From ce4156b3ddac9d839caccfe541123706bda541a5 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Dec 09 2021 15:02:25 +0000 Subject: Version 250-rc1 The crypto backend is switched to openssl. gcrypt is still used for FSS in libsystemd.so. --- diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch deleted file mode 100644 index 00a012c..0000000 --- a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ /dev/null @@ -1,252 +0,0 @@ -From 7d9ee15d0fc2af87481ee371b278dbe7e68165ef Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH] rpm: don't specify the full path for systemctl and other - commands - -We can make things a bit simpler and more readable by not specifying the path. -Since we didn't specify the full path for all commands (including those invoked -recursively by anythign we invoke), this didn't really privide any security or -robustness benefits. I guess that full paths were used because this style of -rpm packagnig was popular in the past, with macros used for everything -possible, with special macros for common commands like %{__ln} and %{__mkdir}. ---- - src/rpm/macros.systemd.in | 24 ++++++++++++------------ - src/rpm/triggers.systemd.in | 18 +++++++++--------- - src/rpm/triggers.systemd.sh.in | 18 +++++++++--------- - 3 files changed, 30 insertions(+), 30 deletions(-) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3a0169a85f..3129ab2d61 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ - # Initial installation \ -- %{_bindir}/systemctl --no-reload preset %{?*} || : \ -+ systemctl --no-reload preset %{?*} || : \ - fi \ - %{nil} - -@@ -56,21 +56,21 @@ fi \ - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ - if [ -d /run/systemd/system ]; then \ -- %{_bindir}/systemctl --no-reload disable --now %{?*} || : \ -+ systemctl --no-reload disable --now %{?*} || : \ - else \ -- %{_bindir}/systemctl --no-reload disable %{?*} || : \ -+ systemctl --no-reload disable %{?*} || : \ - fi \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ -- %{_bindir}/systemctl --global disable %{?*} || : \ -+ systemctl --global disable %{?*} || : \ - fi \ - %{nil} - -@@ -84,10 +84,10 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ - # Package upgrade, not uninstall \ - for unit in %{?*}; do \ -- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ -+ systemctl set-property $unit Markers=+needs-restart || : \ - done \ - fi \ - %{nil} -@@ -105,17 +105,17 @@ fi \ - # Deprecated. Use %tmpfiles_create_package instead - %tmpfiles_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \ --[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \ -+command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \ - %{nil} - - # Deprecated. Use %sysusers_create_package instead - %sysusers_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \ -+command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \ - %{nil} - - %sysusers_create_inline() \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - </dev/null && systemd-sysusers - < 0 then - posix.wait(pid) - end - - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -38,7 +38,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "daemon-reload")) -+ assert(posix.execp("systemctl", "daemon-reload")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -49,7 +49,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -62,7 +62,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-sysusers")) -+ assert(posix.execp("systemd-sysusers")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -74,7 +74,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) -+ assert(posix.execp("systemd-hwdb", "update")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -86,7 +86,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) -+ assert(posix.execp("journalctl", "--update-catalog")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -111,7 +111,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create")) -+ assert(posix.execp("systemd-tmpfiles", "--create")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -123,7 +123,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/udevadm", "control", "--reload")) -+ assert(posix.execp("udevadm", "control", "--reload")) - elseif pid > 0 then - posix.wait(pid) - end -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 22abad9812..1631be18c9 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -15,8 +15,8 @@ - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl daemon-reload || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -26,13 +26,13 @@ fi - # have been installed, but before %postun scripts in packages get - # executed. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -+ systemctl daemon-reload || : - fi - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} -@@ -40,21 +40,21 @@ fi - # specified users automatically. The priority is set such that it - # will run before the tmpfiles file trigger. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-sysusers || : -+ systemd-sysusers || : - fi - - %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} - # This script will automatically invoke hwdb update if files have been - # installed or updated in {{UDEV_HWDB_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-hwdb update || : -+ systemd-hwdb update || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} - # This script will automatically invoke journal catalog update if files - # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/journalctl --update-catalog || : -+ journalctl --update-catalog || : - fi - - %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} -@@ -71,14 +71,14 @@ fi - # tmpfiles automatically. The priority is set such that it will run - # after the sysusers file trigger, but before any other triggers. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-tmpfiles --create || : -+ systemd-tmpfiles --create || : - fi - - %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}} - # This script will automatically update udev with new rules if files - # have been installed or updated in {{UDEV_RULES_DIR}}. - if test -e /run/udev/control; then -- %{_bindir}/udevadm control --reload || : -+ udevadm control --reload || : - fi - - %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch deleted file mode 100644 index 212a58d..0000000 --- a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ /dev/null @@ -1,332 +0,0 @@ -From 6d825ab2d42d3219e49a192bf99f9c09134a0df4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH] rpm: use a helper script to actually invoke systemctl - commands -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Instead of embedding the commands to invoke directly in the macros, -let's use a helper script as indirection. This has a couple of advantages: - -- the macro language is awkward, we need to suffix most commands by "|| :" - and "\", which is easy to get wrong. In the new scheme, the macro becomes - a single simple command. -- in the script we can use normal syntax highlighting, shellcheck, etc. -- it's also easier to test the invoked commands by invoking the helper - manually. -- most importantly, the logic is contained in the helper, i.e. we can - update systemd rpm and everything uses the new helper. Before, we would - have to rebuild all packages to update the macro definition. - -This raises the question whether it makes sense to use the lua scriptlets when -the real work is done in a bash script. I think it's OK: we still have the -efficient lua scripts that do the short scripts, and we use a single shared -implementation in bash to do the more complex stuff. - -The meson version is raised to 0.47 because that's needed for install_mode. -We were planning to raise the required version anyway… ---- - README | 2 +- - meson.build | 3 +- - src/rpm/macros.systemd.in | 30 ++++++++-------- - src/rpm/meson.build | 13 ++++--- - src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 43 ++++++++--------------- - src/rpm/triggers.systemd.sh.in | 13 ++----- - 7 files changed, 105 insertions(+), 59 deletions(-) - create mode 100755 src/rpm/systemd-update-helper.in - -diff --git a/README b/README -index 0e5c326deb..a8f23a0d5b 100644 ---- a/README -+++ b/README -@@ -193,7 +193,7 @@ REQUIREMENTS: - python-jinja2 - python-lxml (optional, required to build the indices) - python >= 3.5 -- meson >= 0.46 (>= 0.49 is required to build position-independent executables) -+ meson >= 0.47 (>= 0.49 is required to build position-independent executables) - ninja - gcc, awk, sed, grep, and similar tools - clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs -diff --git a/meson.build b/meson.build -index a2ee15bf32..c6b3e72d23 100644 ---- a/meson.build -+++ b/meson.build -@@ -10,7 +10,7 @@ project('systemd', 'c', - 'localstatedir=/var', - 'warning_level=2', - ], -- meson_version : '>= 0.46', -+ meson_version : '>= 0.47', - ) - - libsystemd_version = '0.32.0' -@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib - conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) - conf.set_quoted('SYSTEMD_TEST_DATA', join_paths(testsdir, 'testdata')) - conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) -+conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', join_paths(rootlibexecdir, 'systemd-update-helper')) - conf.set_quoted('SYSTEMD_USERWORK_PATH', join_paths(rootlibexecdir, 'systemd-userwork')) - conf.set_quoted('SYSTEMD_VERITYSETUP_PATH', join_paths(rootlibexecdir, 'systemd-veritysetup')) - conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'system')) -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3129ab2d61..bbdf036da7 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Initial installation \ -- systemctl --no-reload preset %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \ - fi \ - %{nil} - --%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} -+%systemd_user_post() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Initial installation \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \ -+fi \ -+%{nil} - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- if [ -d /run/systemd/system ]; then \ -- systemctl --no-reload disable --now %{?*} || : \ -- else \ -- systemctl --no-reload disable %{?*} || : \ -- fi \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- systemctl --global disable %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \ - fi \ - %{nil} - -@@ -84,11 +86,9 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package upgrade, not uninstall \ -- for unit in %{?*}; do \ -- systemctl set-property $unit Markers=+needs-restart || : \ -- done \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ - fi \ - %{nil} - -diff --git a/src/rpm/meson.build b/src/rpm/meson.build -index fc72fee73c..2ad3308cc1 100644 ---- a/src/rpm/meson.build -+++ b/src/rpm/meson.build -@@ -1,9 +1,13 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - - in_files = [ -- ['macros.systemd', rpmmacrosdir != 'no'], -- ['triggers.systemd', false], -- ['triggers.systemd.sh', false]] -+ ['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir], -+ -+ # we conditionalize on rpmmacrosdir, but install into rootlibexecdir -+ ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'], -+ -+ ['triggers.systemd', false], -+ ['triggers.systemd.sh', false]] - - # The last two don't get installed anywhere, one of them needs to included in - # the rpm spec file definition instead. -@@ -17,6 +21,7 @@ foreach tuple : in_files - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, - install : tuple[1], -- install_dir : rpmmacrosdir, -+ install_dir : tuple.length() > 2 ? tuple[2] : '', -+ install_mode : tuple.length() > 3 ? tuple[3] : false, - build_by_default : true) - endforeach -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -new file mode 100755 -index 0000000000..9fa49fa131 ---- /dev/null -+++ b/src/rpm/systemd-update-helper.in -@@ -0,0 +1,60 @@ -+#!/bin/bash -+set -eu -+set -o pipefail -+ -+command="${1:?}" -+shift -+ -+command -v systemctl >/dev/null || exit 0 -+ -+case "$command" in -+ install-system-units) -+ systemctl --no-reload preset "$@" -+ ;; -+ -+ install-user-units) -+ systemctl --no-reload preset --global "$@" -+ ;; -+ -+ remove-system-units) -+ if [ -d /run/systemd/system ]; then -+ systemctl --no-reload disable --now "$@" -+ else -+ systemctl --no-reload disable "$@" -+ fi -+ ;; -+ -+ remove-user-units) -+ systemctl --global disable "$@" -+ ;; -+ -+ mark-restart-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-restart || : -+ done -+ ;; -+ -+ system-reload-restart|system-reload|system-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ if [[ "$command" =~ reload ]]; then -+ systemctl daemon-reload -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ systemctl reload-or-restart --marked -+ fi -+ ;; -+ -+ *) -+ echo "Unknown verb '$command'" -+ exit 3 -+ ;; -+esac -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index 247358008a..d29cc33dfd 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -13,20 +13,11 @@ - -- upgraded. We care about the case where a package is initially - -- installed, because other cases are covered by the *un scriptlets, - -- so sometimes we will reload needlessly. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -- -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -35,24 +26,20 @@ end - -- On upgrade, we need to run daemon-reload after any new unit files - -- have been installed, but before %postun scripts in packages get - -- executed. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- We restart remaining services that should be restarted here. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 1631be18c9..83cd7617f8 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -14,10 +14,7 @@ - # upgraded. We care about the case where a package is initially - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been -@@ -25,15 +22,11 @@ fi - # On upgrade, we need to run daemon-reload after any new unit files - # have been installed, but before %postun scripts in packages get - # executed. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. --if test -d "/run/systemd/system"; then -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch deleted file mode 100644 index b1efa37..0000000 --- a/0003-rpm-call-needs-restart-in-parallel.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3598aff4d963b2e51ac74d206161da47bfde785c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH] rpm: call +needs-restart in parallel -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some rpms install a bunch of units… It seems nicer to invoke them all in -parallel. In particular, timeouts in systemctl also run in parallel, so if -there's some communication mishap, we will wait less. ---- - src/rpm/systemd-update-helper.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index 9fa49fa131..f3c75b75fa 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -32,8 +32,9 @@ case "$command" in - [ -d /run/systemd/system ] || exit 0 - - for unit in "$@"; do -- systemctl set-property "$unit" Markers=+needs-restart || : -+ systemctl set-property "$unit" Markers=+needs-restart & - done -+ wait - ;; - - system-reload-restart|system-reload|system-restart) diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch deleted file mode 100644 index 94eca7b..0000000 --- a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ /dev/null @@ -1,254 +0,0 @@ -From 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH] rpm: restart user services at the end of the transaction - -This closes an important gap: so far we would reexecute the system manager and -restart system services that were configured to do so, but we wouldn't do the -same for user managers or user services. - -The scheme used for user managers is very similar to the system one, except -that there can be multiple user managers running, so we query the system -manager to get a list of them, and then tell each one to do the equivalent -operations: daemon-reload, disable --now, set-property Markers=+needs-restart, -reload-or-restart --marked. - -The total time that can be spend on this is bounded: we execute the commands in -parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT -to a lower value (15 s by default). User managers should not have too many -units running, and they should be able to do all those operations very -quickly (<< 1s). The final restart operation may take longer, but it's done -asynchronously, so we only wait for the queuing to happen. - -The advantage of doing this synchronously is that we can wait for each step to -happen, and for example daemon-reloads can finish before we execute the service -restarts, etc. We can also order various steps wrt. to the phases in the rpm -transaction. - -When this was initially proposed, we discussed a more relaxed scheme with bus -property notifications. Such an approach would be more complex because a bunch -of infrastructure would have to be added to system manager to propagate -appropriate notifications to the user managers, and then the user managers -would have to wait for them. Instead, now there is no new code in the managers, -all new functionality is contained in src/rpm/. The ability to call 'systemctl ---user user@' makes this approach very easy. Also, it would be very hard to -order the user manager steps and the rpm transaction steps. - -Note: 'systemctl --user disable' is only called for a user managers that are -running. I don't see a nice way around this, and it shouldn't matter too much: -we'll just leave a dangling symlink in the case where the user enabled the -service manually. - -A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and -fa97d2fcf64e0558054bee673f734f523373b146. ---- - meson.build | 1 + - meson_options.txt | 2 ++ - src/rpm/macros.systemd.in | 6 +++- - src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 28 ++++++++++++++++++- - src/rpm/triggers.systemd.sh.in | 13 ++++++++- - 6 files changed, 94 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index c6b3e72d23..cafce977c2 100644 ---- a/meson.build -+++ b/meson.build -@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) - conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) - conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) - conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) -+conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT', get_option('update-helper-user-timeout')) - conf.set_quoted('USER_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'user')) - conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) - conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) -diff --git a/meson_options.txt b/meson_options.txt -index b60261ac24..50f2b7b5e9 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', - description : 'directory for xinitrc files') - option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', - description : 'directory for rpm macros ["no" disables]') -+option('update-helper-user-timeout', type : 'string', value : '15s', -+ description : 'how long to wait for user manager operations') - option('pamlibdir', type : 'string', - description : 'directory for PAM modules') - option('pamconfdir', type : 'string', -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index bbdf036da7..caa2e45595 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -93,7 +93,11 @@ fi \ - %{nil} - - %systemd_user_postun_with_restart() \ --%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \ -+fi \ - %{nil} - - %udev_hwdb_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3c75b75fa..f3466ab3c0 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -26,6 +26,15 @@ case "$command" in - - remove-user-units) - systemctl --global disable "$@" -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" disable --now "$@" & -+ done -+ wait - ;; - - mark-restart-system-units) -@@ -37,6 +46,17 @@ case "$command" in - wait - ;; - -+ mark-restart-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" -@@ -54,6 +74,33 @@ case "$command" in - fi - ;; - -+ user-reload-restart|user-reload|user-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ -+ if [[ "$command" =~ reload ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reload & -+ done -+ wait -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" reload-or-restart --marked & -+ done -+ wait -+ fi -+ ;; -+ - *) - echo "Unknown verb '$command'" - exit 3 -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index d29cc33dfd..8aeb2049c1 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -20,6 +20,14 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerin -P 900899 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- On removal, we need to run daemon-reload after any units have been - -- removed. -@@ -33,8 +41,17 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -+-- Execute daemon-reload in user managers. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system ---- We restart remaining services that should be restarted here. -+-- We restart remaining system services that should be restarted here. - pid = posix.fork() - if pid == 0 then - assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -@@ -42,6 +59,15 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 9999 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+-- We restart remaining user services that should be restarted here. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} - -- This script will process files installed in {{SYSUSERS_DIR}} to create - -- specified users automatically. The priority is set such that it -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 83cd7617f8..694cd94e8d 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -16,6 +16,9 @@ - # so sometimes we will reload needlessly. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - -+%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || : -+ - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been - # removed. -@@ -24,10 +27,18 @@ - # executed. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - -+%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# Execute daemon-reload in user managers. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || : -+ - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system --# We restart remaining services that should be restarted here. -+# We restart remaining system services that should be restarted here. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - -+%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# We restart remaining user services that should be restarted here. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || : -+ - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create - # specified users automatically. The priority is set such that it diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch deleted file mode 100644 index f5f407e..0000000 --- a/0005-update-helper-also-add-user-reexec-verb.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1262e824a4d638e347ae0d39c973f1f750962533 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH] update-helper: also add "user-reexec" verb - -This is not called from the systemd.triggers or systemd.macros files. Instead, -it would be called from the scriptlets in systemd rpm package itself, at the -place where we call systemctl daemon-reexec. - -See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . ---- - src/rpm/systemd-update-helper.in | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3466ab3c0..0c6675a9db 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -74,7 +74,7 @@ case "$command" in - fi - ;; - -- user-reload-restart|user-reload|user-restart) -+ user-reload-restart|user-reload|user-restart|user-reexec) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" - exit 2 -@@ -84,6 +84,14 @@ case "$command" in - - users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') - -+ if [[ "$command" =~ reexec ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reexec & -+ done -+ wait -+ fi -+ - if [[ "$command" =~ reload ]]; then - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ diff --git a/0006-update-helper-add-missing-loop-over-user-units.patch b/0006-update-helper-add-missing-loop-over-user-units.patch deleted file mode 100644 index 308c4c2..0000000 --- a/0006-update-helper-add-missing-loop-over-user-units.patch +++ /dev/null @@ -1,30 +0,0 @@ -From a4eba5d8cfaabbd87687c651fcdd06df9e267931 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 4 Nov 2021 09:49:18 +0100 -Subject: [PATCH] update-helper: add missing loop over user units - -Noticed by Luca. - -shellcheck doens't catch this, and somehow it was missed in review -and testing ;( ---- - src/rpm/systemd-update-helper.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index fa35e7ba90..7e007d4806 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -52,8 +52,10 @@ case "$command" in - - users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') - for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -- systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ for unit in "$@"; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ done - done - wait - ;; diff --git a/2da7d0bc92.patch b/2da7d0bc92.patch deleted file mode 100644 index ad81b34..0000000 --- a/2da7d0bc92.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:02:50 +0200 -Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host - -UIDs don't work well over ssh, but locally or with containers they are OK. -In particular, user@.service uses UIDs as identifiers, and it's nice to be -able to copy&paste that UID for interaction with the user's managers. ---- - src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index a32e2f5e2085..6960161c3658 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -39,6 +39,7 @@ - #include "parse-util.h" - #include "path-util.h" - #include "process-util.h" -+#include "stdio-util.h" - #include "string-util.h" - #include "strv.h" - #include "user-util.h" -@@ -1617,7 +1618,7 @@ static int user_and_machine_valid(const char *user_and_machine) { - if (!user) - return -ENOMEM; - -- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) -+ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) - return false; - - h++; -@@ -1648,17 +1649,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { - - /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this - * would connect to. */ -- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) -+ uid_t uid = geteuid(); -+ -+ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) - return true; - -- /* Otherwise, we have to figure our user name, and compare things with that. */ -- un = getusername_malloc(); -- if (!un) -- return -ENOMEM; -+ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ -+ char buf[DECIMAL_STR_MAX(uid_t)]; -+ xsprintf(buf, UID_FMT, uid); -+ -+ f = startswith(user_and_machine, buf); -+ if (!f) { -+ un = getusername_malloc(); -+ if (!un) -+ return -ENOMEM; - -- f = startswith(user_and_machine, un); -- if (!f) -- return false; -+ f = startswith(user_and_machine, un); -+ if (!f) -+ return false; -+ } - - return STR_IN_SET(f, "@", "@.host"); - } diff --git a/sources b/sources index 5142edc..d3bbd0a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.7.tar.gz) = 65848a1141f66f11610ab28f70ef2fa4539e2fc31b9f6c9d9a18d9d68be877ad02b5699d05d98b209eac4e28ba5141f83366c2b70f485f3f406d7bc14eb21365 +SHA512 (systemd-250-rc1.tar.gz) = efcf22abb5237328707942636c86b5a9080737913359863c3d568dadfffdd78667a27c0c2f9c6375de37964726e1dec0003092174a440213100a08c691fafce6 diff --git a/systemd.spec b/systemd.spec index bfa8375..309d7fe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.7 -Release: 3%{?dist} +Version: 250~rc1 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -91,14 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. -Patch0001: 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch -Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch -Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch -Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch -Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch -Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch -Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -153,6 +146,7 @@ BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) +BuildRequires: pkgconfig(libbpf) BuildRequires: systemtap-sdt-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl @@ -449,6 +443,7 @@ CONFIGURE_OPTS=( -Dacl=true -Dsmack=true -Dopenssl=true + -Dcryptolib=openssl -Dp11kit=true -Dgcrypt=true -Daudit=true