From d2f4df32269d16cfbad3516a804f72b8b899fa8a Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Jul 25 2022 18:34:49 +0000 Subject: clean replacement with fedora/rawhide 8ed6e37eb47f5ee1ec084227fb1acd9c54a8054e --- diff --git a/21705.patch b/21705.patch deleted file mode 100644 index 51d5714..0000000 --- a/21705.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ca52de3b56d5e70232bee29314cd84f5596c1e7f Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Dec 2021 15:46:13 +0100 -Subject: [PATCH] process-util: Fix memory leak - ---- - src/basic/process-util.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 1b96d3ca8543..c97185215847 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -221,9 +221,12 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags - return -ENOMEM; - - /* Drop trailing empty strings. See issue #21186. */ -- STRV_FOREACH_BACKWARDS(p, args) -- if (isempty(*p)) -- *p = mfree(*p); -+ STRV_FOREACH_BACKWARDS(p, args) { -+ if (!isempty(*p)) -+ break; -+ -+ *p = mfree(*p); -+ } - - ans = quote_command_line(args, shflags); - if (!ans) diff --git a/Makefile.selinux b/Makefile.selinux deleted file mode 100644 index bc159a5..0000000 --- a/Makefile.selinux +++ /dev/null @@ -1,16 +0,0 @@ -TARGETS ?= systemd_hs -SHARE ?= /usr/share -MODULES ?= ${TARGETS:=.pp.bz2} - -all: ${TARGETS:=.pp.bz2} - -%.pp.bz2: %.pp - @echo Compressing $^ -\ $@ - bzip2 -9 $^ - -%.pp: %.te - make -f ${SHARE}/selinux/devel/Makefile $@ - -clean: - rm -f *~ *.tc *.pp *.pp.bz2 - rm -rf tmp diff --git a/README.build-in-place b/README.build-in-place deleted file mode 100644 index 9d68330..0000000 --- a/README.build-in-place +++ /dev/null @@ -1,14 +0,0 @@ -== Building systemd rpms for local development using rpmbuild --build-in-place == - -This approach is based on https://github.com/filbranden/git-rpmbuild -and filbranden's talk during ASG2019 [https://www.youtube.com/watch?v=fVM1kJrymRM]. - -``` -git clone https://github.com/systemd/systemd -fedpkg clone systemd fedora-systemd -cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec -sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm -``` - -`--without lto` and `--without tests` may be useful to speed up the build. diff --git a/README.build-in-place.md b/README.build-in-place.md new file mode 100644 index 0000000..057c103 --- /dev/null +++ b/README.build-in-place.md @@ -0,0 +1,14 @@ +# Building systemd rpms for local development using rpmbuild --build-in-place + +This approach is based on filbranden's [git-rpmbuild](https://github.com/filbranden/git-rpmbuild) +and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). + +``` +git clone https://github.com/systemd/systemd +fedpkg clone systemd fedora-systemd +cd systemd +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec +sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm +``` + +`--without lto` and `--without tests` may be useful to speed up the build. diff --git a/bbe53713455be38c0a587626439fd171f28c77fc.patch b/bbe53713455be38c0a587626439fd171f28c77fc.patch deleted file mode 100644 index 9f5bd29..0000000 --- a/bbe53713455be38c0a587626439fd171f28c77fc.patch +++ /dev/null @@ -1,65 +0,0 @@ -From bbe53713455be38c0a587626439fd171f28c77fc Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 30 Jan 2022 23:40:05 +0100 -Subject: [PATCH] basic: update CIFS magic - -Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and -renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with -SMB2_SUPER_MAGIC. - -This fixes the following build fail on current Fedora Rawhide: -``` -../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: - -Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC -Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC -``` ---- - src/basic/filesystems-gperf.gperf | 4 ++-- - src/basic/missing_magic.h | 11 ++++++++--- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf -index 08c8c445105a..e8c5357f9146 100644 ---- a/src/basic/filesystems-gperf.gperf -+++ b/src/basic/filesystems-gperf.gperf -@@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} - cgroup2, {CGROUP2_SUPER_MAGIC} - # note that the cgroupfs magic got reassigned from cpuset - cgroup, {CGROUP_SUPER_MAGIC} --cifs, {CIFS_MAGIC_NUMBER} -+cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} - coda, {CODA_SUPER_MAGIC} - configfs, {CONFIGFS_MAGIC} - cramfs, {CRAMFS_MAGIC} -@@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} - shiftfs, {SHIFTFS_MAGIC} - smackfs, {SMACK_MAGIC} - # smb3 is an alias for cifs --smb3, {CIFS_MAGIC_NUMBER} -+smb3, {CIFS_SUPER_MAGIC} - # smbfs was removed from the kernel in 2010, the magic remains - smbfs, {SMB_SUPER_MAGIC} - sockfs, {SOCKFS_MAGIC} -diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h -index 7d9320bb6dc9..c104fcfba315 100644 ---- a/src/basic/missing_magic.h -+++ b/src/basic/missing_magic.h -@@ -38,9 +38,14 @@ - #define XFS_SB_MAGIC 0x58465342 - #endif - --/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ --#ifndef CIFS_MAGIC_NUMBER --#define CIFS_MAGIC_NUMBER 0xFF534D42 -+/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ -+#ifndef CIFS_SUPER_MAGIC -+#define CIFS_SUPER_MAGIC 0xFF534D42 -+#endif -+ -+/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ -+#ifndef SMB2_SUPER_MAGIC -+#define SMB2_SUPER_MAGIC 0xFE534D42 - #endif - - /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ diff --git a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch index a0d70e4..84497ad 100644 --- a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +++ b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch @@ -109,7 +109,7 @@ rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 30b00ae4d8b7..ffe5144b04ae 100644 +index 30b00ae4d8b..ffe5144b04a 100644 --- a/src/test/test-mountpoint-util.c +++ b/src/test/test-mountpoint-util.c @@ -89,8 +89,12 @@ static void test_mnt_id(void) { diff --git a/libsystemd-shared.abignore b/libsystemd-shared.abignore index e412d8b..6a33b88 100644 --- a/libsystemd-shared.abignore +++ b/libsystemd-shared.abignore @@ -1,3 +1,3 @@ [suppress_file] -# This shared object is private to systemd -file_name_regexp=libsystemd-shared-.*.so +# Those shared objects are private to systemd +file_name_regexp=libsystemd-(shared|core)-.*.so diff --git a/sources b/sources index 6d6939c..95b4d5d 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (systemd-hs-250.3.tar.gz) = 1531bb825ae0dcb6244a262e4a8d52a7070ff83db7bd000c90d1fa4c453dd76170b3773fc563a5cbd3ff0ca70f93b212bfc45558d8153f70b4f41780606b1298 -SHA512 (systemd-hs+fb-250.3.tar.gz) = 3abf78271c5e3e5907d6585dfc3dfcfa48d0c2924610f58b5b097b2be165096f1e6ab7c47136ab03157cc9857d4151d0a6d48371bf6ac8406f0c51abed4aac93 +SHA512 (systemd-251.2.tar.gz) = 0c4011b685a1e8d535af123cbaf79ab53d59ea665ca5350ab1077ad4e962b49c1fd5b1b5bb3f28c3e28145dfd02aa83023f78de5edec15afe84e3e06e742a67c diff --git a/split-files.py b/split-files.py index f7444f2..835be3d 100644 --- a/split-files.py +++ b/split-files.py @@ -1,7 +1,6 @@ import re, sys, os, collections buildroot = sys.argv[1] -release = sys.argv[2] known_files = sys.stdin.read().splitlines() known_files = {line.split()[-1]:line for line in known_files} @@ -29,7 +28,7 @@ o_resolve = open('.file-list-resolve', 'w') o_tests = open('.file-list-tests', 'w') o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_rest = open('.file-list-rest', 'w') +o_main = open('.file-list-main', 'w') for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -59,7 +58,11 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?= 0.57 -%else BuildRequires: meson >= 0.43 -%endif BuildRequires: gettext # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available BuildRequires: valgrind-devel @@ -177,13 +169,19 @@ BuildRequires: pkgconfig(bash-completion) BuildRequires: perl BuildRequires: perl(IPC::SysV) +%ifnarch %ix86 +# bpftool is not built for i368 +BuildRequires: bpftool +%global have_bpf 1 +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs Requires: dbus >= 1.9.18 Requires: %{name}-pam = %{version}-%{release} -Requires: %{name}-rpm-macros = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Requires: %{name}-libs = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} @@ -198,21 +196,19 @@ Obsoletes: system-setup-keyboard < 0.9 Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 -%if 0%{?facebook} == 0 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) Obsoletes: %{name} < 249~~ -Conflicts: initscripts < 9.56.1 -%endif Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release} -Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release} -Conflicts: %{name}-standalone-sysusers < %{version}-%{release} -Obsoletes: %{name}-standalone-sysusers < %{version}-%{release} +Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Provides: %{name}-tmpfiles = %{version}-%{release} +Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ +Provides: %{name}-sysusers = %{version}-%{release} # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} @@ -221,12 +217,6 @@ Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} Recommends: libqrencode.so.4%{?elf_suffix} - -%if %{with selinux} -# Force the SELinux module to be installed -Requires: %{name}-selinux = %{version}-%{release} -%endif - Recommends: libbpf.so.0%{?elf_suffix} Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} @@ -279,11 +269,6 @@ Systemd PAM module registers the session with systemd-logind. %package rpm-macros Summary: Macros that define paths and scriptlets related to systemd BuildArch: noarch -# Make sure we obsolete the existing version and any possible future versions -# of epel-rpm-macros-systemd in c8s and c9s. -Conflicts: epel-rpm-macros-systemd < 10-0 -Obsoletes: epel-rpm-macros-systemd < 10-0 -Provides: epel-rpm-macros-systemd = 10-0 %description rpm-macros Just the definitions of rpm macros. @@ -316,19 +301,11 @@ Requires(preun): systemd Requires(postun): systemd Requires(post): grep Requires: kmod >= 18-4 -%if 0%{?facebook} == 0 # https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 Obsoletes: systemd < 245.6-1 -%endif Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 -Conflicts: systemd-boot < %{version}-%{release} -Obsoletes: systemd-boot < %{version}-%{release} -Provides: systemd-boot = %{version}-%{release} -Conflicts: systemd-timesyncd < %{version}-%{release} -Obsoletes: systemd-timesyncd < %{version}-%{release} -Provides: systemd-timesyncd = %{version}-%{release} # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home @@ -390,6 +367,7 @@ systemd-importd. Summary: Tools to send journal events over the network Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ +Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} Obsoletes: %{name}-journal-gateway < 227-7 @@ -407,6 +385,8 @@ systemd-journal-upload. Summary: System daemon that manages network configurations Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ +# https://src.fedoraproject.org/rpms/systemd/pull-request/34 +Obsoletes: systemd < 246.6-2 %description networkd systemd-networkd is a system service that manages networks. It detects and @@ -416,6 +396,7 @@ devices. %package resolved Summary: Network Name Resolution manager Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep @@ -444,44 +425,34 @@ License: LGPLv2+ "Installed tests" that are usually run as part of the build system. They can be useful to test systemd internals. -%if %{with selinux} -%package selinux -Summary: SELinux module for systemd -BuildArch: noarch -BuildRequires: bzip2 -BuildRequires: make -BuildRequires: selinux-policy -BuildRequires: selinux-policy-devel -Requires(post): selinux-policy-base >= %{_selinux_policy_version} -Requires(post): policycoreutils -Requires(post): policycoreutils-python-utils -Requires(pre): libselinux-utils -Requires(post): libselinux-utils - -%description selinux -This package provides the SELinux policy module to ensure systemd -runs properly under an environment with SELinux enabled. -%endif +%package standalone-tmpfiles +Summary: Standalone tmpfiles binary for use in non-systemd systems +Provides: %{name}-tmpfiles = %{version}-%{release} +RemovePathPostfixes: .standalone -%prep -# pagure strips the '+' from 'hs+fb' for the top directory in the tar archive so -# the top directory is hsfb-250.3 instead of hs+fb-250.3. -%autosetup -n %{name}-hs%{?facebook:fb}-%{version} -p1 +%description standalone-tmpfiles +Standalone tmpfiles binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. -%if %{with selinux} -mkdir selinux -cp %SOURCE100 %SOURCE101 %SOURCE102 selinux -%endif +%package standalone-sysusers +Summary: Standalone sysusers binary for use in non-systemd systems +Provides: %{name}-sysusers = %{version}-%{release} +RemovePathPostfixes: .standalone + +%description standalone-sysusers +Standalone sysusers binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. + +%prep +%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 test -f src/login/systemd-user.in # Restore systemd-user pam config from before "removal of Fedora-specific bits". # We'll systemd process it and install in the right place. cp %{SOURCE12} src/login/systemd-user.in -# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2057735 -cp /usr/include/linux/audit.h src/systemd/ -sed -r -i "s|generate_audit_type_list, cpp|& + ' -I/usr/include/linux'|" src/libsystemd/meson.build - %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -502,7 +473,7 @@ CONFIGURE_OPTS=( -Dseccomp=true -Dima=true -Dselinux=true - -Dbpf-framework=true + -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] -Dapparmor=false -Dpolkit=true -Dxz=true @@ -516,33 +487,26 @@ CONFIGURE_OPTS=( -Dopenssl=true -Dcryptolib=openssl -Dp11kit=true - -Dgcrypt=true + -Dgcrypt=false -Daudit=true -Delfutils=true -%if %{without bootstrap} - -Dlibcryptsetup=true -%else - -Dlibcryptsetup=false -%endif + -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] -Delfutils=true -Dpwquality=true - # C8S only ships v3.4.4 whereas v4 is required - -Dqrencode=false + -Dqrencode=true -Dgnutls=true -Dmicrohttpd=true -Dlibidn2=true -Dlibiptc=false -Dlibcurl=true - # Not available in EPEL 8 yet (https://bugzilla.redhat.com/show_bug.cgi?id=2059387). - -Dlibfido2=false + -Dlibfido2=true -Defi=true - -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false} + -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] -Dtpm=true -Dtpm2=true -Dhwdb=true -Dsysusers=true - # Standalone binaries are only relevant on non-systemd systems - -Dstandalone-binaries=false + -Dstandalone-binaries=true -Ddefault-kill-user-processes=false -Dtests=unsafe -Dinstall-tests=true @@ -553,21 +517,15 @@ CONFIGURE_OPTS=( -Dcompat-mutable-uid-boundaries=true -Dsplit-usr=false -Dsplit-bin=true -%if %{with lto} - -Db_lto=true -%else - -Db_lto=false -%endif + -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false -Dman=true - -Dversion-tag=v%{version}-%{release} -%if 0%{?fedora} - -Dfallback-hostname=fedora -%else - -Dfallback-hostname=localhost -%endif + -Dversion-tag=%{version}-%{release} + # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 + -Dshared-lib-tag=%{version_no_tilde}-%{release} + -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no - -Ddefault-dns-over-tls=opportunistic + -Ddefault-dns-over-tls=no # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 -Ddefault-mdns=no -Ddefault-llmnr=resolve @@ -595,25 +553,7 @@ CONFIGURE_OPTS=( -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet - # Need to set this for CentOS build - -Ddocdir=%{_pkgdocdir} - # These aren't as relevant for the hyperscale use case - -Duserdb=false - -Dhomed=false - # Old version of PAM might not support files in /usr/lib/pam.d/ so - # stick with the old /etc/pam.d - -Dpamconfdir=/etc/pam.d - -Dpcre2=true -) - -%if 0%{?facebook} -CONFIGURE_OPTS+=( - -Dntp-servers='1.ntp.vip.facebook.com 2.ntp.vip.facebook.com 3.ntp.vip.facebook.com 4.ntp.vip.facebook.com' - -Ddns-servers='10.127.255.51 10.191.255.51 2401:db00:eef0:a53:: 2401:db00:eef0:b53::' - -Dsupport-url='https://www.facebook.com/groups/systemd.and.friends' - -Dcontainer-uid-base-min=10485760 ) -%endif %if %{without lto} %global _lto_cflags %nil @@ -638,11 +578,6 @@ if ! diff -u %{SOURCE1} ${new_triggers}; then sleep 5 fi -%if %{with selinux} -cd selinux -%{__make} -f Makefile.selinux SHARE="%{_datadir}" TARGETS="systemd_hs" -%endif - %install %meson_install @@ -654,7 +589,11 @@ ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm touch %{buildroot}/etc/crypttab chmod 600 %{buildroot}/etc/crypttab +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} + # /etc/sysctl.conf compat +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf # Make sure these directories are properly owned @@ -709,21 +648,15 @@ touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state # Install yum protection fragment install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} + # Install additional docs # https://bugzilla.redhat.com/show_bug.cgi?id=1234951 install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} -# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ -cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || : oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) +# Work-around for #1931034. Remove after F34 is released. +if [ "$oomd_state" == "active" ]; then + systemctl stop -q systemd-oomd 2>/dev/null || : +fi + systemctl daemon-reexec &>/dev/null || { # systemd v239 had bug #9553 in D-Bus authentication of the private socket, # which was later fixed in v240 by #9625. @@ -864,6 +794,22 @@ fi # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) # FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec +%triggerun resolved -- systemd < 246.1-1 +# This is for upgrades from previous versions before systemd-resolved became the default. +systemctl --no-reload preset systemd-resolved.service &>/dev/null || : + +if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then + systemctl -q is-enabled NetworkManager.service 2>/dev/null && \ + ! test -L /etc/resolv.conf 2>/dev/null && \ + ! mountpoint /etc/resolv.conf &>/dev/null && \ + grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \ + echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \ + mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \ + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || : + + systemctl start systemd-resolved.service &>/dev/null || : +fi + %triggerpostun -- systemd < 247.3-2 # This is for upgrades from previous versions before oomd-defaults is available. # We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with @@ -911,6 +857,7 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket %post journal-remote %systemd_post %journal_remote_units_restart %journal_remote_units_norestart +%firewalld_reload %preun journal-remote %systemd_preun %journal_remote_units_restart %journal_remote_units_norestart @@ -924,6 +871,7 @@ fi %postun journal-remote %systemd_postun_with_restart %journal_remote_units_restart +%firewalld_reload %post networkd # systemd-networkd was split out in systemd-246.6-2. @@ -960,7 +908,8 @@ if [ $1 -eq 0 ] ; then fi %post resolved -[ $1 -gt 1 ] && exit 0 +[ $1 -eq 1 ] || exit 0 +# Initial installation # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then @@ -971,6 +920,9 @@ fi %systemd_post systemd-resolved.service %posttrans resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -998,28 +950,9 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && fi fi -%if %{with selinux} -%pre selinux -%selinux_relabel_pre - -%post selinux -%selinux_modules_install %{_datadir}/selinux/packages/systemd_hs.pp.bz2 -%selinux_relabel_post - -%posttrans selinux -%selinux_relabel_post - -%postun selinux -%selinux_modules_uninstall systemd_hs - -if [ $1 -eq 0 ]; then - %selinux_relabel_post -fi -%endif - %global _docdir_fmt %{name} -%files -f %{name}.lang -f .file-list-rest +%files -f %{name}.lang -f .file-list-main %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE* # Only the licenses texts for the licenses in License line are included. @@ -1067,55 +1000,76 @@ fi %files tests -f .file-list-tests -%if %{with selinux} -%files selinux -%{_datadir}/selinux/devel/include/contrib/systemd_hs.if -%{_datadir}/selinux/packages/systemd_hs.pp.bz2 -%endif +%files standalone-tmpfiles -f .file-list-standalone-tmpfiles + +%files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed May 4 2022 Daan De Meyer - 250.3-6.7 -- Backported https://github.com/systemd/systemd/pull/23254 and - https://github.com/systemd/systemd/pull/23205 -- Move more files to the networkd package - -* Wed Apr 13 2022 Daan De Meyer - 250.3-6.6 -- Fixed bug in networkd changes to split-files.py that caused the - /etc/systemd/network to get moved to the networkd package (which we don't - want because that's where link files for udev are also stored). - -* Wed Apr 6 2022 Daan De Meyer - 250.3-6.5 -- Backport systemd-analyze verify regression fix - -* Mon Apr 4 2022 Daan De Meyer - 250.3-6.4 -- Make sure our packages override the corresponding backports from EPEL. -- Modify the networkd fix from the previous release so that it can be merged - into the c9s branch. - -* Fri Apr 1 2022 Daan De Meyer - 250.3-6.3 -- Move systemd-network-generator and networkd man pages to networkd package to - avoid conflicts with systemd-extras from EPEL - -* Wed Mar 16 2022 Daan De Meyer - 250.3-6.2 -- Backport PR #22757: BPF error logging improvements - -* Mon Feb 28 2022 Daan De Meyer - 250.3-6.1 -- New release for v250 -- Sync latest changes from Fedora rawhide -- Use source archives from https://pagure.io/centos-sig-hyperscale/systemd - instead of github. All Hyperscale patches have moved to pagure -- Added llvm-toolset to BuildRequires (for llvm-strip) to make build succeed -- Enable p11kit and pwquality options in the systemd build +* Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.3-1 +- Update to latest bugfix release +- Drop forgotten "temporary" workaround for #1663040 + +* Wed Jun 29 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 +- Drop forward-secure-sealing code from sd-journal and tools + +* Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 251.2-1 +- A bunch of man page fixes, a few memory-access correctness fixes, + remove excessive messages to utmp sessions, suppress messages about + bpf setup in the user manager (#2084955) + +* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 +- Supress errors from useradd/groupadd (#2090129) +- Drop "v" from the version tag, add tilde back +- The tag for shared-libraries is reintroduced (#1906010) + +* Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 +- First bugfix release for 250 +- Two fixes for kernel-install and a revert for #2087225, #2088788. + +* Sat May 21 2022 Zbigniew Jędrzejewski-Szmek - 251-1 +- Latest upstream release, for details see + https://raw.githubusercontent.com/systemd/systemd/v251/NEWS. +- Fixes for #2071034, #2084955, #2086166. + +* Mon May 16 2022 Zbigniew Jędrzejewski-Szmek - 251~rc3-1 +- Update to latest upstream prerelease (just various bugfixes) +- Udev rule processing should be now fixed (#2076459) +- Run sysusers and hwdb and catalog updates also if systemd is not running + (#2085481) + +* Wed May 11 2022 Adam Williamson - 251~rc2-2 +- Backport #23352 to fix RHBZ #2083374 + +* Thu May 5 2022 Zbigniew Jędrzejewski-Szmek - 251~rc2-1 +- New upstream prerelease, for details see + https://raw.githubusercontent.com/systemd/systemd/v251-rc2/NEWS. + +* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-3 +- Do not touch /etc/resolv.conf on upgrades (#2074122) +- Add bugfix patch and revert one patch which might be causing + problems with the compose + +* Mon Apr 4 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 +- Merge libsystemd-core back into individual binaries and drop the + private shared library suffix (this should server as a work-around + for rhbz#2071069) + +* Tue Mar 29 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-1 +- First release candidate in the new cycle +- Fixes rhbz#1449751, rhbz#1906010 + +* Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.4-2 +- Fix the wrong file assignment done in previous version + +* Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.4-1 +- Move libcryptsetup plugins to -udev (#2031873) +- Move systemd-cryptenroll to -udev (David Tardon) +- Disable default DNS over TLS (#1889901) (Michael Catanzaro) * Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 - Avoid trying to create the symlink if there's a dangling symlink already in place (#2058388) -* Thu Feb 24 2022 Daan De Meyer - 249-2.13 -- Move to dist-git layout used by Fedora (no more SOURCES/ and SPECS/) -- Switch to .gitignore from commit 46a40810 from the Fedora RPM repo -- Add back removed files from commit 46a40810 from the Fedora RPM repo - * Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 - Move part of %%post scriptlet for resolved to %%posttrans (#2018913) - Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing @@ -1128,10 +1082,6 @@ fi - Add pam_namespace to systemd-user pam config (rhbz#2053098) - Drop 20-grubby.install plugin for kernel-install (rhbz#2033646) -* Wed Feb 09 2022 Anita Zhang - 249.4-2.12 -- Backport PR #20695: Sync if_arp.h with Linux 5.14 -- FB-only backport PR #22426: MemoryZSwapMax= to configure memory.zswap.max - * Sat Jan 22 2022 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild @@ -1197,16 +1147,6 @@ fi see https://raw.githubusercontent.com/systemd/systemd/v250-rc1/NEWS for details. -* Tue Nov 30 2021 Anita Zhang - 249.4-2.11 -- Backport PR #21241: fix bpf-foreign cgroup controller realization - -* Tue Nov 30 2021 Anita Zhang - 249.4-2.10 -- Re-enable fdisk and repart since util-linux-2.32.1-26 in C8s has the fix - it needs for tests to pass. - -* Wed Nov 24 2021 Davide Cavalca - 249.4-2.9 -- Disable legacy iptables support - * Fri Nov 19 2021 Davide Cavalca - 249.7-3 - Disable legacy iptables support @@ -1221,16 +1161,9 @@ fi * Sun Nov 14 2021 Petr Menšík - 249.7-1 - Switch /etc/resolv.conf over to NM when systemd-resolved is uninstalled -* Thu Nov 11 2021 Anita Zhang - 249.4-2.8 -- Remove revert_d219a2b07cc5dc8ffd5010f08561fab2780d8616.patch and replace with - proper fix (PR #21221) - * Wed Nov 10 2021 Kir Kolyshkin - 249.7-1 - Fix scope activation from a user instance (#2022041) -* Wed Nov 10 2021 Anita Zhang - 249.4-2.7 -- Add meson >= 0.57 for el8 builds. This version uses python 3.8. - * Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 - Fix helper to restart user units with older systemd (#2020415) @@ -1243,9 +1176,6 @@ fi * Fri Oct 29 2021 Adam Williamson - 249.5-2 - Backport PR #133 to fix boot -* Wed Oct 20 2021 Anita Zhang - 249.4-2.6 -- Revert d219a2b because it creates non-determinisitic Slice= assignments - * Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 - Latest bugfix release (various fixes in systemd-networkd, -timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, @@ -1253,30 +1183,6 @@ fi -documentation, sd-event, sd-journal, journalctl, and nss-systemd). - Fixes #1976445. -* Mon Oct 11 2021 Anita Zhang - 249.4-2.5 -- Remove duplicate Address= properties in network configs (part of PR #20892) -- Serialize bpf device programs across reloads/reexecs (PR #20978) -- Don't rewrite sysctls that are already set (PR #20676) - -* Wed Oct 06 2021 Davide Cavalca - 249.4-2.4 -- Drop qrencode-devel from BuildRequires as it's not actually used - -* Wed Sep 29 2021 Anita Zhang - 249.4-2.3 -- Fix to allow verifying hidden (dot) files again (PR #20875) - -* Fri Sep 24 2021 Anita Zhang - 249.4-2.2 -- Backport more feature support for systemd-networkd - (#20450, #20541, #20729, #20828) - -* Wed Sep 22 2021 Anita Zhang - 249.4-2.1 -- Sync changes from Fedora -- Backport one more feature for systemd-networkd (#20489) - -* Mon Sep 20 2021 Anita Zhang - 249.4-1.1 -- New stable point release -- Backport optimization for read_virtual_file() (#20743) -- Backport new features for systemd-networkd (#20743, #20472, #20477, #20484) - * Tue Sep 14 2021 Sahana Prasad - Rebuilt with OpenSSL 3.0.0 @@ -1291,19 +1197,6 @@ fi other minor fixes. - systemctl set-property accepts glob patterns now (#1986258) -* Thu Jul 29 2021 Anita Zhang - 249.2-1.2 -- Remove Obsoletes lines on systemd-resolved and systemd-networkd since we don't - want to install these by default. - -* Wed Jul 28 2021 Anita Zhang - 249.2-1.1 -- New release for 249 -- Drop merged patches -- Split networkd and resolved into their own subpackages. - -* Tue Jul 27 2021 Davide Cavalca - 248.5-1.3 -- Add missing SELinux rules for the GNOME and KDE LiveDVD spins - (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/7) - * Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 - Latest bugfix release (a minor hwdb regression bugfix, and correction to kernel commandline handling when reexecuting PID 1 in a container) @@ -1312,25 +1205,12 @@ fi - Build with -Ddefault-dns-over-tls=opportunistic (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) -* Wed Jul 21 2021 Davide Cavalca - 248.5-1.2 -- Add missing SELinux rules for 248 - (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1) - -* Wed Jul 21 2021 Anita Zhang - 248.5-1.1 -- Update to systemd-stable 248.5 (includes fix for CVE-2021-33910) - -* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 248.5-1 +* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 249.1-1 - Various minor documentation and correctness fixes. - CVE-2021-33910, #1984020: an unchecked stack allocation could be used to crash systemd and cause the system to reboot by creating a very long fuse mountpoint path. -* Mon Jul 12 2021 Zbigniew Jędrzejewski-Szmek - 248.4-1 -- Assorted fixes (some systemd-resolved crashes, invalid - systemd-tmpfiles assertion, etc.) -- systemd-networkd workaround for TALOS-2020-1142, CVE-2020-13529. -- A big update of hardware descriptions. - * Wed Jul 7 2021 Neal Gompa - 249-2 - Use correct NEWS URLs for systemd 249 releases in changelog entries @@ -1359,29 +1239,10 @@ fi - Move systemd-resolved into systemd-resolved subpackage (#1923727) [patch from Petr Menšík] -* Mon Jun 14 2021 Anita Zhang - 248.2-1.5 -- Remove backport PR #19811 since it's still buggy -- Remove d586f642fd90e3bb378f7b6d3e3a64a753e51756 to fix rate limiting instead - (at least until sd-event rate limiting is fixed in 249). - -* Thu Jun 10 2021 Anita Zhang - 248.2-1.4 -- Backport PR #19811 to fix issues with mount sd-event rate limiting - -* Wed May 19 2021 Davide Cavalca - 248.2-1.3 -- Add BuildRequires for python-jinja2 in preparation for 249 (see PR#19630) - -* Mon May 17 2021 Davide Cavalca - 248.2-1.2 -- Add systemd-oomd-defaults subpackage from Fedora - * Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 - A fix for resolved crashes (#1946386, #1960227, #1950241) - Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. -* Mon May 10 2021 Anita Zhang - 248.2-1.1 -- New release for 248 -- Drop patches merged in 248.2 -- FB only backport PR #13496 (Extend bpf cgroup program support) - * Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 - Pull in some more patches from upstream (#1944646, #1885090, #1941340) - Adjust modes of some %%ghost files (#1956059) @@ -1391,23 +1252,9 @@ fi (#1955475, #911766, #1958167, #1952919) - Enable tpm2-tss dependency (#1949505) -* Wed Apr 14 2021 Anita Zhang - 247.3-10 -- Remove systemd-resolved enablement - -* Wed Apr 7 2021 Davide Cavalca - 247.3-9 -- Reenable LTO now that binutils has been fixed -- Update FB configure options - -* Tue Apr 6 2021 Adam Williamson - 248-2 +* Tue Apr 06 2021 Adam Williamson - 248-2 - Re-enable resolved caching, we hope all major bugs are resolved now -* Thu Apr 1 2021 Davide Cavalca - 247.3-8 -- Backport https://github.com/SELinuxProject/refpolicy/pull/308 to fix - systemd-hostnamed and systemd-localed when SELinux is enabled. - -* Thu Apr 1 2021 Anita Zhang - 247.3-7 -- Downgrade sysv-generator warning even more (to debug) - * Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 - Latest upstream release, see https://github.com/systemd/systemd/blob/v248/NEWS. @@ -1415,13 +1262,6 @@ fi A fix to how systemd-oomd selects a candidate to kill, and more debug logging to make this more transparent. -* Wed Mar 31 2021 Anita Zhang - 247.3-6 -- Backport PR#18621 (Ignore attempts at hidepid and subset for older kernels) -- Downgrade sysv-generator warning about missing native systemd unit - -* Wed Mar 31 2021 Davide Cavalca - 247.3-5 -- Add selinux subpackage - * Tue Mar 30 2021 Anita Zhang - 248~rc4-6 - Increase oomd user memory pressure limit to 50% (#1941170) @@ -1450,11 +1290,6 @@ fi https://github.com/systemd/systemd/blob/v248-rc4/NEWS. - A bunch of documentation updates, and correctness fixes. -* Wed Mar 17 2021 Anita Zhang - 247.3-4 -- Backport PR #18955 (Fixes fstab parsing) -- FB only backport PR #18886 (systemd-shutdown logs to /dev/console not stderr) -- Reenable tests by disabling LTO (work around binutils bug) - * Tue Mar 16 2021 Adam Williamson - 248~rc3-2 - Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) @@ -1474,9 +1309,6 @@ fi * Mon Mar 01 2021 Josh Boyer - 248~rc2-2 - Don't set the fallback hostname to Fedora on non-Fedora OSes -* Wed Feb 24 2021 Davide Cavalca - 247.3-3 -- Remove careinversion usage to make the package usable on older mock versions - * Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 - Latest upstream prelease, just a bunch of small fixes. - Fixes #1931957. @@ -1484,28 +1316,17 @@ fi * Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 - Rebuild with the newest scriptlets -* Fri Feb 19 2021 Davide Cavalca - 247.3-2 -- Disable some tests to workaround a binutils bug triggered by enabling audit -- Refresh patches +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc1/NEWS. +- Fixes #1614751 by only restarting services at the end of transcation. + Various packages need to be rebuilt to have the updated macros. +- Fixes #1879028, though probably not completely. +- Fixes #1925805, #1928235. * Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 - Increase oomd user memory pressure limit to 10% (#1929856) -* Wed Feb 17 2021 Anita Zhang - 247.3-1 -- New release for 247 -- Backport PR #18211 (Fixes ExecCondition= dependency bug) -- Backport PR #17872 (Fixes PrivateUsers=yes with other sandboxing properties) -- FB only backport PR #17495 (Fixes BPF pinning post-coldplug) -- Reenable audit support - -* Sun Feb 7 2021 Davide Cavalca - 246.1-2 -- Initial Hyperscale SIG package -- Update release to use %%dist macro -- Drop el7 logic -- Explicitly default non-FB built to the legacy hierarchy -- Drop no longer needed FB FusionIO patch -- Temporarily disable audit support while debugging a link issue - * Fri Feb 5 2021 Anita Zhang - 247.3-2 - Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. - Backports consist primarily of PR #18361, #18444, and #18401 (plus some @@ -1520,9 +1341,6 @@ fi * Wed Jan 27 2021 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Mon Jan 25 2021 Anita Zhang - 246.1-1.fb6 -- Backport PR #16803 to fix ConditionEnvironment= - * Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 - Fix bfq patch again (#1813219) @@ -1538,7 +1356,7 @@ fi * Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 - Rebuild with fallback hostname change reverted. -* Fri Dec 4 2020 Bastien Nocera - 247.1-2 +* Fri Dec 04 2020 Bastien Nocera - 247.1-2 - Unset fallback-hostname as plenty of applications expected localhost to mean "default hostname" without ever standardising it (#1892235) @@ -1553,14 +1371,6 @@ fi - Update to the latest version - #1900878 should be fixed -* Thu Nov 19 2020 Chris Down - 246.1-1.fb5 -- Updated version of PR #17495 to fix program leak - -* Thu Nov 19 2020 Chris Down - 246.1-1.fb4 -- Backport PR #17495 to fix BPF program lifecycle -- Backport PR #17422 to clean up cgroups more reliably after exit -- Backport PR #17497 to add FixedRandomDelay= support - * Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 - New upstream pre-release. See https://github.com/systemd/systemd/blob/v247-rc1/NEWS. @@ -1595,12 +1405,6 @@ fi fstab-generator, documentation) (#1876905) - Do not fail in test because of kernel bug (#1803070) -* Fri Sep 18 2020 Anita Zhang - 246.1-1.fb3 -- Backport PR #16838 and #16857 to improve $PATH handling -- Backport PR #16940 to fix ECONN handling in sockets -- Backport PR #17031 to fix rate limiting on units in restart loop -- Backport PR #17082 to get nspawn TTY tweaks - * Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 - Update to latest stable release (a bunch of small network-related fixes in systemd-networkd and socket handling, documentation updates, @@ -1623,15 +1427,10 @@ fi fixes, relax handling of various error conditions, other fixlets for bugs without bugzilla numbers). -* Tue Aug 18 2020 Anita Zhang - 246.1-1.fb2 -- Gate "Obsoletes: systemd < 245.6-1" out due to dependency issues on Facebook - systems - -* Mon Aug 17 2020 Anita Zhang - 246.1-1.fb1 -- Facebook rebuild -- Don't compile in systemd-repart (needs libfdisk >= 2.33 and C8 has 2.32) -- Remove unused systemd-journal-remote.xml and systemd-journal-gatewayd.xml - files since we never used firewalld +* Mon Aug 17 2020 Zbigniew Jędrzejewski-Szmek - 246.2-1 +- A few minor bugfixes +- Adjust seccomp filter for kernel 5.8 and glibc 2.32 (#1869030) +- Create /etc/resolv.conf symlink on upgrade (#1867865) * Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 - A few minor bugfixes @@ -1673,13 +1472,6 @@ fi - Set fallback-hostname to fedora so that unset hostnames are still recognisable (#1392925) -* Fri Jun 5 2020 Anita Zhang - 245.5-2.fb3 -- Backport 156a5fd to mitigate CVE-2020-13776 - -* Thu Jun 4 2020 Anita Zhang - 245.5-2.fb2 -- Revert c7d26ac which is causing SMI count to go up leading to increased - microstalls during Chef runs - * Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 - Add self-obsoletes to fix upgrades from F31 @@ -1687,11 +1479,6 @@ fi - Update to latest stable version (some documentation updates, minor memory correctness issues) (#1815605, #1827467, #1842067) -* Thu Apr 30 2020 Anita Zhang - 245.5-2.fb1 -- Facebook rebuild -- Don't compile in systemd-homed, systemd-userdb, and p11kit -- Backport PR #15544 and #15551 (drops FB rlimit_memlock patch) - * Tue Apr 21 2020 Björn Esser - 245.5-2 - Add explicit BuildRequires: acl - Bootstrapping for json-c SONAME bump @@ -1711,9 +1498,6 @@ fi * Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 - Update to latest stable version (a few bug fixes for random things) (#1798776) -* Wed Mar 18 2020 Andrew Gallagher - 244-2.fb4 -- Bump HIGH_RLIMIT_MEMLOCK to 512M - * Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 - Update to latest version (#1807485) @@ -1738,9 +1522,6 @@ fi systemd as PID 1 and check whether we're upgrading before using kill -TERM on PID 1 (#1803240) -* Thu Feb 20 2020 Filipe Brandenburger - 244-2.fb3 -- Only kill -TERM 1 when systemd is actually running. - * Tue Feb 18 2020 Adam Williamson - 245~rc1-3 - Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) @@ -1752,9 +1533,6 @@ fi see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. - Revert patch to udev rules causing regression with usb hubs (#1800820). -* Thu Feb 6 2020 Anita Zhang - 244-2.fb2 -- Backport PR#14815 (Permissive syscall filtering in dbus-execute) - * Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 - New upstream release, see https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. @@ -1773,11 +1551,6 @@ fi * Fri Jan 31 2020 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -* Thu Jan 9 2020 Anita Zhang - 244-2.fb1 -- Facebook rebuild -- Backport PR#13823 (PrivateUsers=true for unprivileged user managers) -- Backport PR#14441 (Fix type.d drop-in ordering) - * Sat Dec 21 2019 - 244.1-2 - Disable service watchdogs (for systemd units) @@ -1808,11 +1581,6 @@ fi - Fix regression with crypttab keys with colons - Various memleaks and minor memory access issues, warning adjustments -* Thu Oct 31 2019 Davide Cavalca - 243-2.fb3 -- Backport PR#13754 (allow restart for oneshot units) -- Misc specfiles fixes to support building on el8 as well -- Default el8 builds to the unified hierarchy - * Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 - Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) @@ -1820,15 +1588,6 @@ fi - Various minor documentation and error message cleanups - Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) -* Wed Oct 2 2019 Davide Cavalca - 243-2.fb2 -- Backport PR#13689 (a bunch of protection-related fixes) - -* Fri Sep 27 2019 Davide Cavalca - 243-2.fb1 -- Facebook rebuild -- drop "use bfq as the default scheduler" patch -- backport PR#13369 (ExecXYZEx= bus hook ups) -- disable udev-test.pl for now due to flakiness - * Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 - Backport a bunch of patches (memory access issues, improvements to error reporting and handling in networkd, some misleading man page contents #1751363) @@ -1862,11 +1621,6 @@ fi * Wed Aug 07 2019 Adam Williamson - 243~rc1-2 - Backport PR #1737362 so we own /etc/systemd/system again (#1737362) -* Wed Aug 7 2019 Anita Zhang - 242-2.fb4 -- Backport PR#12933 (core: ExecCondition= for services) -- Backport PR#13096 (Preparatory work for the unit loading rework) -- Backport PR#13119 (Rework unit loading to take into account all aliases) - * Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 - Update to latest version (#1715699, #1696373, #1711065, #1718192) @@ -1878,21 +1632,12 @@ fi - A bunch of backported patches from upstream: documentation, memory access fixups, command output tweaks (#1708996) -* Thu Jul 18 2019 Anita Zhang - 242-2.fb3 -- Backport PR#12346 (make sure accept_flush() doesn't hang on EOPNOTSUPP) -- Backport PR#12979 (add SystemCallErrorNumber=EPERM to systemd-portabled.service) - * Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 - Rebuilt (libqrencode.so.4) * Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 - Rebuilt for iptables update (libip4tc.so.2) -* Thu Jun 20 2019 Anita Zhang - 242-2.fb2 -- Backport PR#11778 (ExecStartXYZEx= dbus support) -- Backport PR#12729 (nspawn: don't hard fail when setting capabilities) -- Backport PR#12745 (IPAddressXYZ="any" for users with CAP_NET_ADMIN) - * Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 - Add symbol to mark vtable format changes (anything using sd_add_object_vtable or sd_add_fallback_vtable needs to be rebuilt) @@ -1901,10 +1646,6 @@ fi - Fix handling of RUN keys in udevd - Some documentation and shell completion updates and minor fixes -* Thu Apr 25 2019 Davide Cavalca - 242-2.fb1 -- Facebook rebuild -- Backport PR#12336 (support DisableControllers= for transient units) - * Tue Apr 16 2019 Adam Williamson - 242-2 - Rebuild with Meson fix for #1699099 @@ -1929,21 +1670,9 @@ fi various bash completion improvements (#1183769), memory leaks and such (#1685286). -* Fri Mar 22 2019 Davide Cavalca - 241-1.fb2 -- Backport PR#11754 (sd-bus fixes for CVE-2019-6454) -- Backport PR#12078 (nspawn fix) - * Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 - Declare hyperv and framebuffer devices master-of-seat again (#1683197) -* Wed Feb 27 2019 Davide Cavalca - 241-1.fb1 -- Facebook rebuild -- Rebase fio udev patch (this will likely be dropped in the next release) -- Drop the mock testing patches, not needed anymore -- Ignore errors for Python bytecompiling due to run-unit-tests.py -- Fix the run-unit-tests.py shebang to use python36 -- Backport PR#11831 (missing include) and PR#11836 (test-chown-rec fix) - * Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 - Prevent buffer overread in systemd-udevd - Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) @@ -1994,12 +1723,6 @@ fi - Fixes for misleading bugs in documentation - net.ipv4.conf.all.rp_filter is changed from 1 to 2 -* Mon Dec 10 2018 Davide Cavalca - 239-1.fb6 -- Backport PR#10411 and PR#10493 (systemd-analyze timespan command) -- Rebase our PR#10507 and PR#10567 backports onto the version merged upstream -- Backport PR#10757 (cgroup2 BPF devices fixes) -- Backport PR#10876 (cgroup_subtree_mask propagation fix) - * Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek - Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf (see https://github.com/pbrezina/authselect/issues/77) @@ -2018,10 +1741,6 @@ fi * Mon Nov 5 2018 Yu Watanabe - Set proper attributes to private directories -* Fri Nov 2 2018 Davide Cavalca - 239-1.fb5 -- Backport PR#10507 (don't require CPU controller for CPU accounting) -- Backport PR#10567 (DisableControllers= directive) - * Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 - Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) @@ -2061,13 +1780,6 @@ fi - If suspend fails, the post-suspend hooks are still called. - Various build issues on less-common architectures are fixed -* Fri Oct 12 2018 Davide Cavalca - 239-1.fb4 -- Backport PR#10062 (cgroup2 BPF device controller support) -- Backport PR#10203, PR#10363 (tests fixes for supplementary groups) -- Backport PR#10368 (%g, %G specifiers support) -- Add hostname to BuildRequires (it's needed by test-execute) -- Reenable test-execute now that it's finally working - * Wed Oct 3 2018 Jan Synáček - 239-5 - Fix meson using -Ddebug, which results in FTBFS - Fix line_begins() to accept word matching full string (#1631840) @@ -2075,9 +1787,6 @@ fi * Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 - Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) -* Fri Aug 24 2018 Davide Cavalca - 239-1.fb3 -- backport new version of guro's cgroup2 BPF device controller patch - * Wed Jul 18 2018 Terje Rosten - 239-3 - Ignore return value from systemd-binfmt in scriptlet (#1565425) @@ -2087,19 +1796,9 @@ fi * Sat Jul 14 2018 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -* Wed Jul 4 2018 Davide Cavalca - 239-1.fb2 -- backport PR#9460 (followup to PR#9410) -- backport PR#9500 (support for StandardOutput=append:) -- revert c58fd46 (part of PR#8403) to workaround a FB-specific build issue - * Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek - Rebuild for Python 3.7 again -* Mon Jun 25 2018 Davide Cavalca - 239-1.fb1 -- Facebook rebuild -- backport PR#9244 and PR#9247 (new cgroup2 features) -- backport PR#9410 (gnutls detection, fix for #9403) - * Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 - Update to latest version, mostly bug fixes and new functionality, very little breaking changes. See @@ -2108,14 +1807,6 @@ fi * Tue Jun 19 2018 Miro Hrončok - Rebuilt for Python 3.7 -* Thu May 31 2018 Davide Cavalca - 238-7.fb3 -- Update cgroup2 BPF device controller patches -- Backport PR#9148 to mitigate pid watching issue on git - -* Tue May 15 2018 Davide Cavalca - 238-7.fb2 -- Backport htejun's io.latency patch -- Backport guro's cgroup2 BPF device controller patch - * Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 - Backport a number of patches (documentation, hwdb updates) - Fixes for tmpfiles 'e' entries @@ -2126,10 +1817,6 @@ fi * Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 - Allow fake Delegate= setting on slices (#1568594) -* Thu Apr 5 2018 Davide Cavalca - 238-7.fb1 -- Facebook rebuild -- Reenable tests (except test-execute which is still broken) - * Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 - Move udev transfiletriggers to the right package, fix quoting @@ -2159,18 +1846,12 @@ fi * Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 - Add patch to install kernel images for GRUB BootLoaderSpec support -* Mon Feb 26 2018 Davide Cavalca - 237-1.fb3 -- Backport PR#8115 to properly fix GH#8194 - * Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 - Create /etc/systemd in %%post libs if necessary (#1548607) * Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 - Use : not touch to create file in -libs %%post -* Thu Feb 22 2018 Davide Cavalca - 237-1.fb2 -- Add workaround for an issue with systemd-nspawn -u affecting mock (GH#8194) - * Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 - Add coreutils dep for systemd-libs %%post - Add patch to typecast USB IDs to avoid compile failure @@ -2188,16 +1869,6 @@ fi - /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody or nobody users are defined (#1537262) -* Mon Feb 12 2018 Davide Cavalca - 237-1.fb1 -- Facebook rebuild -- Backport configurable docdir patch from master (PR#8068) -- Ensure split-files.py is run with python36 -- Set nfs/nfsnobody as nobody users -- Add pcre2-devel dependecy for journalctl --grep -- Disable tests for now as they're failing randomly when building in mock -- Use 10485760 as container base for Facebook to avoid conflicting with LDAP -- Backport PID file symlink chain checks fix from master (PR#8133) - * Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 - Update to first stable snapshot (various minor memory leaks and misaccesses, some documentation bugs, build fixes). @@ -2233,9 +1904,6 @@ fi * Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 - Patches for cryptsetup _netdev -* Mon Oct 9 2017 Davide Cavalca - 235-1.fb1 -- Facebook rebuild - * Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 - Update to latest version @@ -2248,16 +1916,6 @@ fi * Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 - Bump xslt recursion limit for libxslt-1.30 -* Mon Sep 18 2017 Davide Cavalca - 234-5.fb2 -- backport build fix for O_TMPFILE from PR#6816 - -* Tue Aug 8 2017 Davide Cavalca - 234-5.fb1 -- new upstream release -- drop compat-libs patch in favor of separate systemd-compat-libs project -- force locale to UTF-8 to make meson happy -- disable broken test-execute -- backport nsdelegate support from PR#6294 - * Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 - Backport more patches (#1476005, hopefully #1462378) @@ -2281,9 +1939,6 @@ fi * Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 - Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) -* Sat Jun 17 2017 Peter Blair - 233-2.fb2 -- Apply patch from CVE-2017-9445 - * Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 - Update to snapshot version, build with meson @@ -2295,26 +1950,10 @@ fi - Drop soft-static uid for systemd-journal-gateway - Use ID from /etc/os-release as ntpvendor -* Thu Apr 13 2017 Davide Cavalca - 233-2.fb1 -- New upstream release -- disable a couple of broken tests -- default to legacy hierarchy for now - -* Wed Apr 12 2017 Davide Cavalca - 231-11.fb2 -- fix lz4 depends to pick the right package - -* Mon Apr 3 2017 Davide Cavalca - 231-11.fb1 -- use facebook macro to gate Facebook-specific settings -- rebuild against new RPM backport -- update patches - * Thu Mar 16 2017 Michal Sekletar - 233-3 - Backport bugfixes from upstream - Don't return error when machinectl couldn't figure out container IP addresses (#1419501) -* Tue Mar 14 2017 Patrick White - 231-2.fb4 -- add poettering patch to fix hitting an assert (PR#4447) - * Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 - Fix installation conflict with polkit @@ -2415,29 +2054,9 @@ fi - Fix issue with daemon-reload messing up graphics (#1367766) - A few other bugfixes -* Wed Aug 10 2016 Davide Cavalca - 231-2.fb3 -- add mpawlowski root filesystem namespace patch for #12621017 -- add htejun patch for cgroup2 cpu controller (PR#3905) -- update htejun logind patch from PR#3835 - * Wed Aug 03 2016 Adam Williamson - 231-3 - Revert preset-all change, it broke stuff (#1363858) -* Thu Jul 28 2016 Davide Cavalca - 231-2.fb2 -- add /dev/fio patch from bwann for GH#3718 -- import PR#3821 updates and rebase patches on github -- add htejun logind patch for UserTasksMax (#12460186, PR#3835) - -* Wed Jul 27 2016 Davide Cavalca - 231-2.fb1 -- Facebook rebuild -- Fix test failures in mock (#7950934, PR#3821) -- drop fsck on root patch now that we have the new dracut (see PR#3822) -- Rework LTO disable patch to be conditional (#11565880, PR#3823) -- update compat-libs and rebase onto public branch - (https://github.com/davide125/systemd/tree/compat-libs) -- add back python support now that we have python34-lxml -- add back xkbcommon support as it's available in rolling os updates - * Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 - Call preset-all on initial installation (#1118740) - Fix botched Recommends for libxkbcommon @@ -2445,9 +2064,6 @@ fi * Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 - Update to latest version -* Tue Jul 19 2016 Davide Cavalca - 230-2.fb2 -- fix fsck for root filesystem on firstboot after install (#11352467) - * Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 - Update to latest git snapshot (fixes for systemctl set-default, polkit lingering policy, reversal of the framebuffer rules, @@ -2457,11 +2073,6 @@ fi might not work, but I think that existing functionality should not be broken, so it seems worthwile to update to the snapshot. -* Thu May 26 2016 Davide Cavalca - 230-2.fb1 -- Facebook rebuild -- backport htejun PRs for cgroup2 (#3337, #3329, #3315, #3417, #3418) -- add back compat-libs - * Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 - Remove systemd-compat-libs on upgrade @@ -2471,15 +2082,6 @@ fi - Require libxkbcommon explictly, since the automatic dependency will not be generated anymore -* Thu May 12 2016 Tejun Heo - 229-1.fb6 -- backport https://github.com/systemd/systemd/pull/3246 to fix slice overrides - -* Mon May 09 2016 Davide Cavalca - 229-1.fb5 -- update Tejun Heo patches for cgroup2 io controller support - -* Fri Apr 29 2016 Davide Cavalca - 229-1.fb4 -- add Tejun Heo test patch for cgroup2 IO controllers support (#10638181) - * Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 - Remove duplicated entries in -container %%files (#1330395) @@ -2498,9 +2100,6 @@ fi * Mon Apr 18 2016 Harald Hoyer - 229-10 - move device dependant stuff to the udev subpackage -* Thu Mar 24 2016 Davide Cavalca - 229-1.fb3 -- add Tejun Heo patches for cgroups v2 support (#10268183) - * Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 - Add myhostname to /etc/nsswitch.conf (#1318303) @@ -2521,9 +2120,6 @@ Resolves: rhbz#1299019 - Split out system-udev subpackage - Add various bugfix patches, incl. a tentative fix for #1308771 -* Wed Mar 02 2016 Davide Cavalca - 229-1.fb2 -- revert RPM trigger macros for #10119506 - * Tue Mar 1 2016 Peter Robinson 229-4 - Power64 and s390(x) now have libseccomp support - aarch64 has gnu-efi @@ -2537,10 +2133,6 @@ Resolves: rhbz#1299019 - this causes the dtb files to not get installed at all and the fdtdir - line in extlinux.conf to not get updated correctly -* Tue Feb 16 2016 Davide Cavalca - 229-1.fb1 -- Facebook rebuilt -- disable LTO to fix a build segfault with LTO - * Thu Feb 11 2016 Michal Sekletar - 229-1 - New upstream release @@ -2572,11 +2164,6 @@ Resolves: rhbz#1299019 properly installed), mixed with some new resolved features. - Rework file triggers so that they always run before daemons are restarted -* Mon Nov 23 2015 Davide Cavalca - 228-3.fb1 -- Facebook rebuilt -- disable test-namespace -- revert rpm file triggers as they don't work on el7 - * Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 - Enable rpm file triggers for daemon-reload @@ -2606,11 +2193,6 @@ Resolves: rhbz#1299019 * Tue Nov 03 2015 Michal Schmidt - 227-2 - Rebuild for libmicrohttpd soname bump. -* Fri Oct 09 2015 Davide Cavalca - 227-1.fb1 -- disable tests broken on centos6 -- fix build with centos7 curl -- kernel-install: add fedora specific callouts to new-kernel-pkg - * Wed Oct 7 2015 Kay Sievers - 227-1 - New upstream release diff --git a/systemd_hs.if b/systemd_hs.if deleted file mode 100644 index 6695e0e..0000000 --- a/systemd_hs.if +++ /dev/null @@ -1,20 +0,0 @@ -######################################## -## -## Allows the caller to use the SELinux status page. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`selinux_use_status_page',` - gen_require(` - type security_t; - ') - - dev_search_sysfs($1) - allow $1 security_t:dir list_dir_perms; - allow $1 security_t:file mmap_read_file_perms; -') diff --git a/systemd_hs.te b/systemd_hs.te deleted file mode 100644 index ce80487..0000000 --- a/systemd_hs.te +++ /dev/null @@ -1,68 +0,0 @@ -policy_module(systemd_hs,0.0.1) - -# systemd overrides for 247 -gen_require(` - type avahi_t; - type cgroup_t; - type init_t; - type init_var_run_t; - type initrc_t; - class dbus send_msg; - type install_t; - type kmsg_device_t; - type policykit_auth_t; - type policykit_t; - type proc_kmsg_t; - type rpm_t; - type system_dbusd_t; - type system_dbusd_var_run_t; - type systemd_hostnamed_t; - type systemd_localed_t; - type systemd_logind_t; - type systemd_machined_t; - type systemd_resolved_t; - type systemd_tmpfiles_t; - type security_t; - type sssd_t; - type syslogd_t; - type udev_var_run_t; - type user_tmp_t; - type useradd_t; - type xdm_t; -') - -allow avahi_t init_var_run_t:dir read; -allow init_t kmsg_device_t:chr_file mounton; -allow init_t proc_kmsg_t:file { getattr mounton }; -allow init_t system_dbusd_var_run_t:sock_file read; -allow init_t systemd_machined_t:unix_stream_socket connectto; -allow policykit_auth_t init_var_run_t:dir read; -allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto; -allow policykit_t systemd_machined_t:unix_stream_socket connectto; -allow sssd_t cgroup_t:filesystem getattr; -allow syslogd_t user_tmp_t:lnk_file read; -allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto; -allow systemd_hostnamed_t init_var_run_t:dir write; -allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read }; -allow systemd_hostnamed_t initrc_t:dbus send_msg; -allow systemd_hostnamed_t install_t:dbus send_msg; -allow systemd_hostnamed_t udev_var_run_t:file getattr; -allow systemd_hostnamed_t udev_var_run_t:file open; -allow systemd_hostnamed_t udev_var_run_t:file read; -allow systemd_logind_t self:netlink_selinux_socket bind; -allow systemd_logind_t self:netlink_selinux_socket create; -allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto; -allow systemd_logind_t user_tmp_t:chr_file unlink; -allow systemd_machined_t init_var_run_t:sock_file create; -allow sssd_t cgroup_t:dir search; -allow sssd_t cgroup_t:filesystem getattr; -allow useradd_t init_var_run_t:dir read; -allow xdm_t systemd_machined_t:unix_stream_socket connectto; - -selinux_use_status_page(init_t) -selinux_use_status_page(rpm_t) -selinux_use_status_page(systemd_hostnamed_t) -selinux_use_status_page(systemd_localed_t) -selinux_use_status_page(systemd_logind_t) -selinux_use_status_page(systemd_resolved_t) -selinux_use_status_page(systemd_tmpfiles_t) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index fd9938d..95a0938 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -19,15 +19,15 @@ user() { if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : EOF else cat </dev/null ; then - if ! getent passwd '$uid' >/dev/null ; then - useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' +if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : else - useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : fi fi @@ -40,11 +40,11 @@ group() { gid="$2" if [ "$gid" = '-' ]; then cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' + getent group '$group' >/dev/null || groupadd -r '$group' || : EOF else cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : EOF fi } diff --git a/triggers.systemd b/triggers.systemd index 5929035..719789b 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -55,23 +55,17 @@ fi # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. -if test -d "/run/systemd/system"; then - systemd-sysusers || : -fi +systemd-sysusers || : %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. -if test -d "/run/systemd/system"; then - systemd-hwdb update || : -fi +systemd-hwdb update || : %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. -if test -d "/run/systemd/system"; then - journalctl --update-catalog || : -fi +journalctl --update-catalog || : %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d # This script will automatically apply binfmt rules if files have been diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index d0e6762..2eb1229 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -1,4 +1,4 @@ -From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001 +From 8a38bc402c8f7c656c7e356c37c432c7b3a8cd6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Aug 2019 15:57:42 +0200 Subject: [PATCH] udev: use bfq as the default scheduler @@ -20,22 +20,21 @@ new file mode 100644 index 0000000000..480b941761 --- /dev/null +++ b/rules.d/60-block-scheduler.rules -@@ -0,0 +1,6 @@ +@@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ENV{DEVTYPE}=="disk", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index ca4445d774..38d6aa6970 100644 +index a582e4e922..d300c382fc 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -3,6 +3,7 @@ - rules = files(''' - 60-autosuspend.rules - 60-block.rules -+ 60-block-scheduler.rules - 60-cdrom_id.rules - 60-drm.rules - 60-evdev.rules +@@ -8,6 +8,7 @@ rules = [ + [files('60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', ++ '60-block-scheduler.rules', + '60-drm.rules', + '60-evdev.rules', + '60-fido-id.rules',