..d29cc33dfd 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -13,20 +13,11 @@ - -- upgraded. We care about the case where a package is initially - -- installed, because other cases are covered by the *un scriptlets, - -- so sometimes we will reload needlessly. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -- -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -35,24 +26,20 @@ end - -- On upgrade, we need to run daemon-reload after any new unit files - -- have been installed, but before %postun scripts in packages get - -- executed. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- We restart remaining services that should be restarted here. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 1631be18c9..83cd7617f8 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -14,10 +14,7 @@ - # upgraded. We care about the case where a package is initially - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been -@@ -25,15 +22,11 @@ fi - # On upgrade, we need to run daemon-reload after any new unit files - # have been installed, but before %postun scripts in packages get - # executed. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. --if test -d "/run/systemd/system"; then -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create --- -2.31.1 - diff --git a/SOURCES/0003-rpm-call-needs-restart-in-parallel.patch b/SOURCES/0003-rpm-call-needs-restart-in-parallel.patch deleted file mode 100644 index 4637f3e..0000000 --- a/SOURCES/0003-rpm-call-needs-restart-in-parallel.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH 3/5] rpm: call +needs-restart in parallel -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some rpms install a bunch of units… It seems nicer to invoke them all in -parallel. In particular, timeouts in systemctl also run in parallel, so if -there's some communication mishap, we will wait less. - -(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c) ---- - src/rpm/systemd-update-helper.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index 9fa49fa131..f3c75b75fa 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -32,8 +32,9 @@ case "$command" in - [ -d /run/systemd/system ] || exit 0 - - for unit in "$@"; do -- systemctl set-property "$unit" Markers=+needs-restart || : -+ systemctl set-property "$unit" Markers=+needs-restart & - done -+ wait - ;; - - system-reload-restart|system-reload|system-restart) --- -2.31.1 - diff --git a/SOURCES/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/SOURCES/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch deleted file mode 100644 index eac9b89..0000000 --- a/SOURCES/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ /dev/null @@ -1,259 +0,0 @@ -From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction - -This closes an important gap: so far we would reexecute the system manager and -restart system services that were configured to do so, but we wouldn't do the -same for user managers or user services. - -The scheme used for user managers is very similar to the system one, except -that there can be multiple user managers running, so we query the system -manager to get a list of them, and then tell each one to do the equivalent -operations: daemon-reload, disable --now, set-property Markers=+needs-restart, -reload-or-restart --marked. - -The total time that can be spend on this is bounded: we execute the commands in -parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT -to a lower value (15 s by default). User managers should not have too many -units running, and they should be able to do all those operations very -quickly (<< 1s). The final restart operation may take longer, but it's done -asynchronously, so we only wait for the queuing to happen. - -The advantage of doing this synchronously is that we can wait for each step to -happen, and for example daemon-reloads can finish before we execute the service -restarts, etc. We can also order various steps wrt. to the phases in the rpm -transaction. - -When this was initially proposed, we discussed a more relaxed scheme with bus -property notifications. Such an approach would be more complex because a bunch -of infrastructure would have to be added to system manager to propagate -appropriate notifications to the user managers, and then the user managers -would have to wait for them. Instead, now there is no new code in the managers, -all new functionality is contained in src/rpm/. The ability to call 'systemctl ---user user@' makes this approach very easy. Also, it would be very hard to -order the user manager steps and the rpm transaction steps. - -Note: 'systemctl --user disable' is only called for a user managers that are -running. I don't see a nice way around this, and it shouldn't matter too much: -we'll just leave a dangling symlink in the case where the user enabled the -service manually. - -A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and -fa97d2fcf64e0558054bee673f734f523373b146. - -(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7) ---- - meson.build | 1 + - meson_options.txt | 2 ++ - src/rpm/macros.systemd.in | 6 +++- - src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 28 ++++++++++++++++++- - src/rpm/triggers.systemd.sh.in | 13 ++++++++- - 6 files changed, 94 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index fb986e84f7..d898d9ccd0 100644 ---- a/meson.build -+++ b/meson.build -@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) - conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) - conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) - conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) -+conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT', get_option('update-helper-user-timeout')) - conf.set_quoted('USER_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'user')) - conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) - conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) -diff --git a/meson_options.txt b/meson_options.txt -index 163c8df87d..9383c7da6a 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', - description : 'directory for xinitrc files') - option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', - description : 'directory for rpm macros ["no" disables]') -+option('update-helper-user-timeout', type : 'string', value : '15s', -+ description : 'how long to wait for user manager operations') - option('pamlibdir', type : 'string', - description : 'directory for PAM modules') - option('pamconfdir', type : 'string', -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index bbdf036da7..caa2e45595 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -93,7 +93,11 @@ fi \ - %{nil} - - %systemd_user_postun_with_restart() \ --%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \ -+fi \ - %{nil} - - %udev_hwdb_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3c75b75fa..f3466ab3c0 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -26,6 +26,15 @@ case "$command" in - - remove-user-units) - systemctl --global disable "$@" -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" disable --now "$@" & -+ done -+ wait - ;; - - mark-restart-system-units) -@@ -37,6 +46,17 @@ case "$command" in - wait - ;; - -+ mark-restart-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" -@@ -54,6 +74,33 @@ case "$command" in - fi - ;; - -+ user-reload-restart|user-reload|user-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ -+ if [[ "$command" =~ reload ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reload & -+ done -+ wait -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" reload-or-restart --marked & -+ done -+ wait -+ fi -+ ;; -+ - *) - echo "Unknown verb '$command'" - exit 3 -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index d29cc33dfd..8aeb2049c1 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -20,6 +20,14 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerin -P 900899 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- On removal, we need to run daemon-reload after any units have been - -- removed. -@@ -33,8 +41,17 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -+-- Execute daemon-reload in user managers. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system ---- We restart remaining services that should be restarted here. -+-- We restart remaining system services that should be restarted here. - pid = posix.fork() - if pid == 0 then - assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -@@ -42,6 +59,15 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 9999 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+-- We restart remaining user services that should be restarted here. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} - -- This script will process files installed in {{SYSUSERS_DIR}} to create - -- specified users automatically. The priority is set such that it -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 83cd7617f8..694cd94e8d 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -16,6 +16,9 @@ - # so sometimes we will reload needlessly. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - -+%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || : -+ - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been - # removed. -@@ -24,10 +27,18 @@ - # executed. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - -+%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# Execute daemon-reload in user managers. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || : -+ - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system --# We restart remaining services that should be restarted here. -+# We restart remaining system services that should be restarted here. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - -+%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# We restart remaining user services that should be restarted here. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || : -+ - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create - # specified users automatically. The priority is set such that it --- -2.31.1 - diff --git a/SOURCES/0005-update-helper-also-add-user-reexec-verb.patch b/SOURCES/0005-update-helper-also-add-user-reexec-verb.patch deleted file mode 100644 index 7c4f7ba..0000000 --- a/SOURCES/0005-update-helper-also-add-user-reexec-verb.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb - -This is not called from the systemd.triggers or systemd.macros files. Instead, -it would be called from the scriptlets in systemd rpm package itself, at the -place where we call systemctl daemon-reexec. - -See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . - -(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533) ---- - src/rpm/systemd-update-helper.in | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3466ab3c0..0c6675a9db 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -74,7 +74,7 @@ case "$command" in - fi - ;; - -- user-reload-restart|user-reload|user-restart) -+ user-reload-restart|user-reload|user-restart|user-reexec) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" - exit 2 -@@ -84,6 +84,14 @@ case "$command" in - - users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') - -+ if [[ "$command" =~ reexec ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reexec & -+ done -+ wait -+ fi -+ - if [[ "$command" =~ reload ]]; then - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ --- -2.31.1 - diff --git a/SOURCES/10-oomd-defaults.conf b/SOURCES/10-oomd-defaults.conf deleted file mode 100644 index 0254657..0000000 --- a/SOURCES/10-oomd-defaults.conf +++ /dev/null @@ -1,2 +0,0 @@ -[OOM] -DefaultMemoryPressureDurationSec=20s diff --git a/SOURCES/10-oomd-root-slice-defaults.conf b/SOURCES/10-oomd-root-slice-defaults.conf deleted file mode 100644 index 49958e8..0000000 --- a/SOURCES/10-oomd-root-slice-defaults.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Slice] -ManagedOOMSwap=kill diff --git a/SOURCES/10-oomd-user-service-defaults.conf b/SOURCES/10-oomd-user-service-defaults.conf deleted file mode 100644 index 94d5c87..0000000 --- a/SOURCES/10-oomd-user-service-defaults.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ManagedOOMMemoryPressure=kill -ManagedOOMMemoryPressureLimit=50% diff --git a/SOURCES/18621-fb.patch b/SOURCES/18621-fb.patch deleted file mode 100644 index 9bd802a..0000000 --- a/SOURCES/18621-fb.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 0762f129c6a9c7bbdb5d575c486d5cf4f7fdae8d Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Tue, 16 Feb 2021 12:17:36 +0000 -Subject: [PATCH] proc: dont trigger mount error with invalid options on old - kernels - -As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce -ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs -mount options") kernels older than v5.8 generate multple warnings at -boot, as seen in this Yocto build from today: - - qemux86-64 login: root - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# dmesg|grep proc: - [ 16.990706] proc: Bad value for 'hidepid' - [ 28.060178] proc: Bad value for 'hidepid' - [ 28.874229] proc: Bad value for 'hidepid' - [ 32.685107] proc: Bad value for 'hidepid' - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# - -We see reports of the issue as in general its hard to someone to tell -the difference between an error in dmesg which they should worry about and -one that is harmless. This adds support burden to developers so Yocto -Project has added this patch. - -The commit that triggers this is systemd v247-rc1~378^2~3 -- so any -systemd 247 and above plus kernel v5.7 or older will need this. - -As noted in https://github.com/systemd/systemd/issues/16896 -it is possible changes could be backported to different kernel versions -so the test isn't 100% foolproof but does give better results than a -continual stream of bug reports. - -Signed-off-by: Richard Purdie - -Changes from Anita Zhang -- Use 5.6.13-0_fbk9 version comparison for FB build ---- - src/core/namespace.c | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index d47531408b..8be8352a8e 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -4,7 +4,9 @@ - #include - #include - #include -+#include - #include -+#include - #include - #include - -@@ -1018,12 +1020,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { - _cleanup_free_ char *opts = NULL; - const char *entry_path; - int r, n; -+ struct utsname uts; -+ bool old = false; - - assert(m); - assert(ns_info); - -- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -- ns_info->proc_subset != PROC_SUBSET_ALL) { -+ /* If uname says that the system is older than v5.6.13-0_fbk9, then the textual hidepid= stuff is not -+ * supported by the kernel, and thus the per-instance hidepid= neither, which means we -+ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's -+ * gracefully fallback to a classic, unrestricted version. */ -+ -+ r = uname(&uts); -+ if (r < 0) -+ return -errno; -+ -+ if (strverscmp(uts.release, "5.6.13-0_fbk9") < 0) { -+ log_debug("Pre v5.6.13-0_fbk9 kernel detected [v%s] - skipping hidepid=", uts.release); -+ old = true; -+ } -+ -+ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -+ ns_info->proc_subset != PROC_SUBSET_ALL)) { - - /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it --- -2.30.2 - diff --git a/SOURCES/18621.patch b/SOURCES/18621.patch deleted file mode 100644 index 80bd969..0000000 --- a/SOURCES/18621.patch +++ /dev/null @@ -1,84 +0,0 @@ -From c225bc59b8907de11f389bd8efb82155ccde75a7 Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Tue, 16 Feb 2021 12:17:36 +0000 -Subject: [PATCH] proc: dont trigger mount error with invalid options on old - kernels - -As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce -ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs -mount options") kernels older than v5.8 generate multple warnings at -boot, as seen in this Yocto build from today: - - qemux86-64 login: root - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# dmesg|grep proc: - [ 16.990706] proc: Bad value for 'hidepid' - [ 28.060178] proc: Bad value for 'hidepid' - [ 28.874229] proc: Bad value for 'hidepid' - [ 32.685107] proc: Bad value for 'hidepid' - [ 65.829009] proc: Bad value for 'hidepid' - root@qemux86-64:~# - -We see reports of the issue as in general its hard to someone to tell -the difference between an error in dmesg which they should worry about and -one that is harmless. This adds support burden to developers so Yocto -Project has added this patch. - -The commit that triggers this is systemd v247-rc1~378^2~3 -- so any -systemd 247 and above plus kernel v5.7 or older will need this. - -As noted in https://github.com/systemd/systemd/issues/16896 -it is possible changes could be backported to different kernel versions -so the test isn't 100% foolproof but does give better results than a -continual stream of bug reports. - -Signed-off-by: Richard Purdie ---- - src/core/namespace.c | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 4ed0991b56d1..3fa2d4e9d640 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -4,7 +4,9 @@ - #include - #include - #include -+#include - #include -+#include - #include - #include - -@@ -881,12 +883,28 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { - _cleanup_free_ char *opts = NULL; - const char *entry_path; - int r, n; -+ struct utsname uts; -+ bool old = false; - - assert(m); - assert(ns_info); - -- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -- ns_info->proc_subset != PROC_SUBSET_ALL) { -+ /* If uname says that the system is older than v5.8, then the textual hidepid= stuff is not -+ * supported by the kernel, and thus the per-instance hidepid= neither, which means we -+ * really don't want to use it, since it would affect our host's /proc * mount. Hence let's -+ * gracefully fallback to a classic, unrestricted version. */ -+ -+ r = uname(&uts); -+ if (r < 0) -+ return -errno; -+ -+ if (strverscmp(uts.release, "5.8") < 0) { -+ log_debug("Pre v5.8 kernel detected [v%s] - skipping hidepid=", uts.release); -+ old = true; -+ } -+ -+ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || -+ ns_info->proc_subset != PROC_SUBSET_ALL)) { - - /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it diff --git a/SOURCES/20-grubby.install b/SOURCES/20-grubby.install deleted file mode 100755 index e059125..0000000 --- a/SOURCES/20-grubby.install +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -if [[ ! -x /sbin/new-kernel-pkg ]]; then - exit 0 -fi - -COMMAND="$1" -KERNEL_VERSION="$2" -BOOT_DIR_ABS="$3" -KERNEL_IMAGE="$4" - -KERNEL_DIR="${KERNEL_IMAGE%/*}" -[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" -case "$COMMAND" in - add) - if [[ "${KERNEL_DIR}" != "/boot" ]]; then - for i in \ - "$KERNEL_IMAGE" \ - "$KERNEL_DIR"/System.map \ - "$KERNEL_DIR"/config \ - "$KERNEL_DIR"/zImage.stub \ - "$KERNEL_DIR"/dtb \ - ; do - [[ -e "$i" ]] || continue - cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" - command -v restorecon &>/dev/null && \ - restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" - done - # hmac is .vmlinuz-.hmac so needs a special treatment - i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" - if [[ -e "$i" ]]; then - cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" - command -v restorecon &>/dev/null && \ - restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" - fi - fi - /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? - /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? - /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? - ;; - remove) - /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? - ;; - *) - ;; -esac - -# skip other installation plugins, if we can't find a boot loader spec conforming setup -if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then - exit 77 -fi diff --git a/SOURCES/20-yama-ptrace.conf b/SOURCES/20-yama-ptrace.conf deleted file mode 100644 index 4fbaf97..0000000 --- a/SOURCES/20-yama-ptrace.conf +++ /dev/null @@ -1,42 +0,0 @@ -# The ptrace system call is used for interprocess services, -# communication and introspection (like synchronisation, signaling, -# debugging, tracing and profiling) of processes. -# -# Usage of ptrace is restricted by normal user permissions. Normal -# unprivileged processes cannot use ptrace on processes that they -# cannot send signals to or processes that are running set-uid or -# set-gid. Nevertheless, processes running under the same uid will -# usually be able to ptrace one another. -# -# Fedora enables the Yama security mechanism which restricts ptrace -# even further. Sysctl setting kernel.yama.ptrace_scope can have one -# of the following values: -# -# 0 - Normal ptrace security permissions. -# 1 - Restricted ptrace. Only child processes plus normal permissions. -# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. -# 3 - No attach. No process may call ptrace at all. Irrevocable. -# -# For more information see Documentation/security/Yama.txt in the -# kernel sources. -# -# The default is 1., which allows tracing of child processes, but -# forbids tracing of arbitrary processes. This allows programs like -# gdb or strace to work when the most common way of having the -# debugger start the debuggee is used: -# gdb /path/to/program ... -# Attaching to already running programs is NOT allowed: -# gdb -p ... -# This default setting is suitable for the common case, because it -# reduces the risk that one hacked process can be used to attack other -# processes. (For example, a hacked firefox process in a user session -# will not be able to ptrace the keyring process and extract passwords -# stored only in memory.) -# -# Developers and administrators might want to disable those protections -# to be able to attach debuggers to existing processes. Use -# sysctl kernel.yama.ptrace_scope=0 -# for change the setting temporarily, or copy this file to -# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. - -kernel.yama.ptrace_scope = 0 diff --git a/SOURCES/20450.patch b/SOURCES/20450.patch deleted file mode 100644 index e63c3d2..0000000 --- a/SOURCES/20450.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 0db68800c756f298ef45584ac01915c2cb2ce359 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 16 Aug 2021 23:47:40 +0900 -Subject: [PATCH 1/2] ethtool: make the size of 'features' array static - ---- - src/shared/ethtool-util.c | 2 +- - src/shared/ethtool-util.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index f77f6943ca4f..699c7a97ab97 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -501,7 +501,7 @@ static int set_features_bit( - return found ? 0 : -ENODATA; - } - --int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features) { -+int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { - _cleanup_free_ struct ethtool_gstrings *strings = NULL; - struct ethtool_sfeatures *sfeatures; - struct ifreq ifr = {}; -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 7d287666249a..f0fc40b0595f 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -88,7 +88,7 @@ int ethtool_get_link_info(int *ethtool_fd, const char *ifname, - int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct ether_addr *ret); - int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts); - int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netdev_ring_param *ring); --int ethtool_set_features(int *ethtool_fd, const char *ifname, const int *features); -+int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]); - int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, - int autonegotiation, const uint32_t advertise[static N_ADVERTISE], - uint64_t speed, Duplex duplex, NetDevPort port); - -From c2f2250e5c52ec3745a462e3f55a94c133786df8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 17 Aug 2021 00:44:00 +0900 -Subject: [PATCH 2/2] ethtool: make ethtool_set_features() return earlier when - nothing is requested - ---- - src/shared/ethtool-util.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index 699c7a97ab97..4ca90615f3c1 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -505,12 +505,22 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - _cleanup_free_ struct ethtool_gstrings *strings = NULL; - struct ethtool_sfeatures *sfeatures; - struct ifreq ifr = {}; -- int i, r; -+ bool have = false; -+ int r; - - assert(ethtool_fd); - assert(ifname); - assert(features); - -+ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) -+ if (features[i] >= 0) { -+ have = true; -+ break; -+ } -+ -+ if (!have) -+ return 0; -+ - r = ethtool_connect(ethtool_fd); - if (r < 0) - return r; -@@ -525,8 +535,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - sfeatures->cmd = ETHTOOL_SFEATURES; - sfeatures->size = DIV_ROUND_UP(strings->len, 32U); - -- for (i = 0; i < _NET_DEV_FEAT_MAX; i++) -- if (features[i] != -1) { -+ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) -+ if (features[i] >= 0) { - r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); - if (r < 0) { - log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); diff --git a/SOURCES/20458.patch b/SOURCES/20458.patch deleted file mode 100644 index ad916b4..0000000 --- a/SOURCES/20458.patch +++ /dev/null @@ -1,143 +0,0 @@ -From e9f92c88163841d3f1d29fa5b44ae4c6f71bb014 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 18 Aug 2021 07:59:13 +0100 -Subject: [PATCH] udev: Support "max" string for BufferSize options (#20458) - -"max" indicates the hardware advertised maximum queue buffer size -should be used. - -The max sizes can be checked by running `ethtool -g ` (Preset maximums). -Since the buffer sizes can't be set to 0 by users, internally we use 0 to -indicate that the hardware advertised maximum should be used. ---- - man/systemd.link.xml | 20 ++++++++++++-------- - src/shared/ethtool-util.c | 40 +++++++++++++++++++++++++-------------- - src/shared/ethtool-util.h | 2 ++ - 3 files changed, 40 insertions(+), 22 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 1c18f35fc8..fd744ebaed 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -735,29 +735,33 @@ - - RxBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC receive buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC receive buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - - RxMiniBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC mini receive buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - - RxJumboBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC jumbo receive buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - - TxBufferSize= - -- Takes an integer. Specifies the maximum number of pending packets in the NIC transmit buffer. -- When unset, the kernel's default will be used. -+ Takes an integer or max. Specifies the maximum number of pending packets -+ in the NIC transmit buffer. When unset, the kernel's default will be used. If set to -+ max, the hardware's advertised maximum size will be used. - - - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index f77f6943ca..ed251ec8dd 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -399,16 +399,24 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - return -errno; - - if (ring->rx_pending_set) -- UPDATE(ecmd.rx_pending, ring->rx_pending, need_update); -+ UPDATE(ecmd.rx_pending, -+ ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, -+ need_update); - - if (ring->rx_mini_pending_set) -- UPDATE(ecmd.rx_mini_pending, ring->rx_mini_pending, need_update); -+ UPDATE(ecmd.rx_mini_pending, -+ ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, -+ need_update); - - if (ring->rx_jumbo_pending_set) -- UPDATE(ecmd.rx_jumbo_pending, ring->rx_jumbo_pending, need_update); -+ UPDATE(ecmd.rx_jumbo_pending, -+ ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, -+ need_update); - - if (ring->tx_pending_set) -- UPDATE(ecmd.tx_pending, ring->tx_pending, need_update); -+ UPDATE(ecmd.tx_pending, -+ ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, -+ need_update); - - if (!need_update) - return 0; -@@ -1037,16 +1045,20 @@ int config_parse_nic_buffer_size( - assert(rvalue); - assert(data); - -- r = safe_atou32(rvalue, &k); -- if (r < 0) { -- log_syntax(unit, LOG_WARNING, filename, line, r, -- "Failed to parse interface buffer value, ignoring: %s", rvalue); -- return 0; -- } -- if (k < 1) { -- log_syntax(unit, LOG_WARNING, filename, line, 0, -- "Invalid %s= value, ignoring: %s", lvalue, rvalue); -- return 0; -+ if (streq(rvalue, "max")) -+ k = 0; -+ else { -+ r = safe_atou32(rvalue, &k); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse interface buffer value, ignoring: %s", rvalue); -+ return 0; -+ } -+ if (k < 1) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Invalid %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } - } - - if (streq(lvalue, "RxBufferSize")) { -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 7d28766624..aea131914e 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -70,6 +70,8 @@ typedef struct netdev_channels { - } netdev_channels; - - typedef struct netdev_ring_param { -+ /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should -+ * be used. */ - uint32_t rx_pending; - uint32_t rx_mini_pending; - uint32_t rx_jumbo_pending; --- -2.31.1 - diff --git a/SOURCES/20472.patch b/SOURCES/20472.patch deleted file mode 100644 index e5eb57b..0000000 --- a/SOURCES/20472.patch +++ /dev/null @@ -1,425 +0,0 @@ -From 78e57b79c8790448412acca41e5d4495366305a6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 18 Aug 2021 16:41:11 +0900 -Subject: [PATCH] udev: make RxChannels= or friends also accept "max" - -Follow-up for 406041b7de767316674eb6a2f98ad466577ce8a4. - -Also, this makes -- the settings accept an empty string, -- if the specified value is too large, also use the advertised maximum - value. -- mention the range of the value in the man page. ---- - man/systemd.link.xml | 49 ++------ - src/shared/ethtool-util.c | 170 ++++++++++----------------- - src/shared/ethtool-util.h | 36 +++--- - src/udev/net/link-config-gperf.gperf | 16 +-- - 4 files changed, 90 insertions(+), 181 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index fd744ebaed..dfb02073b2 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -710,58 +710,27 @@ - - - RxChannels= -- -- Sets the number of receive channels (a number between 1 and 4294967295) . -- -- -- - TxChannels= -- -- Sets the number of transmit channels (a number between 1 and 4294967295). -- -- -- - OtherChannels= -- -- Sets the number of other channels (a number between 1 and 4294967295). -- -- -- - CombinedChannels= - -- Sets the number of combined set channels (a number between 1 and 4294967295). -+ Specifies the number of receive, transmit, other, or combined channels, respectively. -+ Takes an unsigned integer in the range 1…4294967295 or max. If set to -+ max, the advertised maximum value of the hardware will be used. When -+ unset, the number will not be changed. Defaults to unset. - - - - RxBufferSize= -- -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC receive buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -- -- -- - RxMiniBufferSize= -- -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC mini receive buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -- -- -- - RxJumboBufferSize= -- -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC jumbo receive buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -- -- -- - TxBufferSize= - -- Takes an integer or max. Specifies the maximum number of pending packets -- in the NIC transmit buffer. When unset, the kernel's default will be used. If set to -- max, the hardware's advertised maximum size will be used. -+ Specifies the maximum number of pending packets in the NIC receive buffer, mini receive -+ buffer, jumbo receive buffer, or transmit buffer, respectively. Takes an unsigned integer in -+ the range 1…4294967295 or max. If set to max, the -+ advertised maximum value of the hardware will be used. When unset, the number will not be -+ changed. Defaults to unset. - - - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index ed251ec8dd..2d41d861ba 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -329,6 +329,17 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et - dest = _v; \ - } while(false) - -+#define UPDATE_WITH_MAX(dest, max, val, updated) \ -+ do { \ -+ typeof(dest) _v = (val); \ -+ typeof(dest) _max = (max); \ -+ if (_v == 0 || _v > _max) \ -+ _v = _max; \ -+ if (dest != _v) \ -+ updated = true; \ -+ dest = _v; \ -+ } while(false) -+ - int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - struct ethtool_wolinfo ecmd = { - .cmd = ETHTOOL_GWOL, -@@ -382,10 +393,10 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - assert(ifname); - assert(ring); - -- if (!ring->rx_pending_set && -- !ring->rx_mini_pending_set && -- !ring->rx_jumbo_pending_set && -- !ring->tx_pending_set) -+ if (!ring->rx.set && -+ !ring->rx_mini.set && -+ !ring->rx_jumbo.set && -+ !ring->tx.set) - return 0; - - r = ethtool_connect(ethtool_fd); -@@ -398,25 +409,17 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - if (r < 0) - return -errno; - -- if (ring->rx_pending_set) -- UPDATE(ecmd.rx_pending, -- ring->rx_pending == 0 ? ecmd.rx_max_pending : ring->rx_pending, -- need_update); -+ if (ring->rx.set) -+ UPDATE_WITH_MAX(ecmd.rx_pending, ecmd.rx_max_pending, ring->rx.value, need_update); - -- if (ring->rx_mini_pending_set) -- UPDATE(ecmd.rx_mini_pending, -- ring->rx_mini_pending == 0 ? ecmd.rx_mini_max_pending : ring->rx_mini_pending, -- need_update); -+ if (ring->rx_mini.set) -+ UPDATE_WITH_MAX(ecmd.rx_mini_pending, ecmd.rx_mini_max_pending, ring->rx_mini.value, need_update); - -- if (ring->rx_jumbo_pending_set) -- UPDATE(ecmd.rx_jumbo_pending, -- ring->rx_jumbo_pending == 0 ? ecmd.rx_jumbo_max_pending : ring->rx_jumbo_pending, -- need_update); -+ if (ring->rx_jumbo.set) -+ UPDATE_WITH_MAX(ecmd.rx_jumbo_pending, ecmd.rx_jumbo_max_pending, ring->rx_jumbo.value, need_update); - -- if (ring->tx_pending_set) -- UPDATE(ecmd.tx_pending, -- ring->tx_pending == 0 ? ecmd.tx_max_pending : ring->tx_pending, -- need_update); -+ if (ring->tx.set) -+ UPDATE_WITH_MAX(ecmd.tx_pending, ecmd.tx_max_pending, ring->tx.value, need_update); - - if (!need_update) - return 0; -@@ -832,10 +835,10 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - assert(ifname); - assert(channels); - -- if (!channels->rx_count_set && -- !channels->tx_count_set && -- !channels->other_count_set && -- !channels->combined_count_set) -+ if (!channels->rx.set && -+ !channels->tx.set && -+ !channels->other.set && -+ !channels->combined.set) - return 0; - - r = ethtool_connect(fd); -@@ -848,17 +851,17 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - if (r < 0) - return -errno; - -- if (channels->rx_count_set) -- UPDATE(ecmd.rx_count, channels->rx_count, need_update); -+ if (channels->rx.set) -+ UPDATE_WITH_MAX(ecmd.rx_count, ecmd.max_rx, channels->rx.value, need_update); - -- if (channels->tx_count_set) -- UPDATE(ecmd.tx_count, channels->tx_count, need_update); -+ if (channels->tx.set) -+ UPDATE_WITH_MAX(ecmd.tx_count, ecmd.max_tx, channels->tx.value, need_update); - -- if (channels->other_count_set) -- UPDATE(ecmd.other_count, channels->other_count, need_update); -+ if (channels->other.set) -+ UPDATE_WITH_MAX(ecmd.other_count, ecmd.max_other, channels->other.value, need_update); - -- if (channels->combined_count_set) -- UPDATE(ecmd.combined_count, channels->combined_count, need_update); -+ if (channels->combined.set) -+ UPDATE_WITH_MAX(ecmd.combined_count, ecmd.max_combined, channels->combined.value, need_update); - - if (!need_update) - return 0; -@@ -917,57 +920,6 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - return 0; - } - --int config_parse_channel( -- const char *unit, -- const char *filename, -- unsigned line, -- const char *section, -- unsigned section_line, -- const char *lvalue, -- int ltype, -- const char *rvalue, -- void *data, -- void *userdata) { -- -- netdev_channels *channels = data; -- uint32_t k; -- int r; -- -- assert(filename); -- assert(section); -- assert(lvalue); -- assert(rvalue); -- assert(data); -- -- r = safe_atou32(rvalue, &k); -- if (r < 0) { -- log_syntax(unit, LOG_WARNING, filename, line, r, -- "Failed to parse channel value for %s=, ignoring: %s", lvalue, rvalue); -- return 0; -- } -- if (k < 1) { -- log_syntax(unit, LOG_WARNING, filename, line, 0, -- "Invalid %s= value, ignoring: %s", lvalue, rvalue); -- return 0; -- } -- -- if (streq(lvalue, "RxChannels")) { -- channels->rx_count = k; -- channels->rx_count_set = true; -- } else if (streq(lvalue, "TxChannels")) { -- channels->tx_count = k; -- channels->tx_count_set = true; -- } else if (streq(lvalue, "OtherChannels")) { -- channels->other_count = k; -- channels->other_count_set = true; -- } else if (streq(lvalue, "CombinedChannels")) { -- channels->combined_count = k; -- channels->combined_count_set = true; -- } -- -- return 0; --} -- - int config_parse_advertise( - const char *unit, - const char *filename, -@@ -1023,7 +975,7 @@ int config_parse_advertise( - } - } - --int config_parse_nic_buffer_size( -+int config_parse_ring_buffer_or_channel( - const char *unit, - const char *filename, - unsigned line, -@@ -1035,7 +987,7 @@ int config_parse_nic_buffer_size( - void *data, - void *userdata) { - -- netdev_ring_param *ring = data; -+ u32_opt *dst = data; - uint32_t k; - int r; - -@@ -1045,36 +997,32 @@ int config_parse_nic_buffer_size( - assert(rvalue); - assert(data); - -- if (streq(rvalue, "max")) -- k = 0; -- else { -- r = safe_atou32(rvalue, &k); -- if (r < 0) { -- log_syntax(unit, LOG_WARNING, filename, line, r, -- "Failed to parse interface buffer value, ignoring: %s", rvalue); -- return 0; -- } -- if (k < 1) { -- log_syntax(unit, LOG_WARNING, filename, line, 0, -- "Invalid %s= value, ignoring: %s", lvalue, rvalue); -- return 0; -- } -+ if (isempty(rvalue)) { -+ dst->value = 0; -+ dst->set = false; -+ return 0; -+ } -+ -+ if (streq(rvalue, "max")) { -+ dst->value = 0; -+ dst->set = true; -+ return 0; - } - -- if (streq(lvalue, "RxBufferSize")) { -- ring->rx_pending = k; -- ring->rx_pending_set = true; -- } else if (streq(lvalue, "RxMiniBufferSize")) { -- ring->rx_mini_pending = k; -- ring->rx_mini_pending_set = true; -- } else if (streq(lvalue, "RxJumboBufferSize")) { -- ring->rx_jumbo_pending = k; -- ring->rx_jumbo_pending_set = true; -- } else if (streq(lvalue, "TxBufferSize")) { -- ring->tx_pending = k; -- ring->tx_pending_set = true; -+ r = safe_atou32(rvalue, &k); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ if (k < 1) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Invalid %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; - } - -+ dst->value = k; -+ dst->set = true; - return 0; - } - -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index aea131914e..8fdbdec39a 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -57,30 +57,23 @@ struct ethtool_link_usettings { - } link_modes; - }; - -+typedef struct u32_opt { -+ uint32_t value; /* a value of 0 indicates the hardware advertised maximum should be used.*/ -+ bool set; -+} u32_opt; -+ - typedef struct netdev_channels { -- uint32_t rx_count; -- uint32_t tx_count; -- uint32_t other_count; -- uint32_t combined_count; -- -- bool rx_count_set; -- bool tx_count_set; -- bool other_count_set; -- bool combined_count_set; -+ u32_opt rx; -+ u32_opt tx; -+ u32_opt other; -+ u32_opt combined; - } netdev_channels; - - typedef struct netdev_ring_param { -- /* For any of the 4 following settings, a value of 0 indicates the hardware advertised maximum should -- * be used. */ -- uint32_t rx_pending; -- uint32_t rx_mini_pending; -- uint32_t rx_jumbo_pending; -- uint32_t tx_pending; -- -- bool rx_pending_set; -- bool rx_mini_pending_set; -- bool rx_jumbo_pending_set; -- bool tx_pending_set; -+ u32_opt rx; -+ u32_opt rx_mini; -+ u32_opt rx_jumbo; -+ u32_opt tx; - } netdev_ring_param; - - int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); -@@ -111,6 +104,5 @@ enum ethtool_link_mode_bit_indices ethtool_link_mode_bit_from_string(const char - CONFIG_PARSER_PROTOTYPE(config_parse_duplex); - CONFIG_PARSER_PROTOTYPE(config_parse_wol); - CONFIG_PARSER_PROTOTYPE(config_parse_port); --CONFIG_PARSER_PROTOTYPE(config_parse_channel); - CONFIG_PARSER_PROTOTYPE(config_parse_advertise); --CONFIG_PARSER_PROTOTYPE(config_parse_nic_buffer_size); -+CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index e2f07d758b..d0190da5cb 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -58,15 +58,15 @@ Link.TCP6SegmentationOffload, config_parse_tristate, 0, - Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 - Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) - Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) --Link.RxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) --Link.TxChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) --Link.OtherChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) --Link.CombinedChannels, config_parse_channel, 0, offsetof(LinkConfig, channels) -+Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) -+Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -+Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) -+Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) - Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) --Link.RxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) --Link.RxMiniBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) --Link.RxJumboBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) --Link.TxBufferSize, config_parse_nic_buffer_size, 0, offsetof(LinkConfig, ring) -+Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) -+Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) -+Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) -+Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) - Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) - Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) - Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) --- -2.31.1 - diff --git a/SOURCES/20477.patch b/SOURCES/20477.patch deleted file mode 100644 index 6676bff..0000000 --- a/SOURCES/20477.patch +++ /dev/null @@ -1,561 +0,0 @@ -From a1661a140c97a9e8fd90ee00f2de6baa214c9076 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 18 Aug 2021 13:52:00 +0100 -Subject: [PATCH] udev: Add support for configuring nic coalescing settings - -These are configured via the corresponding ethtool ioctl. ---- - man/systemd.link.xml | 71 +++++++ - src/shared/ethtool-util.c | 205 +++++++++++++++++++++ - src/shared/ethtool-util.h | 29 +++ - src/udev/net/link-config-gperf.gperf | 124 ++++++++----- - src/udev/net/link-config.c | 4 + - src/udev/net/link-config.h | 1 + - test/fuzz/fuzz-link-parser/directives.link | 22 +++ - 7 files changed, 405 insertions(+), 51 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index dfb02073b2..6d8dcb9af7 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -773,6 +773,77 @@ - accept. An unsigned integer in the range 1…65535. Defaults to unset. - - -+ -+ UseAdaptiveRxCoalesce= -+ UseAdaptiveTxCoalesce= -+ -+ Boolean properties that, when set, enable/disable adaptive Rx/Tx coalescing if the hardware -+ supports it. When unset, the kernel's default will be used. -+ -+ -+ -+ RxCoalesceSec= -+ RxCoalesceIrqSec= -+ RxCoalesceLowSec= -+ RxCoalesceHighSec= -+ TxCoalesceSec= -+ TxCoalesceIrqSec= -+ TxCoalesceLowSec= -+ TxCoalesceHighSec= -+ -+ These properties configure the delay before Rx/Tx interrupts are generated after a packet is -+ sent/received. The Irq properties come into effect when the host is servicing an -+ IRQ. The Low and High properties come into effect when the -+ packet rate drops below the low packet rate threshold or exceeds the high packet rate threshold -+ respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's defaults will be -+ used. -+ -+ -+ -+ RxMaxCoalescedFrames= -+ RxMaxCoalescedIrqFrames= -+ RxMaxCoalescedLowFrames= -+ RxMaxCoalescedHighFrames= -+ TxMaxCoalescedFrames= -+ TxMaxCoalescedIrqFrames= -+ TxMaxCoalescedLowFrames= -+ TxMaxCoalescedHighFrames= -+ -+ These properties configure the maximum number of frames that are sent/received before a Rx/Tx -+ interrupt is generated. The Irq properties come into effect when the host is -+ servicing an IRQ. The Low and High properties come into -+ effect when the packet rate drops below the low packet rate threshold or exceeds the high packet -+ rate threshold respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's -+ defaults will be used. -+ -+ -+ -+ CoalescePacketRateLow= -+ CoalescePacketRateHigh= -+ -+ These properties configure the low and high packet rate (expressed in packets per second) -+ threshold respectively and are used to determine when the corresponding coalescing settings for low -+ and high packet rates come into effect if adaptive Rx/Tx coalescing is enabled. If unset, the -+ kernel's defaults will be used. -+ -+ -+ -+ CoalescePacketRateSampleIntervalSec= -+ -+ Configures how often to sample the packet rate used for adaptive Rx/Tx coalescing. This -+ property cannot be zero. This lowest time granularity supported by this property is seconds. -+ Partial seconds will be rounded up before being passed to the kernel. If unset, the kernel's -+ default will be used. -+ -+ -+ -+ StatisticsBlockCoalesceSec= -+ -+ How long to delay driver in-memory statistics block updates. If the driver does not have an -+ in-memory statistic block, this property is ignored. This property cannot be zero. If unset, the -+ kernel's default will be used. -+ -+ - - - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index 2d41d861ba..f7f553dd29 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -14,6 +14,7 @@ - #include "memory-util.h" - #include "socket-util.h" - #include "string-table.h" -+#include "strv.h" - #include "strxcpyx.h" - - static const char* const duplex_table[_DUP_MAX] = { -@@ -1091,3 +1092,207 @@ int config_parse_wol( - - return 0; - } -+ -+int config_parse_coalesce_u32( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) { -+ u32_opt *dst = data; -+ uint32_t k; -+ int r; -+ -+ if (isempty(rvalue)) { -+ dst->value = 0; -+ dst->set = false; -+ return 0; -+ } -+ -+ r = safe_atou32(rvalue, &k); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ -+ dst->value = k; -+ dst->set = true; -+ return 0; -+} -+ -+int config_parse_coalesce_sec( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) { -+ u32_opt *dst = data; -+ usec_t usec; -+ int r; -+ -+ if (isempty(rvalue)) { -+ dst->value = 0; -+ dst->set = false; -+ return 0; -+ } -+ -+ r = parse_sec(rvalue, &usec); -+ if (r < 0) { -+ log_syntax(unit, LOG_WARNING, filename, line, r, -+ "Failed to parse coalesce setting value, ignoring: %s", rvalue); -+ return 0; -+ } -+ -+ if (usec > UINT32_MAX) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Too large %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ -+ if (STR_IN_SET(lvalue, "StatisticsBlockCoalesceSec", "CoalescePacketRateSampleIntervalSec") && usec < 1) { -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "Invalid %s= value, ignoring: %s", lvalue, rvalue); -+ return 0; -+ } -+ -+ dst->value = (uint32_t) usec; -+ dst->set = true; -+ -+ return 0; -+} -+ -+int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { -+ struct ethtool_coalesce ecmd = { -+ .cmd = ETHTOOL_GCOALESCE, -+ }; -+ struct ifreq ifr = { -+ .ifr_data = (void*) &ecmd, -+ }; -+ bool need_update = false; -+ int r; -+ -+ assert(ethtool_fd); -+ assert(ifname); -+ assert(coalesce); -+ -+ if (coalesce->use_adaptive_rx_coalesce < 0 && -+ coalesce->use_adaptive_tx_coalesce < 0 && -+ !coalesce->rx_coalesce_usecs.set && -+ !coalesce->rx_max_coalesced_frames.set && -+ !coalesce->rx_coalesce_usecs_irq.set && -+ !coalesce->rx_max_coalesced_frames_irq.set && -+ !coalesce->tx_coalesce_usecs.set && -+ !coalesce->tx_max_coalesced_frames.set && -+ !coalesce->tx_coalesce_usecs_irq.set && -+ !coalesce->tx_max_coalesced_frames_irq.set && -+ !coalesce->stats_block_coalesce_usecs.set && -+ !coalesce->pkt_rate_low.set && -+ !coalesce->rx_coalesce_usecs_low.set && -+ !coalesce->rx_max_coalesced_frames_low.set && -+ !coalesce->tx_coalesce_usecs_low.set && -+ !coalesce->tx_max_coalesced_frames_low.set && -+ !coalesce->pkt_rate_high.set && -+ !coalesce->rx_coalesce_usecs_high.set && -+ !coalesce->rx_max_coalesced_frames_high.set && -+ !coalesce->tx_coalesce_usecs_high.set && -+ !coalesce->tx_max_coalesced_frames_high.set && -+ !coalesce->rate_sample_interval.set) -+ return 0; -+ -+ r = ethtool_connect(ethtool_fd); -+ if (r < 0) -+ return r; -+ -+ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ if (coalesce->use_adaptive_rx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); -+ -+ if (coalesce->use_adaptive_tx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); -+ -+ if (coalesce->rx_coalesce_usecs.set) -+ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames.set) -+ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs.set) -+ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames.set) -+ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->stats_block_coalesce_usecs.set) -+ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); -+ -+ if (coalesce->pkt_rate_low.set) -+ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_low.set) -+ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_low.set) -+ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->pkt_rate_high.set) -+ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_high.set) -+ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_high.set) -+ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->rate_sample_interval.set) -+ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); -+ -+ if (!need_update) -+ return 0; -+ -+ ecmd.cmd = ETHTOOL_SCOALESCE; -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ return 0; -+} -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 8fdbdec39a..bb0333775c 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -76,6 +76,31 @@ typedef struct netdev_ring_param { - u32_opt tx; - } netdev_ring_param; - -+typedef struct netdev_coalesce_param { -+ u32_opt rx_coalesce_usecs; -+ u32_opt rx_max_coalesced_frames; -+ u32_opt rx_coalesce_usecs_irq; -+ u32_opt rx_max_coalesced_frames_irq; -+ u32_opt tx_coalesce_usecs; -+ u32_opt tx_max_coalesced_frames; -+ u32_opt tx_coalesce_usecs_irq; -+ u32_opt tx_max_coalesced_frames_irq; -+ u32_opt stats_block_coalesce_usecs; -+ int use_adaptive_rx_coalesce; -+ int use_adaptive_tx_coalesce; -+ u32_opt pkt_rate_low; -+ u32_opt rx_coalesce_usecs_low; -+ u32_opt rx_max_coalesced_frames_low; -+ u32_opt tx_coalesce_usecs_low; -+ u32_opt tx_max_coalesced_frames_low; -+ u32_opt pkt_rate_high; -+ u32_opt rx_coalesce_usecs_high; -+ u32_opt rx_max_coalesced_frames_high; -+ u32_opt tx_coalesce_usecs_high; -+ u32_opt tx_max_coalesced_frames_high; -+ u32_opt rate_sample_interval; -+} netdev_coalesce_param; -+ - int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret); - int ethtool_get_link_info(int *ethtool_fd, const char *ifname, - int *ret_autonegotiation, uint64_t *ret_speed, -@@ -89,6 +114,7 @@ int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname, - uint64_t speed, Duplex duplex, NetDevPort port); - int ethtool_set_channels(int *ethtool_fd, const char *ifname, const netdev_channels *channels); - int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int autoneg); -+int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce); - - const char *duplex_to_string(Duplex d) _const_; - Duplex duplex_from_string(const char *d) _pure_; -@@ -106,3 +132,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_wol); - CONFIG_PARSER_PROTOTYPE(config_parse_port); - CONFIG_PARSER_PROTOTYPE(config_parse_advertise); - CONFIG_PARSER_PROTOTYPE(config_parse_ring_buffer_or_channel); -+CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_u32); -+CONFIG_PARSER_PROTOTYPE(config_parse_coalesce_sec); -+CONFIG_PARSER_PROTOTYPE(config_parse_nic_coalesce_setting); -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index d0190da5cb..f800de8386 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -21,54 +21,76 @@ struct ConfigPerfItem; - %struct-type - %includes - %% --Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) --Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) --Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) --Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) --Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) --Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) --Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) --Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) --Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) --Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) --Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) --Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) --Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) --Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) --Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) --Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) --Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) --Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) --Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) --Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) --Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) --Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) --Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) --Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) --Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) --Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) --Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) --Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) --Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) --Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) --Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) --Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) --Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) --Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) --Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 --Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) --Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) --Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) --Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) --Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) --Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) --Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) --Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) --Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) --Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) --Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) --Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) --Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) --Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) --Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) --Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) -+Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) -+Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) -+Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) -+Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) -+Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) -+Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) -+Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) -+Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) -+Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) -+Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) -+Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) -+Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) -+Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) -+Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) -+Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) -+Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) -+Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) -+Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) -+Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) -+Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) -+Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) -+Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) -+Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) -+Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) -+Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) -+Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) -+Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) -+Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) -+Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) -+Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) -+Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) -+Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) -+Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) -+Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) -+Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 -+Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) -+Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) -+Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) -+Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -+Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) -+Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) -+Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) -+Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) -+Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) -+Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) -+Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) -+Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) -+Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) -+Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) -+Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) -+Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) -+Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) -+Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) -+Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) -+Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) -+Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) -+Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) -+Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) -+Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) -+Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) -+Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) -+Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) -+Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) -+Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) -+Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) -+Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) -+Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) -+Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) -+Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) -+Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) -+Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) -+Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) -+Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) -diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c -index 8dfe23691b..9451bd8b66 100644 ---- a/src/udev/net/link-config.c -+++ b/src/udev/net/link-config.c -@@ -353,6 +353,10 @@ static int link_config_apply_ethtool_settings(int *ethtool_fd, const LinkConfig - if (r < 0) - log_device_warning_errno(device, r, "Could not set flow control, ignoring: %m"); - -+ r = ethtool_set_nic_coalesce_settings(ethtool_fd, name, &config->coalesce); -+ if (r < 0) -+ log_device_warning_errno(device, r, "Could not set coalesce settings, ignoring: %m"); -+ - return 0; - } - -diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h -index b505c94f95..8a29a92822 100644 ---- a/src/udev/net/link-config.h -+++ b/src/udev/net/link-config.h -@@ -64,6 +64,7 @@ struct LinkConfig { - int rx_flow_control; - int tx_flow_control; - int autoneg_flow_control; -+ netdev_coalesce_param coalesce; - - LIST_FIELDS(LinkConfig, links); - }; -diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link -index 112a81930f..5f232ce698 100644 ---- a/test/fuzz/fuzz-link-parser/directives.link -+++ b/test/fuzz/fuzz-link-parser/directives.link -@@ -51,3 +51,25 @@ TxFlowControl= - AutoNegotiationFlowControl= - GenericSegmentOffloadMaxBytes= - GenericSegmentOffloadMaxSegments= -+RxCoalesceSec= -+RxMaxCoalescedFrames= -+RxCoalesceIrqSec= -+RxMaxCoalescedIrqFrames= -+TxCoalesceSec= -+TxMaxCoalescedFrames= -+TxCoalesceIrqSec= -+TxMaxCoalescedIrqFrames= -+StatisticsBlockCoalesceSec= -+UseAdaptiveRxCoalesce= -+UseAdaptiveTxCoalesce= -+CoalescePacketRateLow= -+RxCoalesceLowSec= -+RxMaxCoalescedLowFrames= -+TxCoalesceLowSec= -+TxMaxCoalescedLowFrames= -+CoalescePacketRateHigh= -+RxCoalesceHighSec= -+RxMaxCoalescedHighFrames= -+TxCoalesceHighSec= -+TxMaxCoalescedHighFrames= -+CoalescePacketRateSampleIntervalSec= --- -2.31.1 - diff --git a/SOURCES/20484.patch b/SOURCES/20484.patch deleted file mode 100644 index 9da073b..0000000 --- a/SOURCES/20484.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 0e5c20b7a4f47fd3f8edbc2735810ea3513360bb Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 19 Aug 2021 13:44:35 +0100 -Subject: [PATCH] link: Add support for rx-gro-hw nic feature - ---- - man/systemd.link.xml | 7 +++++++ - src/shared/ethtool-util.c | 15 ++++++++------- - src/shared/ethtool-util.h | 1 + - src/udev/net/link-config-gperf.gperf | 1 + - test/fuzz/fuzz-link-parser/directives.link | 1 + - 5 files changed, 18 insertions(+), 7 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 6d8dcb9af7..638a1522cd 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -701,6 +701,13 @@ - When unset, the kernel's default will be used. - - -+ -+ GenericReceiveOffloadHardware= -+ -+ Takes a boolean. If set to true, hardware accelerated Generic Receive Offload (GRO) is -+ enabled. When unset, the kernel's default will be used. -+ -+ - - LargeReceiveOffload= - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index f7f553dd29..a08bb2b7f5 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -70,13 +70,14 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); - DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); - - static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { -- [NET_DEV_FEAT_RX] = "rx-checksum", -- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ -- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -- [NET_DEV_FEAT_GRO] = "rx-gro", -- [NET_DEV_FEAT_LRO] = "rx-lro", -- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -+ [NET_DEV_FEAT_RX] = "rx-checksum", -+ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ -+ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -+ [NET_DEV_FEAT_GRO] = "rx-gro", -+ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", -+ [NET_DEV_FEAT_LRO] = "rx-lro", -+ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -+ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", - }; - - static const char* const ethtool_link_mode_bit_table[] = { -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index bb0333775c..2181ab6fd6 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -23,6 +23,7 @@ typedef enum NetDevFeature { - NET_DEV_FEAT_TX, - NET_DEV_FEAT_GSO, - NET_DEV_FEAT_GRO, -+ NET_DEV_FEAT_GRO_HW, - NET_DEV_FEAT_LRO, - NET_DEV_FEAT_TSO, - NET_DEV_FEAT_TSO6, -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index f800de8386..44b46cb17c 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -57,6 +57,7 @@ Link.TCPSegmentationOffload, config_parse_tristate, - Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) - Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 - Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) -+Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) - Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) - Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) - Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link -index 5f232ce698..b5cffb1a27 100644 ---- a/test/fuzz/fuzz-link-parser/directives.link -+++ b/test/fuzz/fuzz-link-parser/directives.link -@@ -36,6 +36,7 @@ TCPSegmentationOffload= - TCP6SegmentationOffload= - UDPSegmentationOffload= - GenericReceiveOffload= -+GenericReceiveOffloadHardware= - LargeReceiveOffload= - RxChannels= - TxChannels= --- -2.31.1 - diff --git a/SOURCES/20489.patch b/SOURCES/20489.patch deleted file mode 100644 index 0b4f8d9..0000000 --- a/SOURCES/20489.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0a377494bcfcf4e145e260478071be124d56dc6d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 Aug 2021 09:41:34 +0900 -Subject: [PATCH] network: add UseMTU= in [IPv6AcceptRA] - -Note that kernel has similar knob in sysctl: accept_ra_mtu. - -Closes #18868. ---- - man/systemd.network.xml | 8 ++++++++ - src/network/networkd-ndisc.c | 14 +++++++------- - src/network/networkd-network-gperf.gperf | 1 + - src/network/networkd-network.c | 3 ++- - src/network/networkd-network.h | 1 + - test/fuzz/fuzz-network-parser/directives.network | 1 + - 6 files changed, 20 insertions(+), 8 deletions(-) - -diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index 03100c035b84..573ba959eb4d 100644 ---- a/man/systemd.network.xml -+++ b/man/systemd.network.xml -@@ -2265,6 +2265,14 @@ IPv6Token=prefixstable:2002:da8:1:: - - - -+ -+ UseMTU= -+ -+ Takes a boolean. When true, the MTU received in the Router Advertisement will be -+ used. Defaults to true. -+ -+ -+ - - UseAutonomousPrefix= - -diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c -index f58edb8f3cae..fe1f1e0333cf 100644 ---- a/src/network/networkd-ndisc.c -+++ b/src/network/networkd-ndisc.c -@@ -536,9 +536,9 @@ static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) { - static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { - _cleanup_(route_freep) Route *route = NULL; - struct in6_addr gateway; -- uint16_t lifetime; -+ uint32_t table, mtu = 0; - unsigned preference; -- uint32_t table, mtu; -+ uint16_t lifetime; - usec_t time_now; - int r; - -@@ -575,11 +575,11 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { - if (r < 0) - return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); - -- r = sd_ndisc_router_get_mtu(rt, &mtu); -- if (r == -ENODATA) -- mtu = 0; -- else if (r < 0) -- return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); -+ if (link->network->ipv6_accept_ra_use_mtu) { -+ r = sd_ndisc_router_get_mtu(rt, &mtu); -+ if (r < 0 && r != -ENODATA) -+ return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); -+ } - - table = link_get_ipv6_accept_ra_route_table(link); - -diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf -index aa4dc00e55bc..846e54aed759 100644 ---- a/src/network/networkd-network-gperf.gperf -+++ b/src/network/networkd-network-gperf.gperf -@@ -256,6 +256,7 @@ IPv6AcceptRA.UseAutonomousPrefix, config_parse_bool, - IPv6AcceptRA.UseOnLinkPrefix, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_onlink_prefix) - IPv6AcceptRA.UseDNS, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_dns) - IPv6AcceptRA.UseDomains, config_parse_ipv6_accept_ra_use_domains, 0, offsetof(Network, ipv6_accept_ra_use_domains) -+IPv6AcceptRA.UseMTU, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_mtu) - IPv6AcceptRA.DHCPv6Client, config_parse_ipv6_accept_ra_start_dhcp6_client, 0, offsetof(Network, ipv6_accept_ra_start_dhcp6_client) - IPv6AcceptRA.RouteTable, config_parse_section_route_table, 0, 0 - IPv6AcceptRA.RouteMetric, config_parse_dhcp_route_metric, 0, 0 -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index bb09ba9e8933..1928db537e0c 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -400,15 +400,16 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .ipv4_accept_local = -1, - .ipv4_route_localnet = -1, - .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, -- .ipv6_accept_ra = -1, - .ipv6_dad_transmits = -1, - .ipv6_hop_limit = -1, - .ipv6_proxy_ndp = -1, - .proxy_arp = -1, - -+ .ipv6_accept_ra = -1, - .ipv6_accept_ra_use_dns = true, - .ipv6_accept_ra_use_autonomous_prefix = true, - .ipv6_accept_ra_use_onlink_prefix = true, -+ .ipv6_accept_ra_use_mtu = true, - .ipv6_accept_ra_route_table = RT_TABLE_MAIN, - .ipv6_accept_ra_route_metric = DHCP_ROUTE_METRIC, - .ipv6_accept_ra_start_dhcp6_client = IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES, -diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h -index 815bcf5023fc..95c86e723040 100644 ---- a/src/network/networkd-network.h -+++ b/src/network/networkd-network.h -@@ -301,6 +301,7 @@ struct Network { - bool ipv6_accept_ra_use_dns; - bool ipv6_accept_ra_use_autonomous_prefix; - bool ipv6_accept_ra_use_onlink_prefix; -+ bool ipv6_accept_ra_use_mtu; - bool active_slave; - bool primary_slave; - DHCPUseDomains ipv6_accept_ra_use_domains; -diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network -index 8fe4ced35154..a3711cb77d9c 100644 ---- a/test/fuzz/fuzz-network-parser/directives.network -+++ b/test/fuzz/fuzz-network-parser/directives.network -@@ -342,6 +342,7 @@ Label= - Prefix= - [IPv6AcceptRA] - UseDomains= -+UseMTU= - RouteTable= - RouteMetric= - UseDNS= diff --git a/SOURCES/20541.patch b/SOURCES/20541.patch deleted file mode 100644 index e41e3b1..0000000 --- a/SOURCES/20541.patch +++ /dev/null @@ -1,306 +0,0 @@ -From 72328a5977d240d33b78b24e7a6b65b1074000b9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 26 Aug 2021 03:31:05 +0900 -Subject: [PATCH 1/2] ethtool: move function - -I'd like to locate all conf parsers at end of file. ---- - src/shared/ethtool-util.c | 250 +++++++++++++++++++------------------- - 1 file changed, 125 insertions(+), 125 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index c47d819f0596..af3b917c75cb 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -932,6 +932,131 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - return 0; - } - -+int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { -+ struct ethtool_coalesce ecmd = { -+ .cmd = ETHTOOL_GCOALESCE, -+ }; -+ struct ifreq ifr = { -+ .ifr_data = (void*) &ecmd, -+ }; -+ bool need_update = false; -+ int r; -+ -+ assert(ethtool_fd); -+ assert(ifname); -+ assert(coalesce); -+ -+ if (coalesce->use_adaptive_rx_coalesce < 0 && -+ coalesce->use_adaptive_tx_coalesce < 0 && -+ !coalesce->rx_coalesce_usecs.set && -+ !coalesce->rx_max_coalesced_frames.set && -+ !coalesce->rx_coalesce_usecs_irq.set && -+ !coalesce->rx_max_coalesced_frames_irq.set && -+ !coalesce->tx_coalesce_usecs.set && -+ !coalesce->tx_max_coalesced_frames.set && -+ !coalesce->tx_coalesce_usecs_irq.set && -+ !coalesce->tx_max_coalesced_frames_irq.set && -+ !coalesce->stats_block_coalesce_usecs.set && -+ !coalesce->pkt_rate_low.set && -+ !coalesce->rx_coalesce_usecs_low.set && -+ !coalesce->rx_max_coalesced_frames_low.set && -+ !coalesce->tx_coalesce_usecs_low.set && -+ !coalesce->tx_max_coalesced_frames_low.set && -+ !coalesce->pkt_rate_high.set && -+ !coalesce->rx_coalesce_usecs_high.set && -+ !coalesce->rx_max_coalesced_frames_high.set && -+ !coalesce->tx_coalesce_usecs_high.set && -+ !coalesce->tx_max_coalesced_frames_high.set && -+ !coalesce->rate_sample_interval.set) -+ return 0; -+ -+ r = ethtool_connect(ethtool_fd); -+ if (r < 0) -+ return r; -+ -+ strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ if (coalesce->use_adaptive_rx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); -+ -+ if (coalesce->use_adaptive_tx_coalesce >= 0) -+ UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); -+ -+ if (coalesce->rx_coalesce_usecs.set) -+ UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames.set) -+ UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs.set) -+ UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames.set) -+ UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_irq.set) -+ UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_irq.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); -+ -+ if (coalesce->stats_block_coalesce_usecs.set) -+ UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); -+ -+ if (coalesce->pkt_rate_low.set) -+ UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_low.set) -+ UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_low.set) -+ UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_low.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); -+ -+ if (coalesce->pkt_rate_high.set) -+ UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); -+ -+ if (coalesce->rx_coalesce_usecs_high.set) -+ UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->rx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->tx_coalesce_usecs_high.set) -+ UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); -+ -+ if (coalesce->tx_max_coalesced_frames_high.set) -+ UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); -+ -+ if (coalesce->rate_sample_interval.set) -+ UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); -+ -+ if (!need_update) -+ return 0; -+ -+ ecmd.cmd = ETHTOOL_SCOALESCE; -+ r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -+ if (r < 0) -+ return -errno; -+ -+ return 0; -+} -+ - int config_parse_advertise( - const char *unit, - const char *filename, -@@ -1182,128 +1307,3 @@ int config_parse_coalesce_sec( - - return 0; - } -- --int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const netdev_coalesce_param *coalesce) { -- struct ethtool_coalesce ecmd = { -- .cmd = ETHTOOL_GCOALESCE, -- }; -- struct ifreq ifr = { -- .ifr_data = (void*) &ecmd, -- }; -- bool need_update = false; -- int r; -- -- assert(ethtool_fd); -- assert(ifname); -- assert(coalesce); -- -- if (coalesce->use_adaptive_rx_coalesce < 0 && -- coalesce->use_adaptive_tx_coalesce < 0 && -- !coalesce->rx_coalesce_usecs.set && -- !coalesce->rx_max_coalesced_frames.set && -- !coalesce->rx_coalesce_usecs_irq.set && -- !coalesce->rx_max_coalesced_frames_irq.set && -- !coalesce->tx_coalesce_usecs.set && -- !coalesce->tx_max_coalesced_frames.set && -- !coalesce->tx_coalesce_usecs_irq.set && -- !coalesce->tx_max_coalesced_frames_irq.set && -- !coalesce->stats_block_coalesce_usecs.set && -- !coalesce->pkt_rate_low.set && -- !coalesce->rx_coalesce_usecs_low.set && -- !coalesce->rx_max_coalesced_frames_low.set && -- !coalesce->tx_coalesce_usecs_low.set && -- !coalesce->tx_max_coalesced_frames_low.set && -- !coalesce->pkt_rate_high.set && -- !coalesce->rx_coalesce_usecs_high.set && -- !coalesce->rx_max_coalesced_frames_high.set && -- !coalesce->tx_coalesce_usecs_high.set && -- !coalesce->tx_max_coalesced_frames_high.set && -- !coalesce->rate_sample_interval.set) -- return 0; -- -- r = ethtool_connect(ethtool_fd); -- if (r < 0) -- return r; -- -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -- -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -- return -errno; -- -- if (coalesce->use_adaptive_rx_coalesce >= 0) -- UPDATE(ecmd.use_adaptive_rx_coalesce, (uint32_t) coalesce->use_adaptive_rx_coalesce, need_update); -- -- if (coalesce->use_adaptive_tx_coalesce >= 0) -- UPDATE(ecmd.use_adaptive_tx_coalesce, (uint32_t) coalesce->use_adaptive_tx_coalesce, need_update); -- -- if (coalesce->rx_coalesce_usecs.set) -- UPDATE(ecmd.rx_coalesce_usecs, coalesce->rx_coalesce_usecs.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames.set) -- UPDATE(ecmd.rx_max_coalesced_frames, coalesce->rx_max_coalesced_frames.value, need_update); -- -- if (coalesce->rx_coalesce_usecs_irq.set) -- UPDATE(ecmd.rx_coalesce_usecs_irq, coalesce->rx_coalesce_usecs_irq.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames_irq.set) -- UPDATE(ecmd.rx_max_coalesced_frames_irq, coalesce->rx_max_coalesced_frames_irq.value, need_update); -- -- if (coalesce->tx_coalesce_usecs.set) -- UPDATE(ecmd.tx_coalesce_usecs, coalesce->tx_coalesce_usecs.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames.set) -- UPDATE(ecmd.tx_max_coalesced_frames, coalesce->tx_max_coalesced_frames.value, need_update); -- -- if (coalesce->tx_coalesce_usecs_irq.set) -- UPDATE(ecmd.tx_coalesce_usecs_irq, coalesce->tx_coalesce_usecs_irq.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames_irq.set) -- UPDATE(ecmd.tx_max_coalesced_frames_irq, coalesce->tx_max_coalesced_frames_irq.value, need_update); -- -- if (coalesce->stats_block_coalesce_usecs.set) -- UPDATE(ecmd.stats_block_coalesce_usecs, coalesce->stats_block_coalesce_usecs.value, need_update); -- -- if (coalesce->pkt_rate_low.set) -- UPDATE(ecmd.pkt_rate_low, coalesce->pkt_rate_low.value, need_update); -- -- if (coalesce->rx_coalesce_usecs_low.set) -- UPDATE(ecmd.rx_coalesce_usecs_low, coalesce->rx_coalesce_usecs_low.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames_low.set) -- UPDATE(ecmd.rx_max_coalesced_frames_low, coalesce->rx_max_coalesced_frames_low.value, need_update); -- -- if (coalesce->tx_coalesce_usecs_low.set) -- UPDATE(ecmd.tx_coalesce_usecs_low, coalesce->tx_coalesce_usecs_low.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames_low.set) -- UPDATE(ecmd.tx_max_coalesced_frames_low, coalesce->tx_max_coalesced_frames_low.value, need_update); -- -- if (coalesce->pkt_rate_high.set) -- UPDATE(ecmd.pkt_rate_high, coalesce->pkt_rate_high.value, need_update); -- -- if (coalesce->rx_coalesce_usecs_high.set) -- UPDATE(ecmd.rx_coalesce_usecs_high, coalesce->rx_coalesce_usecs_high.value, need_update); -- -- if (coalesce->rx_max_coalesced_frames_high.set) -- UPDATE(ecmd.rx_max_coalesced_frames_high, coalesce->rx_max_coalesced_frames_high.value, need_update); -- -- if (coalesce->tx_coalesce_usecs_high.set) -- UPDATE(ecmd.tx_coalesce_usecs_high, coalesce->tx_coalesce_usecs_high.value, need_update); -- -- if (coalesce->tx_max_coalesced_frames_high.set) -- UPDATE(ecmd.tx_max_coalesced_frames_high, coalesce->tx_max_coalesced_frames_high.value, need_update); -- -- if (coalesce->rate_sample_interval.set) -- UPDATE(ecmd.rate_sample_interval, DIV_ROUND_UP(coalesce->rate_sample_interval.value, USEC_PER_SEC), need_update); -- -- if (!need_update) -- return 0; -- -- ecmd.cmd = ETHTOOL_SCOALESCE; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -- return -errno; -- -- return 0; --} - -From ee7512404b5de7c5ac36e09436379fada2ed84e7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 26 Aug 2021 03:34:23 +0900 -Subject: [PATCH 2/2] udev/net: initialize coalesce tristate variables - -Otherwise, 99-default.link may introduce something like the -following warnings: ----- -Aug 26 03:23:59 systemd-udevd[519]: wlan0: Could not set coalesce settings, ignoring: Operation not supported -Aug 26 03:24:00 systemd-udevd[547]: wlp59s0: Could not set coalesce settings, ignoring: Operation not supported ----- - -Follow-up for 6c35ea5ef0231d519ff24d43a57a72cebab6a121. ---- - src/udev/net/link-config.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c -index 69f651435034..4963ba2fae81 100644 ---- a/src/udev/net/link-config.c -+++ b/src/udev/net/link-config.c -@@ -142,6 +142,8 @@ int link_load_one(LinkConfigContext *ctx, const char *filename) { - .tx_flow_control = -1, - .autoneg_flow_control = -1, - .txqueuelen = UINT32_MAX, -+ .coalesce.use_adaptive_rx_coalesce = -1, -+ .coalesce.use_adaptive_tx_coalesce = -1, - }; - - for (i = 0; i < ELEMENTSOF(link->features); i++) diff --git a/SOURCES/20676_cherrypicked.patch b/SOURCES/20676_cherrypicked.patch deleted file mode 100644 index e97a589..0000000 --- a/SOURCES/20676_cherrypicked.patch +++ /dev/null @@ -1,336 +0,0 @@ -From 0b9f08931944c2e33c6ed012919157e429eb7be2 Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 12:47:49 +0900 -Subject: [PATCH 1/4] fileio: introduce read_virtual_file_fd() - ---- - src/basic/fileio.c | 24 ++++++++++++++++-------- - src/basic/fileio.h | 1 + - 2 files changed, 17 insertions(+), 8 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 466c6321c7..4a0d060105 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -373,9 +373,8 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { - return 1; - } - --int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { -+int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size) { - _cleanup_free_ char *buf = NULL; -- _cleanup_close_ int fd = -1; - size_t n, size; - int n_retries; - bool truncated = false; -@@ -393,10 +392,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on - * partial success, 1 if untruncated contents were read. */ - -- fd = open(filename, O_RDONLY|O_CLOEXEC); -- if (fd < 0) -- return -errno; -- -+ assert(fd >= 0); - assert(max_size <= READ_VIRTUAL_BYTES_MAX || max_size == SIZE_MAX); - - /* Limit the number of attempts to read the number of bytes returned by fstat(). */ -@@ -432,8 +428,8 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - - n_retries--; - } else if (n_retries > 1) { -- /* Files in /proc are generally smaller than the page size so let's start with a page size -- * buffer from malloc and only use the max buffer on the final try. */ -+ /* Files in /proc are generally smaller than the page size so let's start with -+ * a page size buffer from malloc and only use the max buffer on the final try. */ - size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); - n_retries = 1; - } else { -@@ -517,6 +513,18 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - return !truncated; - } - -+int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size) { -+ _cleanup_close_ int fd = -1; -+ -+ assert(filename); -+ -+ fd = open(filename, O_RDONLY | O_NOCTTY | O_CLOEXEC); -+ if (fd < 0) -+ return -errno; -+ -+ return read_virtual_file_fd(fd, max_size, ret_contents, ret_size); -+} -+ - int read_full_stream_full( - FILE *f, - const char *filename, -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 9bd2037f5b..82330840bf 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -66,6 +66,7 @@ static inline int read_full_file(const char *filename, char **ret_contents, size - return read_full_file_full(AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, 0, NULL, ret_contents, ret_size); - } - -+int read_virtual_file_fd(int fd, size_t max_size, char **ret_contents, size_t *ret_size); - int read_virtual_file(const char *filename, size_t max_size, char **ret_contents, size_t *ret_size); - static inline int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { - return read_virtual_file(filename, SIZE_MAX, ret_contents, ret_size); --- -2.31.1 - - -From bede594fa1ea4c32a886191b774134effcf71bef Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 12:57:30 +0900 -Subject: [PATCH 2/4] string-util: introduce streq_skip_trailing_chars() - ---- - src/basic/string-util.c | 16 ++++++++++++++++ - src/basic/string-util.h | 2 ++ - src/test/test-string-util.c | 28 ++++++++++++++++++++++++++++ - 3 files changed, 46 insertions(+) - -diff --git a/src/basic/string-util.c b/src/basic/string-util.c -index a645958d38..6ceaeaf9df 100644 ---- a/src/basic/string-util.c -+++ b/src/basic/string-util.c -@@ -1146,3 +1146,19 @@ int string_contains_word_strv(const char *string, const char *separators, char * - *ret_word = found; - return !!found; - } -+ -+bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { -+ if (!s1 && !s2) -+ return true; -+ if (!s1 || !s2) -+ return false; -+ -+ if (!ok) -+ ok = WHITESPACE; -+ -+ for (; *s1 && *s2; s1++, s2++) -+ if (*s1 != *s2) -+ break; -+ -+ return in_charset(s1, ok) && in_charset(s2, ok); -+} -diff --git a/src/basic/string-util.h b/src/basic/string-util.h -index 9155e50ba8..0bf215827e 100644 ---- a/src/basic/string-util.h -+++ b/src/basic/string-util.h -@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * - static inline int string_contains_word(const char *string, const char *separators, const char *word) { - return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); - } -+ -+bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); -diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c -index 4d9d0260c9..9a9c974332 100644 ---- a/src/test/test-string-util.c -+++ b/src/test/test-string-util.c -@@ -1000,6 +1000,33 @@ static void test_strextendf(void) { - assert_se(streq(p, "<77>,<99>,< 88>,<00001234>")); - } - -+static void test_streq_skip_trailing_chars(void) { -+ log_info("/* %s */", __func__); -+ -+ /* NULL is WHITESPACE by default*/ -+ assert_se(streq_skip_trailing_chars("foo bar", "foo bar", NULL)); -+ assert_se(streq_skip_trailing_chars("foo", "foo", NULL)); -+ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", NULL)); -+ assert_se(streq_skip_trailing_chars("foo bar", "foo bar\t\t", NULL)); -+ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar\t\t", NULL)); -+ assert_se(streq_skip_trailing_chars("foo\nbar", "foo\nbar", NULL)); -+ assert_se(streq_skip_trailing_chars("\t\tfoo bar", "\t\tfoo bar", NULL)); -+ assert_se(streq_skip_trailing_chars(" foo bar\t", " foo bar\n", NULL)); -+ -+ assert_se(!streq_skip_trailing_chars("foobar", "foo bar", NULL)); -+ assert_se(!streq_skip_trailing_chars("foo\nbar", "foo\tbar", NULL)); -+ assert_se(!streq_skip_trailing_chars("\t\nfoo bar", "\t foo bar", NULL)); -+ -+ assert_se(streq_skip_trailing_chars("foo bar ", "foo bar", WHITESPACE)); -+ assert_se(!streq_skip_trailing_chars("foo bar ", "foo bar", NEWLINE)); -+ -+ assert_se(streq_skip_trailing_chars(NULL, NULL, NULL)); -+ assert_se(streq_skip_trailing_chars("", "", NULL)); -+ assert_se(!streq_skip_trailing_chars(NULL, "foo bar", NULL)); -+ assert_se(!streq_skip_trailing_chars("foo", NULL, NULL)); -+ assert_se(!streq_skip_trailing_chars("", "f", NULL)); -+} -+ - int main(int argc, char *argv[]) { - test_setup_logging(LOG_DEBUG); - -@@ -1039,6 +1066,7 @@ int main(int argc, char *argv[]) { - test_string_contains_word(); - test_strverscmp_improved(); - test_strextendf(); -+ test_streq_skip_trailing_chars(); - - return 0; - } --- -2.31.1 - - -From a2552e17829d0090db3ff5f2e6f2d772d0fca3e9 Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 13:06:25 +0900 -Subject: [PATCH 3/4] fileio: introduce new mode to suppress writing the same - value - ---- - src/basic/fileio.c | 29 +++++++++++++++++++++++++++-- - src/basic/fileio.h | 23 ++++++++++++----------- - 2 files changed, 39 insertions(+), 13 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 4a0d060105..729789ce47 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -146,6 +146,30 @@ int write_string_stream_ts( - return -EBADF; - } - -+ if (flags & WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) { -+ _cleanup_free_ char *t = NULL; -+ -+ /* If value to be written is same as that of the existing value, then suppress the write. */ -+ -+ if (fd < 0) { -+ fd = fileno(f); -+ if (fd < 0) -+ return -EBADF; -+ } -+ -+ /* Read an additional byte to detect cases where the prefix matches but the rest -+ * doesn't. Also, 0 returned by read_virtual_file_fd() means the read was truncated and -+ * it won't be equal to the new value. */ -+ if (read_virtual_file_fd(fd, strlen(line)+1, &t, NULL) > 0 && -+ streq_skip_trailing_chars(line, t, NEWLINE)) { -+ log_debug("No change in value '%s', supressing write", line); -+ return 0; -+ } -+ -+ if (lseek(fd, 0, SEEK_SET) < 0) -+ return -errno; -+ } -+ - needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); - - if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { -@@ -261,10 +285,11 @@ int write_string_file_ts( - assert(!ts); - - /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ -- fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | -+ fd = open(fn, O_CLOEXEC|O_NOCTTY | - (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | - (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | -- (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), -+ (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0) | -+ (FLAGS_SET(flags, WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL) ? O_RDWR : O_WRONLY), - (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); - if (fd < 0) { - r = -errno; -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 82330840bf..a72b2f3881 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -15,17 +15,18 @@ - #define LONG_LINE_MAX (1U*1024U*1024U) - - typedef enum { -- WRITE_STRING_FILE_CREATE = 1 << 0, -- WRITE_STRING_FILE_TRUNCATE = 1 << 1, -- WRITE_STRING_FILE_ATOMIC = 1 << 2, -- WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, -- WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, -- WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, -- WRITE_STRING_FILE_SYNC = 1 << 6, -- WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, -- WRITE_STRING_FILE_NOFOLLOW = 1 << 8, -- WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, -- WRITE_STRING_FILE_MODE_0600 = 1 << 10, -+ WRITE_STRING_FILE_CREATE = 1 << 0, -+ WRITE_STRING_FILE_TRUNCATE = 1 << 1, -+ WRITE_STRING_FILE_ATOMIC = 1 << 2, -+ WRITE_STRING_FILE_AVOID_NEWLINE = 1 << 3, -+ WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 4, -+ WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE = 1 << 5, -+ WRITE_STRING_FILE_SYNC = 1 << 6, -+ WRITE_STRING_FILE_DISABLE_BUFFER = 1 << 7, -+ WRITE_STRING_FILE_NOFOLLOW = 1 << 8, -+ WRITE_STRING_FILE_MKDIR_0755 = 1 << 9, -+ WRITE_STRING_FILE_MODE_0600 = 1 << 10, -+ WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL = 1 << 11, - - /* And before you wonder, why write_string_file_atomic_label_ts() is a separate function instead of just one - more flag here: it's about linking: we don't want to pull -lselinux into all users of write_string_file() --- -2.31.1 - - -From 41d86b627331f432454280714dd5b17d255367ba Mon Sep 17 00:00:00 2001 -From: Antony Deepak Thomas -Date: Wed, 29 Sep 2021 13:07:42 +0900 -Subject: [PATCH 4/4] sysctl-util: minimize side-effects when running - `systemd-sysctl` - -Currently `systemd-sysctl` binary is used in `systemd-sysctl.service` -which is mostly configured as `oneshot`. There are situations where one -would like to use systemd to maintain Sysctl configurations on a host, -using a configuration managers such as Chef or Puppet, by apply -configurations every X duration. -The problem with using `systemd-sysctl` is that it writes all the Sysctl -settings, even if the values for those settings have not changed. From -experience, we have observed that some Sysctl settings cause actions in -the kernel upon writing(like dropping caches) which in turn cause -undesired side effects. -This patch tries to minimize such side effects by comparing values -before writing. ---- - src/basic/sysctl-util.c | 19 +++++-------------- - 1 file changed, 5 insertions(+), 14 deletions(-) - -diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c -index 8913e6ff85..4da3eaf5f7 100644 ---- a/src/basic/sysctl-util.c -+++ b/src/basic/sysctl-util.c -@@ -44,25 +44,16 @@ char *sysctl_normalize(char *s) { - - int sysctl_write(const char *property, const char *value) { - char *p; -- _cleanup_close_ int fd = -1; -- - assert(property); - assert(value); -- -- log_debug("Setting '%s' to '%.*s'.", property, (int) strcspn(value, NEWLINE), value); -- - p = strjoina("/proc/sys/", property); -- fd = open(p, O_WRONLY|O_CLOEXEC); -- if (fd < 0) -- return -errno; -+ path_simplify(p); -+ if (!path_is_normalized(p)) -+ return -EINVAL; - -- if (!endswith(value, "\n")) -- value = strjoina(value, "\n"); -- -- if (write(fd, value, strlen(value)) < 0) -- return -errno; -+ log_debug("Setting '%s' to '%s'", p, value); - -- return 0; -+ return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); - } - - int sysctl_writef(const char *property, const char *format, ...) { --- -2.31.1 - diff --git a/SOURCES/20695.patch b/SOURCES/20695.patch deleted file mode 100644 index f7ac0bd..0000000 --- a/SOURCES/20695.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 -From: Chris Packham -Date: Fri, 10 Sep 2021 09:51:36 +1200 -Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 - -ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition - -Fixes #20694 ---- - src/basic/linux/if_arp.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -index c3cc5a9e5eaf..4783af9fe520 100644 ---- a/src/basic/linux/if_arp.h -+++ b/src/basic/linux/if_arp.h -@@ -54,6 +54,7 @@ - #define ARPHRD_X25 271 /* CCITT X.25 */ - #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ - #define ARPHRD_CAN 280 /* Controller Area Network */ -+#define ARPHRD_MCTP 290 - #define ARPHRD_PPP 512 - #define ARPHRD_CISCO 513 /* Cisco HDLC */ - #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/SOURCES/20729.patch b/SOURCES/20729.patch deleted file mode 100644 index 82904e5..0000000 --- a/SOURCES/20729.patch +++ /dev/null @@ -1,927 +0,0 @@ -From 6d9a72f3b9b4d00ec80051503e5e3d4d7cd46c05 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 01:28:29 +0900 -Subject: [PATCH 1/5] ethtool-util: use sizeof() - ---- - src/shared/ethtool-util.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index af3b917c75cb..d1f5eac63334 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -214,7 +214,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -254,7 +254,7 @@ int ethtool_get_link_info( - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -303,7 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -362,7 +362,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -405,7 +405,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -538,7 +538,7 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); - if (r < 0) -@@ -787,7 +787,7 @@ int ethtool_set_glinksettings( - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = get_glinksettings(*fd, &ifr, &u); - if (r < 0) { -@@ -857,7 +857,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -906,7 +906,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*fd, SIOCETHTOOL, &ifr); - if (r < 0) -@@ -974,7 +974,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, IFNAMSIZ, ifname); -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); - if (r < 0) - -From 4253dab576b3ff17887c3e0d97380aab2aa29d82 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 01:41:15 +0900 -Subject: [PATCH 2/5] ethtool-util: shorten code a bit - -Also fixes a error code in debugging log. ---- - src/shared/ethtool-util.c | 70 ++++++++++++--------------------------- - 1 file changed, 22 insertions(+), 48 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index d1f5eac63334..ac21ef0f61a8 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -216,8 +216,7 @@ int ethtool_get_driver(int *ethtool_fd, const char *ifname, char **ret) { - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (isempty(ecmd.driver)) -@@ -256,8 +255,7 @@ int ethtool_get_link_info( - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (ret_autonegotiation) -@@ -305,8 +303,7 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (epaddr.addr.size != 6) -@@ -364,8 +361,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - UPDATE(ecmd.wolopts, wolopts, need_update); -@@ -374,8 +370,7 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) { - return 0; - - ecmd.cmd = ETHTOOL_SWOL; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -407,8 +402,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (ring->rx.set) -@@ -427,8 +421,7 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - return 0; - - ecmd.cmd = ETHTOOL_SRINGPARAM; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -446,7 +439,6 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - }, - }; - unsigned len; -- int r; - - assert(ethtool_fd >= 0); - assert(ifr); -@@ -454,8 +446,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - - ifr->ifr_data = (void *) &buffer.info; - -- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - if (!buffer.info.sset_mask) -@@ -478,8 +469,7 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - - ifr->ifr_data = (void *) strings; - -- r = ioctl(ethtool_fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - *ret = TAKE_PTR(strings); -@@ -559,9 +549,8 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - - ifr.ifr_data = (void *) sfeatures; - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -- return log_debug_errno(r, "ethtool: could not set ethtool features for %s", ifname); -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) -+ return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); - - return 0; - } -@@ -575,7 +564,6 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset - }; - struct ethtool_link_usettings *u; - unsigned offset; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -591,8 +579,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - if (ecmd.req.link_mode_masks_nwords >= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) -@@ -602,8 +589,7 @@ static int get_glinksettings(int fd, struct ifreq *ifr, struct ethtool_link_uset - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - if (ecmd.req.link_mode_masks_nwords <= 0 || ecmd.req.cmd != ETHTOOL_GLINKSETTINGS) -@@ -636,7 +622,6 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r - struct ethtool_cmd ecmd = { - .cmd = ETHTOOL_GSET, - }; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -644,8 +629,7 @@ static int get_gset(int fd, struct ifreq *ifr, struct ethtool_link_usettings **r - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - e = new(struct ethtool_link_usettings, 1); -@@ -678,7 +662,6 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin - __u32 link_mode_data[3 * ETHTOOL_LINK_MODE_MASK_MAX_KERNEL_NU32]; - } ecmd = {}; - unsigned offset; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -700,8 +683,7 @@ static int set_slinksettings(int fd, struct ifreq *ifr, const struct ethtool_lin - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - return 0; -@@ -711,7 +693,6 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin - struct ethtool_cmd ecmd = { - .cmd = ETHTOOL_SSET, - }; -- int r; - - assert(fd >= 0); - assert(ifr); -@@ -736,8 +717,7 @@ static int set_sset(int fd, struct ifreq *ifr, const struct ethtool_link_usettin - - ifr->ifr_data = (void *) &ecmd; - -- r = ioctl(fd, SIOCETHTOOL, ifr); -- if (r < 0) -+ if (ioctl(fd, SIOCETHTOOL, ifr) < 0) - return -errno; - - return 0; -@@ -859,8 +839,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (channels->rx.set) -@@ -879,8 +858,7 @@ int ethtool_set_channels(int *fd, const char *ifname, const netdev_channels *cha - return 0; - - ecmd.cmd = ETHTOOL_SCHANNELS; -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -908,8 +886,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (rx >= 0) -@@ -925,8 +902,7 @@ int ethtool_set_flow_control(int *fd, const char *ifname, int rx, int tx, int au - return 0; - - ecmd.cmd = ETHTOOL_SPAUSEPARAM; -- r = ioctl(*fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; -@@ -976,8 +952,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const - - strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - if (coalesce->use_adaptive_rx_coalesce >= 0) -@@ -1050,8 +1025,7 @@ int ethtool_set_nic_coalesce_settings(int *ethtool_fd, const char *ifname, const - return 0; - - ecmd.cmd = ETHTOOL_SCOALESCE; -- r = ioctl(*ethtool_fd, SIOCETHTOOL, &ifr); -- if (r < 0) -+ if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - return 0; - -From 008d3a370ccdea13290ab9277b32cc582b886b17 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 14 Sep 2021 17:42:52 +0900 -Subject: [PATCH 3/5] ethtool: do not set unavailable or never_changed bits - ---- - src/shared/ethtool-util.c | 138 ++++++++++++++++++++++++++------------ - 1 file changed, 96 insertions(+), 42 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index ac21ef0f61a8..59b1bd86f085 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -427,30 +427,31 @@ int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netde - return 0; - } - --static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, struct ethtool_gstrings **ret) { -+static int get_stringset(int ethtool_fd, const char *ifname, enum ethtool_stringset stringset_id, struct ethtool_gstrings **ret) { - _cleanup_free_ struct ethtool_gstrings *strings = NULL; - struct { - struct ethtool_sset_info info; - uint32_t space; - } buffer = { -- .info = { -- .cmd = ETHTOOL_GSSET_INFO, -- .sset_mask = UINT64_C(1) << stringset_id, -- }, -+ .info.cmd = ETHTOOL_GSSET_INFO, -+ .info.sset_mask = UINT64_C(1) << stringset_id, - }; -- unsigned len; -+ struct ifreq ifr = { -+ .ifr_data = (void*) &buffer, -+ }; -+ uint32_t len; - - assert(ethtool_fd >= 0); -- assert(ifr); -+ assert(ifname); - assert(ret); - -- ifr->ifr_data = (void *) &buffer.info; -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - -- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - -- if (!buffer.info.sset_mask) -- return -EINVAL; -+ if (buffer.info.sset_mask == 0) -+ return -EOPNOTSUPP; - - #pragma GCC diagnostic push - #if HAVE_ZERO_LENGTH_BOUNDS -@@ -458,8 +459,10 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - #endif - len = buffer.info.data[0]; - #pragma GCC diagnostic pop -+ if (len == 0) -+ return -EOPNOTSUPP; - -- strings = malloc0(sizeof(struct ethtool_gstrings) + len * ETH_GSTRING_LEN); -+ strings = malloc0(offsetof(struct ethtool_gstrings, data) + len * ETH_GSTRING_LEN); - if (!strings) - return -ENOMEM; - -@@ -467,47 +470,92 @@ static int get_stringset(int ethtool_fd, struct ifreq *ifr, int stringset_id, st - strings->string_set = stringset_id; - strings->len = len; - -- ifr->ifr_data = (void *) strings; -+ ifr.ifr_data = (void*) strings; - -- if (ioctl(ethtool_fd, SIOCETHTOOL, ifr) < 0) -+ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return -errno; - - *ret = TAKE_PTR(strings); -+ return 0; -+} -+ -+static int get_features(int ethtool_fd, const char *ifname, uint32_t n_features, struct ethtool_gfeatures **ret) { -+ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; -+ struct ifreq ifr; -+ -+ assert(ethtool_fd >= 0); -+ assert(ifname); -+ assert(ret); -+ assert(n_features > 0); -+ -+ gfeatures = malloc0(offsetof(struct ethtool_gfeatures, features) + -+ DIV_ROUND_UP(n_features, 32U) * sizeof(gfeatures->features[0])); -+ if (!gfeatures) -+ return -ENOMEM; -+ -+ gfeatures->cmd = ETHTOOL_GFEATURES; -+ gfeatures->size = DIV_ROUND_UP(n_features, 32U); -+ -+ ifr = (struct ifreq) { -+ .ifr_data = (void*) gfeatures, -+ }; -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); -+ -+ if (ioctl(ethtool_fd, SIOCETHTOOL, &ifr) < 0) -+ return -errno; - -+ *ret = TAKE_PTR(gfeatures); - return 0; - } - - static int set_features_bit( - const struct ethtool_gstrings *strings, -+ const struct ethtool_gfeatures *gfeatures, -+ struct ethtool_sfeatures *sfeatures, - const char *feature, -- bool flag, -- struct ethtool_sfeatures *sfeatures) { -+ int flag) { -+ - bool found = false; -+ int r = -ENODATA; - - assert(strings); -- assert(feature); -+ assert(gfeatures); - assert(sfeatures); -+ assert(feature); -+ -+ if (flag < 0) -+ return 0; -+ -+ for (uint32_t i = 0; i < strings->len; i++) { -+ uint32_t block, mask; - -- for (size_t i = 0; i < strings->len; i++) -- if (streq((char *) &strings->data[i * ETH_GSTRING_LEN], feature) || -- (endswith(feature, "-") && startswith((char *) &strings->data[i * ETH_GSTRING_LEN], feature))) { -- size_t block, bit; -+ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && -+ !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) -+ continue; - -- block = i / 32; -- bit = i % 32; -+ block = i / 32; -+ mask = UINT32_C(1) << (i % 32); - -- sfeatures->features[block].valid |= 1 << bit; -- SET_FLAG(sfeatures->features[block].requested, 1 << bit, flag); -- found = true; -+ if (!FLAGS_SET(gfeatures->features[block].available, mask) || -+ FLAGS_SET(gfeatures->features[block].never_changed, mask)) { -+ r = -EOPNOTSUPP; -+ continue; - } - -- return found ? 0 : -ENODATA; -+ sfeatures->features[block].valid |= mask; -+ SET_FLAG(sfeatures->features[block].requested, mask, flag); -+ -+ found = true; -+ } -+ -+ return found ? 0 : r; - } - - int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]) { - _cleanup_free_ struct ethtool_gstrings *strings = NULL; -- struct ethtool_sfeatures *sfeatures; -- struct ifreq ifr = {}; -+ _cleanup_free_ struct ethtool_gfeatures *gfeatures = NULL; -+ _cleanup_free_ struct ethtool_sfeatures *sfeatures = NULL; -+ struct ifreq ifr; - bool have = false; - int r; - -@@ -528,26 +576,32 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - if (r < 0) - return r; - -- strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); -+ r = get_stringset(*ethtool_fd, ifname, ETH_SS_FEATURES, &strings); -+ if (r < 0) -+ return log_debug_errno(r, "ethtool: could not get ethtool feature strings: %m"); - -- r = get_stringset(*ethtool_fd, &ifr, ETH_SS_FEATURES, &strings); -+ r = get_features(*ethtool_fd, ifname, strings->len, &gfeatures); - if (r < 0) -- return log_debug_errno(r, "ethtool: could not get ethtool features for %s", ifname); -+ return log_debug_errno(r, "ethtool: could not get ethtool features for %s: %m", ifname); -+ -+ sfeatures = malloc0(offsetof(struct ethtool_sfeatures, features) + -+ DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); -+ if (!sfeatures) -+ return log_oom_debug(); - -- sfeatures = alloca0(sizeof(struct ethtool_sfeatures) + DIV_ROUND_UP(strings->len, 32U) * sizeof(sfeatures->features[0])); - sfeatures->cmd = ETHTOOL_SFEATURES; - sfeatures->size = DIV_ROUND_UP(strings->len, 32U); - -- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) -- if (features[i] >= 0) { -- r = set_features_bit(strings, netdev_feature_table[i], features[i], sfeatures); -- if (r < 0) { -- log_debug_errno(r, "ethtool: could not find feature, ignoring: %s", netdev_feature_table[i]); -- continue; -- } -- } -+ for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { -+ r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); -+ if (r < 0) -+ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); -+ } - -- ifr.ifr_data = (void *) sfeatures; -+ ifr = (struct ifreq) { -+ .ifr_data = (void*) sfeatures, -+ }; -+ strscpy(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); - - if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0) - return log_debug_errno(errno, "ethtool: could not set ethtool features for %s", ifname); - -From 7a4f203547c62cdc7611f38d97058b530570048f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 01:48:59 +0900 -Subject: [PATCH 4/5] ethtool-util: apply tx-checksum-* features at last - -NET_DEV_FEAT_TX matches multiple features. In the next commit, all -features whose strings start with "tx-checksum-" will be added. -To make them take precedence over NET_DEV_FEAT_TX, it will be applied -only when each explicit feature is not applied. ---- - src/shared/ethtool-util.c | 55 ++++++++++++++++++++++++++++++++++++--- - src/shared/ethtool-util.h | 4 ++- - 2 files changed, 54 insertions(+), 5 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index 59b1bd86f085..e95ce1a20917 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -71,13 +71,14 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse P - - static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { - [NET_DEV_FEAT_RX] = "rx-checksum", -- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ - [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", - [NET_DEV_FEAT_GRO] = "rx-gro", - [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", - [NET_DEV_FEAT_LRO] = "rx-lro", - [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", - [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -+ -+ [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ - }; - - static const char* const ethtool_link_mode_bit_table[] = { -@@ -515,6 +516,43 @@ static int set_features_bit( - const char *feature, - int flag) { - -+ assert(strings); -+ assert(gfeatures); -+ assert(sfeatures); -+ assert(feature); -+ -+ if (flag < 0) -+ return 0; -+ -+ for (uint32_t i = 0; i < strings->len; i++) { -+ uint32_t block, mask; -+ -+ if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN)) -+ continue; -+ -+ block = i / 32; -+ mask = UINT32_C(1) << (i % 32); -+ -+ if (!FLAGS_SET(gfeatures->features[block].available, mask) || -+ FLAGS_SET(gfeatures->features[block].never_changed, mask)) -+ return -EOPNOTSUPP; -+ -+ sfeatures->features[block].valid |= mask; -+ SET_FLAG(sfeatures->features[block].requested, mask, flag); -+ -+ return 0; -+ } -+ -+ return -ENODATA; -+} -+ -+static int set_features_multiple_bit( -+ const struct ethtool_gstrings *strings, -+ const struct ethtool_gfeatures *gfeatures, -+ struct ethtool_sfeatures *sfeatures, -+ const char *feature, -+ int flag) { -+ - bool found = false; - int r = -ENODATA; - -@@ -529,8 +567,7 @@ static int set_features_bit( - for (uint32_t i = 0; i < strings->len; i++) { - uint32_t block, mask; - -- if (!strneq((const char*) &strings->data[i * ETH_GSTRING_LEN], feature, ETH_GSTRING_LEN) && -- !(endswith(feature, "-") && startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature))) -+ if (!startswith((const char*) &strings->data[i * ETH_GSTRING_LEN], feature)) - continue; - - block = i / 32; -@@ -542,6 +579,10 @@ static int set_features_bit( - continue; - } - -+ /* The flags is explicitly set by set_features_bit() */ -+ if (FLAGS_SET(sfeatures->features[block].valid, mask)) -+ continue; -+ - sfeatures->features[block].valid |= mask; - SET_FLAG(sfeatures->features[block].requested, mask, flag); - -@@ -592,12 +633,18 @@ int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features - sfeatures->cmd = ETHTOOL_SFEATURES; - sfeatures->size = DIV_ROUND_UP(strings->len, 32U); - -- for (size_t i = 0; i < _NET_DEV_FEAT_MAX; i++) { -+ for (size_t i = 0; i < _NET_DEV_FEAT_SIMPLE_MAX; i++) { - r = set_features_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); - if (r < 0) - log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); - } - -+ for (size_t i = _NET_DEV_FEAT_SIMPLE_MAX; i < _NET_DEV_FEAT_MAX; i++) { -+ r = set_features_multiple_bit(strings, gfeatures, sfeatures, netdev_feature_table[i], features[i]); -+ if (r < 0) -+ log_debug_errno(r, "ethtool: could not set feature %s for %s, ignoring: %m", netdev_feature_table[i], ifname); -+ } -+ - ifr = (struct ifreq) { - .ifr_data = (void*) sfeatures, - }; -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 6e180995055b..3f2252563304 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -20,13 +20,15 @@ typedef enum Duplex { - - typedef enum NetDevFeature { - NET_DEV_FEAT_RX, -- NET_DEV_FEAT_TX, - NET_DEV_FEAT_GSO, - NET_DEV_FEAT_GRO, - NET_DEV_FEAT_GRO_HW, - NET_DEV_FEAT_LRO, - NET_DEV_FEAT_TSO, - NET_DEV_FEAT_TSO6, -+ _NET_DEV_FEAT_SIMPLE_MAX, -+ -+ NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, - _NET_DEV_FEAT_MAX, - _NET_DEV_FEAT_INVALID = -EINVAL, - } NetDevFeature; - -From 77bf5c31de1d01edd49ac6aa25cdbe7734a11a25 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 14 Sep 2021 22:12:42 +0900 -Subject: [PATCH 5/5] ethtool-util: add more network device features - -Then, we can easily add new settings to configure features in .link -file. ---- - src/shared/ethtool-util.c | 73 ++++++++++++++++++++++++---- - src/shared/ethtool-util.h | 59 +++++++++++++++++++++- - src/udev/net/link-config-gperf.gperf | 4 +- - 3 files changed, 123 insertions(+), 13 deletions(-) - -diff --git a/src/shared/ethtool-util.c b/src/shared/ethtool-util.c -index e95ce1a20917..00060abff40f 100644 ---- a/src/shared/ethtool-util.c -+++ b/src/shared/ethtool-util.c -@@ -70,15 +70,70 @@ DEFINE_STRING_TABLE_LOOKUP(port, NetDevPort); - DEFINE_CONFIG_PARSE_ENUM(config_parse_port, port, NetDevPort, "Failed to parse Port setting"); - - static const char* const netdev_feature_table[_NET_DEV_FEAT_MAX] = { -- [NET_DEV_FEAT_RX] = "rx-checksum", -- [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -- [NET_DEV_FEAT_GRO] = "rx-gro", -- [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", -- [NET_DEV_FEAT_LRO] = "rx-lro", -- [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -- [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -- -- [NET_DEV_FEAT_TX] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ -+ [NET_DEV_FEAT_SG] = "tx-scatter-gather", -+ [NET_DEV_FEAT_IP_CSUM] = "tx-checksum-ipv4", -+ [NET_DEV_FEAT_HW_CSUM] = "tx-checksum-ip-generic", -+ [NET_DEV_FEAT_IPV6_CSUM] = "tx-checksum-ipv6", -+ [NET_DEV_FEAT_HIGHDMA] = "highdma", -+ [NET_DEV_FEAT_FRAGLIST] = "tx-scatter-gather-fraglist", -+ [NET_DEV_FEAT_HW_VLAN_CTAG_TX] = "tx-vlan-hw-insert", -+ [NET_DEV_FEAT_HW_VLAN_CTAG_RX] = "rx-vlan-hw-parse", -+ [NET_DEV_FEAT_HW_VLAN_CTAG_FILTER] = "rx-vlan-filter", -+ [NET_DEV_FEAT_HW_VLAN_STAG_TX] = "tx-vlan-stag-hw-insert", -+ [NET_DEV_FEAT_HW_VLAN_STAG_RX] = "rx-vlan-stag-hw-parse", -+ [NET_DEV_FEAT_HW_VLAN_STAG_FILTER] = "rx-vlan-stag-filter", -+ [NET_DEV_FEAT_VLAN_CHALLENGED] = "vlan-challenged", -+ [NET_DEV_FEAT_GSO] = "tx-generic-segmentation", -+ [NET_DEV_FEAT_LLTX] = "tx-lockless", -+ [NET_DEV_FEAT_NETNS_LOCAL] = "netns-local", -+ [NET_DEV_FEAT_GRO] = "rx-gro", -+ [NET_DEV_FEAT_GRO_HW] = "rx-gro-hw", -+ [NET_DEV_FEAT_LRO] = "rx-lro", -+ [NET_DEV_FEAT_TSO] = "tx-tcp-segmentation", -+ [NET_DEV_FEAT_GSO_ROBUST] = "tx-gso-robust", -+ [NET_DEV_FEAT_TSO_ECN] = "tx-tcp-ecn-segmentation", -+ [NET_DEV_FEAT_TSO_MANGLEID] = "tx-tcp-mangleid-segmentation", -+ [NET_DEV_FEAT_TSO6] = "tx-tcp6-segmentation", -+ [NET_DEV_FEAT_FSO] = "tx-fcoe-segmentation", -+ [NET_DEV_FEAT_GSO_GRE] = "tx-gre-segmentation", -+ [NET_DEV_FEAT_GSO_GRE_CSUM] = "tx-gre-csum-segmentation", -+ [NET_DEV_FEAT_GSO_IPXIP4] = "tx-ipxip4-segmentation", -+ [NET_DEV_FEAT_GSO_IPXIP6] = "tx-ipxip6-segmentation", -+ [NET_DEV_FEAT_GSO_UDP_TUNNEL] = "tx-udp_tnl-segmentation", -+ [NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM] = "tx-udp_tnl-csum-segmentation", -+ [NET_DEV_FEAT_GSO_PARTIAL] = "tx-gso-partial", -+ [NET_DEV_FEAT_GSO_TUNNEL_REMCSUM] = "tx-tunnel-remcsum-segmentation", -+ [NET_DEV_FEAT_GSO_SCTP] = "tx-sctp-segmentation", -+ [NET_DEV_FEAT_GSO_ESP] = "tx-esp-segmentation", -+ [NET_DEV_FEAT_GSO_UDP_L4] = "tx-udp-segmentation", -+ [NET_DEV_FEAT_GSO_FRAGLIST] = "tx-gso-list", -+ [NET_DEV_FEAT_FCOE_CRC] = "tx-checksum-fcoe-crc", -+ [NET_DEV_FEAT_SCTP_CRC] = "tx-checksum-sctp", -+ [NET_DEV_FEAT_FCOE_MTU] = "fcoe-mtu", -+ [NET_DEV_FEAT_NTUPLE] = "rx-ntuple-filter", -+ [NET_DEV_FEAT_RXHASH] = "rx-hashing", -+ [NET_DEV_FEAT_RXCSUM] = "rx-checksum", -+ [NET_DEV_FEAT_NOCACHE_COPY] = "tx-nocache-copy", -+ [NET_DEV_FEAT_LOOPBACK] = "loopback", -+ [NET_DEV_FEAT_RXFCS] = "rx-fcs", -+ [NET_DEV_FEAT_RXALL] = "rx-all", -+ [NET_DEV_FEAT_HW_L2FW_DOFFLOAD] = "l2-fwd-offload", -+ [NET_DEV_FEAT_HW_TC] = "hw-tc-offload", -+ [NET_DEV_FEAT_HW_ESP] = "esp-hw-offload", -+ [NET_DEV_FEAT_HW_ESP_TX_CSUM] = "esp-tx-csum-hw-offload", -+ [NET_DEV_FEAT_RX_UDP_TUNNEL_PORT] = "rx-udp_tunnel-port-offload", -+ [NET_DEV_FEAT_HW_TLS_RECORD] = "tls-hw-record", -+ [NET_DEV_FEAT_HW_TLS_TX] = "tls-hw-tx-offload", -+ [NET_DEV_FEAT_HW_TLS_RX] = "tls-hw-rx-offload", -+ [NET_DEV_FEAT_GRO_FRAGLIST] = "rx-gro-list", -+ [NET_DEV_FEAT_HW_MACSEC] = "macsec-hw-offload", -+ [NET_DEV_FEAT_GRO_UDP_FWD] = "rx-udp-gro-forwarding", -+ [NET_DEV_FEAT_HW_HSR_TAG_INS] = "hsr-tag-ins-offload", -+ [NET_DEV_FEAT_HW_HSR_TAG_RM] = "hsr-tag-rm-offload", -+ [NET_DEV_FEAT_HW_HSR_FWD] = "hsr-fwd-offload", -+ [NET_DEV_FEAT_HW_HSR_DUP] = "hsr-dup-offload", -+ -+ [NET_DEV_FEAT_TXCSUM] = "tx-checksum-", /* The suffix "-" means any feature beginning with "tx-checksum-" */ - }; - - static const char* const ethtool_link_mode_bit_table[] = { -diff --git a/src/shared/ethtool-util.h b/src/shared/ethtool-util.h -index 3f2252563304..cc0655893175 100644 ---- a/src/shared/ethtool-util.h -+++ b/src/shared/ethtool-util.h -@@ -19,16 +19,71 @@ typedef enum Duplex { - } Duplex; - - typedef enum NetDevFeature { -- NET_DEV_FEAT_RX, -+ NET_DEV_FEAT_SG, -+ NET_DEV_FEAT_IP_CSUM, -+ NET_DEV_FEAT_HW_CSUM, -+ NET_DEV_FEAT_IPV6_CSUM, -+ NET_DEV_FEAT_HIGHDMA, -+ NET_DEV_FEAT_FRAGLIST, -+ NET_DEV_FEAT_HW_VLAN_CTAG_TX, -+ NET_DEV_FEAT_HW_VLAN_CTAG_RX, -+ NET_DEV_FEAT_HW_VLAN_CTAG_FILTER, -+ NET_DEV_FEAT_HW_VLAN_STAG_TX, -+ NET_DEV_FEAT_HW_VLAN_STAG_RX, -+ NET_DEV_FEAT_HW_VLAN_STAG_FILTER, -+ NET_DEV_FEAT_VLAN_CHALLENGED, - NET_DEV_FEAT_GSO, -+ NET_DEV_FEAT_LLTX, -+ NET_DEV_FEAT_NETNS_LOCAL, - NET_DEV_FEAT_GRO, - NET_DEV_FEAT_GRO_HW, - NET_DEV_FEAT_LRO, - NET_DEV_FEAT_TSO, -+ NET_DEV_FEAT_GSO_ROBUST, -+ NET_DEV_FEAT_TSO_ECN, -+ NET_DEV_FEAT_TSO_MANGLEID, - NET_DEV_FEAT_TSO6, -+ NET_DEV_FEAT_FSO, -+ NET_DEV_FEAT_GSO_GRE, -+ NET_DEV_FEAT_GSO_GRE_CSUM, -+ NET_DEV_FEAT_GSO_IPXIP4, -+ NET_DEV_FEAT_GSO_IPXIP6, -+ NET_DEV_FEAT_GSO_UDP_TUNNEL, -+ NET_DEV_FEAT_GSO_UDP_TUNNEL_CSUM, -+ NET_DEV_FEAT_GSO_PARTIAL, -+ NET_DEV_FEAT_GSO_TUNNEL_REMCSUM, -+ NET_DEV_FEAT_GSO_SCTP, -+ NET_DEV_FEAT_GSO_ESP, -+ NET_DEV_FEAT_GSO_UDP_L4, -+ NET_DEV_FEAT_GSO_FRAGLIST, -+ NET_DEV_FEAT_FCOE_CRC, -+ NET_DEV_FEAT_SCTP_CRC, -+ NET_DEV_FEAT_FCOE_MTU, -+ NET_DEV_FEAT_NTUPLE, -+ NET_DEV_FEAT_RXHASH, -+ NET_DEV_FEAT_RXCSUM, -+ NET_DEV_FEAT_NOCACHE_COPY, -+ NET_DEV_FEAT_LOOPBACK, -+ NET_DEV_FEAT_RXFCS, -+ NET_DEV_FEAT_RXALL, -+ NET_DEV_FEAT_HW_L2FW_DOFFLOAD, -+ NET_DEV_FEAT_HW_TC, -+ NET_DEV_FEAT_HW_ESP, -+ NET_DEV_FEAT_HW_ESP_TX_CSUM, -+ NET_DEV_FEAT_RX_UDP_TUNNEL_PORT, -+ NET_DEV_FEAT_HW_TLS_RECORD, -+ NET_DEV_FEAT_HW_TLS_TX, -+ NET_DEV_FEAT_HW_TLS_RX, -+ NET_DEV_FEAT_GRO_FRAGLIST, -+ NET_DEV_FEAT_HW_MACSEC, -+ NET_DEV_FEAT_GRO_UDP_FWD, -+ NET_DEV_FEAT_HW_HSR_TAG_INS, -+ NET_DEV_FEAT_HW_HSR_TAG_RM, -+ NET_DEV_FEAT_HW_HSR_FWD, -+ NET_DEV_FEAT_HW_HSR_DUP, - _NET_DEV_FEAT_SIMPLE_MAX, - -- NET_DEV_FEAT_TX = _NET_DEV_FEAT_SIMPLE_MAX, -+ NET_DEV_FEAT_TXCSUM = _NET_DEV_FEAT_SIMPLE_MAX, - _NET_DEV_FEAT_MAX, - _NET_DEV_FEAT_INVALID = -EINVAL, - } NetDevFeature; -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index 44b46cb17c0b..e3cdaaee0509 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -50,8 +50,8 @@ Link.Duplex, config_parse_duplex, - Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) - Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) - Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) --Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RX]) --Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TX]) -+Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) -+Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) - Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) - Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) - Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) diff --git a/SOURCES/20743.patch b/SOURCES/20743.patch deleted file mode 100644 index 0975ce8..0000000 --- a/SOURCES/20743.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0fc51b569570e8bf5aecd5ee03a88eb668b7b385 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 14 Sep 2021 16:33:10 -0700 -Subject: [PATCH] fileio: start with 4k buffer for procfs - -There's a very gradual increase of anonymous memory in systemd-journald that -blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. - -systemd-journald makes many calls to read /proc/PID/cmdline and -/proc/PID/status, both of which tend to be well under 4K. However the -combination of allocating 4M read buffers, then using `realloc()` to -shrink the buffer in `read_virtual_file()` appears to be creating -fragmentation in the heap (when combined with the other allocations -systemd-journald is doing). - -To help mitigate this, try reading /proc with a 4K buffer as -`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. -If it isn't big enough then try again with the larger buffers. ---- - src/basic/fileio.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 99a44fdea2..466c6321c7 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -431,6 +431,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - } - - n_retries--; -+ } else if (n_retries > 1) { -+ /* Files in /proc are generally smaller than the page size so let's start with a page size -+ * buffer from malloc and only use the max buffer on the final try. */ -+ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); -+ n_retries = 1; - } else { - size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); - n_retries = 0; --- -2.31.1 - diff --git a/SOURCES/20828.patch b/SOURCES/20828.patch deleted file mode 100644 index 2b55bd4..0000000 --- a/SOURCES/20828.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 88eca13f57194765d184ca227320df83f48020e2 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Fri, 24 Sep 2021 01:19:00 -0700 -Subject: [PATCH] link: connect 5 more properties to ethtool features - -Sets up the follow properties and their corresponding ethtool feature: -- ReceiveVLANCTAGHardwareAcceleration == rx-vlan-hw-parse (or rxvlan) -- TransmitVLANCTAGHardwareAcceleration == tx-vlan-hw-insert (or txvlan) -- ReceiveVLANCTAGFilter == rx-vlan-filter -- TransmitVLANSTAGHardwareAcceleration == tx-vlan-stag-hw-insert -- NTupleFilter == rx-ntuple-filter (or ntuple) ---- - man/systemd.link.xml | 35 +++++ - src/udev/net/link-config-gperf.gperf | 153 +++++++++++---------- - test/fuzz/fuzz-link-parser/directives.link | 5 + - 3 files changed, 119 insertions(+), 74 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 638a1522cd38..c8d3c5137459 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -715,6 +715,41 @@ - When unset, the kernel's default will be used. - - -+ -+ ReceiveVLANCTAGHardwareAcceleration= -+ -+ Takes a boolean. If set to true, receive VLAN CTAG hardware acceleration is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ TransmitVLANCTAGHardwareAcceleration= -+ -+ Takes a boolean. If set to true, transmit VLAN CTAG hardware acceleration is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ ReceiveVLANCTAGFilter= -+ -+ Takes a boolean. If set to true, receive filtering on VLAN CTAGs is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ TransmitVLANSTAGHardwareAcceleration= -+ -+ Takes a boolean. If set to true, transmit VLAN STAG HW acceleration is enabled. -+ When unset, the kernel's default will be used. -+ -+ -+ -+ NTupleFilter= -+ -+ Takes a boolean. If set to true, receive N-tuple filters and actions are enabled. -+ When unset, the kernel's default will be used. -+ -+ - - RxChannels= - TxChannels= -diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf -index e3cdaaee0509..04c255ce514c 100644 ---- a/src/udev/net/link-config-gperf.gperf -+++ b/src/udev/net/link-config-gperf.gperf -@@ -21,77 +21,82 @@ struct ConfigPerfItem; - %struct-type - %includes - %% --Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) --Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) --Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) --Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) --Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) --Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) --Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) --Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) --Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) --Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) --Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) --Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) --Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) --Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) --Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) --Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) --Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) --Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) --Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) --Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) --Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) --Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) --Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) --Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) --Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) --Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) --Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) --Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) --Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) --Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) --Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) --Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) --Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) --Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) --Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 --Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) --Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) --Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) --Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) --Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) --Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) --Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) --Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) --Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) --Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) --Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) --Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) --Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) --Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) --Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) --Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) --Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) --Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) --Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) --Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) --Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) --Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) --Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) --Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) --Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) --Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) --Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) --Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) --Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) --Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) --Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) --Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) --Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) --Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) --Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) --Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) --Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) --Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) --Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) -+Match.MACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.mac) -+Match.PermanentMACAddress, config_parse_hwaddrs, 0, offsetof(LinkConfig, match.permanent_mac) -+Match.OriginalName, config_parse_match_ifnames, 0, offsetof(LinkConfig, match.ifname) -+Match.Path, config_parse_match_strv, 0, offsetof(LinkConfig, match.path) -+Match.Driver, config_parse_match_strv, 0, offsetof(LinkConfig, match.driver) -+Match.Type, config_parse_match_strv, 0, offsetof(LinkConfig, match.iftype) -+Match.Property, config_parse_match_property, 0, offsetof(LinkConfig, match.property) -+Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(LinkConfig, conditions) -+Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(LinkConfig, conditions) -+Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(LinkConfig, conditions) -+Match.KernelVersion, config_parse_net_condition, CONDITION_KERNEL_VERSION, offsetof(LinkConfig, conditions) -+Match.Architecture, config_parse_net_condition, CONDITION_ARCHITECTURE, offsetof(LinkConfig, conditions) -+Link.Description, config_parse_string, 0, offsetof(LinkConfig, description) -+Link.MACAddressPolicy, config_parse_mac_address_policy, 0, offsetof(LinkConfig, mac_address_policy) -+Link.MACAddress, config_parse_hwaddr, 0, offsetof(LinkConfig, mac) -+Link.NamePolicy, config_parse_name_policy, 0, offsetof(LinkConfig, name_policy) -+Link.Name, config_parse_ifname, 0, offsetof(LinkConfig, name) -+Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(LinkConfig, alternative_names) -+Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(LinkConfig, alternative_names_policy) -+Link.Alias, config_parse_ifalias, 0, offsetof(LinkConfig, alias) -+Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, txqueues) -+Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(LinkConfig, rxqueues) -+Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(LinkConfig, txqueuelen) -+Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(LinkConfig, mtu) -+Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(LinkConfig, speed) -+Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex) -+Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation) -+Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol) -+Link.Port, config_parse_port, 0, offsetof(LinkConfig, port) -+Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM]) -+Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM]) -+Link.GenericSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GSO]) -+Link.TCPSegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO]) -+Link.TCP6SegmentationOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TSO6]) -+Link.UDPSegmentationOffload, config_parse_warn_compat, DISABLED_LEGACY, 0 -+Link.GenericReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO]) -+Link.GenericReceiveOffloadHardware, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_GRO_HW]) -+Link.LargeReceiveOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_LRO]) -+Link.ReceiveVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_RX]) -+Link.TransmitVLANCTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_TX]) -+Link.ReceiveVLANCTAGFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_CTAG_FILTER]) -+Link.TransmitVLANSTAGHardwareAcceleration, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_HW_VLAN_STAG_TX]) -+Link.NTupleFilter, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_NTUPLE]) -+Link.RxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.rx) -+Link.TxChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.tx) -+Link.OtherChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.other) -+Link.CombinedChannels, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, channels.combined) -+Link.Advertise, config_parse_advertise, 0, offsetof(LinkConfig, advertise) -+Link.RxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx) -+Link.RxMiniBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_mini) -+Link.RxJumboBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.rx_jumbo) -+Link.TxBufferSize, config_parse_ring_buffer_or_channel, 0, offsetof(LinkConfig, ring.tx) -+Link.RxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, rx_flow_control) -+Link.TxFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, tx_flow_control) -+Link.AutoNegotiationFlowControl, config_parse_tristate, 0, offsetof(LinkConfig, autoneg_flow_control) -+Link.GenericSegmentOffloadMaxBytes, config_parse_iec_size, 0, offsetof(LinkConfig, gso_max_size) -+Link.GenericSegmentOffloadMaxSegments, config_parse_uint32, 0, offsetof(LinkConfig, gso_max_segments) -+Link.RxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs) -+Link.RxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames) -+Link.RxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_irq) -+Link.RxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_irq) -+Link.TxCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs) -+Link.TxMaxCoalescedFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames) -+Link.TxCoalesceIrqSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_irq) -+Link.TxMaxCoalescedIrqFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_irq) -+Link.StatisticsBlockCoalesceSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.stats_block_coalesce_usecs) -+Link.UseAdaptiveRxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_rx_coalesce) -+Link.UseAdaptiveTxCoalesce, config_parse_tristate, 0, offsetof(LinkConfig, coalesce.use_adaptive_tx_coalesce) -+Link.CoalescePacketRateLow, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_low) -+Link.RxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_low) -+Link.RxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_low) -+Link.TxCoalesceLowSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_low) -+Link.TxMaxCoalescedLowFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_low) -+Link.CoalescePacketRateHigh, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.pkt_rate_high) -+Link.RxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rx_coalesce_usecs_high) -+Link.RxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.rx_max_coalesced_frames_high) -+Link.TxCoalesceHighSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.tx_coalesce_usecs_high) -+Link.TxMaxCoalescedHighFrames, config_parse_coalesce_u32, 0, offsetof(LinkConfig, coalesce.tx_max_coalesced_frames_high) -+Link.CoalescePacketRateSampleIntervalSec, config_parse_coalesce_sec, 0, offsetof(LinkConfig, coalesce.rate_sample_interval) -diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link -index b5cffb1a271f..8be2434665a7 100644 ---- a/test/fuzz/fuzz-link-parser/directives.link -+++ b/test/fuzz/fuzz-link-parser/directives.link -@@ -38,6 +38,11 @@ UDPSegmentationOffload= - GenericReceiveOffload= - GenericReceiveOffloadHardware= - LargeReceiveOffload= -+ReceiveVLANCTAGHardwareAcceleration= -+TransmitVLANCTAGHardwareAcceleration= -+ReceiveVLANCTAGFilter= -+TransmitVLANSTAGHardwareAcceleration= -+NTupleFilter= - RxChannels= - TxChannels= - OtherChannels= diff --git a/SOURCES/20875.patch b/SOURCES/20875.patch deleted file mode 100644 index 610ee4c..0000000 --- a/SOURCES/20875.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 84e1818ce1dc9f5f7eb7b4d4bc87124d82c5080f Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 28 Sep 2021 23:52:39 -0700 -Subject: [PATCH] basic/unit-file: don't filter out names starting with dot - -Fixes #20859 ---- - src/basic/unit-file.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index 884a0674a9..0d58b1c4fe 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -284,7 +284,7 @@ int unit_file_build_name_map( - continue; - } - -- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { -+ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; - _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; - const char *suffix, *dst = NULL; --- -2.31.1 - diff --git a/SOURCES/20978.patch b/SOURCES/20978.patch deleted file mode 100644 index 8330e00..0000000 --- a/SOURCES/20978.patch +++ /dev/null @@ -1,126 +0,0 @@ -From a58dea6130fdcccd8cdf50633c939b45e2b32189 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Mon, 11 Oct 2021 00:25:20 -0700 -Subject: [PATCH] core: serialize device cgroup bpf progs across - daemon-reload/reexec - -Follows what was done in b57d75232615f98aefcf41cb145ec2ea3262857d and -adds a test that verifies the device BPF program is not detached during -reload/reexec. ---- - src/core/unit-serialize.c | 4 ++++ - test/TEST-66-DEVICE-ISOLATION/Makefile | 1 + - test/TEST-66-DEVICE-ISOLATION/test.sh | 10 ++++++++ - .../testsuite-66-deviceisolation.service | 9 ++++++++ - test/units/testsuite-66.service | 7 ++++++ - test/units/testsuite-66.sh | 23 +++++++++++++++++++ - 6 files changed, 54 insertions(+) - create mode 120000 test/TEST-66-DEVICE-ISOLATION/Makefile - create mode 100755 test/TEST-66-DEVICE-ISOLATION/test.sh - create mode 100644 test/units/testsuite-66-deviceisolation.service - create mode 100644 test/units/testsuite-66.service - create mode 100755 test/units/testsuite-66.sh - -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 9e1664ff53af..3458d7017bd5 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -171,6 +171,7 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool switching_root) { - - (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-ingress-installed", u->ip_bpf_ingress_installed); - (void) bpf_program_serialize_attachment(f, fds, "ip-bpf-egress-installed", u->ip_bpf_egress_installed); -+ (void) bpf_program_serialize_attachment(f, fds, "bpf-device-control-installed", u->bpf_device_control_installed); - (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-ingress-installed", u->ip_bpf_custom_ingress_installed); - (void) bpf_program_serialize_attachment_set(f, fds, "ip-bpf-custom-egress-installed", u->ip_bpf_custom_egress_installed); - -@@ -408,6 +409,9 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { - } else if (streq(l, "ip-bpf-egress-installed")) { - (void) bpf_program_deserialize_attachment(v, fds, &u->ip_bpf_egress_installed); - continue; -+ } else if (streq(l, "bpf-device-control-installed")) { -+ (void) bpf_program_deserialize_attachment(v, fds, &u->bpf_device_control_installed); -+ continue; - - } else if (streq(l, "ip-bpf-custom-ingress-installed")) { - (void) bpf_program_deserialize_attachment_set(v, fds, &u->ip_bpf_custom_ingress_installed); -diff --git a/test/TEST-66-DEVICE-ISOLATION/Makefile b/test/TEST-66-DEVICE-ISOLATION/Makefile -new file mode 120000 -index 000000000000..e9f93b1104cd ---- /dev/null -+++ b/test/TEST-66-DEVICE-ISOLATION/Makefile -@@ -0,0 +1 @@ -+../TEST-01-BASIC/Makefile -\ No newline at end of file -diff --git a/test/TEST-66-DEVICE-ISOLATION/test.sh b/test/TEST-66-DEVICE-ISOLATION/test.sh -new file mode 100755 -index 000000000000..534e43e493e6 ---- /dev/null -+++ b/test/TEST-66-DEVICE-ISOLATION/test.sh -@@ -0,0 +1,10 @@ -+#!/usr/bin/env bash -+set -e -+ -+TEST_DESCRIPTION="test device isolation" -+TEST_NO_NSPAWN=1 -+ -+# shellcheck source=test/test-functions -+. "${TEST_BASE_DIR:?}/test-functions" -+ -+do_test "$@" -diff --git a/test/units/testsuite-66-deviceisolation.service b/test/units/testsuite-66-deviceisolation.service -new file mode 100644 -index 000000000000..0022a9a45724 ---- /dev/null -+++ b/test/units/testsuite-66-deviceisolation.service -@@ -0,0 +1,9 @@ -+[Unit] -+Description=Service that uses device isolation -+ -+[Service] -+DevicePolicy=strict -+DeviceAllow=/dev/null r -+StandardOutput=file:/testsuite66serviceresults -+ExecStartPre=rm -f /testsuite66serviceresults -+ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow > /dev/null && echo thisshouldnotbehere; done" -diff --git a/test/units/testsuite-66.service b/test/units/testsuite-66.service -new file mode 100644 -index 000000000000..a97974a4262d ---- /dev/null -+++ b/test/units/testsuite-66.service -@@ -0,0 +1,7 @@ -+[Unit] -+Description=TESTSUITE-66-DEVICEISOLATION -+ -+[Service] -+ExecStartPre=rm -f /failed /testok -+ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh -+Type=oneshot -diff --git a/test/units/testsuite-66.sh b/test/units/testsuite-66.sh -new file mode 100755 -index 000000000000..870dca42e169 ---- /dev/null -+++ b/test/units/testsuite-66.sh -@@ -0,0 +1,23 @@ -+#!/usr/bin/env bash -+set -eux -+set -o pipefail -+ -+systemd-analyze log-level debug -+systemd-analyze log-target console -+ -+systemctl start testsuite-66-deviceisolation.service -+ -+grep -q "Operation not permitted" /testsuite66serviceresults -+ -+systemctl daemon-reload -+systemctl daemon-reexec -+ -+systemctl stop testsuite-66-deviceisolation.service -+ -+grep -q "thisshouldnotbehere" /testsuite66serviceresults && exit 42 -+ -+systemd-analyze log-level info -+ -+echo OK >/testok -+ -+exit 0 diff --git a/SOURCES/21221.patch b/SOURCES/21221.patch deleted file mode 100644 index cfe113e..0000000 --- a/SOURCES/21221.patch +++ /dev/null @@ -1,172 +0,0 @@ -From fbdc87679cc4f3c9fc3653636e94be20f06d18e4 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 9 Nov 2021 15:26:28 -0800 -Subject: [PATCH] core: replace slice dependencies as they get added - -Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that -is used when adding slices to the dependencies hashmap. This type is -used to remove slice dependencies when they get overridden by new ones. - -Fixes #20182 ---- - src/core/dbus-unit.c | 2 +- - src/core/load-fragment.c | 2 +- - src/core/unit-serialize.c | 1 + - src/core/unit.c | 10 +++++++--- - src/core/unit.h | 7 +++++-- - src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- - 6 files changed, 45 insertions(+), 8 deletions(-) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index fe320f1b05a8..d4ec789a7c11 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -2273,7 +2273,7 @@ static int bus_unit_set_transient_property( - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) - return r; - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 62cadaf2286f..830048ae1915 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3792,7 +3792,7 @@ int config_parse_unit_slice( - return 0; - } - -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); - return 0; -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 3458d7017bd5..7d2e6bc130de 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -593,6 +593,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency - { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, - { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, - { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, -+ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, - }; - - assert(f); -diff --git a/src/core/unit.c b/src/core/unit.c -index 4c55827a6511..a3bca43566e0 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3284,7 +3284,7 @@ int unit_set_invocation_id(Unit *u, sd_id128_t id) { - return r; - } - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { -+int unit_set_slice(Unit *u, Unit *slice) { - int r; - - assert(u); -@@ -3317,7 +3317,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { - if (UNIT_GET_SLICE(u) && u->cgroup_realized) - return -EBUSY; - -- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); -+ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ -+ if (UNIT_GET_SLICE(u)) -+ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); -+ -+ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); - if (r < 0) - return r; - -@@ -3373,7 +3377,7 @@ int unit_set_default_slice(Unit *u) { - if (r < 0) - return r; - -- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ return unit_set_slice(u, slice); - } - - const char *unit_slice_name(Unit *u) { -diff --git a/src/core/unit.h b/src/core/unit.h -index 0dd6a9591d96..ba12fe4ac1ef 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -89,7 +89,10 @@ typedef enum UnitDependencyMask { - /* A dependency created because of data read from /proc/swaps and no other configuration source */ - UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, - -- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, -+ /* A dependency for units in slices assigned by directly setting Slice= */ -+ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, -+ -+ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, - } UnitDependencyMask; - - /* The Unit's dependencies[] hashmaps use this structure as value. It has the same size as a void pointer, and thus can -@@ -782,7 +785,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; - int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); - int unit_load(Unit *unit); - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); -+int unit_set_slice(Unit *u, Unit *slice); - int unit_set_default_slice(Unit *u); - - const char *unit_description(Unit *u) _pure_; -diff --git a/src/test/test-engine.c b/src/test/test-engine.c -index 880af36fb523..673c66561240 100644 ---- a/src/test/test-engine.c -+++ b/src/test/test-engine.c -@@ -8,6 +8,7 @@ - #include "manager-dump.h" - #include "rm-rf.h" - #include "service.h" -+#include "slice.h" - #include "special.h" - #include "strv.h" - #include "tests.h" -@@ -75,7 +76,8 @@ int main(int argc, char *argv[]) { - _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; - _cleanup_(manager_freep) Manager *m = NULL; - Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, -- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; -+ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, -+ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; - Job *j; - int r; - -@@ -260,5 +262,32 @@ int main(int argc, char *argv[]) { - - verify_dependency_atoms(); - -+ /* Test adding multiple Slice= dependencies; only the last should remain */ -+ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); -+ -+ unit_set_slice(tomato, sauce); -+ unit_set_slice(tomato, fruit); -+ unit_set_slice(tomato, zupa); -+ -+ assert_se(UNIT_GET_SLICE(tomato) == zupa); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); -+ -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); -+ - return 0; - } diff --git a/SOURCES/21241.patch b/SOURCES/21241.patch deleted file mode 100644 index 5889a9c..0000000 --- a/SOURCES/21241.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 084d0849fc864b0377551b211def7a89b642c5e9 Mon Sep 17 00:00:00 2001 -From: Julia Kartseva -Date: Thu, 4 Nov 2021 18:52:02 -0700 -Subject: [PATCH 1/2] core: fix bpf-foreign cg controller realization - -Requiring /sys/fs/bpf path to be a mount point at the moment of cgroup -controllers realization does more harm than good, because: -* Realization happens early on boot, the mount point may not be ready at -the time. That happens if mounts are made by a .mount unit (the issue we -encountered). -* BPF filesystem may be mounted on another point. - -Remove the check. Instead verify that path provided by BPFProgram= is -within BPF fs when unit properties are parsed. - -Split in two commits for simple backport. ---- - src/core/bpf-foreign.c | 10 ---------- - src/core/bpf-foreign.h | 5 ++++- - 2 files changed, 4 insertions(+), 11 deletions(-) - -diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c -index 6b93b9785fb5..686c14ce1f18 100644 ---- a/src/core/bpf-foreign.c -+++ b/src/core/bpf-foreign.c -@@ -111,16 +111,6 @@ static int bpf_foreign_prepare( - return 0; - } - --int bpf_foreign_supported(void) { -- int r; -- -- r = cg_all_unified(); -- if (r <= 0) -- return r; -- -- return path_is_mount_point("/sys/fs/bpf", NULL, 0); --} -- - int bpf_foreign_install(Unit *u) { - _cleanup_free_ char *cgroup_path = NULL; - CGroupBPFForeignProgram *p; -diff --git a/src/core/bpf-foreign.h b/src/core/bpf-foreign.h -index 9559cd79812b..e387b1b1d389 100644 ---- a/src/core/bpf-foreign.h -+++ b/src/core/bpf-foreign.h -@@ -4,7 +4,10 @@ - - #include "unit.h" - --int bpf_foreign_supported(void); -+static inline int bpf_foreign_supported(void) { -+ return cg_all_unified(); -+} -+ - /* - * Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity - * external to systemd. - -From dedca960afdee5797d19929c43853513711e3e3d Mon Sep 17 00:00:00 2001 -From: Julia Kartseva -Date: Thu, 4 Nov 2021 18:55:55 -0700 -Subject: [PATCH 2/2] core: check fs type of BPFProgram= property path - -Tests: - -``` -% stat --file-system --format="%T" /root/bpf/trivial/ -bpf_fs - -% systemd-nspawn -D/ --volatile=yes \ ---property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \ ---quiet -- ping -c 5 -W 1 ::1 -PING ::1(::1) 56 data bytes - ---- ::1 ping statistics --- -5 packets transmitted, 0 received, 100% packet loss, time 4110ms -``` - -``` -% stat --file-system --format='%T' /root/meh -btrfs - -% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh ---quiet -- ping -c 5 -W 1 ::1 -``` -sudo ./build/systemd-nspawn \ --D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \ -ping -c 1 -W 1 ::1 -PING ::1(::1) 56 data bytes -64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms - ---- ::1 ping statistics --- -1 packets transmitted, 1 received, 0% packet loss, time 0ms ---- - src/core/bpf-foreign.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c -index 686c14ce1f18..8538792b60db 100644 ---- a/src/core/bpf-foreign.c -+++ b/src/core/bpf-foreign.c -@@ -4,8 +4,10 @@ - #include "bpf-program.h" - #include "cgroup.h" - #include "memory-util.h" -+#include "missing_magic.h" - #include "mountpoint-util.h" - #include "set.h" -+#include "stat-util.h" - - typedef struct BPFForeignKey BPFForeignKey; - struct BPFForeignKey { -@@ -84,6 +86,14 @@ static int bpf_foreign_prepare( - assert(u); - assert(bpffs_path); - -+ r = path_is_fs_type(bpffs_path, BPF_FS_MAGIC); -+ if (r < 0) -+ return log_unit_error_errno(u, r, -+ "Failed to determine filesystem type of %s: %m", bpffs_path); -+ if (r == 0) -+ return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), -+ "Path in BPF filesystem is expected."); -+ - r = bpf_program_new_from_bpffs_path(bpffs_path, &prog); - if (r < 0) - return log_unit_error_errno(u, r, "Failed to create foreign BPFProgram: %m"); diff --git a/SOURCES/22426-fb.patch b/SOURCES/22426-fb.patch deleted file mode 100644 index 41310df..0000000 --- a/SOURCES/22426-fb.patch +++ /dev/null @@ -1,580 +0,0 @@ -From 3dbc067d326c600a92822037118961641fc76575 Mon Sep 17 00:00:00 2001 -From: Pasha Vorobyev -Date: Fri, 4 Feb 2022 11:49:46 -0800 -Subject: [PATCH] MemoryZSwapMax directive to configure new memory.zswap.max - cgroup file - ---- - man/org.freedesktop.systemd1.xml | 36 +++++++++++++++++++ - src/basic/cgroup-util.c | 36 +++++++++++++++++++ - src/basic/cgroup-util.h | 2 ++ - src/core/cgroup.c | 17 +++++++-- - src/core/cgroup.h | 1 + - src/core/dbus-cgroup.c | 8 +++++ - src/core/load-fragment-gperf.gperf.in | 1 + - src/core/load-fragment.c | 4 ++- - src/shared/bus-print-properties.c | 2 +- - src/shared/bus-unit-util.c | 1 + - src/systemctl/systemctl-show.c | 8 +++++ - .../fuzz-unit-file/directives-all.service | 1 + - test/fuzz/fuzz-unit-file/directives.mount | 1 + - test/fuzz/fuzz-unit-file/directives.scope | 1 + - test/fuzz/fuzz-unit-file/directives.service | 1 + - test/fuzz/fuzz-unit-file/directives.slice | 1 + - test/fuzz/fuzz-unit-file/directives.socket | 1 + - test/fuzz/fuzz-unit-file/directives.swap | 1 + - 18 files changed, 118 insertions(+), 5 deletions(-) - -diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml -index c14c5b6601..cc37de4fb4 100644 ---- a/man/org.freedesktop.systemd1.xml -+++ b/man/org.freedesktop.systemd1.xml -@@ -2493,6 +2493,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -3030,6 +3032,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - - - -+ -+ - - - -@@ -3594,6 +3598,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - - - -+ -+ - - - -@@ -4293,6 +4299,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -4858,6 +4866,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ - - - -@@ -5420,6 +5430,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ - - - -@@ -6016,6 +6028,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -6509,6 +6523,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { - - - -+ -+ - - - -@@ -6989,6 +7005,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { - - - -+ -+ - - - -@@ -7706,6 +7724,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -8185,6 +8205,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { - - - -+ -+ - - - -@@ -8651,6 +8673,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { - - - -+ -+ - - - -@@ -9221,6 +9245,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -9364,6 +9390,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { - - - -+ -+ - - - -@@ -9514,6 +9542,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { - - - -+ -+ - - - -@@ -9684,6 +9714,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemorySwapMax = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") -+ readonly t MemoryZSwapMax = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly t MemoryLimit = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s DevicePolicy = '...'; -@@ -9843,6 +9875,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { - - - -+ -+ - - - -@@ -10019,6 +10053,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { - - - -+ -+ - - - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 1ff6160dc8..00b1e71520 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -160,6 +160,42 @@ bool cg_freezer_supported(void) { - return supported; - } - -+bool cg_kill_supported(void) { -+ static thread_local int supported = -1; -+ -+ if (supported >= 0) -+ return supported; -+ -+ if (cg_all_unified() <= 0) -+ supported = false; -+ else if (access("/sys/fs/cgroup/init.scope/cgroup.kill", F_OK) < 0) { -+ if (errno != ENOENT) -+ log_debug_errno(errno, "Failed to check if cgroup.kill is available, assuming not: %m"); -+ supported = false; -+ } else -+ supported = true; -+ -+ return supported; -+} -+ -+bool cg_zswap_supported(void) { -+ static thread_local int supported = -1; -+ -+ if (supported >= 0) -+ return supported; -+ -+ if (cg_all_unified() <= 0) -+ supported = false; -+ else if (access("/sys/fs/cgroup/init.scope/memory.zswap.max", F_OK) < 0) { -+ if (errno != ENOENT) -+ log_debug_errno(errno, "Failed to check if cgroup memory.zswap.max is available, assuming not: %m"); -+ supported = false; -+ } else -+ supported = true; -+ -+ return supported; -+} -+ - int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) { - _cleanup_free_ char *fs = NULL; - int r; -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index ce2f4c6589..8ea94b8870 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -272,6 +272,8 @@ int cg_kernel_controllers(Set **controllers); - - bool cg_ns_supported(void); - bool cg_freezer_supported(void); -+bool cg_kill_supported(void); -+bool cg_zswap_supported(void); - - int cg_all_unified(void); - int cg_hybrid_unified(void); -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 5c07aa71d1..4a0aa65037 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -123,6 +123,7 @@ void cgroup_context_init(CGroupContext *c) { - .memory_high = CGROUP_LIMIT_MAX, - .memory_max = CGROUP_LIMIT_MAX, - .memory_swap_max = CGROUP_LIMIT_MAX, -+ .memory_zswap_max = CGROUP_LIMIT_MAX, - - .memory_limit = CGROUP_LIMIT_MAX, - -@@ -322,6 +323,9 @@ static int unit_compare_memory_limit(Unit *u, const char *property_name, uint64_ - } else if (streq(property_name, "MemorySwapMax")) { - unit_value = c->memory_swap_max; - file = "memory.swap.max"; -+ } else if (streq(property_name, "MemoryZSwapMax")) { -+ unit_value = c->memory_zswap_max; -+ file = "memory.zswap.max"; - } else - return -EINVAL; - -@@ -364,9 +368,10 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, - - /* memory.swap.max is special in that it relies on CONFIG_MEMCG_SWAP (and the default swapaccount=1). - * In the absence of reliably being able to detect whether memcg swap support is available or not, -- * only complain if the error is not ENOENT. */ -+ * only complain if the error is not ENOENT. This is similarly the case for memory.zswap.max relying on CONFIG_ZSWAP. */ - if (r > 0 || IN_SET(r, -ENODATA, -EOWNERDEAD) || -- (r == -ENOENT && streq(property_name, "MemorySwapMax"))) { -+ (r == -ENOENT && (streq(property_name, "MemorySwapMax") || -+ streq(property_name, "MemoryZSwapMax")))) { - buf[0] = 0; - return buf; - } -@@ -441,6 +446,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sMemoryHigh: %" PRIu64 "%s\n" - "%sMemoryMax: %" PRIu64 "%s\n" - "%sMemorySwapMax: %" PRIu64 "%s\n" -+ "%sMemoryZSwapMax: %" PRIu64 "%s\n" - "%sMemoryLimit: %" PRIu64 "\n" - "%sTasksMax: %" PRIu64 "\n" - "%sDevicePolicy: %s\n" -@@ -475,6 +481,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->memory_high, format_cgroup_memory_limit_comparison(cdc, sizeof(cdc), u, "MemoryHigh"), - prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), - prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), -+ prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"), - prefix, c->memory_limit, - prefix, tasks_max_resolve(&c->tasks_max), - prefix, cgroup_device_policy_to_string(c->device_policy), -@@ -1075,7 +1082,7 @@ static bool unit_has_unified_memory_config(Unit *u) { - - return unit_get_ancestor_memory_min(u) > 0 || unit_get_ancestor_memory_low(u) > 0 || - c->memory_high != CGROUP_LIMIT_MAX || c->memory_max != CGROUP_LIMIT_MAX || -- c->memory_swap_max != CGROUP_LIMIT_MAX; -+ c->memory_swap_max != CGROUP_LIMIT_MAX || c->memory_zswap_max != CGROUP_LIMIT_MAX; - } - - static void cgroup_apply_unified_memory_limit(Unit *u, const char *file, uint64_t v) { -@@ -1442,10 +1449,12 @@ static void cgroup_context_apply( - - if (cg_all_unified() > 0) { - uint64_t max, swap_max = CGROUP_LIMIT_MAX; -+ uint64_t zswap_max = CGROUP_LIMIT_MAX; - - if (unit_has_unified_memory_config(u)) { - max = c->memory_max; - swap_max = c->memory_swap_max; -+ zswap_max = c->memory_zswap_max; - } else { - max = c->memory_limit; - -@@ -1458,6 +1467,8 @@ static void cgroup_context_apply( - cgroup_apply_unified_memory_limit(u, "memory.high", c->memory_high); - cgroup_apply_unified_memory_limit(u, "memory.max", max); - cgroup_apply_unified_memory_limit(u, "memory.swap.max", swap_max); -+ if (cg_zswap_supported()) -+ cgroup_apply_unified_memory_limit(u, "memory.zswap.max", zswap_max); - - (void) set_attribute_and_warn(u, "memory", "memory.oom.group", one_zero(c->memory_oom_group)); - -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index 3f8cad899d..d40ac0fadc 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -147,6 +147,7 @@ struct CGroupContext { - uint64_t memory_high; - uint64_t memory_max; - uint64_t memory_swap_max; -+ uint64_t memory_zswap_max; - - bool default_memory_min_set; - bool default_memory_low_set; -diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 84c3caf3a5..e57ceff6f4 100644 ---- a/src/core/dbus-cgroup.c -+++ b/src/core/dbus-cgroup.c -@@ -439,6 +439,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), - SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), - SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), -+ SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), - SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), - SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), - SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), -@@ -860,6 +861,7 @@ BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEI - BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); - BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); - BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); -+BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); - REENABLE_WARNING; - - static int bus_cgroup_set_tasks_max( -@@ -1019,6 +1021,9 @@ int bus_cgroup_set_property( - if (streq(name, "MemorySwapMax")) - return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); - -+ if (streq(name, "MemoryZSwapMax")) -+ return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error); -+ - if (streq(name, "MemoryMax")) - return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); - -@@ -1059,6 +1064,9 @@ int bus_cgroup_set_property( - if (streq(name, "MemorySwapMaxScale")) - return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); - -+ if (streq(name, "MemoryZSwapMaxScale")) -+ return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error); -+ - if (streq(name, "MemoryMaxScale")) - return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); - -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 42441eab6e..27860fb973 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -196,6 +196,7 @@ - {{type}}.MemoryHigh, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) -+{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) - {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index a068fdf313..b64e64d90f 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3690,7 +3690,7 @@ int config_parse_memory_limit( - bytes = physical_memory_scale(r, 10000U); - - if (bytes >= UINT64_MAX || -- (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { -+ (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryZSwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) { - log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue); - return 0; - } -@@ -3714,6 +3714,8 @@ int config_parse_memory_limit( - c->memory_max = bytes; - else if (streq(lvalue, "MemorySwapMax")) - c->memory_swap_max = bytes; -+ else if (streq(lvalue, "MemoryZSwapMax")) -+ c->memory_zswap_max = bytes; - else if (streq(lvalue, "MemoryLimit")) - c->memory_limit = bytes; - else -diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c -index b45921943a..31c2e3cd35 100644 ---- a/src/shared/bus-print-properties.c -+++ b/src/shared/bus-print-properties.c -@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b - - bus_print_property_value(name, expected_value, flags, "[not set]"); - -- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || -+ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || - (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || - (startswith(name, "Limit") && u == UINT64_MAX) || - (startswith(name, "DefaultLimit") && u == UINT64_MAX)) -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index d3a5b25d18..f89b6e7428 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -516,6 +516,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - "MemoryHigh", - "MemoryMax", - "MemorySwapMax", -+ "MemoryZSwapMax", - "MemoryLimit", - "TasksMax")) { - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 1f524626bf..2bba11936e 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -247,6 +247,7 @@ typedef struct UnitStatusInfo { - uint64_t memory_high; - uint64_t memory_max; - uint64_t memory_swap_max; -+ uint64_t memory_zswap_max; - uint64_t memory_limit; - uint64_t memory_available; - uint64_t cpu_usage_nsec; -@@ -684,6 +685,7 @@ static void print_status_info( - if (i->memory_min > 0 || i->memory_low > 0 || - i->memory_high != CGROUP_LIMIT_MAX || i->memory_max != CGROUP_LIMIT_MAX || - i->memory_swap_max != CGROUP_LIMIT_MAX || -+ i->memory_zswap_max != CGROUP_LIMIT_MAX || - i->memory_available != CGROUP_LIMIT_MAX || - i->memory_limit != CGROUP_LIMIT_MAX) { - const char *prefix = ""; -@@ -709,6 +711,10 @@ static void print_status_info( - printf("%sswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_swap_max)); - prefix = " "; - } -+ if (i->memory_zswap_max != CGROUP_LIMIT_MAX) { -+ printf("%szswap max: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_zswap_max)); -+ prefix = " "; -+ } - if (i->memory_limit != CGROUP_LIMIT_MAX) { - printf("%slimit: %s", prefix, format_bytes(buf, sizeof(buf), i->memory_limit)); - prefix = " "; -@@ -1850,6 +1856,7 @@ static int show_one( - { "MemoryHigh", "t", NULL, offsetof(UnitStatusInfo, memory_high) }, - { "MemoryMax", "t", NULL, offsetof(UnitStatusInfo, memory_max) }, - { "MemorySwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_swap_max) }, -+ { "MemoryZSwapMax", "t", NULL, offsetof(UnitStatusInfo, memory_zswap_max) }, - { "MemoryLimit", "t", NULL, offsetof(UnitStatusInfo, memory_limit) }, - { "CPUUsageNSec", "t", NULL, offsetof(UnitStatusInfo, cpu_usage_nsec) }, - { "TasksCurrent", "t", NULL, offsetof(UnitStatusInfo, tasks_current) }, -@@ -1884,6 +1891,7 @@ static int show_one( - .memory_high = CGROUP_LIMIT_MAX, - .memory_max = CGROUP_LIMIT_MAX, - .memory_swap_max = CGROUP_LIMIT_MAX, -+ .memory_zswap_max = CGROUP_LIMIT_MAX, - .memory_limit = UINT64_MAX, - .memory_available = CGROUP_LIMIT_MAX, - .cpu_usage_nsec = UINT64_MAX, -diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 3039d1c0cd..81ffe4fc86 100644 ---- a/test/fuzz/fuzz-unit-file/directives-all.service -+++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -152,6 +152,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemorySwapMax= -+MemoryZSwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= - MountAPIVFS= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 451f291988..ba5d03cc4b 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -103,6 +103,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MountAPIVFS= - MountFlags= - MountImages= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index 7e69cf816b..12e3f02b9b 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -46,6 +46,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - NetClass= - RestartKillSignal= - RuntimeMaxSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index de7d2c7daf..b27b100f1a 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -225,6 +225,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MountAPIVFS= - MountFlags= - MountImages= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 789ac8f0db..0004d4dfd4 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -43,6 +43,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - NetClass= - Slice= - SocketBindAllow= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index 11f589e22c..02e0349009 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -131,6 +131,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= - MountAPIVFS= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index 582a136531..4536b2a606 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -100,6 +100,7 @@ MemoryLow= - MemoryMax= - MemoryMin= - MemorySwapMax= -+MemoryZSwapMax= - MountAPIVFS= - MountFlags= - MountImages= --- -2.34.1 - diff --git a/SOURCES/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch b/SOURCES/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch deleted file mode 100644 index 6b148ad..0000000 --- a/SOURCES/50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 1035e36675e10522824476c9084ff1001039c054 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 1 Oct 2021 09:22:18 +0900 -Subject: [PATCH] network: drop and warn duplicated Address= settings - -Fixes #20891. ---- - src/network/networkd-address.c | 43 +++++++++++++++++++++++++++++++--- - src/network/networkd-address.h | 2 +- - src/network/networkd-network.c | 6 ++++- - 3 files changed, 46 insertions(+), 5 deletions(-) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 7b221516d7..e1bc6aa474 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -304,6 +304,12 @@ bool address_equal(const Address *a1, const Address *a2) { - return address_compare_func(a1, a2) == 0; - } - -+DEFINE_PRIVATE_HASH_OPS( -+ address_hash_ops_new, -+ Address, -+ address_hash_func, -+ address_compare_func); -+ - int address_dup(const Address *src, Address **ret) { - _cleanup_(address_freep) Address *dest = NULL; - int r; -@@ -1988,12 +1994,43 @@ static int address_section_verify(Address *address) { - return 0; - } - --void network_drop_invalid_addresses(Network *network) { -+int network_drop_invalid_addresses(Network *network) { -+ _cleanup_set_free_ Set *addresses = NULL; - Address *address; -+ int r; - - assert(network); - -- ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) -- if (address_section_verify(address) < 0) -+ ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) { -+ Address *dup; -+ -+ if (address_section_verify(address) < 0) { -+ /* Drop invalid [Address] sections or Address= settings in [Network]. -+ * Note that address_free() will drop the address from addresses_by_section. */ - address_free(address); -+ continue; -+ } -+ -+ /* Always use the setting specified later. So, remove the previously assigned setting. */ -+ dup = set_remove(addresses, address); -+ if (dup) { -+ _cleanup_free_ char *buf = NULL; -+ -+ (void) in_addr_prefix_to_string(address->family, &address->in_addr, address->prefixlen, &buf); -+ log_warning("%s: Duplicated address %s is specified at line %u and %u, " -+ "dropping the address setting specified at line %u.", -+ dup->section->filename, strna(buf), address->section->line, -+ dup->section->line, dup->section->line); -+ /* address_free() will drop the address from addresses_by_section. */ -+ address_free(dup); -+ } -+ -+ /* Do not use address_hash_ops_free here. Otherwise, all address settings will be freed. */ -+ r = set_ensure_put(&addresses, &address_hash_ops_new, address); -+ if (r < 0) -+ return log_oom(); -+ assert(r > 0); -+ } -+ -+ return 0; - } -diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h -index ff3d46abdd..55d22ad221 100644 ---- a/src/network/networkd-address.h -+++ b/src/network/networkd-address.h -@@ -85,7 +85,7 @@ int request_process_address(Request *req); - - int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, Manager *m); - --void network_drop_invalid_addresses(Network *network); -+int network_drop_invalid_addresses(Network *network); - - void address_hash_func(const Address *a, struct siphash *state); - int address_compare_func(const Address *a1, const Address *a2); -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index 2a864a38b1..920f7851ba 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -119,6 +119,8 @@ static int network_resolve_stacked_netdevs(Network *network) { - } - - int network_verify(Network *network) { -+ int r; -+ - assert(network); - assert(network->filename); - -@@ -252,7 +254,9 @@ int network_verify(Network *network) { - network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses); - } - -- network_drop_invalid_addresses(network); -+ r = network_drop_invalid_addresses(network); -+ if (r < 0) -+ return r; - network_drop_invalid_routes(network); - network_drop_invalid_nexthops(network); - network_drop_invalid_bridge_fdb_entries(network); --- -2.31.1 - diff --git a/SOURCES/Makefile.selinux b/SOURCES/Makefile.selinux deleted file mode 100644 index bc159a5..0000000 --- a/SOURCES/Makefile.selinux +++ /dev/null @@ -1,16 +0,0 @@ -TARGETS ?= systemd_hs -SHARE ?= /usr/share -MODULES ?= ${TARGETS:=.pp.bz2} - -all: ${TARGETS:=.pp.bz2} - -%.pp.bz2: %.pp - @echo Compressing $^ -\ $@ - bzip2 -9 $^ - -%.pp: %.te - make -f ${SHARE}/selinux/devel/Makefile $@ - -clean: - rm -f *~ *.tc *.pp *.pp.bz2 - rm -rf tmp diff --git a/SOURCES/README.build-in-place b/SOURCES/README.build-in-place deleted file mode 100644 index 8b66077..0000000 --- a/SOURCES/README.build-in-place +++ /dev/null @@ -1,14 +0,0 @@ -== Building systemd rpms for local development using rpmbuild --build-in-place == - -This approach is based on https://github.com/filbranden/git-rpmbuild -and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/]. - -``` -git clone https://github.com/systemd/systemd -fedpkg clone systemd fedora-systemd -cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec -sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm -``` - -`--without lto` and `--without tests` may be useful to speed up the build. diff --git a/SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch deleted file mode 100644 index 84497ad..0000000 --- a/SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +++ /dev/null @@ -1,129 +0,0 @@ -From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 14 Sep 2020 17:58:03 +0200 -Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() - -https://bugzilla.redhat.com/show_bug.cgi?id=1803070 - -I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different -than the one we get from /proc/self/fdinfo/. This only matters when both statx and -name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: - -(gdb) !uname -r -5.6.19-200.fc31.ppc64le - -(gdb) !cat /proc/self/mountinfo -697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== -701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel -702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw -703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 -704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel -705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 -706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 -722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel -725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel -614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate -615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 - -The test process does -name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then -openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then -read(open("/proc/self/fdinfo/4", ...)) which gives -"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" - -and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. - -We could either drop the fallback path (and fail name_to_handle_at() is not -avaliable) or ignore the error in the test. Not sure what is better. I think -this issue only occurs sometimes and with older kernels, so probably continuing -with the current flaky implementation is better than ripping out the fallback. - -Another strace: -writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 -) = 28 -name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 -writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 -) = 20 -name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 -writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 -) = 30 -name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 -writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 -) = 23 -name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) -openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 -openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 -read(5, "", 1024) = 0 -close(5) = 0 -close(4) = 0 -writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 -) = 42 -writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc -) = 39 -writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. -) = 109 -rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 -rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 -getpid() = 20 -gettid() = 20 -tgkill(20, 20, SIGABRT) = 0 -rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ---- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- -+++ killed by SIGABRT (core dumped) +++ ---- - src/test/test-mountpoint-util.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 30b00ae4d8b..ffe5144b04a 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -89,8 +89,12 @@ static void test_mnt_id(void) { - /* The ids don't match? If so, then there are two mounts on the same path, let's check if - * that's really the case */ - char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); -+ -+ if (!path_equal(p, t)) -+ /* Apparent kernel bug in /proc/self/fdinfo */ -+ log_warning("Bad mount id given for %s: %d, should be %d", -+ p, mnt_id2, mnt_id); - } - } - diff --git a/SOURCES/libfdisk_version_for_centos.patch b/SOURCES/libfdisk_version_for_centos.patch deleted file mode 100644 index 1a8535b..0000000 --- a/SOURCES/libfdisk_version_for_centos.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 69443affcaa711a9a3355994458542d3732631a5 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 30 Nov 2021 12:08:50 -0800 -Subject: [PATCH] Re-enable repart if libfdisk ver. has range fix - ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 6263e7c0fc..35e6c4f376 100644 ---- a/meson.build -+++ b/meson.build -@@ -1011,7 +1011,7 @@ libmount = dependency('mount', - want_libfdisk = get_option('fdisk') - if want_libfdisk != 'false' and not skip_deps - libfdisk = dependency('fdisk', -- version : '>= 2.33', -+ version : '>= 2.32.1', - required : want_libfdisk == 'true') - have = libfdisk.found() - else --- -2.31.1 - diff --git a/SOURCES/libsystemd-shared.abignore b/SOURCES/libsystemd-shared.abignore deleted file mode 100644 index e412d8b..0000000 --- a/SOURCES/libsystemd-shared.abignore +++ /dev/null @@ -1,3 +0,0 @@ -[suppress_file] -# This shared object is private to systemd -file_name_regexp=libsystemd-shared-.*.so diff --git a/SOURCES/macros.sysusers b/SOURCES/macros.sysusers deleted file mode 100644 index d8d8c1d..0000000 --- a/SOURCES/macros.sysusers +++ /dev/null @@ -1,10 +0,0 @@ -# RPM macros for packages creating system accounts -# -# Turn a sysusers.d file into macros specified by -# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation - -%sysusers_requires_compat Requires(pre): shadow-utils - -%sysusers_create_compat() \ -%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ -%{nil} diff --git a/SOURCES/purge-nobody-user b/SOURCES/purge-nobody-user deleted file mode 100755 index 66404fe..0000000 --- a/SOURCES/purge-nobody-user +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -eu - -if [ $UID -ne 0 ]; then - echo "WARNING: This script needs to run as root to be effective" - exit 1 -fi - -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 - -if [ "${1:-}" = "--ignore-journal" ]; then - shift - ignore_journal=1 -else - ignore_journal=0 -fi - -echo "Checking processes..." -if ps h -u 99 | grep .; then - echo "ERROR: ps reports processes with UID 99!" - exit 2 -fi -echo "... not found" - -echo "Checking UTMP..." -if w -h 199 | grep . ; then - echo "ERROR: w reports UID 99 as active!" - exit 2 -fi -if w -h nobody | grep . ; then - echo "ERROR: w reports user nobody as active!" - exit 2 -fi -echo "... not found" - -echo "Checking the journal..." -if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then - echo "ERROR: journalctl reports messages from UID 99 in current boot!" - exit 2 -fi -echo "... not found" - -echo "Looking for files in /etc, /run, /tmp, and /var..." -if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then - echo "ERROR: found files belonging to UID 99" - exit 2 -fi -echo "... not found" - -echo "Checking if nobody is defined correctly..." -if getent passwd nobody | - grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; -then - echo "OK, nothing to do." - exit 0 -else - echo "NOTICE: User nobody is not defined correctly" -fi - -echo "Checking if nfsnobody or something else is using the uid..." -if getent passwd 65534 | grep . ; then - echo "NOTICE: will have to remove this user" -else - echo "... not found" -fi - -if [ "${1:-}" = "-x" ]; then - if getent passwd nobody >/dev/null; then - # this will remove both the user and the group. - ( set -x - userdel nobody - ) - fi - - if getent passwd 65534 >/dev/null; then - # Make sure the uid is unused. This should free gid too. - name="$(getent passwd 65534 | cut -d: -f1)" - ( set -x - userdel "$name" - ) - fi - - if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then - echo "Sleeping, so sss can catch up" - sleep 3 - fi - - if getent group 65534; then - # Make sure the gid is unused, even if uid wasn't. - name="$(getent group 65534 | cut -d: -f1)" - ( set -x - groupdel "$name" - ) - fi - - # systemd-sysusers uses the same gid and uid - ( set -x - systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' - ) -else - echo "Pass '-x' to perform changes" -fi diff --git a/SOURCES/split-files.py b/SOURCES/split-files.py deleted file mode 100644 index f883f73..0000000 --- a/SOURCES/split-files.py +++ /dev/null @@ -1,157 +0,0 @@ -import re, sys, os, collections - -buildroot = sys.argv[1] -known_files = sys.stdin.read().splitlines() -known_files = {line.split()[-1]:line for line in known_files} - -def files(root): - os.chdir(root) - todo = collections.deque(['.']) - while todo: - n = todo.pop() - files = os.scandir(n) - for file in files: - yield file - if file.is_dir() and not file.is_symlink(): - todo.append(file) - -o_libs = open('.file-list-libs', 'w') -o_udev = open('.file-list-udev', 'w') -o_pam = open('.file-list-pam', 'w') -o_rpm_macros = open('.file-list-rpm-macros', 'w') -o_devel = open('.file-list-devel', 'w') -o_container = open('.file-list-container', 'w') -o_networkd = open('.file-list-networkd', 'w') -o_oomd_defaults = open('.file-list-oomd-defaults', 'w') -o_remote = open('.file-list-remote', 'w') -o_resolve = open('.file-list-resolve', 'w') -o_tests = open('.file-list-tests', 'w') -o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') -o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_rest = open('.file-list-rest', 'w') -for file in files(buildroot): - n = file.path[1:] - if re.match(r'''/usr/(share|include)$| - /usr/share/man(/man.|)$| - /usr/share/zsh(/site-functions|)$| - /usr/share/dbus-1$| - /usr/share/dbus-1/system.d$| - /usr/share/dbus-1/(system-|)services$| - /usr/share/polkit-1(/actions|/rules.d|)$| - /usr/share/pkgconfig$| - /usr/share/bash-completion(/completions|)$| - /usr(/lib|/lib64|/bin|/sbin|)$| - /usr/lib.*/(security|pkgconfig)$| - /usr/lib/rpm(/macros.d|)$| - /usr/lib/firewalld(/services|)$| - /usr/share/(locale|licenses|doc)| # no $ - /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| - /etc/(dnf|dnf/protected.d)$| - /usr/(src|lib/debug)| # no $ - /run$| - /var(/cache|/log|/lib|/run|)$ - ''', n, re.X): - continue - if '/security/pam_' in n or '/man8/pam_' in n: - o = o_pam - elif '/rpm/' in n: - o = o_rpm_macros - elif '/usr/lib/systemd/tests' in n: - o = o_tests - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? - - systemd-journal-gatewayd - Journal Gateway Service - - diff --git a/SOURCES/systemd-journal-remote.xml b/SOURCES/systemd-journal-remote.xml deleted file mode 100644 index e115a12..0000000 --- a/SOURCES/systemd-journal-remote.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - systemd-journal-remote - Journal Remote Sink - - diff --git a/SOURCES/systemd-udev-trigger-no-reload.conf b/SOURCES/systemd-udev-trigger-no-reload.conf deleted file mode 100644 index c879427..0000000 --- a/SOURCES/systemd-udev-trigger-no-reload.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Unit] -# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 -RefuseManualStop=true diff --git a/SOURCES/systemd-user b/SOURCES/systemd-user deleted file mode 100644 index 2725df9..0000000 --- a/SOURCES/systemd-user +++ /dev/null @@ -1,10 +0,0 @@ -# This file is part of systemd. -# -# Used by systemd --user instances. - -account include system-auth - -session required pam_selinux.so close -session required pam_selinux.so nottys open -session required pam_loginuid.so -session include system-auth diff --git a/SOURCES/systemd_hs.if b/SOURCES/systemd_hs.if deleted file mode 100644 index 6695e0e..0000000 --- a/SOURCES/systemd_hs.if +++ /dev/null @@ -1,20 +0,0 @@ -######################################## -## -## Allows the caller to use the SELinux status page. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`selinux_use_status_page',` - gen_require(` - type security_t; - ') - - dev_search_sysfs($1) - allow $1 security_t:dir list_dir_perms; - allow $1 security_t:file mmap_read_file_perms; -') diff --git a/SOURCES/systemd_hs.te b/SOURCES/systemd_hs.te deleted file mode 100644 index ce80487..0000000 --- a/SOURCES/systemd_hs.te +++ /dev/null @@ -1,68 +0,0 @@ -policy_module(systemd_hs,0.0.1) - -# systemd overrides for 247 -gen_require(` - type avahi_t; - type cgroup_t; - type init_t; - type init_var_run_t; - type initrc_t; - class dbus send_msg; - type install_t; - type kmsg_device_t; - type policykit_auth_t; - type policykit_t; - type proc_kmsg_t; - type rpm_t; - type system_dbusd_t; - type system_dbusd_var_run_t; - type systemd_hostnamed_t; - type systemd_localed_t; - type systemd_logind_t; - type systemd_machined_t; - type systemd_resolved_t; - type systemd_tmpfiles_t; - type security_t; - type sssd_t; - type syslogd_t; - type udev_var_run_t; - type user_tmp_t; - type useradd_t; - type xdm_t; -') - -allow avahi_t init_var_run_t:dir read; -allow init_t kmsg_device_t:chr_file mounton; -allow init_t proc_kmsg_t:file { getattr mounton }; -allow init_t system_dbusd_var_run_t:sock_file read; -allow init_t systemd_machined_t:unix_stream_socket connectto; -allow policykit_auth_t init_var_run_t:dir read; -allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto; -allow policykit_t systemd_machined_t:unix_stream_socket connectto; -allow sssd_t cgroup_t:filesystem getattr; -allow syslogd_t user_tmp_t:lnk_file read; -allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto; -allow systemd_hostnamed_t init_var_run_t:dir write; -allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read }; -allow systemd_hostnamed_t initrc_t:dbus send_msg; -allow systemd_hostnamed_t install_t:dbus send_msg; -allow systemd_hostnamed_t udev_var_run_t:file getattr; -allow systemd_hostnamed_t udev_var_run_t:file open; -allow systemd_hostnamed_t udev_var_run_t:file read; -allow systemd_logind_t self:netlink_selinux_socket bind; -allow systemd_logind_t self:netlink_selinux_socket create; -allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto; -allow systemd_logind_t user_tmp_t:chr_file unlink; -allow systemd_machined_t init_var_run_t:sock_file create; -allow sssd_t cgroup_t:dir search; -allow sssd_t cgroup_t:filesystem getattr; -allow useradd_t init_var_run_t:dir read; -allow xdm_t systemd_machined_t:unix_stream_socket connectto; - -selinux_use_status_page(init_t) -selinux_use_status_page(rpm_t) -selinux_use_status_page(systemd_hostnamed_t) -selinux_use_status_page(systemd_localed_t) -selinux_use_status_page(systemd_logind_t) -selinux_use_status_page(systemd_resolved_t) -selinux_use_status_page(systemd_tmpfiles_t) diff --git a/SOURCES/sysusers.attr b/SOURCES/sysusers.attr deleted file mode 100644 index 367c137..0000000 --- a/SOURCES/sysusers.attr +++ /dev/null @@ -1,2 +0,0 @@ -%__sysusers_provides %{_rpmconfigdir}/sysusers.prov -%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/SOURCES/sysusers.generate-pre.sh b/SOURCES/sysusers.generate-pre.sh deleted file mode 100755 index fd9938d..0000000 --- a/SOURCES/sysusers.generate-pre.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -# This script turns sysuser.d files into scriptlets mandated by Fedora -# packaging guidelines. The general idea is to define users using the -# declarative syntax but to turn this into traditional scriptlets. - -user() { - user="$1" - uid="$2" - desc="$3" - group="$4" - home="$5" - shell="$6" - - [ "$desc" = '-' ] && desc= - { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ - { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin - - if [ "$uid" = '-' ] || [ "$uid" = '' ]; then - cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' -EOF - else - cat </dev/null ; then - if ! getent passwd '$uid' >/dev/null ; then - useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' - else - useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' - fi -fi - -EOF - fi -} - -group() { - group="$1" - gid="$2" - if [ "$gid" = '-' ]; then - cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' - EOF - else - cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' - EOF - fi -} - -parse() { - while read -r line || [ -n "$line" ] ; do - { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue - line="${line## *}" - [ -z "$line" ] && continue - eval "arr=( $line )" - case "${arr[0]}" in - ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support - ;; - ('g') - group "${arr[1]}" "${arr[2]}" - ;; - ('m') - group "${arr[2]}" "-" - user "${arr[1]}" "-" "" "${arr[2]}" - ;; - esac - done -} - -for fn in "$@"; do - [ -e "$fn" ] || continue - echo "# generated from $(basename "$fn")" - parse <"$fn" -done diff --git a/SOURCES/sysusers.prov b/SOURCES/sysusers.prov deleted file mode 100755 index a6eda5d..0000000 --- a/SOURCES/sysusers.prov +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -parse() { - while read line; do - [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue - line="${line## *}" - [ -z "$line" ] && continue - set -- $line - case "$1" in - ('u') - echo "user($2)" - echo "group($2)" - # TODO: user:group support - ;; - ('g') - echo "group($2)" - ;; - ('m') - echo "user($2)" - echo "group($3)" - ;; - esac - done -} - -while read fn; do - parse < "$fn" -done diff --git a/SOURCES/triggers.systemd b/SOURCES/triggers.systemd deleted file mode 100644 index 6c57d71..0000000 --- a/SOURCES/triggers.systemd +++ /dev/null @@ -1,89 +0,0 @@ -# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ -# SPDX-License-Identifier: LGPL-2.1-or-later -# -# This file is part of systemd. -# -# Copyright 2018 Neal Gompa - -# The contents of this are an example to be copied into systemd.spec. -# -# Minimum rpm version supported: 4.14.0 - -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system -# This script will run after any package is initially installed or -# upgraded. We care about the case where a package is initially -# installed, because other cases are covered by the *un scriptlets, -# so sometimes we will reload needlessly. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : - %{_bindir}/systemctl reload-or-restart --marked || : -fi - -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system -# On removal, we need to run daemon-reload after any units have been -# removed. -# On upgrade, we need to run daemon-reload after any new unit files -# have been installed, but before %postun scripts in packages get -# executed. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : -fi - -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining services that should be restarted here. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl reload-or-restart --marked || : -fi - -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d -# This script will process files installed in /usr/lib/sysusers.d to create -# specified users automatically. The priority is set such that it -# will run before the tmpfiles file trigger. -if test -d "/run/systemd/system"; then - %{_bindir}/systemd-sysusers || : -fi - -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d -# This script will automatically invoke hwdb update if files have been -# installed or updated in /usr/lib/udev/hwdb.d. -if test -d "/run/systemd/system"; then - %{_bindir}/systemd-hwdb update || : -fi - -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog -# This script will automatically invoke journal catalog update if files -# have been installed or updated in /usr/lib/systemd/catalog. -if test -d "/run/systemd/system"; then - %{_bindir}/journalctl --update-catalog || : -fi - -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d -# This script will automatically apply binfmt rules if files have been -# installed or updated in /usr/lib/binfmt.d. -if test -d "/run/systemd/system"; then - # systemd-binfmt might fail if binfmt_misc kernel module is not loaded - # during install - /usr/lib/systemd/systemd-binfmt || : -fi - -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d -# This script will process files installed in /usr/lib/tmpfiles.d to create -# tmpfiles automatically. The priority is set such that it will run -# after the sysusers file trigger, but before any other triggers. -if test -d "/run/systemd/system"; then - %{_bindir}/systemd-tmpfiles --create || : -fi - -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d -# This script will automatically update udev with new rules if files -# have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - %{_bindir}/udevadm control --reload || : -fi - -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d -# This script will automatically apply sysctl rules if files have been -# installed or updated in /usr/lib/sysctl.d. -if test -d "/run/systemd/system"; then - /usr/lib/systemd/systemd-sysctl || : -fi diff --git a/SOURCES/yum-protect-systemd.conf b/SOURCES/yum-protect-systemd.conf deleted file mode 100644 index 39426d7..0000000 --- a/SOURCES/yum-protect-systemd.conf +++ /dev/null @@ -1,2 +0,0 @@ -systemd -systemd-udev diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec deleted file mode 100644 index 1df35bb..0000000 --- a/SPECS/systemd.spec +++ /dev/null @@ -1,3734 +0,0 @@ -#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa -%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} - -%global stable 1 - -# We ship a .pc file but don't want to have a dep on pkg-config. We -# strip the automatically generated dep here and instead co-own the -# directory. -%global __requires_exclude pkg-config - -%global pkgdir %{_prefix}/lib/systemd -%global system_unit_dir %{pkgdir}/system -%global user_unit_dir %{pkgdir}/user - -%if 0%{?__isa_bits} == 64 -%global elf_bits (64bit) -%global elf_suffix ()%{elf_bits} -%endif - -# Bootstrap may be needed to break intercircular dependencies with -# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. -%bcond_with bootstrap -%bcond_without tests -%bcond_without lto - -# Support for quick builds with rpmbuild --build-in-place. -# See README.build-in-place. -%bcond_with inplace - -%if 0%{?facebook} -%bcond_with selinux -%else -%bcond_without selinux -%endif - -# Remove this when the macro exists in CentOS -%global version_no_tilde %(c=%{version}; echo ${c}|tr '~' '-') - -Name: systemd -Url: https://www.freedesktop.org/wiki/Software/systemd -%if %{without inplace} -Version: 249.4 -Release: 2.12%{?dist} -%else -# determine the build information from local checkout -Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') -Release: 1 -%endif -# For a breakdown of the licensing, see README -License: LGPLv2+ and MIT and GPLv2+ -Summary: System and Service Manager - -# download tarballs with "spectool -g systemd.spec" -%if %{defined commit} -Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -%if 0%{?stable} -Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz -%else -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz -%endif -%endif -# This file must be available before %%prep. -# It is generated during systemd build and can be found in build/src/core/. -Source1: triggers.systemd -Source2: split-files.py -Source3: purge-nobody-user - -# Prevent accidental removal of the systemd package -Source4: yum-protect-systemd.conf - -Source9: 20-yama-ptrace.conf -Source10: systemd-udev-trigger-no-reload.conf -Source11: 20-grubby.install -Source12: systemd-user -Source13: libsystemd-shared.abignore - -Source14: 10-oomd-defaults.conf -Source15: 10-oomd-root-slice-defaults.conf -Source16: 10-oomd-user-service-defaults.conf - -Source21: macros.sysusers -Source22: sysusers.attr -Source23: sysusers.prov -Source24: sysusers.generate-pre.sh - -# Needed for selinux subpackage -Source100: Makefile.selinux -Source101: systemd_hs.te -Source102: systemd_hs.if - -%if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch -%endif - -# Backports of patches from upstream (0000–0499) -# -# Any patches which are "in preparation" upstream should be listed -# here, rather than in the next section. Packit CI will drop any -# patches in this range before applying upstream pull requests. - -%if 0%{?facebook} -Patch0001: 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch -Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch -Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch -Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch -Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch - -# PR 18621: FB variant of quieting "proc: Bad value for 'hidepid'" messages -Patch0006: 18621-fb.patch -%else -# PR 18621: Quiet "proc: Bad value for 'hidepid'" messages -Patch0006: https://github.com/systemd/systemd/pull/18621.patch -%endif - -# PRs to support additional systemd.network and systemd.link features -Patch0007: https://github.com/systemd/systemd/pull/20743.patch -Patch0008: https://github.com/systemd/systemd/pull/20458.patch -Patch0009: https://github.com/systemd/systemd/pull/20472.patch -Patch0010: https://github.com/systemd/systemd/pull/20477.patch -Patch0011: https://github.com/systemd/systemd/pull/20484.patch -Patch0012: https://github.com/systemd/systemd/pull/20489.patch -Patch0013: https://github.com/systemd/systemd/pull/20450.patch -Patch0014: https://github.com/systemd/systemd/pull/20541.patch -Patch0015: https://github.com/systemd/systemd/pull/20729.patch -Patch0016: https://github.com/systemd/systemd/pull/20828.patch -# Part of PR #20892; it was difficult to backport the whole PR -Patch0017: 50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch - -# PR 20875: allow verifying hidden (dot) files again -Patch0018: https://github.com/systemd/systemd/pull/20875.patch - -# PR 20978: serialize bpf device programs across reloads/reexecs -Patch0019: https://github.com/systemd/systemd/pull/20978.patch - -# PR 20676: don't rewrite sysctls that are already set -Patch0020: 20676_cherrypicked.patch - -# PR 21221: Fixes non-deterministic Slice= assignments -Patch0021: 21221.patch - -# PR 21241: fix bpf-foreign cgroup controller realization -Patch0022: 21241.patch - -# PR 20695: Sync if_arp.h with Linux 5.14 -Patch0023: 20695.patch - -%if 0%{?facebook} -# PR 22426: MemoryZSwapMax= to configure memory.zswap.max -Patch0024: 22426-fb.patch -%endif - -# Downstream-only patches (0500–9999) - -# https://github.com/systemd/systemd/pull/17050 -Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch -# Downgrade sysv-generator messages from warning to debug -Patch0502: 0001-sysv-generator-downgrade-log-warning-about-autogener.patch -# Update libfdisk dep version to 2.32.1-26 (has the fix for repart tests to pass) -Patch0503: libfdisk_version_for_centos.patch - -%ifarch %{ix86} x86_64 aarch64 -%global have_gnu_efi 1 -%endif - -BuildRequires: gcc -BuildRequires: gcc-c++ -BuildRequires: coreutils -BuildRequires: libcap-devel -BuildRequires: libmount-devel -BuildRequires: libfdisk-devel >= 2.32.1-26 -BuildRequires: libpwquality-devel -BuildRequires: pam-devel -BuildRequires: libselinux-devel -BuildRequires: audit-libs-devel -%if %{without bootstrap} -BuildRequires: cryptsetup-devel -%endif -BuildRequires: dbus-devel -BuildRequires: /usr/sbin/sfdisk -# /usr/bin/getfacl is needed by test-acl-util -BuildRequires: /usr/bin/getfacl -BuildRequires: libacl-devel -BuildRequires: gobject-introspection-devel -BuildRequires: libblkid-devel -BuildRequires: xz-devel -BuildRequires: xz -BuildRequires: lz4-devel -BuildRequires: lz4 -BuildRequires: bzip2-devel -BuildRequires: libzstd-devel -BuildRequires: libidn2-devel -BuildRequires: libcurl-devel -BuildRequires: kmod-devel -BuildRequires: elfutils-devel -BuildRequires: openssl-devel -BuildRequires: libgcrypt-devel -BuildRequires: libgpg-error-devel -BuildRequires: gnutls-devel -BuildRequires: libmicrohttpd-devel -BuildRequires: libxkbcommon-devel -BuildRequires: iptables-devel -BuildRequires: pkgconfig(tss2-esys) -BuildRequires: pkgconfig(tss2-rc) -BuildRequires: pkgconfig(tss2-mu) -BuildRequires: systemtap-sdt-devel -BuildRequires: libxslt -BuildRequires: docbook-style-xsl -BuildRequires: pkgconfig -BuildRequires: gperf -BuildRequires: gawk -BuildRequires: tree -BuildRequires: hostname -BuildRequires: python3-devel -BuildRequires: python3-lxml -BuildRequires: python3-jinja2 -%if 0%{?have_gnu_efi} -BuildRequires: gnu-efi gnu-efi-devel -%endif -BuildRequires: libseccomp-devel -%if 0%{?el8} -BuildRequires: meson >= 0.57 -%else -BuildRequires: meson >= 0.43 -%endif -BuildRequires: gettext -# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available -BuildRequires: valgrind-devel -BuildRequires: pkgconfig(bash-completion) -BuildRequires: perl -BuildRequires: perl(IPC::SysV) - -Requires(post): coreutils -Requires(post): sed -Requires(post): acl -Requires(post): grep -# systemd-machine-id-setup requires libssl -Requires(post): openssl-libs -Requires(pre): coreutils -Requires: dbus >= 1.9.18 -Requires: %{name}-pam = %{version}-%{release} -Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs = %{version}-%{release} -%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} -%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} -Recommends: diffutils -Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{?_isa} -Provides: /bin/systemctl -Provides: /sbin/shutdown -Provides: syslog -Provides: systemd-units = %{version}-%{release} -Obsoletes: system-setup-keyboard < 0.9 -Provides: system-setup-keyboard = 0.9 -# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 -Obsoletes: systemd-sysv < 206 -%if 0%{?facebook} == 0 -# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: %{name} < 249~~ -Conflicts: initscripts < 9.56.1 -%endif -Provides: systemd-sysv = 206 -%if 0%{?fedora} -Conflicts: fedora-release < 23-0.12 -%endif -Obsoletes: timedatex < 0.6-3 -Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release} -Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release} -Conflicts: %{name}-standalone-sysusers < %{version}-%{release} -Obsoletes: %{name}-standalone-sysusers < %{version}-%{release} - -# Recommends to replace normal Requires deps for stuff that is dlopen()ed -Recommends: libidn2.so.0%{?elf_suffix} -Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} -Recommends: libpcre2-8.so.0%{?elf_suffix} -Recommends: libpwquality.so.1%{?elf_suffix} -Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} - -%if %{with selinux} -# Force the SELinux module to be installed -Requires: %{name}-selinux = %{version}-%{release} -%endif - -%description -systemd is a system and service manager that runs as PID 1 and starts -the rest of the system. It provides aggressive parallelization -capabilities, uses socket and D-Bus activation for starting services, -offers on-demand starting of daemons, keeps track of processes using -Linux control groups, maintains mount and automount points, and -implements an elaborate transactional dependency-based service control -logic. systemd supports SysV and LSB init scripts and works as a -replacement for sysvinit. Other parts of this package are a logging daemon, -utilities to control basic system configuration like the hostname, -date, locale, maintain a list of logged-in users, system accounts, -runtime directories and settings, and daemons to manage simple network -configuration, network time synchronization, log forwarding, and name -resolution. -%if 0%{?stable} -This package was built from the %{version}-stable branch of systemd. -%endif - -%package libs -Summary: systemd libraries -License: LGPLv2+ and MIT -Obsoletes: libudev < 183 -Obsoletes: systemd < 185-4 -Conflicts: systemd < 185-4 -Obsoletes: systemd-compat-libs < 230 -Obsoletes: nss-myhostname < 0.4 -Provides: nss-myhostname = 0.4 -Provides: nss-myhostname%{_isa} = 0.4 -Requires(post): coreutils -Requires(post): sed -Requires(post): grep -Requires(post): /usr/bin/getent - -%description libs -Libraries for systemd and udev. - -%package pam -Summary: systemd PAM module -Requires: %{name} = %{version}-%{release} - -%description pam -Systemd PAM module registers the session with systemd-logind. - -%package rpm-macros -Summary: Macros that define paths and scriptlets related to systemd -BuildArch: noarch - -%description rpm-macros -Just the definitions of rpm macros. - -See -https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd -for information how to use those macros. - -%package devel -Summary: Development headers for systemd -License: LGPLv2+ and MIT -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Provides: libudev-devel = %{version} -Provides: libudev-devel%{_isa} = %{version} -Obsoletes: libudev-devel < 183 -# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153) -Requires: %{name}-pam = %{version}-%{release} - -%description devel -Development headers and auxiliary files for developing applications linking -to libudev or libsystemd. - -%package udev -Summary: Rule-based device node and kernel event manager -License: LGPLv2+ - -Requires: systemd%{?_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -Requires(post): grep -Requires: kmod >= 18-4 -%if 0%{?facebook} == 0 -# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 -Obsoletes: systemd < 245.6-1 -%endif -Provides: udev = %{version} -Provides: udev%{_isa} = %{version} -Obsoletes: udev < 183 - -# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 -Suggests: systemd-bootchart -# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 -Requires: kbd - -# https://bugzilla.redhat.com/show_bug.cgi?id=1753381 -Provides: u2f-hidraw-policy = 1.0.2-40 -Obsoletes: u2f-hidraw-policy < 1.0.2-40 - -%description udev -This package contains systemd-udev and the rules and hardware database -needed to manage device nodes. This package is necessary on physical -machines and in virtual machines, but not in containers. - -%package container -# Name is the same as in Debian -Summary: Tools for containers and VMs -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) -Obsoletes: %{name} < 229-5 -License: LGPLv2+ - -%description container -Systemd tools to spawn and manage containers and virtual machines. - -This package contains systemd-nspawn, machinectl, systemd-machined, -and systemd-importd. - -%package journal-remote -# Name is the same as in Debian -Summary: Tools to send journal events over the network -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ -Requires(pre): /usr/bin/getent -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -Provides: %{name}-journal-gateway = %{version}-%{release} -Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} -Obsoletes: %{name}-journal-gateway < 227-7 - -%description journal-remote -Programs to forward journal entries over the network, using encrypted HTTP, -and to write journal files from serialized journal contents. - -This package contains systemd-journal-gatewayd, -systemd-journal-remote, and systemd-journal-upload. - -%package networkd -Summary: System daemon that manages network configurations -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ - -%description networkd -systemd-networkd is a system service that manages networks. It detects -and configures network devices as they appear, as well as creating virtual -network devices. - -%package resolved -Summary: Network Name Resolution manager -Requires: %{name}%{?_isa} = %{version}-%{release} - -%description resolved -systemd-resolved is a system service that provides network name resolution -to local applications. It implements a caching and validating DNS/DNSSEC -stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. - -%package oomd-defaults -Summary: Configuration files for systemd-oomd -Requires: %{name} = %{version}-%{release} -License: LGPLv2+ -BuildArch: noarch - -%description oomd-defaults -A set of drop-in files for systemd units to enable action from systemd-oomd, -a userspace out-of-memory (OOM) killer. - -%package tests -Summary: Internal unit tests for systemd -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ - -%description tests -"Installed tests" that are usually run as part of the build system. -They can be useful to test systemd internals. - -%if %{with selinux} -%package selinux -Summary: SELinux module for systemd -BuildArch: noarch -BuildRequires: bzip2 -BuildRequires: make -BuildRequires: selinux-policy -BuildRequires: selinux-policy-devel -Requires(post): selinux-policy-base >= %{_selinux_policy_version} -Requires(post): policycoreutils -Requires(post): policycoreutils-python-utils -Requires(pre): libselinux-utils -Requires(post): libselinux-utils - -%description selinux -This package provides the SELinux policy module to ensure systemd -runs properly under an environment with SELinux enabled. -%endif - -%prep -%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 - -%if %{with selinux} -mkdir selinux -cp %SOURCE100 %SOURCE101 %SOURCE102 selinux -%endif - -%build -%define ntpvendor %(source /etc/os-release; echo ${ID}) -%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} - -CONFIGURE_OPTS=( - -Dmode=release - -Dsysvinit-path=/etc/rc.d/init.d - -Drc-local=/etc/rc.d/rc.local - -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' - -Ddns-servers= - -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin - -Dservice-watchdog= - -Ddev-kvm-mode=0666 - -Dkmod=true - -Dxkbcommon=true - -Dblkid=true - -Dfdisk=true - -Dseccomp=true - -Dima=true - -Dselinux=true - -Dapparmor=false - -Dpolkit=true - -Dxz=true - -Dzlib=true - -Dbzip2=true - -Dlz4=true - -Dzstd=true - -Dpam=true - -Dacl=true - -Dsmack=true - -Dopenssl=true - -Dgcrypt=true - -Daudit=true - -Delfutils=true -%if %{without bootstrap} - -Dlibcryptsetup=true -%else - -Dlibcryptsetup=false -%endif - -Delfutils=true - -Dgnutls=true - -Dmicrohttpd=true - -Dlibidn2=true - -Dlibiptc=false - -Dlibcurl=true - -Defi=true - -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false} - -Dtpm=true - -Dtpm2=true - -Dhwdb=true - -Dsysusers=true - -Ddefault-kill-user-processes=false - -Dtests=unsafe - -Dinstall-tests=true - -Dtty-gid=5 - -Dusers-gid=100 - -Dnobody-user=nobody - -Dnobody-group=nobody - -Dcompat-mutable-uid-boundaries=true - -Dsplit-usr=false - -Dsplit-bin=true -%if %{with lto} - -Db_lto=true -%else - -Db_lto=false -%endif - -Db_ndebug=false - -Dman=true - -Dversion-tag=v%{version}-%{release} -%if 0%{?fedora} - -Dfallback-hostname=fedora -%else - -Dfallback-hostname=localhost -%endif - -Ddefault-dnssec=no - -Ddefault-dns-over-tls=opportunistic - # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 - -Ddefault-mdns=no - -Ddefault-llmnr=resolve - -Doomd=true - -Dadm-gid=4 - -Daudio-gid=63 - -Dcdrom-gid=11 - -Ddialout-gid=18 - -Ddisk-gid=6 - -Dinput-gid=104 # https://pagure.io/setup/pull-request/27 - -Dkmem-gid=9 - -Dkvm-gid=36 - -Dlp-gid=7 - -Drender-gid=105 # https://pagure.io/setup/pull-request/27 - -Dsgx-gid=106 # https://pagure.io/setup/pull-request/27 - -Dtape-gid=33 - -Dtty-gid=5 - -Dusers-gid=100 - -Dutmp-gid=22 - -Dvideo-gid=39 - -Dwheel-gid=10 - -Dsystemd-journal-gid=190 - -Dsystemd-network-uid=192 - -Dsystemd-resolve-uid=193 - # -Dsystemd-timesync-uid=, not set yet - # Need to set this for CentOS build - -Ddocdir=%{_pkgdocdir} - # CentOS is missing newer deps required to include these - # But also these aren't as relevant for the hyperscale use case - -Dp11kit=false - -Duserdb=false - -Dhomed=false - -Dpwquality=false - -Dqrencode=false - -Dlibfido2=false - # Old version of PAM might not support files in /usr/lib/pam.d/ so - # stick with the old /etc/pam.d - -Dpamconfdir=/etc/pam.d - # Standalone binaries are only relevant on non-systemd systems - -Dstandalone-binaries=false -) - -%if 0%{?facebook} -CONFIGURE_OPTS+=( - -Dntp-servers='1.ntp.vip.facebook.com 2.ntp.vip.facebook.com 3.ntp.vip.facebook.com 4.ntp.vip.facebook.com' - -Ddns-servers='10.127.255.51 10.191.255.51 2401:db00:eef0:a53:: 2401:db00:eef0:b53::' - -Dsupport-url='https://www.facebook.com/groups/systemd.and.friends/' - -Dcontainer-uid-base-min=10485760 -) -%endif - -%if %{without lto} -%global _lto_cflags %nil -%endif - -export LANG=en_US.UTF-8 -export LC_ALL=en_US.UTF-8 -# Do configuration. If doing an inplace build, try to do -# reconfiguration to pick up new options. -%if %{with inplace} - command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } - - [ -e %{_vpath_builddir}/build.ninja ] && - %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || -%endif -{ %meson "${CONFIGURE_OPTS[@]}"; } - -%meson_build - -new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh -if ! diff -u %{SOURCE1} ${new_triggers}; then - echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" - echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" - sleep 5 -fi - -%if %{with selinux} -cd selinux -%{__make} -f Makefile.selinux SHARE="%{_datadir}" TARGETS="systemd_hs" -%endif - -%install -export LANG=en_US.UTF-8 -export LC_ALL=en_US.UTF-8 -%meson_install - -# udev links -mkdir -p %{buildroot}/%{_sbindir} -ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm - -# Compatiblity and documentation files -touch %{buildroot}/etc/crypttab -chmod 600 %{buildroot}/etc/crypttab - -# /etc/sysctl.conf compat -ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf - -# Make sure these directories are properly owned -mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants -mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants -mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants -mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants -mkdir -p %{buildroot}/run -mkdir -p %{buildroot}%{_localstatedir}/log -touch %{buildroot}/run/utmp -touch %{buildroot}%{_localstatedir}/log/{w,b}tmp - -# Make sure the user generators dir exists too -mkdir -p %{buildroot}%{pkgdir}/system-generators -mkdir -p %{buildroot}%{pkgdir}/user-generators - -# Create new-style configuration files so that we can ghost-own them -touch %{buildroot}%{_sysconfdir}/hostname -touch %{buildroot}%{_sysconfdir}/vconsole.conf -touch %{buildroot}%{_sysconfdir}/locale.conf -touch %{buildroot}%{_sysconfdir}/machine-id -touch %{buildroot}%{_sysconfdir}/machine-info -touch %{buildroot}%{_sysconfdir}/localtime -mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d -touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf - -# Make sure the shutdown/sleep drop-in dirs exist -mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ -mkdir -p %{buildroot}%{pkgdir}/system-sleep/ - -# Make sure directories in /var exist -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger -mkdir -p %{buildroot}%{_localstatedir}/lib/private -mkdir -p %{buildroot}%{_localstatedir}/log/private -mkdir -p %{buildroot}%{_localstatedir}/cache/private -mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync -ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload -mkdir -p %{buildroot}%{_localstatedir}/log/journal -touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database -touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin -touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed -touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock -touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state - -# Install yum protection fragment -install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf - -# Restore systemd-user pam config from before "removal of Fedora-specific bits" -install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} - -# Install additional docs -# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 -install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} - -# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ -install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} - -# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ -cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || : - -# FIXME: move to %postun. We want to restart systemd *after* removing -# files from the old rpm. Right now we may still have bits the old -# setup if the files are not present in the new version. But before -# implement restarting of *other* services after the transaction, moving -# this would make things worse, increasing the number of warnings we get -# about needed daemon-reload. - -oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) - -systemctl daemon-reexec &>/dev/null || { - # systemd v239 had bug #9553 in D-Bus authentication of the private socket, - # which was later fixed in v240 by #9625. - # - # The end result is that a `systemctl daemon-reexec` call as root will fail - # when upgrading from systemd v239, which means the system will not start - # running the new version of systemd after this post install script runs. - # - # To work around this issue, let's fall back to using a `kill -TERM 1` to - # re-execute the daemon when the `systemctl daemon-reexec` call fails. - # - # In order to prevent issues when the reason why the daemon-reexec failed is - # not the aforementioned bug, let's only use this fallback when: - # - we're upgrading this RPM package; and - # - we confirm that systemd is running as PID1 on this system. - if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then - kill -TERM 1 &>/dev/null || : - fi -} - -if [ "$oomd_state" == "active" ]; then - systemctl start -q systemd-oomd 2>/dev/null || : -fi - -[ $1 -eq 1 ] || exit 0 - -# create /var/log/journal only on initial installation, -# and only if it's writable (it won't be in rpm-ostree). -[ -w %{_localstatedir} ] && mkdir -p %{_localstatedir}/log/journal - -[ -w %{_localstatedir} ] && journalctl --update-catalog || : -systemd-sysusers || : -systemd-tmpfiles --create &>/dev/null || : - -# We reset the enablement of all services upon initial installation -# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 -# This will fix up enablement of any preset services that got installed -# before systemd due to rpm ordering problems: -# https://bugzilla.redhat.com/show_bug.cgi?id=1647172. -# We also do this for user units, see -# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. -systemctl preset-all &>/dev/null || : -systemctl --global preset-all &>/dev/null || : - -%postun -if [ $1 -eq 1 ]; then - [ -w %{_localstatedir} ] && journalctl --update-catalog || : - systemd-tmpfiles --create &>/dev/null || : -fi - -%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service - -# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec - -%triggerpostun -- systemd < 247.3-2 -# This is for upgrades from previous versions before oomd-defaults is available. -# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with -# a different package version. -systemctl --no-reload preset systemd-oomd.service &>/dev/null || : - -%post libs -%{?ldconfig} - -function mod_nss() { - if [ -f "$1" ] ; then - # Add nss-systemd to passwd and group - grep -E -q '^(passwd|group):.* systemd' "$1" || - sed -i.bak -r -e ' - s/^(passwd|group):(.*)/\1:\2 systemd/ - ' "$1" &>/dev/null || : - fi -} - -FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" -if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then - mod_nss "/etc/authselect/user-nsswitch.conf" - authselect apply-changes &> /dev/null || : -else - mod_nss "$FILE" - # also apply the same changes to user-nsswitch.conf to affect - # possible future authselect configuration - mod_nss "/etc/authselect/user-nsswitch.conf" -fi - -# check if nobody or nfsnobody is defined -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 -if getent passwd nfsnobody &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -fi - -%{?ldconfig:%postun libs -p %ldconfig} - -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service - -%post udev -# Move old stuff around in /var/lib -mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null -mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null -if [ -L %{_localstatedir}/lib/systemd/timesync ]; then - rm %{_localstatedir}/lib/systemd/timesync - mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync -fi -if [ -f %{_localstatedir}/lib/systemd/clock ] ; then - mkdir -p %{_localstatedir}/lib/systemd/timesync - mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. -fi - -udevadm hwdb --update &>/dev/null - -%systemd_post %udev_services - -# Try to save the random seed, but don't complain if /dev/urandom is unavailable -/usr/lib/systemd/systemd-random-seed save 2>&1 | \ - grep -v 'Failed to open /dev/urandom' || : - -# Replace obsolete keymaps -# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 -grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && - sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : - -%preun udev -%systemd_preun %udev_services - -%postun udev -# Restart some services. -# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service - -%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service -%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket -%post journal-remote -%systemd_post %journal_remote_units_restart %journal_remote_units_norestart - -%preun journal-remote -%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart -if [ $1 -eq 1 ] ; then - if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then - mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload - mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. - rmdir %{_localstatedir}/lib/systemd/journal-upload || : - fi -fi - -%postun journal-remote -%systemd_postun_with_restart %journal_remote_units_restart - -%post networkd -# systemd-networkd was split out in systemd-246.6-2. -# Ideally, we would have a trigger scriptlet to record enablement -# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS, -# rpm doesn't allow us to trigger on another package, short of -# querying the rpm database ourselves, which seems risky. For rpm, -# systemd and systemd-networkd are completely unrelated. So let's use -# a hack to detect if an old systemd version is currently present in -# the file system. -# https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then - echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." -else - %systemd_post systemd-networkd.service systemd-networkd-wait-online.service -fi - -%preun networkd -%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service - -%preun resolved -if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : -fi - -%post resolved -[ $1 -gt 1 ] && exit 0 - -# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then - echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." - exit 0 -fi - -%systemd_post systemd-resolved.service - -# Create /etc/resolv.conf symlink. -# We would also create it using tmpfiles, but let's do this here -# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above -# does not do this, because it's marked with ! and we don't specify --boot.) -# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 -# -# If systemd is not running, don't overwrite the symlink because that -# will immediately break DNS resolution, since systemd-resolved is -# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). -# -# Also don't create the symlink to the stub when the stub is disabled (#1891847 again). -if test -d /run/systemd/system/ && - systemctl -q is-enabled systemd-resolved.service &>/dev/null && - ! mountpoint /etc/resolv.conf &>/dev/null && - ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \ - grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf -fi - -%if %{with selinux} -%pre selinux -%selinux_relabel_pre - -%post selinux -%selinux_modules_install %{_datadir}/selinux/packages/systemd_hs.pp.bz2 -%selinux_relabel_post - -%posttrans selinux -%selinux_relabel_post - -%postun selinux -%selinux_modules_uninstall systemd_hs - -if [ $1 -eq 0 ]; then - %selinux_relabel_post -fi -%endif - -%global _docdir_fmt %{name} - -%files -f %{name}.lang -f .file-list-rest -%doc %{_pkgdocdir} -%exclude %{_pkgdocdir}/LICENSE.* -%license LICENSE.GPL2 LICENSE.LGPL2.1 -%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants -%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants -%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd - -%files libs -f .file-list-libs -%license LICENSE.LGPL2.1 - -%files pam -f .file-list-pam - -%files rpm-macros -f .file-list-rpm-macros - -%files resolved -f .file-list-resolve - -%files devel -f .file-list-devel - -%files udev -f .file-list-udev - -%files container -f .file-list-container - -%files journal-remote -f .file-list-remote - -%files networkd -f .file-list-networkd - -%files oomd-defaults -f .file-list-oomd-defaults - -%files tests -f .file-list-tests - -%if %{with selinux} -%files selinux -%{_datadir}/selinux/devel/include/contrib/systemd_hs.if -%{_datadir}/selinux/packages/systemd_hs.pp.bz2 -%endif - -%changelog -* Wed Feb 09 2022 Anita Zhang - 249.4-2.12 -- Backport PR #20695: Sync if_arp.h with Linux 5.14 -- FB-only backport PR #22426: MemoryZSwapMax= to configure memory.zswap.max - -* Tue Nov 30 2021 Anita Zhang - 249.4-2.11 -- Backport PR #21241: fix bpf-foreign cgroup controller realization - -* Tue Nov 30 2021 Anita Zhang - 249.4-2.10 -- Re-enable fdisk and repart since util-linux-2.32.1-26 in C8s has the fix - it needs for tests to pass. - -* Wed Nov 24 2021 Davide Cavalca - 249.4-2.9 -- Disable legacy iptables support - -* Thu Nov 11 2021 Anita Zhang - 249.4-2.8 -- Remove revert_d219a2b07cc5dc8ffd5010f08561fab2780d8616.patch and replace with - proper fix (PR #21221) - -* Wed Nov 10 2021 Anita Zhang - 249.4-2.7 -- Add meson >= 0.57 for el8 builds. This version uses python 3.8. - -* Wed Oct 20 2021 Anita Zhang - 249.4-2.6 -- Revert d219a2b because it creates non-determinisitic Slice= assignments - -* Mon Oct 11 2021 Anita Zhang - 249.4-2.5 -- Remove duplicate Address= properties in network configs (part of PR #20892) -- Serialize bpf device programs across reloads/reexecs (PR #20978) -- Don't rewrite sysctls that are already set (PR #20676) - -* Wed Oct 06 2021 Davide Cavalca - 249.4-2.4 -- Drop qrencode-devel from BuildRequires as it's not actually used - -* Wed Sep 29 2021 Anita Zhang - 249.4-2.3 -- Fix to allow verifying hidden (dot) files again (PR #20875) - -* Fri Sep 24 2021 Anita Zhang - 249.4-2.2 -- Backport more feature support for systemd-networkd - (#20450, #20541, #20729, #20828) - -* Wed Sep 22 2021 Anita Zhang - 249.4-2.1 -- Sync changes from Fedora -- Backport one more feature for systemd-networkd (#20489) - -* Mon Sep 20 2021 Anita Zhang - 249.4-1.1 -- New stable point release -- Backport optimization for read_virtual_file() (#20743) -- Backport new features for systemd-networkd (#20743, #20472, #20477, #20484) - -* Tue Sep 14 2021 Sahana Prasad -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 -- Latest bugfix release: various fixes for systemd-networkd, - systemd-resolved, systemd, systemd-boot. -- Backport of macros to restart systemd user units (#1993244) - -* Fri Aug 6 2021 Zbigniew Jędrzejewski-Szmek - 249.3-1 -- Latest bugfix release: improved compatibility with latest glibc, - various small documentation fixes, and fixes for systemd-networkd bridging, - other minor fixes. -- systemctl set-property accepts glob patterns now (#1986258) - -* Thu Jul 29 2021 Anita Zhang - 249.2-1.2 -- Remove Obsoletes lines on systemd-resolved and systemd-networkd since we don't - want to install these by default. - -* Wed Jul 28 2021 Anita Zhang - 249.2-1.1 -- New release for 249 -- Drop merged patches -- Split networkd and resolved into their own subpackages. - -* Tue Jul 27 2021 Davide Cavalca - 248.5-1.3 -- Add missing SELinux rules for the GNOME and KDE LiveDVD spins - (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/7) - -* Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 -- Latest bugfix release (a minor hwdb regression bugfix, and correction - to kernel commandline handling when reexecuting PID 1 in a container) - -* Fri Jul 23 2021 Michael Catanzaro - 249.2-1 -- Build with -Ddefault-dns-over-tls=opportunistic - (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) - -* Wed Jul 21 2021 Davide Cavalca - 248.5-1.2 -- Add missing SELinux rules for 248 - (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1) - -* Wed Jul 21 2021 Anita Zhang - 248.5-1.1 -- Update to systemd-stable 248.5 (includes fix for CVE-2021-33910) - -* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 248.5-1 -- Various minor documentation and correctness fixes. -- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to - crash systemd and cause the system to reboot by creating a very long - fuse mountpoint path. - -* Mon Jul 12 2021 Zbigniew Jędrzejewski-Szmek - 248.4-1 -- Assorted fixes (some systemd-resolved crashes, invalid - systemd-tmpfiles assertion, etc.) -- systemd-networkd workaround for TALOS-2020-1142, CVE-2020-13529. -- A big update of hardware descriptions. - -* Wed Jul 7 2021 Neal Gompa - 249-2 -- Use correct NEWS URLs for systemd 249 releases in changelog entries - -* Wed Jul 7 2021 Zbigniew Jędrzejewski-Szmek - 249-1 -- Latest upstream release with minor bugfixes, see - https://github.com/systemd/systemd/blob/v249/NEWS. -- systemd-oomd cpu usage is reduced (#1944646) - -* Thu Jul 1 2021 Zbigniew Jędrzejewski-Szmek - 249~rc3-1 -- Latest upstream prerelease with various bugfixes, see - https://github.com/systemd/systemd/blob/v249-rc3/NEWS. - -* Fri Jun 25 2021 Zbigniew Jędrzejewski-Szmek - 249~rc2-1 -- Latest upstream prerelease with various bugfixes, see - https://github.com/systemd/systemd/blob/v249-rc2/NEWS. -- Ignore FORCERENEW DHCP packets (TALOS-2020-1142, CVE-2020-13529, #1959398) - -* Thu Jun 17 2021 Adam Williamson - 249~rc1-2 -- Stop systemd providing systemd-resolved, now the subpackage exists (#1973462) - -* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v249-rc1/NEWS. - Fixes #1963428. -- Use systemd-sysusers to create users (#1965815) -- Move systemd-resolved into systemd-resolved subpackage (#1923727) - [patch from Petr Menšík] - -* Mon Jun 14 2021 Anita Zhang - 248.2-1.5 -- Remove backport PR #19811 since it's still buggy -- Remove d586f642fd90e3bb378f7b6d3e3a64a753e51756 to fix rate limiting instead - (at least until sd-event rate limiting is fixed in 249). - -* Thu Jun 10 2021 Anita Zhang - 248.2-1.4 -- Backport PR #19811 to fix issues with mount sd-event rate limiting - -* Wed May 19 2021 Davide Cavalca - 248.2-1.3 -- Add BuildRequires for python-jinja2 in preparation for 249 (see PR#19630) - -* Mon May 17 2021 Davide Cavalca - 248.2-1.2 -- Add systemd-oomd-defaults subpackage from Fedora - -* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 -- A fix for resolved crashes (#1946386, #1960227, #1950241) -- Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. - -* Mon May 10 2021 Anita Zhang - 248.2-1.1 -- New release for 248 -- Drop patches merged in 248.2 -- FB only backport PR #13496 (Extend bpf cgroup program support) - -* Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 -- Pull in some more patches from upstream (#1944646, #1885090, #1941340) -- Adjust modes of some %%ghost files (#1956059) - -* Thu May 6 2021 Zbigniew Jędrzejewski-Szmek - 248.1-1 -- Latest stable version: a long list of minor correctness fixes all around - (#1955475, #911766, #1958167, #1952919) -- Enable tpm2-tss dependency (#1949505) - -* Wed Apr 14 2021 Anita Zhang - 247.3-10 -- Remove systemd-resolved enablement - -* Wed Apr 7 2021 Davide Cavalca - 247.3-9 -- Reenable LTO now that binutils has been fixed -- Update FB configure options - -* Tue Apr 6 2021 Adam Williamson - 248-2 -- Re-enable resolved caching, we hope all major bugs are resolved now - -* Thu Apr 1 2021 Davide Cavalca - 247.3-8 -- Backport https://github.com/SELinuxProject/refpolicy/pull/308 to fix - systemd-hostnamed and systemd-localed when SELinux is enabled. - -* Thu Apr 1 2021 Anita Zhang - 247.3-7 -- Downgrade sysv-generator warning even more (to debug) - -* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 -- Latest upstream release, see - https://github.com/systemd/systemd/blob/v248/NEWS. -- The changes since -rc4 are rather small, various fixes all over the place. - A fix to how systemd-oomd selects a candidate to kill, and more debug logging - to make this more transparent. - -* Wed Mar 31 2021 Anita Zhang - 247.3-6 -- Backport PR#18621 (Ignore attempts at hidepid and subset for older kernels) -- Downgrade sysv-generator warning about missing native systemd unit - -* Wed Mar 31 2021 Davide Cavalca - 247.3-5 -- Add selinux subpackage - -* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 -- Increase oomd user memory pressure limit to 50% (#1941170) - -* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 -- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service - on upgrades from before systemd-networkd was split out (#1943263) -- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) - -* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 -- Revert patch that seems to cause problems with dns resolution - (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) - -* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 -- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) -- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) - (But note that the disablement of caching added previously is - retained until we can do more testing.) -- Minor fix to interface naming by udev -- Fix for systemd-repart --size - -* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 -- Disable resolved cache via config snippet (#1940715) - -* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc4/NEWS. -- A bunch of documentation updates, and correctness fixes. - -* Wed Mar 17 2021 Anita Zhang - 247.3-4 -- Backport PR #18955 (Fixes fstab parsing) -- FB only backport PR #18886 (systemd-shutdown logs to /dev/console not stderr) -- Reenable tests by disabling LTO (work around binutils bug) - -* Tue Mar 16 2021 Adam Williamson - 248~rc3-2 -- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) - -* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc3-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc3/NEWS. -- A bunch of documentation updates, correctness fixes, and systemd-networkd - features. -- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. - -* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 -- Fix crash in pid1 during daemon-reexec (#1931034) - -* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 -- Fix stub resolver CNAME chain resolving (#1933433) - -* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 -- Don't set the fallback hostname to Fedora on non-Fedora OSes - -* Wed Feb 24 2021 Davide Cavalca - 247.3-3 -- Remove careinversion usage to make the package usable on older mock versions - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 -- Latest upstream prelease, just a bunch of small fixes. -- Fixes #1931957. - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 -- Rebuild with the newest scriptlets - -* Fri Feb 19 2021 Davide Cavalca - 247.3-2 -- Disable some tests to workaround a binutils bug triggered by enabling audit -- Refresh patches - -* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 -- Increase oomd user memory pressure limit to 10% (#1929856) - -* Wed Feb 17 2021 Anita Zhang - 247.3-1 -- New release for 247 -- Backport PR #18211 (Fixes ExecCondition= dependency bug) -- Backport PR #17872 (Fixes PrivateUsers=yes with other sandboxing properties) -- FB only backport PR #17495 (Fixes BPF pinning post-coldplug) -- Reenable audit support - -* Sun Feb 7 2021 Davide Cavalca - 246.1-2 -- Initial Hyperscale SIG package -- Update release to use %%dist macro -- Drop el7 logic -- Explicitly default non-FB built to the legacy hierarchy -- Drop no longer needed FB FusionIO patch -- Temporarily disable audit support while debugging a link issue - -* Fri Feb 5 2021 Anita Zhang - 247.3-2 -- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. -- Backports consist primarily of PR #18361, #18444, and #18401 (plus some - additional ones to handle merge conflicts). -- Create systemd-oomd-defaults subpackage to install unit drop-ins that will - configure systemd-oomd to monitor and act. - -* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 -- Minor stable release -- Fixes #1895937, #1813219, #1903106. - -* Wed Jan 27 2021 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Mon Jan 25 2021 Anita Zhang - 246.1-1.fb6 -- Backport PR #16803 to fix ConditionEnvironment= - -* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 -- Fix bfq patch again (#1813219) - -* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 -- Add patch to enable crypttab to support disabling of luks read and - write workqueues (corresponding to - https://github.com/systemd/systemd/pull/18062/). - -* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 -- Minor stable release -- Fixes #1908071. - -* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 -- Rebuild with fallback hostname change reverted. - -* Fri Dec 4 2020 Bastien Nocera - 247.1-2 -- Unset fallback-hostname as plenty of applications expected localhost - to mean "default hostname" without ever standardising it (#1892235) - -* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 -- Latest stable release -- Fixes #1902819. -- Files to configure networking with systemd-networkd in a VM or container are - moved to systemd-networkd subpackage. (They were previously in the -container - subpackage, which is for container/VM management.) - -* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 -- Update to the latest version -- #1900878 should be fixed - -* Thu Nov 19 2020 Chris Down - 246.1-1.fb5 -- Updated version of PR #17495 to fix program leak - -* Thu Nov 19 2020 Chris Down - 246.1-1.fb4 -- Backport PR #17495 to fix BPF program lifecycle -- Backport PR #17422 to clean up cgroups more reliably after exit -- Backport PR #17497 to add FixedRandomDelay= support - -* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 -- New upstream pre-release. See - https://github.com/systemd/systemd/blob/v247-rc1/NEWS. - Many smaller and bigger improvements and features are introduced. - (#1885101, #1890632, #1879216) - - A backwards-incompatible change affects PCI network devices which - are connected through a bridge which is itself associated with a - slot. When more than one device was associated with the same slot, - one of the devices would pseudo-randomly get named after the slot. - That name is now not generated at all. This changed behaviour is - causes the net naming scheme to be changed to "v247". To restore - previous behaviour, specify net.naming-scheme=v245. - - systemd-oomd is built, but should not be considered "production - ready" at this point. Testing and bug reports are welcome. - -* Wed Sep 30 2020 Dusty Mabe - 246.6-3 -- Try to make files in subpackages (especially the networkd subpackage) - more appropriate. - -* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 -- Build a package with standalone binaries for non-systemd systems. - For now, only systemd-sysusers is included. - -* Thu Sep 24 2020 Christian Glombek - 246.6-2 -- Split out networkd sub-package and add to main package as recommended dependency - -* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 -- Update to latest stable release (various minor fixes: manager, - networking, bootct, kernel-install, systemd-dissect, systemd-homed, - fstab-generator, documentation) (#1876905) -- Do not fail in test because of kernel bug (#1803070) - -* Fri Sep 18 2020 Anita Zhang - 246.1-1.fb3 -- Backport PR #16838 and #16857 to improve $PATH handling -- Backport PR #16940 to fix ECONN handling in sockets -- Backport PR #17031 to fix rate limiting on units in restart loop -- Backport PR #17082 to get nspawn TTY tweaks - -* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 -- Update to latest stable release (a bunch of small network-related - fixes in systemd-networkd and socket handling, documentation updates, - a bunch of fixes for error handling). -- Also remove existing file when creating /etc/resolv.conf symlink - upon installation (#1873856 again) - -* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 -- Update to latest stable version: a rework of how the unit cache mtime works - (hopefully #1872068, #1871327, #1867930), plus various fixes to - systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, - systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for - instantiated units, documentation and shell completions. -- Create /etc/resolv.conf symlink upon installation (#1873856) -- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable - mdns by default in systemd-resolved (#1867830) - -* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 -- Update to bugfix version (some networkd fixes, minor documentation - fixes, relax handling of various error conditions, other fixlets for - bugs without bugzilla numbers). - -* Tue Aug 18 2020 Anita Zhang - 246.1-1.fb2 -- Gate "Obsoletes: systemd < 245.6-1" out due to dependency issues on Facebook - systems - -* Mon Aug 17 2020 Anita Zhang - 246.1-1.fb1 -- Facebook rebuild -- Don't compile in systemd-repart (needs libfdisk >= 2.33 and C8 has 2.32) -- Remove unused systemd-journal-remote.xml and systemd-journal-gatewayd.xml - files since we never used firewalld - -* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 -- A few minor bugfixes -- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so - that systemd-resolved can take over the management of the symlink. - -* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 -- Update to released version. Only some minor bugfixes since the pre-release. - -* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 -- Make /tmp be 50% of RAM again (#1856514) -- Re-run 'systemctl preset systemd-resolved' on upgrades. - /etc/resolv.conf is not modified, by a hint is emitted if it is - managed by NetworkManager. - -* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 -- New pre-release with incremental fixes - (#1856037, #1858845, #1856122, #1857783) -- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR - and mDNS support in resolve-only mode by default). - See https://fedoraproject.org/wiki/Changes/systemd-resolved. - -* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 -- New upstream release, see - https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. - - This release includes many new unit settings, related inter alia to - cgroupsv2 freezer support and cpu affinity, encryption and verification. - systemd-networkd has a ton of new functionality and many other tools gained - smaller enhancements. systemd-homed gained FIDO2 support. - - Documentation has been significantly improved: sd-bus and sd-hwdb - libraries are now fully documented; man pages have been added for - the D-BUS APIs of systemd daemons and various new interfaces. - - Closes #1392925, #1790972, #1197886, #1525593. - -* Wed Jun 24 2020 Bastien Nocera - 245.6-3 -- Set fallback-hostname to fedora so that unset hostnames are still - recognisable (#1392925) - -* Fri Jun 5 2020 Anita Zhang - 245.5-2.fb3 -- Backport 156a5fd to mitigate CVE-2020-13776 - -* Thu Jun 4 2020 Anita Zhang - 245.5-2.fb2 -- Revert c7d26ac which is causing SMI count to go up leading to increased - microstalls during Chef runs - -* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 -- Add self-obsoletes to fix upgrades from F31 - -* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 -- Update to latest stable version (some documentation updates, minor - memory correctness issues) (#1815605, #1827467, #1842067) - -* Thu Apr 30 2020 Anita Zhang - 245.5-2.fb1 -- Facebook rebuild -- Don't compile in systemd-homed, systemd-userdb, and p11kit -- Backport PR #15544 and #15551 (drops FB rlimit_memlock patch) - -* Tue Apr 21 2020 Björn Esser - 245.5-2 -- Add explicit BuildRequires: acl -- Bootstrapping for json-c SONAME bump - -* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 -- Update to latest stable version (#1819313, #1815412, #1800875) - -* Thu Apr 16 2020 Björn Esser - 245.4-2 -- Add bootstrap option to break circular deps on cryptsetup - -* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 -- Update to latest stable version (#1814454) - -* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 -- Update to latest stable version (no issue that got reported in bugzilla) - -* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 -- Update to latest stable version (a few bug fixes for random things) (#1798776) - -* Wed Mar 18 2020 Andrew Gallagher - 244-2.fb4 -- Bump HIGH_RLIMIT_MEMLOCK to 512M - -* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 -- Update to latest version (#1807485) - -* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 -- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) -- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) -- Move systemd-bless-boot.service and systemd-boot-system-token.service to - systemd-udev subpackage (#1807462) -- Move a bunch of other services to systemd-udev: - systemd-pstore.service, all fsck-related functionality, - systemd-volatile-root.service, systemd-verity-setup.service, and a few - other related files. -- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) -- Fix namespace-related failure when starting systemd-homed (#1807465) and - group lookup failure in nss_systemd (#1809147) -- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines - (#1716164) -- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) - -* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 -- Update daemon-reexec fallback to check whether the system is booted with - systemd as PID 1 and check whether we're upgrading before using kill -TERM - on PID 1 (#1803240) - -* Thu Feb 20 2020 Filipe Brandenburger - 244-2.fb3 -- Only kill -TERM 1 when systemd is actually running. - -* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 -- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) - -* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 -- Add default 'disable *' preset for user units (#1792474, #1468501), - see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. -- Add macro to generate "compat" scriptlets based off sysusers.d format - and autogenerate user() and group() virtual provides (#1792462), - see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. -- Revert patch to udev rules causing regression with usb hubs (#1800820). - -* Thu Feb 6 2020 Anita Zhang - 244-2.fb2 -- Backport PR#14815 (Permissive syscall filtering in dbus-execute) - -* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 -- New upstream release, see - https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. - - This release includes completely new functionality: systemd-repart, - systemd-homed, user reconds in json, and multi-instantiable - journald, and a partial rework of internal communcation to use - varlink, and bunch of more incremental changes. - - The "predictable" interface name naming scheme is changed, - net.naming-scheme= can be used to undo the change. The change applies - to container interface names on the host. - -- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. - -* Fri Jan 31 2020 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Jan 9 2020 Anita Zhang - 244-2.fb1 -- Facebook rebuild -- Backport PR#13823 (PrivateUsers=true for unprivileged user managers) -- Backport PR#14441 (Fix type.d drop-in ordering) - -* Sat Dec 21 2019 - 244.1-2 -- Disable service watchdogs (for systemd units) - -* Sun Dec 15 2019 - 244.1-1 -- Update to latest stable batch (systemd-networkd fixups, better - support for seccomp on s390x, minor cleanups to documentation). -- Drop patch to revert addition of NoNewPrivileges to systemd units - -* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 -- Update to latest version. Just minor bugs fixed since the pre-release. - -* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 -- Update to latest pre-release version, - see https://github.com/systemd/systemd/blob/master/NEWS#L3. - Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, - systemd-networkd does not create a default route for link local addressing, - systemd-networkd supports dynamic reconfiguration and a bunch of new settings. - Network files support matching on WLAN SSID and BSSID. -- Better error messages when preset/enable/disable are used with a glob (#1763488) -- u2f-hidraw-policy package is obsoleted (#1753381) - -* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 -- Latest bugfix release. Systemd-stable snapshots will now be numbered. -- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) -- systemd-modules-load.service should only warn, not fail, on error (#1254340) -- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, - CVE-2018-21029) -- Fix regression with crypttab keys with colons -- Various memleaks and minor memory access issues, warning adjustments - -* Thu Oct 31 2019 Davide Cavalca - 243-2.fb3 -- Backport PR#13754 (allow restart for oneshot units) -- Misc specfiles fixes to support building on el8 as well -- Default el8 builds to the unified hierarchy - -* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 -- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) - -* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 -- Various minor documentation and error message cleanups -- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) - -* Wed Oct 2 2019 Davide Cavalca - 243-2.fb2 -- Backport PR#13689 (a bunch of protection-related fixes) - -* Fri Sep 27 2019 Davide Cavalca - 243-2.fb1 -- Facebook rebuild -- drop "use bfq as the default scheduler" patch -- backport PR#13369 (ExecXYZEx= bus hook ups) -- disable udev-test.pl for now due to flakiness - -* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 -- Backport a bunch of patches (memory access issues, improvements to error - reporting and handling in networkd, some misleading man page contents #1751363) -- Fix permissions on static nodes (#1740664) -- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts -- Fix one crash in systemd-resolved (#1703598) -- Make journal catalog creation reproducible (avoid unordered hashmap use) -- Mark the accelerometer in HP laptops as part of the laptop base -- Fix relabeling of directories with relabel-extra.d/ -- Fix potential stuck noop jobs in pid1 -- Obsolete timedatex package (#1735584) - -* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 -- Update to latest release -- Emission of Session property-changed notifications from logind is fixed - (this was breaking the switching of sessions to and from gnome). -- Security issue: unprivileged users were allowed to change DNS - servers configured in systemd-resolved. Now proper polkit authorization - is required. - -* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 -- Backport PR #13406 to solve PATH ordering issue (#1744059) - -* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 -- Update to latest pre-release. Fixes #1740113, #1717712. -- The default scheduler for disks is set to BFQ (1738828) -- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). - Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. - See https://fedoraproject.org/wiki/Changes/CGroupsV2. - -* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 -- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) - -* Wed Aug 7 2019 Anita Zhang - 242-2.fb4 -- Backport PR#12933 (core: ExecCondition= for services) -- Backport PR#13096 (Preparatory work for the unit loading rework) -- Backport PR#13119 (Rework unit loading to take into account all aliases) - -* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 -- Update to latest version (#1715699, #1696373, #1711065, #1718192) - -* Sat Jul 27 2019 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 -- Ignore bad rdrand output on AMD CPUs (#1729268) -- A bunch of backported patches from upstream: documentation, memory - access fixups, command output tweaks (#1708996) - -* Thu Jul 18 2019 Anita Zhang - 242-2.fb3 -- Backport PR#12346 (make sure accept_flush() doesn't hang on EOPNOTSUPP) -- Backport PR#12979 (add SystemCallErrorNumber=EPERM to systemd-portabled.service) - -* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 -- Rebuilt (libqrencode.so.4) - -* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 -- Rebuilt for iptables update (libip4tc.so.2) - -* Thu Jun 20 2019 Anita Zhang - 242-2.fb2 -- Backport PR#11778 (ExecStartXYZEx= dbus support) -- Backport PR#12729 (nspawn: don't hard fail when setting capabilities) -- Backport PR#12745 (IPAddressXYZ="any" for users with CAP_NET_ADMIN) - -* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 -- Add symbol to mark vtable format changes (anything using sd_add_object_vtable - or sd_add_fallback_vtable needs to be rebuilt) -- Fix wireguard ListenPort handling in systemd-networkd -- Fix hang in flush_accept (#1702358) -- Fix handling of RUN keys in udevd -- Some documentation and shell completion updates and minor fixes - -* Thu Apr 25 2019 Davide Cavalca - 242-2.fb1 -- Facebook rebuild -- Backport PR#12336 (support DisableControllers= for transient units) - -* Tue Apr 16 2019 Adam Williamson - 242-2 -- Rebuild with Meson fix for #1699099 - -* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 -- Update to latest release -- Make scriptlet failure non-fatal - -* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 -- Update to latest prerelease - -* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 -- Update to latest prerelease - -* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 -- Update to the latest prerelease. -- The bug reported on latest update that systemd-resolved and systemd-networkd are - re-enabled after upgrade is fixed. - -* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 -- Backport various patches from the v241..v242 range: - kernel-install will not create the boot loader entry automatically (#1648907), - various bash completion improvements (#1183769), - memory leaks and such (#1685286). - -* Fri Mar 22 2019 Davide Cavalca - 241-1.fb2 -- Backport PR#11754 (sd-bus fixes for CVE-2019-6454) -- Backport PR#12078 (nspawn fix) - -* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 -- Declare hyperv and framebuffer devices master-of-seat again (#1683197) - -* Wed Feb 27 2019 Davide Cavalca - 241-1.fb1 -- Facebook rebuild -- Rebase fio udev patch (this will likely be dropped in the next release) -- Drop the mock testing patches, not needed anymore -- Ignore errors for Python bytecompiling due to run-unit-tests.py -- Fix the run-unit-tests.py shebang to use python36 -- Backport PR#11831 (missing include) and PR#11836 (test-chown-rec fix) - -* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 -- Prevent buffer overread in systemd-udevd -- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) - -* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 -- Turn LTO back on - -* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 -- Update to latest release -rc2 - -* Sun Feb 03 2019 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 -- Backport a patch for kernel-install - -* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 -- Update to latest release -rc1 - -* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 -- Add a work-around for #1663040 - -* Mon Jan 14 2019 Björn Esser -- Rebuilt for libcrypt.so.2 (#1666033) - -* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 -- Add a work-around for selinux issue on live images (#1663040) - -* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 -- systemd-journald and systemd-journal-remote reject entries which - contain too many fields (CVE-2018-16865, #1664973) and set limits on the - process' command line length (CVE-2018-16864, #1664972) -- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) -- A fix for systemd-udevd crash (#1662303) - -* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 -- Add two more patches that revert recent udev changes - -* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 -- Update to latest release - See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. - -* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 -- Hibernation checks for resume= are rescinded (#1645870) -- Various patches: - - memory issues in logind, networkd, journald (#1653068), sd-device, etc. - - Adaptations for newer meson, lz4, kernel - - Fixes for misleading bugs in documentation -- net.ipv4.conf.all.rp_filter is changed from 1 to 2 - -* Mon Dec 10 2018 Davide Cavalca - 239-1.fb6 -- Backport PR#10411 and PR#10493 (systemd-analyze timespan command) -- Rebase our PR#10507 and PR#10567 backports onto the version merged upstream -- Backport PR#10757 (cgroup2 BPF devices fixes) -- Backport PR#10876 (cgroup_subtree_mask propagation fix) - -* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek -- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf - (see https://github.com/pbrezina/authselect/issues/77) -- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve - -* Sun Nov 18 2018 Alejandro Domínguez Muñoz -- Remove link creation for rsyslog.service - -* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 -- Go back to using systemctl preset-all in %%post (#1647172, #1118740) - -* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 -- Requires(post) openssl-libs to fix live image build machine-id issue - See: https://pagure.io/dusty/failed-composes/issue/960 - -* Mon Nov 5 2018 Yu Watanabe -- Set proper attributes to private directories - -* Fri Nov 2 2018 Davide Cavalca - 239-1.fb5 -- Backport PR#10507 (don't require CPU controller for CPU accounting) -- Backport PR#10567 (DisableControllers= directive) - -* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 -- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) - -* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 -- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) -- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) -- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) -- The DHCP server is started only when link is UP -- DHCPv6 prefix delegation is improved -- Downgrade logging of various messages and add loging in other places -- Many many fixes in error handling and minor memory leaks and such -- Fix typos and omissions in documentation -- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) -- Matching by MACAddress= in systemd-networkd is fixed -- Creation of user runtime directories is improved, and the user - manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) -- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 -- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. -- "systemctl --wait start" exits immediately if no valid units are named -- zram devices are not considered as candidates for hibernation -- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) -- Various smaller improvements to unit ordering and dependencies -- generators are now called with the manager's environment -- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues -- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where - the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. -- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user - threads are used by bpfilter. -- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present -- Hibernation is not advertised if resume= is not present on the kernenl command line -- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, - AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= -- LOGO= and DOCUMENTATION_URL= are documented for the os-release file -- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries -- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects -- Catalog entries for the journal are improved (#1639482) -- If suspend fails, the post-suspend hooks are still called. -- Various build issues on less-common architectures are fixed - -* Fri Oct 12 2018 Davide Cavalca - 239-1.fb4 -- Backport PR#10062 (cgroup2 BPF device controller support) -- Backport PR#10203, PR#10363 (tests fixes for supplementary groups) -- Backport PR#10368 (%g, %G specifiers support) -- Add hostname to BuildRequires (it's needed by test-execute) -- Reenable test-execute now that it's finally working - -* Wed Oct 3 2018 Jan Synáček - 239-5 -- Fix meson using -Ddebug, which results in FTBFS -- Fix line_begins() to accept word matching full string (#1631840) - -* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 -- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) - -* Fri Aug 24 2018 Davide Cavalca - 239-1.fb3 -- backport new version of guro's cgroup2 BPF device controller patch - -* Wed Jul 18 2018 Terje Rosten - 239-3 -- Ignore return value from systemd-binfmt in scriptlet (#1565425) - -* Sun Jul 15 2018 Filipe Brandenburger -- Override systemd-user PAM config in install and not prep - -* Sat Jul 14 2018 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed Jul 4 2018 Davide Cavalca - 239-1.fb2 -- backport PR#9460 (followup to PR#9410) -- backport PR#9500 (support for StandardOutput=append:) -- revert c58fd46 (part of PR#8403) to workaround a FB-specific build issue - -* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek -- Rebuild for Python 3.7 again - -* Mon Jun 25 2018 Davide Cavalca - 239-1.fb1 -- Facebook rebuild -- backport PR#9244 and PR#9247 (new cgroup2 features) -- backport PR#9410 (gnutls detection, fix for #9403) - -* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 -- Update to latest version, mostly bug fixes and new functionality, - very little breaking changes. See - https://github.com/systemd/systemd/blob/v239/NEWS for details. - -* Tue Jun 19 2018 Miro Hrončok -- Rebuilt for Python 3.7 - -* Thu May 31 2018 Davide Cavalca - 238-7.fb3 -- Update cgroup2 BPF device controller patches -- Backport PR#9148 to mitigate pid watching issue on git - -* Tue May 15 2018 Davide Cavalca - 238-7.fb2 -- Backport htejun's io.latency patch -- Backport guro's cgroup2 BPF device controller patch - -* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 -- Backport a number of patches (documentation, hwdb updates) -- Fixes for tmpfiles 'e' entries -- systemd-networkd crashes -- XEN virtualization detection on hyper-v -- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) - -* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 -- Allow fake Delegate= setting on slices (#1568594) - -* Thu Apr 5 2018 Davide Cavalca - 238-7.fb1 -- Facebook rebuild -- Reenable tests (except test-execute which is still broken) - -* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 -- Move udev transfiletriggers to the right package, fix quoting - -* Tue Mar 27 2018 Colin Walters - 238-6 -- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 - This fixes compatibility with rpm-ostree. - -* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 -- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) - -* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 -- Do not close dbus connection during dbus reload call (#1554578) - -* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 -- Revert the patches for GRUB BootLoaderSpec support -- Add patch for /etc/machine-id creation (#1552843) - -* Tue Mar 6 2018 Yu Watanabe - 238-2 -- Fix transfiletrigger script (#1551793) - -* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 -- Update to latest version -- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) -- New transfiletriggers are installed for udev hwdb and rules, the journal - catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. - -* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 -- Add patch to install kernel images for GRUB BootLoaderSpec support - -* Mon Feb 26 2018 Davide Cavalca - 237-1.fb3 -- Backport PR#8115 to properly fix GH#8194 - -* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 -- Create /etc/systemd in %%post libs if necessary (#1548607) - -* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 -- Use : not touch to create file in -libs %%post - -* Thu Feb 22 2018 Davide Cavalca - 237-1.fb2 -- Add workaround for an issue with systemd-nspawn -u affecting mock (GH#8194) - -* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 -- Add coreutils dep for systemd-libs %%post -- Add patch to typecast USB IDs to avoid compile failure - -* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 -- Update some patches for test skipping that were updated upstream - before merging -- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined - correctly and possibly replace existing mappings - -* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 -- Backport a bunch of patches, most notably for the journal and various - memory issues. Some minor build fixes. -- Switch to new ldconfig macros that do nothing in F28+ -- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody - or nobody users are defined (#1537262) - -* Mon Feb 12 2018 Davide Cavalca - 237-1.fb1 -- Facebook rebuild -- Backport configurable docdir patch from master (PR#8068) -- Ensure split-files.py is run with python36 -- Set nfs/nfsnobody as nobody users -- Add pcre2-devel dependecy for journalctl --grep -- Disable tests for now as they're failing randomly when building in mock -- Use 10485760 as container base for Facebook to avoid conflicting with LDAP -- Backport PID file symlink chain checks fix from master (PR#8133) - -* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 -- Update to first stable snapshot (various minor memory leaks and misaccesses, - some documentation bugs, build fixes). - -* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 -- Update to latest version - -* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c -- Add patch to include if needed - -* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c -- Rebuilt for switch to libxcrypt - -* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 -- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 - various memory corruptions in systemd-networkd) -- /dev/kvm is marked as a static node which fixes permissions on s390x - and ppc64 (#1532382) - -* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 -- Update to latest version - -* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 -- Update to latest git snapshot, do not build for realz -- Switch to libidn2 again (#1449145) - -* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 -- Rebuild for cryptsetup-2.0.0-0.2.fc28 - -* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 -- Backport a bunch of patches, including LP#172535 - -* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 -- Patches for cryptsetup _netdev - -* Mon Oct 9 2017 Davide Cavalca - 235-1.fb1 -- Facebook rebuild - -* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 -- Update to latest version - -* Tue Sep 26 2017 Nathaniel McCallum - 234-8 -- Backport /etc/crypttab _netdev feature from upstream - -* Thu Sep 21 2017 Michal Sekletar - 234-7 -- Make sure to remove all device units sharing the same sysfs path (#1475570) - -* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 -- Bump xslt recursion limit for libxslt-1.30 - -* Mon Sep 18 2017 Davide Cavalca - 234-5.fb2 -- backport build fix for O_TMPFILE from PR#6816 - -* Tue Aug 8 2017 Davide Cavalca - 234-5.fb1 -- new upstream release -- drop compat-libs patch in favor of separate systemd-compat-libs project -- force locale to UTF-8 to make meson happy -- disable broken test-execute -- backport nsdelegate support from PR#6294 - -* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 -- Backport more patches (#1476005, hopefully #1462378) - -* Thu Jul 27 2017 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 -- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) -- Minor patches (memleaks, --help fixes, seccomp on arm64) - -* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 -- Create kvm group (#1431876) - -* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 -- Latest release - -* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c -- Update to snapshot -- Build with meson again - -* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 -- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) - -* Sat Jun 17 2017 Peter Blair - 233-2.fb2 -- Apply patch from CVE-2017-9445 - -* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 -- Update to snapshot version, build with meson - -* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 -- Backport a bunch of small fixes (memleaks, wrong format strings, - man page clarifications, shell completion) -- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) -- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) -- Drop soft-static uid for systemd-journal-gateway -- Use ID from /etc/os-release as ntpvendor - -* Thu Apr 13 2017 Davide Cavalca - 233-2.fb1 -- New upstream release -- disable a couple of broken tests -- default to legacy hierarchy for now - -* Wed Apr 12 2017 Davide Cavalca - 231-11.fb2 -- fix lz4 depends to pick the right package - -* Mon Apr 3 2017 Davide Cavalca - 231-11.fb1 -- use facebook macro to gate Facebook-specific settings -- rebuild against new RPM backport -- update patches - -* Thu Mar 16 2017 Michal Sekletar - 233-3 -- Backport bugfixes from upstream -- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) - -* Tue Mar 14 2017 Patrick White - 231-2.fb4 -- add poettering patch to fix hitting an assert (PR#4447) - -* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 -- Fix installation conflict with polkit - -* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 -- New upstream release (#1416201, #1405439, #1420753, many others) -- New systemd-tests subpackage with "installed tests" - -* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 -- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) - -* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 -- Ignore the hwdb parser test - -* Tue Feb 14 2017 Jan Synáček - 232-14 -- machinectl fails when virtual machine is running (#1419501) - -* Sat Feb 11 2017 Fedora Release Engineering - 232-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 -- Backport patch for initrd-switch-root.service getting killed (#1414904) -- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE - extraction by sd-coredump. - -* Sun Jan 29 2017 zbyszek - 232-11 -- Backport a number of patches (#1411299, #1413075, #1415745, - ##1415358, #1416588, #1408884) -- Fix various memleaks and unitialized variable access -- Shell completion enhancements -- Enable TPM logging by default (#1411156) -- Update hwdb (#1270124) - -* Thu Jan 19 2017 Adam Williamson - 232-10 -- Backport fix for boot failure in initrd-switch-root (#1414904) - -* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 -- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam - is available as multilib (#1414153) - -* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 -- Fix buildsystem to check for lz4 correctly (#1404406) - -* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 -- Various small tweaks to scriplets - -* Sat Jan 07 2017 Kevin Fenzi - 232-6 -- Fix scriptlets to never fail in libs post - -* Fri Jan 06 2017 Kevin Fenzi - 232-5 -- Add patch from Michal Schmidt to avoid process substitution (#1392236) - -* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 -- Rebuild (#1392236) - -* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 -- Make /etc/dbus-1/system.d directory non-%%ghost - -* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 -- Fix kernel-install (#1391829) -- Restore previous systemd-user PAM config (#1391836) -- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) -- Fix permissions on /var/lib/systemd/journal-upload (#1262665) - -* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 -- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) -- Add %%{_isa} to Provides on arch-full packages (#1387912) -- Create systemd-coredump user in %%pre (#1309574) -- Replace grubby patch with a short-circuiting install.d "plugin" -- Enable nss-systemd in the passwd, group lines in nsswith.conf -- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf -- Move systemd-nspawn man pages to the right subpackage (#1391703) - -* Tue Oct 18 2016 Jan Synáček - 231-11 -- SPC - Cannot restart host operating from container (#1384523) - -* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 -- Do not recreate /var/log/journal on upgrades (#1383066) -- Move nss-myhostname provides to systemd-libs (#1383271) - -* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 -- Fix systemctl set-default (#1374371) -- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) - -* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 -- Apply fix for #1378974 - -* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 -- Apply patches properly - -* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 -- Better fix for (#1380286) - -* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 -- Denial-of-service bug against pid1 (#1380286) - -* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 -- Fix preset-all (#1363858) -- Fix issue with daemon-reload messing up graphics (#1367766) -- A few other bugfixes - -* Wed Aug 10 2016 Davide Cavalca - 231-2.fb3 -- add mpawlowski root filesystem namespace patch for #12621017 -- add htejun patch for cgroup2 cpu controller (PR#3905) -- update htejun logind patch from PR#3835 - -* Wed Aug 03 2016 Adam Williamson - 231-3 -- Revert preset-all change, it broke stuff (#1363858) - -* Thu Jul 28 2016 Davide Cavalca - 231-2.fb2 -- add /dev/fio patch from bwann for GH#3718 -- import PR#3821 updates and rebase patches on github -- add htejun logind patch for UserTasksMax (#12460186, PR#3835) - -* Wed Jul 27 2016 Davide Cavalca - 231-2.fb1 -- Facebook rebuild -- Fix test failures in mock (#7950934, PR#3821) -- drop fsck on root patch now that we have the new dracut (see PR#3822) -- Rework LTO disable patch to be conditional (#11565880, PR#3823) -- update compat-libs and rebase onto public branch - (https://github.com/davide125/systemd/tree/compat-libs) -- add back python support now that we have python34-lxml -- add back xkbcommon support as it's available in rolling os updates - -* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 -- Call preset-all on initial installation (#1118740) -- Fix botched Recommends for libxkbcommon - -* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 -- Update to latest version - -* Tue Jul 19 2016 Davide Cavalca - 230-2.fb2 -- fix fsck for root filesystem on firstboot after install (#11352467) - -* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 -- Update to latest git snapshot (fixes for systemctl set-default, - polkit lingering policy, reversal of the framebuffer rules, - unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). - Those changes are interspersed with other changes and new features - (mostly in lldp, networkd, and nspawn). Some of those new features - might not work, but I think that existing functionality should not - be broken, so it seems worthwile to update to the snapshot. - -* Thu May 26 2016 Davide Cavalca - 230-2.fb1 -- Facebook rebuild -- backport htejun PRs for cgroup2 (#3337, #3329, #3315, #3417, #3418) -- add back compat-libs - -* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 -- Remove systemd-compat-libs on upgrade - -* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 -- New version -- Drop compat-libs -- Require libxkbcommon explictly, since the automatic dependency will - not be generated anymore - -* Thu May 12 2016 Tejun Heo - 229-1.fb6 -- backport https://github.com/systemd/systemd/pull/3246 to fix slice overrides - -* Mon May 09 2016 Davide Cavalca - 229-1.fb5 -- update Tejun Heo patches for cgroup2 io controller support - -* Fri Apr 29 2016 Davide Cavalca - 229-1.fb4 -- add Tejun Heo test patch for cgroup2 IO controllers support (#10638181) - -* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 -- Remove duplicated entries in -container %%files (#1330395) - -* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 -- Move installation of udev services to udev subpackage (#1329023) - -* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 -- Split out systemd-pam subpackage (#1327402) - -* Mon Apr 18 2016 Harald Hoyer - 229-12 -- move more binaries and services from the main package to subpackages - -* Mon Apr 18 2016 Harald Hoyer - 229-11 -- move more binaries and services from the main package to subpackages - -* Mon Apr 18 2016 Harald Hoyer - 229-10 -- move device dependant stuff to the udev subpackage - -* Thu Mar 24 2016 Davide Cavalca - 229-1.fb3 -- add Tejun Heo patches for cgroups v2 support (#10268183) - -* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 -- Add myhostname to /etc/nsswitch.conf (#1318303) - -* Mon Mar 21 2016 Harald Hoyer - 229-8 -- fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 - -* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 -- Moar patches (#1316964, #1317928) -- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev -- Protect systemd-udev from deinstallation - -* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 -- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) - -* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 -- Split out systemd-container subpackage (#1163412) -- Split out system-udev subpackage -- Add various bugfix patches, incl. a tentative fix for #1308771 - -* Wed Mar 02 2016 Davide Cavalca - 229-1.fb2 -- revert RPM trigger macros for #10119506 - -* Tue Mar 1 2016 Peter Robinson 229-4 -- Power64 and s390(x) now have libseccomp support -- aarch64 has gnu-efi - -* Tue Feb 23 2016 Jan Synáček - 229-3 -- Fix build failures on ppc64 (#1310800) - -* Tue Feb 16 2016 Dennis Gilmore - 229-2 -- revert: fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 -- this causes the dtb files to not get installed at all and the fdtdir -- line in extlinux.conf to not get updated correctly - -* Tue Feb 16 2016 Davide Cavalca - 229-1.fb1 -- Facebook rebuilt -- disable LTO to fix a build segfault with LTO - -* Thu Feb 11 2016 Michal Sekletar - 229-1 -- New upstream release - -* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 -- fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 - -* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 -- Rebuild for binutils on aarch64 fix - -* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 -- apply the conflict with fedora-release only in Fedora - -* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 -- Fix rawhide build failures on ppc64 (#1286249) - -* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 -- Create /etc/systemd/network (#1286397) - -* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 -- Do not install nss modules by default - -* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 -- Update to latest upstream git: there is a bunch of fixes - (nss-mymachines overflow bug, networkd fixes, more completions are - properly installed), mixed with some new resolved features. -- Rework file triggers so that they always run before daemons are restarted - -* Mon Nov 23 2015 Davide Cavalca - 228-3.fb1 -- Facebook rebuilt -- disable test-namespace -- revert rpm file triggers as they don't work on el7 - -* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 -- Enable rpm file triggers for daemon-reload - -* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 -- Fix version number in obsoleted package name (#1283452) - -* Wed Nov 18 2015 Kay Sievers - 228-1 -- New upstream release - -* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 -- Rename journal-gateway subpackage to journal-remote -- Ignore the access mode on /var/log/journal (#1048424) -- Do not assume fstab is present (#1281606) - -* Wed Nov 11 2015 Fedora Release Engineering - 227-6 -- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 - -* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 -- Rebuild for libmicrohttpd soname bump - -* Fri Nov 06 2015 Robert Kuska - 227-4 -- Rebuilt for Python3.5 rebuild - -* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 -- Fix syntax in kernel-install (#1277264) - -* Tue Nov 03 2015 Michal Schmidt - 227-2 -- Rebuild for libmicrohttpd soname bump. - -* Fri Oct 09 2015 Davide Cavalca - 227-1.fb1 -- disable tests broken on centos6 -- fix build with centos7 curl -- kernel-install: add fedora specific callouts to new-kernel-pkg - -* Wed Oct 7 2015 Kay Sievers - 227-1 -- New upstream release - -* Fri Sep 18 2015 Jan Synáček - 226-3 -- user systemd-journal-upload should be in systemd-journal group (#1262743) - -* Fri Sep 18 2015 Kay Sievers - 226-2 -- Add selinux to system-user PAM config - -* Tue Sep 8 2015 Kay Sievers - 226-1 -- New upstream release - -* Thu Aug 27 2015 Kay Sievers - 225-1 -- New upstream release - -* Fri Jul 31 2015 Kay Sievers - 224-1 -- New upstream release - -* Wed Jul 29 2015 Kay Sievers - 223-2 -- update to git snapshot - -* Wed Jul 29 2015 Kay Sievers - 223-1 -- New upstream release - -* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 -- Remove python subpackages (python-systemd in now standalone) - -* Tue Jul 7 2015 Kay Sievers - 222-1 -- New upstream release - -* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a -- update to git snapshot - -* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a -- Add example file with yama config (#1234951) - -* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a -- update to git snapshot - -* Mon Jun 22 2015 Kay Sievers - 221-2 -- build systemd-boot EFI tools - -* Fri Jun 19 2015 Lennart Poettering - 221-1 -- New upstream release -- Undoes botched translation check, should be reinstated later? - -* Fri Jun 19 2015 Fedora Release Engineering - 220-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Thu Jun 11 2015 Peter Robinson 220-9 -- The gold linker is now fixed on aarch64 - -* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 -- Remove gudev which is now provided as separate package (libgudev) -- Fix for spurious selinux denials (#1224211) -- Udev change events (#1225905) -- Patches for some potential crashes -- ProtectSystem=yes does not touch /home -- Man page fixes, hwdb updates, shell completion updates -- Restored persistent device symlinks for bcache, xen block devices -- Tag all DRM cards as master-of-seat - -* Tue Jun 09 2015 Harald Hoyer 220-7 -- fix udev block device watch - -* Tue Jun 09 2015 Harald Hoyer 220-6 -- add support for network disk encryption - -* Sun Jun 7 2015 Peter Robinson 220-5 -- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) - -* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 -- systemd-devel should require systemd-libs, not the main package (#1226301) -- Check for botched translations (#1226566) -- Make /etc/udev/hwdb.d part of the rpm (#1226379) - -* Thu May 28 2015 Richard W.M. Jones - 220-3 -- Add patch to fix udev --daemon not cleaning child processes - (upstream commit 86c3bece38bcf5). - -* Wed May 27 2015 Richard W.M. Jones - 220-2 -- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). - -* Thu May 21 2015 Lennart Poettering - 220-1 -- New upstream release -- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) -- Remove ghosting for /etc/systemd/system/runlevel*.target, these - targets are not configurable anymore in systemd upstream -- Drop work-around for #1002806, since this is solved upstream now - -* Wed May 20 2015 Dennis Gilmore - 219-15 -- fix up the conflicts version for fedora-release - -* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 -- Remove presets (#1221340) -- Fix (potential) crash and memory leak in timedated, locking failure - in systemd-nspawn, crash in resolved. -- journalctl --list-boots should be faster -- zsh completions are improved -- various ommissions in docs are corrected (#1147651) -- VARIANT and VARIANT_ID fields in os-release are documented -- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) -- systemd-tmpfiles should behave better on read-only file systems (#1207083) - -* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 -- Patches for some outstanding annoyances -- Small keyboard hwdb updates - -* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 -- Tighten requirements between subpackages (#1207381). - -* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 -- Move all parts systemd-journal-{remote,upload} to - systemd-journal-gatewayd subpackage (#1193143). -- Create /var/lib/systemd/journal-upload directory (#1193145). -- Cut out lots of stupid messages at debug level which were obscuring more - important stuff. -- Apply "tentative" state for devices only when they are added, not removed. -- Ignore invalid swap pri= settings (#1204336) -- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) -- Fix comparing of filesystem paths (#1184016) - -* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 -- Fixes for bugs 1186018, 1195294, 1185604, 1196452. -- Hardware database update. -- Documentation fixes. -- A fix for journalctl performance regression. -- Fix detection of inability to open files in journalctl. -- Detect SuperH architecture properly. -- The first of duplicate lines in tmpfiles wins again. -- Do vconsole setup after loading vconsole driver, not fbcon. -- Fix problem where some units were restarted during systemd reexec. -- Fix race in udevadm settle tripping up NetworkManager. -- Downgrade various log messages. -- Fix issue where journal-remote would process some messages with a delay. -- GPT /srv partition autodiscovery is fixed. -- Reconfigure old Finnish keymaps in post (#1151958) - -* Tue Mar 10 2015 Jan Synáček - 219-9 -- Buttons on Lenovo X6* tablets broken (#1198939) - -* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 -- Reworked device handling (#1195761) -- ACL handling fixes (with a script in %%post) -- Various log messages downgraded (#1184712) -- Allow PIE on s390 again (#1197721) - -* Wed Feb 25 2015 Michal Schmidt - 219-7 -- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) - -* Tue Feb 24 2015 Colin Walters - 219-6 -- Revert patch that breaks Atomic/OSTree (#1195761) - -* Fri Feb 20 2015 Michal Schmidt - 219-5 -- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. - -* Fri Feb 20 2015 Michal Schmidt - 219-4 -- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. - -* Wed Feb 18 2015 Michal Schmidt - 219-3 -- arm: disabling gold did not help; disable lto instead (#1193212) - -* Tue Feb 17 2015 Peter Jones - 219-2 -- Update 90-default.present for dbxtool. - -* Mon Feb 16 2015 Lennart Poettering - 219-1 -- New upstream release -- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) -- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink -- This enables "%%check" -- disable gold on arm, as that is broken (see #1193212) - -* Mon Feb 16 2015 Peter Robinson 218-6 -- aarch64 now has seccomp support - -* Thu Feb 05 2015 Michal Schmidt - 218-5 -- Don't overwrite systemd.macros with unrelated Source file. - -* Thu Feb 5 2015 Jan Synáček - 218-4 -- Add a touchpad hwdb (#1189319) - -* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 -- Enable xkbcommon dependency to allow checking of keymaps -- Fix permissions of /var/log/journal (#1048424) -- Enable timedatex in presets (#1187072) -- Disable rpcbind in presets (#1099595) - -* Wed Jan 7 2015 Jan Synáček - 218-3 -- RFE: journal: automatically rotate the file if it is unlinked (#1171719) - -* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 -- Add firewall description files (#1176626) - -* Thu Dec 18 2014 Jan Synáček - 218-2 -- systemd-nspawn doesn't work on s390/s390x (#1175394) - -* Wed Dec 10 2014 Lennart Poettering - 218-1 -- New upstream release -- Enable "nss-mymachines" in /etc/nsswitch.conf - -* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 -- Change libgudev1 to only require systemd-libs (#727499), there's - no need to require full systemd stack. -- Fixes for bugs #1159448, #1152220, #1158035. -- Bash completions updates to allow propose more units for start/restart, - and completions for set-default,get-default. -- Again allow systemctl enable of instances. -- Hardware database update and fixes. -- Udev crash on invalid options and kernel commandline timeout parsing are fixed. -- Add "embedded" chassis type. -- Sync before 'reboot -f'. -- Fix restarting of timer units. - -* Wed Nov 05 2014 Michal Schmidt - 217-3 -- Fix hanging journal flush (#1159641) - -* Fri Oct 31 2014 Michal Schmidt - 217-2 -- Fix ordering cycles involving systemd-journal-flush.service and - remote-fs.target (#1159117) - -* Tue Oct 28 2014 Lennart Poettering - 217-1 -- New upstream release - -* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 -- Drop PackageKit.service from presets (#1154126) - -* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 -- Conflict with old versions of initscripts (#1152183) -- Remove obsolete Finnish keymap (#1151958) - -* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 -- Fix a problem with voluntary daemon exits and some other bugs - (#1150477, #1095962, #1150289) - -* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 -- Update to latest git, but without the readahead removal patch - (#1114786, #634736) - -* Wed Oct 01 2014 Kay Sievers - 216-8 -- revert "don't reset selinux context during CHANGE events" - -* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 -- add temporary workaround for #1147910 -- don't reset selinux context during CHANGE events - -* Wed Sep 10 2014 Michal Schmidt - 216-6 -- Update timesyncd with patches to avoid hitting NTP pool too often. - -* Tue Sep 09 2014 Michal Schmidt - 216-5 -- Use common CONFIGURE_OPTS for build2 and build3. -- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. - -* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 -- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) - -* Thu Aug 28 2014 Peter Robinson 216-3 -- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) - -* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 -- Re-add patch to disable resolve.conf symlink (#1043119) - -* Wed Aug 20 2014 Lennart Poettering - 216-1 -- New upstream release - -* Mon Aug 18 2014 Fedora Release Engineering - 215-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Wed Aug 13 2014 Dan Horák 215-11 -- disable LTO also on s390(x) - -* Sat Aug 09 2014 Harald Hoyer 215-10 -- fixed PPC64LE - -* Wed Aug 6 2014 Tom Callaway - 215-9 -- fix license handling - -* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 -- Create systemd-journal-remote and systemd-journal-upload users (#1118907) - -* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 -- Split out systemd-compat-libs subpackage - -* Tue Jul 22 2014 Kalev Lember - 215-6 -- Rebuilt for gobject-introspection 1.41.4 - -* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 -- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) -- Add missing BR so gnutls and elfutils are used - -* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 -- Various man page updates -- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD - for better behaviour in containers -- Some small networkd link handling fixes -- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) -- New systemd-escape tool -- XZ compression settings are tweaked to greatly improve journald performance -- "watch" is accepted as chassis type -- Various sysusers fixes, most importantly correct selinux labels -- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) -- Shell completion improvements -- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access -- XEN and s390 virtualization is properly detected - -* Mon Jul 07 2014 Colin Walters - 215-3 -- Add patch to disable resolve.conf symlink (#1043119) - -* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 -- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) -- Disable /etc/mtab handling temporarily (#1116158) - -* Thu Jul 03 2014 Lennart Poettering - 215-1 -- New upstream release -- Enable coredump logic (which abrt would normally override) - -* Sun Jun 29 2014 Peter Robinson 214-5 -- On aarch64 disable LTO as it still has issues on that arch - -* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 -- Bugfixes (#996133, #1112908) - -* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 -- Actually create input group (#1054549) - -* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 -- Do not restart systemd-logind on upgrades (#1110697) -- Add some patches (#1081429, #1054549, #1108568, #928962) - -* Wed Jun 11 2014 Lennart Poettering - 214-1 -- New upstream release -- Get rid of "floppy" group, since udev uses "disk" now -- Reenable LTO - -* Sun Jun 08 2014 Fedora Release Engineering - 213-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Wed May 28 2014 Kay Sievers - 213-3 -- fix systemd-timesync user creation - -* Wed May 28 2014 Michal Sekletar - 213-2 -- Create temporary files after installation (#1101983) -- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) - -* Wed May 28 2014 Kay Sievers - 213-1 -- New upstream release - -* Tue May 27 2014 Kalev Lember - 212-6 -- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 - -* Fri May 23 2014 Adam Williamson - 212-5 -- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) - -* Wed May 07 2014 Kay Sievers - 212-4 -- add netns udev workaround - -* Wed May 07 2014 Michal Sekletar - 212-3 -- enable uuidd.socket by default (#1095353) - -* Sat Apr 26 2014 Peter Robinson 212-2 -- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) - -* Tue Mar 25 2014 Lennart Poettering - 212-1 -- New upstream release - -* Mon Mar 17 2014 Peter Robinson 211-2 -- Explicitly define which upstream platforms support libseccomp - -* Tue Mar 11 2014 Lennart Poettering - 211-1 -- New upstream release - -* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 -- Fix logind unpriviledged reboot issue and a few other minor fixes -- Limit generator execution time -- Recognize buttonless joystick types - -* Fri Mar 07 2014 Karsten Hopp 210-7 -- ppc64le needs link warnings disabled, too - -* Fri Mar 07 2014 Karsten Hopp 210-6 -- move ifarch ppc64le to correct place (libseccomp req) - -* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 -- Bugfixes: #1047568, #1047039, #1071128, #1073402 -- Bash completions for more systemd tools -- Bluetooth database update -- Manpage fixes - -* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 -- Apply work-around for ppc64le too (#1073647). - -* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 -- Backport a few patches, add completion for systemd-nspawn. - -* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 -- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 - -* Mon Feb 24 2014 Lennart Poettering - 210-2 -- Check more services against preset list and enable by default - -* Mon Feb 24 2014 Lennart Poettering - 210-1 -- new upstream release - -* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 -- Enable dnssec-triggerd.service by default (#1060754) - -* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 -- git snapshot to sort out ARM build issues - -* Thu Feb 20 2014 Lennart Poettering - 209-1 -- new upstream release - -* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 -- Make gpsd lazily activated (#1066421) - -* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 -- Back out patch which causes user manager to be destroyed when unneeded - and spams logs (#1053315) - -* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 -- A different fix for #1023820 taken from Mageia -- Backported fix for #997031 -- Hardward database updates, man pages improvements, a few small memory - leaks, utf-8 correctness and completion fixes -- Support for key-slot option in crypttab - -* Sat Jan 25 2014 Ville Skyttä - 208-12 -- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 -- Backport a few fixes, relevant documentation updates, and HWDB changes - (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, - #1043212, #1039351, #1031325, #1023820, #1017509, #953077) -- Flip journalctl to --full by default (#984758) - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 -- Apply two patches for #1026860 - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 -- Bump release to stay ahead of f20 - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 -- Backport patches (#1023041, #1036845, #1006386?) -- HWDB update -- Some small new features: nspawn --drop-capability=, running PID 1 under - valgrind, "yearly" and "annually" in calendar specifications -- Some small documentation and logging updates - -* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 -- Bump release to stay ahead of f20 - -* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 -- Use unit name in PrivateTmp= directories (#957439) -- Update manual pages, completion scripts, and hardware database -- Configurable Timeouts/Restarts default values -- Support printing of timestamps on the console -- Fix some corner cases in detecting when writing to the console is safe -- Python API: convert keyword values to string, fix sd_is_booted() wrapper -- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) -- Allow masking of fsck units -- Advertise hibernation to swap files -- Fix SO_REUSEPORT settings -- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) -- Make use of newer kmod -- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 - -* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 -- Add temporary fix for #1002806 - -* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 -- Backport a bunch of fixes and hwdb updates - -* Wed Oct 2 2013 Lennart Poettering - 208-2 -- Move old random seed and backlight files into the right place - -* Wed Oct 2 2013 Lennart Poettering - 208-1 -- New upstream release - -* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 -- Do not create /var/var/... dirs - -* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 -- Fix policykit authentication -- Resolves: rhbz#1006680 - -* Tue Sep 17 2013 Harald Hoyer 207-3 -- fixed login -- Resolves: rhbz#1005233 - -* Mon Sep 16 2013 Harald Hoyer 207-2 -- add some upstream fixes for 207 -- fixed swap activation -- Resolves: rhbz#1008604 - -* Fri Sep 13 2013 Lennart Poettering - 207-1 -- New upstream release - -* Fri Sep 06 2013 Harald Hoyer 206-11 -- support "debug" kernel command line parameter -- journald: fix fd leak in journal_file_empty -- journald: fix vacuuming of archived journals -- libudev: enumerate - do not try to match against an empty subsystem -- cgtop: fixup the online help -- libudev: fix memleak when enumerating childs - -* Wed Sep 04 2013 Harald Hoyer 206-10 -- Do not require grubby, lorax now takes care of grubby -- cherry-picked a lot of patches from upstream - -* Tue Aug 27 2013 Dennis Gilmore - 206-9 -- Require grubby, Fedora installs require grubby, -- kernel-install took over from new-kernel-pkg -- without the Requires we are unable to compose Fedora -- everyone else says that since kernel-install took over -- it is responsible for ensuring that grubby is in place -- this is really what we want for Fedora - -* Tue Aug 27 2013 Kay Sievers - 206-8 -- Revert "Require grubby its needed by kernel-install" - -* Mon Aug 26 2013 Dennis Gilmore 206-7 -- Require grubby its needed by kernel-install - -* Thu Aug 22 2013 Harald Hoyer 206-6 -- kernel-install now understands kernel flavors like PAE - -* Tue Aug 20 2013 Rex Dieter - 206-5 -- add sddm.service to preset file (#998978) - -* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 -- Filter out provides for private python modules. -- Add requires on kmod >= 14 (#990994). - -* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 -- New systemd-python3 package (#976427). -- Add ownership of a few directories that we create (#894202). - -* Sun Aug 04 2013 Fedora Release Engineering - 206-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Tue Jul 23 2013 Kay Sievers - 206-1 -- New upstream release - Resolves (#984152) - -* Wed Jul 3 2013 Lennart Poettering - 205-1 -- New upstream release - -* Wed Jun 26 2013 Michal Schmidt 204-10 -- Split systemd-journal-gateway subpackage (#908081). - -* Mon Jun 24 2013 Michal Schmidt 204-9 -- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) - -* Fri Jun 14 2013 Harald Hoyer 204-8 -- fix, which helps to sucessfully browse journals with - duplicated seqnums - -* Fri Jun 14 2013 Harald Hoyer 204-7 -- fix duplicate message ID bug -Resolves: rhbz#974132 - -* Thu Jun 06 2013 Harald Hoyer 204-6 -- introduce 99-default-disable.preset - -* Thu Jun 6 2013 Lennart Poettering - 204-5 -- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) - -* Tue May 28 2013 Harald Hoyer 204-4 -- Fix kernel-install (#965897) - -* Wed May 22 2013 Kay Sievers - 204-3 -- Fix kernel-install (#965897) - -* Thu May 9 2013 Lennart Poettering - 204-2 -- New upstream release -- disable isdn by default (#959793) - -* Tue May 07 2013 Harald Hoyer 203-2 -- forward port kernel-install-grubby.patch - -* Tue May 7 2013 Lennart Poettering - 203-1 -- New upstream release - -* Wed Apr 24 2013 Harald Hoyer 202-3 -- fix ENOENT for getaddrinfo -- Resolves: rhbz#954012 rhbz#956035 -- crypt-setup-generator: correctly check return of strdup -- logind-dbus: initialize result variable -- prevent library underlinking - -* Fri Apr 19 2013 Harald Hoyer 202-2 -- nspawn create empty /etc/resolv.conf if necessary -- python wrapper: add sd_journal_add_conjunction() -- fix s390 booting -- Resolves: rhbz#953217 - -* Thu Apr 18 2013 Lennart Poettering - 202-1 -- New upstream release - -* Tue Apr 09 2013 Michal Schmidt - 201-2 -- Automatically discover whether to run autoreconf and add autotools and git - BuildRequires based on the presence of patches to be applied. -- Use find -delete. - -* Mon Apr 8 2013 Lennart Poettering - 201-1 -- New upstream release - -* Mon Apr 8 2013 Lennart Poettering - 200-4 -- Update preset file - -* Fri Mar 29 2013 Lennart Poettering - 200-3 -- Remove NetworkManager-wait-online.service from presets file again, it should default to off - -* Fri Mar 29 2013 Lennart Poettering - 200-2 -- New upstream release - -* Tue Mar 26 2013 Lennart Poettering - 199-2 -- Add NetworkManager-wait-online.service to the presets file - -* Tue Mar 26 2013 Lennart Poettering - 199-1 -- New upstream release - -* Mon Mar 18 2013 Michal Schmidt 198-7 -- Drop /usr/s?bin/ prefixes. - -* Fri Mar 15 2013 Harald Hoyer 198-6 -- run autogen to pickup all changes - -* Fri Mar 15 2013 Harald Hoyer 198-5 -- do not mount anything, when not running as pid 1 -- add initrd.target for systemd in the initrd - -* Wed Mar 13 2013 Harald Hoyer 198-4 -- fix switch-root and local-fs.target problem -- patch kernel-install to use grubby, if available - -* Fri Mar 08 2013 Harald Hoyer 198-3 -- add Conflict with dracut < 026 because of the new switch-root isolate - -* Thu Mar 7 2013 Lennart Poettering - 198-2 -- Create required users - -* Thu Mar 7 2013 Lennart Poettering - 198-1 -- New release -- Enable journal persistancy by default - -* Sun Feb 10 2013 Peter Robinson 197-3 -- Bump for ARM - -* Fri Jan 18 2013 Michal Schmidt - 197-2 -- Added qemu-guest-agent.service to presets (Lennart, #885406). -- Add missing pygobject3-base to systemd-analyze deps (Lennart). -- Do not require hwdata, it is all in the hwdb now (Kay). -- Drop dependency on dbus-python. - -* Tue Jan 8 2013 Lennart Poettering - 197-1 -- New upstream release - -* Mon Dec 10 2012 Michal Schmidt - 196-4 -- Enable rngd.service by default (#857765). - -* Mon Dec 10 2012 Michal Schmidt - 196-3 -- Disable hardening on s390(x) because PIE is broken there and produces - text relocations with __thread (#868839). - -* Wed Dec 05 2012 Michal Schmidt - 196-2 -- added spice-vdagentd.service to presets (Lennart, #876237) -- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name - (requested by Milan Brož). -- verbose make to see the actual build flags - -* Wed Nov 21 2012 Lennart Poettering - 196-1 -- New upstream release - -* Tue Nov 20 2012 Lennart Poettering - 195-8 -- https://bugzilla.redhat.com/show_bug.cgi?id=873459 -- https://bugzilla.redhat.com/show_bug.cgi?id=878093 - -* Thu Nov 15 2012 Michal Schmidt - 195-7 -- Revert udev killing cgroup patch for F18 Beta. -- https://bugzilla.redhat.com/show_bug.cgi?id=873576 - -* Fri Nov 09 2012 Michal Schmidt - 195-6 -- Fix cyclical dep between systemd and systemd-libs. -- Avoid broken build of test-journal-syslog. -- https://bugzilla.redhat.com/show_bug.cgi?id=873387 -- https://bugzilla.redhat.com/show_bug.cgi?id=872638 - -* Thu Oct 25 2012 Kay Sievers - 195-5 -- require 'sed', limit HOSTNAME= match - -* Wed Oct 24 2012 Michal Schmidt - 195-4 -- add dmraid-activation.service to the default preset -- add yum protected.d fragment -- https://bugzilla.redhat.com/show_bug.cgi?id=869619 -- https://bugzilla.redhat.com/show_bug.cgi?id=869717 - -* Wed Oct 24 2012 Kay Sievers - 195-3 -- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to - systemd native files - -* Tue Oct 23 2012 Lennart Poettering - 195-2 -- Provide syslog because the journal is fine as a syslog implementation - -* Tue Oct 23 2012 Lennart Poettering - 195-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=831665 -- https://bugzilla.redhat.com/show_bug.cgi?id=847720 -- https://bugzilla.redhat.com/show_bug.cgi?id=858693 -- https://bugzilla.redhat.com/show_bug.cgi?id=863481 -- https://bugzilla.redhat.com/show_bug.cgi?id=864629 -- https://bugzilla.redhat.com/show_bug.cgi?id=864672 -- https://bugzilla.redhat.com/show_bug.cgi?id=864674 -- https://bugzilla.redhat.com/show_bug.cgi?id=865128 -- https://bugzilla.redhat.com/show_bug.cgi?id=866346 -- https://bugzilla.redhat.com/show_bug.cgi?id=867407 -- https://bugzilla.redhat.com/show_bug.cgi?id=868603 - -* Wed Oct 10 2012 Michal Schmidt - 194-2 -- Add scriptlets for migration away from systemd-timedated-ntp.target - -* Wed Oct 3 2012 Lennart Poettering - 194-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=859614 -- https://bugzilla.redhat.com/show_bug.cgi?id=859655 - -* Fri Sep 28 2012 Lennart Poettering - 193-1 -- New upstream release - -* Tue Sep 25 2012 Lennart Poettering - 192-1 -- New upstream release - -* Fri Sep 21 2012 Lennart Poettering - 191-2 -- Fix journal mmap header prototype definition to fix compilation on 32bit - -* Fri Sep 21 2012 Lennart Poettering - 191-1 -- New upstream release -- Enable all display managers by default, as discussed with Adam Williamson - -* Thu Sep 20 2012 Lennart Poettering - 190-1 -- New upstream release -- Take possession of /etc/localtime, and remove /etc/sysconfig/clock -- https://bugzilla.redhat.com/show_bug.cgi?id=858780 -- https://bugzilla.redhat.com/show_bug.cgi?id=858787 -- https://bugzilla.redhat.com/show_bug.cgi?id=858771 -- https://bugzilla.redhat.com/show_bug.cgi?id=858754 -- https://bugzilla.redhat.com/show_bug.cgi?id=858746 -- https://bugzilla.redhat.com/show_bug.cgi?id=858266 -- https://bugzilla.redhat.com/show_bug.cgi?id=858224 -- https://bugzilla.redhat.com/show_bug.cgi?id=857670 -- https://bugzilla.redhat.com/show_bug.cgi?id=856975 -- https://bugzilla.redhat.com/show_bug.cgi?id=855863 -- https://bugzilla.redhat.com/show_bug.cgi?id=851970 -- https://bugzilla.redhat.com/show_bug.cgi?id=851275 -- https://bugzilla.redhat.com/show_bug.cgi?id=851131 -- https://bugzilla.redhat.com/show_bug.cgi?id=847472 -- https://bugzilla.redhat.com/show_bug.cgi?id=847207 -- https://bugzilla.redhat.com/show_bug.cgi?id=846483 -- https://bugzilla.redhat.com/show_bug.cgi?id=846085 -- https://bugzilla.redhat.com/show_bug.cgi?id=845973 -- https://bugzilla.redhat.com/show_bug.cgi?id=845194 -- https://bugzilla.redhat.com/show_bug.cgi?id=845028 -- https://bugzilla.redhat.com/show_bug.cgi?id=844630 -- https://bugzilla.redhat.com/show_bug.cgi?id=839736 -- https://bugzilla.redhat.com/show_bug.cgi?id=835848 -- https://bugzilla.redhat.com/show_bug.cgi?id=831740 -- https://bugzilla.redhat.com/show_bug.cgi?id=823485 -- https://bugzilla.redhat.com/show_bug.cgi?id=821813 -- https://bugzilla.redhat.com/show_bug.cgi?id=807886 -- https://bugzilla.redhat.com/show_bug.cgi?id=802198 -- https://bugzilla.redhat.com/show_bug.cgi?id=767795 -- https://bugzilla.redhat.com/show_bug.cgi?id=767561 -- https://bugzilla.redhat.com/show_bug.cgi?id=752774 -- https://bugzilla.redhat.com/show_bug.cgi?id=732874 -- https://bugzilla.redhat.com/show_bug.cgi?id=858735 - -* Thu Sep 13 2012 Lennart Poettering - 189-4 -- Don't pull in pkg-config as dep -- https://bugzilla.redhat.com/show_bug.cgi?id=852828 - -* Wed Sep 12 2012 Lennart Poettering - 189-3 -- Update preset policy -- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish - -* Thu Aug 23 2012 Lennart Poettering - 189-2 -- Update preset policy -- https://bugzilla.redhat.com/show_bug.cgi?id=850814 - -* Thu Aug 23 2012 Lennart Poettering - 189-1 -- New upstream release - -* Thu Aug 16 2012 Ray Strode 188-4 -- more scriptlet fixes - (move dm migration logic to %%posttrans so the service - files it's looking for are available at the time - the logic is run) - -* Sat Aug 11 2012 Lennart Poettering - 188-3 -- Remount file systems MS_PRIVATE before switching roots -- https://bugzilla.redhat.com/show_bug.cgi?id=847418 - -* Wed Aug 08 2012 Rex Dieter - 188-2 -- fix scriptlets - -* Wed Aug 8 2012 Lennart Poettering - 188-1 -- New upstream release -- Enable gdm and avahi by default via the preset file -- Convert /etc/sysconfig/desktop to display-manager.service symlink -- Enable hardened build - -* Mon Jul 30 2012 Kay Sievers - 187-3 -- Obsolete: system-setup-keyboard - -* Wed Jul 25 2012 Kalev Lember - 187-2 -- Run ldconfig for the new -libs subpackage - -* Thu Jul 19 2012 Lennart Poettering - 187-1 -- New upstream release - -* Mon Jul 09 2012 Harald Hoyer 186-2 -- fixed dracut conflict version - -* Tue Jul 3 2012 Lennart Poettering - 186-1 -- New upstream release - -* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 -- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work - -* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 -- Update to current git - -* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 -- disable plymouth in configure, to drop the .wants/ symlinks - -* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 -- Update to current git snapshot - - Add systemd-readahead-analyze - - Drop upstream patch -- Split systemd-libs -- Drop duplicate doc files -- Fixed License headers of subpackages - -* Wed Jun 06 2012 Ray Strode - 185-3 -- Drop plymouth files -- Conflict with old plymouth - -* Tue Jun 05 2012 Kay Sievers - 185-2 -- selinux udev labeling fix -- conflict with older dracut versions for new udev file names - -* Mon Jun 04 2012 Kay Sievers - 185-1 -- New upstream release - - udev selinux labeling fixes - - new man pages - - systemctl help - -* Thu May 31 2012 Lennart Poettering - 184-1 -- New upstream release - -* Thu May 24 2012 Kay Sievers - 183-1 -- New upstream release including udev merge. - -* Wed Mar 28 2012 Michal Schmidt - 44-4 -- Add triggers from Bill Nottingham to correct the damage done by - the obsoleted systemd-units's preun scriptlet (#807457). - -* Mon Mar 26 2012 Dennis Gilmore - 44-3 -- apply patch from upstream so we can build systemd on arm and ppc -- and likely the rest of the secondary arches - -* Tue Mar 20 2012 Michal Schmidt - 44-2 -- Don't build the gtk parts anymore. They're moving into systemd-ui. -- Remove a dead patch file. - -* Fri Mar 16 2012 Lennart Poettering - 44-1 -- New upstream release -- Closes #798760, #784921, #783134, #768523, #781735 - -* Mon Feb 27 2012 Dennis Gilmore - 43-2 -- don't conflict with fedora-release systemd never actually provided -- /etc/os-release so there is no actual conflict - -* Wed Feb 15 2012 Lennart Poettering - 43-1 -- New upstream release -- Closes #789758, #790260, #790522 - -* Sat Feb 11 2012 Lennart Poettering - 42-1 -- New upstream release -- Save a bit of entropy during system installation (#789407) -- Don't own /etc/os-release anymore, leave that to fedora-release - -* Thu Feb 9 2012 Adam Williamson - 41-2 -- rebuild for fixed binutils - -* Thu Feb 9 2012 Lennart Poettering - 41-1 -- New upstream release - -* Tue Feb 7 2012 Lennart Poettering - 40-1 -- New upstream release - -* Thu Jan 26 2012 Kay Sievers - 39-3 -- provide /sbin/shutdown - -* Wed Jan 25 2012 Harald Hoyer 39-2 -- increment release - -* Wed Jan 25 2012 Kay Sievers - 39-1.1 -- install everything in /usr - https://fedoraproject.org/wiki/Features/UsrMove - -* Wed Jan 25 2012 Lennart Poettering - 39-1 -- New upstream release - -* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 -- Update to a current git snapshot. -- Resolves: #781657 - -* Sun Jan 22 2012 Michal Schmidt - 38-5 -- Build against libgee06. Reenable gtk tools. -- Delete unused patches. -- Add easy building of git snapshots. -- Remove legacy spec file elements. -- Don't mention implicit BuildRequires. -- Configure with --disable-static. -- Merge -units into the main package. -- Move section 3 manpages to -devel. -- Fix unowned directory. -- Run ldconfig in scriptlets. -- Split systemd-analyze to a subpackage. - -* Sat Jan 21 2012 Dan Horák - 38-4 -- fix build on big-endians - -* Wed Jan 11 2012 Lennart Poettering - 38-3 -- Disable building of gtk tools for now - -* Wed Jan 11 2012 Lennart Poettering - 38-2 -- Fix a few (build) dependencies - -* Wed Jan 11 2012 Lennart Poettering - 38-1 -- New upstream release - -* Tue Nov 15 2011 Michal Schmidt - 37-4 -- Run authconfig if /etc/pam.d/system-auth is not a symlink. -- Resolves: #753160 - -* Wed Nov 02 2011 Michal Schmidt - 37-3 -- Fix remote-fs-pre.target and its ordering. -- Resolves: #749940 - -* Wed Oct 19 2011 Michal Schmidt - 37-2 -- A couple of fixes from upstream: -- Fix a regression in bash-completion reported in Bodhi. -- Fix a crash in isolating. -- Resolves: #717325 - -* Tue Oct 11 2011 Lennart Poettering - 37-1 -- New upstream release -- Resolves: #744726, #718464, #713567, #713707, #736756 - -* Thu Sep 29 2011 Michal Schmidt - 36-5 -- Undo the workaround. Kay says it does not belong in systemd. -- Unresolves: #741655 - -* Thu Sep 29 2011 Michal Schmidt - 36-4 -- Workaround for the crypto-on-lvm-on-crypto disk layout -- Resolves: #741655 - -* Sun Sep 25 2011 Michal Schmidt - 36-3 -- Revert an upstream patch that caused ordering cycles -- Resolves: #741078 - -* Fri Sep 23 2011 Lennart Poettering - 36-2 -- Add /etc/timezone to ghosted files - -* Fri Sep 23 2011 Lennart Poettering - 36-1 -- New upstream release -- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 - -* Thu Sep 1 2011 Lennart Poettering - 35-1 -- New upstream release -- Update post scripts -- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 - -* Thu Aug 25 2011 Lennart Poettering - 34-1 -- New upstream release - -* Fri Aug 19 2011 Harald Hoyer 33-2 -- fix ABRT on service file reloading -- Resolves: rhbz#732020 - -* Wed Aug 3 2011 Lennart Poettering - 33-1 -- New upstream release - -* Fri Jul 29 2011 Lennart Poettering - 32-1 -- New upstream release - -* Wed Jul 27 2011 Lennart Poettering - 31-2 -- Fix access mode of modprobe file, restart logind after upgrade - -* Wed Jul 27 2011 Lennart Poettering - 31-1 -- New upstream release - -* Wed Jul 13 2011 Lennart Poettering - 30-1 -- New upstream release - -* Thu Jun 16 2011 Lennart Poettering - 29-1 -- New upstream release - -* Mon Jun 13 2011 Michal Schmidt - 28-4 -- Apply patches from current upstream. -- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) - -* Wed Jun 08 2011 Michal Schmidt - 28-3 -- Apply patches from current upstream -- https://bugzilla.redhat.com/show_bug.cgi?id=709909 -- https://bugzilla.redhat.com/show_bug.cgi?id=710839 -- https://bugzilla.redhat.com/show_bug.cgi?id=711015 - -* Sat May 28 2011 Lennart Poettering - 28-2 -- Pull in nss-myhostname - -* Thu May 26 2011 Lennart Poettering - 28-1 -- New upstream release - -* Wed May 25 2011 Lennart Poettering - 26-2 -- Bugfix release -- https://bugzilla.redhat.com/show_bug.cgi?id=707507 -- https://bugzilla.redhat.com/show_bug.cgi?id=707483 -- https://bugzilla.redhat.com/show_bug.cgi?id=705427 -- https://bugzilla.redhat.com/show_bug.cgi?id=707577 - -* Sat Apr 30 2011 Lennart Poettering - 26-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=699394 -- https://bugzilla.redhat.com/show_bug.cgi?id=698198 -- https://bugzilla.redhat.com/show_bug.cgi?id=698674 -- https://bugzilla.redhat.com/show_bug.cgi?id=699114 -- https://bugzilla.redhat.com/show_bug.cgi?id=699128 - -* Thu Apr 21 2011 Lennart Poettering - 25-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=694788 -- https://bugzilla.redhat.com/show_bug.cgi?id=694321 -- https://bugzilla.redhat.com/show_bug.cgi?id=690253 -- https://bugzilla.redhat.com/show_bug.cgi?id=688661 -- https://bugzilla.redhat.com/show_bug.cgi?id=682662 -- https://bugzilla.redhat.com/show_bug.cgi?id=678555 -- https://bugzilla.redhat.com/show_bug.cgi?id=628004 - -* Wed Apr 6 2011 Lennart Poettering - 24-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=694079 -- https://bugzilla.redhat.com/show_bug.cgi?id=693289 -- https://bugzilla.redhat.com/show_bug.cgi?id=693274 -- https://bugzilla.redhat.com/show_bug.cgi?id=693161 - -* Tue Apr 5 2011 Lennart Poettering - 23-1 -- New upstream release -- Include systemd-sysv-convert - -* Fri Apr 1 2011 Lennart Poettering - 22-1 -- New upstream release - -* Wed Mar 30 2011 Lennart Poettering - 21-2 -- The quota services are now pulled in by mount points, hence no need to enable them explicitly - -* Tue Mar 29 2011 Lennart Poettering - 21-1 -- New upstream release - -* Mon Mar 28 2011 Matthias Clasen - 20-2 -- Apply upstream patch to not send untranslated messages to plymouth - -* Tue Mar 8 2011 Lennart Poettering - 20-1 -- New upstream release - -* Tue Mar 1 2011 Lennart Poettering - 19-1 -- New upstream release - -* Wed Feb 16 2011 Lennart Poettering - 18-1 -- New upstream release - -* Mon Feb 14 2011 Bill Nottingham - 17-6 -- bump upstart obsoletes (#676815) - -* Wed Feb 9 2011 Tom Callaway - 17-5 -- add macros.systemd file for %%{_unitdir} - -* Wed Feb 09 2011 Fedora Release Engineering - 17-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Wed Feb 9 2011 Lennart Poettering - 17-3 -- Fix popen() of systemctl, #674916 - -* Mon Feb 7 2011 Bill Nottingham - 17-2 -- add epoch to readahead obsolete - -* Sat Jan 22 2011 Lennart Poettering - 17-1 -- New upstream release - -* Tue Jan 18 2011 Lennart Poettering - 16-2 -- Drop console.conf again, since it is not shipped in pamtmp.conf - -* Sat Jan 8 2011 Lennart Poettering - 16-1 -- New upstream release - -* Thu Nov 25 2010 Lennart Poettering - 15-1 -- New upstream release - -* Thu Nov 25 2010 Lennart Poettering - 14-1 -- Upstream update -- Enable hwclock-load by default -- Obsolete readahead -- Enable /var/run and /var/lock on tmpfs - -* Fri Nov 19 2010 Lennart Poettering - 13-1 -- new upstream release - -* Wed Nov 17 2010 Bill Nottingham 12-3 -- Fix clash - -* Wed Nov 17 2010 Lennart Poettering - 12-2 -- Don't clash with initscripts for now, so that we don't break the builders - -* Wed Nov 17 2010 Lennart Poettering - 12-1 -- New upstream release - -* Fri Nov 12 2010 Matthias Clasen - 11-2 -- Rebuild with newer vala, libnotify - -* Thu Oct 7 2010 Lennart Poettering - 11-1 -- New upstream release - -* Wed Sep 29 2010 Jesse Keating - 10-6 -- Rebuilt for gcc bug 634757 - -* Thu Sep 23 2010 Bill Nottingham - 10-5 -- merge -sysvinit into main package - -* Mon Sep 20 2010 Bill Nottingham - 10-4 -- obsolete upstart-sysvinit too - -* Fri Sep 17 2010 Bill Nottingham - 10-3 -- Drop upstart requires - -* Tue Sep 14 2010 Lennart Poettering - 10-2 -- Enable audit -- https://bugzilla.redhat.com/show_bug.cgi?id=633771 - -* Tue Sep 14 2010 Lennart Poettering - 10-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=630401 -- https://bugzilla.redhat.com/show_bug.cgi?id=630225 -- https://bugzilla.redhat.com/show_bug.cgi?id=626966 -- https://bugzilla.redhat.com/show_bug.cgi?id=623456 - -* Fri Sep 3 2010 Bill Nottingham - 9-3 -- move fedora-specific units to initscripts; require newer version thereof - -* Fri Sep 3 2010 Lennart Poettering - 9-2 -- Add missing tarball - -* Fri Sep 3 2010 Lennart Poettering - 9-1 -- New upstream version -- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 - -* Fri Aug 27 2010 Lennart Poettering - 8-3 -- Reexecute after installation, take ownership of /var/run/user -- https://bugzilla.redhat.com/show_bug.cgi?id=627457 -- https://bugzilla.redhat.com/show_bug.cgi?id=627634 - -* Thu Aug 26 2010 Lennart Poettering - 8-2 -- Properly create default.target link - -* Wed Aug 25 2010 Lennart Poettering - 8-1 -- New upstream release - -* Thu Aug 12 2010 Lennart Poettering - 7-3 -- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 - -* Thu Aug 12 2010 Lennart Poettering - 7-2 -- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 - -* Tue Aug 10 2010 Lennart Poettering - 7-1 -- New upstream release - -* Fri Aug 6 2010 Lennart Poettering - 6-2 -- properly hide output on package installation -- pull in coreutils during package installtion - -* Fri Aug 6 2010 Lennart Poettering - 6-1 -- New upstream release -- Fixes #621200 - -* Wed Aug 4 2010 Lennart Poettering - 5-2 -- Add tarball - -* Wed Aug 4 2010 Lennart Poettering - 5-1 -- Prepare release 5 - -* Tue Jul 27 2010 Bill Nottingham - 4-4 -- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) - -* Sat Jul 24 2010 Lennart Poettering - 4-3 -- Add libselinux to build dependencies - -* Sat Jul 24 2010 Lennart Poettering - 4-2 -- Use the right tarball - -* Sat Jul 24 2010 Lennart Poettering - 4-1 -- New upstream release, and make default - -* Tue Jul 13 2010 Lennart Poettering - 3-3 -- Used wrong tarball - -* Tue Jul 13 2010 Lennart Poettering - 3-2 -- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore - -* Tue Jul 13 2010 Lennart Poettering - 3-1 -- New upstream release - -* Fri Jul 9 2010 Lennart Poettering - 2-0 -- New upstream release - -* Wed Jul 7 2010 Lennart Poettering - 1-0 -- First upstream release - -* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 -- New snapshot -- Split off -units package where other packages can depend on without pulling in the whole of systemd - -* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b -- Add missing libtool dependency. - -* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b -- Update snapshot - -* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 -- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 - -* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e -- More minor fixes as per review - -* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e -- Spec improvements from David Hollis - -* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e -- Address review comments - -* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 -- Initial spec (adopted from Kay Sievers) diff --git a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch new file mode 100644 index 0000000..84497ad --- /dev/null +++ b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch @@ -0,0 +1,129 @@ +From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 14 Sep 2020 17:58:03 +0200 +Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() + +https://bugzilla.redhat.com/show_bug.cgi?id=1803070 + +I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different +than the one we get from /proc/self/fdinfo/. This only matters when both statx and +name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: + +(gdb) !uname -r +5.6.19-200.fc31.ppc64le + +(gdb) !cat /proc/self/mountinfo +697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== +701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel +702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw +703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 +704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel +705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 +706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 +722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel +725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel +614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate +615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 + +The test process does +name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then +openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then +read(open("/proc/self/fdinfo/4", ...)) which gives +"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" + +and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. + +We could either drop the fallback path (and fail name_to_handle_at() is not +avaliable) or ignore the error in the test. Not sure what is better. I think +this issue only occurs sometimes and with older kernels, so probably continuing +with the current flaky implementation is better than ripping out the fallback. + +Another strace: +writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 +) = 28 +name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 +writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 +) = 20 +name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 +writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 +) = 30 +name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 +writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 +) = 23 +name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) +openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 +openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 +read(5, "", 1024) = 0 +close(5) = 0 +close(4) = 0 +writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 +) = 42 +writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc +) = 39 +writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. +) = 109 +rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 +rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 +getpid() = 20 +gettid() = 20 +tgkill(20, 20, SIGABRT) = 0 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 +--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- ++++ killed by SIGABRT (core dumped) +++ +--- + src/test/test-mountpoint-util.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 30b00ae4d8b..ffe5144b04a 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -89,8 +89,12 @@ static void test_mnt_id(void) { + /* The ids don't match? If so, then there are two mounts on the same path, let's check if + * that's really the case */ + char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); +- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); +- assert_se(path_equal(p, t)); ++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); ++ ++ if (!path_equal(p, t)) ++ /* Apparent kernel bug in /proc/self/fdinfo */ ++ log_warning("Bad mount id given for %s: %d, should be %d", ++ p, mnt_id2, mnt_id); + } + } + diff --git a/inittab b/inittab new file mode 100644 index 0000000..3f5e83c --- /dev/null +++ b/inittab @@ -0,0 +1,16 @@ +# inittab is no longer used. +# +# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. +# +# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target +# +# systemd uses 'targets' instead of runlevels. By default, there are two main targets: +# +# multi-user.target: analogous to runlevel 3 +# graphical.target: analogous to runlevel 5 +# +# To view current default target, run: +# systemctl get-default +# +# To set a default target, run: +# systemctl set-default TARGET.target diff --git a/libfdisk_version_for_centos.patch b/libfdisk_version_for_centos.patch new file mode 100644 index 0000000..1a8535b --- /dev/null +++ b/libfdisk_version_for_centos.patch @@ -0,0 +1,25 @@ +From 69443affcaa711a9a3355994458542d3732631a5 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Tue, 30 Nov 2021 12:08:50 -0800 +Subject: [PATCH] Re-enable repart if libfdisk ver. has range fix + +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 6263e7c0fc..35e6c4f376 100644 +--- a/meson.build ++++ b/meson.build +@@ -1011,7 +1011,7 @@ libmount = dependency('mount', + want_libfdisk = get_option('fdisk') + if want_libfdisk != 'false' and not skip_deps + libfdisk = dependency('fdisk', +- version : '>= 2.33', ++ version : '>= 2.32.1', + required : want_libfdisk == 'true') + have = libfdisk.found() + else +-- +2.31.1 + diff --git a/libsystemd-shared.abignore b/libsystemd-shared.abignore new file mode 100644 index 0000000..e412d8b --- /dev/null +++ b/libsystemd-shared.abignore @@ -0,0 +1,3 @@ +[suppress_file] +# This shared object is private to systemd +file_name_regexp=libsystemd-shared-.*.so diff --git a/macros.sysusers b/macros.sysusers new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/macros.sysusers @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/owner-check.sh b/owner-check.sh new file mode 100755 index 0000000..3273a3f --- /dev/null +++ b/owner-check.sh @@ -0,0 +1,53 @@ +#!/bin/bash +set -e + +verb="$1" + +[ "$verb" = "-s" ] && do_send=1 || do_send= + +[ -n "$do_send" ] && [ -z "$server" -o -z "login" ] && { echo '$server and $login need to be set'; exit 1; } + +header= +from=systemd-maint@fedoraproject.org +time='2 years ago' +# time='1 day ago' +port=587 + +for user in "$@"; do + echo "checking $user…" + + p=$(git log -1 --all --author "$user") + if [ -z "$p" ]; then + echo "No commits from $user, check spelling" + exit 1 + fi + + t=$(git shortlog --all --author "$user" --since "@{$time}" | wc -l) + if [ $t != 0 ]; then + echo "$t commits in the last two years, OK" + echo + continue + fi + + echo "$p" | head -n6 + echo ".. adding to list" + + if [ -z "$header" ]; then + echo '$USER$;$EMAIL$' >.mail.list + header=done + fi + + echo "$user;$user@fedoraproject.org" >>.mail.list + echo +done + +[ -z "$header" ] && exit 0 +[ -n "$do_send" ] || exit 0 + +echo "Sending mails…" +set -x +massmail -F "$from" \ + -C "$from" \ + -S 'write access to the fedora systemd package' \ + -z "$server" -u "$login" -P "$port" \ + .mail.list /dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..174fbd2 --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,13 @@ + # Disable badfuncs check that has tons of false positives. +badfuncs: + exclude_path: .* + +# don't report changed content of compiled files +# that is expected with every update +changedfiles: + exclude_path: .* + +# completely disabled inspections: +inspections: + # we know about our patches, no need to report anything + patches: off diff --git a/split-files.py b/split-files.py new file mode 100644 index 0000000..f883f73 --- /dev/null +++ b/split-files.py @@ -0,0 +1,157 @@ +import re, sys, os, collections + +buildroot = sys.argv[1] +known_files = sys.stdin.read().splitlines() +known_files = {line.split()[-1]:line for line in known_files} + +def files(root): + os.chdir(root) + todo = collections.deque(['.']) + while todo: + n = todo.pop() + files = os.scandir(n) + for file in files: + yield file + if file.is_dir() and not file.is_symlink(): + todo.append(file) + +o_libs = open('.file-list-libs', 'w') +o_udev = open('.file-list-udev', 'w') +o_pam = open('.file-list-pam', 'w') +o_rpm_macros = open('.file-list-rpm-macros', 'w') +o_devel = open('.file-list-devel', 'w') +o_container = open('.file-list-container', 'w') +o_networkd = open('.file-list-networkd', 'w') +o_oomd_defaults = open('.file-list-oomd-defaults', 'w') +o_remote = open('.file-list-remote', 'w') +o_resolve = open('.file-list-resolve', 'w') +o_tests = open('.file-list-tests', 'w') +o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') +o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') +o_rest = open('.file-list-rest', 'w') +for file in files(buildroot): + n = file.path[1:] + if re.match(r'''/usr/(share|include)$| + /usr/share/man(/man.|)$| + /usr/share/zsh(/site-functions|)$| + /usr/share/dbus-1$| + /usr/share/dbus-1/system.d$| + /usr/share/dbus-1/(system-|)services$| + /usr/share/polkit-1(/actions|/rules.d|)$| + /usr/share/pkgconfig$| + /usr/share/bash-completion(/completions|)$| + /usr(/lib|/lib64|/bin|/sbin|)$| + /usr/lib.*/(security|pkgconfig)$| + /usr/lib/rpm(/macros.d|)$| + /usr/lib/firewalld(/services|)$| + /usr/share/(locale|licenses|doc)| # no $ + /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| + /etc/(dnf|dnf/protected.d)$| + /usr/(src|lib/debug)| # no $ + /run$| + /var(/cache|/log|/lib|/run|)$ + ''', n, re.X): + continue + if '/security/pam_' in n or '/man8/pam_' in n: + o = o_pam + elif '/rpm/' in n: + o = o_rpm_macros + elif '/usr/lib/systemd/tests' in n: + o = o_tests + elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? + + systemd-journal-gatewayd + Journal Gateway Service + + diff --git a/systemd-journal-remote.xml b/systemd-journal-remote.xml new file mode 100644 index 0000000..e115a12 --- /dev/null +++ b/systemd-journal-remote.xml @@ -0,0 +1,6 @@ + + + systemd-journal-remote + Journal Remote Sink + + diff --git a/systemd-udev-trigger-no-reload.conf b/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000..c879427 --- /dev/null +++ b/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..2725df9 --- /dev/null +++ b/systemd-user @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth diff --git a/systemd.rpmlintrc b/systemd.rpmlintrc new file mode 100644 index 0000000..9db0ab0 --- /dev/null +++ b/systemd.rpmlintrc @@ -0,0 +1,50 @@ +# Just kill all warnings about README being wrong in every possible way +addFilter(r'README') + +addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)') + +addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh') + +addFilter(r'non-readable /etc/crypttab') + +addFilter(r'non-conffile-in-etc /etc/inittab') + +addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants') + +addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment') + +addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc') + +addFilter(r'non-standard-dir-perm /var/cache/private 700') + +addFilter(r'non-root-group-log-file /var/log/btmp utmp') + +addFilter(r'non-standard-dir-perm /var/log/private 700') + +addFilter(r'non-root-group-log-file /var/log/wtmp utmp') + +addFilter(r'dangerous-command-in-') + +addFilter(r'summary-not-capitalized C systemd') + +addFilter(r'obsolete-not-provided') + +addFilter(r'postin-without-ldconfig') + +addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib') + +addFilter(r'systemd-rpm-macros.noarch: W: no-documentation') + +addFilter(r'systemd-tests\..*: W: no-documentation') + +addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo') + +addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)') + +# everybody does it this way: systemd, syslog-ng, rsyslog +addFilter(r'unversioned-explicit-provides syslog') + +# systemd-machine-id-setup requires libssl +addFilter(r'explicit-lib-dependency openssl-libs') + +addFilter(r'systemd.src:.*strange-permission') diff --git a/systemd.spec b/systemd.spec new file mode 100644 index 0000000..5eb7653 --- /dev/null +++ b/systemd.spec @@ -0,0 +1,3740 @@ +#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} + +%global stable 1 + +# We ship a .pc file but don't want to have a dep on pkg-config. We +# strip the automatically generated dep here and instead co-own the +# directory. +%global __requires_exclude pkg-config + +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user + +%if 0%{?__isa_bits} == 64 +%global elf_bits (64bit) +%global elf_suffix ()%{elf_bits} +%endif + +# Bootstrap may be needed to break intercircular dependencies with +# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. +%bcond_with bootstrap +%bcond_without tests +%bcond_without lto + +# Support for quick builds with rpmbuild --build-in-place. +# See README.build-in-place. +%bcond_with inplace + +%if 0%{?facebook} +%bcond_with selinux +%else +%bcond_without selinux +%endif + +# Remove this when the macro exists in CentOS +%global version_no_tilde %(c=%{version}; echo ${c}|tr '~' '-') + +Name: systemd +Url: https://www.freedesktop.org/wiki/Software/systemd +%if %{without inplace} +Version: 249.4 +Release: 2.13%{?dist} +%else +# determine the build information from local checkout +Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') +Release: 1 +%endif +# For a breakdown of the licensing, see README +License: LGPLv2+ and MIT and GPLv2+ +Summary: System and Service Manager + +# download tarballs with "spectool -g systemd.spec" +%if %{defined commit} +Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +%else +%if 0%{?stable} +Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%else +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%endif +%endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found in build/src/core/. +Source1: triggers.systemd +Source2: split-files.py +Source3: purge-nobody-user + +# Prevent accidental removal of the systemd package +Source4: yum-protect-systemd.conf + +Source9: 20-yama-ptrace.conf +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: libsystemd-shared.abignore + +Source14: 10-oomd-defaults.conf +Source15: 10-oomd-root-slice-defaults.conf +Source16: 10-oomd-user-service-defaults.conf + +Source21: macros.sysusers +Source22: sysusers.attr +Source23: sysusers.prov +Source24: sysusers.generate-pre.sh + +# Needed for selinux subpackage +Source100: Makefile.selinux +Source101: systemd_hs.te +Source102: systemd_hs.if + +%if 0 +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable +i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch +%endif + +# Backports of patches from upstream (0000–0499) +# +# Any patches which are "in preparation" upstream should be listed +# here, rather than in the next section. Packit CI will drop any +# patches in this range before applying upstream pull requests. + +%if 0%{?facebook} +Patch0001: 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch +Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch + +# PR 18621: FB variant of quieting "proc: Bad value for 'hidepid'" messages +Patch0006: 18621-fb.patch +%else +# PR 18621: Quiet "proc: Bad value for 'hidepid'" messages +Patch0006: https://github.com/systemd/systemd/pull/18621.patch +%endif + +# PRs to support additional systemd.network and systemd.link features +Patch0007: https://github.com/systemd/systemd/pull/20743.patch +Patch0008: https://github.com/systemd/systemd/pull/20458.patch +Patch0009: https://github.com/systemd/systemd/pull/20472.patch +Patch0010: https://github.com/systemd/systemd/pull/20477.patch +Patch0011: https://github.com/systemd/systemd/pull/20484.patch +Patch0012: https://github.com/systemd/systemd/pull/20489.patch +Patch0013: https://github.com/systemd/systemd/pull/20450.patch +Patch0014: https://github.com/systemd/systemd/pull/20541.patch +Patch0015: https://github.com/systemd/systemd/pull/20729.patch +Patch0016: https://github.com/systemd/systemd/pull/20828.patch +# Part of PR #20892; it was difficult to backport the whole PR +Patch0017: 50783f91d44b1978c0e4ba62283131fac75d3745_cherrypicked.patch + +# PR 20875: allow verifying hidden (dot) files again +Patch0018: https://github.com/systemd/systemd/pull/20875.patch + +# PR 20978: serialize bpf device programs across reloads/reexecs +Patch0019: https://github.com/systemd/systemd/pull/20978.patch + +# PR 20676: don't rewrite sysctls that are already set +Patch0020: 20676_cherrypicked.patch + +# PR 21221: Fixes non-deterministic Slice= assignments +Patch0021: 21221.patch + +# PR 21241: fix bpf-foreign cgroup controller realization +Patch0022: 21241.patch + +# PR 20695: Sync if_arp.h with Linux 5.14 +Patch0023: 20695.patch + +%if 0%{?facebook} +# PR 22426: MemoryZSwapMax= to configure memory.zswap.max +Patch0024: 22426-fb.patch +%endif + +# Downstream-only patches (0500–9999) + +# https://github.com/systemd/systemd/pull/17050 +Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +# Downgrade sysv-generator messages from warning to debug +Patch0502: 0001-sysv-generator-downgrade-log-warning-about-autogener.patch +# Update libfdisk dep version to 2.32.1-26 (has the fix for repart tests to pass) +Patch0503: libfdisk_version_for_centos.patch + +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 +%endif + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: coreutils +BuildRequires: libcap-devel +BuildRequires: libmount-devel +BuildRequires: libfdisk-devel >= 2.32.1-26 +BuildRequires: libpwquality-devel +BuildRequires: pam-devel +BuildRequires: libselinux-devel +BuildRequires: audit-libs-devel +%if %{without bootstrap} +BuildRequires: cryptsetup-devel +%endif +BuildRequires: dbus-devel +BuildRequires: /usr/sbin/sfdisk +# /usr/bin/getfacl is needed by test-acl-util +BuildRequires: /usr/bin/getfacl +BuildRequires: libacl-devel +BuildRequires: gobject-introspection-devel +BuildRequires: libblkid-devel +BuildRequires: xz-devel +BuildRequires: xz +BuildRequires: lz4-devel +BuildRequires: lz4 +BuildRequires: bzip2-devel +BuildRequires: libzstd-devel +BuildRequires: libidn2-devel +BuildRequires: libcurl-devel +BuildRequires: kmod-devel +BuildRequires: elfutils-devel +BuildRequires: openssl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libgpg-error-devel +BuildRequires: gnutls-devel +BuildRequires: libmicrohttpd-devel +BuildRequires: libxkbcommon-devel +BuildRequires: iptables-devel +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(tss2-rc) +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: systemtap-sdt-devel +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +BuildRequires: pkgconfig +BuildRequires: gperf +BuildRequires: gawk +BuildRequires: tree +BuildRequires: hostname +BuildRequires: python3-devel +BuildRequires: python3-lxml +BuildRequires: python3-jinja2 +%if 0%{?have_gnu_efi} +BuildRequires: gnu-efi gnu-efi-devel +%endif +BuildRequires: libseccomp-devel +%if 0%{?el8} +BuildRequires: meson >= 0.57 +%else +BuildRequires: meson >= 0.43 +%endif +BuildRequires: gettext +# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +BuildRequires: valgrind-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: perl +BuildRequires: perl(IPC::SysV) + +Requires(post): coreutils +Requires(post): sed +Requires(post): acl +Requires(post): grep +# systemd-machine-id-setup requires libssl +Requires(post): openssl-libs +Requires(pre): coreutils +Requires: dbus >= 1.9.18 +Requires: %{name}-pam = %{version}-%{release} +Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: %{name}-libs = %{version}-%{release} +%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} +%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} +Recommends: diffutils +Requires: (util-linux-core or util-linux) +Recommends: libxkbcommon%{?_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 +Obsoletes: systemd-sysv < 206 +%if 0%{?facebook} == 0 +# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) +Obsoletes: %{name} < 249~~ +Conflicts: initscripts < 9.56.1 +%endif +Provides: systemd-sysv = 206 +%if 0%{?fedora} +Conflicts: fedora-release < 23-0.12 +%endif +Obsoletes: timedatex < 0.6-3 +Provides: timedatex = 0.6-3 +Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release} +Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release} +Conflicts: %{name}-standalone-sysusers < %{version}-%{release} +Obsoletes: %{name}-standalone-sysusers < %{version}-%{release} + +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +Recommends: libidn2.so.0%{?elf_suffix} +Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Recommends: libpcre2-8.so.0%{?elf_suffix} +Recommends: libpwquality.so.1%{?elf_suffix} +Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} + +%if %{with selinux} +# Force the SELinux module to be installed +Requires: %{name}-selinux = %{version}-%{release} +%endif + +%description +systemd is a system and service manager that runs as PID 1 and starts +the rest of the system. It provides aggressive parallelization +capabilities, uses socket and D-Bus activation for starting services, +offers on-demand starting of daemons, keeps track of processes using +Linux control groups, maintains mount and automount points, and +implements an elaborate transactional dependency-based service control +logic. systemd supports SysV and LSB init scripts and works as a +replacement for sysvinit. Other parts of this package are a logging daemon, +utilities to control basic system configuration like the hostname, +date, locale, maintain a list of logged-in users, system accounts, +runtime directories and settings, and daemons to manage simple network +configuration, network time synchronization, log forwarding, and name +resolution. +%if 0%{?stable} +This package was built from the %{version}-stable branch of systemd. +%endif + +%package libs +Summary: systemd libraries +License: LGPLv2+ and MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 +Requires(post): coreutils +Requires(post): sed +Requires(post): grep +Requires(post): /usr/bin/getent + +%description libs +Libraries for systemd and udev. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package rpm-macros +Summary: Macros that define paths and scriptlets related to systemd +BuildArch: noarch + +%description rpm-macros +Just the definitions of rpm macros. + +See +https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd +for information how to use those macros. + +%package devel +Summary: Development headers for systemd +License: LGPLv2+ and MIT +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 +# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153) +Requires: %{name}-pam = %{version}-%{release} + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package udev +Summary: Rule-based device node and kernel event manager +License: LGPLv2+ + +Requires: systemd%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +%if 0%{?facebook} == 0 +# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 +Obsoletes: systemd < 245.6-1 +%endif +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 + +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Suggests: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Requires: kbd + +# https://bugzilla.redhat.com/show_bug.cgi?id=1753381 +Provides: u2f-hidraw-policy = 1.0.2-40 +Obsoletes: u2f-hidraw-policy < 1.0.2-40 + +%description udev +This package contains systemd-udev and the rules and hardware database +needed to manage device nodes. This package is necessary on physical +machines and in virtual machines, but not in containers. + +%package container +# Name is the same as in Debian +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +License: LGPLv2+ + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains systemd-nspawn, machinectl, systemd-machined, +and systemd-importd. + +%package journal-remote +# Name is the same as in Debian +Summary: Tools to send journal events over the network +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 + +%description journal-remote +Programs to forward journal entries over the network, using encrypted HTTP, +and to write journal files from serialized journal contents. + +This package contains systemd-journal-gatewayd, +systemd-journal-remote, and systemd-journal-upload. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ + +%description networkd +systemd-networkd is a system service that manages networks. It detects +and configures network devices as they appear, as well as creating virtual +network devices. + +%package resolved +Summary: Network Name Resolution manager +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description resolved +systemd-resolved is a system service that provides network name resolution +to local applications. It implements a caching and validating DNS/DNSSEC +stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package oomd-defaults +Summary: Configuration files for systemd-oomd +Requires: %{name} = %{version}-%{release} +License: LGPLv2+ +BuildArch: noarch + +%description oomd-defaults +A set of drop-in files for systemd units to enable action from systemd-oomd, +a userspace out-of-memory (OOM) killer. + +%package tests +Summary: Internal unit tests for systemd +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ + +%description tests +"Installed tests" that are usually run as part of the build system. +They can be useful to test systemd internals. + +%if %{with selinux} +%package selinux +Summary: SELinux module for systemd +BuildArch: noarch +BuildRequires: bzip2 +BuildRequires: make +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +Requires(post): selinux-policy-base >= %{_selinux_policy_version} +Requires(post): policycoreutils +Requires(post): policycoreutils-python-utils +Requires(pre): libselinux-utils +Requires(post): libselinux-utils + +%description selinux +This package provides the SELinux policy module to ensure systemd +runs properly under an environment with SELinux enabled. +%endif + +%prep +%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 + +%if %{with selinux} +mkdir selinux +cp %SOURCE100 %SOURCE101 %SOURCE102 selinux +%endif + +%build +%define ntpvendor %(source /etc/os-release; echo ${ID}) +%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} + +CONFIGURE_OPTS=( + -Dmode=release + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' + -Ddns-servers= + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin + -Dservice-watchdog= + -Ddev-kvm-mode=0666 + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dfdisk=true + -Dseccomp=true + -Dima=true + -Dselinux=true + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dzstd=true + -Dpam=true + -Dacl=true + -Dsmack=true + -Dopenssl=true + -Dgcrypt=true + -Daudit=true + -Delfutils=true +%if %{without bootstrap} + -Dlibcryptsetup=true +%else + -Dlibcryptsetup=false +%endif + -Delfutils=true + -Dgnutls=true + -Dmicrohttpd=true + -Dlibidn2=true + -Dlibiptc=false + -Dlibcurl=true + -Defi=true + -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false} + -Dtpm=true + -Dtpm2=true + -Dhwdb=true + -Dsysusers=true + -Ddefault-kill-user-processes=false + -Dtests=unsafe + -Dinstall-tests=true + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dcompat-mutable-uid-boundaries=true + -Dsplit-usr=false + -Dsplit-bin=true +%if %{with lto} + -Db_lto=true +%else + -Db_lto=false +%endif + -Db_ndebug=false + -Dman=true + -Dversion-tag=v%{version}-%{release} +%if 0%{?fedora} + -Dfallback-hostname=fedora +%else + -Dfallback-hostname=localhost +%endif + -Ddefault-dnssec=no + -Ddefault-dns-over-tls=opportunistic + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=no + -Ddefault-llmnr=resolve + -Doomd=true + -Dadm-gid=4 + -Daudio-gid=63 + -Dcdrom-gid=11 + -Ddialout-gid=18 + -Ddisk-gid=6 + -Dinput-gid=104 # https://pagure.io/setup/pull-request/27 + -Dkmem-gid=9 + -Dkvm-gid=36 + -Dlp-gid=7 + -Drender-gid=105 # https://pagure.io/setup/pull-request/27 + -Dsgx-gid=106 # https://pagure.io/setup/pull-request/27 + -Dtape-gid=33 + -Dtty-gid=5 + -Dusers-gid=100 + -Dutmp-gid=22 + -Dvideo-gid=39 + -Dwheel-gid=10 + -Dsystemd-journal-gid=190 + -Dsystemd-network-uid=192 + -Dsystemd-resolve-uid=193 + # -Dsystemd-timesync-uid=, not set yet + # Need to set this for CentOS build + -Ddocdir=%{_pkgdocdir} + # CentOS is missing newer deps required to include these + # But also these aren't as relevant for the hyperscale use case + -Dp11kit=false + -Duserdb=false + -Dhomed=false + -Dpwquality=false + -Dqrencode=false + -Dlibfido2=false + # Old version of PAM might not support files in /usr/lib/pam.d/ so + # stick with the old /etc/pam.d + -Dpamconfdir=/etc/pam.d + # Standalone binaries are only relevant on non-systemd systems + -Dstandalone-binaries=false +) + +%if 0%{?facebook} +CONFIGURE_OPTS+=( + -Dntp-servers='1.ntp.vip.facebook.com 2.ntp.vip.facebook.com 3.ntp.vip.facebook.com 4.ntp.vip.facebook.com' + -Ddns-servers='10.127.255.51 10.191.255.51 2401:db00:eef0:a53:: 2401:db00:eef0:b53::' + -Dsupport-url='https://www.facebook.com/groups/systemd.and.friends/' + -Dcontainer-uid-base-min=10485760 +) +%endif + +%if %{without lto} +%global _lto_cflags %nil +%endif + +export LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 +# Do configuration. If doing an inplace build, try to do +# reconfiguration to pick up new options. +%if %{with inplace} + command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } + + [ -e %{_vpath_builddir}/build.ninja ] && + %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || +%endif +{ %meson "${CONFIGURE_OPTS[@]}"; } + +%meson_build + +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi + +%if %{with selinux} +cd selinux +%{__make} -f Makefile.selinux SHARE="%{_datadir}" TARGETS="systemd_hs" +%endif + +%install +export LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/sysctl.conf compat +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync +ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock +touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + +# Install additional docs +# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || : + +# FIXME: move to %postun. We want to restart systemd *after* removing +# files from the old rpm. Right now we may still have bits the old +# setup if the files are not present in the new version. But before +# implement restarting of *other* services after the transaction, moving +# this would make things worse, increasing the number of warnings we get +# about needed daemon-reload. + +oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) + +systemctl daemon-reexec &>/dev/null || { + # systemd v239 had bug #9553 in D-Bus authentication of the private socket, + # which was later fixed in v240 by #9625. + # + # The end result is that a `systemctl daemon-reexec` call as root will fail + # when upgrading from systemd v239, which means the system will not start + # running the new version of systemd after this post install script runs. + # + # To work around this issue, let's fall back to using a `kill -TERM 1` to + # re-execute the daemon when the `systemctl daemon-reexec` call fails. + # + # In order to prevent issues when the reason why the daemon-reexec failed is + # not the aforementioned bug, let's only use this fallback when: + # - we're upgrading this RPM package; and + # - we confirm that systemd is running as PID1 on this system. + if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then + kill -TERM 1 &>/dev/null || : + fi +} + +if [ "$oomd_state" == "active" ]; then + systemctl start -q systemd-oomd 2>/dev/null || : +fi + +[ $1 -eq 1 ] || exit 0 + +# create /var/log/journal only on initial installation, +# and only if it's writable (it won't be in rpm-ostree). +[ -w %{_localstatedir} ] && mkdir -p %{_localstatedir}/log/journal + +[ -w %{_localstatedir} ] && journalctl --update-catalog || : +systemd-sysusers || : +systemd-tmpfiles --create &>/dev/null || : + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172. +# We also do this for user units, see +# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +systemctl preset-all &>/dev/null || : +systemctl --global preset-all &>/dev/null || : + +%postun +if [ $1 -eq 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + systemd-tmpfiles --create &>/dev/null || : +fi + +%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service + +# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) +# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec + +%triggerpostun -- systemd < 247.3-2 +# This is for upgrades from previous versions before oomd-defaults is available. +# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with +# a different package version. +systemctl --no-reload preset systemd-oomd.service &>/dev/null || : + +%post libs +%{?ldconfig} + +function mod_nss() { + if [ -f "$1" ] ; then + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1:\2 systemd/ + ' "$1" &>/dev/null || : + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + +# check if nobody or nfsnobody is defined +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 +if getent passwd nfsnobody &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +fi + +%{?ldconfig:%postun libs -p %ldconfig} + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null +if [ -L %{_localstatedir}/lib/systemd/timesync ]; then + rm %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync +fi +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then + mkdir -p %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. +fi + +udevadm hwdb --update &>/dev/null + +%systemd_post %udev_services + +# Try to save the random seed, but don't complain if /dev/urandom is unavailable +/usr/lib/systemd/systemd-random-seed save 2>&1 | \ + grep -v 'Failed to open /dev/urandom' || : + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Restart some services. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service + +%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service +%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket +%post journal-remote +%systemd_post %journal_remote_units_restart %journal_remote_units_norestart + +%preun journal-remote +%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart +if [ $1 -eq 1 ] ; then + if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then + mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload + mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. + rmdir %{_localstatedir}/lib/systemd/journal-upload || : + fi +fi + +%postun journal-remote +%systemd_postun_with_restart %journal_remote_units_restart + +%post networkd +# systemd-networkd was split out in systemd-246.6-2. +# Ideally, we would have a trigger scriptlet to record enablement +# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS, +# rpm doesn't allow us to trigger on another package, short of +# querying the rpm database ourselves, which seems risky. For rpm, +# systemd and systemd-networkd are completely unrelated. So let's use +# a hack to detect if an old systemd version is currently present in +# the file system. +# https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then + echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." +else + %systemd_post systemd-networkd.service systemd-networkd-wait-online.service +fi + +%preun networkd +%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : +fi + +%post resolved +[ $1 -gt 1 ] && exit 0 + +# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then + echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." + exit 0 +fi + +%systemd_post systemd-resolved.service + +# Create /etc/resolv.conf symlink. +# We would also create it using tmpfiles, but let's do this here +# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above +# does not do this, because it's marked with ! and we don't specify --boot.) +# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 +# +# If systemd is not running, don't overwrite the symlink because that +# will immediately break DNS resolution, since systemd-resolved is +# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). +# +# Also don't create the symlink to the stub when the stub is disabled (#1891847 again). +if test -d /run/systemd/system/ && + systemctl -q is-enabled systemd-resolved.service &>/dev/null && + ! mountpoint /etc/resolv.conf &>/dev/null && + ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \ + grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf +fi + +%if %{with selinux} +%pre selinux +%selinux_relabel_pre + +%post selinux +%selinux_modules_install %{_datadir}/selinux/packages/systemd_hs.pp.bz2 +%selinux_relabel_post + +%posttrans selinux +%selinux_relabel_post + +%postun selinux +%selinux_modules_uninstall systemd_hs + +if [ $1 -eq 0 ]; then + %selinux_relabel_post +fi +%endif + +%global _docdir_fmt %{name} + +%files -f %{name}.lang -f .file-list-rest +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE.* +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%files libs -f .file-list-libs +%license LICENSE.LGPL2.1 + +%files pam -f .file-list-pam + +%files rpm-macros -f .file-list-rpm-macros + +%files resolved -f .file-list-resolve + +%files devel -f .file-list-devel + +%files udev -f .file-list-udev + +%files container -f .file-list-container + +%files journal-remote -f .file-list-remote + +%files networkd -f .file-list-networkd + +%files oomd-defaults -f .file-list-oomd-defaults + +%files tests -f .file-list-tests + +%if %{with selinux} +%files selinux +%{_datadir}/selinux/devel/include/contrib/systemd_hs.if +%{_datadir}/selinux/packages/systemd_hs.pp.bz2 +%endif + +%changelog +* Thu Feb 24 2022 Daan De Meyer - 249-2.13 +- Move to dist-git layout used by Fedora (no more SOURCES/ and SPECS/) +- Switch to .gitignore from commit 46a40810 from the Fedora RPM repo +- Add back removed files from commit 46a40810 from the Fedora RPM repo except + sources + +* Wed Feb 09 2022 Anita Zhang - 249.4-2.12 +- Backport PR #20695: Sync if_arp.h with Linux 5.14 +- FB-only backport PR #22426: MemoryZSwapMax= to configure memory.zswap.max + +* Tue Nov 30 2021 Anita Zhang - 249.4-2.11 +- Backport PR #21241: fix bpf-foreign cgroup controller realization + +* Tue Nov 30 2021 Anita Zhang - 249.4-2.10 +- Re-enable fdisk and repart since util-linux-2.32.1-26 in C8s has the fix + it needs for tests to pass. + +* Wed Nov 24 2021 Davide Cavalca - 249.4-2.9 +- Disable legacy iptables support + +* Thu Nov 11 2021 Anita Zhang - 249.4-2.8 +- Remove revert_d219a2b07cc5dc8ffd5010f08561fab2780d8616.patch and replace with + proper fix (PR #21221) + +* Wed Nov 10 2021 Anita Zhang - 249.4-2.7 +- Add meson >= 0.57 for el8 builds. This version uses python 3.8. + +* Wed Oct 20 2021 Anita Zhang - 249.4-2.6 +- Revert d219a2b because it creates non-determinisitic Slice= assignments + +* Mon Oct 11 2021 Anita Zhang - 249.4-2.5 +- Remove duplicate Address= properties in network configs (part of PR #20892) +- Serialize bpf device programs across reloads/reexecs (PR #20978) +- Don't rewrite sysctls that are already set (PR #20676) + +* Wed Oct 06 2021 Davide Cavalca - 249.4-2.4 +- Drop qrencode-devel from BuildRequires as it's not actually used + +* Wed Sep 29 2021 Anita Zhang - 249.4-2.3 +- Fix to allow verifying hidden (dot) files again (PR #20875) + +* Fri Sep 24 2021 Anita Zhang - 249.4-2.2 +- Backport more feature support for systemd-networkd + (#20450, #20541, #20729, #20828) + +* Wed Sep 22 2021 Anita Zhang - 249.4-2.1 +- Sync changes from Fedora +- Backport one more feature for systemd-networkd (#20489) + +* Mon Sep 20 2021 Anita Zhang - 249.4-1.1 +- New stable point release +- Backport optimization for read_virtual_file() (#20743) +- Backport new features for systemd-networkd (#20743, #20472, #20477, #20484) + +* Tue Sep 14 2021 Sahana Prasad +- Rebuilt with OpenSSL 3.0.0 + +* Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 +- Latest bugfix release: various fixes for systemd-networkd, + systemd-resolved, systemd, systemd-boot. +- Backport of macros to restart systemd user units (#1993244) + +* Fri Aug 6 2021 Zbigniew Jędrzejewski-Szmek - 249.3-1 +- Latest bugfix release: improved compatibility with latest glibc, + various small documentation fixes, and fixes for systemd-networkd bridging, + other minor fixes. +- systemctl set-property accepts glob patterns now (#1986258) + +* Thu Jul 29 2021 Anita Zhang - 249.2-1.2 +- Remove Obsoletes lines on systemd-resolved and systemd-networkd since we don't + want to install these by default. + +* Wed Jul 28 2021 Anita Zhang - 249.2-1.1 +- New release for 249 +- Drop merged patches +- Split networkd and resolved into their own subpackages. + +* Tue Jul 27 2021 Davide Cavalca - 248.5-1.3 +- Add missing SELinux rules for the GNOME and KDE LiveDVD spins + (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/7) + +* Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 +- Latest bugfix release (a minor hwdb regression bugfix, and correction + to kernel commandline handling when reexecuting PID 1 in a container) + +* Fri Jul 23 2021 Michael Catanzaro - 249.2-1 +- Build with -Ddefault-dns-over-tls=opportunistic + (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) + +* Wed Jul 21 2021 Davide Cavalca - 248.5-1.2 +- Add missing SELinux rules for 248 + (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1) + +* Wed Jul 21 2021 Anita Zhang - 248.5-1.1 +- Update to systemd-stable 248.5 (includes fix for CVE-2021-33910) + +* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 248.5-1 +- Various minor documentation and correctness fixes. +- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to + crash systemd and cause the system to reboot by creating a very long + fuse mountpoint path. + +* Mon Jul 12 2021 Zbigniew Jędrzejewski-Szmek - 248.4-1 +- Assorted fixes (some systemd-resolved crashes, invalid + systemd-tmpfiles assertion, etc.) +- systemd-networkd workaround for TALOS-2020-1142, CVE-2020-13529. +- A big update of hardware descriptions. + +* Wed Jul 7 2021 Neal Gompa - 249-2 +- Use correct NEWS URLs for systemd 249 releases in changelog entries + +* Wed Jul 7 2021 Zbigniew Jędrzejewski-Szmek - 249-1 +- Latest upstream release with minor bugfixes, see + https://github.com/systemd/systemd/blob/v249/NEWS. +- systemd-oomd cpu usage is reduced (#1944646) + +* Thu Jul 1 2021 Zbigniew Jędrzejewski-Szmek - 249~rc3-1 +- Latest upstream prerelease with various bugfixes, see + https://github.com/systemd/systemd/blob/v249-rc3/NEWS. + +* Fri Jun 25 2021 Zbigniew Jędrzejewski-Szmek - 249~rc2-1 +- Latest upstream prerelease with various bugfixes, see + https://github.com/systemd/systemd/blob/v249-rc2/NEWS. +- Ignore FORCERENEW DHCP packets (TALOS-2020-1142, CVE-2020-13529, #1959398) + +* Thu Jun 17 2021 Adam Williamson - 249~rc1-2 +- Stop systemd providing systemd-resolved, now the subpackage exists (#1973462) + +* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v249-rc1/NEWS. + Fixes #1963428. +- Use systemd-sysusers to create users (#1965815) +- Move systemd-resolved into systemd-resolved subpackage (#1923727) + [patch from Petr Menšík] + +* Mon Jun 14 2021 Anita Zhang - 248.2-1.5 +- Remove backport PR #19811 since it's still buggy +- Remove d586f642fd90e3bb378f7b6d3e3a64a753e51756 to fix rate limiting instead + (at least until sd-event rate limiting is fixed in 249). + +* Thu Jun 10 2021 Anita Zhang - 248.2-1.4 +- Backport PR #19811 to fix issues with mount sd-event rate limiting + +* Wed May 19 2021 Davide Cavalca - 248.2-1.3 +- Add BuildRequires for python-jinja2 in preparation for 249 (see PR#19630) + +* Mon May 17 2021 Davide Cavalca - 248.2-1.2 +- Add systemd-oomd-defaults subpackage from Fedora + +* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 +- A fix for resolved crashes (#1946386, #1960227, #1950241) +- Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. + +* Mon May 10 2021 Anita Zhang - 248.2-1.1 +- New release for 248 +- Drop patches merged in 248.2 +- FB only backport PR #13496 (Extend bpf cgroup program support) + +* Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 +- Pull in some more patches from upstream (#1944646, #1885090, #1941340) +- Adjust modes of some %%ghost files (#1956059) + +* Thu May 6 2021 Zbigniew Jędrzejewski-Szmek - 248.1-1 +- Latest stable version: a long list of minor correctness fixes all around + (#1955475, #911766, #1958167, #1952919) +- Enable tpm2-tss dependency (#1949505) + +* Wed Apr 14 2021 Anita Zhang - 247.3-10 +- Remove systemd-resolved enablement + +* Wed Apr 7 2021 Davide Cavalca - 247.3-9 +- Reenable LTO now that binutils has been fixed +- Update FB configure options + +* Tue Apr 6 2021 Adam Williamson - 248-2 +- Re-enable resolved caching, we hope all major bugs are resolved now + +* Thu Apr 1 2021 Davide Cavalca - 247.3-8 +- Backport https://github.com/SELinuxProject/refpolicy/pull/308 to fix + systemd-hostnamed and systemd-localed when SELinux is enabled. + +* Thu Apr 1 2021 Anita Zhang - 247.3-7 +- Downgrade sysv-generator warning even more (to debug) + +* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 +- Latest upstream release, see + https://github.com/systemd/systemd/blob/v248/NEWS. +- The changes since -rc4 are rather small, various fixes all over the place. + A fix to how systemd-oomd selects a candidate to kill, and more debug logging + to make this more transparent. + +* Wed Mar 31 2021 Anita Zhang - 247.3-6 +- Backport PR#18621 (Ignore attempts at hidepid and subset for older kernels) +- Downgrade sysv-generator warning about missing native systemd unit + +* Wed Mar 31 2021 Davide Cavalca - 247.3-5 +- Add selinux subpackage + +* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 +- Increase oomd user memory pressure limit to 50% (#1941170) + +* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 +- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service + on upgrades from before systemd-networkd was split out (#1943263) +- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) + +* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 +- Revert patch that seems to cause problems with dns resolution + (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) + +* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 +- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) +- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) + (But note that the disablement of caching added previously is + retained until we can do more testing.) +- Minor fix to interface naming by udev +- Fix for systemd-repart --size + +* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 +- Disable resolved cache via config snippet (#1940715) + +* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc4/NEWS. +- A bunch of documentation updates, and correctness fixes. + +* Wed Mar 17 2021 Anita Zhang - 247.3-4 +- Backport PR #18955 (Fixes fstab parsing) +- FB only backport PR #18886 (systemd-shutdown logs to /dev/console not stderr) +- Reenable tests by disabling LTO (work around binutils bug) + +* Tue Mar 16 2021 Adam Williamson - 248~rc3-2 +- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc3-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc3/NEWS. +- A bunch of documentation updates, correctness fixes, and systemd-networkd + features. +- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 +- Fix crash in pid1 during daemon-reexec (#1931034) + +* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 +- Fix stub resolver CNAME chain resolving (#1933433) + +* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 +- Don't set the fallback hostname to Fedora on non-Fedora OSes + +* Wed Feb 24 2021 Davide Cavalca - 247.3-3 +- Remove careinversion usage to make the package usable on older mock versions + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 +- Latest upstream prelease, just a bunch of small fixes. +- Fixes #1931957. + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 +- Rebuild with the newest scriptlets + +* Fri Feb 19 2021 Davide Cavalca - 247.3-2 +- Disable some tests to workaround a binutils bug triggered by enabling audit +- Refresh patches + +* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 +- Increase oomd user memory pressure limit to 10% (#1929856) + +* Wed Feb 17 2021 Anita Zhang - 247.3-1 +- New release for 247 +- Backport PR #18211 (Fixes ExecCondition= dependency bug) +- Backport PR #17872 (Fixes PrivateUsers=yes with other sandboxing properties) +- FB only backport PR #17495 (Fixes BPF pinning post-coldplug) +- Reenable audit support + +* Sun Feb 7 2021 Davide Cavalca - 246.1-2 +- Initial Hyperscale SIG package +- Update release to use %%dist macro +- Drop el7 logic +- Explicitly default non-FB built to the legacy hierarchy +- Drop no longer needed FB FusionIO patch +- Temporarily disable audit support while debugging a link issue + +* Fri Feb 5 2021 Anita Zhang - 247.3-2 +- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. +- Backports consist primarily of PR #18361, #18444, and #18401 (plus some + additional ones to handle merge conflicts). +- Create systemd-oomd-defaults subpackage to install unit drop-ins that will + configure systemd-oomd to monitor and act. + +* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 +- Minor stable release +- Fixes #1895937, #1813219, #1903106. + +* Wed Jan 27 2021 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 25 2021 Anita Zhang - 246.1-1.fb6 +- Backport PR #16803 to fix ConditionEnvironment= + +* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 +- Fix bfq patch again (#1813219) + +* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 +- Add patch to enable crypttab to support disabling of luks read and + write workqueues (corresponding to + https://github.com/systemd/systemd/pull/18062/). + +* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 +- Minor stable release +- Fixes #1908071. + +* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 +- Rebuild with fallback hostname change reverted. + +* Fri Dec 4 2020 Bastien Nocera - 247.1-2 +- Unset fallback-hostname as plenty of applications expected localhost + to mean "default hostname" without ever standardising it (#1892235) + +* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 +- Latest stable release +- Fixes #1902819. +- Files to configure networking with systemd-networkd in a VM or container are + moved to systemd-networkd subpackage. (They were previously in the -container + subpackage, which is for container/VM management.) + +* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 +- Update to the latest version +- #1900878 should be fixed + +* Thu Nov 19 2020 Chris Down - 246.1-1.fb5 +- Updated version of PR #17495 to fix program leak + +* Thu Nov 19 2020 Chris Down - 246.1-1.fb4 +- Backport PR #17495 to fix BPF program lifecycle +- Backport PR #17422 to clean up cgroups more reliably after exit +- Backport PR #17497 to add FixedRandomDelay= support + +* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 +- New upstream pre-release. See + https://github.com/systemd/systemd/blob/v247-rc1/NEWS. + Many smaller and bigger improvements and features are introduced. + (#1885101, #1890632, #1879216) + + A backwards-incompatible change affects PCI network devices which + are connected through a bridge which is itself associated with a + slot. When more than one device was associated with the same slot, + one of the devices would pseudo-randomly get named after the slot. + That name is now not generated at all. This changed behaviour is + causes the net naming scheme to be changed to "v247". To restore + previous behaviour, specify net.naming-scheme=v245. + + systemd-oomd is built, but should not be considered "production + ready" at this point. Testing and bug reports are welcome. + +* Wed Sep 30 2020 Dusty Mabe - 246.6-3 +- Try to make files in subpackages (especially the networkd subpackage) + more appropriate. + +* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 +- Build a package with standalone binaries for non-systemd systems. + For now, only systemd-sysusers is included. + +* Thu Sep 24 2020 Christian Glombek - 246.6-2 +- Split out networkd sub-package and add to main package as recommended dependency + +* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 +- Update to latest stable release (various minor fixes: manager, + networking, bootct, kernel-install, systemd-dissect, systemd-homed, + fstab-generator, documentation) (#1876905) +- Do not fail in test because of kernel bug (#1803070) + +* Fri Sep 18 2020 Anita Zhang - 246.1-1.fb3 +- Backport PR #16838 and #16857 to improve $PATH handling +- Backport PR #16940 to fix ECONN handling in sockets +- Backport PR #17031 to fix rate limiting on units in restart loop +- Backport PR #17082 to get nspawn TTY tweaks + +* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 +- Update to latest stable release (a bunch of small network-related + fixes in systemd-networkd and socket handling, documentation updates, + a bunch of fixes for error handling). +- Also remove existing file when creating /etc/resolv.conf symlink + upon installation (#1873856 again) + +* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 +- Update to latest stable version: a rework of how the unit cache mtime works + (hopefully #1872068, #1871327, #1867930), plus various fixes to + systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, + systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for + instantiated units, documentation and shell completions. +- Create /etc/resolv.conf symlink upon installation (#1873856) +- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable + mdns by default in systemd-resolved (#1867830) + +* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 +- Update to bugfix version (some networkd fixes, minor documentation + fixes, relax handling of various error conditions, other fixlets for + bugs without bugzilla numbers). + +* Tue Aug 18 2020 Anita Zhang - 246.1-1.fb2 +- Gate "Obsoletes: systemd < 245.6-1" out due to dependency issues on Facebook + systems + +* Mon Aug 17 2020 Anita Zhang - 246.1-1.fb1 +- Facebook rebuild +- Don't compile in systemd-repart (needs libfdisk >= 2.33 and C8 has 2.32) +- Remove unused systemd-journal-remote.xml and systemd-journal-gatewayd.xml + files since we never used firewalld + +* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 +- A few minor bugfixes +- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so + that systemd-resolved can take over the management of the symlink. + +* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 +- Update to released version. Only some minor bugfixes since the pre-release. + +* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 +- Make /tmp be 50% of RAM again (#1856514) +- Re-run 'systemctl preset systemd-resolved' on upgrades. + /etc/resolv.conf is not modified, by a hint is emitted if it is + managed by NetworkManager. + +* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 +- New pre-release with incremental fixes + (#1856037, #1858845, #1856122, #1857783) +- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR + and mDNS support in resolve-only mode by default). + See https://fedoraproject.org/wiki/Changes/systemd-resolved. + +* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. + + This release includes many new unit settings, related inter alia to + cgroupsv2 freezer support and cpu affinity, encryption and verification. + systemd-networkd has a ton of new functionality and many other tools gained + smaller enhancements. systemd-homed gained FIDO2 support. + + Documentation has been significantly improved: sd-bus and sd-hwdb + libraries are now fully documented; man pages have been added for + the D-BUS APIs of systemd daemons and various new interfaces. + + Closes #1392925, #1790972, #1197886, #1525593. + +* Wed Jun 24 2020 Bastien Nocera - 245.6-3 +- Set fallback-hostname to fedora so that unset hostnames are still + recognisable (#1392925) + +* Fri Jun 5 2020 Anita Zhang - 245.5-2.fb3 +- Backport 156a5fd to mitigate CVE-2020-13776 + +* Thu Jun 4 2020 Anita Zhang - 245.5-2.fb2 +- Revert c7d26ac which is causing SMI count to go up leading to increased + microstalls during Chef runs + +* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 +- Add self-obsoletes to fix upgrades from F31 + +* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 +- Update to latest stable version (some documentation updates, minor + memory correctness issues) (#1815605, #1827467, #1842067) + +* Thu Apr 30 2020 Anita Zhang - 245.5-2.fb1 +- Facebook rebuild +- Don't compile in systemd-homed, systemd-userdb, and p11kit +- Backport PR #15544 and #15551 (drops FB rlimit_memlock patch) + +* Tue Apr 21 2020 Björn Esser - 245.5-2 +- Add explicit BuildRequires: acl +- Bootstrapping for json-c SONAME bump + +* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 +- Update to latest stable version (#1819313, #1815412, #1800875) + +* Thu Apr 16 2020 Björn Esser - 245.4-2 +- Add bootstrap option to break circular deps on cryptsetup + +* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 +- Update to latest stable version (#1814454) + +* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 +- Update to latest stable version (no issue that got reported in bugzilla) + +* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 +- Update to latest stable version (a few bug fixes for random things) (#1798776) + +* Wed Mar 18 2020 Andrew Gallagher - 244-2.fb4 +- Bump HIGH_RLIMIT_MEMLOCK to 512M + +* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 +- Update to latest version (#1807485) + +* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 +- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) +- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) +- Move systemd-bless-boot.service and systemd-boot-system-token.service to + systemd-udev subpackage (#1807462) +- Move a bunch of other services to systemd-udev: + systemd-pstore.service, all fsck-related functionality, + systemd-volatile-root.service, systemd-verity-setup.service, and a few + other related files. +- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) +- Fix namespace-related failure when starting systemd-homed (#1807465) and + group lookup failure in nss_systemd (#1809147) +- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines + (#1716164) +- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) + +* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 +- Update daemon-reexec fallback to check whether the system is booted with + systemd as PID 1 and check whether we're upgrading before using kill -TERM + on PID 1 (#1803240) + +* Thu Feb 20 2020 Filipe Brandenburger - 244-2.fb3 +- Only kill -TERM 1 when systemd is actually running. + +* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 +- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) + +* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 +- Add default 'disable *' preset for user units (#1792474, #1468501), + see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +- Add macro to generate "compat" scriptlets based off sysusers.d format + and autogenerate user() and group() virtual provides (#1792462), + see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. +- Revert patch to udev rules causing regression with usb hubs (#1800820). + +* Thu Feb 6 2020 Anita Zhang - 244-2.fb2 +- Backport PR#14815 (Permissive syscall filtering in dbus-execute) + +* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. + + This release includes completely new functionality: systemd-repart, + systemd-homed, user reconds in json, and multi-instantiable + journald, and a partial rework of internal communcation to use + varlink, and bunch of more incremental changes. + + The "predictable" interface name naming scheme is changed, + net.naming-scheme= can be used to undo the change. The change applies + to container interface names on the host. + +- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. + +* Fri Jan 31 2020 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 9 2020 Anita Zhang - 244-2.fb1 +- Facebook rebuild +- Backport PR#13823 (PrivateUsers=true for unprivileged user managers) +- Backport PR#14441 (Fix type.d drop-in ordering) + +* Sat Dec 21 2019 - 244.1-2 +- Disable service watchdogs (for systemd units) + +* Sun Dec 15 2019 - 244.1-1 +- Update to latest stable batch (systemd-networkd fixups, better + support for seccomp on s390x, minor cleanups to documentation). +- Drop patch to revert addition of NoNewPrivileges to systemd units + +* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 +- Update to latest version. Just minor bugs fixed since the pre-release. + +* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 +- Update to latest pre-release version, + see https://github.com/systemd/systemd/blob/master/NEWS#L3. + Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, + systemd-networkd does not create a default route for link local addressing, + systemd-networkd supports dynamic reconfiguration and a bunch of new settings. + Network files support matching on WLAN SSID and BSSID. +- Better error messages when preset/enable/disable are used with a glob (#1763488) +- u2f-hidraw-policy package is obsoleted (#1753381) + +* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 +- Latest bugfix release. Systemd-stable snapshots will now be numbered. +- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) +- systemd-modules-load.service should only warn, not fail, on error (#1254340) +- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, + CVE-2018-21029) +- Fix regression with crypttab keys with colons +- Various memleaks and minor memory access issues, warning adjustments + +* Thu Oct 31 2019 Davide Cavalca - 243-2.fb3 +- Backport PR#13754 (allow restart for oneshot units) +- Misc specfiles fixes to support building on el8 as well +- Default el8 builds to the unified hierarchy + +* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 +- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) + +* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 +- Various minor documentation and error message cleanups +- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) + +* Wed Oct 2 2019 Davide Cavalca - 243-2.fb2 +- Backport PR#13689 (a bunch of protection-related fixes) + +* Fri Sep 27 2019 Davide Cavalca - 243-2.fb1 +- Facebook rebuild +- drop "use bfq as the default scheduler" patch +- backport PR#13369 (ExecXYZEx= bus hook ups) +- disable udev-test.pl for now due to flakiness + +* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 +- Backport a bunch of patches (memory access issues, improvements to error + reporting and handling in networkd, some misleading man page contents #1751363) +- Fix permissions on static nodes (#1740664) +- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts +- Fix one crash in systemd-resolved (#1703598) +- Make journal catalog creation reproducible (avoid unordered hashmap use) +- Mark the accelerometer in HP laptops as part of the laptop base +- Fix relabeling of directories with relabel-extra.d/ +- Fix potential stuck noop jobs in pid1 +- Obsolete timedatex package (#1735584) + +* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 +- Update to latest release +- Emission of Session property-changed notifications from logind is fixed + (this was breaking the switching of sessions to and from gnome). +- Security issue: unprivileged users were allowed to change DNS + servers configured in systemd-resolved. Now proper polkit authorization + is required. + +* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 +- Backport PR #13406 to solve PATH ordering issue (#1744059) + +* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 +- Update to latest pre-release. Fixes #1740113, #1717712. +- The default scheduler for disks is set to BFQ (1738828) +- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). + Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. + See https://fedoraproject.org/wiki/Changes/CGroupsV2. + +* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 +- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) + +* Wed Aug 7 2019 Anita Zhang - 242-2.fb4 +- Backport PR#12933 (core: ExecCondition= for services) +- Backport PR#13096 (Preparatory work for the unit loading rework) +- Backport PR#13119 (Rework unit loading to take into account all aliases) + +* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 +- Update to latest version (#1715699, #1696373, #1711065, #1718192) + +* Sat Jul 27 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 +- Ignore bad rdrand output on AMD CPUs (#1729268) +- A bunch of backported patches from upstream: documentation, memory + access fixups, command output tweaks (#1708996) + +* Thu Jul 18 2019 Anita Zhang - 242-2.fb3 +- Backport PR#12346 (make sure accept_flush() doesn't hang on EOPNOTSUPP) +- Backport PR#12979 (add SystemCallErrorNumber=EPERM to systemd-portabled.service) + +* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 +- Rebuilt (libqrencode.so.4) + +* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 +- Rebuilt for iptables update (libip4tc.so.2) + +* Thu Jun 20 2019 Anita Zhang - 242-2.fb2 +- Backport PR#11778 (ExecStartXYZEx= dbus support) +- Backport PR#12729 (nspawn: don't hard fail when setting capabilities) +- Backport PR#12745 (IPAddressXYZ="any" for users with CAP_NET_ADMIN) + +* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 +- Add symbol to mark vtable format changes (anything using sd_add_object_vtable + or sd_add_fallback_vtable needs to be rebuilt) +- Fix wireguard ListenPort handling in systemd-networkd +- Fix hang in flush_accept (#1702358) +- Fix handling of RUN keys in udevd +- Some documentation and shell completion updates and minor fixes + +* Thu Apr 25 2019 Davide Cavalca - 242-2.fb1 +- Facebook rebuild +- Backport PR#12336 (support DisableControllers= for transient units) + +* Tue Apr 16 2019 Adam Williamson - 242-2 +- Rebuild with Meson fix for #1699099 + +* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 +- Update to latest release +- Make scriptlet failure non-fatal + +* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 +- Update to latest prerelease + +* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 +- Update to latest prerelease + +* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 +- Update to the latest prerelease. +- The bug reported on latest update that systemd-resolved and systemd-networkd are + re-enabled after upgrade is fixed. + +* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 +- Backport various patches from the v241..v242 range: + kernel-install will not create the boot loader entry automatically (#1648907), + various bash completion improvements (#1183769), + memory leaks and such (#1685286). + +* Fri Mar 22 2019 Davide Cavalca - 241-1.fb2 +- Backport PR#11754 (sd-bus fixes for CVE-2019-6454) +- Backport PR#12078 (nspawn fix) + +* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 +- Declare hyperv and framebuffer devices master-of-seat again (#1683197) + +* Wed Feb 27 2019 Davide Cavalca - 241-1.fb1 +- Facebook rebuild +- Rebase fio udev patch (this will likely be dropped in the next release) +- Drop the mock testing patches, not needed anymore +- Ignore errors for Python bytecompiling due to run-unit-tests.py +- Fix the run-unit-tests.py shebang to use python36 +- Backport PR#11831 (missing include) and PR#11836 (test-chown-rec fix) + +* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 +- Prevent buffer overread in systemd-udevd +- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) + +* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 +- Turn LTO back on + +* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 +- Update to latest release -rc2 + +* Sun Feb 03 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 +- Backport a patch for kernel-install + +* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 +- Update to latest release -rc1 + +* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 +- Add a work-around for #1663040 + +* Mon Jan 14 2019 Björn Esser +- Rebuilt for libcrypt.so.2 (#1666033) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 +- Add a work-around for selinux issue on live images (#1663040) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 +- systemd-journald and systemd-journal-remote reject entries which + contain too many fields (CVE-2018-16865, #1664973) and set limits on the + process' command line length (CVE-2018-16864, #1664972) +- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) +- A fix for systemd-udevd crash (#1662303) + +* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 +- Add two more patches that revert recent udev changes + +* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 +- Update to latest release + See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. + +* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 +- Hibernation checks for resume= are rescinded (#1645870) +- Various patches: + - memory issues in logind, networkd, journald (#1653068), sd-device, etc. + - Adaptations for newer meson, lz4, kernel + - Fixes for misleading bugs in documentation +- net.ipv4.conf.all.rp_filter is changed from 1 to 2 + +* Mon Dec 10 2018 Davide Cavalca - 239-1.fb6 +- Backport PR#10411 and PR#10493 (systemd-analyze timespan command) +- Rebase our PR#10507 and PR#10567 backports onto the version merged upstream +- Backport PR#10757 (cgroup2 BPF devices fixes) +- Backport PR#10876 (cgroup_subtree_mask propagation fix) + +* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek +- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf + (see https://github.com/pbrezina/authselect/issues/77) +- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve + +* Sun Nov 18 2018 Alejandro Domínguez Muñoz +- Remove link creation for rsyslog.service + +* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 +- Go back to using systemctl preset-all in %%post (#1647172, #1118740) + +* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 +- Requires(post) openssl-libs to fix live image build machine-id issue + See: https://pagure.io/dusty/failed-composes/issue/960 + +* Mon Nov 5 2018 Yu Watanabe +- Set proper attributes to private directories + +* Fri Nov 2 2018 Davide Cavalca - 239-1.fb5 +- Backport PR#10507 (don't require CPU controller for CPU accounting) +- Backport PR#10567 (DisableControllers= directive) + +* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 +- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) + +* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 +- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) +- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) +- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) +- The DHCP server is started only when link is UP +- DHCPv6 prefix delegation is improved +- Downgrade logging of various messages and add loging in other places +- Many many fixes in error handling and minor memory leaks and such +- Fix typos and omissions in documentation +- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) +- Matching by MACAddress= in systemd-networkd is fixed +- Creation of user runtime directories is improved, and the user + manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) +- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 +- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. +- "systemctl --wait start" exits immediately if no valid units are named +- zram devices are not considered as candidates for hibernation +- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) +- Various smaller improvements to unit ordering and dependencies +- generators are now called with the manager's environment +- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues +- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where + the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. +- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user + threads are used by bpfilter. +- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present +- Hibernation is not advertised if resume= is not present on the kernenl command line +- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, + AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= +- LOGO= and DOCUMENTATION_URL= are documented for the os-release file +- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries +- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects +- Catalog entries for the journal are improved (#1639482) +- If suspend fails, the post-suspend hooks are still called. +- Various build issues on less-common architectures are fixed + +* Fri Oct 12 2018 Davide Cavalca - 239-1.fb4 +- Backport PR#10062 (cgroup2 BPF device controller support) +- Backport PR#10203, PR#10363 (tests fixes for supplementary groups) +- Backport PR#10368 (%g, %G specifiers support) +- Add hostname to BuildRequires (it's needed by test-execute) +- Reenable test-execute now that it's finally working + +* Wed Oct 3 2018 Jan Synáček - 239-5 +- Fix meson using -Ddebug, which results in FTBFS +- Fix line_begins() to accept word matching full string (#1631840) + +* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 +- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) + +* Fri Aug 24 2018 Davide Cavalca - 239-1.fb3 +- backport new version of guro's cgroup2 BPF device controller patch + +* Wed Jul 18 2018 Terje Rosten - 239-3 +- Ignore return value from systemd-binfmt in scriptlet (#1565425) + +* Sun Jul 15 2018 Filipe Brandenburger +- Override systemd-user PAM config in install and not prep + +* Sat Jul 14 2018 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 4 2018 Davide Cavalca - 239-1.fb2 +- backport PR#9460 (followup to PR#9410) +- backport PR#9500 (support for StandardOutput=append:) +- revert c58fd46 (part of PR#8403) to workaround a FB-specific build issue + +* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek +- Rebuild for Python 3.7 again + +* Mon Jun 25 2018 Davide Cavalca - 239-1.fb1 +- Facebook rebuild +- backport PR#9244 and PR#9247 (new cgroup2 features) +- backport PR#9410 (gnutls detection, fix for #9403) + +* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 +- Update to latest version, mostly bug fixes and new functionality, + very little breaking changes. See + https://github.com/systemd/systemd/blob/v239/NEWS for details. + +* Tue Jun 19 2018 Miro Hrončok +- Rebuilt for Python 3.7 + +* Thu May 31 2018 Davide Cavalca - 238-7.fb3 +- Update cgroup2 BPF device controller patches +- Backport PR#9148 to mitigate pid watching issue on git + +* Tue May 15 2018 Davide Cavalca - 238-7.fb2 +- Backport htejun's io.latency patch +- Backport guro's cgroup2 BPF device controller patch + +* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 +- Backport a number of patches (documentation, hwdb updates) +- Fixes for tmpfiles 'e' entries +- systemd-networkd crashes +- XEN virtualization detection on hyper-v +- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) + +* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 +- Allow fake Delegate= setting on slices (#1568594) + +* Thu Apr 5 2018 Davide Cavalca - 238-7.fb1 +- Facebook rebuild +- Reenable tests (except test-execute which is still broken) + +* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 +- Move udev transfiletriggers to the right package, fix quoting + +* Tue Mar 27 2018 Colin Walters - 238-6 +- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 + This fixes compatibility with rpm-ostree. + +* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 +- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) + +* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 +- Do not close dbus connection during dbus reload call (#1554578) + +* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 +- Revert the patches for GRUB BootLoaderSpec support +- Add patch for /etc/machine-id creation (#1552843) + +* Tue Mar 6 2018 Yu Watanabe - 238-2 +- Fix transfiletrigger script (#1551793) + +* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 +- Update to latest version +- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) +- New transfiletriggers are installed for udev hwdb and rules, the journal + catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. + +* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 +- Add patch to install kernel images for GRUB BootLoaderSpec support + +* Mon Feb 26 2018 Davide Cavalca - 237-1.fb3 +- Backport PR#8115 to properly fix GH#8194 + +* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 +- Create /etc/systemd in %%post libs if necessary (#1548607) + +* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 +- Use : not touch to create file in -libs %%post + +* Thu Feb 22 2018 Davide Cavalca - 237-1.fb2 +- Add workaround for an issue with systemd-nspawn -u affecting mock (GH#8194) + +* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 +- Add coreutils dep for systemd-libs %%post +- Add patch to typecast USB IDs to avoid compile failure + +* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 +- Update some patches for test skipping that were updated upstream + before merging +- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined + correctly and possibly replace existing mappings + +* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 +- Backport a bunch of patches, most notably for the journal and various + memory issues. Some minor build fixes. +- Switch to new ldconfig macros that do nothing in F28+ +- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody + or nobody users are defined (#1537262) + +* Mon Feb 12 2018 Davide Cavalca - 237-1.fb1 +- Facebook rebuild +- Backport configurable docdir patch from master (PR#8068) +- Ensure split-files.py is run with python36 +- Set nfs/nfsnobody as nobody users +- Add pcre2-devel dependecy for journalctl --grep +- Disable tests for now as they're failing randomly when building in mock +- Use 10485760 as container base for Facebook to avoid conflicting with LDAP +- Backport PID file symlink chain checks fix from master (PR#8133) + +* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 +- Update to first stable snapshot (various minor memory leaks and misaccesses, + some documentation bugs, build fixes). + +* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 +- Update to latest version + +* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c +- Add patch to include if needed + +* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c +- Rebuilt for switch to libxcrypt + +* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 +- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 + various memory corruptions in systemd-networkd) +- /dev/kvm is marked as a static node which fixes permissions on s390x + and ppc64 (#1532382) + +* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 +- Update to latest version + +* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 +- Update to latest git snapshot, do not build for realz +- Switch to libidn2 again (#1449145) + +* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 +- Rebuild for cryptsetup-2.0.0-0.2.fc28 + +* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 +- Backport a bunch of patches, including LP#172535 + +* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 +- Patches for cryptsetup _netdev + +* Mon Oct 9 2017 Davide Cavalca - 235-1.fb1 +- Facebook rebuild + +* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 +- Update to latest version + +* Tue Sep 26 2017 Nathaniel McCallum - 234-8 +- Backport /etc/crypttab _netdev feature from upstream + +* Thu Sep 21 2017 Michal Sekletar - 234-7 +- Make sure to remove all device units sharing the same sysfs path (#1475570) + +* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 +- Bump xslt recursion limit for libxslt-1.30 + +* Mon Sep 18 2017 Davide Cavalca - 234-5.fb2 +- backport build fix for O_TMPFILE from PR#6816 + +* Tue Aug 8 2017 Davide Cavalca - 234-5.fb1 +- new upstream release +- drop compat-libs patch in favor of separate systemd-compat-libs project +- force locale to UTF-8 to make meson happy +- disable broken test-execute +- backport nsdelegate support from PR#6294 + +* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 +- Backport more patches (#1476005, hopefully #1462378) + +* Thu Jul 27 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 +- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) +- Minor patches (memleaks, --help fixes, seccomp on arm64) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 +- Create kvm group (#1431876) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 +- Latest release + +* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c +- Update to snapshot +- Build with meson again + +* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 +- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) + +* Sat Jun 17 2017 Peter Blair - 233-2.fb2 +- Apply patch from CVE-2017-9445 + +* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 +- Update to snapshot version, build with meson + +* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 +- Backport a bunch of small fixes (memleaks, wrong format strings, + man page clarifications, shell completion) +- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) +- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) +- Drop soft-static uid for systemd-journal-gateway +- Use ID from /etc/os-release as ntpvendor + +* Thu Apr 13 2017 Davide Cavalca - 233-2.fb1 +- New upstream release +- disable a couple of broken tests +- default to legacy hierarchy for now + +* Wed Apr 12 2017 Davide Cavalca - 231-11.fb2 +- fix lz4 depends to pick the right package + +* Mon Apr 3 2017 Davide Cavalca - 231-11.fb1 +- use facebook macro to gate Facebook-specific settings +- rebuild against new RPM backport +- update patches + +* Thu Mar 16 2017 Michal Sekletar - 233-3 +- Backport bugfixes from upstream +- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) + +* Tue Mar 14 2017 Patrick White - 231-2.fb4 +- add poettering patch to fix hitting an assert (PR#4447) + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 +- Fix installation conflict with polkit + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 +- New upstream release (#1416201, #1405439, #1420753, many others) +- New systemd-tests subpackage with "installed tests" + +* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 +- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) + +* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 +- Ignore the hwdb parser test + +* Tue Feb 14 2017 Jan Synáček - 232-14 +- machinectl fails when virtual machine is running (#1419501) + +* Sat Feb 11 2017 Fedora Release Engineering - 232-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 +- Backport patch for initrd-switch-root.service getting killed (#1414904) +- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE + extraction by sd-coredump. + +* Sun Jan 29 2017 zbyszek - 232-11 +- Backport a number of patches (#1411299, #1413075, #1415745, + ##1415358, #1416588, #1408884) +- Fix various memleaks and unitialized variable access +- Shell completion enhancements +- Enable TPM logging by default (#1411156) +- Update hwdb (#1270124) + +* Thu Jan 19 2017 Adam Williamson - 232-10 +- Backport fix for boot failure in initrd-switch-root (#1414904) + +* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 +- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam + is available as multilib (#1414153) + +* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 +- Fix buildsystem to check for lz4 correctly (#1404406) + +* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 +- Various small tweaks to scriplets + +* Sat Jan 07 2017 Kevin Fenzi - 232-6 +- Fix scriptlets to never fail in libs post + +* Fri Jan 06 2017 Kevin Fenzi - 232-5 +- Add patch from Michal Schmidt to avoid process substitution (#1392236) + +* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 +- Rebuild (#1392236) + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 +- Make /etc/dbus-1/system.d directory non-%%ghost + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 +- Fix kernel-install (#1391829) +- Restore previous systemd-user PAM config (#1391836) +- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) +- Fix permissions on /var/lib/systemd/journal-upload (#1262665) + +* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 +- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) +- Add %%{_isa} to Provides on arch-full packages (#1387912) +- Create systemd-coredump user in %%pre (#1309574) +- Replace grubby patch with a short-circuiting install.d "plugin" +- Enable nss-systemd in the passwd, group lines in nsswith.conf +- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf +- Move systemd-nspawn man pages to the right subpackage (#1391703) + +* Tue Oct 18 2016 Jan Synáček - 231-11 +- SPC - Cannot restart host operating from container (#1384523) + +* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 +- Do not recreate /var/log/journal on upgrades (#1383066) +- Move nss-myhostname provides to systemd-libs (#1383271) + +* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 +- Fix systemctl set-default (#1374371) +- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) + +* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 +- Apply fix for #1378974 + +* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 +- Apply patches properly + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 +- Better fix for (#1380286) + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 +- Denial-of-service bug against pid1 (#1380286) + +* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 +- Fix preset-all (#1363858) +- Fix issue with daemon-reload messing up graphics (#1367766) +- A few other bugfixes + +* Wed Aug 10 2016 Davide Cavalca - 231-2.fb3 +- add mpawlowski root filesystem namespace patch for #12621017 +- add htejun patch for cgroup2 cpu controller (PR#3905) +- update htejun logind patch from PR#3835 + +* Wed Aug 03 2016 Adam Williamson - 231-3 +- Revert preset-all change, it broke stuff (#1363858) + +* Thu Jul 28 2016 Davide Cavalca - 231-2.fb2 +- add /dev/fio patch from bwann for GH#3718 +- import PR#3821 updates and rebase patches on github +- add htejun logind patch for UserTasksMax (#12460186, PR#3835) + +* Wed Jul 27 2016 Davide Cavalca - 231-2.fb1 +- Facebook rebuild +- Fix test failures in mock (#7950934, PR#3821) +- drop fsck on root patch now that we have the new dracut (see PR#3822) +- Rework LTO disable patch to be conditional (#11565880, PR#3823) +- update compat-libs and rebase onto public branch + (https://github.com/davide125/systemd/tree/compat-libs) +- add back python support now that we have python34-lxml +- add back xkbcommon support as it's available in rolling os updates + +* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 +- Call preset-all on initial installation (#1118740) +- Fix botched Recommends for libxkbcommon + +* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 +- Update to latest version + +* Tue Jul 19 2016 Davide Cavalca - 230-2.fb2 +- fix fsck for root filesystem on firstboot after install (#11352467) + +* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 +- Update to latest git snapshot (fixes for systemctl set-default, + polkit lingering policy, reversal of the framebuffer rules, + unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). + Those changes are interspersed with other changes and new features + (mostly in lldp, networkd, and nspawn). Some of those new features + might not work, but I think that existing functionality should not + be broken, so it seems worthwile to update to the snapshot. + +* Thu May 26 2016 Davide Cavalca - 230-2.fb1 +- Facebook rebuild +- backport htejun PRs for cgroup2 (#3337, #3329, #3315, #3417, #3418) +- add back compat-libs + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 +- Remove systemd-compat-libs on upgrade + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 +- New version +- Drop compat-libs +- Require libxkbcommon explictly, since the automatic dependency will + not be generated anymore + +* Thu May 12 2016 Tejun Heo - 229-1.fb6 +- backport https://github.com/systemd/systemd/pull/3246 to fix slice overrides + +* Mon May 09 2016 Davide Cavalca - 229-1.fb5 +- update Tejun Heo patches for cgroup2 io controller support + +* Fri Apr 29 2016 Davide Cavalca - 229-1.fb4 +- add Tejun Heo test patch for cgroup2 IO controllers support (#10638181) + +* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 +- Remove duplicated entries in -container %%files (#1330395) + +* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 +- Move installation of udev services to udev subpackage (#1329023) + +* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 +- Split out systemd-pam subpackage (#1327402) + +* Mon Apr 18 2016 Harald Hoyer - 229-12 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-11 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-10 +- move device dependant stuff to the udev subpackage + +* Thu Mar 24 2016 Davide Cavalca - 229-1.fb3 +- add Tejun Heo patches for cgroups v2 support (#10268183) + +* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 +- Add myhostname to /etc/nsswitch.conf (#1318303) + +* Mon Mar 21 2016 Harald Hoyer - 229-8 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 +- Moar patches (#1316964, #1317928) +- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev +- Protect systemd-udev from deinstallation + +* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 +- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) + +* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 +- Split out systemd-container subpackage (#1163412) +- Split out system-udev subpackage +- Add various bugfix patches, incl. a tentative fix for #1308771 + +* Wed Mar 02 2016 Davide Cavalca - 229-1.fb2 +- revert RPM trigger macros for #10119506 + +* Tue Mar 1 2016 Peter Robinson 229-4 +- Power64 and s390(x) now have libseccomp support +- aarch64 has gnu-efi + +* Tue Feb 23 2016 Jan Synáček - 229-3 +- Fix build failures on ppc64 (#1310800) + +* Tue Feb 16 2016 Dennis Gilmore - 229-2 +- revert: fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 +- this causes the dtb files to not get installed at all and the fdtdir +- line in extlinux.conf to not get updated correctly + +* Tue Feb 16 2016 Davide Cavalca - 229-1.fb1 +- Facebook rebuilt +- disable LTO to fix a build segfault with LTO + +* Thu Feb 11 2016 Michal Sekletar - 229-1 +- New upstream release + +* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 +- Rebuild for binutils on aarch64 fix + +* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 +- apply the conflict with fedora-release only in Fedora + +* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 +- Fix rawhide build failures on ppc64 (#1286249) + +* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 +- Create /etc/systemd/network (#1286397) + +* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 +- Do not install nss modules by default + +* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 +- Update to latest upstream git: there is a bunch of fixes + (nss-mymachines overflow bug, networkd fixes, more completions are + properly installed), mixed with some new resolved features. +- Rework file triggers so that they always run before daemons are restarted + +* Mon Nov 23 2015 Davide Cavalca - 228-3.fb1 +- Facebook rebuilt +- disable test-namespace +- revert rpm file triggers as they don't work on el7 + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 +- Enable rpm file triggers for daemon-reload + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 +- Fix version number in obsoleted package name (#1283452) + +* Wed Nov 18 2015 Kay Sievers - 228-1 +- New upstream release + +* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 +- Rename journal-gateway subpackage to journal-remote +- Ignore the access mode on /var/log/journal (#1048424) +- Do not assume fstab is present (#1281606) + +* Wed Nov 11 2015 Fedora Release Engineering - 227-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 +- Rebuild for libmicrohttpd soname bump + +* Fri Nov 06 2015 Robert Kuska - 227-4 +- Rebuilt for Python3.5 rebuild + +* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 +- Fix syntax in kernel-install (#1277264) + +* Tue Nov 03 2015 Michal Schmidt - 227-2 +- Rebuild for libmicrohttpd soname bump. + +* Fri Oct 09 2015 Davide Cavalca - 227-1.fb1 +- disable tests broken on centos6 +- fix build with centos7 curl +- kernel-install: add fedora specific callouts to new-kernel-pkg + +* Wed Oct 7 2015 Kay Sievers - 227-1 +- New upstream release + +* Fri Sep 18 2015 Jan Synáček - 226-3 +- user systemd-journal-upload should be in systemd-journal group (#1262743) + +* Fri Sep 18 2015 Kay Sievers - 226-2 +- Add selinux to system-user PAM config + +* Tue Sep 8 2015 Kay Sievers - 226-1 +- New upstream release + +* Thu Aug 27 2015 Kay Sievers - 225-1 +- New upstream release + +* Fri Jul 31 2015 Kay Sievers - 224-1 +- New upstream release + +* Wed Jul 29 2015 Kay Sievers - 223-2 +- update to git snapshot + +* Wed Jul 29 2015 Kay Sievers - 223-1 +- New upstream release + +* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 +- Remove python subpackages (python-systemd in now standalone) + +* Tue Jul 7 2015 Kay Sievers - 222-1 +- New upstream release + +* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a +- update to git snapshot + +* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a +- Add example file with yama config (#1234951) + +* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a +- update to git snapshot + +* Mon Jun 22 2015 Kay Sievers - 221-2 +- build systemd-boot EFI tools + +* Fri Jun 19 2015 Lennart Poettering - 221-1 +- New upstream release +- Undoes botched translation check, should be reinstated later? + +* Fri Jun 19 2015 Fedora Release Engineering - 220-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 11 2015 Peter Robinson 220-9 +- The gold linker is now fixed on aarch64 + +* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 +- Remove gudev which is now provided as separate package (libgudev) +- Fix for spurious selinux denials (#1224211) +- Udev change events (#1225905) +- Patches for some potential crashes +- ProtectSystem=yes does not touch /home +- Man page fixes, hwdb updates, shell completion updates +- Restored persistent device symlinks for bcache, xen block devices +- Tag all DRM cards as master-of-seat + +* Tue Jun 09 2015 Harald Hoyer 220-7 +- fix udev block device watch + +* Tue Jun 09 2015 Harald Hoyer 220-6 +- add support for network disk encryption + +* Sun Jun 7 2015 Peter Robinson 220-5 +- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) + +* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 +- systemd-devel should require systemd-libs, not the main package (#1226301) +- Check for botched translations (#1226566) +- Make /etc/udev/hwdb.d part of the rpm (#1226379) + +* Thu May 28 2015 Richard W.M. Jones - 220-3 +- Add patch to fix udev --daemon not cleaning child processes + (upstream commit 86c3bece38bcf5). + +* Wed May 27 2015 Richard W.M. Jones - 220-2 +- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). + +* Thu May 21 2015 Lennart Poettering - 220-1 +- New upstream release +- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) +- Remove ghosting for /etc/systemd/system/runlevel*.target, these + targets are not configurable anymore in systemd upstream +- Drop work-around for #1002806, since this is solved upstream now + +* Wed May 20 2015 Dennis Gilmore - 219-15 +- fix up the conflicts version for fedora-release + +* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 +- Remove presets (#1221340) +- Fix (potential) crash and memory leak in timedated, locking failure + in systemd-nspawn, crash in resolved. +- journalctl --list-boots should be faster +- zsh completions are improved +- various ommissions in docs are corrected (#1147651) +- VARIANT and VARIANT_ID fields in os-release are documented +- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) +- systemd-tmpfiles should behave better on read-only file systems (#1207083) + +* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 +- Patches for some outstanding annoyances +- Small keyboard hwdb updates + +* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 +- Tighten requirements between subpackages (#1207381). + +* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 +- Move all parts systemd-journal-{remote,upload} to + systemd-journal-gatewayd subpackage (#1193143). +- Create /var/lib/systemd/journal-upload directory (#1193145). +- Cut out lots of stupid messages at debug level which were obscuring more + important stuff. +- Apply "tentative" state for devices only when they are added, not removed. +- Ignore invalid swap pri= settings (#1204336) +- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) +- Fix comparing of filesystem paths (#1184016) + +* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 +- Fixes for bugs 1186018, 1195294, 1185604, 1196452. +- Hardware database update. +- Documentation fixes. +- A fix for journalctl performance regression. +- Fix detection of inability to open files in journalctl. +- Detect SuperH architecture properly. +- The first of duplicate lines in tmpfiles wins again. +- Do vconsole setup after loading vconsole driver, not fbcon. +- Fix problem where some units were restarted during systemd reexec. +- Fix race in udevadm settle tripping up NetworkManager. +- Downgrade various log messages. +- Fix issue where journal-remote would process some messages with a delay. +- GPT /srv partition autodiscovery is fixed. +- Reconfigure old Finnish keymaps in post (#1151958) + +* Tue Mar 10 2015 Jan Synáček - 219-9 +- Buttons on Lenovo X6* tablets broken (#1198939) + +* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 +- Reworked device handling (#1195761) +- ACL handling fixes (with a script in %%post) +- Various log messages downgraded (#1184712) +- Allow PIE on s390 again (#1197721) + +* Wed Feb 25 2015 Michal Schmidt - 219-7 +- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) + +* Tue Feb 24 2015 Colin Walters - 219-6 +- Revert patch that breaks Atomic/OSTree (#1195761) + +* Fri Feb 20 2015 Michal Schmidt - 219-5 +- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. + +* Fri Feb 20 2015 Michal Schmidt - 219-4 +- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. + +* Wed Feb 18 2015 Michal Schmidt - 219-3 +- arm: disabling gold did not help; disable lto instead (#1193212) + +* Tue Feb 17 2015 Peter Jones - 219-2 +- Update 90-default.present for dbxtool. + +* Mon Feb 16 2015 Lennart Poettering - 219-1 +- New upstream release +- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) +- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink +- This enables "%%check" +- disable gold on arm, as that is broken (see #1193212) + +* Mon Feb 16 2015 Peter Robinson 218-6 +- aarch64 now has seccomp support + +* Thu Feb 05 2015 Michal Schmidt - 218-5 +- Don't overwrite systemd.macros with unrelated Source file. + +* Thu Feb 5 2015 Jan Synáček - 218-4 +- Add a touchpad hwdb (#1189319) + +* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 +- Enable xkbcommon dependency to allow checking of keymaps +- Fix permissions of /var/log/journal (#1048424) +- Enable timedatex in presets (#1187072) +- Disable rpcbind in presets (#1099595) + +* Wed Jan 7 2015 Jan Synáček - 218-3 +- RFE: journal: automatically rotate the file if it is unlinked (#1171719) + +* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 +- Add firewall description files (#1176626) + +* Thu Dec 18 2014 Jan Synáček - 218-2 +- systemd-nspawn doesn't work on s390/s390x (#1175394) + +* Wed Dec 10 2014 Lennart Poettering - 218-1 +- New upstream release +- Enable "nss-mymachines" in /etc/nsswitch.conf + +* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 +- Change libgudev1 to only require systemd-libs (#727499), there's + no need to require full systemd stack. +- Fixes for bugs #1159448, #1152220, #1158035. +- Bash completions updates to allow propose more units for start/restart, + and completions for set-default,get-default. +- Again allow systemctl enable of instances. +- Hardware database update and fixes. +- Udev crash on invalid options and kernel commandline timeout parsing are fixed. +- Add "embedded" chassis type. +- Sync before 'reboot -f'. +- Fix restarting of timer units. + +* Wed Nov 05 2014 Michal Schmidt - 217-3 +- Fix hanging journal flush (#1159641) + +* Fri Oct 31 2014 Michal Schmidt - 217-2 +- Fix ordering cycles involving systemd-journal-flush.service and + remote-fs.target (#1159117) + +* Tue Oct 28 2014 Lennart Poettering - 217-1 +- New upstream release + +* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 +- Drop PackageKit.service from presets (#1154126) + +* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 +- Conflict with old versions of initscripts (#1152183) +- Remove obsolete Finnish keymap (#1151958) + +* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 +- Fix a problem with voluntary daemon exits and some other bugs + (#1150477, #1095962, #1150289) + +* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 +- Update to latest git, but without the readahead removal patch + (#1114786, #634736) + +* Wed Oct 01 2014 Kay Sievers - 216-8 +- revert "don't reset selinux context during CHANGE events" + +* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 +- add temporary workaround for #1147910 +- don't reset selinux context during CHANGE events + +* Wed Sep 10 2014 Michal Schmidt - 216-6 +- Update timesyncd with patches to avoid hitting NTP pool too often. + +* Tue Sep 09 2014 Michal Schmidt - 216-5 +- Use common CONFIGURE_OPTS for build2 and build3. +- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. + +* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 +- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) + +* Thu Aug 28 2014 Peter Robinson 216-3 +- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) + +* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 +- Re-add patch to disable resolve.conf symlink (#1043119) + +* Wed Aug 20 2014 Lennart Poettering - 216-1 +- New upstream release + +* Mon Aug 18 2014 Fedora Release Engineering - 215-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Dan Horák 215-11 +- disable LTO also on s390(x) + +* Sat Aug 09 2014 Harald Hoyer 215-10 +- fixed PPC64LE + +* Wed Aug 6 2014 Tom Callaway - 215-9 +- fix license handling + +* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 +- Create systemd-journal-remote and systemd-journal-upload users (#1118907) + +* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 +- Split out systemd-compat-libs subpackage + +* Tue Jul 22 2014 Kalev Lember - 215-6 +- Rebuilt for gobject-introspection 1.41.4 + +* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 +- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) +- Add missing BR so gnutls and elfutils are used + +* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 +- Various man page updates +- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD + for better behaviour in containers +- Some small networkd link handling fixes +- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) +- New systemd-escape tool +- XZ compression settings are tweaked to greatly improve journald performance +- "watch" is accepted as chassis type +- Various sysusers fixes, most importantly correct selinux labels +- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) +- Shell completion improvements +- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access +- XEN and s390 virtualization is properly detected + +* Mon Jul 07 2014 Colin Walters - 215-3 +- Add patch to disable resolve.conf symlink (#1043119) + +* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 +- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) +- Disable /etc/mtab handling temporarily (#1116158) + +* Thu Jul 03 2014 Lennart Poettering - 215-1 +- New upstream release +- Enable coredump logic (which abrt would normally override) + +* Sun Jun 29 2014 Peter Robinson 214-5 +- On aarch64 disable LTO as it still has issues on that arch + +* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 +- Bugfixes (#996133, #1112908) + +* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 +- Actually create input group (#1054549) + +* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 +- Do not restart systemd-logind on upgrades (#1110697) +- Add some patches (#1081429, #1054549, #1108568, #928962) + +* Wed Jun 11 2014 Lennart Poettering - 214-1 +- New upstream release +- Get rid of "floppy" group, since udev uses "disk" now +- Reenable LTO + +* Sun Jun 08 2014 Fedora Release Engineering - 213-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kay Sievers - 213-3 +- fix systemd-timesync user creation + +* Wed May 28 2014 Michal Sekletar - 213-2 +- Create temporary files after installation (#1101983) +- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) + +* Wed May 28 2014 Kay Sievers - 213-1 +- New upstream release + +* Tue May 27 2014 Kalev Lember - 212-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Fri May 23 2014 Adam Williamson - 212-5 +- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) + +* Wed May 07 2014 Kay Sievers - 212-4 +- add netns udev workaround + +* Wed May 07 2014 Michal Sekletar - 212-3 +- enable uuidd.socket by default (#1095353) + +* Sat Apr 26 2014 Peter Robinson 212-2 +- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) + +* Tue Mar 25 2014 Lennart Poettering - 212-1 +- New upstream release + +* Mon Mar 17 2014 Peter Robinson 211-2 +- Explicitly define which upstream platforms support libseccomp + +* Tue Mar 11 2014 Lennart Poettering - 211-1 +- New upstream release + +* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 +- Fix logind unpriviledged reboot issue and a few other minor fixes +- Limit generator execution time +- Recognize buttonless joystick types + +* Fri Mar 07 2014 Karsten Hopp 210-7 +- ppc64le needs link warnings disabled, too + +* Fri Mar 07 2014 Karsten Hopp 210-6 +- move ifarch ppc64le to correct place (libseccomp req) + +* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 +- Bugfixes: #1047568, #1047039, #1071128, #1073402 +- Bash completions for more systemd tools +- Bluetooth database update +- Manpage fixes + +* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 +- Apply work-around for ppc64le too (#1073647). + +* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Backport a few patches, add completion for systemd-nspawn. + +* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 + +* Mon Feb 24 2014 Lennart Poettering - 210-2 +- Check more services against preset list and enable by default + +* Mon Feb 24 2014 Lennart Poettering - 210-1 +- new upstream release + +* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 +- Enable dnssec-triggerd.service by default (#1060754) + +* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 +- git snapshot to sort out ARM build issues + +* Thu Feb 20 2014 Lennart Poettering - 209-1 +- new upstream release + +* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 +- Make gpsd lazily activated (#1066421) + +* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 +- Back out patch which causes user manager to be destroyed when unneeded + and spams logs (#1053315) + +* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 +- A different fix for #1023820 taken from Mageia +- Backported fix for #997031 +- Hardward database updates, man pages improvements, a few small memory + leaks, utf-8 correctness and completion fixes +- Support for key-slot option in crypttab + +* Sat Jan 25 2014 Ville Skyttä - 208-12 +- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 +- Backport a few fixes, relevant documentation updates, and HWDB changes + (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, + #1043212, #1039351, #1031325, #1023820, #1017509, #953077) +- Flip journalctl to --full by default (#984758) + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 +- Apply two patches for #1026860 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 +- Bump release to stay ahead of f20 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 +- Backport patches (#1023041, #1036845, #1006386?) +- HWDB update +- Some small new features: nspawn --drop-capability=, running PID 1 under + valgrind, "yearly" and "annually" in calendar specifications +- Some small documentation and logging updates + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 +- Bump release to stay ahead of f20 + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 +- Use unit name in PrivateTmp= directories (#957439) +- Update manual pages, completion scripts, and hardware database +- Configurable Timeouts/Restarts default values +- Support printing of timestamps on the console +- Fix some corner cases in detecting when writing to the console is safe +- Python API: convert keyword values to string, fix sd_is_booted() wrapper +- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) +- Allow masking of fsck units +- Advertise hibernation to swap files +- Fix SO_REUSEPORT settings +- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) +- Make use of newer kmod +- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 + +* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 +- Add temporary fix for #1002806 + +* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 +- Backport a bunch of fixes and hwdb updates + +* Wed Oct 2 2013 Lennart Poettering - 208-2 +- Move old random seed and backlight files into the right place + +* Wed Oct 2 2013 Lennart Poettering - 208-1 +- New upstream release + +* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 +- Do not create /var/var/... dirs + +* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 +- Fix policykit authentication +- Resolves: rhbz#1006680 + +* Tue Sep 17 2013 Harald Hoyer 207-3 +- fixed login +- Resolves: rhbz#1005233 + +* Mon Sep 16 2013 Harald Hoyer 207-2 +- add some upstream fixes for 207 +- fixed swap activation +- Resolves: rhbz#1008604 + +* Fri Sep 13 2013 Lennart Poettering - 207-1 +- New upstream release + +* Fri Sep 06 2013 Harald Hoyer 206-11 +- support "debug" kernel command line parameter +- journald: fix fd leak in journal_file_empty +- journald: fix vacuuming of archived journals +- libudev: enumerate - do not try to match against an empty subsystem +- cgtop: fixup the online help +- libudev: fix memleak when enumerating childs + +* Wed Sep 04 2013 Harald Hoyer 206-10 +- Do not require grubby, lorax now takes care of grubby +- cherry-picked a lot of patches from upstream + +* Tue Aug 27 2013 Dennis Gilmore - 206-9 +- Require grubby, Fedora installs require grubby, +- kernel-install took over from new-kernel-pkg +- without the Requires we are unable to compose Fedora +- everyone else says that since kernel-install took over +- it is responsible for ensuring that grubby is in place +- this is really what we want for Fedora + +* Tue Aug 27 2013 Kay Sievers - 206-8 +- Revert "Require grubby its needed by kernel-install" + +* Mon Aug 26 2013 Dennis Gilmore 206-7 +- Require grubby its needed by kernel-install + +* Thu Aug 22 2013 Harald Hoyer 206-6 +- kernel-install now understands kernel flavors like PAE + +* Tue Aug 20 2013 Rex Dieter - 206-5 +- add sddm.service to preset file (#998978) + +* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 +- Filter out provides for private python modules. +- Add requires on kmod >= 14 (#990994). + +* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 +- New systemd-python3 package (#976427). +- Add ownership of a few directories that we create (#894202). + +* Sun Aug 04 2013 Fedora Release Engineering - 206-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Kay Sievers - 206-1 +- New upstream release + Resolves (#984152) + +* Wed Jul 3 2013 Lennart Poettering - 205-1 +- New upstream release + +* Wed Jun 26 2013 Michal Schmidt 204-10 +- Split systemd-journal-gateway subpackage (#908081). + +* Mon Jun 24 2013 Michal Schmidt 204-9 +- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) + +* Fri Jun 14 2013 Harald Hoyer 204-8 +- fix, which helps to sucessfully browse journals with + duplicated seqnums + +* Fri Jun 14 2013 Harald Hoyer 204-7 +- fix duplicate message ID bug +Resolves: rhbz#974132 + +* Thu Jun 06 2013 Harald Hoyer 204-6 +- introduce 99-default-disable.preset + +* Thu Jun 6 2013 Lennart Poettering - 204-5 +- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) + +* Tue May 28 2013 Harald Hoyer 204-4 +- Fix kernel-install (#965897) + +* Wed May 22 2013 Kay Sievers - 204-3 +- Fix kernel-install (#965897) + +* Thu May 9 2013 Lennart Poettering - 204-2 +- New upstream release +- disable isdn by default (#959793) + +* Tue May 07 2013 Harald Hoyer 203-2 +- forward port kernel-install-grubby.patch + +* Tue May 7 2013 Lennart Poettering - 203-1 +- New upstream release + +* Wed Apr 24 2013 Harald Hoyer 202-3 +- fix ENOENT for getaddrinfo +- Resolves: rhbz#954012 rhbz#956035 +- crypt-setup-generator: correctly check return of strdup +- logind-dbus: initialize result variable +- prevent library underlinking + +* Fri Apr 19 2013 Harald Hoyer 202-2 +- nspawn create empty /etc/resolv.conf if necessary +- python wrapper: add sd_journal_add_conjunction() +- fix s390 booting +- Resolves: rhbz#953217 + +* Thu Apr 18 2013 Lennart Poettering - 202-1 +- New upstream release + +* Tue Apr 09 2013 Michal Schmidt - 201-2 +- Automatically discover whether to run autoreconf and add autotools and git + BuildRequires based on the presence of patches to be applied. +- Use find -delete. + +* Mon Apr 8 2013 Lennart Poettering - 201-1 +- New upstream release + +* Mon Apr 8 2013 Lennart Poettering - 200-4 +- Update preset file + +* Fri Mar 29 2013 Lennart Poettering - 200-3 +- Remove NetworkManager-wait-online.service from presets file again, it should default to off + +* Fri Mar 29 2013 Lennart Poettering - 200-2 +- New upstream release + +* Tue Mar 26 2013 Lennart Poettering - 199-2 +- Add NetworkManager-wait-online.service to the presets file + +* Tue Mar 26 2013 Lennart Poettering - 199-1 +- New upstream release + +* Mon Mar 18 2013 Michal Schmidt 198-7 +- Drop /usr/s?bin/ prefixes. + +* Fri Mar 15 2013 Harald Hoyer 198-6 +- run autogen to pickup all changes + +* Fri Mar 15 2013 Harald Hoyer 198-5 +- do not mount anything, when not running as pid 1 +- add initrd.target for systemd in the initrd + +* Wed Mar 13 2013 Harald Hoyer 198-4 +- fix switch-root and local-fs.target problem +- patch kernel-install to use grubby, if available + +* Fri Mar 08 2013 Harald Hoyer 198-3 +- add Conflict with dracut < 026 because of the new switch-root isolate + +* Thu Mar 7 2013 Lennart Poettering - 198-2 +- Create required users + +* Thu Mar 7 2013 Lennart Poettering - 198-1 +- New release +- Enable journal persistancy by default + +* Sun Feb 10 2013 Peter Robinson 197-3 +- Bump for ARM + +* Fri Jan 18 2013 Michal Schmidt - 197-2 +- Added qemu-guest-agent.service to presets (Lennart, #885406). +- Add missing pygobject3-base to systemd-analyze deps (Lennart). +- Do not require hwdata, it is all in the hwdb now (Kay). +- Drop dependency on dbus-python. + +* Tue Jan 8 2013 Lennart Poettering - 197-1 +- New upstream release + +* Mon Dec 10 2012 Michal Schmidt - 196-4 +- Enable rngd.service by default (#857765). + +* Mon Dec 10 2012 Michal Schmidt - 196-3 +- Disable hardening on s390(x) because PIE is broken there and produces + text relocations with __thread (#868839). + +* Wed Dec 05 2012 Michal Schmidt - 196-2 +- added spice-vdagentd.service to presets (Lennart, #876237) +- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name + (requested by Milan Brož). +- verbose make to see the actual build flags + +* Wed Nov 21 2012 Lennart Poettering - 196-1 +- New upstream release + +* Tue Nov 20 2012 Lennart Poettering - 195-8 +- https://bugzilla.redhat.com/show_bug.cgi?id=873459 +- https://bugzilla.redhat.com/show_bug.cgi?id=878093 + +* Thu Nov 15 2012 Michal Schmidt - 195-7 +- Revert udev killing cgroup patch for F18 Beta. +- https://bugzilla.redhat.com/show_bug.cgi?id=873576 + +* Fri Nov 09 2012 Michal Schmidt - 195-6 +- Fix cyclical dep between systemd and systemd-libs. +- Avoid broken build of test-journal-syslog. +- https://bugzilla.redhat.com/show_bug.cgi?id=873387 +- https://bugzilla.redhat.com/show_bug.cgi?id=872638 + +* Thu Oct 25 2012 Kay Sievers - 195-5 +- require 'sed', limit HOSTNAME= match + +* Wed Oct 24 2012 Michal Schmidt - 195-4 +- add dmraid-activation.service to the default preset +- add yum protected.d fragment +- https://bugzilla.redhat.com/show_bug.cgi?id=869619 +- https://bugzilla.redhat.com/show_bug.cgi?id=869717 + +* Wed Oct 24 2012 Kay Sievers - 195-3 +- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to + systemd native files + +* Tue Oct 23 2012 Lennart Poettering - 195-2 +- Provide syslog because the journal is fine as a syslog implementation + +* Tue Oct 23 2012 Lennart Poettering - 195-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=831665 +- https://bugzilla.redhat.com/show_bug.cgi?id=847720 +- https://bugzilla.redhat.com/show_bug.cgi?id=858693 +- https://bugzilla.redhat.com/show_bug.cgi?id=863481 +- https://bugzilla.redhat.com/show_bug.cgi?id=864629 +- https://bugzilla.redhat.com/show_bug.cgi?id=864672 +- https://bugzilla.redhat.com/show_bug.cgi?id=864674 +- https://bugzilla.redhat.com/show_bug.cgi?id=865128 +- https://bugzilla.redhat.com/show_bug.cgi?id=866346 +- https://bugzilla.redhat.com/show_bug.cgi?id=867407 +- https://bugzilla.redhat.com/show_bug.cgi?id=868603 + +* Wed Oct 10 2012 Michal Schmidt - 194-2 +- Add scriptlets for migration away from systemd-timedated-ntp.target + +* Wed Oct 3 2012 Lennart Poettering - 194-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=859614 +- https://bugzilla.redhat.com/show_bug.cgi?id=859655 + +* Fri Sep 28 2012 Lennart Poettering - 193-1 +- New upstream release + +* Tue Sep 25 2012 Lennart Poettering - 192-1 +- New upstream release + +* Fri Sep 21 2012 Lennart Poettering - 191-2 +- Fix journal mmap header prototype definition to fix compilation on 32bit + +* Fri Sep 21 2012 Lennart Poettering - 191-1 +- New upstream release +- Enable all display managers by default, as discussed with Adam Williamson + +* Thu Sep 20 2012 Lennart Poettering - 190-1 +- New upstream release +- Take possession of /etc/localtime, and remove /etc/sysconfig/clock +- https://bugzilla.redhat.com/show_bug.cgi?id=858780 +- https://bugzilla.redhat.com/show_bug.cgi?id=858787 +- https://bugzilla.redhat.com/show_bug.cgi?id=858771 +- https://bugzilla.redhat.com/show_bug.cgi?id=858754 +- https://bugzilla.redhat.com/show_bug.cgi?id=858746 +- https://bugzilla.redhat.com/show_bug.cgi?id=858266 +- https://bugzilla.redhat.com/show_bug.cgi?id=858224 +- https://bugzilla.redhat.com/show_bug.cgi?id=857670 +- https://bugzilla.redhat.com/show_bug.cgi?id=856975 +- https://bugzilla.redhat.com/show_bug.cgi?id=855863 +- https://bugzilla.redhat.com/show_bug.cgi?id=851970 +- https://bugzilla.redhat.com/show_bug.cgi?id=851275 +- https://bugzilla.redhat.com/show_bug.cgi?id=851131 +- https://bugzilla.redhat.com/show_bug.cgi?id=847472 +- https://bugzilla.redhat.com/show_bug.cgi?id=847207 +- https://bugzilla.redhat.com/show_bug.cgi?id=846483 +- https://bugzilla.redhat.com/show_bug.cgi?id=846085 +- https://bugzilla.redhat.com/show_bug.cgi?id=845973 +- https://bugzilla.redhat.com/show_bug.cgi?id=845194 +- https://bugzilla.redhat.com/show_bug.cgi?id=845028 +- https://bugzilla.redhat.com/show_bug.cgi?id=844630 +- https://bugzilla.redhat.com/show_bug.cgi?id=839736 +- https://bugzilla.redhat.com/show_bug.cgi?id=835848 +- https://bugzilla.redhat.com/show_bug.cgi?id=831740 +- https://bugzilla.redhat.com/show_bug.cgi?id=823485 +- https://bugzilla.redhat.com/show_bug.cgi?id=821813 +- https://bugzilla.redhat.com/show_bug.cgi?id=807886 +- https://bugzilla.redhat.com/show_bug.cgi?id=802198 +- https://bugzilla.redhat.com/show_bug.cgi?id=767795 +- https://bugzilla.redhat.com/show_bug.cgi?id=767561 +- https://bugzilla.redhat.com/show_bug.cgi?id=752774 +- https://bugzilla.redhat.com/show_bug.cgi?id=732874 +- https://bugzilla.redhat.com/show_bug.cgi?id=858735 + +* Thu Sep 13 2012 Lennart Poettering - 189-4 +- Don't pull in pkg-config as dep +- https://bugzilla.redhat.com/show_bug.cgi?id=852828 + +* Wed Sep 12 2012 Lennart Poettering - 189-3 +- Update preset policy +- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish + +* Thu Aug 23 2012 Lennart Poettering - 189-2 +- Update preset policy +- https://bugzilla.redhat.com/show_bug.cgi?id=850814 + +* Thu Aug 23 2012 Lennart Poettering - 189-1 +- New upstream release + +* Thu Aug 16 2012 Ray Strode 188-4 +- more scriptlet fixes + (move dm migration logic to %%posttrans so the service + files it's looking for are available at the time + the logic is run) + +* Sat Aug 11 2012 Lennart Poettering - 188-3 +- Remount file systems MS_PRIVATE before switching roots +- https://bugzilla.redhat.com/show_bug.cgi?id=847418 + +* Wed Aug 08 2012 Rex Dieter - 188-2 +- fix scriptlets + +* Wed Aug 8 2012 Lennart Poettering - 188-1 +- New upstream release +- Enable gdm and avahi by default via the preset file +- Convert /etc/sysconfig/desktop to display-manager.service symlink +- Enable hardened build + +* Mon Jul 30 2012 Kay Sievers - 187-3 +- Obsolete: system-setup-keyboard + +* Wed Jul 25 2012 Kalev Lember - 187-2 +- Run ldconfig for the new -libs subpackage + +* Thu Jul 19 2012 Lennart Poettering - 187-1 +- New upstream release + +* Mon Jul 09 2012 Harald Hoyer 186-2 +- fixed dracut conflict version + +* Tue Jul 3 2012 Lennart Poettering - 186-1 +- New upstream release + +* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 +- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work + +* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 +- Update to current git + +* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 +- disable plymouth in configure, to drop the .wants/ symlinks + +* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 +- Update to current git snapshot + - Add systemd-readahead-analyze + - Drop upstream patch +- Split systemd-libs +- Drop duplicate doc files +- Fixed License headers of subpackages + +* Wed Jun 06 2012 Ray Strode - 185-3 +- Drop plymouth files +- Conflict with old plymouth + +* Tue Jun 05 2012 Kay Sievers - 185-2 +- selinux udev labeling fix +- conflict with older dracut versions for new udev file names + +* Mon Jun 04 2012 Kay Sievers - 185-1 +- New upstream release + - udev selinux labeling fixes + - new man pages + - systemctl help + +* Thu May 31 2012 Lennart Poettering - 184-1 +- New upstream release + +* Thu May 24 2012 Kay Sievers - 183-1 +- New upstream release including udev merge. + +* Wed Mar 28 2012 Michal Schmidt - 44-4 +- Add triggers from Bill Nottingham to correct the damage done by + the obsoleted systemd-units's preun scriptlet (#807457). + +* Mon Mar 26 2012 Dennis Gilmore - 44-3 +- apply patch from upstream so we can build systemd on arm and ppc +- and likely the rest of the secondary arches + +* Tue Mar 20 2012 Michal Schmidt - 44-2 +- Don't build the gtk parts anymore. They're moving into systemd-ui. +- Remove a dead patch file. + +* Fri Mar 16 2012 Lennart Poettering - 44-1 +- New upstream release +- Closes #798760, #784921, #783134, #768523, #781735 + +* Mon Feb 27 2012 Dennis Gilmore - 43-2 +- don't conflict with fedora-release systemd never actually provided +- /etc/os-release so there is no actual conflict + +* Wed Feb 15 2012 Lennart Poettering - 43-1 +- New upstream release +- Closes #789758, #790260, #790522 + +* Sat Feb 11 2012 Lennart Poettering - 42-1 +- New upstream release +- Save a bit of entropy during system installation (#789407) +- Don't own /etc/os-release anymore, leave that to fedora-release + +* Thu Feb 9 2012 Adam Williamson - 41-2 +- rebuild for fixed binutils + +* Thu Feb 9 2012 Lennart Poettering - 41-1 +- New upstream release + +* Tue Feb 7 2012 Lennart Poettering - 40-1 +- New upstream release + +* Thu Jan 26 2012 Kay Sievers - 39-3 +- provide /sbin/shutdown + +* Wed Jan 25 2012 Harald Hoyer 39-2 +- increment release + +* Wed Jan 25 2012 Kay Sievers - 39-1.1 +- install everything in /usr + https://fedoraproject.org/wiki/Features/UsrMove + +* Wed Jan 25 2012 Lennart Poettering - 39-1 +- New upstream release + +* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 +- Update to a current git snapshot. +- Resolves: #781657 + +* Sun Jan 22 2012 Michal Schmidt - 38-5 +- Build against libgee06. Reenable gtk tools. +- Delete unused patches. +- Add easy building of git snapshots. +- Remove legacy spec file elements. +- Don't mention implicit BuildRequires. +- Configure with --disable-static. +- Merge -units into the main package. +- Move section 3 manpages to -devel. +- Fix unowned directory. +- Run ldconfig in scriptlets. +- Split systemd-analyze to a subpackage. + +* Sat Jan 21 2012 Dan Horák - 38-4 +- fix build on big-endians + +* Wed Jan 11 2012 Lennart Poettering - 38-3 +- Disable building of gtk tools for now + +* Wed Jan 11 2012 Lennart Poettering - 38-2 +- Fix a few (build) dependencies + +* Wed Jan 11 2012 Lennart Poettering - 38-1 +- New upstream release + +* Tue Nov 15 2011 Michal Schmidt - 37-4 +- Run authconfig if /etc/pam.d/system-auth is not a symlink. +- Resolves: #753160 + +* Wed Nov 02 2011 Michal Schmidt - 37-3 +- Fix remote-fs-pre.target and its ordering. +- Resolves: #749940 + +* Wed Oct 19 2011 Michal Schmidt - 37-2 +- A couple of fixes from upstream: +- Fix a regression in bash-completion reported in Bodhi. +- Fix a crash in isolating. +- Resolves: #717325 + +* Tue Oct 11 2011 Lennart Poettering - 37-1 +- New upstream release +- Resolves: #744726, #718464, #713567, #713707, #736756 + +* Thu Sep 29 2011 Michal Schmidt - 36-5 +- Undo the workaround. Kay says it does not belong in systemd. +- Unresolves: #741655 + +* Thu Sep 29 2011 Michal Schmidt - 36-4 +- Workaround for the crypto-on-lvm-on-crypto disk layout +- Resolves: #741655 + +* Sun Sep 25 2011 Michal Schmidt - 36-3 +- Revert an upstream patch that caused ordering cycles +- Resolves: #741078 + +* Fri Sep 23 2011 Lennart Poettering - 36-2 +- Add /etc/timezone to ghosted files + +* Fri Sep 23 2011 Lennart Poettering - 36-1 +- New upstream release +- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 + +* Thu Sep 1 2011 Lennart Poettering - 35-1 +- New upstream release +- Update post scripts +- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 + +* Thu Aug 25 2011 Lennart Poettering - 34-1 +- New upstream release + +* Fri Aug 19 2011 Harald Hoyer 33-2 +- fix ABRT on service file reloading +- Resolves: rhbz#732020 + +* Wed Aug 3 2011 Lennart Poettering - 33-1 +- New upstream release + +* Fri Jul 29 2011 Lennart Poettering - 32-1 +- New upstream release + +* Wed Jul 27 2011 Lennart Poettering - 31-2 +- Fix access mode of modprobe file, restart logind after upgrade + +* Wed Jul 27 2011 Lennart Poettering - 31-1 +- New upstream release + +* Wed Jul 13 2011 Lennart Poettering - 30-1 +- New upstream release + +* Thu Jun 16 2011 Lennart Poettering - 29-1 +- New upstream release + +* Mon Jun 13 2011 Michal Schmidt - 28-4 +- Apply patches from current upstream. +- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) + +* Wed Jun 08 2011 Michal Schmidt - 28-3 +- Apply patches from current upstream +- https://bugzilla.redhat.com/show_bug.cgi?id=709909 +- https://bugzilla.redhat.com/show_bug.cgi?id=710839 +- https://bugzilla.redhat.com/show_bug.cgi?id=711015 + +* Sat May 28 2011 Lennart Poettering - 28-2 +- Pull in nss-myhostname + +* Thu May 26 2011 Lennart Poettering - 28-1 +- New upstream release + +* Wed May 25 2011 Lennart Poettering - 26-2 +- Bugfix release +- https://bugzilla.redhat.com/show_bug.cgi?id=707507 +- https://bugzilla.redhat.com/show_bug.cgi?id=707483 +- https://bugzilla.redhat.com/show_bug.cgi?id=705427 +- https://bugzilla.redhat.com/show_bug.cgi?id=707577 + +* Sat Apr 30 2011 Lennart Poettering - 26-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=699394 +- https://bugzilla.redhat.com/show_bug.cgi?id=698198 +- https://bugzilla.redhat.com/show_bug.cgi?id=698674 +- https://bugzilla.redhat.com/show_bug.cgi?id=699114 +- https://bugzilla.redhat.com/show_bug.cgi?id=699128 + +* Thu Apr 21 2011 Lennart Poettering - 25-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694788 +- https://bugzilla.redhat.com/show_bug.cgi?id=694321 +- https://bugzilla.redhat.com/show_bug.cgi?id=690253 +- https://bugzilla.redhat.com/show_bug.cgi?id=688661 +- https://bugzilla.redhat.com/show_bug.cgi?id=682662 +- https://bugzilla.redhat.com/show_bug.cgi?id=678555 +- https://bugzilla.redhat.com/show_bug.cgi?id=628004 + +* Wed Apr 6 2011 Lennart Poettering - 24-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694079 +- https://bugzilla.redhat.com/show_bug.cgi?id=693289 +- https://bugzilla.redhat.com/show_bug.cgi?id=693274 +- https://bugzilla.redhat.com/show_bug.cgi?id=693161 + +* Tue Apr 5 2011 Lennart Poettering - 23-1 +- New upstream release +- Include systemd-sysv-convert + +* Fri Apr 1 2011 Lennart Poettering - 22-1 +- New upstream release + +* Wed Mar 30 2011 Lennart Poettering - 21-2 +- The quota services are now pulled in by mount points, hence no need to enable them explicitly + +* Tue Mar 29 2011 Lennart Poettering - 21-1 +- New upstream release + +* Mon Mar 28 2011 Matthias Clasen - 20-2 +- Apply upstream patch to not send untranslated messages to plymouth + +* Tue Mar 8 2011 Lennart Poettering - 20-1 +- New upstream release + +* Tue Mar 1 2011 Lennart Poettering - 19-1 +- New upstream release + +* Wed Feb 16 2011 Lennart Poettering - 18-1 +- New upstream release + +* Mon Feb 14 2011 Bill Nottingham - 17-6 +- bump upstart obsoletes (#676815) + +* Wed Feb 9 2011 Tom Callaway - 17-5 +- add macros.systemd file for %%{_unitdir} + +* Wed Feb 09 2011 Fedora Release Engineering - 17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 9 2011 Lennart Poettering - 17-3 +- Fix popen() of systemctl, #674916 + +* Mon Feb 7 2011 Bill Nottingham - 17-2 +- add epoch to readahead obsolete + +* Sat Jan 22 2011 Lennart Poettering - 17-1 +- New upstream release + +* Tue Jan 18 2011 Lennart Poettering - 16-2 +- Drop console.conf again, since it is not shipped in pamtmp.conf + +* Sat Jan 8 2011 Lennart Poettering - 16-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 15-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 14-1 +- Upstream update +- Enable hwclock-load by default +- Obsolete readahead +- Enable /var/run and /var/lock on tmpfs + +* Fri Nov 19 2010 Lennart Poettering - 13-1 +- new upstream release + +* Wed Nov 17 2010 Bill Nottingham 12-3 +- Fix clash + +* Wed Nov 17 2010 Lennart Poettering - 12-2 +- Don't clash with initscripts for now, so that we don't break the builders + +* Wed Nov 17 2010 Lennart Poettering - 12-1 +- New upstream release + +* Fri Nov 12 2010 Matthias Clasen - 11-2 +- Rebuild with newer vala, libnotify + +* Thu Oct 7 2010 Lennart Poettering - 11-1 +- New upstream release + +* Wed Sep 29 2010 Jesse Keating - 10-6 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Bill Nottingham - 10-5 +- merge -sysvinit into main package + +* Mon Sep 20 2010 Bill Nottingham - 10-4 +- obsolete upstart-sysvinit too + +* Fri Sep 17 2010 Bill Nottingham - 10-3 +- Drop upstart requires + +* Tue Sep 14 2010 Lennart Poettering - 10-2 +- Enable audit +- https://bugzilla.redhat.com/show_bug.cgi?id=633771 + +* Tue Sep 14 2010 Lennart Poettering - 10-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=630401 +- https://bugzilla.redhat.com/show_bug.cgi?id=630225 +- https://bugzilla.redhat.com/show_bug.cgi?id=626966 +- https://bugzilla.redhat.com/show_bug.cgi?id=623456 + +* Fri Sep 3 2010 Bill Nottingham - 9-3 +- move fedora-specific units to initscripts; require newer version thereof + +* Fri Sep 3 2010 Lennart Poettering - 9-2 +- Add missing tarball + +* Fri Sep 3 2010 Lennart Poettering - 9-1 +- New upstream version +- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 + +* Fri Aug 27 2010 Lennart Poettering - 8-3 +- Reexecute after installation, take ownership of /var/run/user +- https://bugzilla.redhat.com/show_bug.cgi?id=627457 +- https://bugzilla.redhat.com/show_bug.cgi?id=627634 + +* Thu Aug 26 2010 Lennart Poettering - 8-2 +- Properly create default.target link + +* Wed Aug 25 2010 Lennart Poettering - 8-1 +- New upstream release + +* Thu Aug 12 2010 Lennart Poettering - 7-3 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 + +* Thu Aug 12 2010 Lennart Poettering - 7-2 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 + +* Tue Aug 10 2010 Lennart Poettering - 7-1 +- New upstream release + +* Fri Aug 6 2010 Lennart Poettering - 6-2 +- properly hide output on package installation +- pull in coreutils during package installtion + +* Fri Aug 6 2010 Lennart Poettering - 6-1 +- New upstream release +- Fixes #621200 + +* Wed Aug 4 2010 Lennart Poettering - 5-2 +- Add tarball + +* Wed Aug 4 2010 Lennart Poettering - 5-1 +- Prepare release 5 + +* Tue Jul 27 2010 Bill Nottingham - 4-4 +- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) + +* Sat Jul 24 2010 Lennart Poettering - 4-3 +- Add libselinux to build dependencies + +* Sat Jul 24 2010 Lennart Poettering - 4-2 +- Use the right tarball + +* Sat Jul 24 2010 Lennart Poettering - 4-1 +- New upstream release, and make default + +* Tue Jul 13 2010 Lennart Poettering - 3-3 +- Used wrong tarball + +* Tue Jul 13 2010 Lennart Poettering - 3-2 +- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore + +* Tue Jul 13 2010 Lennart Poettering - 3-1 +- New upstream release + +* Fri Jul 9 2010 Lennart Poettering - 2-0 +- New upstream release + +* Wed Jul 7 2010 Lennart Poettering - 1-0 +- First upstream release + +* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 +- New snapshot +- Split off -units package where other packages can depend on without pulling in the whole of systemd + +* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b +- Add missing libtool dependency. + +* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b +- Update snapshot + +* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 +- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 + +* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e +- More minor fixes as per review + +* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e +- Spec improvements from David Hollis + +* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e +- Address review comments + +* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 +- Initial spec (adopted from Kay Sievers) diff --git a/systemd_hs.if b/systemd_hs.if new file mode 100644 index 0000000..6695e0e --- /dev/null +++ b/systemd_hs.if @@ -0,0 +1,20 @@ +######################################## +## +## Allows the caller to use the SELinux status page. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`selinux_use_status_page',` + gen_require(` + type security_t; + ') + + dev_search_sysfs($1) + allow $1 security_t:dir list_dir_perms; + allow $1 security_t:file mmap_read_file_perms; +') diff --git a/systemd_hs.te b/systemd_hs.te new file mode 100644 index 0000000..ce80487 --- /dev/null +++ b/systemd_hs.te @@ -0,0 +1,68 @@ +policy_module(systemd_hs,0.0.1) + +# systemd overrides for 247 +gen_require(` + type avahi_t; + type cgroup_t; + type init_t; + type init_var_run_t; + type initrc_t; + class dbus send_msg; + type install_t; + type kmsg_device_t; + type policykit_auth_t; + type policykit_t; + type proc_kmsg_t; + type rpm_t; + type system_dbusd_t; + type system_dbusd_var_run_t; + type systemd_hostnamed_t; + type systemd_localed_t; + type systemd_logind_t; + type systemd_machined_t; + type systemd_resolved_t; + type systemd_tmpfiles_t; + type security_t; + type sssd_t; + type syslogd_t; + type udev_var_run_t; + type user_tmp_t; + type useradd_t; + type xdm_t; +') + +allow avahi_t init_var_run_t:dir read; +allow init_t kmsg_device_t:chr_file mounton; +allow init_t proc_kmsg_t:file { getattr mounton }; +allow init_t system_dbusd_var_run_t:sock_file read; +allow init_t systemd_machined_t:unix_stream_socket connectto; +allow policykit_auth_t init_var_run_t:dir read; +allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto; +allow policykit_t systemd_machined_t:unix_stream_socket connectto; +allow sssd_t cgroup_t:filesystem getattr; +allow syslogd_t user_tmp_t:lnk_file read; +allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto; +allow systemd_hostnamed_t init_var_run_t:dir write; +allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read }; +allow systemd_hostnamed_t initrc_t:dbus send_msg; +allow systemd_hostnamed_t install_t:dbus send_msg; +allow systemd_hostnamed_t udev_var_run_t:file getattr; +allow systemd_hostnamed_t udev_var_run_t:file open; +allow systemd_hostnamed_t udev_var_run_t:file read; +allow systemd_logind_t self:netlink_selinux_socket bind; +allow systemd_logind_t self:netlink_selinux_socket create; +allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto; +allow systemd_logind_t user_tmp_t:chr_file unlink; +allow systemd_machined_t init_var_run_t:sock_file create; +allow sssd_t cgroup_t:dir search; +allow sssd_t cgroup_t:filesystem getattr; +allow useradd_t init_var_run_t:dir read; +allow xdm_t systemd_machined_t:unix_stream_socket connectto; + +selinux_use_status_page(init_t) +selinux_use_status_page(rpm_t) +selinux_use_status_page(systemd_hostnamed_t) +selinux_use_status_page(systemd_localed_t) +selinux_use_status_page(systemd_logind_t) +selinux_use_status_page(systemd_resolved_t) +selinux_use_status_page(systemd_tmpfiles_t) diff --git a/sysusers.attr b/sysusers.attr new file mode 100644 index 0000000..367c137 --- /dev/null +++ b/sysusers.attr @@ -0,0 +1,2 @@ +%__sysusers_provides %{_rpmconfigdir}/sysusers.prov +%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh new file mode 100755 index 0000000..fd9938d --- /dev/null +++ b/sysusers.generate-pre.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# This script turns sysuser.d files into scriptlets mandated by Fedora +# packaging guidelines. The general idea is to define users using the +# declarative syntax but to turn this into traditional scriptlets. + +user() { + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" + + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin + + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat </dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' +EOF + else + cat </dev/null ; then + if ! getent passwd '$uid' >/dev/null ; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + else + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + fi +fi + +EOF + fi +} + +group() { + group="$1" + gid="$2" + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group '$group' >/dev/null || groupadd -r '$group' + EOF + else + cat <<-EOF + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' + EOF + fi +} + +parse() { + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + # TODO: user:group support + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[2]}" + ;; + esac + done +} + +for fn in "$@"; do + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" +done diff --git a/sysusers.prov b/sysusers.prov new file mode 100755 index 0000000..a6eda5d --- /dev/null +++ b/sysusers.prov @@ -0,0 +1,28 @@ +#!/bin/bash + +parse() { + while read line; do + [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue + line="${line## *}" + [ -z "$line" ] && continue + set -- $line + case "$1" in + ('u') + echo "user($2)" + echo "group($2)" + # TODO: user:group support + ;; + ('g') + echo "group($2)" + ;; + ('m') + echo "user($2)" + echo "group($3)" + ;; + esac + done +} + +while read fn; do + parse < "$fn" +done diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml new file mode 100644 index 0000000..94ea8a5 --- /dev/null +++ b/tests/tests-reboot.yml @@ -0,0 +1,50 @@ +--- +- hosts: localhost + vars: + - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" + tags: + - classic + tasks: + # switch SELinux to permissive mode + - name: Get default kernel + command: "grubby --default-kernel" + register: default_kernel + - debug: msg="{{ default_kernel.stdout }}" + - name: Set permissive mode + command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" + + - name: reboot + block: + - name: restart host + shell: sleep 2 && shutdown -r now "Ansible updates triggered" + async: 1 + poll: 0 + ignore_errors: true + + - name: wait for host to come back + wait_for_connection: + delay: 10 + timeout: 300 + + - name: Re-create /tmp/artifacts + command: mkdir /tmp/artifacts + + - name: Gather SELinux denials since boot + shell: | + result=pass + dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail + ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log + grep -q '' /tmp/avc.log || result=fail + echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml + ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log + + always: + - name: Pull out the artifacts + fetch: + dest: "{{ artifacts }}/" + src: "{{ item }}" + flat: yes + with_items: + - /tmp/test.log + - /tmp/avc.log + - /tmp/results.yml diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000..6c57d71 --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,89 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl daemon-reload || : + %{_bindir}/systemctl reload-or-restart --marked || : +fi + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl daemon-reload || : +fi + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining services that should be restarted here. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl reload-or-restart --marked || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-sysusers || : +fi + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-hwdb update || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +if test -d "/run/systemd/system"; then + %{_bindir}/journalctl --update-catalog || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + %{_bindir}/udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch new file mode 100644 index 0000000..d0e6762 --- /dev/null +++ b/use-bfq-scheduler.patch @@ -0,0 +1,41 @@ +From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Aug 2019 15:57:42 +0200 +Subject: [PATCH] udev: use bfq as the default scheduler + +As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. +Test results are that bfq seems to behave better and more consistently on +typical hardware. The kernel does not have a configuration option to set +the default scheduler, and it currently needs to be set by userspace. + +See the bug for more discussion and links. +--- + rules.d/60-block-scheduler.rules | 5 +++++ + rules.d/meson.build | 1 + + 2 files changed, 6 insertions(+) + create mode 100644 rules.d/60-block-scheduler.rules + +diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules +new file mode 100644 +index 0000000000..480b941761 +--- /dev/null ++++ b/rules.d/60-block-scheduler.rules +@@ -0,0 +1,6 @@ ++# do not edit this file, it will be overwritten on update ++ ++ACTION=="add", SUBSYSTEM=="block", \ ++ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ ++ ENV{DEVTYPE}=="disk", \ ++ ATTR{queue/scheduler}="bfq" +diff --git a/rules.d/meson.build b/rules.d/meson.build +index ca4445d774..38d6aa6970 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -3,6 +3,7 @@ + rules = files(''' + 60-autosuspend.rules + 60-block.rules ++ 60-block-scheduler.rules + 60-cdrom_id.rules + 60-drm.rules + 60-evdev.rules diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev