From 421f0041b3dc4bcf6dd611ebfab950da69ec946b Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Jun 06 2024 20:04:51 +0000 Subject: Version 256~rc4 --- diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch deleted file mode 100644 index 01946d6..0000000 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ /dev/null @@ -1,217 +0,0 @@ -From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 11 May 2024 13:27:12 +0200 -Subject: [PATCH] Revert "machined: add varlink interface for registering - machines" - -This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. ---- - man/systemd-machined.service.xml | 6 +-- - src/machine/machine-varlink.h | 6 --- - src/machine/machined-varlink.c | 62 ++----------------------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.h | 6 --- - 8 files changed, 8 insertions(+), 82 deletions(-) - delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.h - -diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml -index b2899ff0fd..f3d7755973 100644 ---- a/man/systemd-machined.service.xml -+++ b/man/systemd-machined.service.xml -@@ -100,12 +100,10 @@ - - The daemon provides both a C library interface - (which is shared with systemd-logind.service8) -- as well as a D-Bus interface and a Varlink interface. -+ as well as a D-Bus interface. - The library interface may be used to introspect and watch the state of virtual machines/containers. - The bus interface provides the same but in addition may also be used to register or terminate -- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an -- SSH key / address; it can be queried with -- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. -+ machines. - For more information please consult - sd-login3 - and -diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h -deleted file mode 100644 -index ce4ec54dc1..0000000000 ---- a/src/machine/machine-varlink.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink.h" -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 0d3ae627c1..6ca98e27cf 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -1,12 +1,10 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include "format-util.h" --#include "machine-varlink.h" - #include "machined-varlink.h" - #include "mkdir.h" - #include "user-util.h" - #include "varlink.h" --#include "varlink-io.systemd.Machine.h" - #include "varlink-io.systemd.UserDatabase.h" - - typedef struct LookupParameters { -@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var - return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); - } - --static int manager_varlink_init_userdb(Manager *m) { -+int manager_varlink_init(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; - int r; - - assert(m); - -- if (m->varlink_userdb_server) -+ if (m->varlink_server) - return 0; - - r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); -@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - -- m->varlink_userdb_server = TAKE_PTR(s); -- return 0; --} -- --static int manager_varlink_init_machine(Manager *m) { -- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; -- int r; -- -- assert(m); -- -- if (m->varlink_machine_server) -- return 0; -- -- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); -- if (r < 0) -- return log_error_errno(r, "Failed to allocate varlink server object: %m"); -- -- varlink_server_set_userdata(s, m); -- -- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); -- if (r < 0) -- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -- -- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); -- if (r < 0) -- return log_error_errno(r, "Failed to register varlink methods: %m"); -- -- (void) mkdir_p("/run/systemd/machine", 0755); -- -- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); -- if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -- -- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); -- if (r < 0) -- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); -- -- m->varlink_machine_server = TAKE_PTR(s); -- return 0; --} -- --int manager_varlink_init(Manager *m) { -- int r; -- -- r = manager_varlink_init_userdb(m); -- if (r < 0) -- return r; -- -- r = manager_varlink_init_machine(m); -- if (r < 0) -- return r; -- -+ m->varlink_server = TAKE_PTR(s); - return 0; - } - - void manager_varlink_done(Manager *m) { - assert(m); - -- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); -- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); -+ m->varlink_server = varlink_server_unref(m->varlink_server); - } -diff --git a/src/machine/machined.c b/src/machine/machined.c -index d7087e4672..2638ed572e 100644 ---- a/src/machine/machined.c -+++ b/src/machine/machined.c -@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { - if (m->operations) - return false; - -- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) -- return false; -- -- if (varlink_server_current_connections(m->varlink_machine_server) > 0) -+ if (varlink_server_current_connections(m->varlink_server) > 0) - return false; - - manager_gc(m, true); -diff --git a/src/machine/machined.h b/src/machine/machined.h -index 67abed0fd6..280c32bab6 100644 ---- a/src/machine/machined.h -+++ b/src/machine/machined.h -@@ -40,8 +40,7 @@ struct Manager { - sd_event_source *nscd_cache_flush_event; - #endif - -- VarlinkServer *varlink_userdb_server; -- VarlinkServer *varlink_machine_server; -+ VarlinkServer *varlink_server; - }; - - int manager_add_machine(Manager *m, const char *name, Machine **_machine); -diff --git a/src/machine/meson.build b/src/machine/meson.build -index 3150b33de5..c82a32589d 100644 ---- a/src/machine/meson.build -+++ b/src/machine/meson.build -@@ -3,7 +3,6 @@ - libmachine_core_sources = files( - 'image-dbus.c', - 'machine-dbus.c', -- 'machine-varlink.c', - 'machine.c', - 'machined-core.c', - 'machined-dbus.c', -diff --git a/src/shared/meson.build b/src/shared/meson.build -index d01367a159..17313aefed 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -180,7 +180,6 @@ shared_sources = files( - 'varlink-io.systemd.Credentials.c', - 'varlink-io.systemd.Hostname.c', - 'varlink-io.systemd.Journal.c', -- 'varlink-io.systemd.Machine.c', - 'varlink-io.systemd.ManagedOOM.c', - 'varlink-io.systemd.MountFileSystem.c', - 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h -deleted file mode 100644 -index c9fc85f150..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink-idl.h" -- --extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/0001-core-dbus-execute-use-correct-char-for-representing-.patch b/0001-core-dbus-execute-use-correct-char-for-representing-.patch deleted file mode 100644 index 005d49f..0000000 --- a/0001-core-dbus-execute-use-correct-char-for-representing-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From af87bdc6bc0d5b50af87ffd3b5cbd3e7c472dd42 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 26 May 2024 00:49:09 +0800 -Subject: [PATCH 1/2] core/dbus-execute: use correct char for representing - WorkingDirectory=home - ---- - src/core/dbus-execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index e907aa67af..e55fb6ee16 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2755,7 +2755,7 @@ int bus_exec_context_set_transient_property( - c->working_directory_home = is_home; - c->working_directory_missing_ok = missing_ok; - -- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "+" : ASSERT_PTR(c->working_directory)); -+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); - } - - return 1; --- -2.45.1 - diff --git a/0001-generator-setup-use-RET_GATHER.patch b/0001-generator-setup-use-RET_GATHER.patch deleted file mode 100644 index 220b210..0000000 --- a/0001-generator-setup-use-RET_GATHER.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 89713133365b14634ed3f7e2812d4ddc17be0390 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:45:50 +0200 -Subject: [PATCH 1/3] generator-setup: use RET_GATHER() - ---- - src/core/generator-setup.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c -index 00d6ad61fa..b16211e8f4 100644 ---- a/src/core/generator-setup.c -+++ b/src/core/generator-setup.c -@@ -8,7 +8,7 @@ - #include "rm-rf.h" - - int lookup_paths_mkdir_generator(LookupPaths *p) { -- int r, q; -+ int r; - - assert(p); - -@@ -16,14 +16,8 @@ int lookup_paths_mkdir_generator(LookupPaths *p) { - return -EINVAL; - - r = mkdir_p_label(p->generator, 0755); -- -- q = mkdir_p_label(p->generator_early, 0755); -- if (q < 0 && r >= 0) -- r = q; -- -- q = mkdir_p_label(p->generator_late, 0755); -- if (q < 0 && r >= 0) -- r = q; -+ RET_GATHER(r, mkdir_p_label(p->generator_early, 0755)); -+ RET_GATHER(r, mkdir_p_label(p->generator_late, 0755)); - - return r; - } --- -2.45.0 - diff --git a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch deleted file mode 100644 index fc4c89f..0000000 --- a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 6f8ef80bb3ba5d244a428aee200c168e809a0079 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 26 May 2024 00:53:46 +0800 -Subject: [PATCH 2/2] core/dbus-execute: don't trigger assertion if - WorkingDirectory="" or "-" - -Follow-up for 14631951cea807de2d482a430841c604c2040718 - -Before this commit, if WorkingDirectory= is empty or literally "-", -'simplified' is not populated, resulting in the ASSERT_PTR -in unit_write_settingf() below getting triggered. - -Also, do not accept "-", so that the parser is consistent -with load-fragment.c - -Fixes #33015 ---- - src/core/dbus-execute.c | 49 ++++++++++++++++++++++------------------- - 1 file changed, 26 insertions(+), 23 deletions(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index e55fb6ee16..21c260b26b 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2716,38 +2716,38 @@ int bus_exec_context_set_transient_property( - - } else if (streq(name, "WorkingDirectory")) { - _cleanup_free_ char *simplified = NULL; -- bool missing_ok, is_home; -+ bool missing_ok = false, is_home = false; - const char *s; - - r = sd_bus_message_read(message, "s", &s); - if (r < 0) - return r; - -- if (s[0] == '-') { -- missing_ok = true; -- s++; -- } else -- missing_ok = false; -- -- if (isempty(s)) -- is_home = false; -- else if (streq(s, "~")) -- is_home = true; -- else { -- if (!path_is_absolute(s)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects an absolute path or '~'"); -+ if (!isempty(s)) { -+ if (s[0] == '-') { -+ missing_ok = true; -+ s++; -+ } - -- r = path_simplify_alloc(s, &simplified); -- if (r < 0) -- return r; -+ if (streq(s, "~")) -+ is_home = true; -+ else { -+ if (!path_is_absolute(s)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= expects an absolute path or '~'"); - -- if (!path_is_normalized(simplified)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects a normalized path or '~'"); -+ r = path_simplify_alloc(s, &simplified); -+ if (r < 0) -+ return r; - -- if (path_below_api_vfs(simplified)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= may not be below /proc/, /sys/ or /dev/."); -+ if (!path_is_normalized(simplified)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= expects a normalized path or '~'"); - -- is_home = false; -+ if (path_below_api_vfs(simplified)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= may not be below /proc/, /sys/ or /dev/"); -+ } - } - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -@@ -2755,7 +2755,10 @@ int bus_exec_context_set_transient_property( - c->working_directory_home = is_home; - c->working_directory_missing_ok = missing_ok; - -- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); -+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, -+ "WorkingDirectory=%s%s", -+ c->working_directory_missing_ok ? "-" : "", -+ c->working_directory_home ? "~" : strempty(c->working_directory)); - } - - return 1; --- -2.45.1 - diff --git a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch deleted file mode 100644 index ae26e94..0000000 --- a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 064e901cb34b1a3dddbbe98595a2731bb85c4424 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:46:51 +0200 -Subject: [PATCH 2/3] exec-util: use the stdio array of safe_fork_full() where - appropriate - ---- - src/shared/exec-util.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c -index 1c7b14d98d..dc0974572f 100644 ---- a/src/shared/exec-util.c -+++ b/src/shared/exec-util.c -@@ -36,27 +36,35 @@ - /* Put this test here for a lack of better place */ - assert_cc(EAGAIN == EWOULDBLOCK); - --static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) { -- pid_t _pid; -+static int do_spawn( -+ const char *path, -+ char *argv[], -+ int stdout_fd, -+ pid_t *ret_pid, -+ bool set_systemd_exec_pid) { -+ - int r; - -+ assert(path); -+ assert(ret_pid); -+ - if (null_or_empty_path(path) > 0) { - log_debug("%s is empty (a mask).", path); - return 0; - } - -- r = safe_fork("(direxec)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); -+ pid_t pid; -+ r = safe_fork_full( -+ "(direxec)", -+ (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, -+ /* except_fds= */ NULL, /* n_except_fds= */ 0, -+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, -+ &pid); - if (r < 0) - return r; - if (r == 0) { - char *_argv[2]; - -- if (stdout_fd >= 0) { -- r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO); -- if (r < 0) -- _exit(EXIT_FAILURE); -- } -- - if (set_systemd_exec_pid) { - r = setenv_systemd_exec_pid(false); - if (r < 0) -@@ -75,7 +83,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b - _exit(EXIT_FAILURE); - } - -- *pid = _pid; -+ *ret_pid = pid; - return 1; - } - --- -2.45.0 - diff --git a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch deleted file mode 100644 index d2d95ac..0000000 --- a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:50:54 +0200 -Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked - generators - -We should really have set O_CLOEXEC for all our fds, but better be safe -than sorry. ---- - src/shared/exec-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c -index dc0974572f..ac1c150ab1 100644 ---- a/src/shared/exec-util.c -+++ b/src/shared/exec-util.c -@@ -58,7 +58,7 @@ static int do_spawn( - "(direxec)", - (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, - /* except_fds= */ NULL, /* n_except_fds= */ 0, -- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, -+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, - &pid); - if (r < 0) - return r; --- -2.45.0 - diff --git a/sources b/sources index 450d5cf..2f0f391 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc3.tar.gz) = 0dce57bc6e4cefd59ad8f93e1e474f5a9de1857eac138fb6ca0735d2a7f8ebdea1469b8efe15b945be23281d8eddd321567d47b42a5145a86627587d34cc39c0 +SHA512 (systemd-256-rc4.tar.gz) = 0233c4d6c99027192312b38fff66258860570d3b09324c2748767b318697958383ecf5133bd187d52778671c286afd41eb7c83e755dffd4c12e46b16fc3f0d0d diff --git a/systemd.spec b/systemd.spec index 2821ad2..9c9a588 100644 --- a/systemd.spec +++ b/systemd.spec @@ -40,7 +40,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc3} +Version: %{?version_override}%{!?version_override:256~rc4} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -103,20 +103,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -# Drop varlink method call until selinux policy is updated, -# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, -# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. -# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. -Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch - -Patch0002: 0001-generator-setup-use-RET_GATHER.patch -Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch -Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch - -# Backport part of https://github.com/systemd/systemd/pull/33016 -# to fix a bug that causes crashes in KDE Frameworks 6.3.0 -Patch0005: 0001-core-dbus-execute-use-correct-char-for-representing-.patch -Patch0006: 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd @@ -276,6 +262,7 @@ Conflicts: fedora-release < 23-0.12 BuildRequires: setup >= 2.15.0-3 BuildRequires: python3 Conflicts: setup < 2.15.0-3 +Conflicts: selinux-policy-any < 41.1 %endif %if 0%{?fedora} >= 41