diff --git a/staging/systemd/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/staging/systemd/0001-tmpfiles-make-purge-hard-to-mis-use.patch new file mode 100644 index 0000000..79964e8 --- /dev/null +++ b/staging/systemd/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -0,0 +1,89 @@ +From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 23 Jul 2024 13:14:05 +0200 +Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use + +Follow-up for https://github.com/systemd/systemd/pull/33383. +--- + src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ + test/units/TEST-22-TMPFILES.18.sh | 4 ++-- + 2 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 5a4f989668..c5b544f1df 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { + ARG_IMAGE_POLICY, + ARG_REPLACE, + ARG_DRY_RUN, ++ ARG_DESTROY_DATA, + ARG_NO_PAGER, + }; + +@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { + { "replace", required_argument, NULL, ARG_REPLACE }, + { "dry-run", no_argument, NULL, ARG_DRY_RUN }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, ++ ++ /* This is not documented on purpose. ++ * If you think --purge should be allowed without jumping through hoops, ++ * consider opening a bug report with the description of the use case. ++ */ ++ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, ++ + {} + }; + + int c, r; ++ bool destroy_data = false; + + assert(argc >= 0); + assert(argv); +@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { + arg_dry_run = true; + break; + ++ case ARG_DESTROY_DATA: ++ destroy_data = true; ++ break; ++ + case ARG_NO_PAGER: + arg_pager_flags |= PAGER_DISABLE; + break; +@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Refusing --purge without specification of a configuration file."); + ++ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), ++ "Refusing --purge without --destroy-data."); ++ + if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --replace= is not supported with --cat-config/--tldr."); +diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh +index c81f6bd0ef..dd536172d4 100755 +--- a/test/units/TEST-22-TMPFILES.18.sh ++++ b/test/units/TEST-22-TMPFILES.18.sh +@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile + grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile + +-systemd-tmpfiles --purge - <<<"$c" ++systemd-tmpfiles --purge --destroy-data - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile +@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile + +-systemd-tmpfiles --create --purge - <<<"$c" ++systemd-tmpfiles --create --destroy-data --purge - <<<"$c" + test -f /tmp/somedir/somefile + grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile +-- +2.47.0 + diff --git a/staging/systemd/26494.patch b/staging/systemd/26494.patch new file mode 100644 index 0000000..19bc67b --- /dev/null +++ b/staging/systemd/26494.patch @@ -0,0 +1,30 @@ +From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH] core/manager: run generators directly when we are in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b394794b0d4..306477c6e6c2 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } diff --git a/staging/systemd/30846.patch b/staging/systemd/30846.patch index 84a4163..ca9cffb 100644 --- a/staging/systemd/30846.patch +++ b/staging/systemd/30846.patch @@ -1,4 +1,4 @@ -From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001 +From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -39,13 +39,13 @@ revert the change to fix user systems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. --- - src/basic/uid-alloc-range.c | 2 +- + src/basic/uid-classification.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c -index 669cb6d56f7be..7b724b7959f60 100644 ---- a/src/basic/uid-alloc-range.c -+++ b/src/basic/uid-alloc-range.c +diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c +index e2d2cebc6de27..2c8b06c0d3088 100644 +--- a/src/basic/uid-classification.c ++++ b/src/basic/uid-classification.c @@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { /* Returns true if the specified UID shall get its data stored in the system journal. */ diff --git a/staging/systemd/60-block-scheduler.rules b/staging/systemd/60-block-scheduler.rules new file mode 100644 index 0000000..850b645 --- /dev/null +++ b/staging/systemd/60-block-scheduler.rules @@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/staging/systemd/changelog b/staging/systemd/changelog index d19adec..fb6584d 100644 --- a/staging/systemd/changelog +++ b/staging/systemd/changelog @@ -1,3 +1,607 @@ +* Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 +- Backport udma buffer access patch (rhbz#2298422) + +* Tue Jul 16 2024 Daan De Meyer - 256.2-8 +- Add support for building from a specific branch + +* Tue Jul 16 2024 Daan De Meyer - 256.2-7 +- Update PR patch metadata + +* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-6 +- In standalone subpackages, suggest coreutils-single + +* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-5 +- Drop versions from Conflicts for standalone packages + +* Sun Jul 14 2024 Zbigniew Jędrzejewski-Szmek - 256.2-4 +- Use a more precise Recommends for libkxbcommon + +* Thu Jul 11 2024 Daan De Meyer - 256.2-3 +- Drop machined revert + +* Tue Jul 09 2024 Zbigniew Jędrzejewski-Szmek - 256.2-2 +- Rebuilt for the bin-sbin merge + +* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.2-1 +- Version 256.2 +- A bunch of various small fixes + +* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.1-13 +- Link systemd-executor statically + +* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-12 +- Update dracut workaround + +* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-11 +- Fix ELN build + +* Fri Jul 05 2024 Daan De Meyer - 256.1-10 +- Only exclude dracut conflicts on non-fedora on upstream builds + +* Fri Jul 05 2024 Daan De Meyer - 256.1-9 +- Conditionalize dracut Conflicts more + +* Tue Jul 02 2024 Daan De Meyer - 256.1-8 +- Use vmlinux.h from kernel-devel + +* Tue Jul 02 2024 Zbigniew Jędrzejewski-Szmek - 256.1-7 +- Pull in openssl-devel-engine + +* Mon Jul 01 2024 Daan De Meyer - 256.1-6 +- Only add Requires on python3-zstd on Fedora + +* Mon Jul 01 2024 Daan De Meyer - 256.1-5 +- Drop BuildRequires on python3-zstd + +* Tue Jun 25 2024 Zbigniew Jędrzejewski-Szmek - 256.1-4 +- Revert "Remove tmpfiles snippet for /home and /srv" + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-3 +- Remove tmpfiles snippet for /home and /srv + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-2 +- Soft-disable tmpfiles --purge until a good use case comes up + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-1 +- Version 256.1 + +* Sun Jun 16 2024 U2FsdGVkX1 - 256-2 +- disable auto-features when bootstrapping + +* Tue Jun 11 2024 Zbigniew Jędrzejewski-Szmek - 256-1 +- Version 256 +- Only minor changes since -rc4. +- Hardward db is updated. + +* Fri Jun 07 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-2 +- Restore patch to drop varlink method call + +* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-1 +- Version 256~rc4 + +* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-6 +- Drop sysusers.d/basic.conf +- We rely on setup to provide all necessary groups. + +* Sun Jun 02 2024 Adam Williamson - 256~rc3-4 +- Partially backport PR #33016 to fix crashes in KDE 6.3.0 + +* Wed May 29 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-2 +- Add patch to work-around libbpf bug (rhbz#2280935) + +* Thu May 23 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-1 +- Version 256~rc3 + +* Wed May 15 2024 Zbigniew Jędrzejewski-Szmek - 256~rc2-6 +- Version 256~rc2 +- Various small changes all over +- A fix for rhbz#2273069 + +* Mon May 13 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-4 +- Make %%release_override overridable from outside + +* Sat May 11 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-2 +- Temporarily drop call to varlink method to avoid SELinux denial + +* Thu May 09 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-1 +- Version 256-rc1^20240509git +- There were some fixes merged upstream, so let's try again before v256-rc2 + is released. + +* Thu May 02 2024 Jan Macku - 256~rc1-6 +- spec: `systemd-ukify` should depend on `systemd-boot` + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-4 +- Add additional daemon-reexec for upgrades from old systemd versions + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-3 +- Drop trigger scriptlets for upgrades from systemd < 247 + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-2 +- Add Recommends for dlopen libraries + +* Fri Apr 26 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-1 +- Version 256~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too + many changes to list or discuss here. + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-3 +- Reexec systemd in %%postun + (https://github.com/systemd/systemd/issues/5096) +- The workaround dbus issues in upgrades from systemd-239 is dropped + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-2 +- Drop workaround to run generators without sandboxing (requirement on + dracut >= 60 is added) + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-1 +- Version 255.5 +- Many different small fixes: systemd itself, systemd-networkd, systemd- + journal-remote, compilation fixes for newer kernels and clang, systemd- + homed, systemd-resolved, ukify, systemd-tmpfiles, various other. + +* Wed Apr 10 2024 Zbigniew Jędrzejewski-Szmek - 255.4-16 +- Prepare for bin-sbin merge + +* Wed Mar 27 2024 Zbigniew Jędrzejewski-Szmek - 255.4-13 +- spec: add %%bcond to build without documentation + +* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-11 +- Revert "Adjust release tag for riscv64" + +* Fri Mar 22 2024 David Abdurachmanov - 255.4-10 +- Enable bootloader stack for riscv64 + +* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-9 +- Adjust release tag for riscv64 + +* Wed Mar 20 2024 David Tardon - 255.4-5 +- Make Requires(*) on systemd versioned + +* Wed Mar 20 2024 Zbigniew Jędrzejewski-Szmek - 255.4-4 +- Add R:systemd-udev to systemd-networkd subpackage (rhbz#2173425) + +* Mon Mar 18 2024 Daan De Meyer - 255.4-3 +- Add psutil dependency to systemd-tests + +* Thu Mar 07 2024 Daan De Meyer - 255.4-2 +- Build in developer mode when building for upstream + +* Fri Mar 01 2024 Zbigniew Jędrzejewski-Szmek - 255.4-1 +- Version 255.4 + +* Wed Feb 21 2024 Daan De Meyer - 255.3-13 +- Allow setting extra configure options using + %%meson_extra_configure_options + +* Wed Feb 21 2024 Daan De Meyer - 255.3-12 +- Apply pam patch when building for upstream + +* Wed Feb 21 2024 Daan De Meyer - 255.3-11 +- Use %%version_override/%%release_override to specify version/release by + users + +* Tue Feb 20 2024 Zbigniew Jędrzejewski-Szmek - 255.3-10 +- Let libkmod be a dlopen'ed dependency + +* Sat Feb 17 2024 Daan De Meyer - 255.3-9 +- Allow overriding the version and release using macros + +* Sat Feb 17 2024 Daan De Meyer - 255.3-8 +- Stop passing %%{release} to meson when building in upstream mode + +* Sat Feb 17 2024 Daan De Meyer - 255.3-7 +- Don't pass b_lto to meson + +* Thu Feb 15 2024 Daan De Meyer - 255.3-6 +- Update usage of meson-vcs-tag.sh to account for upstream changes + +* Sun Feb 11 2024 Daan De Meyer - 255.3-5 +- Replace inplace macro with upstream macro + +* Sun Feb 11 2024 Daan De Meyer - 255.3-4 +- Remove reconfiguration logic + +* Sun Feb 11 2024 Daan De Meyer - 255.3-3 +- Stop depending on filelists + +* Mon Jan 29 2024 Zbigniew Jędrzejewski-Szmek - 255.3-2 +- Conflicts/Provides with systemd-standalone-repart are moved udev + subpackage + +* Thu Jan 25 2024 Zbigniew Jędrzejewski-Szmek - 255.3-1 +- Version 255.3 +- A bunch of various fixes for memory and behaviour, in many different + components (bootctl, systemd, udev, systemd-networkd, systemd-homed, + systemd-logind, systemd-resolve, systemd-repart, systemd-analyze, + systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd- + journal-remote, kernel-install) +- Improved detection of virtualization (Google Compute Engine, Apple Virt) +- Updates for shell completions and docs +- An update for hardware database + +* Tue Jan 23 2024 Zbigniew Jędrzejewski-Szmek - 255.2-3 +- Add temporary patch to adjust uid range classification (rhbz#2251843) + +* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.2-1 +- Version 255.2 +- Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008) +- systemd-resolved and systemd-networkd are restarted after an upgrade. + +* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.1-2 +- Add missing %%postun scriptlets for systemd-{resolved,networkd} + (rhbz#2255718) + +* Sat Dec 16 2023 Zbigniew Jędrzejewski-Szmek - 255.1-1 +- Version 255.1 + +* Wed Dec 13 2023 Zbigniew Jędrzejewski-Szmek - 255-7 +- Do not remove modified config files + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-4 +- Add /etc/ssh/sshd_config.d to the file list + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-3 +- Move config files to /usr/lib/systemd (e.g. /etc/systemd/system.conf → + /usr/lib/systemd/systemd.conf). Both config file locations were already + supported, and the files installed in /etc/ were "empty" (i.e. they had + only comments and section headers). The move does not change the + configuration, but just makes /etc more empty by default. See + https://github.com/systemd/systemd/commit/6495361c7d for more discussion + and details. + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-2 +- Move systemd-bsod is to udev subpackage + +* Wed Dec 06 2023 Zbigniew Jędrzejewski-Szmek - 255-1 +- Version 255 +- Just a few bugfixes since 255-rc4: seccomp filters, logging, + documentation, systemd-repart +- Includes a hardware database update. + +* Sat Dec 02 2023 Zbigniew Jędrzejewski-Szmek - 255~rc4-1 +- Version 255~rc4 + +* Fri Dec 01 2023 Adam Williamson - 255~rc3-4 +- Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930) + +* Wed Nov 29 2023 Adam Williamson - 255~rc3-3 +- Backport #30197 to fix vconsole startup (RHBZ #2251394) + +* Thu Nov 23 2023 Peter Robinson - 255~rc3-2 +- de-dupe LICENSE.LGPL2.1 in licenses + +* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc3-1 +- Version 255~rc3 + +* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-2 +- Add systemd-networkd-defaults subpackage + +* Wed Nov 15 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-1 +- Version 255~rc2 +- See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS + +* Wed Nov 08 2023 Zbigniew Jędrzejewski-Szmek +- Add Conflicts with older dracut which doesn't have required patches + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-3 +- Also build systemd-vmspawn + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-2 +- Move oomd to systemd-udev + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-1 +- Version 255~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS +- All the files and services related to pcrs are moved to -udev subpackage. + This includes the new systemd-pcrlock binary. + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-2 +- Pull in more patches for keyboard layout matching + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-1 +- Version 254.5 +- Resolves rhbz#29216. + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-14 +- Pull in patches to add PollLimit setting + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-13 +- Change versioned Conflicts to rich Requires (rhbz#2240828) + +* Tue Sep 19 2023 Adam Williamson - 254.2-12 +- Backport PR #29215 to improve keyboard layout matching + +* Mon Sep 18 2023 Zbigniew Jędrzejewski-Szmek - 254.2-7 +- Fix creation of installkernel symlink + +* Fri Sep 15 2023 Zbigniew Jędrzejewski-Szmek - 254.2-6 +- Provide /usr/sbin/installkernel (rhbz#2239008). + +* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-2 +- Make inter-subpackage dependencies archful + +* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-1 +- Version 254.2 +- A bunch of fixes in various areas: manager, coredump, sysupdate, + hibernation, journal. +- Should fix rhbz#2234653. + +* Wed Sep 06 2023 Zbigniew Jędrzejewski-Szmek - 254.1-8 +- Actually reload user managers and backport unit reload macros + +* Sat Sep 02 2023 Daan De Meyer - 254.1-7 +- ukify: Drop obsolete dependency on objcopy + +* Sat Sep 02 2023 Daan De Meyer - 254.1-6 +- Add missing ukify dependency on python-cryptography + +* Sun Aug 20 2023 Yu Watanabe - 254.1-5 +- spec: also explicitly enable/disable ukify support + +* Sun Aug 13 2023 Yu Watanabe - 254.1-4 +- spec: explicitly enable/disable xen support + +* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254.1-1 +- Version 254.1 (rhbz#2228089, possibly partial fix for rhbz#2229524) + +* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254-5 +- Do daemon-reexec of user managers after package upgrade + +* Mon Aug 07 2023 Daan De Meyer - 254-4 +- Revert "Supress errors on selinux systems" + +* Thu Aug 03 2023 Daan De Meyer - 254-3 +- Add a custom %%clean implementation + +* Thu Aug 03 2023 Daan De Meyer - 254-2 +- Update libbpf soname + +* Fri Jul 28 2023 Zbigniew Jędrzejewski-Szmek - 254-1 +- Version 254 (just a bunch of bugfixes, mostly for unusual architectures, + since rc3) +- rhbz#2226908 +- See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for + the full changeset. + +* Mon Jul 24 2023 Zbigniew Jędrzejewski-Szmek - 254~rc3-1 +- Version 254~rc3 +- A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits + which were found to cause problems. + +* Sat Jul 22 2023 Fedora Release Engineering - 254~rc2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 17 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-4 +- Fix scriptlets for various services and remote-cryptsetup.target + (rhbz#2217997) + +* Sun Jul 16 2023 Stewart Smith - 254~rc2-3 +- Convert existing bcond_with[out] to plain bcond + +* Sun Jul 16 2023 Stewart Smith - 254~rc2-2 +- Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds + +* Sat Jul 15 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-1 +- Version 254~rc2 +- Various bug fixes, in particular kernel-install should again work without + /proc. + +* Thu Jul 13 2023 Zbigniew Jędrzejewski-Szmek - 254~rc1-1 +- Version 254~rc1 +- Way too many changes to list. See + https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS +- Fix regression in socket activation of services (rhbz#2213660). + +* Mon Jun 26 2023 Yaakov Selkowitz - 253.5-7 +- Use rpm sysuser provide generation on RHEL >= 10 + +* Thu Jun 22 2023 Panu Matilainen - 253.5-6 +- Use rpm's sysuser provide generation on Fedora >= 39 + +* Wed Jun 21 2023 Anita Zhang - 253.5-5 +- fix typos in standalone package provides + +* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-4 +- Avoid pillow and pyflakes in RHEL builds + +* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-3 +- Avoid qrencode dependency in RHEL builds + +* Fri Jun 02 2023 Alessandro Astone - 253.5-2 +- Increase vm.max_map_count + +* Thu Jun 01 2023 Zbigniew Jędrzejewski-Szmek - 253.5-1 +- Version 253.5 + +* Thu May 11 2023 Zbigniew Jędrzejewski-Szmek - 253.4-1 +- Version 253.4 + +* Thu May 11 2023 Michael Catanzaro - 253.2-6 +- Raise ManagedOOMMemoryPressureLimit from 50%% to 80%% + +* Tue May 09 2023 Zbigniew Jędrzejewski-Szmek - 253.2-5 +- Add forgotten Provides and Conflicts for standalones + +* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-4 +- sysusers.generate-pre.sh: properly escape quotes in description strings + (rhbz#2104141) + +* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-3 +- sysusers.generate-pre.sh: fix indentation in generated scripts + +* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.2-1 +- Version 253.2 + +* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.1-7 +- oomd: stop monitoring user-*.slice slices (rhbz#2177722) + +* Thu Mar 09 2023 Zbigniew Jędrzejewski-Szmek - 253.1-6 +- Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage + +* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-2 +- Fix build with gnu-efi-3.0.11-13 + +* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-1 +- Version 253.1 +- Fixes rhbz#2148464 + +* Wed Mar 01 2023 Zbigniew Jędrzejewski-Szmek - 253-7 +- Move man pages for sd-boot into systemd-boot-unsigned + +* Wed Feb 22 2023 Zbigniew Jędrzejewski-Szmek - 253-6 +- Set TimeoutStopFailureMode=abort for services (see + https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer) + +* Tue Feb 21 2023 Dusty Mabe - 253-5 +- remove group write permission from 98-default-mac-none.link + +* Tue Feb 21 2023 Dusty Mabe - 253-4 +- fix comment instructions for 98-default-mac-none.link + +* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-3 +- Backport patch for container compatibility (rhbz#2165004) + +* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-2 +- Add workaround patch for dracut generator issue (rhbz#2164404) + +* Mon Feb 20 2023 Zbigniew Jędrzejewski-Szmek - 253-1 +- Version 253 (mostly some documentation fixes since -rc3). + +* Fri Feb 10 2023 Zbigniew Jędrzejewski-Szmek - 253~rc3-1 +- Version 253-rc3 +- A bunch of bugfixes for regressions, some documentation and bug fixes + too. +- Really fix rhbz#2165692 (previous build carried an unapplied patch). + +* Thu Feb 09 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-7 +- Revert patch switch causes problems for 'systemctl isolate' + (rhbz#2165692) + +* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-6 +- Disable systemd-boot-update.service in presets + +* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-4 +- Update License to SPDX + +* Mon Feb 06 2023 Thomas Haller - 253~rc2-3 +- add "98-default-mac-none.link" to keep default MAC address of + bridge/bond/team + +* Thu Feb 02 2023 Michael Catanzaro - 253~rc2-2 +- Shorten shutdown timeout to 45 s + +* Thu Feb 02 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-1 +- Version 253~rc2 +- Sysusers fixup (rhbz#2156900) + other small changes + +* Thu Feb 02 2023 Yaakov Selkowitz - 253~rc1-5 +- Build with xen only on Fedora + +* Thu Jan 26 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-3 +- Reenable systemd-journald-audit.socket after upgrades (rhbz#2164594) + +* Wed Jan 25 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-2 +- Add Requires on Python modules to systemd-ukify and Recommends for + libp11-kit + +* Tue Jan 24 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-1 +- Version 253~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS +- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone, + and systemd-ukify. + +* Sun Jan 22 2023 Zbigniew Jędrzejewski-Szmek - 252.4-4 +- Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3 + +* Sat Jan 21 2023 Fedora Release Engineering - 252.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jan 05 2023 Daan De Meyer - 252.4-2 +- Add python3 to BuildRequires + +* Tue Dec 20 2022 Zbigniew Jędrzejewski-Szmek - 252.4-1 +- Version 252.4 +- Fixes a few different issues (systemd-timesyncd connectivity problems, + broken emoji output on the console, crashes in pid1 unit dependency + logic) +- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel + setting + +* Sat Dec 17 2022 Zbigniew Jędrzejewski-Szmek - 252.3-4 +- boot: add Provides:systemd-boot(isa) + +* Wed Dec 14 2022 Zbigniew Jędrzejewski-Szmek - 252.3-2 +- Use upstream pam systemd-auth file with a patch, add pam_keyinit + +* Thu Dec 08 2022 Zbigniew Jędrzejewski-Szmek - 252.3-1 +- Version 252.3 (rhbz#2136916, rhbz#2083900) + +* Fri Dec 02 2022 Zbigniew Jędrzejewski-Szmek - 252.2-2 +- Split out systemd-boot-unsigned package + +* Thu Nov 24 2022 Zbigniew Jędrzejewski-Szmek - 252.2-1 +- Version 252.2 +- Latest batch of bugfixes (rhbz#2137631) + +* Thu Nov 24 2022 Martin Osvald - 252.1-3 +- Support user:group notation by sysusers.generate-pre.sh script + +* Tue Nov 08 2022 Zbigniew Jędrzejewski-Szmek - 252.1-1 +- Version 252.1 (just some small fixes). + +* Mon Oct 31 2022 Zbigniew Jędrzejewski-Szmek - 252-1 +- Version 252 + +* Tue Oct 25 2022 Zbigniew Jędrzejewski-Szmek - 252~rc3-1 +- Version 252-rc3 (#2135778) + +* Tue Oct 18 2022 Zbigniew Jędrzejewski-Szmek - 252~rc2-28 +- Version 252-rc2 (#2134741, #2133792) + +* Fri Oct 14 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-31 +- Fix upgrade detection in %%posttrans scriptlet (rhbz#2115094) + +* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-30 +- Fix indentation in %%sysusers_create_compat macro (rhbz#2132835) + +* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-29 +- Correctly move systemd-measure to systemd-udev subpackage + +* Fri Oct 07 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-28 +- Version 252-rc1 (for details see + https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS) + +* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-29 +- Fix permissions on %%ghost files (rhbz#2122889) + +* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-28 +- Version 251.5 (rhbz#2129343, rhbz#2121106, rhbz#2130188) + +* Fri Sep 30 2022 Yu Watanabe - 251.4-41 +- Replace patch for test-mountpoint-util + +* Fri Sep 30 2022 Yu Watanabe - 251.4-40 +- patch: fix regression in bfq patch + +* Fri Sep 30 2022 Luca BRUNO - 251.4-39 +- sysusers/generate: bridge 'm' entries to usermod + +* Fri Sep 30 2022 Anita Zhang - 251.4-38 +- Update systemd-oomd defaults to friendlier values +- Remove swap policy. Default amount of swap (8GB?) is a lot lower than + what we use internally with the swap policy. Which frequently leads to + GNOME getting killed (e.g. + https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other BZs not + linked here). Internally we use 0.5x-1x size of physical memory for swap + via swapfiles (this will be documented in systemd upstream). In simple + cases of using more memory than is available (but without memory + pressure), the Kernel OOM killer can handle killing the offending + process. + +* Thu Sep 29 2022 Zbigniew Jędrzejewski-Szmek - 251.4-37 +- Make systemd-devel conditionally pull in systemd-rpm-macros + * Fri Aug 19 2022 Neal Gompa - 251.4-53 - Set compile-time fallback hostname to "localhost" https://fedoraproject.org/wiki/Changes/FallbackHostname diff --git a/staging/systemd/sources b/staging/systemd/sources new file mode 100644 index 0000000..c30dd34 --- /dev/null +++ b/staging/systemd/sources @@ -0,0 +1 @@ +SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd diff --git a/staging/systemd/split-files.py b/staging/systemd/split-files.py index 3f66ada..51400fd 100644 --- a/staging/systemd/split-files.py +++ b/staging/systemd/split-files.py @@ -260,6 +260,6 @@ def files(root): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot'))) + not (no_bootloader and name == 'boot')) ]: sys.exit(1) diff --git a/staging/systemd/systemd-user b/staging/systemd/systemd-user new file mode 100644 index 0000000..82dcd32 --- /dev/null +++ b/staging/systemd/systemd-user @@ -0,0 +1,14 @@ +# Used by systemd --user instances. + +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +-session optional pam_systemd_home.so +session optional pam_umask.so silent +session include system-auth diff --git a/staging/systemd/systemd.spec b/staging/systemd/systemd.spec index c120e6e..41919e0 100644 --- a/staging/systemd/systemd.spec +++ b/staging/systemd/systemd.spec @@ -1,4 +1,4 @@ -#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} # We ship a .pc file but don't want to have a dep on pkg-config. We @@ -34,6 +34,13 @@ # Build from git main %bcond upstream 0 +# When bootstrap, libcryptsetup is disabled +# but auto-features causes many options to be turned on +# that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) +%if %{with bootstrap} +%global __meson_auto_features disabled +%endif + # Override %%autorelease. This is ugly, but rpmautospec doesn't implement # autorelease correctly if the macro is conditionalized in the Release field. %{?release_override:%global autorelease %{release_override}%{?dist}} @@ -42,7 +49,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.14} +Version: %{?version_override}%{!?version_override:257~rc2} Release: %autorelease.ublue.1 %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -52,30 +59,26 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined commit} -Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -%if 0%{?stable} -Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%if %{defined branch} +Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz +%elif %{defined commit} +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif -%endif # This file must be available before %%prep. # It is generated during systemd build and can be found in build/src/core/. Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user - -# Prevent accidental removal of the systemd package -Source4: yum-protect-systemd.conf - -Source5: inittab -Source6: sysctl.conf.README -Source7: systemd-journal-remote.xml -Source8: systemd-journal-gatewayd.xml -Source9: 20-yama-ptrace.conf -Source10: systemd-udev-trigger-no-reload.conf +Source4: test_sysusers_defined.py + +Source6: inittab +Source7: sysctl.conf.README +Source8: systemd-journal-remote.xml +Source9: systemd-journal-gatewayd.xml +Source10: 20-yama-ptrace.conf +Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports Source13: .abignore @@ -83,6 +86,7 @@ Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf Source16: 10-timeout-abort.conf Source17: 10-map-count.conf +Source18: 60-block-scheduler.rules Source21: macros.sysusers Source22: sysusers.attr @@ -91,6 +95,8 @@ Source24: sysusers.generate-pre.sh Source25: 98-default-mac-none.link +Source26: systemd-user + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -103,20 +109,19 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -%if %{without upstream} -# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 -Patch0011: https://github.com/systemd/systemd/pull/33738.patch +%if 0%{?fedora} < 40 && 0%{?rhel} < 10 +# Work-around for dracut issue: run generators directly when we are in initrd +# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +# Drop when dracut-060 is available. +Patch0010: https://github.com/systemd/systemd/pull/26494.patch +%endif # Those are downstream-only patches, but we don't want them in packit builds: -# https://bugzilla.redhat.com/show_bug.cgi?id=1738828 -Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch -%endif - -# Adjust upstream config to use our shared stack -Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch +# Soft-disable tmpfiles --purge until a good use case comes up. +Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch # System Extensions Fix # https://github.com/systemd/systemd/pull/35132 @@ -130,6 +135,7 @@ BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils +BuildRequires: rpmdevtools BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel @@ -166,15 +172,20 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel +%if 0%{?fedora} >= 41 +BuildRequires: openssl-devel-engine +%endif %if %{with gnutls} BuildRequires: gnutls-devel %endif -%if %{undefined rhel} +%if 0%{?fedora} BuildRequires: qrencode-devel %endif BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel BuildRequires: iptables-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) @@ -195,12 +206,11 @@ BuildRequires: python3-devel BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) -%if %{undefined rhel} +%if 0%{?fedora} BuildRequires: python3dist(pillow) BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) -BuildRequires: python3dist(zstd) %if 0%{?want_bootloader} BuildRequires: python3dist(pyelftools) %endif @@ -213,15 +223,14 @@ BuildRequires: gettext %ifarch %{valgrind_arches} BuildRequires: valgrind-devel %endif -BuildRequires: pkgconfig(bash-completion) - -%if %{with upstream} -BuildRequires: pkgconfig(libarchive) +%if %{defined rhel} && 0%{?rhel} < 10 +BuildRequires: rsync %endif %ifnarch %ix86 # bpftool is not built for i368 BuildRequires: bpftool +BuildRequires: kernel-devel %global have_bpf 1 %endif @@ -260,8 +269,21 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif -# Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < 060 +%if 0%{?fedora} >= 41 +BuildRequires: setup >= 2.15.0-3 +BuildRequires: python3 +Conflicts: setup < 2.15.0-3 +Conflicts: selinux-policy-any < 41.3 +%endif + +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 +# Make sure that dracut supports systemd-executor and the renames done for v255, +# and dlopen libraries and read-only fs in initrd. +Conflicts: dracut < 060-2 +%elif 0%{?fedora} || %{without upstream} +# Make sure that dracut supports systemd-executor and the renames done for v255. +Conflicts: dracut < 059-16 +%endif Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 @@ -292,7 +314,7 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} -%if %{undefined rhel} +%if 0%{?fedora} Recommends: libqrencode.so.4%{?elf_suffix} %endif Recommends: libbpf.so.1%{?elf_suffix} @@ -308,7 +330,6 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} -%if %{with upstream} # Libkmod is used to load modules. Recommends: libkmod.so.2%{?elf_suffix} # kmod_list_next, kmod_load_resources, kmod_module_get_initstate, @@ -319,7 +340,6 @@ Recommends: libkmod.so.2%{?elf_suffix} Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} Recommends: libarchive.so.13%{?elf_suffix} -%endif %description systemd is a system and service manager that runs as PID 1 and starts the rest @@ -396,15 +416,22 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +%if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%endif +# A backport of systemd-timesyncd is shipped as a separate package in EPEL so +# let's make sure we properly handle that. +%if 0%{?rhel} +Conflicts: systemd-timesyncd < %{version}-%{release} +Obsoletes: systemd-timesyncd < %{version}-%{release} +Provides: systemd-timesyncd = %{version}-%{release} +%endif -%if %{with upstream} # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. Requires: libkmod.so.2%{?elf_suffix} Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} -%endif # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home @@ -456,15 +483,24 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} +Requires: (systemd-boot if %{shrink:( + filesystem(x86-32) or + filesystem(x86-64) or + filesystem(aarch64) or + filesystem(riscv64) +)}) Requires: python3dist(pefile) +%if 0%{?fedora} Requires: python3dist(zstd) +%endif Requires: python3dist(cryptography) +%if 0%{?fedora} Recommends: python3dist(pillow) +%endif # for tests %ifarch riscv64 @@ -480,6 +516,7 @@ This package provides ukify, a script that combines a kernel image, an initrd, with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). +%if 0%{?want_bootloader} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -650,12 +687,44 @@ library or other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 +%if %{defined branch} +%autosetup -n %{name}-%{branch} -p1 +%elif %{defined commit} +%autosetup -n %{name}-%{commit} -p1 +%else +%autosetup -n %{name}-%{version_no_tilde} -p1 +%endif + +# Disable user lockdown until rpm implements it natively. +# https://github.com/rpm-software-management/rpm/issues/3450 +sed -r -i 's/^u!/u/' sysusers.d/*.conf* %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} +VMLINUX_H_PATH='' + +%if 0%{?have_bpf} + +%global find_vmlinux_h %{expand: +import functools, glob, subprocess +def cmp(a, b): + c = subprocess.call(["rpmdev-vercmp", a, b], stdout=subprocess.DEVNULL) + return {0:0, 11:+1, 12:-1}[c] +choices = list(glob.glob("/usr/src/kernels/*/vmlinux.h")) +assert choices +print(max(choices, key=functools.cmp_to_key(cmp))) +} + +# The build fails on ppc64le with +# "GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx". +# TODO: Remove this when libbpf checks for __powerpc64__ macro. +%ifnarch ppc64le +VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') +%endif +%endif + CONFIGURE_OPTS=( -Dmode=%[%{with upstream}?"developer":"release"] -Dsysvinit-path=/etc/rc.d/init.d @@ -673,6 +742,8 @@ CONFIGURE_OPTS=( -Dima=true -Dselinux=enabled -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dvmlinux-h=%[0%{?have_bpf}?"auto":"disabled"] + -Dvmlinux-h-path="$VMLINUX_H_PATH" -Dapparmor=disabled -Dpolkit=enabled -Dxz=%[%{with xz}?"enabled":"disabled"] @@ -691,6 +762,7 @@ CONFIGURE_OPTS=( -Delfutils=enabled -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] -Delfutils=enabled + -Drepart=enabled -Dpwquality=enabled -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] @@ -730,9 +802,11 @@ CONFIGURE_OPTS=( -Ddefault-llmnr=resolve # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 -Dstatus-unit-format-default=combined +%if 0%{?fedora} # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer -Ddefault-timeout-sec=45 -Ddefault-user-timeout-sec=45 +%endif -Dconfigfiledir=/usr/lib -Doomd=true @@ -761,10 +835,8 @@ CONFIGURE_OPTS=( # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] - -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=enabled ) %if %{without lto} @@ -816,11 +888,13 @@ touch %{buildroot}/etc/systemd/coredump.conf \ %{buildroot}/etc/udev/udev.conf \ %{buildroot}/etc/udev/iocost.conf +install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} + # /etc/initab -install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} # /etc/sysctl.conf compat -install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf # Make sure these directories are properly owned @@ -872,33 +946,49 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state -# Install yum protection fragment -install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf - -install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} +# Install yum protection config. Old location in /etc. +mkdir -p %{buildroot}/etc/dnf/protected.d/ +cat >%{buildroot}/etc/dnf/protected.d/systemd.conf <%{buildroot}/usr/share/dnf5/libdnf.conf.d/protect-systemd.conf <= 10 ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel +%endif %if "%{_sbindir}" == "%{_bindir}" # Systemd has the split-sbin option which is also used to select the directory @@ -921,6 +1013,31 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ %endif +%if 0%{?fedora} >= 41 +# This requires https://pagure.io/setup/pull-request/50 +# and https://src.fedoraproject.org/rpms/setup/pull-request/10. +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +rm %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif + +# Disable sshd_config.d/20-systemd-userdb.conf for now. +# This option may override an existing AuthorizedKeysCommand setting +# (or be ineffective, depending on the order of configuration). +# See https://github.com/systemd/systemd/issues/33648. +rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf +mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} + +install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} + +# Disable freezing of user sessions while we're working out the details. +mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ +cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf </dev/null || : -# FIXME: move to %postun. We want to restart systemd *after* removing -# files from the old rpm. Right now we may still have bits the old -# setup if the files are not present in the new version. But before -# implement restarting of *other* services after the transaction, moving -# this would make things worse, increasing the number of warnings we get -# about needed daemon-reload. - -systemctl daemon-reexec &>/dev/null || { - # systemd v239 had bug #9553 in D-Bus authentication of the private socket, - # which was later fixed in v240 by #9625. - # - # The end result is that a `systemctl daemon-reexec` call as root will fail - # when upgrading from systemd v239, which means the system will not start - # running the new version of systemd after this post install script runs. - # - # To work around this issue, let's fall back to using a `kill -TERM 1` to - # re-execute the daemon when the `systemctl daemon-reexec` call fails. - # - # In order to prevent issues when the reason why the daemon-reexec failed is - # not the aforementioned bug, let's only use this fallback when: - # - we're upgrading this RPM package; and - # - we confirm that systemd is running as PID1 on this system. - if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then - kill -TERM 1 &>/dev/null || : - fi -} - [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -985,42 +1085,29 @@ systemd-tmpfiles --create &>/dev/null || : systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : -%postun -if [ $1 -eq 1 ]; then - [ -w %{_localstatedir} ] && journalctl --update-catalog || : - systemd-tmpfiles --create &>/dev/null || : +%posttrans +if [ $1 -ge 2 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + + systemctl daemon-reexec || : + + systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service +%systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# This is the explanded form of %%systemd_user_daemon_reexec. We +# This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. -if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall /usr/lib/systemd/systemd-update-helper user-reexec || : fi -%triggerun resolved -- systemd < 246.1-1 -# This is for upgrades from previous versions before systemd-resolved became the default. -systemctl --no-reload preset systemd-resolved.service &>/dev/null || : - -if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then - systemctl -q is-enabled NetworkManager.service 2>/dev/null && \ - ! test -L /etc/resolv.conf 2>/dev/null && \ - ! mountpoint /etc/resolv.conf &>/dev/null && \ - grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \ - echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \ - mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \ - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || : - - systemctl start systemd-resolved.service &>/dev/null || : -fi - -%triggerun -- systemd < 247.3-2 -# This is for upgrades from previous versions before oomd-defaults is available. -systemctl --no-reload preset systemd-oomd.service &>/dev/null || : +%triggerun -- systemd < 256 +# This is for upgrades from previous versions before systemd restart was moved to %%postun +systemctl daemon-reexec || : %triggerpostun -- systemd < 253~rc1-2 # This is for upgrades from previous versions where systemd-journald-audit.socket @@ -1060,11 +1147,10 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %preun udev %systemd_preun %udev_services -%postun udev +%posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service - +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1082,8 +1168,8 @@ if [ $1 -eq 1 ] ; then fi fi -%postun journal-remote -%systemd_postun_with_restart %journal_remote_units_restart +%posttrans journal-remote +%systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload %post networkd @@ -1105,9 +1191,8 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service -%postun networkd -%systemd_postun_with_restart systemd-networkd.service -%systemd_postun systemd-networkd-wait-online.service +%posttrans networkd +%systemd_posttrans_with_restart systemd-networkd.service %post resolved [ $1 -eq 1 ] || exit 0 @@ -1124,10 +1209,8 @@ fi %systemd_post systemd-resolved.service %preun resolved +%systemd_preun systemd-resolved.service if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : if [ -L /etc/resolv.conf ] && \ realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then rm -f /etc/resolv.conf # no longer useful @@ -1138,10 +1221,8 @@ if [ $1 -eq 0 ] ; then fi fi -%postun resolved -%systemd_postun_with_restart systemd-resolved.service - %posttrans resolved +%systemd_posttrans_with_restart systemd-resolved.service [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation @@ -1214,8 +1295,8 @@ fi %files udev -f .file-list-udev -%if 0%{?want_bootloader} %files ukify -f .file-list-ukify +%if 0%{?want_bootloader} %files boot-unsigned -f .file-list-boot %endif diff --git a/staging/systemd/test_sysusers_defined.py b/staging/systemd/test_sysusers_defined.py new file mode 100755 index 0000000..6f04f15 --- /dev/null +++ b/staging/systemd/test_sysusers_defined.py @@ -0,0 +1,34 @@ +#!/usr/bin/python + +import sys + +def parse_sysusers_file(filename): + users, groups = set(), set() + + for line in open(filename): + line = line.strip() + if not line or line.startswith('#'): + continue + words = line.split() + match words[0]: + case 'u'|'u!': + users.add(words[1]) + case 'g': + groups.add(words[1]) + case 'm'|'r': + continue + case _: + assert False + return users, groups + +setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) +setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) +setup_users |= setup_users2 +setup_groups |= setup_groups2 + +basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) + +if d := basic_users - setup_users: + exit(f'We have new users: {d}') +if d := basic_groups - setup_groups: + exit(f'We have new groups: {d}')