From 38291e13c1dec15618b7d09e4217d10076897cdf Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Aug 20 2024 16:42:34 +0000 Subject: [PATCH 1/10] Disable integration of userdb in sshd --- diff --git a/systemd.spec b/systemd.spec index 63d5c95..8f88804 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif +# Disable sshd_config.d/20-systemd-userdb.conf for now. +# This option may override an existing AuthorizedKeysCommand setting +# (or be ineffective, depending on the order of configuration). +# See https://github.com/systemd/systemd/issues/33648. +rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf +mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} + %find_lang %{name} # Split files in build root into rpms From d38cacfd3af154d18f4ead14db8fb8d3108498ee Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Aug 20 2024 17:18:05 +0000 Subject: [PATCH 2/10] Version 256.5 - Includes the patches for the kernel change with kernel threads in leaf cgroups (https://github.com/systemd/systemd/pull/33885) - Various smaller fixes --- diff --git a/33861.patch b/33861.patch deleted file mode 100644 index b443387..0000000 --- a/33861.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1310492f7a58db4315390db174da65aef699aa91 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 15:41:51 +0200 -Subject: [PATCH] kernel-install: Try some more initrd variants in - 90-loaderentry.install - -On CentOS/Fedora, dracut is configured to write the initrd to -/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well -if no initrds were supplied. ---- - src/kernel-install/90-loaderentry.install.in | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..84f7a4a97fb43 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -205,8 +205,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { - have_initrd=yes - done - -- # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied -- [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" -+ # Try a few variations that are generated by various initrd generators in their kernel-install hooks if -+ # no initrds were supplied. -+ -+ if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then -+ echo "initrd $ENTRY_DIR/initrd" -+ have_initrd=yes -+ fi -+ -+ if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then -+ echo "initrd /initramfs-$KERNEL_VERSION.img" -+ have_initrd=yes -+ fi - : - } >"$LOADER_ENTRY" || { - echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/33864.patch b/33864.patch deleted file mode 100644 index 290af4c..0000000 --- a/33864.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 94a2999f250e3f7579883f5c79815b80398043cd Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 17:13:28 +0200 -Subject: [PATCH] kernel-install: Only read cmdline from /proc/cmdline when not - in container - -If we're running from within a container, we're very likely not going -to want to use the kernel command line from /proc/cmdline, so let's add -a check to see if we're running from a container to decide whether we'll -use the kernel command line from /proc/cmdline. ---- - src/kernel-install/90-loaderentry.install.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..79427684cc5c9 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -79,8 +79,10 @@ elif [ -f /etc/kernel/cmdline ]; then - BOOT_OPTIONS="$(tr -s "$IFS" ' ' Date: Aug 24 2024 15:29:51 +0000 Subject: [PATCH 3/10] Do not require grubby on CentOS Stream 9 This is a fixup for 12d1f050295e2e88235a5478b07eebdbda461ae3. --- diff --git a/systemd.spec b/systemd.spec index 1865706..524109a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -419,8 +419,10 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +%if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so # let's make sure we properly handle that. %if 0%{?rhel} From 28076e6232412aa7138e09aaec8c0a414faa3dce Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Aug 27 2024 13:04:08 +0000 Subject: [PATCH 4/10] Only make python3-pillow Recommends on Fedora python3-pillow is not available in CentOS Stream 9/10 so let's not mark it as Recommends. --- diff --git a/systemd.spec b/systemd.spec index 524109a..2ebce1d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -497,7 +497,9 @@ Requires: python3dist(pefile) Requires: python3dist(zstd) %endif Requires: python3dist(cryptography) +%if 0%{?fedora} Recommends: python3dist(pillow) +%endif # for tests %ifarch riscv64 From 196ec98228ac7ba72652635e29fbdfdf1b88a2a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Aug 28 2024 08:22:26 +0000 Subject: [PATCH 5/10] Drop %upstream conditionalization for patches rpm will imply --noprep when using --build-in-place in rpm 4.20 and we're switching the mkosi rpm builds to use --noprep as well on older rpm versions. This means we don't need to gate out patch applications anymore with the %upstream macro. --- diff --git a/systemd.spec b/systemd.spec index 2ebce1d..0b107ef 100644 --- a/systemd.spec +++ b/systemd.spec @@ -108,7 +108,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -%if %{without upstream} %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -125,7 +124,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -%endif # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch From abb115a9057a0ae7acf8c4dd6d9d79423b89a591 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Aug 28 2024 09:38:58 +0000 Subject: [PATCH 6/10] Do not use patch to modify systemd-user pam config file We still want the Fedora systemd-user pam config when building with --noprep so let's install the pam config file using a regular source instead of patching the one provided by systemd. --- diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch deleted file mode 100644 index df820e2..0000000 --- a/fedora-use-system-auth-in-pam-systemd-user.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH] fedora: use system-auth in pam systemd-user - ---- - src/login/systemd-user.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 8a3c9e0165..74ef5f2552 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -7,7 +7,7 @@ - -account sufficient pam_systemd_home.so - {% endif %} - account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account include system-auth - - {% if HAVE_SELINUX %} - session required pam_selinux.so close -@@ -20,4 +20,4 @@ session required pam_namespace.so - -session optional pam_systemd_home.so - {% endif %} - session optional pam_umask.so silent --session optional pam_systemd.so -+session include system-auth --- -2.41.0 - diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..82dcd32 --- /dev/null +++ b/systemd-user @@ -0,0 +1,14 @@ +# Used by systemd --user instances. + +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +-session optional pam_systemd_home.so +session optional pam_umask.so silent +session include system-auth diff --git a/systemd.spec b/systemd.spec index 0b107ef..456f4f9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -96,6 +96,8 @@ Source24: sysusers.generate-pre.sh Source25: 98-default-mac-none.link +Source26: systemd-user + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -125,9 +127,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# Adjust upstream config to use our shared stack -Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif @@ -1011,6 +1010,8 @@ rm %{buildroot}/usr/lib/sysusers.d/basic.conf rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} +install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} + %find_lang %{name} # Split files in build root into rpms From a67221c3f0d0b81b9b5b3230a71d09044342f1a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Aug 29 2024 09:58:16 +0000 Subject: [PATCH 7/10] Always build ukify package Even on non-uefi architectures, ukify can be used to build UKIs for UEFI images. For example, mkosi can use it to build UKIs on s390x. To enable this use case, let's always build ukify, but with a conditional dependency on systemd-boot only on arches that support UEFI. --- diff --git a/34154.patch b/34154.patch new file mode 100644 index 0000000..acab80c --- /dev/null +++ b/34154.patch @@ -0,0 +1,27 @@ +From e3486e1494ab4bc23df39cae8b4bda6182265408 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 28 Aug 2024 14:08:30 +0200 +Subject: [PATCH] ukify: Skip test on architectures without UEFI + +--- + src/ukify/test/test_ukify.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py +index bbd26c0d42343..a08996cb55cf6 100755 +--- a/src/ukify/test/test_ukify.py ++++ b/src/ukify/test/test_ukify.py +@@ -45,6 +45,13 @@ + sys.path.append(os.path.dirname(__file__) + '/..') + import ukify + ++# Skip if we're running on an architecture that does not use UEFI. ++try: ++ ukify.guess_efi_arch() ++except ValueError as e: ++ print(str(e), file=sys.stderr) ++ sys.exit(77) ++ + build_root = os.getenv('PROJECT_BUILD_ROOT') + try: + slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/split-files.py b/split-files.py index 3f66ada..51400fd 100644 --- a/split-files.py +++ b/split-files.py @@ -260,6 +260,6 @@ for file in files(buildroot): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot'))) + not (no_bootloader and name == 'boot')) ]: sys.exit(1) diff --git a/systemd.spec b/systemd.spec index 456f4f9..614db47 100644 --- a/systemd.spec +++ b/systemd.spec @@ -120,6 +120,9 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +# Make test-ukify skip itself on architectures without UEFI. +Patch0012: https://github.com/systemd/systemd/pull/34154.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch @@ -483,12 +486,16 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} -Requires: systemd-boot +Requires: (systemd-boot if %{shrink:( + filesystem(x86-32) or + filesystem(x86-64) or + filesystem(aarch64) or + filesystem(riscv64) +)}) Requires: python3dist(pefile) %if 0%{?fedora} Requires: python3dist(zstd) @@ -512,6 +519,7 @@ This package provides ukify, a script that combines a kernel image, an initrd, with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). +%if 0%{?want_bootloader} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -826,10 +834,8 @@ CONFIGURE_OPTS=( # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] - -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=enabled ) %if %{without lto} @@ -1265,8 +1271,8 @@ fi %files udev -f .file-list-udev -%if 0%{?want_bootloader} %files ukify -f .file-list-ukify +%if 0%{?want_bootloader} %files boot-unsigned -f .file-list-boot %endif From ce99022f7b7c6b545cdbfac2436e578d41ca3162 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Sep 12 2024 00:00:30 +0000 Subject: [PATCH 8/10] Version 256.6 Bump version and remove already present ukify patch --- diff --git a/34154.patch b/34154.patch deleted file mode 100644 index acab80c..0000000 --- a/34154.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e3486e1494ab4bc23df39cae8b4bda6182265408 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 28 Aug 2024 14:08:30 +0200 -Subject: [PATCH] ukify: Skip test on architectures without UEFI - ---- - src/ukify/test/test_ukify.py | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py -index bbd26c0d42343..a08996cb55cf6 100755 ---- a/src/ukify/test/test_ukify.py -+++ b/src/ukify/test/test_ukify.py -@@ -45,6 +45,13 @@ - sys.path.append(os.path.dirname(__file__) + '/..') - import ukify - -+# Skip if we're running on an architecture that does not use UEFI. -+try: -+ ukify.guess_efi_arch() -+except ValueError as e: -+ print(str(e), file=sys.stderr) -+ sys.exit(77) -+ - build_root = os.getenv('PROJECT_BUILD_ROOT') - try: - slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/sources b/sources index 87067ab..ad04ada 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.5.tar.gz) = 40558194e05a17b218adf3d6df48b738c866855d43d09c1e9381c2c568a44a8f1617b64476736fc7e34416ad9e8d25dc023cf9de090b4ef9079866919377009f +SHA512 (systemd-256.6.tar.gz) = 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc diff --git a/systemd.spec b/systemd.spec index 614db47..2e4c79d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.5} +Version: %{?version_override}%{!?version_override:256.6} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -120,9 +120,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch -# Make test-ukify skip itself on architectures without UEFI. -Patch0012: https://github.com/systemd/systemd/pull/34154.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From cdb273799b4d38ab5fedd1d80497c21a0f40f726 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Sep 12 2024 14:29:16 +0000 Subject: [PATCH 9/10] Merge remote-tracking branch 'fedora/rawhide' into c10s-sig-hyperscale --- diff --git a/33861.patch b/33861.patch deleted file mode 100644 index b443387..0000000 --- a/33861.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1310492f7a58db4315390db174da65aef699aa91 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 15:41:51 +0200 -Subject: [PATCH] kernel-install: Try some more initrd variants in - 90-loaderentry.install - -On CentOS/Fedora, dracut is configured to write the initrd to -/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well -if no initrds were supplied. ---- - src/kernel-install/90-loaderentry.install.in | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..84f7a4a97fb43 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -205,8 +205,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { - have_initrd=yes - done - -- # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied -- [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" -+ # Try a few variations that are generated by various initrd generators in their kernel-install hooks if -+ # no initrds were supplied. -+ -+ if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then -+ echo "initrd $ENTRY_DIR/initrd" -+ have_initrd=yes -+ fi -+ -+ if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then -+ echo "initrd /initramfs-$KERNEL_VERSION.img" -+ have_initrd=yes -+ fi - : - } >"$LOADER_ENTRY" || { - echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/33864.patch b/33864.patch deleted file mode 100644 index 290af4c..0000000 --- a/33864.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 94a2999f250e3f7579883f5c79815b80398043cd Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 17:13:28 +0200 -Subject: [PATCH] kernel-install: Only read cmdline from /proc/cmdline when not - in container - -If we're running from within a container, we're very likely not going -to want to use the kernel command line from /proc/cmdline, so let's add -a check to see if we're running from a container to decide whether we'll -use the kernel command line from /proc/cmdline. ---- - src/kernel-install/90-loaderentry.install.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..79427684cc5c9 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -79,8 +79,10 @@ elif [ -f /etc/kernel/cmdline ]; then - BOOT_OPTIONS="$(tr -s "$IFS" ' ' -Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH] fedora: use system-auth in pam systemd-user - ---- - src/login/systemd-user.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 8a3c9e0165..74ef5f2552 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -7,7 +7,7 @@ - -account sufficient pam_systemd_home.so - {% endif %} - account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account include system-auth - - {% if HAVE_SELINUX %} - session required pam_selinux.so close -@@ -20,4 +20,4 @@ session required pam_namespace.so - -session optional pam_systemd_home.so - {% endif %} - session optional pam_umask.so silent --session optional pam_systemd.so -+session include system-auth --- -2.41.0 - diff --git a/sources b/sources index dca53b1..ad04ada 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.4.tar.gz) = 0357f1b61a07e594aff118dec54bd7233f37b69ccdfa393b91f46f32f08238fa7dd44df70d1df858464c866e114868ae1bec66dc685703d425cbd4c86baddfb8 +SHA512 (systemd-256.6.tar.gz) = 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc diff --git a/split-files.py b/split-files.py index 3f66ada..51400fd 100644 --- a/split-files.py +++ b/split-files.py @@ -260,6 +260,6 @@ for file in files(buildroot): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot'))) + not (no_bootloader and name == 'boot')) ]: sys.exit(1) diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..82dcd32 --- /dev/null +++ b/systemd-user @@ -0,0 +1,14 @@ +# Used by systemd --user instances. + +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +-session optional pam_systemd_home.so +session optional pam_umask.so silent +session include system-auth diff --git a/systemd.spec b/systemd.spec index 0fca0eb..1b5208c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -43,7 +43,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.4} +Version: %{?version_override}%{!?version_override:256.6} Release: %{?release_override}%{!?release_override:1.1}%{?dist} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -92,6 +92,8 @@ Source24: sysusers.generate-pre.sh Source25: 98-default-mac-none.link +Source26: systemd-user + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -104,7 +106,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -%if %{without upstream} %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -115,19 +116,12 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch -Patch0012: https://github.com/systemd/systemd/pull/33861.patch -Patch0013: https://github.com/systemd/systemd/pull/33864.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -%endif - -# Adjust upstream config to use our shared stack -Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 @@ -418,8 +412,10 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +%if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so # let's make sure we properly handle that. %if 0%{?rhel} @@ -483,18 +479,24 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} -Requires: systemd-boot +Requires: (systemd-boot if %{shrink:( + filesystem(x86-32) or + filesystem(x86-64) or + filesystem(aarch64) or + filesystem(riscv64) +)}) Requires: python3dist(pefile) %if 0%{?fedora} Requires: python3dist(zstd) %endif Requires: python3dist(cryptography) +%if 0%{?fedora} Recommends: python3dist(pillow) +%endif # for tests %ifarch riscv64 @@ -510,6 +512,7 @@ This package provides ukify, a script that combines a kernel image, an initrd, with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). +%if 0%{?want_bootloader} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -824,10 +827,8 @@ CONFIGURE_OPTS=( # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] - -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=enabled ) %if 0%{?facebook} @@ -1012,6 +1013,15 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif +# Disable sshd_config.d/20-systemd-userdb.conf for now. +# This option may override an existing AuthorizedKeysCommand setting +# (or be ineffective, depending on the order of configuration). +# See https://github.com/systemd/systemd/issues/33648. +rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf +mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} + +install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} + %find_lang %{name} # Split files in build root into rpms @@ -1269,8 +1279,8 @@ fi %files udev -f .file-list-udev -%if 0%{?want_bootloader} %files ukify -f .file-list-ukify +%if 0%{?want_bootloader} %files boot-unsigned -f .file-list-boot %endif From 15d25fa2870068fc1dd34629e6efeb2fb3cbb565 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Sep 12 2024 14:38:58 +0000 Subject: [PATCH 10/10] Backport support for multiq qdisc #34251 --- diff --git a/34251.patch b/34251.patch new file mode 100644 index 0000000..30dc0f9 --- /dev/null +++ b/34251.patch @@ -0,0 +1,373 @@ +From 3f14557ce01cc9012991a602851b03f0a4205fc2 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 4 Sep 2024 12:19:49 +0200 +Subject: [PATCH 1/2] network: Add support for multiq qdisc + +--- + man/systemd.network.xml | 10 ++++++++++ + src/network/meson.build | 1 + + src/network/networkd-network-gperf.gperf | 2 ++ + src/network/networkd-network.c | 1 + + src/network/tc/multiq.c | 19 +++++++++++++++++++ + src/network/tc/multiq.h | 11 +++++++++++ + src/network/tc/qdisc.c | 1 + + src/network/tc/qdisc.h | 2 ++ + .../test-network/conf/25-qdisc-multiq.network | 12 ++++++++++++ + test/test-network/systemd-networkd-tests.py | 10 ++++++++++ + 10 files changed, 69 insertions(+) + create mode 100644 src/network/tc/multiq.c + create mode 100644 src/network/tc/multiq.h + create mode 100644 test/test-network/conf/25-qdisc-multiq.network + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index 734a4f7c0b21b..cc6a31484f20c 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -6064,6 +6064,16 @@ ServerAddress=192.168.0.1/24 + + + ++ ++ [BandMultiQueueing] Section Options ++ The [BandMultiQueueing] section manages the queueing discipline (qdisc) of Band Multi Queueing (multiq). ++ ++ ++ ++ ++ ++ ++ + + [HeavyHitterFilter] Section Options + The [HeavyHitterFilter] section manages the queueing discipline (qdisc) of Heavy Hitter Filter +diff --git a/src/network/meson.build b/src/network/meson.build +index 275542daa27f5..3edcd48c83e63 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -93,6 +93,7 @@ sources = files( + 'tc/gred.c', + 'tc/hhf.c', + 'tc/htb.c', ++ 'tc/multiq.c', + 'tc/netem.c', + 'tc/pie.c', + 'tc/qdisc.c', +diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf +index 0957eeef6ed8b..95fe0275a9be4 100644 +--- a/src/network/networkd-network-gperf.gperf ++++ b/src/network/networkd-network-gperf.gperf +@@ -552,6 +552,8 @@ HierarchyTokenBucketClass.Rate, config_parse_hierarchy_token_bucket + HierarchyTokenBucketClass.CeilRate, config_parse_hierarchy_token_bucket_class_rate, TCLASS_KIND_HTB, 0 + HierarchyTokenBucketClass.BufferBytes, config_parse_hierarchy_token_bucket_class_size, TCLASS_KIND_HTB, 0 + HierarchyTokenBucketClass.CeilBufferBytes, config_parse_hierarchy_token_bucket_class_size, TCLASS_KIND_HTB, 0 ++BandMultiQueueing.Parent, config_parse_qdisc_parent, QDISC_KIND_MULTIQ, 0 ++BandMultiQueueing.Handle, config_parse_qdisc_handle, QDISC_KIND_MULTIQ, 0 + NetworkEmulator.Parent, config_parse_qdisc_parent, QDISC_KIND_NETEM, 0 + NetworkEmulator.Handle, config_parse_qdisc_handle, QDISC_KIND_NETEM, 0 + NetworkEmulator.DelaySec, config_parse_network_emulator_delay, QDISC_KIND_NETEM, 0 +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index ecd54a3829d49..2c2f8ad939064 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -551,6 +551,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi + "HeavyHitterFilter\0" + "HierarchyTokenBucket\0" + "HierarchyTokenBucketClass\0" ++ "BandMultiQueueing\0" + "NetworkEmulator\0" + "PFIFO\0" + "PFIFOFast\0" +diff --git a/src/network/tc/multiq.c b/src/network/tc/multiq.c +new file mode 100644 +index 0000000000000..c70d8c59061e3 +--- /dev/null ++++ b/src/network/tc/multiq.c +@@ -0,0 +1,19 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include "multiq.h" ++ ++static int multi_queueing_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req) { ++ struct tc_multiq_qopt opt = {}; ++ ++ assert(req); ++ ++ /* It looks weird, but the multiq qdisc initialization wants to receive a tc_multiq_qopt attr even ++ * though it doesn't do anything with it. */ ++ return sd_netlink_message_append_data(req, TCA_OPTIONS, &opt, sizeof(opt)); ++} ++ ++const QDiscVTable multiq_vtable = { ++ .object_size = sizeof(BandMultiQueueing), ++ .tca_kind = "multiq", ++ .fill_message = multi_queueing_fill_message, ++}; +diff --git a/src/network/tc/multiq.h b/src/network/tc/multiq.h +new file mode 100644 +index 0000000000000..e53ed57c716ab +--- /dev/null ++++ b/src/network/tc/multiq.h +@@ -0,0 +1,11 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++#pragma once ++ ++#include "qdisc.h" ++ ++typedef struct BandMultiQueueing { ++ QDisc meta; ++} BandMultiQueueing; ++ ++DEFINE_QDISC_CAST(MULTIQ, BandMultiQueueing); ++extern const QDiscVTable multiq_vtable; +diff --git a/src/network/tc/qdisc.c b/src/network/tc/qdisc.c +index 0f89d844f585a..5e8f97a785100 100644 +--- a/src/network/tc/qdisc.c ++++ b/src/network/tc/qdisc.c +@@ -30,6 +30,7 @@ const QDiscVTable * const qdisc_vtable[_QDISC_KIND_MAX] = { + [QDISC_KIND_GRED] = &gred_vtable, + [QDISC_KIND_HHF] = &hhf_vtable, + [QDISC_KIND_HTB] = &htb_vtable, ++ [QDISC_KIND_MULTIQ] = &multiq_vtable, + [QDISC_KIND_NETEM] = &netem_vtable, + [QDISC_KIND_PIE] = &pie_vtable, + [QDISC_KIND_QFQ] = &qfq_vtable, +diff --git a/src/network/tc/qdisc.h b/src/network/tc/qdisc.h +index 50a8f4ead1951..83853dcaa742c 100644 +--- a/src/network/tc/qdisc.h ++++ b/src/network/tc/qdisc.h +@@ -21,6 +21,7 @@ typedef enum QDiscKind { + QDISC_KIND_GRED, + QDISC_KIND_HHF, + QDISC_KIND_HTB, ++ QDISC_KIND_MULTIQ, + QDISC_KIND_NETEM, + QDISC_KIND_PFIFO, + QDISC_KIND_PFIFO_FAST, +@@ -106,6 +107,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_qdisc_handle); + #include "gred.h" + #include "hhf.h" + #include "htb.h" ++#include "multiq.h" + #include "pie.h" + #include "qfq.h" + #include "netem.h" +diff --git a/test/test-network/conf/25-qdisc-multiq.network b/test/test-network/conf/25-qdisc-multiq.network +new file mode 100644 +index 0000000000000..a805c77124d0c +--- /dev/null ++++ b/test/test-network/conf/25-qdisc-multiq.network +@@ -0,0 +1,12 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++[Match] ++Name=testtun99 ++Name=testtap99 ++ ++[Network] ++LinkLocalAddressing=yes ++IPv6AcceptRA=no ++ ++[BandMultiQueueing] ++Parent=root ++Handle=0002 +diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py +index 1b61038d09e08..a2b4eb40b239d 100755 +--- a/test/test-network/systemd-networkd-tests.py ++++ b/test/test-network/systemd-networkd-tests.py +@@ -4648,6 +4648,16 @@ def test_qdisc_ingress(self): + print(output) + self.assertRegex(output, 'qdisc ingress') + ++ @expectedFailureIfModuleIsNotAvailable('sch_multiq') ++ def test_qdisc_multiq(self): ++ copy_network_unit('25-tun.netdev', '25-tap.netdev', '25-qdisc-multiq.network') ++ start_networkd() ++ self.wait_online('testtun99:degraded', 'testtap99:degraded') ++ ++ output = check_output('tc qdisc show dev testtun99') ++ print(output) ++ self.assertIn('qdisc multiq 2: root', output) ++ + @expectedFailureIfModuleIsNotAvailable('sch_netem') + def test_qdisc_netem(self): + copy_network_unit('25-qdisc-netem.network', '12-dummy.netdev', + +From 2b9ced9072a280a2cb0c2c7783a288788a3a6771 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 4 Sep 2024 13:32:32 +0200 +Subject: [PATCH 2/2] network: Add support for mq qdisc + +--- + man/systemd.network.xml | 10 ++++++++++ + src/network/meson.build | 1 + + src/network/networkd-network-gperf.gperf | 2 ++ + src/network/networkd-network.c | 1 + + src/network/tc/mq.c | 8 ++++++++ + src/network/tc/mq.h | 11 +++++++++++ + src/network/tc/qdisc.c | 1 + + src/network/tc/qdisc.h | 2 ++ + test/test-network/conf/25-qdisc-mq.network | 12 ++++++++++++ + test/test-network/systemd-networkd-tests.py | 9 +++++++++ + 10 files changed, 57 insertions(+) + create mode 100644 src/network/tc/mq.c + create mode 100644 src/network/tc/mq.h + create mode 100644 test/test-network/conf/25-qdisc-mq.network + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index cc6a31484f20c..89484c449f31d 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -6064,6 +6064,16 @@ ServerAddress=192.168.0.1/24 + + + ++ ++ [ClassfulMultiQueueing] Section Options ++ The [ClassfulMultiQueueing] section manages the queueing discipline (qdisc) of Classful Multi Queueing (mq). ++ ++ ++ ++ ++ ++ ++ + + [BandMultiQueueing] Section Options + The [BandMultiQueueing] section manages the queueing discipline (qdisc) of Band Multi Queueing (multiq). +diff --git a/src/network/meson.build b/src/network/meson.build +index 3edcd48c83e63..54cf694aeb47e 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -93,6 +93,7 @@ sources = files( + 'tc/gred.c', + 'tc/hhf.c', + 'tc/htb.c', ++ 'tc/mq.c', + 'tc/multiq.c', + 'tc/netem.c', + 'tc/pie.c', +diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf +index 95fe0275a9be4..a84de4ca7fca9 100644 +--- a/src/network/networkd-network-gperf.gperf ++++ b/src/network/networkd-network-gperf.gperf +@@ -552,6 +552,8 @@ HierarchyTokenBucketClass.Rate, config_parse_hierarchy_token_bucket + HierarchyTokenBucketClass.CeilRate, config_parse_hierarchy_token_bucket_class_rate, TCLASS_KIND_HTB, 0 + HierarchyTokenBucketClass.BufferBytes, config_parse_hierarchy_token_bucket_class_size, TCLASS_KIND_HTB, 0 + HierarchyTokenBucketClass.CeilBufferBytes, config_parse_hierarchy_token_bucket_class_size, TCLASS_KIND_HTB, 0 ++ClassfulMultiQueueing.Parent, config_parse_qdisc_parent, QDISC_KIND_MQ, 0 ++ClassfulMultiQueueing.Handle, config_parse_qdisc_handle, QDISC_KIND_MQ, 0 + BandMultiQueueing.Parent, config_parse_qdisc_parent, QDISC_KIND_MULTIQ, 0 + BandMultiQueueing.Handle, config_parse_qdisc_handle, QDISC_KIND_MULTIQ, 0 + NetworkEmulator.Parent, config_parse_qdisc_parent, QDISC_KIND_NETEM, 0 +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 2c2f8ad939064..8ccf215a71e84 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -551,6 +551,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi + "HeavyHitterFilter\0" + "HierarchyTokenBucket\0" + "HierarchyTokenBucketClass\0" ++ "ClassfulMultiQueueing\0" + "BandMultiQueueing\0" + "NetworkEmulator\0" + "PFIFO\0" +diff --git a/src/network/tc/mq.c b/src/network/tc/mq.c +new file mode 100644 +index 0000000000000..1435ed1fda0fa +--- /dev/null ++++ b/src/network/tc/mq.c +@@ -0,0 +1,8 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include "mq.h" ++ ++const QDiscVTable mq_vtable = { ++ .object_size = sizeof(ClassfulMultiQueueing), ++ .tca_kind = "mq", ++}; +diff --git a/src/network/tc/mq.h b/src/network/tc/mq.h +new file mode 100644 +index 0000000000000..88f0049670cf1 +--- /dev/null ++++ b/src/network/tc/mq.h +@@ -0,0 +1,11 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++#pragma once ++ ++#include "qdisc.h" ++ ++typedef struct ClassfulMultiQueueing { ++ QDisc meta; ++} ClassfulMultiQueueing; ++ ++DEFINE_QDISC_CAST(MQ, ClassfulMultiQueueing); ++extern const QDiscVTable mq_vtable; +diff --git a/src/network/tc/qdisc.c b/src/network/tc/qdisc.c +index 5e8f97a785100..3bcc3930662f4 100644 +--- a/src/network/tc/qdisc.c ++++ b/src/network/tc/qdisc.c +@@ -30,6 +30,7 @@ const QDiscVTable * const qdisc_vtable[_QDISC_KIND_MAX] = { + [QDISC_KIND_GRED] = &gred_vtable, + [QDISC_KIND_HHF] = &hhf_vtable, + [QDISC_KIND_HTB] = &htb_vtable, ++ [QDISC_KIND_MQ] = &mq_vtable, + [QDISC_KIND_MULTIQ] = &multiq_vtable, + [QDISC_KIND_NETEM] = &netem_vtable, + [QDISC_KIND_PIE] = &pie_vtable, +diff --git a/src/network/tc/qdisc.h b/src/network/tc/qdisc.h +index 83853dcaa742c..80b95c2aab4fc 100644 +--- a/src/network/tc/qdisc.h ++++ b/src/network/tc/qdisc.h +@@ -21,6 +21,7 @@ typedef enum QDiscKind { + QDISC_KIND_GRED, + QDISC_KIND_HHF, + QDISC_KIND_HTB, ++ QDISC_KIND_MQ, + QDISC_KIND_MULTIQ, + QDISC_KIND_NETEM, + QDISC_KIND_PFIFO, +@@ -107,6 +108,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_qdisc_handle); + #include "gred.h" + #include "hhf.h" + #include "htb.h" ++#include "mq.h" + #include "multiq.h" + #include "pie.h" + #include "qfq.h" +diff --git a/test/test-network/conf/25-qdisc-mq.network b/test/test-network/conf/25-qdisc-mq.network +new file mode 100644 +index 0000000000000..32366d05dabed +--- /dev/null ++++ b/test/test-network/conf/25-qdisc-mq.network +@@ -0,0 +1,12 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++[Match] ++Name=testtun99 ++Name=testtap99 ++ ++[Network] ++LinkLocalAddressing=yes ++IPv6AcceptRA=no ++ ++[ClassfulMultiQueueing] ++Parent=root ++Handle=0002 +diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py +index a2b4eb40b239d..3989fc04014d1 100755 +--- a/test/test-network/systemd-networkd-tests.py ++++ b/test/test-network/systemd-networkd-tests.py +@@ -4648,6 +4648,15 @@ def test_qdisc_ingress(self): + print(output) + self.assertRegex(output, 'qdisc ingress') + ++ def test_qdisc_mq(self): ++ copy_network_unit('25-tun.netdev', '25-tap.netdev', '25-qdisc-mq.network') ++ start_networkd() ++ self.wait_online('testtun99:degraded', 'testtap99:degraded') ++ ++ output = check_output('tc qdisc show dev testtun99') ++ print(output) ++ self.assertIn('qdisc mq 2: root', output) ++ + @expectedFailureIfModuleIsNotAvailable('sch_multiq') + def test_qdisc_multiq(self): + copy_network_unit('25-tun.netdev', '25-tap.netdev', '25-qdisc-multiq.network') diff --git a/systemd.spec b/systemd.spec index 1b5208c..10ef7ce 100644 --- a/systemd.spec +++ b/systemd.spec @@ -123,6 +123,9 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch +# network: Add support for multiq qdisc +Patch0493: https://github.com/systemd/systemd/pull/34251.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif