From 152484a7339cd3e1c700b25a42f025e0d345f467 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 12:41:19 +0000 Subject: import systemd-250-3.el9 --- diff --git a/.gitignore b/.gitignore index 191d913..f414847 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/systemd-249.tar.gz +SOURCES/systemd-250.tar.gz diff --git a/.systemd.metadata b/.systemd.metadata index 3353ecf..7e5b661 100644 --- a/.systemd.metadata +++ b/.systemd.metadata @@ -1 +1 @@ -7c8e186aa6a81d97f86d62584062d0b560e4559d SOURCES/systemd-249.tar.gz +3b9db821b29a577d004c8823f4ff7a054c81a39c SOURCES/systemd-250.tar.gz diff --git a/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch b/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch index e4709e6..b533028 100644 --- a/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch +++ b/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch @@ -1,4 +1,4 @@ -From 5ce0a9b91add22f2a21f1bc7c0f888307f7e58e8 Mon Sep 17 00:00:00 2001 +From 5a66d993a5be88524d9952193b053eac607a5c17 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 1 Aug 2018 10:58:28 +0200 Subject: [PATCH] logind: set RemoveIPC to false by default @@ -6,8 +6,6 @@ Subject: [PATCH] logind: set RemoveIPC to false by default RHEL-only Resolves: #1959836 - -(cherry picked from commit 0b3833d6c3b751c6dfb40eeb2ef852984c58f546) --- man/logind.conf.xml | 2 +- src/login/logind-core.c | 2 +- @@ -15,10 +13,10 @@ Resolves: #1959836 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/logind.conf.xml b/man/logind.conf.xml -index be62b6b572..bec7ff44af 100644 +index 3045c1b9ba..96fa076239 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml -@@ -346,7 +346,7 @@ +@@ -354,7 +354,7 @@ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users @@ -28,7 +26,7 @@ index be62b6b572..bec7ff44af 100644 diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 22031f485a..f5e1126adc 100644 +index 254a1a69fb..616c08132a 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) { @@ -41,10 +39,10 @@ index 22031f485a..f5e1126adc 100644 m->user_stop_delay = 10 * USEC_PER_SEC; diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 27ba77ce79..f9c5099865 100644 +index 2d084e134d..79d685b3de 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in -@@ -39,6 +39,6 @@ +@@ -40,6 +40,6 @@ #IdleActionSec=30min #RuntimeDirectorySize=10% #RuntimeDirectoryInodes=400k diff --git a/SOURCES/0002-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/SOURCES/0002-basic-unit-name-do-not-use-strdupa-on-a-path.patch deleted file mode 100644 index dd0f6bc..0000000 --- a/SOURCES/0002-basic-unit-name-do-not-use-strdupa-on-a-path.patch +++ /dev/null @@ -1,65 +0,0 @@ -From d00c14d513bbac6562a5921a2be225cfcc4f794f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -Resolves: #1984299 - -(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 284a773483..a22763443f 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; diff --git a/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch new file mode 100644 index 0000000..929a63b --- /dev/null +++ b/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch @@ -0,0 +1,43 @@ +From 92b6ae2097ae90355775217529d2fd55f7b84e31 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 5 Aug 2021 17:11:47 +0200 +Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf + symlink + +RHEL-only + +Resolves: #1989472 +--- + tmpfiles.d/meson.build | 1 - + tmpfiles.d/systemd-resolve.conf | 10 ---------- + 2 files changed, 11 deletions(-) + delete mode 100644 tmpfiles.d/systemd-resolve.conf + +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index b8d3919025..6ae9e3e0b8 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -7,7 +7,6 @@ files = [['README', ''], + ['journal-nocow.conf', ''], + ['systemd-nologin.conf', 'HAVE_PAM'], + ['systemd-nspawn.conf', 'ENABLE_MACHINED'], +- ['systemd-resolve.conf', 'ENABLE_RESOLVE'], + ['systemd-tmp.conf', ''], + ['portables.conf', 'ENABLE_PORTABLED'], + ['systemd-pstore.conf', 'ENABLE_PSTORE'], +diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf +deleted file mode 100644 +index cb1c56d6a6..0000000000 +--- a/tmpfiles.d/systemd-resolve.conf ++++ /dev/null +@@ -1,10 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-# See tmpfiles.d(5) for details +- +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf diff --git a/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch b/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch new file mode 100644 index 0000000..9f6bf2c --- /dev/null +++ b/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch @@ -0,0 +1,78 @@ +From 24f033a2a5c03848ae518278c8025e13130146af Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Fri, 2 Jul 2021 13:25:51 +0200 +Subject: [PATCH] Copy 40-redhat.rules from RHEL-8 + +RHEL-only + +Resolves: #1978639 +--- + rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++ + rules.d/meson.build | 1 + + 2 files changed, 47 insertions(+) + create mode 100644 rules.d/40-redhat.rules + +diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules +new file mode 100644 +index 0000000000..3c95cd2df0 +--- /dev/null ++++ b/rules.d/40-redhat.rules +@@ -0,0 +1,46 @@ ++# do not edit this file, it will be overwritten on update ++ ++# CPU hotadd request ++SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" ++ ++# Memory hotadd request ++SUBSYSTEM!="memory", GOTO="memory_hotplug_end" ++ACTION!="add", GOTO="memory_hotplug_end" ++CONST{arch}=="s390*", GOTO="memory_hotplug_end" ++CONST{arch}=="ppc64*", GOTO="memory_hotplug_end" ++ ++ENV{.state}="online" ++CONST{virt}=="none", ENV{.state}="online_movable" ++ATTR{state}=="offline", ATTR{state}="$env{.state}" ++ ++LABEL="memory_hotplug_end" ++ ++# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded ++ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" ++ ++# load SCSI generic (sg) driver ++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" ++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" ++ ++# Rule for prandom character device node permissions ++KERNEL=="prandom", MODE="0644" ++ ++# Rules for creating the ID_PATH for SCSI devices based on the CCW bus ++# using the form: ccw--zfcp-: ++# ++ACTION=="remove", GOTO="zfcp_scsi_device_end" ++ ++# ++# Set environment variable "ID_ZFCP_BUS" to "1" if the devices ++# (both disk and partition) are SCSI devices based on FCP devices ++# ++KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" ++ ++# For SCSI disks ++KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" ++ ++ ++# For partitions on a SCSI disk ++KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" ++ ++LABEL="zfcp_scsi_device_end" +diff --git a/rules.d/meson.build b/rules.d/meson.build +index 5cecddb34f..c5c3590b29 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -5,6 +5,7 @@ install_data( + install_dir : udevrulesdir) + + rules = files(''' ++ 40-redhat.rules + 60-autosuspend.rules + 60-block.rules + 60-cdrom_id.rules diff --git a/SOURCES/0003-basic-unit-name-adjust-comments.patch b/SOURCES/0003-basic-unit-name-adjust-comments.patch deleted file mode 100644 index 9c97b6b..0000000 --- a/SOURCES/0003-basic-unit-name-adjust-comments.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 10a1e767c7bacca5da4ae7260c2a53f7949c3d7e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:52:56 +0200 -Subject: [PATCH] basic/unit-name: adjust comments -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We already checked for "too long" right above… - -Related: #1984299 - -(cherry picked from commit 4e2544c30bfb95e7cb4d1551ba066b1a56520ad6) ---- - src/basic/unit-name.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index a22763443f..1deead7458 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { - if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ - return -ENAMETOOLONG; - -- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ -+ /* Refuse if this for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) - return -EINVAL; - -@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha - if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ - return -ENAMETOOLONG; - -- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ -+ /* Refuse if this for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) - return -EINVAL; - diff --git a/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch new file mode 100644 index 0000000..504f7d3 --- /dev/null +++ b/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -0,0 +1,45 @@ +From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Tue, 15 May 2018 09:24:20 +0200 +Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will + +Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather +adds an After relationship. + +RHEL-only + +Resolves: #1959826 +--- + src/core/unit.c | 7 +------ + units/basic.target | 3 ++- + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index b1f1f5c82c..3a8251e2b8 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { + } + + if (c->private_tmp) { +- +- /* FIXME: for now we make a special case for /tmp and add a weak dependency on +- * tmp.mount so /tmp being masked is supported. However there's no reason to treat +- * /tmp specifically and masking other mount units should be handled more +- * gracefully too, see PR#16894. */ +- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); ++ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); + if (r < 0) + return r; + +diff --git a/units/basic.target b/units/basic.target +index d8cdd5ac14..9eae0782a2 100644 +--- a/units/basic.target ++++ b/units/basic.target +@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount + # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as + # we support that unit being masked, and this should not be considered an error. + RequiresMountsFor=/var /var/tmp +-Wants=tmp.mount ++# RHEL-only: Disable /tmp on tmpfs. ++#Wants=tmp.mount diff --git a/SOURCES/0004-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/SOURCES/0004-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch deleted file mode 100644 index 118e7da..0000000 --- a/SOURCES/0004-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ae1b3df445f9f9e27fa6a42602d4eb1db92df7a0 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Thu, 5 Aug 2021 17:11:47 +0200 -Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf - symlink - -RHEL-only - -Resolves: #1989472 ---- - tmpfiles.d/etc.conf.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in -index 2323fd8cd8..ebdc699c26 100644 ---- a/tmpfiles.d/etc.conf.in -+++ b/tmpfiles.d/etc.conf.in -@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts - {% if HAVE_SMACK_RUN_LABEL %} - t /etc/mtab - - - - security.SMACK64=_ - {% endif %} --{% if ENABLE_RESOLVE %} --L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf --{% endif %} - C! /etc/nsswitch.conf - - - - - {% if HAVE_PAM %} - C! /etc/pam.d - - - - diff --git a/SOURCES/0005-Copy-40-redhat.rules-from-RHEL-8.patch b/SOURCES/0005-Copy-40-redhat.rules-from-RHEL-8.patch deleted file mode 100644 index 9ed88a8..0000000 --- a/SOURCES/0005-Copy-40-redhat.rules-from-RHEL-8.patch +++ /dev/null @@ -1,78 +0,0 @@ -From ddf558cda4afe6b81586887bcbb8d0ea376c7e71 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Fri, 2 Jul 2021 13:25:51 +0200 -Subject: [PATCH] Copy 40-redhat.rules from RHEL-8 - -RHEL-only - -Resolves: #1978639 ---- - rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++ - rules.d/meson.build | 1 + - 2 files changed, 47 insertions(+) - create mode 100644 rules.d/40-redhat.rules - -diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules -new file mode 100644 -index 0000000000..3c95cd2df0 ---- /dev/null -+++ b/rules.d/40-redhat.rules -@@ -0,0 +1,46 @@ -+# do not edit this file, it will be overwritten on update -+ -+# CPU hotadd request -+SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" -+ -+# Memory hotadd request -+SUBSYSTEM!="memory", GOTO="memory_hotplug_end" -+ACTION!="add", GOTO="memory_hotplug_end" -+CONST{arch}=="s390*", GOTO="memory_hotplug_end" -+CONST{arch}=="ppc64*", GOTO="memory_hotplug_end" -+ -+ENV{.state}="online" -+CONST{virt}=="none", ENV{.state}="online_movable" -+ATTR{state}=="offline", ATTR{state}="$env{.state}" -+ -+LABEL="memory_hotplug_end" -+ -+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded -+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" -+ -+# load SCSI generic (sg) driver -+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" -+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" -+ -+# Rule for prandom character device node permissions -+KERNEL=="prandom", MODE="0644" -+ -+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus -+# using the form: ccw--zfcp-: -+# -+ACTION=="remove", GOTO="zfcp_scsi_device_end" -+ -+# -+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices -+# (both disk and partition) are SCSI devices based on FCP devices -+# -+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" -+ -+# For SCSI disks -+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" -+ -+ -+# For partitions on a SCSI disk -+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" -+ -+LABEL="zfcp_scsi_device_end" -diff --git a/rules.d/meson.build b/rules.d/meson.build -index 598649a562..72632979fa 100644 ---- a/rules.d/meson.build -+++ b/rules.d/meson.build -@@ -5,6 +5,7 @@ install_data( - install_dir : udevrulesdir) - - rules = files(''' -+ 40-redhat.rules - 60-autosuspend.rules - 60-block.rules - 60-cdrom_id.rules diff --git a/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch b/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch new file mode 100644 index 0000000..5f61739 --- /dev/null +++ b/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch @@ -0,0 +1,38 @@ +From ba6b7f1b4409b337b5b4ffc47259ad5c43c436c4 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Mon, 5 Sep 2016 12:47:09 +0200 +Subject: [PATCH] unit: don't add Requires for tmp.mount + +rhel-only +Resolves: #1619292 +--- + src/core/mount.c | 2 +- + src/core/unit.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 0170406351..4d407ca4e5 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -335,7 +335,7 @@ static int mount_add_mount_dependencies(Mount *m) { + if (r < 0) + return r; + +- if (UNIT(m)->fragment_path) { ++ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) { + /* If we have fragment configuration, then make this dependency required */ + r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH); + if (r < 0) +diff --git a/src/core/unit.c b/src/core/unit.c +index 3a8251e2b8..d2adb447b6 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1520,7 +1520,7 @@ static int unit_add_mount_dependencies(Unit *u) { + if (r < 0) + return r; + +- if (m->fragment_path) { ++ if (m->fragment_path && !streq(m->id, "tmp.mount")) { + r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask); + if (r < 0) + return r; diff --git a/SOURCES/0006-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/SOURCES/0006-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch deleted file mode 100644 index 9d16eb4..0000000 --- a/SOURCES/0006-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ /dev/null @@ -1,47 +0,0 @@ -From d77095927682f5a6921d3825256743eb8f5e6e1b Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Tue, 15 May 2018 09:24:20 +0200 -Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will - -Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather -adds an After relationship. - -RHEL-only - -Resolves: #1959826 - -(cherry picked from commit f58c5ced373c2532b5cc44ba2e0c3a28b41472f2) ---- - src/core/unit.c | 7 +------ - units/basic.target | 3 ++- - 2 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 30afd5a776..d9cd0c229a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1266,12 +1266,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { - } - - if (c->private_tmp) { -- -- /* FIXME: for now we make a special case for /tmp and add a weak dependency on -- * tmp.mount so /tmp being masked is supported. However there's no reason to treat -- * /tmp specifically and masking other mount units should be handled more -- * gracefully too, see PR#16894. */ -- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); -+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); - if (r < 0) - return r; - -diff --git a/units/basic.target b/units/basic.target -index d8cdd5ac14..9eae0782a2 100644 ---- a/units/basic.target -+++ b/units/basic.target -@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount - # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as - # we support that unit being masked, and this should not be considered an error. - RequiresMountsFor=/var /var/tmp --Wants=tmp.mount -+# RHEL-only: Disable /tmp on tmpfs. -+#Wants=tmp.mount diff --git a/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch b/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch new file mode 100644 index 0000000..1eb4e7e --- /dev/null +++ b/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch @@ -0,0 +1,24 @@ +From 0e4d18011e394d83c5e6ce045c05b03619fe7145 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Tue, 22 Jan 2019 10:28:42 +0100 +Subject: [PATCH] units: add [Install] section to tmp.mount + +RHEL-only + +Related: #1959826 +--- + units/tmp.mount | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/units/tmp.mount b/units/tmp.mount +index 4e1bb8de24..4874e8daff 100644 +--- a/units/tmp.mount ++++ b/units/tmp.mount +@@ -23,3 +23,7 @@ What=tmpfs + Where=/tmp + Type=tmpfs + Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m ++ ++# Make 'systemctl enable tmp.mount' work: ++[Install] ++WantedBy=local-fs.target diff --git a/SOURCES/0007-rc-local-order-after-network-online.target.patch b/SOURCES/0007-rc-local-order-after-network-online.target.patch new file mode 100644 index 0000000..d7c6ae9 --- /dev/null +++ b/SOURCES/0007-rc-local-order-after-network-online.target.patch @@ -0,0 +1,29 @@ +From 6dc2d5628fded20609561ca3c63517b3dc381042 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 11 Mar 2021 15:48:23 +0100 +Subject: [PATCH] rc-local: order after network-online.target + +I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf, +just network-online.target didn't exist back then. + +RHEL-only + +Resolves: #1954429 +--- + units/rc-local.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/rc-local.service.in b/units/rc-local.service.in +index 55e83dfe00..0eee722154 100644 +--- a/units/rc-local.service.in ++++ b/units/rc-local.service.in +@@ -13,7 +13,8 @@ + Description={{RC_LOCAL_PATH}} Compatibility + Documentation=man:systemd-rc-local-generator(8) + ConditionFileIsExecutable={{RC_LOCAL_PATH}} +-After=network.target ++After=network-online.target ++Wants=network-online.target + + [Service] + Type=forking diff --git a/SOURCES/0007-unit-don-t-add-Requires-for-tmp.mount.patch b/SOURCES/0007-unit-don-t-add-Requires-for-tmp.mount.patch deleted file mode 100644 index b2bbe9e..0000000 --- a/SOURCES/0007-unit-don-t-add-Requires-for-tmp.mount.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 209af66ef66a67a9cafa5a1d6364ce436cd593aa Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Mon, 5 Sep 2016 12:47:09 +0200 -Subject: [PATCH] unit: don't add Requires for tmp.mount - -rhel-only -Resolves: #1619292 - -(cherry picked from commit 03e52d33bbdea731eaa79545bb1d30c5b21abe3d) ---- - src/core/mount.c | 2 +- - src/core/unit.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 053deac14d..1fd3102ad3 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -343,7 +343,7 @@ static int mount_add_mount_dependencies(Mount *m) { - if (r < 0) - return r; - -- if (UNIT(m)->fragment_path) { -+ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) { - /* If we have fragment configuration, then make this dependency required */ - r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH); - if (r < 0) -diff --git a/src/core/unit.c b/src/core/unit.c -index d9cd0c229a..371dda7e29 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1506,7 +1506,7 @@ static int unit_add_mount_dependencies(Unit *u) { - if (r < 0) - return r; - -- if (m->fragment_path) { -+ if (m->fragment_path && !streq(m->id, "tmp.mount")) { - r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask); - if (r < 0) - return r; diff --git a/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch b/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch new file mode 100644 index 0000000..7d41fd8 --- /dev/null +++ b/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch @@ -0,0 +1,298 @@ +From b9c7cd794733257a17b2eb9eadc716007e509ca9 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sun, 18 Apr 2021 20:46:06 +0200 +Subject: [PATCH] ci: drop CIs irrelevant for downstream + + * CIFuzz would need a separate project in oss-fuzz + * Coverity would also need a separate project + * the Labeler action is superfluous, since we already have a bot for + that + * mkosi testing on other distros is irrelevant for downstream RHEL + repo + +Resolves: #1960703 +rhel-only +--- + .github/labeler.yml | 40 ----------------- + .github/workflows/cifuzz.yml | 55 ----------------------- + .github/workflows/coverity.yml | 43 ------------------ + .github/workflows/labeler.yml | 23 ---------- + .github/workflows/mkosi.yml | 80 ---------------------------------- + 5 files changed, 241 deletions(-) + delete mode 100644 .github/labeler.yml + delete mode 100644 .github/workflows/cifuzz.yml + delete mode 100644 .github/workflows/coverity.yml + delete mode 100644 .github/workflows/labeler.yml + delete mode 100644 .github/workflows/mkosi.yml + +diff --git a/.github/labeler.yml b/.github/labeler.yml +deleted file mode 100644 +index 7d128f42d6..0000000000 +--- a/.github/labeler.yml ++++ /dev/null +@@ -1,40 +0,0 @@ +-# SPDX-License-Identifier: LGPL-2.1-or-later +- +-hwdb: +- - hwdb.d/**/* +-units: +- - units/**/* +-documentation: +- - NEWS +- - docs/* +-network: +- - src/libsystemd-network/**/* +- - src/network/**/* +-udev: +- - src/udev/**/* +- - src/libudev/* +-selinux: +- - '**/*selinux*' +-apparmor: +- - '**/*apparmor*' +-meson: +- - meson_option.txt +-mkosi: +- - .mkosi/* +- - mkosi.build +-busctl: +- - src/busctl/* +-systemctl: +- - src/systemctl/* +-journal: +- - src/journal/* +-journal-remote: +- - src/journal-remote/* +-portable: +- - src/portable/**/* +-resolve: +- - src/resolve/* +-timedate: +- - src/timedate/* +-timesync: +- - src/timesync/* +diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml +deleted file mode 100644 +index 11ea788a47..0000000000 +--- a/.github/workflows/cifuzz.yml ++++ /dev/null +@@ -1,55 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ +- +-name: CIFuzz +- +-permissions: +- contents: read +- +-on: +- pull_request: +- paths: +- - '**/meson.build' +- - '.github/workflows/**' +- - 'meson_options.txt' +- - 'src/**' +- - 'test/fuzz/**' +- - 'tools/oss-fuzz.sh' +- push: +- branches: +- - main +-jobs: +- Fuzzing: +- runs-on: ubuntu-latest +- if: github.repository == 'systemd/systemd' +- concurrency: +- group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} +- cancel-in-progress: true +- strategy: +- fail-fast: false +- matrix: +- sanitizer: [address, undefined, memory] +- steps: +- - name: Build Fuzzers (${{ matrix.sanitizer }}) +- id: build +- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master +- with: +- oss-fuzz-project-name: 'systemd' +- dry-run: false +- allowed-broken-targets-percentage: 0 +- sanitizer: ${{ matrix.sanitizer }} +- - name: Run Fuzzers (${{ matrix.sanitizer }}) +- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master +- with: +- oss-fuzz-project-name: 'systemd' +- fuzz-seconds: 600 +- dry-run: false +- sanitizer: ${{ matrix.sanitizer }} +- - name: Upload Crash +- uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 +- if: failure() && steps.build.outcome == 'success' +- with: +- name: ${{ matrix.sanitizer }}-artifacts +- path: ./out/artifacts +diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml +deleted file mode 100644 +index a164d16fbf..0000000000 +--- a/.github/workflows/coverity.yml ++++ /dev/null +@@ -1,43 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# +-name: Coverity +- +-on: +- schedule: +- # Run Coverity daily at midnight +- - cron: '0 0 * * *' +- +-permissions: +- contents: read +- +-jobs: +- build: +- runs-on: ubuntu-20.04 +- if: github.repository == 'systemd/systemd' +- env: +- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}" +- COVERITY_SCAN_NOTIFICATION_EMAIL: "" +- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}" +- # Set in repo settings -> secrets -> repository secrets +- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" +- CURRENT_REF: "${{ github.ref }}" +- steps: +- - name: Repository checkout +- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 +- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable +- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable +- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV +- - name: Install Coverity tools +- run: tools/get-coverity.sh +- # Reuse the setup phase of the unit test script to avoid code duplication +- - name: Install build dependencies +- run: sudo -E .github/workflows/unit_tests.sh SETUP +- # Preconfigure with meson to prevent Coverity from capturing meson metadata +- - name: Preconfigure the build directory +- run: meson cov-build -Dman=false +- - name: Build +- run: tools/coverity.sh build +- - name: Upload the results +- run: tools/coverity.sh upload +diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml +deleted file mode 100644 +index 34d9d63d42..0000000000 +--- a/.github/workflows/labeler.yml ++++ /dev/null +@@ -1,23 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# +-name: "Pull Request Labeler" +- +-on: +-- pull_request_target +- +-permissions: +- contents: read +- +-jobs: +- triage: +- runs-on: ubuntu-latest +- permissions: +- pull-requests: write +- steps: +- - uses: actions/labeler@69da01b8e0929f147b8943611bee75ee4175a49e +- with: +- repo-token: "${{ secrets.GITHUB_TOKEN }}" +- configuration-path: .github/labeler.yml +- sync-labels: "" # This is a workaround for issue 18671 +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +deleted file mode 100644 +index 8fd6c72e26..0000000000 +--- a/.github/workflows/mkosi.yml ++++ /dev/null +@@ -1,80 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/. +-name: mkosi +- +-on: +- push: +- branches: +- - main +- - v[0-9]+-stable +- pull_request: +- branches: +- - main +- - v[0-9]+-stable +- +-permissions: +- contents: read +- +-env: +- # Enable debug logging in systemd, but keep udev's log level to info, +- # since it's _very_ verbose in the QEMU task +- KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console" +- +-jobs: +- ci: +- runs-on: ubuntu-20.04 +- concurrency: +- group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }} +- cancel-in-progress: true +- strategy: +- fail-fast: false +- matrix: +- distro: +- - arch +- - debian +- - ubuntu +- - fedora +- - opensuse +- +- steps: +- - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 +- - uses: systemd/mkosi@4d64fc8134f93d87ac584183e7762ac1d0efa0e5 +- +- - name: Install +- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2 +- +- - name: Configure +- run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default +- +- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is +- # required, since current Arch's glibc implements faccessat() via faccessat2(). +- - name: Update systemd-nspawn +- if: ${{ matrix.distro == 'arch' }} +- run: | +- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list +- sudo apt update +- sudo apt build-dep systemd +- meson build +- ninja -C build +- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` +- systemd-nspawn --version +- +- - name: Build ${{ matrix.distro }} +- run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build +- +- - name: Show ${{ matrix.distro }} image summary +- run: ./.github/workflows/run_mkosi.sh summary +- +- - name: Boot ${{ matrix.distro }} systemd-nspawn +- run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }} +- +- - name: Check ${{ matrix.distro }} systemd-nspawn +- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }" +- +- - name: Boot ${{ matrix.distro }} QEMU +- run: ./.github/workflows/run_mkosi.sh qemu +- +- - name: Check ${{ matrix.distro }} QEMU +- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }" diff --git a/SOURCES/0008-units-add-Install-section-to-tmp.mount.patch b/SOURCES/0008-units-add-Install-section-to-tmp.mount.patch deleted file mode 100644 index 21e4dc8..0000000 --- a/SOURCES/0008-units-add-Install-section-to-tmp.mount.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c54ec17a683866f8e74f0d78c19369a6e86e46f3 Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Tue, 22 Jan 2019 10:28:42 +0100 -Subject: [PATCH] units: add [Install] section to tmp.mount - -RHEL-only - -Related: #1959826 -(cherry picked from commit bb3d205bea1c83cbd0e27b504f5f1faa884fb602) ---- - units/tmp.mount | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/units/tmp.mount b/units/tmp.mount -index 516bd1621c..fc1812111e 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -23,3 +23,7 @@ What=tmpfs - Where=/tmp - Type=tmpfs - Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k -+ -+# Make 'systemctl enable tmp.mount' work: -+[Install] -+WantedBy=local-fs.target diff --git a/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch b/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch new file mode 100644 index 0000000..fbe6ca9 --- /dev/null +++ b/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch @@ -0,0 +1,61 @@ +From d931821a263e34805f825cf12a0a0fcde9beda99 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 9 Jun 2021 15:23:59 +0200 +Subject: [PATCH] ci: reconfigure Packit for RHEL 9 + +Resolves: #1960703 +rhel-only +--- + .packit.yml | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index 962c77913e..3461bccbc5 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}" + + actions: + post-upstream-clone: +- # Use the Fedora Rawhide specfile +- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" ++ # Use the CentOS Stream specfile ++ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1" + # Drop the "sources" file so rebase-helper doesn't think we're a dist-git + - "rm -fv .packit_rpm/sources" +- # Drop backported patches from the specfile, but keep the downstream-only ones +- # - Patch0000-0499: backported patches from upstream +- # - Patch0500-9999: downstream-only patches +- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" ++ # Drop all patches, since they're already included in the tarball ++ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec" + # Build the RPM with --werror. Even though --werror doesn't work in all + # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the + # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). +@@ -32,12 +30,22 @@ actions: + # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 + - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' + ++# Available targets can be listed via `copr-cli list-chroots` + jobs: ++# Build test + - job: copr_build + trigger: pull_request + metadata: + targets: +- - fedora-rawhide-aarch64 +- - fedora-rawhide-i386 +- - fedora-rawhide-ppc64le +- - fedora-rawhide-x86_64 ++ # FIXME: change to CentOS 9 once it's available ++ - fedora-34-x86_64 ++ - fedora-34-aarch64 ++ ++# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184 ++# Run tests (via testing farm) ++#- job: tests ++# trigger: pull_request ++# metadata: ++# targets: ++# # FIXME: change to CentOS 9 once it's available ++# - fedora-34-x86_64 diff --git a/SOURCES/0009-rc-local-order-after-network-online.target.patch b/SOURCES/0009-rc-local-order-after-network-online.target.patch deleted file mode 100644 index 718e879..0000000 --- a/SOURCES/0009-rc-local-order-after-network-online.target.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 10c26ebc7cd9bff3d73ff9a89ddec44bde88e4cd Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Thu, 11 Mar 2021 15:48:23 +0100 -Subject: [PATCH] rc-local: order after network-online.target - -I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf, -just network-online.target didn't exist back then. - -RHEL-only - -Resolves: #1954429 ---- - units/rc-local.service.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/units/rc-local.service.in b/units/rc-local.service.in -index 55e83dfe00..0eee722154 100644 ---- a/units/rc-local.service.in -+++ b/units/rc-local.service.in -@@ -13,7 +13,8 @@ - Description={{RC_LOCAL_PATH}} Compatibility - Documentation=man:systemd-rc-local-generator(8) - ConditionFileIsExecutable={{RC_LOCAL_PATH}} --After=network.target -+After=network-online.target -+Wants=network-online.target - - [Service] - Type=forking diff --git a/SOURCES/0010-ci-drop-CIs-irrelevant-for-downstream.patch b/SOURCES/0010-ci-drop-CIs-irrelevant-for-downstream.patch deleted file mode 100644 index d6494e8..0000000 --- a/SOURCES/0010-ci-drop-CIs-irrelevant-for-downstream.patch +++ /dev/null @@ -1,284 +0,0 @@ -From b3c617b8d0fb95322e203842d2ac68593a4acdcd Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 18 Apr 2021 20:46:06 +0200 -Subject: [PATCH] ci: drop CIs irrelevant for downstream - - * CIFuzz would need a separate project in oss-fuzz - * Coverity would also need a separate project - * the Labeler action is superfluous, since we already have a bot for - that - * mkosi testing on other distros is irrelevant for downstream RHEL - repo - -Resolves: #1960703 -rhel-only ---- - .github/labeler.yml | 38 ------------------ - .github/workflows/cifuzz.yml | 47 ---------------------- - .github/workflows/coverity.yml | 39 ------------------- - .github/workflows/labeler.yml | 13 ------- - .github/workflows/mkosi.yml | 58 ---------------------------- - .github/workflows/test_mkosi_boot.py | 24 ------------ - 6 files changed, 219 deletions(-) - delete mode 100644 .github/labeler.yml - delete mode 100644 .github/workflows/cifuzz.yml - delete mode 100644 .github/workflows/coverity.yml - delete mode 100644 .github/workflows/labeler.yml - delete mode 100644 .github/workflows/mkosi.yml - delete mode 100755 .github/workflows/test_mkosi_boot.py - -diff --git a/.github/labeler.yml b/.github/labeler.yml -deleted file mode 100644 -index 773d575004..0000000000 ---- a/.github/labeler.yml -+++ /dev/null -@@ -1,38 +0,0 @@ --hwdb: -- - hwdb.d/**/* --units: -- - units/**/* --documentation: -- - NEWS -- - docs/* --network: -- - src/libsystemd-network/**/* -- - src/network/**/* --udev: -- - src/udev/**/* -- - src/libudev/* --selinux: -- - '**/*selinux*' --apparmor: -- - '**/*apparmor*' --meson: -- - meson_option.txt --mkosi: -- - .mkosi/* -- - mkosi.build --busctl: -- - src/busctl/* --systemctl: -- - src/systemctl/* --journal: -- - src/journal/* --journal-remote: -- - src/journal-remote/* --portable: -- - src/portable/**/* --resolve: -- - src/resolve/* --timedate: -- - src/timedate/* --timesync: -- - src/timesync/* -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -deleted file mode 100644 -index 14d81a67ff..0000000000 ---- a/.github/workflows/cifuzz.yml -+++ /dev/null -@@ -1,47 +0,0 @@ ----- --# vi: ts=2 sw=2 et: --# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ -- --name: CIFuzz --on: -- pull_request: -- paths: -- - '**/meson.build' -- - '.github/workflows/**' -- - 'meson_options.txt' -- - 'src/**' -- - 'test/fuzz/**' -- - 'tools/oss-fuzz.sh' -- push: -- branches: -- - main --jobs: -- Fuzzing: -- runs-on: ubuntu-latest -- if: github.repository == 'systemd/systemd' -- strategy: -- fail-fast: false -- matrix: -- sanitizer: [address, undefined, memory] -- steps: -- - name: Build Fuzzers (${{ matrix.sanitizer }}) -- id: build -- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master -- with: -- oss-fuzz-project-name: 'systemd' -- dry-run: false -- allowed-broken-targets-percentage: 0 -- sanitizer: ${{ matrix.sanitizer }} -- - name: Run Fuzzers (${{ matrix.sanitizer }}) -- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master -- with: -- oss-fuzz-project-name: 'systemd' -- fuzz-seconds: 600 -- dry-run: false -- sanitizer: ${{ matrix.sanitizer }} -- - name: Upload Crash -- uses: actions/upload-artifact@v1 -- if: failure() && steps.build.outcome == 'success' -- with: -- name: ${{ matrix.sanitizer }}-artifacts -- path: ./out/artifacts -diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml -deleted file mode 100644 -index a0eb0f01fd..0000000000 ---- a/.github/workflows/coverity.yml -+++ /dev/null -@@ -1,39 +0,0 @@ ----- --# vi: ts=2 sw=2 et: --# --name: Coverity -- --on: -- schedule: -- # Run Coverity daily at midnight -- - cron: '0 0 * * *' -- --jobs: -- build: -- runs-on: ubuntu-20.04 -- if: github.repository == 'systemd/systemd' -- env: -- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}" -- COVERITY_SCAN_NOTIFICATION_EMAIL: "" -- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}" -- # Set in repo settings -> secrets -> repository secrets -- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" -- CURRENT_REF: "${{ github.ref }}" -- steps: -- - name: Repository checkout -- uses: actions/checkout@v1 -- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable -- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable -- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV -- - name: Install Coverity tools -- run: tools/get-coverity.sh -- # Reuse the setup phase of the unit test script to avoid code duplication -- - name: Install build dependencies -- run: sudo -E .github/workflows/unit_tests.sh SETUP -- # Preconfigure with meson to prevent Coverity from capturing meson metadata -- - name: Preconfigure the build directory -- run: meson cov-build -Dman=false -- - name: Build -- run: tools/coverity.sh build -- - name: Upload the results -- run: tools/coverity.sh upload -diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml -deleted file mode 100644 -index 76d67a3a5c..0000000000 ---- a/.github/workflows/labeler.yml -+++ /dev/null -@@ -1,13 +0,0 @@ --name: "Pull Request Labeler" --on: --- pull_request_target -- --jobs: -- triage: -- runs-on: ubuntu-latest -- steps: -- - uses: actions/labeler@main -- with: -- repo-token: "${{ secrets.GITHUB_TOKEN }}" -- configuration-path: .github/labeler.yml -- sync-labels: "" # This is a workaround for issue 18671 -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -deleted file mode 100644 -index babdf7ae6e..0000000000 ---- a/.github/workflows/mkosi.yml -+++ /dev/null -@@ -1,58 +0,0 @@ --name: mkosi -- --# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in .mkosi. -- --on: -- push: -- branches: -- - main -- pull_request: -- branches: -- - main -- --jobs: -- ci: -- runs-on: ubuntu-20.04 -- strategy: -- fail-fast: false -- matrix: -- distro: -- - arch -- - debian -- - ubuntu -- - fedora -- -- steps: -- - uses: actions/checkout@v2 -- - uses: systemd/mkosi@v9 -- -- - name: Install -- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2 -- -- - name: Symlink -- run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default -- -- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is -- # required, since current Arch's glibc implements faccessat() via faccessat2(). -- - name: Update systemd-nspawn -- if: ${{ matrix.distro == 'arch' }} -- run: | -- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list -- sudo apt update -- sudo apt build-dep systemd -- meson build -- ninja -C build -- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` -- systemd-nspawn --version -- -- - name: Build ${{ matrix.distro }} -- run: sudo python3 -m mkosi --password= --qemu-headless build -- -- - name: Show ${{ matrix.distro }} image summary -- run: sudo python3 -m mkosi --password= --qemu-headless summary -- -- - name: Boot ${{ matrix.distro }} systemd-nspawn -- run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless boot -- -- - name: Boot ${{ matrix.distro }} QEMU -- run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless qemu -diff --git a/.github/workflows/test_mkosi_boot.py b/.github/workflows/test_mkosi_boot.py -deleted file mode 100755 -index 3418fd3a51..0000000000 ---- a/.github/workflows/test_mkosi_boot.py -+++ /dev/null -@@ -1,24 +0,0 @@ --#!/usr/bin/env python3 --# SPDX-License-Identifier: LGPL-2.1-or-later -- --import pexpect --import sys -- -- --def run() -> None: -- p = pexpect.spawnu(" ".join(sys.argv[1:]), logfile=sys.stdout, timeout=300) -- -- p.expect("#") -- p.sendline("systemctl poweroff") -- -- p.expect(pexpect.EOF) -- -- --try: -- run() --except pexpect.EOF: -- print("UNEXPECTED EOF") -- sys.exit(1) --except pexpect.TIMEOUT: -- print("TIMED OUT") -- sys.exit(1) diff --git a/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch b/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch new file mode 100644 index 0000000..65ae57c --- /dev/null +++ b/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch @@ -0,0 +1,28 @@ +From 785b53d7b16c6c56638029e8b4f59c436f1394b8 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 15 Jul 2021 12:23:27 +0200 +Subject: [PATCH] ci: run unit tests on z-stream branches as well + +Resolves: #1960703 +rhel-only +--- + .github/workflows/unit_tests.yml | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml +index d4a4f3c723..2afde5d59d 100644 +--- a/.github/workflows/unit_tests.yml ++++ b/.github/workflows/unit_tests.yml +@@ -3,11 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + # + name: Unit tests +-on: +- pull_request: +- branches: +- - main +- - v[0-9]+-stable ++on: [pull_request] + + permissions: + contents: read diff --git a/SOURCES/0011-ci-reconfigure-Packit-for-RHEL-9.patch b/SOURCES/0011-ci-reconfigure-Packit-for-RHEL-9.patch deleted file mode 100644 index 42c1361..0000000 --- a/SOURCES/0011-ci-reconfigure-Packit-for-RHEL-9.patch +++ /dev/null @@ -1,60 +0,0 @@ -From b00b4b76e8a7267db2dc54a5d23272a6586770da Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 9 Jun 2021 15:23:59 +0200 -Subject: [PATCH] ci: reconfigure Packit for RHEL 9 - -Resolves: #1960703 -rhel-only ---- - .packit.yml | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index 4545e30e08..3461bccbc5 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}" - - actions: - post-upstream-clone: -- # Use the Fedora Rawhide specfile -- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" -+ # Use the CentOS Stream specfile -+ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1" - # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - - "rm -fv .packit_rpm/sources" -- # Drop backported patches from the specfile, but keep the downstream-only ones -- # - Patch0000-0499: backported patches from upstream -- # - Patch0500-9999: downstream-only patches -- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" -+ # Drop all patches, since they're already included in the tarball -+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec" - # Build the RPM with --werror. Even though --werror doesn't work in all - # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the - # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). -@@ -32,11 +30,22 @@ actions: - # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' - -+# Available targets can be listed via `copr-cli list-chroots` - jobs: -+# Build test - - job: copr_build - trigger: pull_request - metadata: - targets: -- - fedora-rawhide-aarch64 -- - fedora-rawhide-i386 -- - fedora-rawhide-x86_64 -+ # FIXME: change to CentOS 9 once it's available -+ - fedora-34-x86_64 -+ - fedora-34-aarch64 -+ -+# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184 -+# Run tests (via testing farm) -+#- job: tests -+# trigger: pull_request -+# metadata: -+# targets: -+# # FIXME: change to CentOS 9 once it's available -+# - fedora-34-x86_64 diff --git a/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch b/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch new file mode 100644 index 0000000..f026b4b --- /dev/null +++ b/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch @@ -0,0 +1,25 @@ +From c1555a7d38235cca32492c4606e30028dc008b35 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 15 Jul 2021 11:15:17 +0200 +Subject: [PATCH] random-util: increase random seed size to 1024 + +RHEL-only + +Resolves: #1982603 +--- + src/basic/random-util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/random-util.h b/src/basic/random-util.h +index e6528ddc7f..fda78552f6 100644 +--- a/src/basic/random-util.h ++++ b/src/basic/random-util.h +@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) { + int rdrand(unsigned long *ret); + + /* Some limits on the pool sizes when we deal with the kernel random pool */ +-#define RANDOM_POOL_SIZE_MIN 512U ++#define RANDOM_POOL_SIZE_MIN 1024U + #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U) + + size_t random_pool_size(void); diff --git a/SOURCES/0012-ci-run-unit-tests-on-z-stream-branches-as-well.patch b/SOURCES/0012-ci-run-unit-tests-on-z-stream-branches-as-well.patch deleted file mode 100644 index 73a663c..0000000 --- a/SOURCES/0012-ci-run-unit-tests-on-z-stream-branches-as-well.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ef23dd2793c19e9505ab1e70fff20b7ea184dc54 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 15 Jul 2021 12:23:27 +0200 -Subject: [PATCH] ci: run unit tests on z-stream branches as well - -Resolves: #1960703 -rhel-only ---- - .github/workflows/unit_tests.yml | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml -index ca1e6e0c30..e560bff830 100644 ---- a/.github/workflows/unit_tests.yml -+++ b/.github/workflows/unit_tests.yml -@@ -2,10 +2,7 @@ - # vi: ts=2 sw=2 et: - # - name: Unit tests --on: -- pull_request: -- branches: -- - main -+on: [pull_request] - - jobs: - build: diff --git a/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch new file mode 100644 index 0000000..944281a --- /dev/null +++ b/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -0,0 +1,41 @@ +From f1d66259bcff8333d7dd495bbeef274206f7300d Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Thu, 2 May 2019 14:11:54 +0200 +Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by + default + +RHEL-only + +Resolves: #1973856 +--- + units/meson.build | 3 +-- + units/systemd-journald.service.in | 2 +- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index a9bf28f6d9..69d53f4259 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -124,8 +124,7 @@ units = [ + 'sysinit.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], +- ['systemd-journald-audit.socket', '', +- 'sockets.target.wants/'], ++ ['systemd-journald-audit.socket', ''], + ['systemd-journald-dev-log.socket', '', + 'sockets.target.wants/'], + ['systemd-journald.socket', '', +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index cd17b6b4e7..d981273b07 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -12,7 +12,7 @@ Description=Journal Service + Documentation=man:systemd-journald.service(8) man:journald.conf(5) + DefaultDependencies=no + Requires=systemd-journald.socket +-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket ++After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket + Before=sysinit.target + + [Service] diff --git a/SOURCES/0013-Check-return-value-of-pam_get_item-pam_get_data-func.patch b/SOURCES/0013-Check-return-value-of-pam_get_item-pam_get_data-func.patch deleted file mode 100644 index fad17cd..0000000 --- a/SOURCES/0013-Check-return-value-of-pam_get_item-pam_get_data-func.patch +++ /dev/null @@ -1,110 +0,0 @@ -From a311dc4ade908452d7920452a18ce411af0f6dd3 Mon Sep 17 00:00:00 2001 -From: Riccardo Schirone -Date: Thu, 17 Jun 2021 16:39:23 +0200 -Subject: [PATCH] Check return value of pam_get_item/pam_get_data functions - -(cherry picked from commit a22cbf85ed9863ba5c86681db89424747119ef0c) - -Resolves: #1973210 ---- - src/login/pam_systemd.c | 66 ++++++++++++++++++++++++++++++++++------- - 1 file changed, 55 insertions(+), 11 deletions(-) - -diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c -index f8bd17eefe..1b643d52ca 100644 ---- a/src/login/pam_systemd.c -+++ b/src/login/pam_systemd.c -@@ -705,7 +705,11 @@ _public_ PAM_EXTERN int pam_sm_open_session( - * "systemd-user" we simply set XDG_RUNTIME_DIR and - * leave. */ - -- (void) pam_get_item(handle, PAM_SERVICE, (const void**) &service); -+ r = pam_get_item(handle, PAM_SERVICE, (const void**) &service); -+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM service: %s", pam_strerror(handle, r)); -+ return r; -+ } - if (streq_ptr(service, "systemd-user")) { - char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)]; - -@@ -719,10 +723,26 @@ _public_ PAM_EXTERN int pam_sm_open_session( - - /* Otherwise, we ask logind to create a session for us */ - -- (void) pam_get_item(handle, PAM_XDISPLAY, (const void**) &display); -- (void) pam_get_item(handle, PAM_TTY, (const void**) &tty); -- (void) pam_get_item(handle, PAM_RUSER, (const void**) &remote_user); -- (void) pam_get_item(handle, PAM_RHOST, (const void**) &remote_host); -+ r = pam_get_item(handle, PAM_XDISPLAY, (const void**) &display); -+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM XDISPLAY: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_item(handle, PAM_TTY, (const void**) &tty); -+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM TTY: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_item(handle, PAM_RUSER, (const void**) &remote_user); -+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM RUSER: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_item(handle, PAM_RHOST, (const void**) &remote_host); -+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM RHOST: %s", pam_strerror(handle, r)); -+ return r; -+ } - - seat = getenv_harder(handle, "XDG_SEAT", NULL); - cvtnr = getenv_harder(handle, "XDG_VTNR", NULL); -@@ -789,11 +809,31 @@ _public_ PAM_EXTERN int pam_sm_open_session( - - remote = !isempty(remote_host) && !is_localhost(remote_host); - -- (void) pam_get_data(handle, "systemd.memory_max", (const void **)&memory_max); -- (void) pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max); -- (void) pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight); -- (void) pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight); -- (void) pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec); -+ r = pam_get_data(handle, "systemd.memory_max", (const void **)&memory_max); -+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.memory_max data: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max); -+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.tasks_max data: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight); -+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.cpu_weight data: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight); -+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.io_weight data: %s", pam_strerror(handle, r)); -+ return r; -+ } -+ r = pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec); -+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.runtime_max_sec data: %s", pam_strerror(handle, r)); -+ return r; -+ } - - /* Talk to logind over the message bus */ - -@@ -996,7 +1036,11 @@ _public_ PAM_EXTERN int pam_sm_close_session( - - /* Only release session if it wasn't pre-existing when we - * tried to create it */ -- (void) pam_get_data(handle, "systemd.existing", &existing); -+ r = pam_get_data(handle, "systemd.existing", &existing); -+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) { -+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.existing data: %s", pam_strerror(handle, r)); -+ return r; -+ } - - id = pam_getenv(handle, "XDG_SESSION_ID"); - if (id && !existing) { diff --git a/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch b/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch new file mode 100644 index 0000000..6a49362 --- /dev/null +++ b/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch @@ -0,0 +1,22 @@ +From 56d9b62ce456e8c0e520bda3447db38864983173 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 5 Aug 2021 15:26:13 +0200 +Subject: [PATCH] journald.conf: don't touch current audit settings + +RHEL-only + +Related: #1973856 +--- + src/journal/journald.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 5a60a9d39c..3544da2112 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -44,4 +44,4 @@ + #MaxLevelWall=emerg + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++Audit= diff --git a/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch b/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch new file mode 100644 index 0000000..a5acad5 --- /dev/null +++ b/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch @@ -0,0 +1,137 @@ +From 2843766767452a69dade1ef8ab2d1d3e5e68a1d3 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 10 Aug 2021 14:46:16 +0200 +Subject: [PATCH] Revert "udev: remove WAIT_FOR key" + +This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f. + +RHEL-only + +Resolves: #1982666 +--- + man/udev.xml | 9 +++++++ + src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++ + test/rule-syntax-check.py | 2 +- + 3 files changed, 66 insertions(+), 1 deletion(-) + +diff --git a/man/udev.xml b/man/udev.xml +index f6ea2abc12..ce96e201e4 100644 +--- a/man/udev.xml ++++ b/man/udev.xml +@@ -592,6 +592,15 @@ + + + ++ ++ WAIT_FOR ++ ++ Wait for a file to become available or until a timeout of ++ 10 seconds expires. The path is relative to the sysfs device; ++ if no path is specified, this waits for an attribute to appear. ++ ++ ++ + + OPTIONS + +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 1a384d6b38..243a792662 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -79,6 +79,7 @@ typedef enum { + TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */ + TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */ + TK_M_DRIVER, /* string, sd_device_get_driver() */ ++ TK_M_WAITFOR, + TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */ + TK_M_SYSCTL, /* string, takes kernel parameter through attribute */ + +@@ -416,6 +417,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token + rule_line->current_token = token; + } + ++#define WAIT_LOOP_PER_SECOND 50 ++static int wait_for_file(sd_device *dev, const char *file, int timeout) { ++ char filepath[UDEV_PATH_SIZE]; ++ char devicepath[UDEV_PATH_SIZE]; ++ struct stat stats; ++ int loop = timeout * WAIT_LOOP_PER_SECOND; ++ ++ /* a relative path is a device attribute */ ++ devicepath[0] = '\0'; ++ if (file[0] != '/') { ++ const char *val; ++ int r; ++ ++ r = sd_device_get_syspath(dev, &val); ++ if (r < 0) ++ return r; ++ strscpyl(devicepath, sizeof(devicepath), val, NULL); ++ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL); ++ file = filepath; ++ } ++ ++ while (--loop) { ++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND }; ++ ++ /* lookup file */ ++ if (stat(file, &stats) == 0) { ++ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1); ++ return 0; ++ } ++ /* make sure, the device did not disappear in the meantime */ ++ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) { ++ log_debug("device disappeared while waiting for '%s'", file); ++ return -2; ++ } ++ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND); ++ nanosleep(&duration, NULL); ++ } ++ log_debug("waiting for '%s' failed", file); ++ return -1; ++} ++ + static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) { + UdevRuleToken *token; + UdevRuleMatchType match_type = _MATCH_TYPE_INVALID; +@@ -958,6 +1000,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp + r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd)); + } else + return log_token_invalid_attr(rules, key); ++ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) { ++ if (op == OP_REMOVE) ++ return log_token_invalid_op(rules, key); ++ ++ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL); ++ return 1; + } else if (streq(key, "GOTO")) { + if (attr) + return log_token_invalid_attr(rules, key); +@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event( + + return token_match_string(token, val); + } ++ case TK_M_WAITFOR: { ++ char filename[UDEV_PATH_SIZE]; ++ int found; ++ ++ udev_event_apply_format(event, token->value, filename, sizeof(filename), false); ++ found = (wait_for_file(event->dev, filename, 10) == 0); ++ return found || (token->op == OP_NOMATCH); ++ } + case TK_M_ATTR: + case TK_M_PARENTS_ATTR: + return token_match_attr(token, dev, event); +diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py +index 9a9e4d1658..0649bcf58e 100755 +--- a/test/rule-syntax-check.py ++++ b/test/rule-syntax-check.py +@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D + # PROGRAM can also be specified as an assignment. + program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$') + args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$') +-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') ++no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') + args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$') + # Find comma-separated groups, but allow commas that are inside quoted strings. + # Using quoted_string_re + '?' so that strings missing the last double quote diff --git a/SOURCES/0014-random-util-increase-random-seed-size-to-1024.patch b/SOURCES/0014-random-util-increase-random-seed-size-to-1024.patch deleted file mode 100644 index b02c53b..0000000 --- a/SOURCES/0014-random-util-increase-random-seed-size-to-1024.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f1266682aca4a2ed3d85017527d1456cbe5d2f2a Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Thu, 15 Jul 2021 11:15:17 +0200 -Subject: [PATCH] random-util: increase random seed size to 1024 - -RHEL-only - -Resolves: #1982603 ---- - src/basic/random-util.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/random-util.h b/src/basic/random-util.h -index e6528ddc7f..fda78552f6 100644 ---- a/src/basic/random-util.h -+++ b/src/basic/random-util.h -@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) { - int rdrand(unsigned long *ret); - - /* Some limits on the pool sizes when we deal with the kernel random pool */ --#define RANDOM_POOL_SIZE_MIN 512U -+#define RANDOM_POOL_SIZE_MIN 1024U - #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U) - - size_t random_pool_size(void); diff --git a/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch b/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch new file mode 100644 index 0000000..30d9a20 --- /dev/null +++ b/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch @@ -0,0 +1,25 @@ +From 9a0acc0b292d283b4507c6b749396c019af7e4ab Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 25 Aug 2021 16:03:04 +0200 +Subject: [PATCH] Really don't enable systemd-journald-audit.socket + +RHEL-only + +Resolves: #1973856 +--- + units/systemd-journald.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index d981273b07..f190dff5fb 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -33,7 +33,7 @@ RestrictRealtime=yes + RestrictSUIDSGID=yes + RuntimeDirectory=systemd/journal + RuntimeDirectoryPreserve=yes +-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket ++Sockets=systemd-journald.socket systemd-journald-dev-log.socket + StandardOutput=null + SystemCallArchitectures=native + SystemCallErrorNumber=EPERM diff --git a/SOURCES/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/SOURCES/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch deleted file mode 100644 index f1bc9c2..0000000 --- a/SOURCES/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d68134590110a93c383a7ae696ccf3717f20682a Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Thu, 2 May 2019 14:11:54 +0200 -Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by - default - -RHEL-only - -Resolves: #1973856 ---- - units/meson.build | 3 +-- - units/systemd-journald.service.in | 2 +- - 2 files changed, 2 insertions(+), 3 deletions(-) - -diff --git a/units/meson.build b/units/meson.build -index 17e9ead9c1..68be8d0108 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -119,8 +119,7 @@ units = [ - 'sysinit.target.wants/'], - ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], - ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], -- ['systemd-journald-audit.socket', '', -- 'sockets.target.wants/'], -+ ['systemd-journald-audit.socket', ''], - ['systemd-journald-dev-log.socket', '', - 'sockets.target.wants/'], - ['systemd-journald.socket', '', -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index cd17b6b4e7..d981273b07 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -12,7 +12,7 @@ Description=Journal Service - Documentation=man:systemd-journald.service(8) man:journald.conf(5) - DefaultDependencies=no - Requires=systemd-journald.socket --After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket -+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket - Before=sysinit.target - - [Service] diff --git a/SOURCES/0016-journald.conf-don-t-touch-current-audit-settings.patch b/SOURCES/0016-journald.conf-don-t-touch-current-audit-settings.patch deleted file mode 100644 index a71beac..0000000 --- a/SOURCES/0016-journald.conf-don-t-touch-current-audit-settings.patch +++ /dev/null @@ -1,22 +0,0 @@ -From c040ffc7d27e2952bd6acccc1d8a351f31ba24db Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Thu, 5 Aug 2021 15:26:13 +0200 -Subject: [PATCH] journald.conf: don't touch current audit settings - -RHEL-only - -Related: #1973856 ---- - src/journal/journald.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/journal/journald.conf b/src/journal/journald.conf -index 5a60a9d39c..3544da2112 100644 ---- a/src/journal/journald.conf -+++ b/src/journal/journald.conf -@@ -44,4 +44,4 @@ - #MaxLevelWall=emerg - #LineMax=48K - #ReadKMsg=yes --#Audit=yes -+Audit= diff --git a/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch b/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch new file mode 100644 index 0000000..8338727 --- /dev/null +++ b/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch @@ -0,0 +1,56 @@ +From 1e423276a24d7c895d196f9f10bf8c0b9155c633 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 12 Feb 2019 16:58:16 +0100 +Subject: [PATCH] rules: add elevator= kernel command line parameter + +Kernel removed the elevator= option, so let's reintroduce +it for rhel8 via udev rule. + +RHEL-only + +Resolves: #2003002 +--- + rules.d/40-elevator.rules | 20 ++++++++++++++++++++ + rules.d/meson.build | 1 + + 2 files changed, 21 insertions(+) + create mode 100644 rules.d/40-elevator.rules + +diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules +new file mode 100644 +index 0000000000..dbe8fc81a4 +--- /dev/null ++++ b/rules.d/40-elevator.rules +@@ -0,0 +1,20 @@ ++# We aren't adding devices skip the elevator check ++ACTION!="add", GOTO="sched_out" ++ ++SUBSYSTEM!="block", GOTO="sched_out" ++ENV{DEVTYPE}!="disk", GOTO="sched_out" ++ ++# Technically, dm-multipath can be configured to use an I/O scheduler. ++# However, there are races between the 'add' uevent and the linking in ++# of the queue/scheduler sysfs file. For now, just skip dm- devices. ++KERNEL=="dm-*|md*", GOTO="sched_out" ++ ++# Skip bio-based devices, which don't support an I/O scheduler. ++ATTR{queue/scheduler}=="none", GOTO="sched_out" ++ ++# If elevator= is specified on the kernel command line, change the ++# scheduler to the one specified. ++IMPORT{cmdline}="elevator" ++ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}" ++ ++LABEL="sched_out" +\ No newline at end of file +diff --git a/rules.d/meson.build b/rules.d/meson.build +index c5c3590b29..7e0bd89200 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -5,6 +5,7 @@ install_data( + install_dir : udevrulesdir) + + rules = files(''' ++ 40-elevator.rules + 40-redhat.rules + 60-autosuspend.rules + 60-block.rules diff --git a/SOURCES/0017-Revert-udev-remove-WAIT_FOR-key.patch b/SOURCES/0017-Revert-udev-remove-WAIT_FOR-key.patch deleted file mode 100644 index fefbc84..0000000 --- a/SOURCES/0017-Revert-udev-remove-WAIT_FOR-key.patch +++ /dev/null @@ -1,137 +0,0 @@ -From ba508dc60d5f62d8821242eebf50efcfbddd1428 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Tue, 10 Aug 2021 14:46:16 +0200 -Subject: [PATCH] Revert "udev: remove WAIT_FOR key" - -This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f. - -RHEL-only - -Resolves: #1982666 ---- - man/udev.xml | 9 +++++++ - src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++ - test/rule-syntax-check.py | 2 +- - 3 files changed, 66 insertions(+), 1 deletion(-) - -diff --git a/man/udev.xml b/man/udev.xml -index f6ea2abc12..ce96e201e4 100644 ---- a/man/udev.xml -+++ b/man/udev.xml -@@ -592,6 +592,15 @@ - - - -+ -+ WAIT_FOR -+ -+ Wait for a file to become available or until a timeout of -+ 10 seconds expires. The path is relative to the sysfs device; -+ if no path is specified, this waits for an attribute to appear. -+ -+ -+ - - OPTIONS - -diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c -index bf997fc0ed..a02a7a1bc6 100644 ---- a/src/udev/udev-rules.c -+++ b/src/udev/udev-rules.c -@@ -78,6 +78,7 @@ typedef enum { - TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */ - TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */ - TK_M_DRIVER, /* string, sd_device_get_driver() */ -+ TK_M_WAITFOR, - TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */ - TK_M_SYSCTL, /* string, takes kernel parameter through attribute */ - -@@ -415,6 +416,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token - rule_line->current_token = token; - } - -+#define WAIT_LOOP_PER_SECOND 50 -+static int wait_for_file(sd_device *dev, const char *file, int timeout) { -+ char filepath[UDEV_PATH_SIZE]; -+ char devicepath[UDEV_PATH_SIZE]; -+ struct stat stats; -+ int loop = timeout * WAIT_LOOP_PER_SECOND; -+ -+ /* a relative path is a device attribute */ -+ devicepath[0] = '\0'; -+ if (file[0] != '/') { -+ const char *val; -+ int r; -+ -+ r = sd_device_get_syspath(dev, &val); -+ if (r < 0) -+ return r; -+ strscpyl(devicepath, sizeof(devicepath), val, NULL); -+ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL); -+ file = filepath; -+ } -+ -+ while (--loop) { -+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND }; -+ -+ /* lookup file */ -+ if (stat(file, &stats) == 0) { -+ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1); -+ return 0; -+ } -+ /* make sure, the device did not disappear in the meantime */ -+ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) { -+ log_debug("device disappeared while waiting for '%s'", file); -+ return -2; -+ } -+ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND); -+ nanosleep(&duration, NULL); -+ } -+ log_debug("waiting for '%s' failed", file); -+ return -1; -+} -+ - static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) { - UdevRuleToken *token; - UdevRuleMatchType match_type = _MATCH_TYPE_INVALID; -@@ -957,6 +999,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp - r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd)); - } else - return log_token_invalid_attr(rules, key); -+ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) { -+ if (op == OP_REMOVE) -+ return log_token_invalid_op(rules, key); -+ -+ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL); -+ return 1; - } else if (streq(key, "GOTO")) { - if (attr) - return log_token_invalid_attr(rules, key); -@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event( - - return token_match_string(token, val); - } -+ case TK_M_WAITFOR: { -+ char filename[UDEV_PATH_SIZE]; -+ int found; -+ -+ udev_event_apply_format(event, token->value, filename, sizeof(filename), false); -+ found = (wait_for_file(event->dev, filename, 10) == 0); -+ return found || (token->op == OP_NOMATCH); -+ } - case TK_M_ATTR: - case TK_M_PARENTS_ATTR: - return token_match_attr(token, dev, event); -diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py -index 9a9e4d1658..0649bcf58e 100755 ---- a/test/rule-syntax-check.py -+++ b/test/rule-syntax-check.py -@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D - # PROGRAM can also be specified as an assignment. - program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$') - args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$') --no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') -+no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') - args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$') - # Find comma-separated groups, but allow commas that are inside quoted strings. - # Using quoted_string_re + '?' so that strings missing the last double quote diff --git a/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch new file mode 100644 index 0000000..53151bd --- /dev/null +++ b/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch @@ -0,0 +1,26 @@ +From 41ccc595538752f04f88c80fe7a9e283d4ef12c4 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 22 Sep 2021 14:38:00 +0200 +Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target + +RHEL-only + +Related: #2000927 +--- + units/meson.build | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index 69d53f4259..9eb535858a 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -159,8 +159,7 @@ units = [ + ['time-set.target', ''], + ['time-sync.target', ''], + ['timers.target', ''], +- ['tmp.mount', '', +- 'local-fs.target.wants/'], ++ ['tmp.mount', ''], + ['umount.target', ''], + ['usb-gadget.target', ''], + ['user.slice', ''], diff --git a/SOURCES/0018-Really-don-t-enable-systemd-journald-audit.socket.patch b/SOURCES/0018-Really-don-t-enable-systemd-journald-audit.socket.patch deleted file mode 100644 index 1cb31e0..0000000 --- a/SOURCES/0018-Really-don-t-enable-systemd-journald-audit.socket.patch +++ /dev/null @@ -1,25 +0,0 @@ -From bdea01b16bedae5fdba3e9a12a864087cfb4b040 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Wed, 25 Aug 2021 16:03:04 +0200 -Subject: [PATCH] Really don't enable systemd-journald-audit.socket - -RHEL-only - -Resolves: #1973856 ---- - units/systemd-journald.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index d981273b07..f190dff5fb 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -33,7 +33,7 @@ RestrictRealtime=yes - RestrictSUIDSGID=yes - RuntimeDirectory=systemd/journal - RuntimeDirectoryPreserve=yes --Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket -+Sockets=systemd-journald.socket systemd-journald-dev-log.socket - StandardOutput=null - SystemCallArchitectures=native - SystemCallErrorNumber=EPERM diff --git a/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch new file mode 100644 index 0000000..ffec2d6 --- /dev/null +++ b/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -0,0 +1,59 @@ +From 4ec48c87803916e90a8f30afae6c8bdee5bb9ba5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 1 Aug 2018 13:19:39 +0200 +Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value + +This should be hopefully high enough even for the very big deployments. + +RHEL-only + +Resolves: #2003031 +--- + man/systemd-system.conf.xml | 4 ++-- + src/core/main.c | 2 +- + src/core/system.conf.in | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml +index 3805a010e2..b8e2b65625 100644 +--- a/man/systemd-system.conf.xml ++++ b/man/systemd-system.conf.xml +@@ -404,10 +404,10 @@ + Configure the default value for the per-unit TasksMax= setting. See + systemd.resource-control5 + for details. This setting applies to all unit types that support resource control settings, with the exception +- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= ++ of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= + and root cgroup pids.max. + Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. +- For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, ++ For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 26214, + but might be greater in other systems or smaller in OS containers. + + +diff --git a/src/core/main.c b/src/core/main.c +index 57aedb9b93..7ea848ebeb 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -98,7 +98,7 @@ + #include + #endif + +-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ ++#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */ + + static enum { + ACTION_RUN, +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 96fb64d2c1..c0dc6a7e17 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -54,7 +54,7 @@ + #DefaultBlockIOAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultTasksAccounting=yes +-#DefaultTasksMax=15% ++#DefaultTasksMax=80% + #DefaultLimitCPU= + #DefaultLimitFSIZE= + #DefaultLimitDATA= diff --git a/SOURCES/0019-rules-add-elevator-kernel-command-line-parameter.patch b/SOURCES/0019-rules-add-elevator-kernel-command-line-parameter.patch deleted file mode 100644 index aef4cd1..0000000 --- a/SOURCES/0019-rules-add-elevator-kernel-command-line-parameter.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f583f3db3533bb2b3db1646d6afa74613fca46a6 Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Tue, 12 Feb 2019 16:58:16 +0100 -Subject: [PATCH] rules: add elevator= kernel command line parameter - -Kernel removed the elevator= option, so let's reintroduce -it for rhel8 via udev rule. - -RHEL-only - -Resolves: #2003002 ---- - rules.d/40-elevator.rules | 20 ++++++++++++++++++++ - rules.d/meson.build | 1 + - 2 files changed, 21 insertions(+) - create mode 100644 rules.d/40-elevator.rules - -diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules -new file mode 100644 -index 0000000000..dbe8fc81a4 ---- /dev/null -+++ b/rules.d/40-elevator.rules -@@ -0,0 +1,20 @@ -+# We aren't adding devices skip the elevator check -+ACTION!="add", GOTO="sched_out" -+ -+SUBSYSTEM!="block", GOTO="sched_out" -+ENV{DEVTYPE}!="disk", GOTO="sched_out" -+ -+# Technically, dm-multipath can be configured to use an I/O scheduler. -+# However, there are races between the 'add' uevent and the linking in -+# of the queue/scheduler sysfs file. For now, just skip dm- devices. -+KERNEL=="dm-*|md*", GOTO="sched_out" -+ -+# Skip bio-based devices, which don't support an I/O scheduler. -+ATTR{queue/scheduler}=="none", GOTO="sched_out" -+ -+# If elevator= is specified on the kernel command line, change the -+# scheduler to the one specified. -+IMPORT{cmdline}="elevator" -+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}" -+ -+LABEL="sched_out" -\ No newline at end of file -diff --git a/rules.d/meson.build b/rules.d/meson.build -index 72632979fa..b41c50cad3 100644 ---- a/rules.d/meson.build -+++ b/rules.d/meson.build -@@ -5,6 +5,7 @@ install_data( - install_dir : udevrulesdir) - - rules = files(''' -+ 40-elevator.rules - 40-redhat.rules - 60-autosuspend.rules - 60-block.rules diff --git a/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch b/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch new file mode 100644 index 0000000..4fff5b0 --- /dev/null +++ b/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch @@ -0,0 +1,25 @@ +From 7344cdfb2792f67e50848f87eced21cded226d4a Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Mon, 25 Jan 2021 16:19:56 +0100 +Subject: [PATCH] set core ulimit to 0 like on RHEL-7 + +RHEL-only + +Resolves: #1998509 +--- + src/core/system.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index c0dc6a7e17..5913b5b0e4 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -59,7 +59,7 @@ + #DefaultLimitFSIZE= + #DefaultLimitDATA= + #DefaultLimitSTACK= +-#DefaultLimitCORE= ++DefaultLimitCORE=0:infinity + #DefaultLimitRSS= + #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} + #DefaultLimitAS= diff --git a/SOURCES/0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch b/SOURCES/0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch deleted file mode 100644 index 5f5581f..0000000 --- a/SOURCES/0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 9c67a1570d89ff462cb51f4b2a6d2ed0af8e2e9c Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 30 Aug 2021 18:38:09 +0200 -Subject: [PATCH] boot: don't build bootctl when -Dgnu-efi=false is set - -(cherry picked from commit fbe3a414e1d8f7b05dccf3d24d4fa475eb9c6bc9) - -Resolves: #2003130 ---- - meson.build | 8 +++++--- - shell-completion/bash/meson.build | 2 +- - shell-completion/zsh/meson.build | 2 +- - units/meson.build | 2 +- - 4 files changed, 8 insertions(+), 6 deletions(-) - -diff --git a/meson.build b/meson.build -index 738879eb21..d28f04607a 100644 ---- a/meson.build -+++ b/meson.build -@@ -1608,6 +1608,10 @@ else - endif - conf.set10('ENABLE_EFI', have) - -+subdir('src/fundamental') -+subdir('src/boot/efi') -+conf.set10('HAVE_GNU_EFI', have_gnu_efi) -+ - ############################################################ - - build_bpf_skel_py = find_program('tools/build-bpf-skel.py') -@@ -1660,7 +1664,6 @@ includes = [libsystemd_includes, include_directories('src/shared')] - - subdir('po') - subdir('catalog') --subdir('src/fundamental') - subdir('src/basic') - subdir('src/libsystemd') - subdir('src/shared') -@@ -1751,7 +1754,6 @@ subdir('src/journal') - subdir('src/libsystemd-network') - - subdir('src/analyze') --subdir('src/boot/efi') - subdir('src/busctl') - subdir('src/coredump') - subdir('src/cryptenroll') -@@ -2145,7 +2147,7 @@ if conf.get('HAVE_PAM') == 1 - install_dir : rootlibexecdir) - endif - --if conf.get('ENABLE_EFI') == 1 and conf.get('HAVE_BLKID') == 1 -+if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1 - public_programs += executable( - 'bootctl', - 'src/boot/bootctl.c', -diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build -index c26b413d92..bfdd2b01f0 100644 ---- a/shell-completion/bash/meson.build -+++ b/shell-completion/bash/meson.build -@@ -33,7 +33,7 @@ items = [['busctl', ''], - ['systemd-run', ''], - ['udevadm', ''], - ['kernel-install', ''], -- ['bootctl', 'ENABLE_EFI'], -+ ['bootctl', 'HAVE_GNU_EFI'], - ['coredumpctl', 'ENABLE_COREDUMP'], - ['homectl', 'ENABLE_HOMED'], - ['hostnamectl', 'ENABLE_HOSTNAMED'], -diff --git a/shell-completion/zsh/meson.build b/shell-completion/zsh/meson.build -index f5f9b0f993..3a92f303b8 100644 ---- a/shell-completion/zsh/meson.build -+++ b/shell-completion/zsh/meson.build -@@ -28,7 +28,7 @@ items = [['_busctl', ''], - ['_sd_outputmodes', ''], - ['_sd_unit_files', ''], - ['_sd_machines', ''], -- ['_bootctl', 'ENABLE_EFI'], -+ ['_bootctl', 'HAVE_GNU_EFI'], - ['_coredumpctl', 'ENABLE_COREDUMP'], - ['_hostnamectl', 'ENABLE_HOSTNAMED'], - ['_localectl', 'ENABLE_LOCALED'], -diff --git a/units/meson.build b/units/meson.build -index 68be8d0108..27a2b60137 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -102,7 +102,7 @@ units = [ - ['systemd-ask-password-wall.path', '', - 'multi-user.target.wants/'], - ['systemd-ask-password-wall.service', ''], -- ['systemd-boot-system-token.service', 'ENABLE_EFI', -+ ['systemd-boot-system-token.service', 'HAVE_GNU_EFI', - 'sysinit.target.wants/'], - ['systemd-coredump.socket', 'ENABLE_COREDUMP', - 'sockets.target.wants/'], diff --git a/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch b/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch new file mode 100644 index 0000000..4651c6e --- /dev/null +++ b/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch @@ -0,0 +1,27 @@ +From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 4 Nov 2021 12:31:32 +0100 +Subject: [PATCH] ci: use C9S chroots in Packit + +rhel-only +Related: #2017035 +--- + .packit.yml | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index 3461bccbc5..ce8782aae2 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -37,9 +37,8 @@ jobs: + trigger: pull_request + metadata: + targets: +- # FIXME: change to CentOS 9 once it's available +- - fedora-34-x86_64 +- - fedora-34-aarch64 ++ - centos-stream-9-x86_64 ++ - centos-stream-9-aarch64 + + # TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184 + # Run tests (via testing farm) diff --git a/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch b/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch new file mode 100644 index 0000000..1e2a147 --- /dev/null +++ b/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch @@ -0,0 +1,136 @@ +From 68199fe69a2c46e498bc7e9528d54922deecc553 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 14 Sep 2020 17:58:03 +0200 +Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() + +https://bugzilla.redhat.com/show_bug.cgi?id=1803070 + +I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different +than the one we get from /proc/self/fdinfo/. This only matters when both statx and +name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: + +(gdb) !uname -r +5.6.19-200.fc31.ppc64le + +(gdb) !cat /proc/self/mountinfo +697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== +701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel +702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw +703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 +704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel +705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 +706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 +722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel +725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel +614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate +615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 + +The test process does +name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then +openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then +read(open("/proc/self/fdinfo/4", ...)) which gives +"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" + +and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. + +We could either drop the fallback path (and fail name_to_handle_at() is not +avaliable) or ignore the error in the test. Not sure what is better. I think +this issue only occurs sometimes and with older kernels, so probably continuing +with the current flaky implementation is better than ripping out the fallback. + +Another strace: +writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 +) = 28 +name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 +writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 +) = 20 +name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 +writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 +) = 30 +name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 +writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 +) = 23 +name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) +openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 +openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 +read(5, "", 1024) = 0 +close(5) = 0 +close(4) = 0 +writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 +) = 42 +writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc +) = 39 +writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. +) = 109 +rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 +rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 +getpid() = 20 +gettid() = 20 +tgkill(20, 20, SIGABRT) = 0 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 + +RHEL notes: af918c4 should mitigate this issue, but in some build +systems (Copr, brew, etc.) we don't have enough privileges to create a +new mount namespace + +Cherry-picked manually from https://github.com/systemd/systemd/pull/17050. + +rhel-only +Related: #2017035 +--- + src/test/test-mountpoint-util.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index d11edf502a..9515d8cf7b 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -101,8 +101,12 @@ TEST(mnt_id) { + /* The ids don't match? If so, then there are two mounts on the same path, let's check if + * that's really the case */ + char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); +- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); +- assert_se(path_equal(p, t)); ++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); ++ ++ if (!path_equal(p, t)) ++ /* Apparent kernel bug in /proc/self/fdinfo */ ++ log_warning("Bad mount id given for %s: %d, should be %d", ++ p, mnt_id2, mnt_id); + } + } + diff --git a/SOURCES/0021-unit-install-the-systemd-bless-boot.service-only-if-.patch b/SOURCES/0021-unit-install-the-systemd-bless-boot.service-only-if-.patch deleted file mode 100644 index 681d599..0000000 --- a/SOURCES/0021-unit-install-the-systemd-bless-boot.service-only-if-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8f08b876d44d96b3f255ac5275a1daa3ccf9a801 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Tue, 21 Sep 2021 22:47:42 +0200 -Subject: [PATCH] unit: install the systemd-bless-boot.service only if we have - gnu-efi - -Follow-up to #20591. - -(cherry picked from commit 220261ef940a126588b20a1765a2501811473839) - -Related: #2003130 ---- - units/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/meson.build b/units/meson.build -index 27a2b60137..e06d883cd2 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -179,7 +179,7 @@ in_units = [ - ['systemd-backlight@.service', 'ENABLE_BACKLIGHT'], - ['systemd-binfmt.service', 'ENABLE_BINFMT', - 'sysinit.target.wants/'], -- ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'], -+ ['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'], - ['systemd-boot-check-no-failures.service', ''], - ['systemd-coredump@.service', 'ENABLE_COREDUMP'], - ['systemd-pstore.service', 'ENABLE_PSTORE'], diff --git a/SOURCES/0022-Treat-EPERM-as-not-available-too.patch b/SOURCES/0022-Treat-EPERM-as-not-available-too.patch new file mode 100644 index 0000000..4d356d0 --- /dev/null +++ b/SOURCES/0022-Treat-EPERM-as-not-available-too.patch @@ -0,0 +1,30 @@ +From 3c54c67a7fc65dc5b49b2452739c19b94eeb98a9 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 21 Dec 2021 10:46:17 +0100 +Subject: [PATCH] Treat EPERM as "not available" too + +We need to do this because idmapped mounts habe been disabled in RHEL-9 +kernel: https://bugzilla.redhat.com/show_bug.cgi?id=2018141 . + +RHEL-only + +Fixes #55 + +Related: #2017035 +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 8f17ab8810..9225c8f162 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -3780,7 +3780,7 @@ static int outer_child( + arg_uid_shift != 0) { + + r = remount_idmap(directory, arg_uid_shift, arg_uid_range); +- if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) { ++ if (IN_SET(r, -EINVAL, -EPERM) || ERRNO_IS_NOT_SUPPORTED(r)) { + /* This might fail because the kernel or file system doesn't support idmapping. We + * can't really distinguish this nicely, nor do we have any guarantees about the + * error codes we see, could be EOPNOTSUPP or EINVAL. */ diff --git a/SOURCES/0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/SOURCES/0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch deleted file mode 100644 index 65ee29b..0000000 --- a/SOURCES/0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +++ /dev/null @@ -1,26 +0,0 @@ -From ab1ecca56e5a1cc5ad120958b1bb94c7854f3795 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 22 Sep 2021 14:38:00 +0200 -Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target - -RHEL-only - -Related: #2000927 ---- - units/meson.build | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/units/meson.build b/units/meson.build -index e06d883cd2..40487d123e 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -154,8 +154,7 @@ units = [ - ['time-set.target', ''], - ['time-sync.target', ''], - ['timers.target', ''], -- ['tmp.mount', '', -- 'local-fs.target.wants/'], -+ ['tmp.mount', ''], - ['umount.target', ''], - ['usb-gadget.target', ''], - ['user.slice', ''], diff --git a/SOURCES/0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/SOURCES/0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch deleted file mode 100644 index c67bb3a..0000000 --- a/SOURCES/0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 50a744391dbb1130d38b44700ae7e6649fcc9ffb Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 1 Aug 2018 13:19:39 +0200 -Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value - -This should be hopefully high enough even for the very big deployments. - -RHEL-only - -Resolves: #2003031 ---- - man/systemd-system.conf.xml | 4 ++-- - src/core/main.c | 2 +- - src/core/system.conf.in | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index c11dd46143..72c8db5890 100644 ---- a/man/systemd-system.conf.xml -+++ b/man/systemd-system.conf.xml -@@ -389,10 +389,10 @@ - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= -+ of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= - and root cgroup pids.max. - Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. -- For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, -+ For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 26214, - but might be greater in other systems or smaller in OS containers. - - -diff --git a/src/core/main.c b/src/core/main.c -index da6c50a1c4..f4fe7517fd 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -92,7 +92,7 @@ - #include - #endif - --#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ -+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */ - - static enum { - ACTION_RUN, -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index e88280bd0a..f2c75fcd32 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -54,7 +54,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} - #DefaultTasksAccounting=yes --#DefaultTasksMax=15% -+#DefaultTasksMax=80% - #DefaultLimitCPU= - #DefaultLimitFSIZE= - #DefaultLimitDATA= diff --git a/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch b/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch new file mode 100644 index 0000000..ea3e2fd --- /dev/null +++ b/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch @@ -0,0 +1,39 @@ +From 324d99159e1e64d78a580073626f5b645f1c3639 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 31 Jan 2022 14:19:09 +0100 +Subject: [PATCH] test: copy portable profiles into the image if they don't + exist there + +If we're built with `-Dportable=false`, the portable profiles won't get +installed into the image. Since we need only the profile files and +nothing else, let's copy them into the image explicitly in such case. + +(cherry picked from commit 6f73ef8b30803ac1be1b2607aec1a89d778caa9a) + +Related: #2017035 +--- + test/test-functions | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 218d0e6888..35d8f074a9 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1151,6 +1151,17 @@ install_systemd() { + mkdir -p "$initdir/etc/systemd/system/service.d/" + echo -e "[Service]\nProtectSystem=no\nProtectHome=no\n" >"$initdir/etc/systemd/system/service.d/gcov-override.conf" + fi ++ ++ # If we're built with -Dportabled=false, tests with systemd-analyze ++ # --profile will fail. Since we need just the profile (text) files, let's ++ # copy them into the image if they don't exist there. ++ local portable_dir="${initdir:?}${ROOTLIBDIR:?}/portable" ++ if [[ ! -d "$portable_dir/profile/strict" ]]; then ++ dinfo "Couldn't find portable profiles in the test image" ++ dinfo "Copying them directly from the source tree" ++ mkdir -p "$portable_dir" ++ cp -frv "${SOURCE_DIR:?}/src/portable/profile" "$portable_dir" ++ fi + } + + get_ldpath() { diff --git a/SOURCES/0024-sd-device-introduce-device_has_devlink.patch b/SOURCES/0024-sd-device-introduce-device_has_devlink.patch deleted file mode 100644 index c6fce49..0000000 --- a/SOURCES/0024-sd-device-introduce-device_has_devlink.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9c46b3e584fbb7be0a9e93471d30f2885bd194c9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:22:15 +0900 -Subject: [PATCH] sd-device: introduce device_has_devlink() - -(cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f) - -Related: #2005024 ---- - src/libsystemd/sd-device/device-private.h | 1 + - src/libsystemd/sd-device/sd-device.c | 7 +++++++ - 2 files changed, 8 insertions(+) - -diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h -index fe268d7f2f..9bb5eff208 100644 ---- a/src/libsystemd/sd-device/device-private.h -+++ b/src/libsystemd/sd-device/device-private.h -@@ -32,6 +32,7 @@ void device_set_db_persist(sd_device *device); - void device_set_devlink_priority(sd_device *device, int priority); - int device_ensure_usec_initialized(sd_device *device, sd_device *device_old); - int device_add_devlink(sd_device *device, const char *devlink); -+bool device_has_devlink(sd_device *device, const char *devlink); - int device_add_property(sd_device *device, const char *property, const char *value); - int device_add_tag(sd_device *device, const char *tag, bool both); - void device_remove_tag(sd_device *device, const char *tag); -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 388128bf33..8a9e4a33a1 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -1193,6 +1193,13 @@ int device_add_devlink(sd_device *device, const char *devlink) { - return 0; - } - -+bool device_has_devlink(sd_device *device, const char *devlink) { -+ assert(device); -+ assert(devlink); -+ -+ return set_contains(device->devlinks, devlink); -+} -+ - static int device_add_property_internal_from_string(sd_device *device, const char *str) { - _cleanup_free_ char *key = NULL; - char *value; diff --git a/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch b/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch new file mode 100644 index 0000000..b9734d3 --- /dev/null +++ b/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch @@ -0,0 +1,43 @@ +From 16908e1ec833d857cb418712c382c6f604426b36 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 1 Feb 2022 20:18:29 +0100 +Subject: [PATCH] test: introduce `get_cgroup_hierarchy() helper + +which returns the host's cgroup hierarchy (unified, hybrid, or legacy). + +(cherry picked from commit f723740871bd3eb89d16a526a1ff77c04bb3787a) + +Related: #2047768 +--- + test/test-functions | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 35d8f074a9..4827b6bedf 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1996,6 +1996,24 @@ import_initdir() { + export initdir + } + ++get_cgroup_hierarchy() { ++ case "$(stat -c '%T' -f /sys/fs/cgroup)" in ++ cgroup2fs) ++ echo "unified" ++ ;; ++ tmpfs) ++ if [[ -d /sys/fs/cgroup/unified && "$(stat -c '%T' -f /sys/fs/cgroup/unified)" == cgroup2fs ]]; then ++ echo "hybrid" ++ else ++ echo "legacy" ++ fi ++ ;; ++ *) ++ dfatal "Failed to determine host's cgroup hierarchy" ++ exit 1 ++ esac ++} ++ + ## @brief Converts numeric logging level to the first letter of level name. + # + # @param lvl Numeric logging level in range from 1 to 6. diff --git a/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch b/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch new file mode 100644 index 0000000..1bf03cd --- /dev/null +++ b/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch @@ -0,0 +1,30 @@ +From 523e72e97d7c945114b54b726eaab0d379fb35fb Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 1 Feb 2022 20:25:00 +0100 +Subject: [PATCH] test: require unified cgroup hierarchy for TEST-56 + +since cgroup empty notifications are unreliable in legacy cgroups. + +See: systemd/systemd#22320 +Complements: systemd/systemd#22344 +(cherry picked from commit e2620820188428de7086f5e8ac41305177f70954) + +Related: #2047768 +--- + test/TEST-56-EXIT-TYPE/test.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/test/TEST-56-EXIT-TYPE/test.sh b/test/TEST-56-EXIT-TYPE/test.sh +index 0f84dca1ba..37475e817e 100755 +--- a/test/TEST-56-EXIT-TYPE/test.sh ++++ b/test/TEST-56-EXIT-TYPE/test.sh +@@ -6,4 +6,9 @@ TEST_DESCRIPTION="test ExitType=cgroup" + # shellcheck source=test/test-functions + . "${TEST_BASE_DIR:?}/test-functions" + ++if [[ "$(get_cgroup_hierarchy)" != unified ]]; then ++ echo "This test requires unified cgroup hierarchy, skipping..." ++ exit 0 ++fi ++ + do_test "$@" diff --git a/SOURCES/0025-udev-node-split-out-permission-handling-from-udev_no.patch b/SOURCES/0025-udev-node-split-out-permission-handling-from-udev_no.patch deleted file mode 100644 index cddb90d..0000000 --- a/SOURCES/0025-udev-node-split-out-permission-handling-from-udev_no.patch +++ /dev/null @@ -1,305 +0,0 @@ -From a4fba2d79634d660ed2014e18cb85eea090b6413 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:24:15 +0900 -Subject: [PATCH] udev-node: split out permission handling from udev_node_add() - -And then merge udev_node_add() and udev_node_update_old_links(). - -(cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d) - -Related: #2005024 ---- - src/udev/udev-event.c | 9 +- - src/udev/udev-node.c | 204 +++++++++++++++++++----------------------- - src/udev/udev-node.h | 12 ++- - 3 files changed, 106 insertions(+), 119 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index b28089be71..8b9f8aecfe 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -895,9 +895,6 @@ static int update_devnode(UdevEvent *event) { - if (r < 0) - return log_device_error_errno(dev, r, "Failed to get devnum: %m"); - -- /* remove/update possible left-over symlinks from old database entry */ -- (void) udev_node_update_old_links(dev, event->dev_db_clone); -- - if (!uid_is_valid(event->uid)) { - r = device_get_devnode_uid(dev, &event->uid); - if (r < 0 && r != -ENOENT) -@@ -921,7 +918,11 @@ static int update_devnode(UdevEvent *event) { - - bool apply_mac = device_for_action(dev, SD_DEVICE_ADD); - -- return udev_node_add(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); -+ r = udev_node_apply_permissions(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); -+ if (r < 0) -+ return log_device_error_errno(dev, r, "Failed to apply devnode permissions: %m"); -+ -+ return udev_node_update(dev, event->dev_db_clone); - } - - static int event_execute_rules_on_remove( -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 9e52906571..7cc9ee3670 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -356,45 +356,117 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; - } - --int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { -- const char *name; -+static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { -+ const char *subsystem; -+ dev_t devnum; -+ int r; -+ -+ assert(dev); -+ assert(ret); -+ -+ r = sd_device_get_subsystem(dev, &subsystem); -+ if (r < 0) -+ return r; -+ -+ r = sd_device_get_devnum(dev, &devnum); -+ if (r < 0) -+ return r; -+ -+ return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); -+} -+ -+int udev_node_update(sd_device *dev, sd_device *dev_old) { -+ _cleanup_free_ char *filename = NULL; -+ const char *devnode, *devlink; - int r; - - assert(dev); - assert(dev_old); - -- /* update possible left-over symlinks */ -- FOREACH_DEVICE_DEVLINK(dev_old, name) { -- const char *name_current; -- bool found = false; -+ r = sd_device_get_devname(dev, &devnode); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); - -- /* check if old link name still belongs to this device */ -- FOREACH_DEVICE_DEVLINK(dev, name_current) -- if (streq(name, name_current)) { -- found = true; -- break; -- } -+ if (DEBUG_LOGGING) { -+ const char *id = NULL; - -- if (found) -+ (void) device_get_device_id(dev, &id); -+ log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); -+ } -+ -+ /* update possible left-over symlinks */ -+ FOREACH_DEVICE_DEVLINK(dev_old, devlink) { -+ /* check if old link name still belongs to this device */ -+ if (device_has_devlink(dev, devlink)) - continue; - - log_device_debug(dev, -- "Updating old device symlink '%s', which is no longer belonging to this device.", -- name); -+ "Removing/updating old device symlink '%s', which is no longer belonging to this device.", -+ devlink); - -- r = link_update(dev, name, false); -+ r = link_update(dev, devlink, /* add = */ false); - if (r < 0) - log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- name); -+ "Failed to remove/update device symlink '%s', ignoring: %m", -+ devlink); - } - -+ /* create/update symlinks, add symlinks to name index */ -+ FOREACH_DEVICE_DEVLINK(dev, devlink) { -+ r = link_update(dev, devlink, /* add = */ true); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to create/update device symlink '%s', ignoring: %m", -+ devlink); -+ } -+ -+ r = device_get_devpath_by_devnum(dev, &filename); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -+ -+ /* always add /dev/{block,char}/$major:$minor */ -+ r = node_symlink(dev, devnode, filename); -+ if (r < 0) -+ return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); -+ -+ return 0; -+} -+ -+int udev_node_remove(sd_device *dev) { -+ _cleanup_free_ char *filename = NULL; -+ const char *devlink; -+ int r; -+ -+ assert(dev); -+ -+ /* remove/update symlinks, remove symlinks from name index */ -+ FOREACH_DEVICE_DEVLINK(dev, devlink) { -+ r = link_update(dev, devlink, /* add = */ false); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to remove/update device symlink '%s', ignoring: %m", -+ devlink); -+ } -+ -+ r = device_get_devpath_by_devnum(dev, &filename); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -+ -+ /* remove /dev/{block,char}/$major:$minor */ -+ if (unlink(filename) < 0 && errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); -+ - return 0; - } - --static int node_permissions_apply(sd_device *dev, bool apply_mac, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list) { -+int udev_node_apply_permissions( -+ sd_device *dev, -+ bool apply_mac, -+ mode_t mode, -+ uid_t uid, -+ gid_t gid, -+ OrderedHashmap *seclabel_list) { -+ - const char *devnode, *subsystem, *id = NULL; - bool apply_mode, apply_uid, apply_gid; - _cleanup_close_ int node_fd = -1; -@@ -511,95 +583,5 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - if (r < 0) - log_device_debug_errno(dev, r, "Failed to adjust timestamp of node %s: %m", devnode); - -- return r; --} -- --static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) { -- const char *subsystem; -- dev_t devnum; -- int r; -- -- assert(ret); -- -- r = sd_device_get_subsystem(dev, &subsystem); -- if (r < 0) -- return r; -- -- r = sd_device_get_devnum(dev, &devnum); -- if (r < 0) -- return r; -- -- return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); --} -- --int udev_node_add(sd_device *dev, bool apply, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list) { -- const char *devnode, *devlink; -- _cleanup_free_ char *filename = NULL; -- int r; -- -- assert(dev); -- -- r = sd_device_get_devname(dev, &devnode); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); -- -- if (DEBUG_LOGGING) { -- const char *id = NULL; -- -- (void) device_get_device_id(dev, &id); -- log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); -- } -- -- r = node_permissions_apply(dev, apply, mode, uid, gid, seclabel_list); -- if (r < 0) -- return r; -- -- /* create/update symlinks, add symlinks to name index */ -- FOREACH_DEVICE_DEVLINK(dev, devlink) { -- r = link_update(dev, devlink, true); -- if (r < 0) -- log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- devlink); -- } -- -- r = xsprintf_dev_num_path_from_sd_device(dev, &filename); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -- -- /* always add /dev/{block,char}/$major:$minor */ -- r = node_symlink(dev, devnode, filename); -- if (r < 0) -- return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); -- -- return 0; --} -- --int udev_node_remove(sd_device *dev) { -- _cleanup_free_ char *filename = NULL; -- const char *devlink; -- int r; -- -- assert(dev); -- -- /* remove/update symlinks, remove symlinks from name index */ -- FOREACH_DEVICE_DEVLINK(dev, devlink) { -- r = link_update(dev, devlink, false); -- if (r < 0) -- log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- devlink); -- } -- -- r = xsprintf_dev_num_path_from_sd_device(dev, &filename); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -- -- /* remove /dev/{block,char}/$major:$minor */ -- if (unlink(filename) < 0 && errno != ENOENT) -- return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); -- - return 0; - } -diff --git a/src/udev/udev-node.h b/src/udev/udev-node.h -index 2349f9c471..a34af77146 100644 ---- a/src/udev/udev-node.h -+++ b/src/udev/udev-node.h -@@ -8,10 +8,14 @@ - - #include "hashmap.h" - --int udev_node_add(sd_device *dev, bool apply, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list); -+int udev_node_apply_permissions( -+ sd_device *dev, -+ bool apply_mac, -+ mode_t mode, -+ uid_t uid, -+ gid_t gid, -+ OrderedHashmap *seclabel_list); - int udev_node_remove(sd_device *dev); --int udev_node_update_old_links(sd_device *dev, sd_device *dev_old); -+int udev_node_update(sd_device *dev, sd_device *dev_old); - - size_t udev_node_escape_path(const char *src, char *dest, size_t size); diff --git a/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch b/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch new file mode 100644 index 0000000..b04e74a --- /dev/null +++ b/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch @@ -0,0 +1,671 @@ +From 845417e653b42b8f3928c68955bd6416f2fa4509 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 1 Feb 2022 12:06:59 +0100 +Subject: [PATCH] tests: rework test macros to not take code as parameters + +C macros are nasty. We use them, but we try to be conservative with +them. In particular passing literal, complex code blocks as argument is +icky, because of "," handling of C, and also because it's quite a +challange for most code highlighters and similar. Hence, let's avoid +that. Using macros for genreating functions is OK but if so, the +parameters should be simple words, not full code blocks. + +hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead +of code block as argument. + +As side-effect this also fixes a bunch of cases where we might end up +returning a negative value from main(). + +Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the +main() functions, these are replaced by static variables, and their +destructors by the static destructor logic. + +This doesn't fix any bugs or so, it's just supposed to make the code +easier to work with and improve it easthetically. + +Or in other words: let's use macros where it really makes sense, but +let's not go overboard with it. + +(And yes, FOREACH_DIRENT() is another one of those macros that take +code, and I dislike that too and regret I ever added that.) + +(cherry picked from commit 99839c7ebd4b83a5b0d5982d669cfe10d1252e1f) + +Related: #2017035 +--- + src/shared/tests.h | 25 +++++++++++++----- + src/test/test-barrier.c | 46 +++++++++++++++++---------------- + src/test/test-cgroup-setup.c | 15 ++++++----- + src/test/test-chown-rec.c | 15 ++++++----- + src/test/test-format-table.c | 14 +++++----- + src/test/test-fs-util.c | 7 ++++- + src/test/test-hashmap.c | 16 +++++++++--- + src/test/test-install-root.c | 14 +++++++--- + src/test/test-load-fragment.c | 21 ++++++++------- + src/test/test-mountpoint-util.c | 30 +++++++++++---------- + src/test/test-namespace.c | 15 ++++++----- + src/test/test-proc-cmdline.c | 15 ++++++----- + src/test/test-process-util.c | 7 ++++- + src/test/test-sd-hwdb.c | 21 ++++++++------- + src/test/test-serialize.c | 16 ++++++------ + src/test/test-sleep.c | 15 ++++++----- + src/test/test-stat-util.c | 7 ++++- + src/test/test-time-util.c | 6 +++-- + src/test/test-unit-file.c | 7 ++++- + src/test/test-unit-name.c | 21 ++++++++------- + src/test/test-unit-serialize.c | 21 ++++++++------- + src/test/test-utf8.c | 7 ++++- + 22 files changed, 215 insertions(+), 146 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index 3b93aab498..59448f38f6 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -6,6 +6,7 @@ + #include "sd-daemon.h" + + #include "macro.h" ++#include "static-destruct.h" + #include "util.h" + + static inline bool manager_errno_skip_test(int r) { +@@ -109,15 +110,27 @@ static inline int run_test_table(void) { + return r; + } + ++static inline int test_nop(void) { ++ return EXIT_SUCCESS; ++} ++ + #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ + int main(int argc, char *argv[]) { \ +- int _r = EXIT_SUCCESS; \ ++ int _r, _q; \ + test_setup_logging(log_level); \ + save_argc_argv(argc, argv); \ +- intro; \ +- _r = run_test_table(); \ +- outro; \ +- return _r; \ ++ _r = intro(); \ ++ if (_r == EXIT_SUCCESS) \ ++ _r = run_test_table(); \ ++ _q = outro(); \ ++ static_destruct(); \ ++ if (_r < 0) \ ++ return EXIT_FAILURE; \ ++ if (_r != EXIT_SUCCESS) \ ++ return _r; \ ++ if (_q < 0) \ ++ return EXIT_FAILURE; \ ++ return _q; \ + } + +-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) ++#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop) +diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c +index 8998282afb..b87538806a 100644 +--- a/src/test/test-barrier.c ++++ b/src/test/test-barrier.c +@@ -421,25 +421,27 @@ TEST_BARRIER(barrier_pending_exit, + }), + TEST_BARRIER_WAIT_SUCCESS(pid2)); + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- if (!slow_tests_enabled()) +- return log_tests_skipped("slow tests are disabled"); +- +- /* +- * This test uses real-time alarms and sleeps to test for CPU races +- * explicitly. This is highly fragile if your system is under load. We +- * already increased the BASE_TIME value to make the tests more robust, +- * but that just makes the test take significantly longer. Given the recent +- * issues when running the test in a virtualized environments, limit it +- * to bare metal machines only, to minimize false-positives in CIs. +- */ +- int v = detect_virtualization(); +- if (IN_SET(v, -EPERM, -EACCES)) +- return log_tests_skipped("Cannot detect virtualization"); +- +- if (v != VIRTUALIZATION_NONE) +- return log_tests_skipped("This test requires a baremetal machine"); +- }), +- /* no outro */); ++ ++static int intro(void) { ++ if (!slow_tests_enabled()) ++ return log_tests_skipped("slow tests are disabled"); ++ ++ /* ++ * This test uses real-time alarms and sleeps to test for CPU races explicitly. This is highly ++ * fragile if your system is under load. We already increased the BASE_TIME value to make the tests ++ * more robust, but that just makes the test take significantly longer. Given the recent issues when ++ * running the test in a virtualized environments, limit it to bare metal machines only, to minimize ++ * false-positives in CIs. ++ */ ++ ++ int v = detect_virtualization(); ++ if (IN_SET(v, -EPERM, -EACCES)) ++ return log_tests_skipped("Cannot detect virtualization"); ++ ++ if (v != VIRTUALIZATION_NONE) ++ return log_tests_skipped("This test requires a baremetal machine"); ++ ++ return EXIT_SUCCESS; ++ } ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c +index 018992f96d..6f93647685 100644 +--- a/src/test/test-cgroup-setup.c ++++ b/src/test/test-cgroup-setup.c +@@ -64,10 +64,11 @@ TEST(is_wanted) { + test_is_wanted_print_one(false); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) +- return log_tests_skipped("can't read /proc/cmdline"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) ++ return log_tests_skipped("can't read /proc/cmdline"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c +index 53d44566d5..691cfe767f 100644 +--- a/src/test/test-chown-rec.c ++++ b/src/test/test-chown-rec.c +@@ -149,10 +149,11 @@ TEST(chown_recursive) { + assert_se(!has_xattr(p)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- if (geteuid() != 0) +- return log_tests_skipped("not running as root"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (geteuid() != 0) ++ return log_tests_skipped("not running as root"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c +index a3b29ca337..7515a74c12 100644 +--- a/src/test/test-format-table.c ++++ b/src/test/test-format-table.c +@@ -529,10 +529,10 @@ TEST(table) { + "5min 5min \n")); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0); +- assert_se(setenv("COLUMNS", "40", 1) >= 0); +- }), +- /* no outro */); ++static int intro(void) { ++ assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0); ++ assert_se(setenv("COLUMNS", "40", 1) >= 0); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 0e0d91d04e..da5a16b4bc 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -968,4 +968,9 @@ TEST(open_mkdir_at) { + assert_se(subsubdir_fd >= 0); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, arg_test_dir = argv[1], /* no outro */); ++static int intro(void) { ++ arg_test_dir = saved_argv[1]; ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c +index cba0c33a8a..4dc155d818 100644 +--- a/src/test/test-hashmap.c ++++ b/src/test/test-hashmap.c +@@ -158,7 +158,15 @@ TEST(hashmap_put_strdup_null) { + /* This variable allows us to assert that the tests from different compilation units were actually run. */ + int n_extern_tests_run = 0; + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- assert_se(n_extern_tests_run == 0), +- assert_se(n_extern_tests_run == 2)); /* Ensure hashmap and ordered_hashmap were tested. */ ++static int intro(void) { ++ assert_se(n_extern_tests_run == 0); ++ return EXIT_SUCCESS; ++} ++ ++static int outro(void) { ++ /* Ensure hashmap and ordered_hashmap were tested. */ ++ assert_se(n_extern_tests_run == 2); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro); +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index ba715e6d7e..f540a832bd 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -11,8 +11,11 @@ + #include "special.h" + #include "string-util.h" + #include "tests.h" ++#include "tmpfile-util.h" + +-static char root[] = "/tmp/rootXXXXXX"; ++static char *root = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(root, rm_rf_physical_and_freep); + + TEST(basic_mask_and_enable) { + const char *p; +@@ -1239,10 +1242,10 @@ TEST(verify_alias) { + verify_one(&di_inst_template, "goo.target.conf/plain.service", -EXDEV, NULL); + } + +-static void setup_root(void) { ++static int intro(void) { + const char *p; + +- assert_se(mkdtemp(root)); ++ assert_se(mkdtemp_malloc("/tmp/rootXXXXXX", &root) >= 0); + + p = strjoina(root, "/usr/lib/systemd/system/"); + assert_se(mkdir_p(p, 0755) >= 0); +@@ -1264,6 +1267,9 @@ static void setup_root(void) { + + p = strjoina(root, "/usr/lib/systemd/system/graphical.target"); + assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0); ++ ++ return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_root(), assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0)); ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c +index e878979a89..2e105df56a 100644 +--- a/src/test/test-load-fragment.c ++++ b/src/test/test-load-fragment.c +@@ -30,6 +30,10 @@ + /* Nontrivial value serves as a placeholder to check that parsing function (didn't) change it */ + #define CGROUP_LIMIT_DUMMY 3 + ++static char *runtime_dir = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep); ++ + TEST_RET(unit_file_get_set) { + int r; + Hashmap *h; +@@ -894,15 +898,12 @@ TEST(unit_is_recursive_template_dependency) { + assert_se(unit_is_likely_recursive_template_dependency(u, "foobar@foobar@123.mount", "foobar@%n.mount") == 0); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, ++static int intro(void) { ++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) ++ return log_tests_skipped("cgroupfs not available"); + +- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- ({ +- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) +- return log_tests_skipped("cgroupfs not available"); +- +- assert_se(runtime_dir = setup_fake_runtime_dir()); +- }), ++ assert_se(runtime_dir = setup_fake_runtime_dir()); ++ return EXIT_SUCCESS; ++} + +- /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 9515d8cf7b..102d2850bf 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -298,17 +298,19 @@ TEST(fd_is_mount_point) { + assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- /* let's move into our own mount namespace with all propagation from the host turned off, so +- * that /proc/self/mountinfo is static and constant for the whole time our test runs. */ +- if (unshare(CLONE_NEWNS) < 0) { +- if (!ERRNO_IS_PRIVILEGE(errno)) +- return log_error_errno(errno, "Failed to detach mount namespace: %m"); +- +- log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace."); +- } else +- assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0); +- }), +- /* no outro */); ++static int intro(void) { ++ /* let's move into our own mount namespace with all propagation from the host turned off, so ++ * that /proc/self/mountinfo is static and constant for the whole time our test runs. */ ++ ++ if (unshare(CLONE_NEWNS) < 0) { ++ if (!ERRNO_IS_PRIVILEGE(errno)) ++ return log_error_errno(errno, "Failed to detach mount namespace: %m"); ++ ++ log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace."); ++ } else ++ assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c +index 8df5533d6e..f9e34f3bfa 100644 +--- a/src/test/test-namespace.c ++++ b/src/test/test-namespace.c +@@ -220,10 +220,11 @@ TEST(protect_kernel_logs) { + assert_se(wait_for_terminate_and_check("ns-kernellogs", pid, WAIT_LOG) == EXIT_SUCCESS); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- if (!have_namespaces()) +- return log_tests_skipped("Don't have namespace support"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (!have_namespaces()) ++ return log_tests_skipped("Don't have namespace support"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c +index 1c8c9b80b7..064b4d838f 100644 +--- a/src/test/test-proc-cmdline.c ++++ b/src/test/test-proc-cmdline.c +@@ -247,10 +247,11 @@ TEST(proc_cmdline_key_startswith) { + assert_se(!proc_cmdline_key_startswith("foo-bar", "foo_xx")); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) +- return log_tests_skipped("can't read /proc/cmdline"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) ++ return log_tests_skipped("can't read /proc/cmdline"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 06a640b1cc..8661934929 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -895,4 +895,9 @@ TEST(set_oom_score_adjust) { + assert_se(b == a); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c +index 7961c17c4a..88992a6c2b 100644 +--- a/src/test/test-sd-hwdb.c ++++ b/src/test/test-sd-hwdb.c +@@ -52,12 +52,15 @@ TEST(basic_enumerate) { + assert_se(len1 == len2); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; +- int r = sd_hwdb_new(&hwdb); +- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) +- return log_tests_skipped_errno(r, "cannot open hwdb"); +- }), +- /* no outro */); ++static int intro(void) { ++ _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; ++ int r; ++ ++ r = sd_hwdb_new(&hwdb); ++ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) ++ return log_tests_skipped_errno(r, "cannot open hwdb"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c +index fb04b3e7fa..9aeb6c5920 100644 +--- a/src/test/test-serialize.c ++++ b/src/test/test-serialize.c +@@ -10,7 +10,7 @@ + #include "tests.h" + #include "tmpfile-util.h" + +-char long_string[LONG_LINE_MAX+1]; ++static char long_string[LONG_LINE_MAX+1]; + + TEST(serialize_item) { + _cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-serialize.XXXXXX"; +@@ -189,10 +189,10 @@ TEST(serialize_environment) { + assert_se(strv_equal(env, env2)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- memset(long_string, 'x', sizeof(long_string)-1); +- char_array_0(long_string); +- }), +- /* no outro */); ++static int intro(void) { ++ memset(long_string, 'x', sizeof(long_string)-1); ++ char_array_0(long_string); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index 183ad4f7b7..f56e7e0167 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -118,10 +118,11 @@ TEST(sleep) { + log_info("Suspend-then-Hibernate configured and possible: %s", r >= 0 ? yes_no(r) : strerror_safe(r)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- if (getuid() != 0) +- log_warning("This program is unlikely to work for unprivileged users"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (getuid() != 0) ++ log_warning("This program is unlikely to work for unprivileged users"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c +index 0f7b3ca3ce..2965ee679f 100644 +--- a/src/test/test-stat-util.c ++++ b/src/test/test-stat-util.c +@@ -236,4 +236,9 @@ TEST(dir_is_empty) { + assert_se(dir_is_empty_at(AT_FDCWD, empty_dir) > 0); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index 4d0131827e..f21d8b7794 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -588,7 +588,7 @@ TEST(map_clock_usec) { + } + } + +-static void setup_test(void) { ++static int intro(void) { + log_info("realtime=" USEC_FMT "\n" + "monotonic=" USEC_FMT "\n" + "boottime=" USEC_FMT "\n", +@@ -603,6 +603,8 @@ static void setup_test(void) { + uintmax_t x = TIME_T_MAX; + x++; + assert_se((time_t) x < 0); ++ ++ return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_test(), /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c +index 0f8c25c218..6c9f245c7e 100644 +--- a/src/test/test-unit-file.c ++++ b/src/test/test-unit-file.c +@@ -102,4 +102,9 @@ TEST(runlevel_to_target) { + assert_se(streq_ptr(runlevel_to_target("rd.rescue"), SPECIAL_RESCUE_TARGET)); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 6bde9e090d..1f65407e5f 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -23,6 +23,10 @@ + #include "user-util.h" + #include "util.h" + ++static char *runtime_dir = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep); ++ + static void test_unit_name_is_valid_one(const char *name, UnitNameFlags flags, bool expected) { + log_info("%s ( %s%s%s ): %s", + name, +@@ -844,15 +848,12 @@ TEST(unit_name_prefix_equal) { + assert_se(!unit_name_prefix_equal("a", "a")); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, ++static int intro(void) { ++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) ++ return log_tests_skipped("cgroupfs not available"); + +- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- ({ +- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) +- return log_tests_skipped("cgroupfs not available"); +- +- assert_se(runtime_dir = setup_fake_runtime_dir()); +- }), ++ assert_se(runtime_dir = setup_fake_runtime_dir()); ++ return EXIT_SUCCESS; ++} + +- /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c +index 899fdc000c..5d39176db2 100644 +--- a/src/test/test-unit-serialize.c ++++ b/src/test/test-unit-serialize.c +@@ -4,6 +4,10 @@ + #include "service.h" + #include "tests.h" + ++static char *runtime_dir = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep); ++ + #define EXEC_START_ABSOLUTE \ + "ExecStart 0 /bin/sh \"sh\" \"-e\" \"-x\" \"-c\" \"systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok\"" + #define EXEC_START_RELATIVE \ +@@ -48,15 +52,12 @@ TEST(deserialize_exec_command) { + test_deserialize_exec_command_one(m, "control-command", "ExecWhat 11 /a/b c d e", -EINVAL); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, ++static int intro(void) { ++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) ++ return log_tests_skipped("cgroupfs not available"); + +- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- ({ +- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) +- return log_tests_skipped("cgroupfs not available"); +- +- assert_se(runtime_dir = setup_fake_runtime_dir()); +- }), ++ assert_se(runtime_dir = setup_fake_runtime_dir()); ++ return EXIT_SUCCESS; ++} + +- /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c +index a21fcd6fd2..1b31d1f852 100644 +--- a/src/test/test-utf8.c ++++ b/src/test/test-utf8.c +@@ -231,4 +231,9 @@ TEST(utf8_to_utf16) { + } + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); diff --git a/SOURCES/0026-udev-node-stack-directory-must-exist-when-adding-dev.patch b/SOURCES/0026-udev-node-stack-directory-must-exist-when-adding-dev.patch deleted file mode 100644 index fa456bf..0000000 --- a/SOURCES/0026-udev-node-stack-directory-must-exist-when-adding-dev.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 506dc32b2428936d67e9cf1a034d6b63dbc1cbb0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:14:42 +0900 -Subject: [PATCH] udev-node: stack directory must exist when adding device node - symlink - -(cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6) - -Related: #2005024 ---- - src/udev/udev-node.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 7cc9ee3670..4496a2bd9b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -161,12 +161,13 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, - - dir = opendir(stackdir); - if (!dir) { -- if (errno == ENOENT) { -- *ret = TAKE_PTR(target); -- return !!*ret; -- } -+ if (add) /* The stack directory must exist. */ -+ return -errno; -+ if (errno != ENOENT) -+ return -errno; - -- return -errno; -+ *ret = NULL; -+ return 0; - } - - r = device_get_device_id(dev, &id); diff --git a/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch b/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch new file mode 100644 index 0000000..d57eb07 --- /dev/null +++ b/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch @@ -0,0 +1,300 @@ +From 0be677fb6663ab6bfd02eae6ad32e7f031cfde0f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 2 Feb 2022 11:06:41 +0900 +Subject: [PATCH] test: allow to set NULL to intro or outro + +Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033. + +(cherry picked from commit e85fdacc8ad7d91f140a135aaa3fd5372d3fa47c) + +Related: #2017035 +--- + src/shared/tests.h | 45 +++++++++++++++++---------------- + src/test/test-barrier.c | 2 +- + src/test/test-cgroup-setup.c | 2 +- + src/test/test-chown-rec.c | 2 +- + src/test/test-format-table.c | 2 +- + src/test/test-fs-util.c | 2 +- + src/test/test-hashmap.c | 2 +- + src/test/test-install-root.c | 2 +- + src/test/test-load-fragment.c | 2 +- + src/test/test-mountpoint-util.c | 2 +- + src/test/test-namespace.c | 2 +- + src/test/test-proc-cmdline.c | 2 +- + src/test/test-process-util.c | 2 +- + src/test/test-sd-hwdb.c | 2 +- + src/test/test-serialize.c | 2 +- + src/test/test-sleep.c | 2 +- + src/test/test-stat-util.c | 2 +- + src/test/test-time-util.c | 2 +- + src/test/test-unit-file.c | 2 +- + src/test/test-unit-name.c | 2 +- + src/test/test-unit-serialize.c | 2 +- + src/test/test-utf8.c | 2 +- + 22 files changed, 44 insertions(+), 43 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index 59448f38f6..ef6acd368e 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -110,27 +110,28 @@ static inline int run_test_table(void) { + return r; + } + +-static inline int test_nop(void) { +- return EXIT_SUCCESS; +-} +- +-#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ +- int main(int argc, char *argv[]) { \ +- int _r, _q; \ +- test_setup_logging(log_level); \ +- save_argc_argv(argc, argv); \ +- _r = intro(); \ +- if (_r == EXIT_SUCCESS) \ +- _r = run_test_table(); \ +- _q = outro(); \ +- static_destruct(); \ +- if (_r < 0) \ +- return EXIT_FAILURE; \ +- if (_r != EXIT_SUCCESS) \ +- return _r; \ +- if (_q < 0) \ +- return EXIT_FAILURE; \ +- return _q; \ ++#define DEFINE_TEST_MAIN_FULL(log_level, intro, outro) \ ++ int main(int argc, char *argv[]) { \ ++ int (*_intro)(void) = intro; \ ++ int (*_outro)(void) = outro; \ ++ int _r, _q; \ ++ test_setup_logging(log_level); \ ++ save_argc_argv(argc, argv); \ ++ _r = _intro ? _intro() : EXIT_SUCCESS; \ ++ if (_r == EXIT_SUCCESS) \ ++ _r = run_test_table(); \ ++ _q = _outro ? _outro() : EXIT_SUCCESS; \ ++ static_destruct(); \ ++ if (_r < 0) \ ++ return EXIT_FAILURE; \ ++ if (_r != EXIT_SUCCESS) \ ++ return _r; \ ++ if (_q < 0) \ ++ return EXIT_FAILURE; \ ++ return _q; \ + } + +-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop) ++#define DEFINE_TEST_MAIN_WITH_INTRO(log_level, intro) \ ++ DEFINE_TEST_MAIN_FULL(log_level, intro, NULL) ++#define DEFINE_TEST_MAIN(log_level) \ ++ DEFINE_TEST_MAIN_FULL(log_level, NULL, NULL) +diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c +index b87538806a..bbd7e2bddb 100644 +--- a/src/test/test-barrier.c ++++ b/src/test/test-barrier.c +@@ -444,4 +444,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c +index 6f93647685..c377ff0a00 100644 +--- a/src/test/test-cgroup-setup.c ++++ b/src/test/test-cgroup-setup.c +@@ -71,4 +71,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c +index 691cfe767f..97711f58b0 100644 +--- a/src/test/test-chown-rec.c ++++ b/src/test/test-chown-rec.c +@@ -156,4 +156,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c +index 7515a74c12..1b4963d928 100644 +--- a/src/test/test-format-table.c ++++ b/src/test/test-format-table.c +@@ -535,4 +535,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index da5a16b4bc..602ce75f98 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -973,4 +973,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c +index 4dc155d818..dbf762cc0b 100644 +--- a/src/test/test-hashmap.c ++++ b/src/test/test-hashmap.c +@@ -169,4 +169,4 @@ static int outro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro); ++DEFINE_TEST_MAIN_FULL(LOG_INFO, intro, outro); +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index f540a832bd..f718689c3a 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -1272,4 +1272,4 @@ static int intro(void) { + } + + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c +index 2e105df56a..1bd68c7e0a 100644 +--- a/src/test/test-load-fragment.c ++++ b/src/test/test-load-fragment.c +@@ -906,4 +906,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 102d2850bf..4d140c42b6 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -313,4 +313,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c +index f9e34f3bfa..7a634adca9 100644 +--- a/src/test/test-namespace.c ++++ b/src/test/test-namespace.c +@@ -227,4 +227,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c +index 064b4d838f..1f43bb3eb0 100644 +--- a/src/test/test-proc-cmdline.c ++++ b/src/test/test-proc-cmdline.c +@@ -254,4 +254,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 8661934929..7a8adad50c 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -900,4 +900,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c +index 88992a6c2b..4251e2a809 100644 +--- a/src/test/test-sd-hwdb.c ++++ b/src/test/test-sd-hwdb.c +@@ -63,4 +63,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c +index 9aeb6c5920..bcf2e843b0 100644 +--- a/src/test/test-serialize.c ++++ b/src/test/test-serialize.c +@@ -195,4 +195,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index f56e7e0167..5aebcdd935 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -125,4 +125,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c +index 2965ee679f..7f633ab259 100644 +--- a/src/test/test-stat-util.c ++++ b/src/test/test-stat-util.c +@@ -241,4 +241,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index f21d8b7794..554693834b 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -607,4 +607,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c +index 6c9f245c7e..cc08a4ae4b 100644 +--- a/src/test/test-unit-file.c ++++ b/src/test/test-unit-file.c +@@ -107,4 +107,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 1f65407e5f..8cd0e0b4a1 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -856,4 +856,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c +index 5d39176db2..3ef15f3b1e 100644 +--- a/src/test/test-unit-serialize.c ++++ b/src/test/test-unit-serialize.c +@@ -60,4 +60,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c +index 1b31d1f852..7337b81227 100644 +--- a/src/test/test-utf8.c ++++ b/src/test/test-utf8.c +@@ -236,4 +236,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); diff --git a/SOURCES/0027-udev-node-save-information-about-device-node-and-pri.patch b/SOURCES/0027-udev-node-save-information-about-device-node-and-pri.patch deleted file mode 100644 index efd691c..0000000 --- a/SOURCES/0027-udev-node-save-information-about-device-node-and-pri.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 065209fc7a53d6f296f7fffd261f0a92fddc4485 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:16:21 +0900 -Subject: [PATCH] udev-node: save information about device node and priority in - symlink - -Previously, we only store device IDs in /run/udev/links, and when -creating/removing device node symlink, we create sd_device object -corresponds to the IDs and read device node and priority from the -object. That requires parsing uevent and udev database files. - -This makes link_find_prioritized() get the most prioritzed device node -without parsing the files. - -(cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943) - -Related: #2005024 ---- - src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++------------- - 1 file changed, 121 insertions(+), 51 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 4496a2bd9b..5d6aae0bd4 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -18,6 +18,7 @@ - #include "fs-util.h" - #include "hexdecoct.h" - #include "mkdir.h" -+#include "parse-util.h" - #include "path-util.h" - #include "selinux-util.h" - #include "smack-util.h" -@@ -28,9 +29,9 @@ - #include "udev-node.h" - #include "user-util.h" - --#define CREATE_LINK_MAX_RETRIES 128 --#define LINK_UPDATE_MAX_RETRIES 128 --#define TOUCH_FILE_MAX_RETRIES 128 -+#define CREATE_LINK_MAX_RETRIES 128 -+#define LINK_UPDATE_MAX_RETRIES 128 -+#define CREATE_STACK_LINK_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -175,39 +176,67 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, - return r; - - FOREACH_DIRENT_ALL(dent, dir, break) { -- _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL; -- const char *devnode; -- int db_prio = 0; -+ _cleanup_free_ char *path = NULL, *buf = NULL; -+ int tmp_prio; - -- if (dent->d_name[0] == '\0') -- break; - if (dent->d_name[0] == '.') - continue; - -- log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir); -- -- /* did we find ourself? */ -+ /* skip ourself */ - if (streq(dent->d_name, id)) - continue; - -- if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0) -- continue; -+ path = path_join(stackdir, dent->d_name); -+ if (!path) -+ return -ENOMEM; - -- if (sd_device_get_devname(dev_db, &devnode) < 0) -- continue; -+ if (readlink_malloc(path, &buf) >= 0) { -+ char *devnode; - -- if (device_get_devlink_priority(dev_db, &db_prio) < 0) -- continue; -+ /* New format. The devnode and priority can be obtained from symlink. */ - -- if (target && db_prio <= priority) -- continue; -+ devnode = strchr(buf, ':'); -+ if (!devnode || devnode == buf) -+ continue; - -- log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir); -+ *(devnode++) = '\0'; -+ if (!path_startswith(devnode, "/dev")) -+ continue; - -- r = free_and_strdup(&target, devnode); -- if (r < 0) -- return r; -- priority = db_prio; -+ if (safe_atoi(buf, &tmp_prio) < 0) -+ continue; -+ -+ if (target && tmp_prio <= priority) -+ continue; -+ -+ r = free_and_strdup(&target, devnode); -+ if (r < 0) -+ return r; -+ } else { -+ _cleanup_(sd_device_unrefp) sd_device *tmp_dev = NULL; -+ const char *devnode; -+ -+ /* Old format. The devnode and priority must be obtained from uevent and -+ * udev database files. */ -+ -+ if (sd_device_new_from_device_id(&tmp_dev, dent->d_name) < 0) -+ continue; -+ -+ if (device_get_devlink_priority(tmp_dev, &tmp_prio) < 0) -+ continue; -+ -+ if (target && tmp_prio <= priority) -+ continue; -+ -+ if (sd_device_get_devname(tmp_dev, &devnode) < 0) -+ continue; -+ -+ r = free_and_strdup(&target, devnode); -+ if (r < 0) -+ return r; -+ } -+ -+ priority = tmp_prio; - } - - *ret = TAKE_PTR(target); -@@ -256,10 +285,72 @@ toolong: - return size - 1; - } - -+static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { -+ _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; -+ const char *devname, *id; -+ int priority, r; -+ -+ assert(dev); -+ assert(dirname); -+ -+ r = device_get_device_id(dev, &id); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -+ -+ filename = path_join(dirname, id); -+ if (!filename) -+ return log_oom_debug(); -+ -+ if (!add) { -+ if (unlink(filename) < 0 && errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ -+ (void) rmdir(dirname); -+ return 0; -+ } -+ -+ r = sd_device_get_devname(dev, &devname); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device node: %m"); -+ -+ r = device_get_devlink_priority(dev, &priority); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get priority of device node symlink: %m"); -+ -+ if (asprintf(&data, "%i:%s", priority, devname) < 0) -+ return log_oom_debug(); -+ -+ if (readlink_malloc(filename, &buf) >= 0 && streq(buf, data)) -+ return 0; -+ -+ if (unlink(filename) < 0 && errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ -+ for (unsigned j = 0; j < CREATE_STACK_LINK_MAX_RETRIES; j++) { -+ /* This may fail with -ENOENT when the parent directory is removed during -+ * creating the file by another udevd worker. */ -+ r = mkdir_p(dirname, 0755); -+ if (r == -ENOENT) -+ continue; -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); -+ -+ if (symlink(data, filename) < 0) { -+ if (errno == ENOENT) -+ continue; -+ return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); -+ } -+ -+ return 0; -+ } -+ -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ELOOP), "Failed to create symbolic link %s: %m", filename); -+} -+ - /* manage "stack of names" with possibly specified device priorities */ - static int link_update(sd_device *dev, const char *slink_in, bool add) { -- _cleanup_free_ char *slink = NULL, *filename = NULL, *dirname = NULL; -- const char *slink_name, *id; -+ _cleanup_free_ char *slink = NULL, *dirname = NULL; -+ const char *slink_name; - char name_enc[NAME_MAX+1]; - int i, r, retries; - -@@ -279,35 +370,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), - "Invalid symbolic link of device node: %s", slink); - -- r = device_get_device_id(dev, &id); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -- - (void) udev_node_escape_path(slink_name, name_enc, sizeof(name_enc)); -- dirname = path_join("/run/udev/links/", name_enc); -+ dirname = path_join("/run/udev/links", name_enc); - if (!dirname) - return log_oom_debug(); - -- filename = path_join(dirname, id); -- if (!filename) -- return log_oom_debug(); -- -- if (!add) { -- if (unlink(filename) < 0 && errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -- -- (void) rmdir(dirname); -- } else { -- for (unsigned j = 0; j < TOUCH_FILE_MAX_RETRIES; j++) { -- /* This may fail with -ENOENT when the parent directory is removed during -- * creating the file by another udevd worker. */ -- r = touch_file(filename, /* parents= */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444); -- if (r != -ENOENT) -- break; -- } -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to create %s: %m", filename); -- } -+ r = update_stack_directory(dev, dirname, add); -+ if (r < 0) -+ return r; - - /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink - * will be fixed in the second invocation. */ diff --git a/SOURCES/0028-udev-node-always-update-timestamp-of-stack-directory.patch b/SOURCES/0028-udev-node-always-update-timestamp-of-stack-directory.patch deleted file mode 100644 index 58110ee..0000000 --- a/SOURCES/0028-udev-node-always-update-timestamp-of-stack-directory.patch +++ /dev/null @@ -1,146 +0,0 @@ -From a13bd62f6cb8332864ed3566fdf51eedfe240043 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 12:57:40 +0900 -Subject: [PATCH] udev-node: always update timestamp of stack directory - -Please see the comments in the code. - -(cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174) - -Related: #2005024 ---- - src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 87 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 5d6aae0bd4..0de848da19 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -32,6 +32,7 @@ - #define CREATE_LINK_MAX_RETRIES 128 - #define LINK_UPDATE_MAX_RETRIES 128 - #define CREATE_STACK_LINK_MAX_RETRIES 128 -+#define UPDATE_TIMESTAMP_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -285,9 +286,60 @@ toolong: - return size - 1; - } - -+static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) { -+ assert(path); -+ assert(prev); -+ -+ /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may -+ * not be changed. Why? Let's consider the following situation. For simplicity, let's assume -+ * there exist three udev workers (A, B, and C) and all of them calls link_update() for the -+ * same devlink simultaneously. -+ * -+ * 1. B creates/removes a symlink in the stack directory. -+ * 2. A calls the first stat() in the loop of link_update(). -+ * 3. A calls link_find_prioritized(). -+ * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -+ * 5. B and C finish link_update(). -+ * 6. A creates/removes devlink according to the outdated result in the step 3. -+ * 7. A calls the second stat() in the loop of link_update(). -+ * -+ * If these 7 steps are processed in this order within a short time period that kernel's timer -+ * does not increase, then even if the contents in the stack directory is changed, the results -+ * of two stat() called by A shows the same timestamp, and A cannot detect the change. -+ * -+ * By calling this function after creating/removing symlinks in the stack directory, the -+ * timestamp of the stack directory is always increased at least in the above step 5, so A can -+ * detect the update. */ -+ -+ if ((prev->st_mode & S_IFMT) == 0) -+ return 0; /* Does not exist, or previous stat() failed. */ -+ -+ for (unsigned i = 0; i < UPDATE_TIMESTAMP_MAX_RETRIES; i++) { -+ struct stat st; -+ -+ if (stat(path, &st) < 0) -+ return -errno; -+ -+ if (!stat_inode_unmodified(prev, &st)) -+ return 0; -+ -+ log_device_debug(dev, -+ "%s is modified, but its timestamp is not changed, " -+ "updating timestamp after 10ms.", -+ path); -+ -+ (void) usleep(10 * USEC_PER_MSEC); -+ if (utimensat(AT_FDCWD, path, NULL, 0) < 0) -+ return -errno; -+ } -+ -+ return -ELOOP; -+} -+ - static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { - _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; - const char *devname, *id; -+ struct stat st = {}; - int priority, r; - - assert(dev); -@@ -302,10 +354,31 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - return log_oom_debug(); - - if (!add) { -- if (unlink(filename) < 0 && errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ bool unlink_failed = false; -+ -+ if (stat(dirname, &st) < 0) { -+ if (errno == ENOENT) -+ return 0; /* The stack directory is already removed. That's OK. */ -+ log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); -+ } -+ -+ if (unlink(filename) < 0) { -+ unlink_failed = true; -+ if (errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ } -+ -+ if (rmdir(dirname) >= 0 || errno == ENOENT) -+ return 0; -+ -+ if (unlink_failed) -+ return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ -+ -+ /* The symlink was removed. Check if the timestamp of directory is changed. */ -+ r = update_timestamp(dev, dirname, &st); -+ if (r < 0 && r != -ENOENT) -+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); - -- (void) rmdir(dirname); - return 0; - } - -@@ -335,12 +408,23 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); - -+ if (stat(dirname, &st) < 0) { -+ if (errno == ENOENT) -+ continue; -+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -+ } -+ - if (symlink(data, filename) < 0) { - if (errno == ENOENT) - continue; - return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); - } - -+ /* The symlink was created. Check if the timestamp of directory is changed. */ -+ r = update_timestamp(dev, dirname, &st); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); -+ - return 0; - } - diff --git a/SOURCES/0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch b/SOURCES/0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch deleted file mode 100644 index 360bfa1..0000000 --- a/SOURCES/0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch +++ /dev/null @@ -1,34 +0,0 @@ -From cf49a46c165619a0480d361a0afebb89e998f61c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 2 Sep 2021 06:58:59 +0900 -Subject: [PATCH] udev-node: assume no new claim to a symlink if - /run/udev/links is not updated - -During creating a symlink to a device node, if another device node which -requests the same symlink is added/removed, `stat_inode_unmodified()` -should always detects that. We do not need to continue the loop -unconditionally. - -(cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df) - -Related: #2005024 ---- - src/udev/udev-node.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 0de848da19..1a34ea8128 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -491,11 +491,6 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - r = node_symlink(dev, target, slink); - if (r < 0) - return r; -- if (r == 1) -- /* We have replaced already existing symlink, possibly there is some other device trying -- * to claim the same symlink. Let's do one more iteration to give us a chance to fix -- * the error if other device actually claims the symlink with higher priority. */ -- continue; - - /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ - if ((st1.st_mode & S_IFMT) != 0) { diff --git a/SOURCES/0030-udev-node-always-atomically-create-symlink-to-device.patch b/SOURCES/0030-udev-node-always-atomically-create-symlink-to-device.patch deleted file mode 100644 index e6c01fd..0000000 --- a/SOURCES/0030-udev-node-always-atomically-create-symlink-to-device.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 1561b9e2c9ea779ab611f52fd8b4eef616896e09 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 02:20:33 +0900 -Subject: [PATCH] udev-node: always atomically create symlink to device node - -By the previous commit, it is not necessary to distinguish if the devlink -already exists. Also, I cannot find any significant advantages of the -previous complecated logic, that is, first try to create directly, and then -fallback to atomically creation. Moreover, such logic increases the chance -of conflicts between multiple udev workers. - -This makes devlinks always created atomically. Hopefully, this reduces the -conflicts between the workers. - -(cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70) - -Related: #2005024 ---- - src/udev/udev-node.c | 42 +++++++++--------------------------------- - 1 file changed, 9 insertions(+), 33 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 1a34ea8128..46c04fe00b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -71,6 +71,13 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - assert(node); - assert(slink); - -+ if (lstat(slink, &stats) >= 0) { -+ if (!S_ISLNK(stats.st_mode)) -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -+ "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); -+ } else if (errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); -+ - r = path_extract_directory(slink, &slink_dirname); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get parent directory of '%s': %m", slink); -@@ -80,41 +87,11 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get relative path from '%s' to '%s': %m", slink, node); - -- if (lstat(slink, &stats) >= 0) { -- _cleanup_free_ char *buf = NULL; -- -- if (!S_ISLNK(stats.st_mode)) -- return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -- "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); -- -- if (readlink_malloc(slink, &buf) >= 0 && -- path_equal(target, buf)) { -- /* preserve link with correct target, do not replace node of other device */ -- log_device_debug(dev, "Preserve already existing symlink '%s' to '%s'", slink, target); -- -- (void) label_fix(slink, LABEL_IGNORE_ENOENT); -- (void) utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW); -- -- return 0; -- } -- } else if (errno == ENOENT) { -- log_device_debug(dev, "Creating symlink '%s' to '%s'", slink, target); -- -- r = create_symlink(target, slink); -- if (r >= 0) -- return 0; -- -- log_device_debug_errno(dev, r, "Failed to create symlink '%s' to '%s', trying to replace '%s': %m", slink, target, slink); -- } else -- return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); -- -- log_device_debug(dev, "Atomically replace '%s'", slink); -- - r = device_get_device_id(dev, &id); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -- slink_tmp = strjoina(slink, ".tmp-", id); - -+ slink_tmp = strjoina(slink, ".tmp-", id); - (void) unlink(slink_tmp); - - r = create_symlink(target, slink_tmp); -@@ -127,8 +104,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - return r; - } - -- /* Tell caller that we replaced already existing symlink. */ -- return 1; -+ return 0; - } - - static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) { diff --git a/SOURCES/0031-udev-node-check-stack-directory-change-even-if-devli.patch b/SOURCES/0031-udev-node-check-stack-directory-change-even-if-devli.patch deleted file mode 100644 index 0d20cea..0000000 --- a/SOURCES/0031-udev-node-check-stack-directory-change-even-if-devli.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a3389b23db9b9ab1ad11f181f036be35aade8c31 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:44:26 +0900 -Subject: [PATCH] udev-node: check stack directory change even if devlink is - removed - -Otherwise, when multiple device additions and removals occur -simultaneously, symlink to unexisting devnode may be created. - -Hopefully fixes #19946. - -(cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8) - -Related: #2005024 ---- - src/udev/udev-node.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 46c04fe00b..28e6e8df94 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -468,15 +468,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - if (r < 0) - return r; - -- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ -- if ((st1.st_mode & S_IFMT) != 0) { -- r = stat(dirname, &st2); -- if (r < 0 && errno != ENOENT) -- return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -- -- if (stat_inode_unmodified(&st1, &st2)) -- break; -- } -+ if (stat(dirname, &st2) < 0 && errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -+ -+ if (((st1.st_mode & S_IFMT) == 0 && (st2.st_mode & S_IFMT) == 0) || -+ stat_inode_unmodified(&st1, &st2)) -+ return 0; - } - - return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; diff --git a/SOURCES/0032-udev-node-shorten-code-a-bit-and-update-log-message.patch b/SOURCES/0032-udev-node-shorten-code-a-bit-and-update-log-message.patch deleted file mode 100644 index c199706..0000000 --- a/SOURCES/0032-udev-node-shorten-code-a-bit-and-update-log-message.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 52938c3ed27ebaadce97060ad8ebdcb351403d90 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 2 Sep 2021 08:23:35 +0900 -Subject: [PATCH] udev-node: shorten code a bit and update log message - -(cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea) - -Related: #2005024 ---- - src/udev/udev-node.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 28e6e8df94..2e7df899e4 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -447,13 +447,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -- r = stat(dirname, &st1); -- if (r < 0 && errno != ENOENT) -+ if (stat(dirname, &st1) < 0 && errno != ENOENT) - return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); - - r = link_find_prioritized(dev, add, dirname, &target); - if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to determine highest priority for symlink '%s': %m", slink); -+ return log_device_debug_errno(dev, r, "Failed to determine device node with the highest priority for '%s': %m", slink); - if (r == 0) { - log_device_debug(dev, "No reference left for '%s', removing", slink); - diff --git a/SOURCES/0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch b/SOURCES/0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch deleted file mode 100644 index 001ba0b..0000000 --- a/SOURCES/0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 75275ae07233e213fe03a1a33870efe10dbb2b39 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:34:48 +0900 -Subject: [PATCH] udev-node: add random delay on conflict in updating device - node symlink - -To make multiple workers not update the same device node symlink -simultaneously. - -(cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a) - -Related: #2005024 ---- - src/udev/udev-node.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 2e7df899e4..675e6ce313 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -20,12 +20,14 @@ - #include "mkdir.h" - #include "parse-util.h" - #include "path-util.h" -+#include "random-util.h" - #include "selinux-util.h" - #include "smack-util.h" - #include "stat-util.h" - #include "stdio-util.h" - #include "string-util.h" - #include "strxcpyx.h" -+#include "time-util.h" - #include "udev-node.h" - #include "user-util.h" - -@@ -33,6 +35,8 @@ - #define LINK_UPDATE_MAX_RETRIES 128 - #define CREATE_STACK_LINK_MAX_RETRIES 128 - #define UPDATE_TIMESTAMP_MAX_RETRIES 128 -+#define MAX_RANDOM_DELAY (250 * USEC_PER_MSEC) -+#define MIN_RANDOM_DELAY ( 50 * USEC_PER_MSEC) - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -447,6 +451,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -+ if (i > 0) { -+ usec_t delay = MIN_RANDOM_DELAY + random_u64_range(MAX_RANDOM_DELAY - MIN_RANDOM_DELAY); -+ -+ log_device_debug(dev, "Directory %s was updated, retrying to update devlink %s after %s.", -+ dirname, slink, FORMAT_TIMESPAN(delay, USEC_PER_MSEC)); -+ (void) usleep(delay); -+ } -+ - if (stat(dirname, &st1) < 0 && errno != ENOENT) - return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); - diff --git a/SOURCES/0034-udev-node-drop-redundant-trial-of-devlink-creation.patch b/SOURCES/0034-udev-node-drop-redundant-trial-of-devlink-creation.patch deleted file mode 100644 index 4bc11ac..0000000 --- a/SOURCES/0034-udev-node-drop-redundant-trial-of-devlink-creation.patch +++ /dev/null @@ -1,80 +0,0 @@ -From c715be5f677ab61704ffe358716cf700d662b82d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:29:42 +0900 -Subject: [PATCH] udev-node: drop redundant trial of devlink creation - -Previously, the devlink was created based on the priority saved in udev -database. So, we needed to reevaluate devlinks after database is saved. - -But now the priority is stored in the symlink under /run/udev/links, and -the loop of devlink creation is controlled with the timestamp of the -directory. So, the double evaluation is not necessary anymore. - -(cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f) - -Related: #2005024 ---- - src/udev/udev-event.c | 5 +---- - src/udev/udev-node.c | 12 ++++-------- - 2 files changed, 5 insertions(+), 12 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 8b9f8aecfe..c77f55c67e 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -1060,10 +1060,7 @@ int udev_event_execute_rules( - - device_set_is_initialized(dev); - -- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database, -- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure -- * symlinks point to devices that claim them with the highest priority. */ -- return update_devnode(event); -+ return 0; - } - - void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec, int timeout_signal) { -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 675e6ce313..bb551d86b0 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -416,7 +416,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *slink = NULL, *dirname = NULL; - const char *slink_name; - char name_enc[NAME_MAX+1]; -- int i, r, retries; -+ int r; - - assert(dev); - assert(slink_in); -@@ -443,11 +443,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - if (r < 0) - return r; - -- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink -- * will be fixed in the second invocation. */ -- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1; -- -- for (i = 0; i < retries; i++) { -+ for (unsigned i = 0; i < LINK_UPDATE_MAX_RETRIES; i++) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -@@ -472,7 +468,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - log_device_debug_errno(dev, errno, "Failed to remove '%s', ignoring: %m", slink); - - (void) rmdir_parents(slink, "/dev"); -- break; -+ return 0; - } - - r = node_symlink(dev, target, slink); -@@ -487,7 +483,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return 0; - } - -- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; -+ return -ELOOP; - } - - static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { diff --git a/SOURCES/0035-udev-node-simplify-the-example-of-race.patch b/SOURCES/0035-udev-node-simplify-the-example-of-race.patch deleted file mode 100644 index 09e509e..0000000 --- a/SOURCES/0035-udev-node-simplify-the-example-of-race.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 13293ddc7822025cb9f785262655f928634395f6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Sep 2021 16:05:51 +0900 -Subject: [PATCH] udev-node: simplify the example of race - -(cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce) - -Related: #2005024 ---- - src/udev/udev-node.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index bb551d86b0..61cb9a449b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -272,14 +272,14 @@ static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) - - /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may - * not be changed. Why? Let's consider the following situation. For simplicity, let's assume -- * there exist three udev workers (A, B, and C) and all of them calls link_update() for the -- * same devlink simultaneously. -+ * there exist two udev workers (A and B) and all of them calls link_update() for the same -+ * devlink simultaneously. - * -- * 1. B creates/removes a symlink in the stack directory. -+ * 1. A creates/removes a symlink in the stack directory. - * 2. A calls the first stat() in the loop of link_update(). - * 3. A calls link_find_prioritized(). -- * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -- * 5. B and C finish link_update(). -+ * 4. B creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -+ * 5. B finishes link_update(). - * 6. A creates/removes devlink according to the outdated result in the step 3. - * 7. A calls the second stat() in the loop of link_update(). - * diff --git a/SOURCES/0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch b/SOURCES/0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch deleted file mode 100644 index f8adbfe..0000000 --- a/SOURCES/0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 969b05b3f1dc644e821756205450b06a30c79d7f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Sep 2021 16:14:27 +0900 -Subject: [PATCH] udev-node: do not ignore unexpected errors on removing - symlink in stack directory - -Only acceptable error here is -ENOENT. - -(cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663) - -Related: #2005024 ---- - src/udev/udev-node.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 61cb9a449b..e1fb387cb9 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -334,25 +334,30 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - return log_oom_debug(); - - if (!add) { -- bool unlink_failed = false; -+ int unlink_error = 0, stat_error = 0; - - if (stat(dirname, &st) < 0) { - if (errno == ENOENT) - return 0; /* The stack directory is already removed. That's OK. */ -- log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); -+ stat_error = -errno; - } - -- if (unlink(filename) < 0) { -- unlink_failed = true; -- if (errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -- } -+ if (unlink(filename) < 0) -+ unlink_error = -errno; - - if (rmdir(dirname) >= 0 || errno == ENOENT) - return 0; - -- if (unlink_failed) -- return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ -+ if (unlink_error < 0) { -+ if (unlink_error == -ENOENT) -+ return 0; -+ -+ /* If we failed to remove the symlink, then there is almost nothing we can do. */ -+ return log_device_debug_errno(dev, unlink_error, "Failed to remove %s: %m", filename); -+ } -+ -+ if (stat_error < 0) -+ return log_device_debug_errno(dev, stat_error, "Failed to stat %s: %m", dirname); - - /* The symlink was removed. Check if the timestamp of directory is changed. */ - r = update_timestamp(dev, dirname, &st); diff --git a/SOURCES/0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch b/SOURCES/0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch deleted file mode 100644 index 07ae245..0000000 --- a/SOURCES/0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 1cbcfc6f69e50d309698b6aa16a48b7f282913f5 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Tue, 21 Sep 2021 09:28:29 +0200 -Subject: [PATCH] basic/time-util: introduce FORMAT_TIMESPAN - -This is cherry-pick of the relevant part from the tree-wide change in -5291f26d4a6. - -Related: #2005024 ---- - src/basic/time-util.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/time-util.h b/src/basic/time-util.h -index 2bd947d6a8..8254913930 100644 ---- a/src/basic/time-util.h -+++ b/src/basic/time-util.h -@@ -67,6 +67,7 @@ typedef enum TimestampStyle { - #define FORMAT_TIMESTAMP_WIDTH 28U /* when outputting, assume this width */ - #define FORMAT_TIMESTAMP_RELATIVE_MAX 256U - #define FORMAT_TIMESPAN_MAX 64U -+#define FORMAT_TIMESPAN(t, accuracy) format_timespan((char[FORMAT_TIMESPAN_MAX]){}, FORMAT_TIMESPAN_MAX, t, accuracy) - - #define TIME_T_MAX (time_t)((UINTMAX_C(1) << ((sizeof(time_t) << 3) - 1)) - 1) - diff --git a/SOURCES/0038-udev-net-setup-link-change-the-default-MACAddressPol.patch b/SOURCES/0038-udev-net-setup-link-change-the-default-MACAddressPol.patch deleted file mode 100644 index 26a6979..0000000 --- a/SOURCES/0038-udev-net-setup-link-change-the-default-MACAddressPol.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 59bad0f7db6d56c359816bc048341b38b824e460 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Tue, 21 Sep 2021 15:01:19 +0200 -Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to - "none" - -While stable MAC address for interface types that don't have the -address provided by HW could be useful it also breaks LACP based bonds. -Let's err on the side of caution and don't change the MAC address from -udev. - -Resolves: #2009237 ---- - man/systemd.link.xml | 2 +- - network/99-default.link | 2 +- - test/fuzz/fuzz-link-parser/99-default.link | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 1093e2e0b8..095d8b4873 100644 ---- a/man/systemd.link.xml -+++ b/man/systemd.link.xml -@@ -816,7 +816,7 @@ - - [Link] - NamePolicy=kernel database onboard slot path --MACAddressPolicy=persistent -+MACAddressPolicy=none - - - -diff --git a/network/99-default.link b/network/99-default.link -index bca660ac28..31aee37e75 100644 ---- a/network/99-default.link -+++ b/network/99-default.link -@@ -13,4 +13,4 @@ OriginalName=* - [Link] - NamePolicy=keep kernel database onboard slot path - AlternativeNamesPolicy=database onboard slot path --MACAddressPolicy=persistent -+MACAddressPolicy=none -diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link -index feb5b1fbb0..3d755898b4 100644 ---- a/test/fuzz/fuzz-link-parser/99-default.link -+++ b/test/fuzz/fuzz-link-parser/99-default.link -@@ -9,4 +9,4 @@ - - [Link] - NamePolicy=keep kernel database onboard slot path --MACAddressPolicy=persistent -+MACAddressPolicy=none diff --git a/SOURCES/0039-set-core-ulimit-to-0-like-on-RHEL-7.patch b/SOURCES/0039-set-core-ulimit-to-0-like-on-RHEL-7.patch deleted file mode 100644 index 8c4c308..0000000 --- a/SOURCES/0039-set-core-ulimit-to-0-like-on-RHEL-7.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2edaafdfacc14088d7b6f04eec578bd048057103 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Mon, 25 Jan 2021 16:19:56 +0100 -Subject: [PATCH] set core ulimit to 0 like on RHEL-7 - -RHEL-only - -Resolves: #1998509 ---- - src/core/system.conf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index f2c75fcd32..c290b14b8b 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -59,7 +59,7 @@ - #DefaultLimitFSIZE= - #DefaultLimitDATA= - #DefaultLimitSTACK= --#DefaultLimitCORE= -+DefaultLimitCORE=0:infinity - #DefaultLimitRSS= - #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} - #DefaultLimitAS= diff --git a/SOURCES/0040-test-don-t-install-test-network-generator-conversion.patch b/SOURCES/0040-test-don-t-install-test-network-generator-conversion.patch deleted file mode 100644 index 953145b..0000000 --- a/SOURCES/0040-test-don-t-install-test-network-generator-conversion.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 8efa0b5f989d977eca51617a314ec4fdc32fb3d1 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 20 Oct 2021 19:43:34 +0200 -Subject: [PATCH] test: don't install test-network-generator-conversion.sh w/o - networkd - -otherwise TEST-02 will fail: - -``` -=== Failed test log === ---- test-network-generator-conversion.sh begin --- -+ [[ -n '' ]] -+ [[ -x /usr/lib/systemd/systemd-network-generator ]] -+ [[ -x /lib/systemd/systemd-network-generator ]] -+ exit 1 ---- test-network-generator-conversion.sh end --- -``` - -Before: -``` -$ meson build -Dnetworkd=false -Dinstall-tests=true -$ ninja -C build -$ DESTDIR=$PWD/test-install ninja -C build install -$ find test-install/ -name test-network-generator-conversion.sh -test-install/usr/lib/systemd/tests/test-network-generator-conversion.sh -``` - -After: -``` -$ find test-install/ -name test-network-generator-conversion.sh - -``` - -(cherry picked from commit 140557021ad1a3946319fff1a87831eb02d6a1a0) - -Related: #2017035 ---- - test/meson.build | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/test/meson.build b/test/meson.build -index 47c7f4d49a..27b37a9ae7 100644 ---- a/test/meson.build -+++ b/test/meson.build -@@ -98,9 +98,12 @@ if install_tests - install_data('run-unit-tests.py', - install_mode : 'rwxr-xr-x', - install_dir : testsdir) -- install_data('test-network-generator-conversion.sh', -- install_mode : 'rwxr-xr-x', -- install_dir : testsdir) -+ -+ if conf.get('ENABLE_NETWORKD') == 1 -+ install_data('test-network-generator-conversion.sh', -+ install_mode : 'rwxr-xr-x', -+ install_dir : testsdir) -+ endif - endif - - ############################################################ diff --git a/SOURCES/0041-meson.build-change-operator-combining-bools-from-to-.patch b/SOURCES/0041-meson.build-change-operator-combining-bools-from-to-.patch deleted file mode 100644 index aa7e374..0000000 --- a/SOURCES/0041-meson.build-change-operator-combining-bools-from-to-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7d7562db194f6b521d93ef370176922d0ac68331 Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Fri, 3 Sep 2021 12:43:33 -0400 -Subject: [PATCH] meson.build: change operator combining bools from + to and - -upstream meson stopped allowing combining boolean with the plus -operator, and now requires using the logical and operator - -reference: -https://github.com/mesonbuild/meson/commit/43302d3296baff6aeaf8e03f5d701b0402e37a6c - -Fixes: #20632 -(cherry picked from commit c29537f39e4f413a6cbfe9669fa121bdd6d8b36f) - -Related: #2017035 ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index d28f04607a..f21ec5bb94 100644 ---- a/meson.build -+++ b/meson.build -@@ -35,7 +35,7 @@ conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer', - - want_ossfuzz = get_option('oss-fuzz') - want_libfuzzer = get_option('llvm-fuzz') --if want_ossfuzz + want_libfuzzer > 1 -+if want_ossfuzz and want_libfuzzer - error('only one of oss-fuzz or llvm-fuzz can be specified') - endif - diff --git a/SOURCES/0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch b/SOURCES/0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch deleted file mode 100644 index 76d7d54..0000000 --- a/SOURCES/0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 387ba3f36092f2072ee6a05abeac27deaca177bd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 15:03:44 +0200 -Subject: [PATCH] openssl-util: use EVP API to get RSA bits - -(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92) - -Resolves: #2016042 ---- - src/shared/openssl-util.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c -index bb47ae5e87..bd728e6c7c 100644 ---- a/src/shared/openssl-util.c -+++ b/src/shared/openssl-util.c -@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size( - size_t *ret_suitable_key_size) { - - size_t suitable_key_size; -- const RSA *rsa; - int bits; - - assert_se(pkey); -@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size( - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) - return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key."); - -- rsa = EVP_PKEY_get0_RSA(pkey); -- if (!rsa) -- return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate."); -- -- bits = RSA_bits(rsa); -+ bits = EVP_PKEY_bits(pkey); - log_debug("Bits in RSA key: %i", bits); - - /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only diff --git a/SOURCES/0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch b/SOURCES/0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch deleted file mode 100644 index 048eb49..0000000 --- a/SOURCES/0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch +++ /dev/null @@ -1,315 +0,0 @@ -From 862ded47343a782d70f7d4421a6a2e4e33684e5e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 2 Nov 2021 18:18:21 +0100 -Subject: [PATCH] procfs-util: fix confusion wrt. quantity limit and maximum - value -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From packit/rawhide-arm64 logs: -Assertion 'limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH' failed at src/test/test-process-util.c:855, function test_get_process_ppid(). Aborting. -―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― - -The kernel has a few different limits. In particular kernel.threads-max can be -set to some lower value, and kernel.pid_max can be set to a higher value. This -is nice because it reduces PID reuse, even if the number of threads that is -allowed is limited. But the tests assumed that we cannot have a thread with -PID above MIN(kernel.threads-max, kernel.pid_max-1), which is not valid. - -So let's rework the whole thing: let's expose the helpers to read -kernel.threads-max and kernel.pid_max, and print what they return in tests. -procfs_tasks_get_limit() was something that is only used in tests, and wasn't -very well defined, so let's drop it. - -Fixes #21193. - -(cherry picked from commit c3dead53d50e334f2d072a2248256983d6dc9f8c) - -Related: #2017035 ---- - src/basic/limits-util.c | 50 ++++++++++++++++++++++++---------- - src/basic/procfs-util.c | 53 +++++++++--------------------------- - src/basic/procfs-util.h | 4 ++- - src/test/test-process-util.c | 10 +++++-- - src/test/test-procfs-util.c | 34 ++++++++++++++++------- - 5 files changed, 84 insertions(+), 67 deletions(-) - -diff --git a/src/basic/limits-util.c b/src/basic/limits-util.c -index 9f8e26d46a..435a2a0efe 100644 ---- a/src/basic/limits-util.c -+++ b/src/basic/limits-util.c -@@ -109,35 +109,57 @@ uint64_t physical_memory_scale(uint64_t v, uint64_t max) { - } - - uint64_t system_tasks_max(void) { -- uint64_t a = TASKS_MAX, b = TASKS_MAX; -+ uint64_t a = TASKS_MAX, b = TASKS_MAX, c = TASKS_MAX; - _cleanup_free_ char *root = NULL; - int r; - -- /* Determine the maximum number of tasks that may run on this system. We check three sources to determine this -- * limit: -+ /* Determine the maximum number of tasks that may run on this system. We check three sources to -+ * determine this limit: - * -- * a) the maximum tasks value the kernel allows on this architecture -- * b) the cgroups pids_max attribute for the system -- * c) the kernel's configured maximum PID value -+ * a) kernel.threads-max sysctl: the maximum number of tasks (threads) the kernel allows. - * -- * And then pick the smallest of the three */ -+ * This puts a direct limit on the number of concurrent tasks. -+ * -+ * b) kernel.pid_max sysctl: the maximum PID value. -+ * -+ * This limits the numeric range PIDs can take, and thus indirectly also limits the number of -+ * concurrent threads. It's primarily a compatibility concept: some crappy old code used a signed -+ * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond -+ * INT16_MAX by default. -+ * -+ * Also note the weird definition: PIDs assigned will be kept below this value, which means -+ * the number of tasks that can be created is one lower, as PID 0 is not a valid process ID. -+ * -+ * c) pids.max on the root cgroup: the kernel's configured maximum number of tasks. -+ * -+ * and then pick the smallest of the three. -+ * -+ * By default pid_max is set to much lower values than threads-max, hence the limit people come into -+ * contact with first, as it's the lowest boundary they need to bump when they want higher number of -+ * processes. -+ */ -+ -+ r = procfs_get_threads_max(&a); -+ if (r < 0) -+ log_debug_errno(r, "Failed to read kernel.threads-max, ignoring: %m"); - -- r = procfs_tasks_get_limit(&a); -+ r = procfs_get_pid_max(&b); - if (r < 0) -- log_debug_errno(r, "Failed to read maximum number of tasks from /proc, ignoring: %m"); -+ log_debug_errno(r, "Failed to read kernel.pid_max, ignoring: %m"); -+ else if (b > 0) -+ /* Subtract one from pid_max, since PID 0 is not a valid PID */ -+ b--; - - r = cg_get_root_path(&root); - if (r < 0) - log_debug_errno(r, "Failed to determine cgroup root path, ignoring: %m"); - else { -- r = cg_get_attribute_as_uint64("pids", root, "pids.max", &b); -+ r = cg_get_attribute_as_uint64("pids", root, "pids.max", &c); - if (r < 0) -- log_debug_errno(r, "Failed to read pids.max attribute of cgroup root, ignoring: %m"); -+ log_debug_errno(r, "Failed to read pids.max attribute of root cgroup, ignoring: %m"); - } - -- return MIN3(TASKS_MAX, -- a <= 0 ? TASKS_MAX : a, -- b <= 0 ? TASKS_MAX : b); -+ return MIN3(a, b, c); - } - - uint64_t system_tasks_max_scale(uint64_t v, uint64_t max) { -diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c -index 9234ccaf85..a29e776a3a 100644 ---- a/src/basic/procfs-util.c -+++ b/src/basic/procfs-util.c -@@ -12,54 +12,34 @@ - #include "stdio-util.h" - #include "string-util.h" - --int procfs_tasks_get_limit(uint64_t *ret) { -+int procfs_get_pid_max(uint64_t *ret) { - _cleanup_free_ char *value = NULL; -- uint64_t pid_max, threads_max; - int r; - - assert(ret); - -- /* So there are two sysctl files that control the system limit of processes: -- * -- * 1. kernel.threads-max: this is probably the sysctl that makes more sense, as it directly puts a limit on -- * concurrent tasks. -- * -- * 2. kernel.pid_max: this limits the numeric range PIDs can take, and thus indirectly also limits the number -- * of concurrent threads. AFAICS it's primarily a compatibility concept: some crappy old code used a signed -- * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond INT16_MAX by -- * default. -- * -- * By default #2 is set to much lower values than #1, hence the limit people come into contact with first, as -- * it's the lowest boundary they need to bump when they want higher number of processes. -- * -- * Also note the weird definition of #2: PIDs assigned will be kept below this value, which means the number of -- * tasks that can be created is one lower, as PID 0 is not a valid process ID. */ -- - r = read_one_line_file("/proc/sys/kernel/pid_max", &value); - if (r < 0) - return r; - -- r = safe_atou64(value, &pid_max); -- if (r < 0) -- return r; -+ return safe_atou64(value, ret); -+} - -- value = mfree(value); -- r = read_one_line_file("/proc/sys/kernel/threads-max", &value); -- if (r < 0) -- return r; -+int procfs_get_threads_max(uint64_t *ret) { -+ _cleanup_free_ char *value = NULL; -+ int r; - -- r = safe_atou64(value, &threads_max); -+ assert(ret); -+ -+ r = read_one_line_file("/proc/sys/kernel/threads-max", &value); - if (r < 0) - return r; - -- /* Subtract one from pid_max, since PID 0 is not a valid PID */ -- *ret = MIN(pid_max-1, threads_max); -- return 0; -+ return safe_atou64(value, ret); - } - - int procfs_tasks_set_limit(uint64_t limit) { - char buffer[DECIMAL_STR_MAX(uint64_t)+1]; -- _cleanup_free_ char *value = NULL; - uint64_t pid_max; - int r; - -@@ -74,10 +54,7 @@ int procfs_tasks_set_limit(uint64_t limit) { - * set it to the maximum. */ - limit = CLAMP(limit, 20U, TASKS_MAX); - -- r = read_one_line_file("/proc/sys/kernel/pid_max", &value); -- if (r < 0) -- return r; -- r = safe_atou64(value, &pid_max); -+ r = procfs_get_pid_max(&pid_max); - if (r < 0) - return r; - -@@ -98,14 +75,10 @@ int procfs_tasks_set_limit(uint64_t limit) { - /* Hmm, we couldn't write this? If so, maybe it was already set properly? In that case let's not - * generate an error */ - -- value = mfree(value); -- if (read_one_line_file("/proc/sys/kernel/threads-max", &value) < 0) -- return r; /* return original error */ -- -- if (safe_atou64(value, &threads_max) < 0) -+ if (procfs_get_threads_max(&threads_max) < 0) - return r; /* return original error */ - -- if (MIN(pid_max-1, threads_max) != limit) -+ if (MIN(pid_max - 1, threads_max) != limit) - return r; /* return original error */ - - /* Yay! Value set already matches what we were trying to set, hence consider this a success. */ -diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h -index 61fa71d479..eb8c7738b1 100644 ---- a/src/basic/procfs-util.h -+++ b/src/basic/procfs-util.h -@@ -5,7 +5,9 @@ - - #include "time-util.h" - --int procfs_tasks_get_limit(uint64_t *ret); -+int procfs_get_pid_max(uint64_t *ret); -+int procfs_get_threads_max(uint64_t *ret); -+ - int procfs_tasks_set_limit(uint64_t limit); - int procfs_tasks_get_current(uint64_t *ret); - -diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c -index 8c76392ae9..d89ce6e2db 100644 ---- a/src/test/test-process-util.c -+++ b/src/test/test-process-util.c -@@ -850,8 +850,14 @@ static void test_get_process_ppid(void) { - assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL); - - /* the process with the PID above the global limit definitely doesn't exist. Verify that */ -- assert_se(procfs_tasks_get_limit(&limit) >= 0); -- assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH); -+ assert_se(procfs_get_pid_max(&limit) >= 0); -+ log_debug("kernel.pid_max = %"PRIu64, limit); -+ -+ if (limit < INT_MAX) { -+ r = get_process_ppid(limit + 1, NULL); -+ log_debug_errno(r, "get_process_limit(%"PRIu64") → %d/%m", limit + 1, r); -+ assert(r == -ESRCH); -+ } - - for (pid_t pid = 0;;) { - _cleanup_free_ char *c1 = NULL, *c2 = NULL; -diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c -index b2679e30fb..876ef40dfd 100644 ---- a/src/test/test-procfs-util.c -+++ b/src/test/test-procfs-util.c -@@ -6,12 +6,13 @@ - #include "format-util.h" - #include "log.h" - #include "procfs-util.h" -+#include "process-util.h" - #include "tests.h" - - int main(int argc, char *argv[]) { - char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)]; - nsec_t nsec; -- uint64_t v; -+ uint64_t v, w; - int r; - - log_parse_environment(); -@@ -26,26 +27,39 @@ int main(int argc, char *argv[]) { - assert_se(procfs_tasks_get_current(&v) >= 0); - log_info("Current number of tasks: %" PRIu64, v); - -- r = procfs_tasks_get_limit(&v); -- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) -- return log_tests_skipped("can't read /proc/sys/kernel/pid_max"); -+ v = TASKS_MAX; -+ r = procfs_get_pid_max(&v); -+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r)); -+ log_info("kernel.pid_max: %"PRIu64, v); -+ -+ w = TASKS_MAX; -+ r = procfs_get_threads_max(&w); -+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r)); -+ log_info("kernel.threads-max: %"PRIu64, w); -+ -+ v = MIN(v - (v > 0), w); - - assert_se(r >= 0); - log_info("Limit of tasks: %" PRIu64, v); - assert_se(v > 0); -- assert_se(procfs_tasks_set_limit(v) >= 0); -+ r = procfs_tasks_set_limit(v); -+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) -+ return log_tests_skipped("can't set task limits"); -+ assert(r >= 0); - - if (v > 100) { -- uint64_t w; -+ log_info("Reducing limit by one to %"PRIu64"…", v-1); -+ - r = procfs_tasks_set_limit(v-1); -- assert_se(IN_SET(r, 0, -EPERM, -EACCES, -EROFS)); -+ log_info_errno(r, "procfs_tasks_set_limit: %m"); -+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r)); - -- assert_se(procfs_tasks_get_limit(&w) >= 0); -- assert_se((r == 0 && w == v - 1) || (r < 0 && w == v)); -+ assert_se(procfs_get_threads_max(&w) >= 0); -+ assert_se(r >= 0 ? w == v - 1 : w == v); - - assert_se(procfs_tasks_set_limit(v) >= 0); - -- assert_se(procfs_tasks_get_limit(&w) >= 0); -+ assert_se(procfs_get_threads_max(&w) >= 0); - assert_se(v == w); - } - diff --git a/SOURCES/0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch b/SOURCES/0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch deleted file mode 100644 index ae93bc0..0000000 --- a/SOURCES/0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e43e8caf2f2699de7da1f072bcc7c25e125313e4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Nov 2021 09:39:16 +0100 -Subject: [PATCH] test-process-util: also add EROFS to the list of "good" - errors - -It is only added in the one place where we actually try to set the -setting to a new value. Before we were testing if we can set to it the -existing value, which was a noop. We could still get a permission error, -but this is the first place where we would propagate EROFS. - -(cherry picked from commit 6434a83d01d96e9f9a17ed9ce1f04a7d64859950) - -Related: #2017035 ---- - src/test/test-procfs-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c -index 876ef40dfd..f19a41475d 100644 ---- a/src/test/test-procfs-util.c -+++ b/src/test/test-procfs-util.c -@@ -52,7 +52,7 @@ int main(int argc, char *argv[]) { - - r = procfs_tasks_set_limit(v-1); - log_info_errno(r, "procfs_tasks_set_limit: %m"); -- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r)); -+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS); - - assert_se(procfs_get_threads_max(&w) >= 0); - assert_se(r >= 0 ? w == v - 1 : w == v); diff --git a/SOURCES/0045-ci-use-C9S-chroots-in-Packit.patch b/SOURCES/0045-ci-use-C9S-chroots-in-Packit.patch deleted file mode 100644 index 8b3991a..0000000 --- a/SOURCES/0045-ci-use-C9S-chroots-in-Packit.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5c8d698f3905c860eff17b84a32bb7acfb98d931 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 4 Nov 2021 12:31:32 +0100 -Subject: [PATCH] ci: use C9S chroots in Packit - -rhel-only -Related: #2017035 ---- - .packit.yml | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index 3461bccbc5..ce8782aae2 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -37,9 +37,8 @@ jobs: - trigger: pull_request - metadata: - targets: -- # FIXME: change to CentOS 9 once it's available -- - fedora-34-x86_64 -- - fedora-34-aarch64 -+ - centos-stream-9-x86_64 -+ - centos-stream-9-aarch64 - - # TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184 - # Run tests (via testing farm) diff --git a/SOURCES/0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch b/SOURCES/0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch deleted file mode 100644 index 1fa73eb..0000000 --- a/SOURCES/0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 5a86b79c5f79215a17f6617ae925dc76b25396a6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 14 Sep 2020 17:58:03 +0200 -Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() - -https://bugzilla.redhat.com/show_bug.cgi?id=1803070 - -I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different -than the one we get from /proc/self/fdinfo/. This only matters when both statx and -name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: - -(gdb) !uname -r -5.6.19-200.fc31.ppc64le - -(gdb) !cat /proc/self/mountinfo -697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== -701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel -702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw -703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 -704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel -705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 -706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 -722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel -725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel -614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate -615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 - -The test process does -name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then -openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then -read(open("/proc/self/fdinfo/4", ...)) which gives -"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" - -and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. - -We could either drop the fallback path (and fail name_to_handle_at() is not -avaliable) or ignore the error in the test. Not sure what is better. I think -this issue only occurs sometimes and with older kernels, so probably continuing -with the current flaky implementation is better than ripping out the fallback. - -Another strace: -writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 -) = 28 -name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 -writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 -) = 20 -name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 -writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 -) = 30 -name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 -writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 -) = 23 -name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) -openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 -openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 -read(5, "", 1024) = 0 -close(5) = 0 -close(4) = 0 -writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 -) = 42 -writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc -) = 39 -writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. -) = 109 -rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 -rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 -getpid() = 20 -gettid() = 20 -tgkill(20, 20, SIGABRT) = 0 -rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 - -RHEL notes: af918c4 should mitigate this issue, but in some build -systems (Copr, brew, etc.) we don't have enough privileges to create a -new mount namespace - -Cherry-picked manually from https://github.com/systemd/systemd/pull/17050. - -rhel-only -Related: #2017035 ---- - src/test/test-mountpoint-util.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 983e1842d6..66d476d06d 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -91,8 +91,12 @@ static void test_mnt_id(void) { - /* The ids don't match? If so, then there are two mounts on the same path, let's check if - * that's really the case */ - char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); -+ -+ if (!path_equal(p, t)) -+ /* Apparent kernel bug in /proc/self/fdinfo */ -+ log_warning("Bad mount id given for %s: %d, should be %d", -+ p, mnt_id2, mnt_id); - } - } - diff --git a/SOURCES/0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch b/SOURCES/0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch deleted file mode 100644 index 7b1650d..0000000 --- a/SOURCES/0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ea4ebf86d25fb9c489d1cf1ca42371b7e2e782aa Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 21:20:43 +0900 -Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount - unit is generated from /proc/self/mountinfo - -Hopefully fixes #20566. - -(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11) - -Resolves: #2019468 ---- - src/core/mount.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 1fd3102ad3..f2c85e0e5d 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1582,6 +1582,10 @@ static int mount_setup_new_unit( - if (r < 0) - return r; - -+ r = mount_add_non_exec_dependencies(MOUNT(u)); -+ if (r < 0) -+ return r; -+ - /* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load - * the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps - * to. */ diff --git a/SOURCES/split-files.py b/SOURCES/split-files.py index 11ea58a..7622210 100644 --- a/SOURCES/split-files.py +++ b/SOURCES/split-files.py @@ -85,6 +85,7 @@ for file in files(buildroot): o = o_networkd elif re.search(r'''resolved| resolvectl| + resolvconf| org.freedesktop.resolve1| systemd-resolve| nss-resolve @@ -105,6 +106,7 @@ for file in files(buildroot): random-seed| modules-load| timesync| + cryptenroll| cryptsetup| kmod| quota| diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 811d033..cabe0b1 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -20,8 +20,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 249 -Release: 9%{?dist} +Version: 250 +Release: 3%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -79,52 +79,32 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # RHEL-specific Patch0001: 0001-logind-set-RemoveIPC-to-false-by-default.patch -Patch0002: 0002-basic-unit-name-do-not-use-strdupa-on-a-path.patch -Patch0003: 0003-basic-unit-name-adjust-comments.patch -Patch0004: 0004-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch -Patch0005: 0005-Copy-40-redhat.rules-from-RHEL-8.patch -Patch0006: 0006-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0007: 0007-unit-don-t-add-Requires-for-tmp.mount.patch -Patch0008: 0008-units-add-Install-section-to-tmp.mount.patch -Patch0009: 0009-rc-local-order-after-network-online.target.patch -Patch0010: 0010-ci-drop-CIs-irrelevant-for-downstream.patch -Patch0011: 0011-ci-reconfigure-Packit-for-RHEL-9.patch -Patch0012: 0012-ci-run-unit-tests-on-z-stream-branches-as-well.patch -Patch0013: 0013-Check-return-value-of-pam_get_item-pam_get_data-func.patch -Patch0014: 0014-random-util-increase-random-seed-size-to-1024.patch -Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch0016: 0016-journald.conf-don-t-touch-current-audit-settings.patch -Patch0017: 0017-Revert-udev-remove-WAIT_FOR-key.patch -Patch0018: 0018-Really-don-t-enable-systemd-journald-audit.socket.patch -Patch0019: 0019-rules-add-elevator-kernel-command-line-parameter.patch -Patch0020: 0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch -Patch0021: 0021-unit-install-the-systemd-bless-boot.service-only-if-.patch -Patch0022: 0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch -Patch0023: 0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0024: 0024-sd-device-introduce-device_has_devlink.patch -Patch0025: 0025-udev-node-split-out-permission-handling-from-udev_no.patch -Patch0026: 0026-udev-node-stack-directory-must-exist-when-adding-dev.patch -Patch0027: 0027-udev-node-save-information-about-device-node-and-pri.patch -Patch0028: 0028-udev-node-always-update-timestamp-of-stack-directory.patch -Patch0029: 0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch -Patch0030: 0030-udev-node-always-atomically-create-symlink-to-device.patch -Patch0031: 0031-udev-node-check-stack-directory-change-even-if-devli.patch -Patch0032: 0032-udev-node-shorten-code-a-bit-and-update-log-message.patch -Patch0033: 0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch -Patch0034: 0034-udev-node-drop-redundant-trial-of-devlink-creation.patch -Patch0035: 0035-udev-node-simplify-the-example-of-race.patch -Patch0036: 0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch -Patch0037: 0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch -Patch0038: 0038-udev-net-setup-link-change-the-default-MACAddressPol.patch -Patch0039: 0039-set-core-ulimit-to-0-like-on-RHEL-7.patch -Patch0040: 0040-test-don-t-install-test-network-generator-conversion.patch -Patch0041: 0041-meson.build-change-operator-combining-bools-from-to-.patch -Patch0042: 0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch -Patch0043: 0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch -Patch0044: 0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch -Patch0045: 0045-ci-use-C9S-chroots-in-Packit.patch -Patch0046: 0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch -Patch0047: 0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch +Patch0002: 0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0003: 0003-Copy-40-redhat.rules-from-RHEL-8.patch +Patch0004: 0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0005: 0005-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0006: 0006-units-add-Install-section-to-tmp.mount.patch +Patch0007: 0007-rc-local-order-after-network-online.target.patch +Patch0008: 0008-ci-drop-CIs-irrelevant-for-downstream.patch +Patch0009: 0009-ci-reconfigure-Packit-for-RHEL-9.patch +Patch0010: 0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch +Patch0011: 0011-random-util-increase-random-seed-size-to-1024.patch +Patch0012: 0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0013: 0013-journald.conf-don-t-touch-current-audit-settings.patch +Patch0014: 0014-Revert-udev-remove-WAIT_FOR-key.patch +Patch0015: 0015-Really-don-t-enable-systemd-journald-audit.socket.patch +Patch0016: 0016-rules-add-elevator-kernel-command-line-parameter.patch +Patch0017: 0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +Patch0018: 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0019: 0019-set-core-ulimit-to-0-like-on-RHEL-7.patch +Patch0020: 0020-ci-use-C9S-chroots-in-Packit.patch +Patch0021: 0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch +Patch0022: 0022-Treat-EPERM-as-not-available-too.patch +Patch0023: 0023-test-copy-portable-profiles-into-the-image-if-they-d.patch +Patch0024: 0024-test-introduce-get_cgroup_hierarchy-helper.patch +Patch0025: 0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch +Patch0026: 0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch +Patch0027: 0027-test-allow-to-set-NULL-to-intro-or-outro.patch # Downstream-only patches (9000–9999) @@ -178,6 +158,9 @@ BuildRequires: gettext # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available BuildRequires: valgrind-devel BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(tss2-rc) +BuildRequires: pkgconfig(tss2-mu) BuildRequires: perl BuildRequires: perl(IPC::SysV) @@ -309,6 +292,11 @@ Suggests: systemd-bootchart # https://bugzilla.redhat.com/show_bug.cgi?id=1408878 Requires: kbd +# Requires deps for stuff that is dlopen()ed +Requires: cryptsetup-libs%{?_isa} +# https://bugzilla.redhat.com/show_bug.cgi?id=2017541 +Requires: tpm2-tss%{?_isa} + # https://bugzilla.redhat.com/show_bug.cgi?id=1753381 Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 @@ -430,6 +418,7 @@ CONFIGURE_OPTS=( -Dacl=true -Dsmack=true -Dopenssl=true + -Dcryptolib=openssl -Dp11kit=true -Dgcrypt=true -Daudit=true @@ -450,6 +439,7 @@ CONFIGURE_OPTS=( -Dlibfido2=false -Dgnu-efi=false -Dtpm=true + -Dtpm2=true -Dhwdb=true -Dsysusers=true -Dstandalone-binaries=true @@ -470,7 +460,7 @@ CONFIGURE_OPTS=( %endif -Db_ndebug=false -Dman=true - -Dversion-tag=v%{version}-%{release} + -Dversion-tag=%{version}-%{release} %if 0%{?fedora} -Dfallback-hostname=fedora %else @@ -529,6 +519,8 @@ mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants mkdir -p %{buildroot}/run mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/log/lastlog +chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog touch %{buildroot}/run/utmp touch %{buildroot}%{_localstatedir}/log/{w,b}tmp @@ -625,6 +617,7 @@ python3 %{SOURCE2} %buildroot </dev/null || useradd -r -l -g systemd-oom -d / -s /s %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Feb 08 2022 systemd maintenance team - 250-3 +- Treat EPERM as "not available" too (#2017035) +- test: copy portable profiles into the image if they don't exist there (#2017035) +- test: introduce `get_cgroup_hierarchy() helper (#2047768) +- test: require unified cgroup hierarchy for TEST-56 (#2047768) +- tests: rework test macros to not take code as parameters (#2017035) +- test: allow to set NULL to intro or outro (#2017035) + +* Tue Feb 01 2022 Michal Sekletar - 250-2 +- spec: make sure version string starts with version number (#2049054) + +* Mon Jan 31 2022 Jan Macku - 250-1 +- Rebase to v250 (#2047768) + * Thu Nov 18 2021 systemd maintenance team - 249-9 - test: don't install test-network-generator-conversion.sh w/o networkd (#2017035) - meson.build: change operator combining bools from + to and (#2017035)