rpms
/
systemd
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Moar patches

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2018-02-21 12:37:32 +01:00
parent 44a72b9a54
commit 20c4049c83
103 changed files with 13 additions and 6280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
0001-escape-Fix-help-description-6352.patch
View File

@ -1,23 +0,0 @@
From b2954c2fbed0409adba2687b17fb956f002b2bbe Mon Sep 17 00:00:00 2001
From: Jeremy Bicha <jbicha@ubuntu.com>
Date: Thu, 13 Jul 2017 10:44:33 -0400
Subject: [PATCH] escape: Fix help description (#6352)
Resolves: #6351(cherry picked from commit 303608c1bcf9568371625fbbd9442946cadba422)
---
src/escape/escape.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/escape/escape.c b/src/escape/escape.c
index af98c98e40..89e885d47c 100644
--- a/src/escape/escape.c
+++ b/src/escape/escape.c
@@ -38,7 +38,7 @@ static bool arg_path = false;
static void help(void) {
printf("%s [OPTIONS...] [NAME...]\n\n"
- "Show system and user paths.\n\n"
+ "Escape strings for usage in system unit names.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --suffix=SUFFIX Unit suffix to append to escaped strings\n"

51
0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch
View File

@ -1,51 +0,0 @@
From 33145774d9d41ac306f972e0247c9a073d5dbfc9 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 14 Jul 2017 18:28:28 +0200
Subject: [PATCH] build-sys: install udev rule 70-joystick.{rules,hwdb} (#6363)
* meson: install udev files 70-joystick.{rules,hwdb}
* Makefile: install udev file 70-joystick.hwdb
(cherry picked from commit 816be2ba448940e2517dba81492e80b1e6a5954f)
---
Makefile.am | 1 +
hwdb/meson.build | 1 +
rules/meson.build | 1 +
3 files changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index c16e62280b..b95c93bb98 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4062,6 +4062,7 @@ dist_udevhwdb_DATA = \
hwdb/60-evdev.hwdb \
hwdb/60-keyboard.hwdb \
hwdb/60-sensor.hwdb \
+ hwdb/70-joystick.hwdb \
hwdb/70-mouse.hwdb \
hwdb/70-pointingstick.hwdb \
hwdb/70-touchpad.hwdb
diff --git a/hwdb/meson.build b/hwdb/meson.build
index 74a93f9ccb..6fceff2b3b 100644
--- a/hwdb/meson.build
+++ b/hwdb/meson.build
@@ -12,6 +12,7 @@ hwdb_files = files('''
60-evdev.hwdb
60-keyboard.hwdb
60-sensor.hwdb
+ 70-joystick.hwdb
70-mouse.hwdb
70-pointingstick.hwdb
70-touchpad.hwdb
diff --git a/rules/meson.build b/rules/meson.build
index 0f818a506f..7f4725ad65 100644
--- a/rules/meson.build
+++ b/rules/meson.build
@@ -12,6 +12,7 @@ rules = files('''
60-sensor.rules
60-serial.rules
64-btrfs.rules
+ 70-joystick.rules
70-mouse.rules
70-touchpad.rules
75-net-description.rules

22
0003-add-version-argument-to-help-function-6377.patch
View File

@ -1,22 +0,0 @@
From a1b21ca91835ec0322ccd0eedf9951ba0e52db80 Mon Sep 17 00:00:00 2001
From: IPv4v6 <mail.ipv4v6@gmail.com>
Date: Sat, 15 Jul 2017 13:53:21 +0200
Subject: [PATCH] add version argument to help function (#6377)
Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>(cherry picked from commit cb4069d95e447e8a01fc3feee6d6cb99669c4c38)
---
src/core/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/main.c b/src/core/main.c
index 88e2c92504..babcab4978 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1091,6 +1091,7 @@ static int help(void) {
printf("%s [OPTIONS...]\n\n"
"Starts up and maintains the system or user services.\n\n"
" -h --help Show this help\n"
+ " --version Show version\n"
" --test Determine startup sequence, dump it and exit\n"
" --no-pager Do not pipe output into a pager\n"
" --dump-configuration-items Dump understood unit configuration items\n"

79
0004-seccomp-arm64-x32-do-not-have-_sysctl.patch
View File

@ -1,79 +0,0 @@
From 5d56b6fb41fb29cd636e64f079f9a1e1982820be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:28:02 +0000
Subject: [PATCH] seccomp: arm64/x32 do not have _sysctl
So don't even try to added the filter to reduce noise.
The test is updated to skip calling _sysctl because the kernel prints
an oops-like message that is confusing and unhelpful:
Jul 15 21:07:01 rpi3 kernel: test-seccomp[8448]: syscall -10080
Jul 15 21:07:01 rpi3 kernel: Code: aa0503e4 aa0603e5 aa0703e6 d4000001 (b13ffc1f)
Jul 15 21:07:01 rpi3 kernel: CPU: 3 PID: 8448 Comm: test-seccomp Tainted: G W 4.11.8-300.fc26.aarch64 #1
Jul 15 21:07:01 rpi3 kernel: Hardware name: raspberrypi rpi/rpi, BIOS 2017.05 06/24/2017
Jul 15 21:07:01 rpi3 kernel: task: ffff80002bb0bb00 task.stack: ffff800036354000
Jul 15 21:07:01 rpi3 kernel: PC is at 0xffff8669c7c4
Jul 15 21:07:01 rpi3 kernel: LR is at 0xaaaac64b6750
Jul 15 21:07:01 rpi3 kernel: pc : [<0000ffff8669c7c4>] lr : [<0000aaaac64b6750>] pstate: 60000000
Jul 15 21:07:01 rpi3 kernel: sp : 0000ffffdc640fd0
Jul 15 21:07:01 rpi3 kernel: x29: 0000ffffdc640fd0 x28: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x27: 0000000000000000 x26: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x25: 0000000000000000 x24: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x23: 0000000000000000 x22: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x21: 0000aaaac64b4940 x20: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x19: 0000aaaac64b88f8 x18: 0000000000000020
Jul 15 21:07:01 rpi3 kernel: x17: 0000ffff8669c7a0 x16: 0000aaaac64d2ee0
Jul 15 21:07:01 rpi3 kernel: x15: 0000000000000000 x14: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x13: 203a657275746365 x12: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x11: 0000ffffdc640418 x10: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x9 : 0000000000000005 x8 : 00000000ffffd8a0
Jul 15 21:07:01 rpi3 kernel: x7 : 7f7f7f7f7f7f7f7f x6 : 7f7f7f7f7f7f7f7f
Jul 15 21:07:01 rpi3 kernel: x5 : 65736d68716f7277 x4 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x3 : 0000000000000008 x2 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x1 : 0000000000000000 x0 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel:
(cherry picked from commit 1e20e640132c700c23494bb9e2619afb83878380)
(cherry picked from commit 2e64e8f46d726689a44d4084226fe3e0ea255c29)
---
src/shared/seccomp-util.c | 4 ++++
src/test/test-seccomp.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 36843d4bf5..1a8bfbe416 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -899,6 +899,10 @@ int seccomp_protect_sysctl(void) {
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
+ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64))
+ /* No _sysctl syscall */
+ continue;
+
r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW);
if (r < 0)
return r;
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index efd145e063..50fe24c794 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -244,13 +244,17 @@ static void test_protect_sysctl(void) {
assert_se(pid >= 0);
if (pid == 0) {
+#if __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, NULL) < 0);
assert_se(errno == EFAULT);
+#endif
assert_se(seccomp_protect_sysctl() >= 0);
+#if __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
assert_se(errno == EPERM);
+#endif
_exit(EXIT_SUCCESS);
}

40
0005-seccomp-arm64-does-not-have-mmap2.patch
View File

@ -1,40 +0,0 @@
From e04118bd11f8268e7ee7b893f861f18f03bc6970 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:30:01 +0000
Subject: [PATCH] seccomp: arm64 does not have mmap2
I messed up when adding the definitions in 4278d1f5310f5acb4c6a6788233625234edb5145.
Unfortunately I didn't have the hardware at hand and went by
looking at the kernel headers.
(cherry picked from commit 53196fafcb7b24b45ed4f48ab894d00a24a6d871)
(cherry picked from commit 79873bc850177050baa0c5165b119adafeebb891)
---
src/shared/seccomp-util.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 1a8bfbe416..637ee8526e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1223,10 +1223,6 @@ int seccomp_memory_deny_write_execute(void) {
break;
- case SCMP_ARCH_AARCH64:
- block_syscall = SCMP_SYS(mmap);
- /* fall through */
-
case SCMP_ARCH_ARM:
filter_syscall = SCMP_SYS(mmap2); /* arm has only mmap2 */
shmat_syscall = SCMP_SYS(shmat);
@@ -1234,7 +1230,8 @@ int seccomp_memory_deny_write_execute(void) {
case SCMP_ARCH_X86_64:
case SCMP_ARCH_X32:
- filter_syscall = SCMP_SYS(mmap); /* amd64 and x32 have only mmap */
+ case SCMP_ARCH_AARCH64:
+ filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */
shmat_syscall = SCMP_SYS(shmat);
break;

41
0006-test-seccomp-arm64-does-not-have-access-and-poll.patch
View File

@ -1,41 +0,0 @@
From 5a3e65fa2537b31334ccb8b73a28208a3b535076 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:30:48 +0000
Subject: [PATCH] test-seccomp: arm64 does not have access() and poll()
glibc uses faccessat and ppoll, so just add a filters for that.
(cherry picked from commit abc0213839fef92e2e2b98a434914f22ece48490)
(cherry picked from commit f60a865a496e1e6fde7436b4013dd8ff677f29a1)
---
src/test/test-seccomp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 50fe24c794..28fe206507 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -529,7 +529,11 @@ static void test_load_syscall_filter_set_raw(void) {
assert_se(poll(NULL, 0, 0) == 0);
assert_se(s = set_new(NULL));
+#if SCMP_SYS(access) >= 0
assert_se(set_put(s, UINT32_TO_PTR(__NR_access + 1)) >= 0);
+#else
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_faccessat + 1)) >= 0);
+#endif
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN)) >= 0);
@@ -541,7 +545,11 @@ static void test_load_syscall_filter_set_raw(void) {
s = set_free(s);
assert_se(s = set_new(NULL));
+#if SCMP_SYS(poll) >= 0
assert_se(set_put(s, UINT32_TO_PTR(__NR_poll + 1)) >= 0);
+#else
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_ppoll + 1)) >= 0);
+#endif
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH)) >= 0);

31
0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch
View File

@ -1,31 +0,0 @@
From 713917bd94272fc65d94016a208b72309ae1320a Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Mon, 17 Jul 2017 18:03:34 +1000
Subject: [PATCH] fstab-generator: ignore x-systemd.device-timeout for
non-devices (#6368)
If you specify "x-systemd.device-timeout" for an NFS mount
point, you get no warning and a meaningless device unit
dependency created.
Better to have a warning and no dependency.
(cherry picked from commit c67bd1f758f087496741ce0b3e227d82c6b4a304)
---
src/shared/generator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/shared/generator.c b/src/shared/generator.c
index 6a78ebbda7..6a887e3aad 100644
--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@@ -182,6 +182,10 @@ int generator_write_timeouts(
node = fstab_node_to_udev_node(what);
if (!node)
return log_oom();
+ if (!is_device_path(node)) {
+ log_warning("x-systemd.device-timeout ignored for %s", what);
+ return 0;
+ }
r = unit_name_from_path(node, ".device", &unit);
if (r < 0)

22
0008-core-modify-resource-leak-by-SmackProcessLabel.patch
View File

@ -1,22 +0,0 @@
From 83030c7aea991d863591df2e09d41bb19d6e01d0 Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 13 Jul 2017 13:06:34 +0900
Subject: [PATCH] core: modify resource leak by SmackProcessLabel=
(cherry picked from commit 5b8e1b7755092e162bcf0bad8afe2e55dfbbd9e2)
---
src/core/execute.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index d72e5bf08c..4ed133fb6a 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3099,6 +3099,7 @@ void exec_context_done(ExecContext *c) {
c->utmp_id = mfree(c->utmp_id);
c->selinux_context = mfree(c->selinux_context);
c->apparmor_profile = mfree(c->apparmor_profile);
+ c->smack_process_label = mfree(c->smack_process_label);
c->syscall_filter = set_free(c->syscall_filter);
c->syscall_archs = set_free(c->syscall_archs);

31
0009-core-dump-also-missed-security-context.patch
View File

@ -1,31 +0,0 @@
From d8e3c9d25867f7081f060f1491186b6e3b30975b Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 13 Jul 2017 13:10:41 +0900
Subject: [PATCH] core: dump also missed security context
(cherry picked from commit 80c21aea118eeccfb2a0fcc5986b4432588dc857)
---
src/core/execute.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index 4ed133fb6a..62faa028a1 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3614,6 +3614,16 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
"%sSELinuxContext: %s%s\n",
prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
+ if (c->apparmor_profile)
+ fprintf(f,
+ "%sAppArmorProfile: %s%s\n",
+ prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
+
+ if (c->smack_process_label)
+ fprintf(f,
+ "%sSmackProcessLabel: %s%s\n",
+ prefix, c->smack_process_label_ignore ? "-" : "", c->smack_process_label);
+
if (c->personality != PERSONALITY_INVALID)
fprintf(f,
"%sPersonality: %s\n",

32
0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch
View File

@ -1,32 +0,0 @@
From 3dd07ebf08dd630b0f50dfff3ef6d05628b8708b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Mon, 17 Jul 2017 10:04:37 +0200
Subject: [PATCH] journald: make sure we retain all stream fds across restarts
(#6348)
Currently we set 4096 as maximum for number of stream connections that
we accept. However maximum number of file descriptors that systemd is
willing to accept from us is just 1024. This means we can't retain all
stream connections that we accepted. Hence bump the limit of fds in a
unit file so that systemd holds open all stream fds while we are
restarted.
New limit is set to 4224 (4096 + 128).
(cherry picked from commit 3c978aca69e0e43d4dd453437ec9c498ea788795)
---
units/systemd-journald.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 66b7c6a48e..1e86d63648 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -21,7 +21,7 @@ Restart=always
RestartSec=0
StandardOutput=null
WatchdogSec=3min
-FileDescriptorStoreMax=1024
+FileDescriptorStoreMax=4224
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
MemoryDenyWriteExecute=yes
RestrictRealtime=yes

37
0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch
View File

@ -1,37 +0,0 @@
From d52e2bb9c20216972754c054e8534bca28baab66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 17 Jul 2017 15:45:44 -0400
Subject: [PATCH] Use config_parse_sec_fix_0() also for JobRunningTimeoutSec
2d79a0bbb9f651656384a0a86ed814e6306fb5dd did that for TimeoutSec=,
89beff89edba592366b2960bd830d3f6e602c2c7 did that for JobTimeoutSec=,
and 0004f698df1410ef8b6ab3fb5f4b41a60c91182c did that for
x-systemd.device-timeout=. But after parsing x-systemd.device-timeout=xxx
we write it out as JobRunningTimeoutSec=xxx. Two options:
- write out JobRunningTimeoutSec=<a very big number>,
- change JobRunningTimeoutSec= to behave like the other options.
I think it would be confusing for JobRunningTimeoutSec= to have different
syntax then TimeoutSec= and JobTimeoutSec=, so this patch implements the
second option.
Fixes #6264, https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
(cherry picked from commit 4a06cbf8387555c7c04a1ee6f0c5a6f858bf4b19)
---
src/core/load-fragment-gperf.gperf.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 5b5a86250e..7fb39cf948 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -194,7 +194,7 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0,
Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate)
Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0
Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout)
-Unit.JobRunningTimeoutSec, config_parse_sec, 0, offsetof(Unit, job_running_timeout)
+Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout)
Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action)
Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg)
Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval)

31
0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch
View File

@ -1,31 +0,0 @@
From ce0609bc26d33e47b23fbbe1aa7465283a10fb10 Mon Sep 17 00:00:00 2001
From: Daniel Berrange <berrange@redhat.com>
Date: Wed, 19 Jul 2017 10:06:07 +0100
Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399)
QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG"
on x86 when running with the TCG CPU emulator:
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html
Existing methods of detecting QEMU are left unchanged for sake of
backcompatibility.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe)
---
src/basic/virt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 6011744523..5143ac6656 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -46,6 +46,7 @@ static int detect_vm_cpuid(void) {
} cpuid_vendor_table[] = {
{ "XenVMMXenVMM", VIRTUALIZATION_XEN },
{ "KVMKVMKVM", VIRTUALIZATION_KVM },
+ { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU },
/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
{ "VMwareVMware", VIRTUALIZATION_VMWARE },
/* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */

28
0013-test-condition-don-t-assume-that-all-non-root-users-.patch
View File

@ -1,28 +0,0 @@
From 6e4a6549267f3e932b3478abfe9f863b55259538 Mon Sep 17 00:00:00 2001
From: Felipe Sateler <fsateler@users.noreply.github.com>
Date: Wed, 19 Jul 2017 20:48:23 -0400
Subject: [PATCH] test-condition: don't assume that all non-root users are
normal users (#6409)
Automated builders may run under a dedicated system user, and this test would fail that
Fixes #6366
(cherry picked from commit 708d423915c4ea48d408b5a3395c11055247b9bc)
---
src/test/test-condition.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index 121345cfd1..b15f1b98c0 100644
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -390,7 +390,7 @@ static void test_condition_test_user(void) {
assert_se(condition);
r = condition_test(condition);
log_info("ConditionUser=@system → %i", r);
- if (geteuid() == 0)
+ if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX)
assert_se(r > 0);
else
assert_se(r == 0);

71
0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch
View File

@ -1,71 +0,0 @@
From 5b499dab86989eb61d7b82053a3b1a2e5e054a2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 22 Jul 2017 08:39:49 -0400
Subject: [PATCH] Revert "core: don't load dropin data multiple times for the
same unit (#5139)"
This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244.
When we add another name to a unit (by following an alias), we need to
reload all drop-ins. This is necessary to load any additional dropins
found in the dirs created from the alias name.
Fixes #6334.
(cherry picked from commit 9e4ea9cc34fa032a47c253ddd94ac6c7afda663e)
---
src/core/unit.c | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index b28eeb2262..9d913e8c64 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1098,7 +1098,6 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
/* Common implementation for multiple backends */
int unit_load_fragment_and_dropin(Unit *u) {
- Unit *t;
int r;
assert(u);
@@ -1111,18 +1110,15 @@ int unit_load_fragment_and_dropin(Unit *u) {
if (u->load_state == UNIT_STUB)
return -ENOENT;
- /* If the unit is an alias and the final unit has already been
- * loaded, there's no point in reloading the dropins one more time. */
- t = unit_follow_merge(u);
- if (t != u && t->load_state != UNIT_STUB)
- return 0;
-
- return unit_load_dropin(t);
+ /* Load drop-in directory data. If u is an alias, we might be reloading the
+ * target unit needlessly. But we cannot be sure which drops-ins have already
+ * been loaded and which not, at least without doing complicated book-keeping,
+ * so let's always reread all drop-ins. */
+ return unit_load_dropin(unit_follow_merge(u));
}
/* Common implementation for multiple backends */
int unit_load_fragment_and_dropin_optional(Unit *u) {
- Unit *t;
int r;
assert(u);
@@ -1138,13 +1134,8 @@ int unit_load_fragment_and_dropin_optional(Unit *u) {
if (u->load_state == UNIT_STUB)
u->load_state = UNIT_LOADED;
- /* If the unit is an alias and the final unit has already been
- * loaded, there's no point in reloading the dropins one more time. */
- t = unit_follow_merge(u);
- if (t != u && t->load_state != UNIT_STUB)
- return 0;
-
- return unit_load_dropin(t);
+ /* Load drop-in directory data */
+ return unit_load_dropin(unit_follow_merge(u));
}
int unit_add_default_target_dependency(Unit *u, Unit *target) {

73
0015-bash-completion-use-the-first-argument-instead-of-th.patch
View File

@ -1,73 +0,0 @@
From 4c02374f27cd8bbd4cc101cf350b1219c05e8911 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 27 Jul 2017 20:22:54 +0900
Subject: [PATCH] bash-completion: use the first argument instead of the global
variable (#6457)
Without this fix:
$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
224
the number of the suggestions are quite different, as __get_startable_units --system does
not filter already started units. With this fix,
$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
123
$ __get_template_names --system | wc -l
12
the number of the suggestions matches one the function returns.
For consistency with the other internal functions, it should use the first argument
instead of the global variable $mode.
[zj: add commit message to make it sound like we know what we're doing]
(cherry picked from commit 6bda23dd6aaba50cf8e3e6024248cf736cc443ca)
---
shell-completion/bash/systemctl.in | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in
index 0398d09d18..bde28efc3e 100644
--- a/shell-completion/bash/systemctl.in
+++ b/shell-completion/bash/systemctl.in
@@ -68,7 +68,7 @@ __filter_units_by_properties () {
done
for ((i=0; i < ${#units[*]}; i++)); do
for ((j=0; j < ${#conditions[*]}; j++)); do
- if [[ "${props[ i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then
+ if [[ "${props[i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then
break
fi
done
@@ -87,19 +87,19 @@ __get_active_units () { __systemctl $1 list-units \
| { while read -r a b; do echo " $a"; done; }; }
__get_startable_units () {
# find startable inactive units
- __filter_units_by_properties $mode ActiveState,CanStart inactive,yes $(
- { __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \
+ __filter_units_by_properties $1 ActiveState,CanStart inactive,yes $(
+ { __systemctl $1 list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \
{ while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; }
- __systemctl $mode list-units --state inactive,failed | \
+ __systemctl $1 list-units --state inactive,failed | \
{ while read -r a b c; do [[ $b == "loaded" ]] && echo " $a"; done; }
} | sort -u )
}
__get_restartable_units () {
# filter out masked and not-found
- __filter_units_by_property $mode CanStart yes $(
- __systemctl $mode list-unit-files --state enabled,disabled,static | \
+ __filter_units_by_property $1 CanStart yes $(
+ __systemctl $1 list-unit-files --state enabled,disabled,static | \
{ while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; }
- __systemctl $mode list-units | \
+ __systemctl $1 list-units | \
{ while read -r a b; do echo " $a"; done; } )
}
__get_failed_units () { __systemctl $1 list-units \

37
0016-meson-D-remote-and-D-importd-should-be-combo-options.patch
View File

@ -1,37 +0,0 @@
From e3568f4365b867b6d2e80dc86c8e348f660c5f82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 26 Jul 2017 14:11:15 -0400
Subject: [PATCH] meson: -D remote and -D importd should be "combo" options
The default should be 'auto', and we allow 'true'
and 'false' too.
Fixes #6445.
(cherry picked from commit b1519d656691e725a8b8950fc0e6cc8d25b1016a)
---
meson_options.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson_options.txt b/meson_options.txt
index 1594fec41f..b7a45d5806 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -69,7 +69,7 @@ option('timedated', type : 'boolean',
description : 'install the systemd-timedated daemon')
option('timesyncd', type : 'boolean',
description : 'install the systemd-timesyncd daemon')
-option('remote', type : 'boolean',
+option('remote', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'support for "journal over the network"')
option('myhostname', type : 'boolean',
description : 'nss-myhostname support')
@@ -87,7 +87,7 @@ option('sysusers', type : 'boolean',
description : 'support for the sysusers configuration')
option('tmpfiles', type : 'boolean',
description : 'support for tmpfiles.d')
-option('importd', type : 'boolean',
+option('importd', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install the systemd-importd daemon')
option('hwdb', type : 'boolean',
description : 'support for the hardware database')

42
0017-cryptsetup-fix-infinite-timeout-6486.patch
View File

@ -1,42 +0,0 @@
From 6ef8e216e15fba045e8f8a13b7b57f56db767840 Mon Sep 17 00:00:00 2001
From: Andrew Soutar <andrew@andrewsoutar.com>
Date: Mon, 31 Jul 2017 02:19:16 -0400
Subject: [PATCH] cryptsetup: fix infinite timeout (#6486)
0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
logic here now matches this change.
Fixes #6381
(cherry picked from commit 0864d311766498563331f486909a0d950ba7de87)
---
src/cryptsetup/cryptsetup.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 3b4c086162..08ed7e53ba 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false;
static char **arg_tcrypt_keyfiles = NULL;
static uint64_t arg_offset = 0;
static uint64_t arg_skip = 0;
-static usec_t arg_timeout = 0;
+static usec_t arg_timeout = USEC_INFINITY;
/* Options Debian's crypttab knows we don't:
@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) {
if (arg_discards)
flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
- if (arg_timeout > 0)
- until = now(CLOCK_MONOTONIC) + arg_timeout;
- else
+ if (arg_timeout == USEC_INFINITY)
until = 0;
+ else
+ until = now(CLOCK_MONOTONIC) + arg_timeout;
arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));

162
0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch
View File

@ -1,162 +0,0 @@
From ca0cebc3f106d89973e0b02dbfc325c37d4c78b3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Sep 2017 17:30:50 +0200
Subject: [PATCH] unit: when JobTimeoutSec= is turned off, implicitly turn off
JobRunningTimeoutSec= too
We added JobRunningTimeoutSec= late, and Dracut configured only
JobTimeoutSec= to turn of root device timeouts before. With this change
we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=,
but only if the latter wasn't set explicitly.
This should restore compatibility with older systemd versions.
Fixes: #6402
(cherry picked from commit eae51da36e8800f6d466580a817eb5877220376d)
---
src/basic/time-util.c | 4 ++
src/core/load-fragment-gperf.gperf.m4 | 4 +-
src/core/load-fragment.c | 72 +++++++++++++++++++++++++++++++++++
src/core/load-fragment.h | 2 +
src/core/unit.h | 1 +
5 files changed, 81 insertions(+), 2 deletions(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 68ba86f6a5..9199b6490d 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1010,7 +1010,11 @@ int parse_sec(const char *t, usec_t *usec) {
}
int parse_sec_fix_0(const char *t, usec_t *usec) {
+ assert(t);
+ assert(usec);
+
t += strspn(t, WHITESPACE);
+
if (streq(t, "0")) {
*usec = USEC_INFINITY;
return 0;
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 7fb39cf948..a32385931e 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -193,8 +193,8 @@ Unit.OnFailureJobMode, config_parse_job_mode, 0,
Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0, offsetof(Unit, on_failure_job_mode)
Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate)
Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0
-Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout)
-Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout)
+Unit.JobTimeoutSec, config_parse_job_timeout_sec, 0, 0
+Unit.JobRunningTimeoutSec, config_parse_job_running_timeout_sec, 0, 0
Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action)
Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg)
Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 9d5c39b3dd..23bca0094c 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4178,6 +4178,78 @@ int config_parse_protect_system(
return 0;
}
+int config_parse_job_timeout_sec(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Unit *u = data;
+ usec_t usec;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(u);
+
+ r = parse_sec_fix_0(rvalue, &usec);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
+ * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the usec picked should
+ * count. */
+
+ if (!u->job_running_timeout_set)
+ u->job_running_timeout = usec;
+
+ u->job_timeout = usec;
+
+ return 0;
+}
+
+int config_parse_job_running_timeout_sec(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Unit *u = data;
+ usec_t usec;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(u);
+
+ r = parse_sec_fix_0(rvalue, &usec);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ u->job_running_timeout = usec;
+ u->job_running_timeout_set = true;
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index fc27a07955..5079d4c00c 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -118,6 +118,8 @@ int config_parse_user_group(const char *unit, const char *filename, unsigned lin
int config_parse_user_group_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_restrict_namespaces(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_bind_paths(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_job_timeout_sec(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_job_running_timeout_sec(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
/* gperf prototypes */
const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
diff --git a/src/core/unit.h b/src/core/unit.h
index cf21b37e22..d70fc970b5 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -115,6 +115,7 @@ struct Unit {
/* Job timeout and action to take */
usec_t job_timeout;
usec_t job_running_timeout;
+ bool job_running_timeout_set:1;
EmergencyAction job_timeout_action;
char *job_timeout_reboot_arg;

31
0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch
View File

@ -1,31 +0,0 @@
From 95f02a94777902e9a46ac18e2bd3d54ab440c361 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 20 Jul 2017 19:13:09 +0200
Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411)
In case fstab-generator is called in the initrd, chase_symlinks()
returns with a canonical path "/sysroot/sysroot/<mountpoint>", if the
"/sysroot" prefix is present in the path.
This patch skips the "/sysroot" prefix for the chase_symlinks() call,
because "/sysroot" is already the root directory and chase_symlinks()
prepends the root directory in the canonical path returned.
(cherry picked from commit 98eda38aed6a10c4f6d6ad0cac6e5361e87de52b)
---
src/fstab-generator/fstab-generator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 7f23b9fd74..f172e9c07b 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -537,7 +537,7 @@ static int parse_fstab(bool initrd) {
continue;
}
- where = initrd ? strappend("/sysroot/", me->mnt_dir) : strdup(me->mnt_dir);
+ where = strdup(me->mnt_dir);
if (!where)
return log_oom();

31
0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch
View File

@ -1,31 +0,0 @@
From 1d84ae053f1ffb95913f6f8407ef267a9c38cb4d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Jul 2017 20:46:58 +0200
Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message
from unexpected process (#6416)
Given that we set NOTIFY_SOCKET unconditionally it's not surprising that
processes way down the process tree think it's smart to send us a
notification message.
It's still useful to keep this message, for debugging things, but it
shouldn't be generated by default.
(cherry picked from commit 8cb574307963d1aeb1c53e1d1fbeee4a2be37259)
---
src/nspawn/nspawn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 8a5fedd4b0..0cbd8c3491 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2836,7 +2836,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
}
if (!ucred || ucred->pid != inner_child_pid) {
- log_warning("Received notify message without valid credentials. Ignoring.");
+ log_debug("Received notify message without valid credentials. Ignoring.");
return 0;
}

49
0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch
View File

@ -1,49 +0,0 @@
From 2fa3d5f243b8e0bb6ef51b5a4a66c538b2941812 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 28 Jul 2017 09:46:05 +0200
Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473)
Display the error for a small amount of time, but don't fail hard.
In case of a faulty BIOS, a TPM error should not prevent the boot.
If something cares about the PCM measurement, it will be noticed
anyway later on.
Especially important now, that TPM measurement is the default now on
some distribution builds.
https://bugzilla.redhat.com/show_bug.cgi?id=1411156
(cherry picked from commit 522aa9f5f8755d7389131da41bd60b6276917ff2)
---
src/boot/efi/boot.c | 3 +--
src/boot/efi/stub.c | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 1e990b3825..316e95a72b 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -1657,8 +1657,7 @@ static EFI_STATUS image_start(EFI_HANDLE parent_image, const Config *config, con
loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
if (EFI_ERROR(err)) {
Print(L"Unable to add image options measurement: %r", err);
- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
- return err;
+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000);
}
#endif
}
diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index bab5d46de9..2562228090 100644
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -94,8 +94,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
if (EFI_ERROR(err)) {
Print(L"Unable to add image options measurement: %r", err);
- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
- return err;
+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000);
}
#endif
}

45
0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
View File

@ -1,45 +0,0 @@
From cd8a9ccb7c06394a64bfe0cd2a88fad7be8e3f9f Mon Sep 17 00:00:00 2001
From: "S. Fan" <sfanxiang@gmail.com>
Date: Mon, 31 Jul 2017 05:10:10 -0500
Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor
(#6489)
Comparing udev_device_get_sysname(device) and sysname will always return
true. We need to check the device received from udev monitor instead.
Also, fd_wait_for_event() sometimes never exits. Better set a timeout
here.
(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f)
---
src/rfkill/rfkill.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index c0f138b4f4..470853d1d2 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -138,17 +138,21 @@ static int wait_for_initialized(
for (;;) {
_cleanup_udev_device_unref_ struct udev_device *t = NULL;
- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
+ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC);
if (r == -EINTR)
continue;
if (r < 0)
return log_error_errno(r, "Failed to watch udev monitor: %m");
+ if (r == 0) {
+ log_error("Timed out wating for udev monitor.");
+ return -ETIMEDOUT;
+ }
t = udev_monitor_receive_device(monitor);
if (!t)
continue;
- if (streq_ptr(udev_device_get_sysname(device), sysname)) {
+ if (streq_ptr(udev_device_get_sysname(t), sysname)) {
*ret = udev_device_ref(t);
return 0;
}

34
0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch
View File

@ -1,34 +0,0 @@
From ed10d8afb4f327536a1fb4c2873c95d3ba457efa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= <abdo.roig@gmail.com>
Date: Mon, 31 Jul 2017 12:32:09 +0200
Subject: [PATCH] core: Do not fail perpetual mount units without fragment
(#6459)
mount_load does not require fragment files to be present in order to
load mount units which are perpetual, or come from /proc/self/mountinfo.
mount_verify should do the same, otherwise a synthesized '-.mount' would
be marked as failed with "No such file or directory", as it is perpetual
but not marked to come from /proc/self/mountinfo at this point.
This happens for the user instance, and I suspect it was the cause of #5375
for the system instance, without gpt-generator.
(cherry picked from commit 1df96fcb31b3bc30c4a983de4734f61ed5a29115)
---
src/core/mount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 214364d87d..7d9644e305 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -503,7 +503,7 @@ static int mount_verify(Mount *m) {
if (UNIT(m)->load_state != UNIT_LOADED)
return 0;
- if (!m->from_fragment && !m->from_proc_self_mountinfo)
+ if (!m->from_fragment && !m->from_proc_self_mountinfo && !UNIT(m)->perpetual)
return -ENOENT;
r = unit_name_from_path(m->where, ".mount", &e);

63
0024-process-util-update-the-end-pointer-of-the-process-n.patch
View File

@ -1,63 +0,0 @@
From 4caa10a6bedf7a18b42e011bdbdb4b9c425c0d6d Mon Sep 17 00:00:00 2001
From: Jouke Witteveen <j.witteveen@gmail.com>
Date: Wed, 2 Aug 2017 17:08:31 +0200
Subject: [PATCH] process-util: update the end pointer of the process name on
rename (#6492)
We only updated the end pointer when allocating new memory, i.e. on the first
call to rename_process.
(cherry picked from commit 01f989c66253ea923679ffddf266ea13339c295b)
---
src/basic/process-util.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index b80cacaa42..99b75c65f1 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -312,19 +312,18 @@ int rename_process(const char name[]) {
/* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but
* has the advantage that the argv[] array is exactly what we want it to be, and not filled up with zeros at
* the end. This is the best option for changing /proc/self/cmdline. */
- if (mm_size < l+1) {
+
+ /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the
+ * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is
+ * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if
+ * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but
+ * mmap() is not. */
+ if (geteuid() != 0)
+ log_debug("Skipping PR_SET_MM, as we don't have privileges.");
+ else if (mm_size < l+1) {
size_t nn_size;
char *nn;
- /* Let's not bother with this if we don't have euid == 0. Strictly speaking if people do weird stuff
- * with capabilities this could work even for euid != 0, but our own code generally doesn't do that,
- * hence let's use this as quick bypass check, to avoid calling mmap() if PR_SET_MM_ARG_START fails
- * with EPERM later on anyway. After all geteuid() is dead cheap to call, but mmap() is not. */
- if (geteuid() != 0) {
- log_debug("Skipping PR_SET_MM_ARG_START, as we don't have privileges.");
- goto use_saved_argv;
- }
-
nn_size = PAGE_ALIGN(l+1);
nn = mmap(NULL, nn_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
if (nn == MAP_FAILED) {
@@ -351,9 +350,14 @@ int rename_process(const char name[]) {
mm = nn;
mm_size = nn_size;
- } else
+ } else {
strncpy(mm, name, mm_size);
+ /* Update the end pointer, continuing regardless of any failure. */
+ if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) mm + l + 1, 0, 0) < 0)
+ log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m");
+ }
+
use_saved_argv:
/* Fourth step: in all cases we'll also update the original argv[], so that our own code gets it right too if
* it still looks here */

98
0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch
View File

@ -1,98 +0,0 @@
From 672eb11bf702aa194e1c9e40f9b2acc6434540d4 Mon Sep 17 00:00:00 2001
From: bengal <bengal@users.noreply.github.com>
Date: Tue, 8 Aug 2017 18:55:31 +0200
Subject: [PATCH] dhcp-network: adjust sockaddr length for addresses longer
than 8 bytes (#6527)
An infiniband hardware address is 20 bytes, but sockaddr_ll.sll_addr is only 8
bytes. Explicitly ensure that sockaddr_union has enough space for infiniband
addresses, even if they run over sockaddr_ll and add a macro to compute the
proper size to pass to kernel.
(cherry picked from commit b1f24b75af135fe8efba9c7264447985e2843511)
---
src/basic/socket-util.h | 20 ++++++++++++++++++++
src/libsystemd-network/dhcp-network.c | 16 +++++++++-------
2 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index 73c3a339fc..43edc05c63 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -27,6 +27,7 @@
#include <sys/types.h>
#include <sys/un.h>
#include <linux/netlink.h>
+#include <linux/if_infiniband.h>
#include <linux/if_packet.h>
#include "macro.h"
@@ -42,6 +43,8 @@ union sockaddr_union {
struct sockaddr_storage storage;
struct sockaddr_ll ll;
struct sockaddr_vm vm;
+ /* Ensure there is enough space to store Infiniband addresses */
+ uint8_t ll_buffer[offsetof(struct sockaddr_ll, sll_addr) + CONST_MAX(ETH_ALEN, INFINIBAND_ALEN)];
};
typedef struct SocketAddress {
@@ -147,6 +150,23 @@ int flush_accept(int fd);
struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length);
+/*
+ * Certain hardware address types (e.g Infiniband) do not fit into sll_addr
+ * (8 bytes) and run over the structure. This macro returns the correct size that
+ * must be passed to kernel.
+ */
+#define SOCKADDR_LL_LEN(sa) \
+ ({ \
+ const struct sockaddr_ll *_sa = &(sa); \
+ size_t _mac_len = sizeof(_sa->sll_addr); \
+ assert(_sa->sll_family == AF_PACKET); \
+ if (be16toh(_sa->sll_hatype) == ARPHRD_ETHER) \
+ _mac_len = MAX(_mac_len, (size_t) ETH_ALEN); \
+ if (be16toh(_sa->sll_hatype) == ARPHRD_INFINIBAND) \
+ _mac_len = MAX(_mac_len, (size_t) INFINIBAND_ALEN); \
+ offsetof(struct sockaddr_ll, sll_addr) + _mac_len; \
+ })
+
/* Covers only file system and abstract AF_UNIX socket addresses, but not unnamed socket addresses. */
#define SOCKADDR_UN_LEN(sa) \
({ \
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index 65405dcce0..a440a20f96 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -108,14 +108,16 @@ static int _bind_raw_socket(int ifindex, union sockaddr_union *link,
if (r < 0)
return -errno;
- link->ll.sll_family = AF_PACKET;
- link->ll.sll_protocol = htobe16(ETH_P_IP);
- link->ll.sll_ifindex = ifindex;
- link->ll.sll_hatype = htobe16(arp_type);
- link->ll.sll_halen = mac_addr_len;
+ link->ll = (struct sockaddr_ll) {
+ .sll_family = AF_PACKET,
+ .sll_protocol = htobe16(ETH_P_IP),
+ .sll_ifindex = ifindex,
+ .sll_hatype = htobe16(arp_type),
+ .sll_halen = mac_addr_len,
+ };
memcpy(link->ll.sll_addr, bcast_addr, mac_addr_len);
- r = bind(s, &link->sa, sizeof(link->ll));
+ r = bind(s, &link->sa, SOCKADDR_LL_LEN(link->ll));
if (r < 0)
return -errno;
@@ -221,7 +223,7 @@ int dhcp_network_send_raw_socket(int s, const union sockaddr_union *link,
assert(packet);
assert(len);
- r = sendto(s, packet, len, 0, &link->sa, sizeof(link->ll));
+ r = sendto(s, packet, len, 0, &link->sa, SOCKADDR_LL_LEN(link->ll));
if (r < 0)
return -errno;

79
0026-service-attempt-to-execute-next-main-command-only-fo.patch
View File

@ -1,79 +0,0 @@
From 950410cf37fd2ab5f7362f8d64fdc280dcce8810 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Fri, 25 Aug 2017 15:36:10 +0200
Subject: [PATCH] service: attempt to execute next main command only for
oneshot services (#6619)
This commit fixes crash described in
https://github.com/systemd/systemd/issues/6533
Multiple ExecStart lines are allowed only for oneshot services
anyway so it doesn't make sense to call service_run_next_main() with
services of type other than SERVICE_ONESHOT.
Referring back to reproducer from the issue, previously we didn't observe
this problem because s->main_command was reset after daemon-reload hence
we never reached the assert statement in service_run_next_main().
Fixes #6533
(cherry picked from commit b58aeb70dbd1cab5908b003ef5187da1fc241839)
---
src/core/service.c | 1 +
test/test-exec-deserialization.py | 31 +++++++++++++++++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/src/core/service.c b/src/core/service.c
index 4c577db8d7..499f964322 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2884,6 +2884,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
if (s->main_command &&
s->main_command->command_next &&
+ s->type == SERVICE_ONESHOT &&
f == SERVICE_SUCCESS) {
/* There is another command to *
diff --git a/test/test-exec-deserialization.py b/test/test-exec-deserialization.py
index 39a9e62e15..c3fe0824c7 100755
--- a/test/test-exec-deserialization.py
+++ b/test/test-exec-deserialization.py
@@ -178,6 +178,37 @@ class ExecutionResumeTest(unittest.TestCase):
self.assertTrue(not os.path.exists(self.output_file))
+ def test_issue_6533(self):
+ unit = "test-issue-6533.service"
+ unitfile_path = "/run/systemd/system/{}".format(unit)
+
+ content = '''
+ [Service]
+ ExecStart=/bin/sleep 5
+ '''
+
+ with open(unitfile_path, 'w') as f:
+ f.write(content)
+
+ self.reload()
+
+ subprocess.check_call(['systemctl', '--job-mode=replace', '--no-block', 'start', unit])
+ time.sleep(2)
+
+ content = '''
+ [Service]
+ ExecStart=/bin/sleep 5
+ ExecStart=/bin/true
+ '''
+
+ with open(unitfile_path, 'w') as f:
+ f.write(content)
+
+ self.reload()
+ time.sleep(5)
+
+ self.assertTrue(subprocess.call("journalctl -b _PID=1 | grep -q 'Freezing execution'", shell=True) != 0)
+
def tearDown(self):
for f in [self.output_file, self.unitfile_path]:
try:

31
0027-namespace-avoid-assertion-failure-6649.patch
View File

@ -1,31 +0,0 @@
From 65f6532eea53d862f7ad51d81f1f7b7c0fb3ac3a Mon Sep 17 00:00:00 2001
From: Topi Miettinen <topimiettinen@users.noreply.github.com>
Date: Tue, 29 Aug 2017 15:31:24 +0000
Subject: [PATCH] namespace: avoid assertion failure (#6649)
If the root image is not decrypted, it must not be relinquished.
(cherry picked from commit 07ce74074da29d8577ccbc98001d57253afd88d2)
---
src/core/namespace.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 05175e9552..3e0d786ca5 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1062,9 +1062,11 @@ int setup_namespace(
if (r < 0)
goto finish;
- r = decrypted_image_relinquish(decrypted_image);
- if (r < 0)
- goto finish;
+ if (decrypted_image) {
+ r = decrypted_image_relinquish(decrypted_image);
+ if (r < 0)
+ goto finish;
+ }
loop_device_relinquish(loop_device);

60
0028-terminal-reset-should-honour-default_utf8-kernel-set.patch
View File

@ -1,60 +0,0 @@
From ca9cb19a170921a17fa175ed68b8eb36f05ec4ed Mon Sep 17 00:00:00 2001
From: g0tar <gotar@polanet.pl>
Date: Wed, 30 Aug 2017 10:00:44 +0200
Subject: [PATCH] terminal reset should honour default_utf8 kernel setting
(#6606)
terminal reset should honour default_utf8 kernel setting
(cherry picked from commit 73e669e0fde6b9aabec48327d95c875a70555d34)
---
src/basic/terminal-util.c | 10 ++++++++--
src/login/logind-session.c | 6 +++---
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index 9a8ef825c5..2b6aa6400a 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -244,6 +244,8 @@ int ask_string(char **ret, const char *text, ...) {
int reset_terminal_fd(int fd, bool switch_to_text) {
struct termios termios;
+ _cleanup_free_ char *utf8 = NULL;
+ int kb;
int r = 0;
/* Set terminal to some sane defaults */
@@ -261,8 +263,12 @@ int reset_terminal_fd(int fd, bool switch_to_text) {
if (switch_to_text)
(void) ioctl(fd, KDSETMODE, KD_TEXT);
- /* Enable console unicode mode */
- (void) ioctl(fd, KDSKBMODE, K_UNICODE);
+ /* Set default keyboard mode */
+ if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && parse_boolean(utf8) == 0)
+ kb = K_XLATE;
+ else
+ kb = K_UNICODE;
+ (void) ioctl(fd, KDSKBMODE, kb);
if (tcgetattr(fd, &termios) < 0) {
r = -errno;
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 42dfecaffb..66c27d4fb4 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -1155,10 +1155,10 @@ void session_restore_vt(Session *s) {
(void) ioctl(vt, KDSETMODE, KD_TEXT);
- if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && *utf8 == '1')
- kb = K_UNICODE;
- else
+ if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && parse_boolean(utf8) == 0)
kb = K_XLATE;
+ else
+ kb = K_UNICODE;
(void) ioctl(vt, KDSKBMODE, kb);

26
0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch
View File

@ -1,26 +0,0 @@
From 60b0ab5c4f7f15454e91902b5ecd3e629a930b32 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 23 Aug 2017 12:36:36 +0900
Subject: [PATCH] networkd: do not fail manager_connect_bus() if dbus is not
active yet
Fixes #6618.
(cherry picked from commit fb72b1d99f661ea62fd534e4bc1174c6337611c8)
---
src/network/networkd-manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index 5f10b4f993..718c8bb03f 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -136,7 +136,7 @@ int manager_connect_bus(Manager *m) {
assert(m);
r = sd_bus_default_system(&m->bus);
- if (r == -ENOENT) {
+ if (r < 0) {
/* We failed to connect? Yuck, we must be in early
* boot. Let's try in 5s again. As soon as we have
* kdbus we can stop doing this... */

35
0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch
View File

@ -1,35 +0,0 @@
From 6bd2824d07a7cdb622df9a7876185142ad1f48e1 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Wed, 30 Aug 2017 13:09:03 +0200
Subject: [PATCH] sd-bus: socket - only transmit auxillary FDs once (#6603)
If a message is too large to fit into the output buffer, it will be
transmitted to the kernel in several chunks. However, the FDs must
only ever be transmitted once or they will bereceived by the remote
end repeatedly.
The D-Bus specification disallows several sets of FDs attached to
one message, however, the reference implementation of D-Bus will
not reject such a message, rather it will reassign the duplicate
FDs to subsequent FD-carrying messages.
This attaches the FD array only to the first byte of the message.
(cherry picked from commit f29eef2e9072eac6f6570ff7975680bc9caeda2f)
---
src/libsystemd/sd-bus/bus-socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index 8b25002f01..ab70a0c6e1 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -800,7 +800,7 @@ int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
.msg_iovlen = m->n_iovec,
};
- if (m->n_fds > 0) {
+ if (m->n_fds > 0 && *idx == 0) {
struct cmsghdr *control;
mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));

41
0031-device-make-sure-to-remove-all-device-units-sharing-.patch
View File

@ -1,41 +0,0 @@
From 75c8530d909c088c4c3dc63d2cbbc078db9b70c0 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 30 Aug 2017 17:16:16 +0200
Subject: [PATCH] device: make sure to remove all device units sharing the same
sysfs path (#6679)
When a device is unplugged all device units sharing the same sysfs path
pointing to that device are supposed to be removed.
However it didn't work since while iterating the device unit list containing
all the relevant units, each unit was removed during each iteration of
LIST_FOREACH. However LIST_FOREACH doesn't support this use case and
LIST_FOREACH_SAFE must be use instead.
(cherry picked from commit cc0df6cc35339976c367977dc292278a1939db0c)
---
src/core/device.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 77601c5520..87186f135b 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool
}
static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, DeviceFound found, bool now) {
- Device *d, *l;
+ Device *d, *l, *n;
assert(m);
assert(sysfs);
@@ -523,7 +523,7 @@ static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add,
return 0;
l = hashmap_get(m->devices_by_sysfs, sysfs);
- LIST_FOREACH(same_sysfs, d, l)
+ LIST_FOREACH_SAFE(same_sysfs, d, n, l)
device_update_found_one(d, add, found, now);
return 0;

81
0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch
View File

@ -1,81 +0,0 @@
From a7c3c58bd9fac86d5f8e626ec402daa2a93d7bb3 Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Thu, 31 Aug 2017 02:48:25 +1000
Subject: [PATCH] shutdown: don't remount,ro network filesystems. (#6588)
systemd-shutdown is run after the network is stopped,
so remounting a network filesystem read-only can hang.
A simple umount is the most useful thing that can
be done for a network filesystem once the network is down.
(cherry picked from commit 9cbc4547702aac28466c497f720038b9e2dc510c)
---
src/core/umount.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/core/umount.c b/src/core/umount.c
index 591dac71f0..b83f631141 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
@@ -37,12 +37,14 @@
#include "string-util.h"
#include "udev-util.h"
#include "umount.h"
+#include "mount-util.h"
#include "util.h"
#include "virt.h"
typedef struct MountPoint {
char *path;
char *options;
+ char *type;
dev_t devnum;
LIST_FIELDS(struct MountPoint, mount_point);
} MountPoint;
@@ -76,7 +78,7 @@ static int mount_points_list_get(MountPoint **head) {
return -errno;
for (i = 1;; i++) {
- _cleanup_free_ char *path = NULL, *options = NULL;
+ _cleanup_free_ char *path = NULL, *options = NULL, *type = NULL;
char *p = NULL;
MountPoint *m;
int k;
@@ -90,11 +92,11 @@ static int mount_points_list_get(MountPoint **head) {
"%*s" /* (6) mount flags */
"%*[^-]" /* (7) optional fields */
"- " /* (8) separator */
- "%*s " /* (9) file system type */
+ "%ms " /* (9) file system type */
"%*s" /* (10) mount source */
"%ms" /* (11) mount options */
"%*[^\n]", /* some rubbish at the end */
- &path, &options);
+ &path, &type, &options);
if (k != 2) {
if (k == EOF)
break;
@@ -132,6 +134,8 @@ static int mount_points_list_get(MountPoint **head) {
m->path = p;
m->options = options;
options = NULL;
+ m->type = type;
+ type = NULL;
LIST_PREPEND(mount_point, *head, m);
}
@@ -388,8 +392,12 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
/* If we are in a container, don't attempt to
read-only mount anything as that brings no real
benefits, but might confuse the host, as we remount
- the superblock here, not the bind mount. */
- if (detect_container() <= 0) {
+ the superblock here, not the bind mount.
+ If the filesystem is a network fs, also skip the
+ remount. It brings no value (we cannot leave
+ a "dirty fs") and could hang if the network is down. */
+ if (detect_container() <= 0 &&
+ !fstype_is_network(m->type)) {
_cleanup_free_ char *options = NULL;
/* MS_REMOUNT requires that the data parameter
* should be the same from the original mount

29
0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch
View File

@ -1,29 +0,0 @@
From f5f367d4a9872453888da79bdff3a50f78a9758a Mon Sep 17 00:00:00 2001
From: Ivan Shapovalov <intelfx@intelfx.name>
Date: Wed, 30 Aug 2017 19:49:07 +0300
Subject: [PATCH] cryptsetup-generator: do not bind to the decrypted device
unit (#6538)
This breaks things when the decrypted device is not immediately
`SYSTEMD_READY=1` (e. g. when a multi-device btrfs system is placed on
multiple cryptsetup devices).
Fixes #6537.
(cherry picked from commit e9ea4526a3a3b41eced29b8d742498cc36750424)
---
src/cryptsetup/cryptsetup-generator.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index b58b6db7c9..f737f82b55 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -109,7 +109,6 @@ static int create_disk(
"SourcePath=/etc/crypttab\n"
"DefaultDependencies=no\n"
"Conflicts=umount.target\n"
- "BindsTo=dev-mapper-%i.device\n"
"IgnoreOnIsolate=true\n"
"After=cryptsetup-pre.target\n",
f);

33
0034-log-reopen-log-for-failed-assertions-6703.patch
View File

@ -1,33 +0,0 @@
From 342c2fdaf94f195f6273a88f9fe430c189e7168f Mon Sep 17 00:00:00 2001
From: Topi Miettinen <topimiettinen@users.noreply.github.com>
Date: Thu, 31 Aug 2017 08:37:32 +0000
Subject: [PATCH] log: reopen log for failed assertions (#6703)
Reopen log so that failed and aborting assertions can be written to log.
Closes: #6658
(cherry picked from commit ea89a119cda917a17bd186b3c13197acfd655b12)
---
src/basic/log.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/log.c b/src/basic/log.c
index 3fd53800a0..ad99773cbb 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -804,6 +804,7 @@ noreturn void log_assert_failed_realm(
const char *file,
int line,
const char *func) {
+ log_open();
log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func,
"Assertion '%s' failed at %s:%u, function %s(). Aborting.");
abort();
@@ -815,6 +816,7 @@ noreturn void log_assert_failed_unreachable_realm(
const char *file,
int line,
const char *func) {
+ log_open();
log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func,
"Code should not be reached '%s' at %s:%u, function %s(). Aborting.");
abort();

38
0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch
View File

@ -1,38 +0,0 @@
From 7943496d000c91b917a6f61dd42749c490ba3b2d Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 31 Aug 2017 11:38:30 +0300
Subject: [PATCH] sd-bus: use -- when passing arguments to ssh (#6706)
This prevents `systemctl` from runnning /bin/touch when the following
command is used:
```
systemctl -H '-oProxyCommand=/bin/touch i-shouldnt-be-here' show-environment
```
(cherry picked from commit 58c6e4a2c00c47d0941cb978ec025b13e1798bf3)
---
src/libsystemd/sd-bus/sd-bus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 2f065c2657..fc01191e4e 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -1344,7 +1344,7 @@ int bus_set_address_system_remote(sd_bus *b, const char *host) {
if (!e)
return -ENOMEM;
- c = strjoina(",argv4=--machine=", m);
+ c = strjoina(",argv5=--machine=", m);
}
}
@@ -1354,7 +1354,7 @@ int bus_set_address_system_remote(sd_bus *b, const char *host) {
return -ENOMEM;
}
- b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=", e, ",argv3=systemd-stdio-bridge", c);
+ b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=--,argv3=", e, ",argv4=systemd-stdio-bridge", c);
if (!b->address)
return -ENOMEM;

38
0036-networkd-dont-crash-when-mtu-changes-6594.patch
View File

@ -1,38 +0,0 @@
From 642b62dfb642a2695c091d11db727ef920715250 Mon Sep 17 00:00:00 2001
From: Andrew Jeddeloh <andrewjeddeloh@gmail.com>
Date: Thu, 31 Aug 2017 01:58:39 -0700
Subject: [PATCH] networkd: dont crash when mtu changes (#6594)
Prevent networkd from crashing when UseMTU is used. Many drivers will
bring the link down and then back up to configure a new MTU. Networkd
will also asynchonously send rtnl messages to configure the link and may
receive responses after the link has gone down and come back up (which
networkd will handle and set the lease and network to NULL.
This changes the behavior to instead return if this is the case instead
of crashing via assert.
(cherry picked from commit 0c9b15a38a558d8f84257455ee24174221069e9e)
---
src/network/networkd-dhcp4.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 9229b5753c..77771688e1 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -71,8 +71,12 @@ static int link_set_dhcp_routes(Link *link) {
int r, n, i;
assert(link);
- assert(link->dhcp_lease);
- assert(link->network);
+
+ if (!link->dhcp_lease) /* link went down while we configured the IP addresses? */
+ return 0;
+
+ if (!link->network) /* link went down while we configured the IP addresses? */
+ return 0;
if (!link->network->dhcp_use_routes)
return 0;

22
0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch
View File

@ -1,22 +0,0 @@
From af9f32c663c244f9f5f8bf5e0a7ae40b07bda4c7 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Wed, 23 Aug 2017 15:58:03 +0100
Subject: [PATCH] logind: remember to remove '/run/systemd/shutdown/scheduled'
(cherry picked from commit cbc373502f1d6e2df01e43538006e31975f555ec)
---
src/login/logind-dbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c9b7d99818..242ad4fb2b 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1496,6 +1496,7 @@ static void reset_scheduled_shutdown(Manager *m) {
(void) unlink("/run/nologin");
m->unlink_nologin = false;
}
+ (void) unlink("/run/systemd/shutdown/scheduled");
}
static int execute_shutdown_or_sleep(

34
0038-logind-method_schedule_shutdown-already-rejects-empt.patch
View File

@ -1,34 +0,0 @@
From 2a0c34eea8f68811f6eee2ad32652f20182d322e Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Tue, 22 Aug 2017 13:54:21 +0100
Subject: [PATCH] logind: method_schedule_shutdown() already rejects empty
`type`
Don't test for an empty `type` afterwards. This is not how you cancel
scheduled shutdowns - there's a separate method for that.
(cherry picked from commit f8169e62dfc9ea903bc880064a5d384cdc68db3e)
---
src/login/logind-dbus.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 242ad4fb2b..f0943e56e0 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -2051,12 +2051,9 @@ static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_
if (r < 0)
return r;
- if (!isempty(type)) {
- r = update_schedule_file(m);
- if (r < 0)
- return r;
- } else
- (void) unlink("/run/systemd/shutdown/scheduled");
+ r = update_schedule_file(m);
+ if (r < 0)
+ return r;
return sd_bus_reply_method_return(message, NULL);
}

55
0039-logind-add-missing-check-for-conflicting-operation-v.patch
View File

@ -1,55 +0,0 @@
From d0968b783128667b1db0e97d6774a0a1f15fa152 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 21 Aug 2017 11:49:25 +0100
Subject: [PATCH] logind: add missing check for conflicting operation v.s.
scheduled shutdown
> We don't want to shutdown while a suspend is running, and vice versa.
> This would be confusing and could lead to data loss in the worst case.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1441253/comments/4
According to the above comment, if the conflicting operation is hung,
we don't want to force things when the admin has not passed a force option.
Similarly if you're not an admin, you probably shouldn't get to sneak
around this check by using a scheduled shutdown instead of an unscheduled
one. (And no-one so far thought it necessary to add such a permission in
PolKit).
Note that if the conflicting operation was _not_ hung, and we lost the
race with suspend, the system might not have shut down at the scheduled
time anyway. Which is no good if you were scheduling a power outage.
And scheduling a shutdown for an arbitrary time when the system is resumed,
does not seem a very useful semantic. More likely, scheduled shutdowns are
useful on systems which do not use suspend, such as multi-user servers.
(In which case even PolKit defaults likely don't let the users trigger
suspend).
(cherry picked from commit b498d6ea9f72520c579035928d16c527d992bca8)
---
src/login/logind-dbus.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index f0943e56e0..3f05c86f5c 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1946,9 +1946,15 @@ static int manager_scheduled_shutdown_handler(
else
target = SPECIAL_REBOOT_TARGET;
- r = execute_shutdown_or_sleep(m, 0, target, &error);
+ /* Don't allow multiple jobs being executed at the same time */
+ if (m->action_what) {
+ log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target);
+ return -EALREADY;
+ }
+
+ r = execute_shutdown_or_sleep(m, INHIBIT_SHUTDOWN, target, &error);
if (r < 0)
- return log_error_errno(r, "Unable to execute transition to %s: %m", target);
+ return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
return 0;
}

179
0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch
View File

@ -1,179 +0,0 @@
From 7d9e4212490f7c42d419de4befb438e173380da7 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 21 Aug 2017 17:28:35 +0100
Subject: [PATCH] logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
(cherry picked from commit df75a1a8aa5420335a56093077fa8cfcbfffac78)
---
src/login/logind-dbus.c | 91 ++++++++++++++++++++++++++-----------------------
1 file changed, 48 insertions(+), 43 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 3f05c86f5c..1fd64d32b7 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1399,7 +1399,6 @@ static int have_multiple_sessions(
static int bus_manager_log_shutdown(
Manager *m,
- InhibitWhat w,
const char *unit_name) {
const char *p, *q;
@@ -1407,9 +1406,6 @@ static int bus_manager_log_shutdown(
assert(m);
assert(unit_name);
- if (w != INHIBIT_SHUTDOWN)
- return 0;
-
if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) {
p = "MESSAGE=System is powering down";
q = "SHUTDOWN=power-off";
@@ -1484,21 +1480,6 @@ int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
return r;
}
-static void reset_scheduled_shutdown(Manager *m) {
- m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
- m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
- m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
- m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
- m->scheduled_shutdown_timeout = 0;
- m->shutdown_dry_run = false;
-
- if (m->unlink_nologin) {
- (void) unlink("/run/nologin");
- m->unlink_nologin = false;
- }
- (void) unlink("/run/systemd/shutdown/scheduled");
-}
-
static int execute_shutdown_or_sleep(
Manager *m,
InhibitWhat w,
@@ -1515,32 +1496,28 @@ static int execute_shutdown_or_sleep(
assert(w < _INHIBIT_WHAT_MAX);
assert(unit_name);
- bus_manager_log_shutdown(m, w, unit_name);
+ if (w == INHIBIT_SHUTDOWN)
+ bus_manager_log_shutdown(m, unit_name);
- if (m->shutdown_dry_run) {
- log_info("Running in dry run, suppressing action.");
- reset_scheduled_shutdown(m);
- } else {
- r = sd_bus_call_method(
- m->bus,
- "org.freedesktop.systemd1",
- "/org/freedesktop/systemd1",
- "org.freedesktop.systemd1.Manager",
- "StartUnit",
- error,
- &reply,
- "ss", unit_name, "replace-irreversibly");
- if (r < 0)
- return r;
+ r = sd_bus_call_method(
+ m->bus,
+ "org.freedesktop.systemd1",
+ "/org/freedesktop/systemd1",
+ "org.freedesktop.systemd1.Manager",
+ "StartUnit",
+ error,
+ &reply,
+ "ss", unit_name, "replace-irreversibly");
+ if (r < 0)
+ return r;
- r = sd_bus_message_read(reply, "o", &p);
- if (r < 0)
- return r;
+ r = sd_bus_message_read(reply, "o", &p);
+ if (r < 0)
+ return r;
- c = strdup(p);
- if (!c)
- return -ENOMEM;
- }
+ c = strdup(p);
+ if (!c)
+ return -ENOMEM;
m->action_unit = unit_name;
free(m->action_job);
@@ -1924,6 +1901,21 @@ fail:
return log_error_errno(r, "Failed to write information about scheduled shutdowns: %m");
}
+static void reset_scheduled_shutdown(Manager *m) {
+ m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
+ m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
+ m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
+ m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
+ m->scheduled_shutdown_timeout = 0;
+ m->shutdown_dry_run = false;
+
+ if (m->unlink_nologin) {
+ (void) unlink("/run/nologin");
+ m->unlink_nologin = false;
+ }
+ (void) unlink("/run/systemd/shutdown/scheduled");
+}
+
static int manager_scheduled_shutdown_handler(
sd_event_source *s,
uint64_t usec,
@@ -1952,7 +1944,20 @@ static int manager_scheduled_shutdown_handler(
return -EALREADY;
}
- r = execute_shutdown_or_sleep(m, INHIBIT_SHUTDOWN, target, &error);
+ if (m->shutdown_dry_run) {
+ /* We do not process delay inhibitors here. Otherwise, we
+ * would have to be considered "in progress" (like the check
+ * above) for some seconds after our admin has seen the final
+ * wall message. */
+
+ bus_manager_log_shutdown(m, target);
+ log_info("Running in dry run, suppressing action.");
+ reset_scheduled_shutdown(m);
+
+ return 0;
+ }
+
+ r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error);
if (r < 0)
return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);

166
0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch
View File

@ -1,166 +0,0 @@
From 1e3b4e30a2d030e9f81584a61b32b6541754fe02 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Thu, 24 Aug 2017 10:33:24 +0100
Subject: [PATCH] logind: add missing resume signal when we fail to initiate
sleep/shutdown
This fixed https://bugzilla.redhat.com/show_bug.cgi?id=1476313
as much as I was able to reproduce it in a VM, at least.
E.g. this signal might wake the screen back up, providing a more visible
indicator of suspend failure. In my VM testing, it was also required in
order to unblock keyboard input in gnome-shell after the failed suspend.
At the same time, fix the error handling for scheduled shutdowns. This now
mirrors the behaviour of when you use `shutdown -k` - it sends all the
scary messages about shutting down, "but you'll have to do it [shut down
the system] yourself". It also avoids the risk of locking out the admin
(nologin file), in case they logged out for some reason (and they use
`sudo` instead of root).
Not that I have any idea why you'd want to use `shutdown -k`, but the code
is easier to analyze if it rolls back on error (in the absence of any code
comment as to why that's not wanted).
(cherry picked from commit 6d7f7fd49f8a094fc36e750de1e80afea80c8228)
---
src/login/logind-dbus.c | 76 ++++++++++++++++++++++++++++++-------------------
1 file changed, 46 insertions(+), 30 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 1fd64d32b7..e868a48f8c 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1480,6 +1480,28 @@ int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
return r;
}
+static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
+
+ static const char * const signal_name[_INHIBIT_WHAT_MAX] = {
+ [INHIBIT_SHUTDOWN] = "PrepareForShutdown",
+ [INHIBIT_SLEEP] = "PrepareForSleep"
+ };
+
+ int active = _active;
+
+ assert(m);
+ assert(w >= 0);
+ assert(w < _INHIBIT_WHAT_MAX);
+ assert(signal_name[w]);
+
+ return sd_bus_emit_signal(m->bus,
+ "/org/freedesktop/login1",
+ "org.freedesktop.login1.Manager",
+ signal_name[w],
+ "b",
+ active);
+}
+
static int execute_shutdown_or_sleep(
Manager *m,
InhibitWhat w,
@@ -1509,15 +1531,17 @@ static int execute_shutdown_or_sleep(
&reply,
"ss", unit_name, "replace-irreversibly");
if (r < 0)
- return r;
+ goto error;
r = sd_bus_message_read(reply, "o", &p);
if (r < 0)
- return r;
+ goto error;
c = strdup(p);
- if (!c)
- return -ENOMEM;
+ if (!c) {
+ r = -ENOMEM;
+ goto error;
+ }
m->action_unit = unit_name;
free(m->action_job);
@@ -1528,6 +1552,12 @@ static int execute_shutdown_or_sleep(
manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec);
return 0;
+
+error:
+ /* Tell people that they now may take a lock again */
+ send_prepare_for(m, m->action_what, false);
+
+ return r;
}
int manager_dispatch_delayed(Manager *manager, bool timeout) {
@@ -1558,7 +1588,8 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) {
/* Actually do the operation */
r = execute_shutdown_or_sleep(manager, manager->action_what, manager->action_unit, &error);
if (r < 0) {
- log_warning("Failed to send delayed message: %s", bus_error_message(&error, r));
+ log_warning("Error during inhibitor-delayed operation (already returned success to client): %s",
+ bus_error_message(&error, r));
manager->action_unit = NULL;
manager->action_what = 0;
@@ -1619,28 +1650,6 @@ static int delay_shutdown_or_sleep(
return 0;
}
-static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
-
- static const char * const signal_name[_INHIBIT_WHAT_MAX] = {
- [INHIBIT_SHUTDOWN] = "PrepareForShutdown",
- [INHIBIT_SLEEP] = "PrepareForSleep"
- };
-
- int active = _active;
-
- assert(m);
- assert(w >= 0);
- assert(w < _INHIBIT_WHAT_MAX);
- assert(signal_name[w]);
-
- return sd_bus_emit_signal(m->bus,
- "/org/freedesktop/login1",
- "org.freedesktop.login1.Manager",
- signal_name[w],
- "b",
- active);
-}
-
int bus_manager_shutdown_or_sleep_now_or_later(
Manager *m,
const char *unit_name,
@@ -1940,8 +1949,9 @@ static int manager_scheduled_shutdown_handler(
/* Don't allow multiple jobs being executed at the same time */
if (m->action_what) {
+ r = -EALREADY;
log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target);
- return -EALREADY;
+ goto error;
}
if (m->shutdown_dry_run) {
@@ -1958,10 +1968,16 @@ static int manager_scheduled_shutdown_handler(
}
r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error);
- if (r < 0)
- return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
+ if (r < 0) {
+ log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
+ goto error;
+ }
return 0;
+
+error:
+ reset_scheduled_shutdown(m);
+ return r;
}
static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {

37
0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch
View File

@ -1,37 +0,0 @@
From ee4cb7618ab6232c78865357a153d99a4023ad13 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Thu, 24 Aug 2017 15:21:21 +0100
Subject: [PATCH] logind: tighten assertion in execute_shutdown_or_sleep()
Following commit b498d6ea, I belated realized we should tighten the
assertions as well, to make sure that we're setting `m->action_what` to
represent an action in progress. (The check for an action in progress is
to compare `m->action_what` to zero)
(cherry picked from commit b61fa4e00166b2bf593e0f6edbb277543f03915f)
---
src/login/logind-dbus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index e868a48f8c..ba5cb19c6b 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1514,7 +1514,7 @@ static int execute_shutdown_or_sleep(
int r;
assert(m);
- assert(w >= 0);
+ assert(w > 0);
assert(w < _INHIBIT_WHAT_MAX);
assert(unit_name);
@@ -1661,7 +1661,7 @@ int bus_manager_shutdown_or_sleep_now_or_later(
assert(m);
assert(unit_name);
- assert(w >= 0);
+ assert(w > 0);
assert(w <= _INHIBIT_WHAT_MAX);
assert(!m->action_job);

60
0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch
View File

@ -1,60 +0,0 @@
From 9ad12be34d5f12c91b26e859fb8aac184f50cea5 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Thu, 31 Aug 2017 12:45:25 +0200
Subject: [PATCH] tmpfiles: with "e" don't attempt to set permissions when file
doesn't exist (#6682)
tmpfiles.d option "e" when run through systemd-tmpfiles --create should
apply configured permissions (uid,gid) only to already existing
files. When file doesn't exist we bail out with error. Instead we should
silently ignore non-existing files.
$ useradd test
$ cat /etc/tmpfiles.d/foobar.conf
e /tmp/test - test test 1d
$ ls -l /tmp/test
ls: cannot access '/tmp/test': No such file or directory
Before:
$ systemd-tmpfiles --create /etc/tmpfiles.d/foobar.conf
Adjusting owner and mode for /tmp/test failed: No such file or directory
$ echo $?
1
After:
$ systemd-tmpfiles --create /etc/tmpfiles.d/foobar.conf
$ echo $?
0
(cherry picked from commit 780e2ee187e373565f9ded2859f8c6c7760b814a)
---
src/tmpfiles/tmpfiles.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 9419c99e28..0ee606fc30 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -617,8 +617,20 @@ static int path_set_perms(Item *i, const char *path) {
* O_PATH. */
fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH);
- if (fd < 0)
- return log_error_errno(errno, "Adjusting owner and mode for %s failed: %m", path);
+ if (fd < 0) {
+ int level = LOG_ERR, r = -errno;
+
+ /* Option "e" operates only on existing objects. Do not
+ * print errors about non-existent files or directories */
+ if (i->type == EMPTY_DIRECTORY && errno == ENOENT) {
+ level = LOG_DEBUG;
+ r = 0;
+ }
+
+ log_full_errno(level, errno, "Adjusting owner and mode for %s failed: %m", path);
+
+ return r;
+ }
if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
return log_error_errno(errno, "Failed to fstat() file %s: %m", path);

23
0044-man-fix-path-for-storing-random-seed.patch
View File

@ -1,23 +0,0 @@
From 000caa49a4ca3c18f38ac8dbb3d8bde39bc7cbbe Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 31 Aug 2017 18:31:08 +0900
Subject: [PATCH] man: fix path for storing random seed
(cherry picked from commit 621a2c804ce91763221799cde9d412423fcf8b51)
---
man/systemd-random-seed.service.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd-random-seed.service.xml b/man/systemd-random-seed.service.xml
index f3b5a947da..9ec01b6c34 100644
--- a/man/systemd-random-seed.service.xml
+++ b/man/systemd-random-seed.service.xml
@@ -48,7 +48,7 @@
<refsynopsisdiv>
<para><filename>systemd-random-seed.service</filename></para>
- <para><filename>/usr/lib/systemd/systemd-random-seed</filename></para>
+ <para><filename>/usr/lib/systemd/random-seed</filename></para>
</refsynopsisdiv>
<refsect1>

91
0045-Load-virtio_rng-early-in-the-game-6710.patch
View File

@ -1,91 +0,0 @@
From 59e70293dbf06106c2f4a152f234581e284fae5f Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 31 Aug 2017 15:33:33 +0200
Subject: [PATCH] Load virtio_rng early in the game (#6710)
If true randomness is needed before udev is triggered, which would load
virtio_rng, reading /dev/random takes forever and the boot stalls for a
long time.
(cherry picked from commit 6c1f72f626355615daee0e5a7ef7044759251a23)
---
src/core/kmod-setup.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
index fd1021f706..9f69a6d925 100644
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@@ -17,6 +17,7 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <ftw.h>
#include <string.h>
#include <unistd.h>
@@ -24,10 +25,13 @@
#include <libkmod.h>
#endif
+#include "alloc-util.h"
#include "bus-util.h"
#include "capability-util.h"
+#include "fileio.h"
#include "kmod-setup.h"
#include "macro.h"
+#include "string-util.h"
#ifdef HAVE_KMOD
static void systemd_kmod_log(
@@ -45,6 +49,41 @@ static void systemd_kmod_log(
}
#endif
+static int has_virtio_rng_nftw_cb(
+ const char *fpath,
+ const struct stat *sb,
+ int tflag,
+ struct FTW *ftwbuf) {
+
+ _cleanup_free_ char *alias = NULL;
+ int r;
+
+ if ((FTW_D == tflag) && (ftwbuf->level > 2))
+ return FTW_SKIP_SUBTREE;
+
+ if (FTW_F != tflag)
+ return FTW_CONTINUE;
+
+ if (!endswith(fpath, "/modalias"))
+ return FTW_CONTINUE;
+
+ r = read_one_line_file(fpath, &alias);
+ if (r < 0)
+ return FTW_SKIP_SIBLINGS;
+
+ if (startswith(alias, "pci:v00001AF4d00001005"))
+ return FTW_STOP;
+
+ if (startswith(alias, "pci:v00001AF4d00001044"))
+ return FTW_STOP;
+
+ return FTW_SKIP_SIBLINGS;
+}
+
+static bool has_virtio_rng(void) {
+ return (nftw("/sys/devices/pci0000:00", has_virtio_rng_nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL) == FTW_STOP);
+}
+
int kmod_setup(void) {
#ifdef HAVE_KMOD
@@ -68,6 +107,8 @@ int kmod_setup(void) {
/* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
{ "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
#endif
+ /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
+ { "virtio_rng", NULL, false, false, has_virtio_rng },
};
struct kmod_ctx *ctx = NULL;
unsigned int i;

76
0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch
View File

@ -1,76 +0,0 @@
From 2c655092f8cd7c20c4146254cb549ff9ba795fda Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Mon, 4 Sep 2017 23:35:07 +1000
Subject: [PATCH] tmpfiles: silently ignore any path that passes through autofs
(#6506)
If a path passes though an autofs filesystem, then accessing
the path might trigger and automount. As systemd-tmpfiles is run before
the network is up, and as automounts are often used for networked
filesystems, this can cause a deadlock.
So chase_symlinks is enhance to accept a new flag which tells it
to check for autofs, and return -EREMOTE if autofs is found.
tmpfiles is changed to check just before acting on a path so that it
can avoid autofs even if a symlink was created earlier by tmpfiles
that would send this path through an autofs.
This fixes a deadlock that happens when /home is listed in /etc/fstab as
x-systemd.automount for an NFS directory.
(cherry picked from commit 655f2da0790d0f8670f7a4c7da1833786ce0137e)
---
src/basic/fs-util.c | 4 ++++
src/basic/fs-util.h | 1 +
src/tmpfiles/tmpfiles.c | 3 +++
3 files changed, 8 insertions(+)
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index 8fe19ee4e4..5b3bd0c45d 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -23,6 +23,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
+#include <linux/magic.h>
#include <time.h>
#include <unistd.h>
@@ -721,6 +722,9 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fstat(child, &st) < 0)
return -errno;
+ if ((flags & CHASE_NO_AUTOFS) &&
+ fd_check_fstype(child, AUTOFS_SUPER_MAGIC) > 0)
+ return -EREMOTE;
if (S_ISLNK(st.st_mode)) {
char *joined;
diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h
index 094acf1799..d3342d5cda 100644
--- a/src/basic/fs-util.h
+++ b/src/basic/fs-util.h
@@ -81,6 +81,7 @@ int inotify_add_watch_fd(int fd, int what, uint32_t mask);
enum {
CHASE_PREFIX_ROOT = 1, /* If set, the specified path will be prefixed by the specified root before beginning the iteration */
CHASE_NONEXISTENT = 2, /* If set, it's OK if the path doesn't actually exist. */
+ CHASE_NO_AUTOFS = 4, /* If set, return -EREMOTE if autofs mount point found */
};
int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 0ee606fc30..be52398f5f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -1655,6 +1655,9 @@ static int process_item(Item *i) {
}
}
+ if (chase_symlinks(i->path, NULL, CHASE_NO_AUTOFS, NULL) == -EREMOTE)
+ return t;
+
r = arg_create ? create_item(i) : 0;
q = arg_remove ? remove_item(i) : 0;
p = arg_clean ? clean_item(i) : 0;

36
0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch
View File

@ -1,36 +0,0 @@
From adc820ae57baf6d60884a5280cbb2f4842454131 Mon Sep 17 00:00:00 2001
From: ettavolt <ettavolt@gmail.com>
Date: Mon, 4 Sep 2017 16:36:52 +0300
Subject: [PATCH] 6647 - use path_startswith("/dev") in cryptsetup (#6732)
For both key and partition paths.
(cherry picked from commit 048dd629c4590eefb2ebd6a316c7350ed3a6ff19)
This fixes https://github.com/systemd/systemd/issues/6647.
---
src/cryptsetup/cryptsetup-generator.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index f737f82b55..afc5d7cf49 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -129,7 +129,7 @@ static int create_disk(
if (!path_equal(uu, "/dev/null")) {
- if (is_device_path(uu)) {
+ if (path_startswith(uu, "/dev/")) {
_cleanup_free_ char *dd = NULL;
r = unit_name_from_path(uu, ".device", &dd);
@@ -143,7 +143,7 @@ static int create_disk(
}
}
- if (is_device_path(u)) {
+ if (path_startswith(u, "/dev/")) {
fprintf(f,
"BindsTo=%s\n"
"After=%s\n"

26
0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch
View File

@ -1,26 +0,0 @@
From 7fa052cef9680e30e07a74423c440a2b79e81916 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 1 Sep 2017 17:03:01 +0900
Subject: [PATCH] systemd-mount: fix that wrong argument is used for
arg_mount_what
(cherry picked from commit 4185da7c4daf32bd9b5809fd6de99e52cb903bba)
---
src/mount/mount-tool.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c
index ed6578d540..10bb5dda63 100644
--- a/src/mount/mount-tool.c
+++ b/src/mount/mount-tool.c
@@ -344,9 +344,8 @@ static int parse_argv(int argc, char *argv[]) {
arg_mount_what = canonicalize_file_name(p);
if (!arg_mount_what)
return log_error_errno(errno, "Failed to canonicalize path: %m");
-
} else {
- arg_mount_what = strdup(argv[optind+1]);
+ arg_mount_what = strdup(argv[optind]);
if (!arg_mount_what)
return log_oom();

90
0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch
View File

@ -1,90 +0,0 @@
From 3e8acdaf07d4f32b9df199d47b08f1ce67d27435 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 4 Sep 2017 10:55:51 +0900
Subject: [PATCH] systemd-mount: allow to specify an arbitrary string for
arg_mount_what when vfs is used
Fixes #6591.
(cherry picked from commit e2be442e791fa1150aa835c684acc6d7189de3e1)
---
src/basic/mount-util.c | 26 ++++++++++++++++++++++++++
src/basic/mount-util.h | 1 +
src/mount/mount-tool.c | 8 +++++++-
3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 7b9400b47c..cff44116c8 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -552,6 +552,32 @@ bool fstype_is_network(const char *fstype) {
return nulstr_contains(table, fstype);
}
+bool fstype_is_api_vfs(const char *fstype) {
+ static const char table[] =
+ "autofs\0"
+ "bpf\0"
+ "cgroup\0"
+ "cgroup2\0"
+ "configfs\0"
+ "cpuset\0"
+ "debugfs\0"
+ "devpts\0"
+ "devtmpfs\0"
+ "efivarfs\0"
+ "hugetlbfs\0"
+ "mqueue\0"
+ "proc\0"
+ "pstore\0"
+ "ramfs\0"
+ "securityfs\0"
+ "sysfs\0"
+ "tmpfs\0"
+ "tracefs\0"
+ ;
+
+ return nulstr_contains(table, fstype);
+}
+
int repeat_unmount(const char *path, int flags) {
bool done = false;
diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h
index 2e24a184c5..70af11c2ff 100644
--- a/src/basic/mount-util.h
+++ b/src/basic/mount-util.h
@@ -44,6 +44,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent);
#define _cleanup_endmntent_ _cleanup_(endmntentp)
bool fstype_is_network(const char *fstype);
+bool fstype_is_api_vfs(const char *fstype);
union file_handle_union {
struct file_handle handle;
diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c
index 10bb5dda63..3c974addda 100644
--- a/src/mount/mount-tool.c
+++ b/src/mount/mount-tool.c
@@ -30,6 +30,7 @@
#include "fd-util.h"
#include "fileio.h"
#include "fstab-util.h"
+#include "mount-util.h"
#include "pager.h"
#include "parse-util.h"
#include "path-util.h"
@@ -330,7 +331,12 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
- if (arg_transport == BUS_TRANSPORT_LOCAL) {
+ if (arg_mount_type && (fstype_is_api_vfs(arg_mount_type) || fstype_is_network(arg_mount_type))) {
+ arg_mount_what = strdup(argv[optind]);
+ if (!arg_mount_what)
+ return log_oom();
+
+ } else if (arg_transport == BUS_TRANSPORT_LOCAL) {
_cleanup_free_ char *u = NULL, *p = NULL;
u = fstab_node_to_udev_node(argv[optind]);

83
0050-rfkill-Lookup-device-in-determine_state_file.patch
View File

@ -1,83 +0,0 @@
From 55a2b3a6031502c97cb467f1bfd5ddc86f7ac408 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 31 Aug 2017 17:34:08 +0200
Subject: [PATCH] rfkill: Lookup device in determine_state_file
None of the callers actually need the device itself. So it makes sense
to do the lookup inside determine_state_file instead.
(cherry picked from commit 8e707663135d28176163c9363c558ecac17c9ddb)
---
src/rfkill/rfkill.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index 470853d1d2..3adbd20d8b 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -162,18 +162,21 @@ static int wait_for_initialized(
static int determine_state_file(
struct udev *udev,
const struct rfkill_event *event,
- struct udev_device *d,
char **ret) {
+ _cleanup_udev_device_unref_ struct udev_device *d = NULL;
_cleanup_udev_device_unref_ struct udev_device *device = NULL;
const char *path_id, *type;
char *state_file;
int r;
assert(event);
- assert(d);
assert(ret);
+ r = find_device(udev, event, &d);
+ if (r < 0)
+ return r;
+
r = wait_for_initialized(udev, d, &device);
if (r < 0)
return r;
@@ -204,7 +207,6 @@ static int load_state(
struct udev *udev,
const struct rfkill_event *event) {
- _cleanup_udev_device_unref_ struct udev_device *device = NULL;
_cleanup_free_ char *state_file = NULL, *value = NULL;
struct rfkill_event we;
ssize_t l;
@@ -217,11 +219,7 @@ static int load_state(
if (shall_restore_state() == 0)
return 0;
- r = find_device(udev, event, &device);
- if (r < 0)
- return r;
-
- r = determine_state_file(udev, event, device, &state_file);
+ r = determine_state_file(udev, event, &state_file);
if (r < 0)
return r;
@@ -266,7 +264,6 @@ static int save_state(
struct udev *udev,
const struct rfkill_event *event) {
- _cleanup_udev_device_unref_ struct udev_device *device = NULL;
_cleanup_free_ char *state_file = NULL;
int r;
@@ -274,11 +271,7 @@ static int save_state(
assert(udev);
assert(event);
- r = find_device(udev, event, &device);
- if (r < 0)
- return r;
-
- r = determine_state_file(udev, event, device, &state_file);
+ r = determine_state_file(udev, event, &state_file);
if (r < 0)
return r;

191
0051-rfkill-Delay-writes-until-exit-5768.patch
View File

@ -1,191 +0,0 @@
From a43c13e3cafe4f4499f81014cbbf6bd8a4d4712b Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 31 Aug 2017 17:36:37 +0200
Subject: [PATCH] rfkill: Delay writes until exit (#5768)
On thinkpads there are two rfkill devices for bluetooth. The first is an
ACPI switch which powers down the USB dongle and the second one is the
USB dongle itself. So when userspace decides to enable rfkill on all
devices systemd would randomly save the soft block state of the USB
dongle. This later causes issue when re-enabling the devie as
systemd-rfkill would put the USB dongle into soft block state right
after the ACPI rfkill switch is unblocked by userspace.
The simple way to avoid this is to not store rfkill changes for devices
that disappear shortly after. That way only the "main" ACPI switch will
get stored and systemd-rfkill will not end up blocking the device right
after it is being added back again.
(cherry picked from commit 202cb8c396deb90f841359054ca19f1c47fc8604)
---
src/rfkill/rfkill.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 99 insertions(+), 5 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index 3adbd20d8b..c934b70156 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -35,9 +35,27 @@
#include "string-util.h"
#include "udev-util.h"
#include "util.h"
+#include "list.h"
+/* Note that any write is delayed until exit and the rfkill state will not be
+ * stored for rfkill indices that disappear after a change. */
#define EXIT_USEC (5 * USEC_PER_SEC)
+typedef struct write_queue_item {
+ LIST_FIELDS(struct write_queue_item, queue);
+ int rfkill_idx;
+ char *file;
+ int state;
+} write_queue_item;
+
+static void write_queue_item_free(struct write_queue_item *item)
+{
+ assert(item);
+
+ free(item->file);
+ free(item);
+}
+
static const char* const rfkill_type_table[NUM_RFKILL_TYPES] = {
[RFKILL_TYPE_ALL] = "all",
[RFKILL_TYPE_WLAN] = "wlan",
@@ -259,12 +277,30 @@ static int load_state(
return 0;
}
-static int save_state(
+static void save_state_queue_remove(
+ struct write_queue_item **write_queue,
+ int idx,
+ char *state_file) {
+
+ struct write_queue_item *item, *tmp;
+
+ LIST_FOREACH_SAFE(queue, item, tmp, *write_queue) {
+ if ((state_file && streq(item->file, state_file)) || idx == item->rfkill_idx) {
+ log_debug("Canceled previous save state of '%s' to %s.", one_zero(item->state), item->file);
+ LIST_REMOVE(queue, *write_queue, item);
+ write_queue_item_free(item);
+ }
+ }
+}
+
+static int save_state_queue(
+ struct write_queue_item **write_queue,
int rfkill_fd,
struct udev *udev,
const struct rfkill_event *event) {
_cleanup_free_ char *state_file = NULL;
+ struct write_queue_item *item;
int r;
assert(rfkill_fd >= 0);
@@ -274,16 +310,69 @@ static int save_state(
r = determine_state_file(udev, event, &state_file);
if (r < 0)
return r;
+ save_state_queue_remove(write_queue, event->idx, state_file);
+
+ item = new0(struct write_queue_item, 1);
+ if (!item)
+ return -ENOMEM;
- r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+ item->file = state_file;
+ item->rfkill_idx = event->idx;
+ item->state = event->soft;
+ state_file = NULL;
+
+ LIST_APPEND(queue, *write_queue, item);
+
+ return 0;
+}
+
+static int save_state_cancel(
+ struct write_queue_item **write_queue,
+ int rfkill_fd,
+ struct udev *udev,
+ const struct rfkill_event *event) {
+
+ _cleanup_free_ char *state_file = NULL;
+ int r;
+
+ assert(rfkill_fd >= 0);
+ assert(udev);
+ assert(event);
+
+ r = determine_state_file(udev, event, &state_file);
+ save_state_queue_remove(write_queue, event->idx, state_file);
if (r < 0)
- return log_error_errno(r, "Failed to write state file %s: %m", state_file);
+ return r;
- log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file);
return 0;
}
+static int save_state_write(struct write_queue_item **write_queue) {
+ struct write_queue_item *item, *tmp;
+ int result = 0;
+ bool error_logged = false;
+ int r;
+
+ LIST_FOREACH_SAFE(queue, item, tmp, *write_queue) {
+ r = write_string_file(item->file, one_zero(item->state), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+ if (r < 0) {
+ result = r;
+ if (!error_logged) {
+ log_error_errno(r, "Failed to write state file %s: %m", item->file);
+ error_logged = true;
+ } else
+ log_warning_errno(r, "Failed to write state file %s: %m", item->file);
+ } else
+ log_debug("Saved state '%s' to %s.", one_zero(item->state), item->file);
+
+ LIST_REMOVE(queue, *write_queue, item);
+ write_queue_item_free(item);
+ }
+ return result;
+}
+
int main(int argc, char *argv[]) {
+ LIST_HEAD(write_queue_item, write_queue);
_cleanup_udev_unref_ struct udev *udev = NULL;
_cleanup_close_ int rfkill_fd = -1;
bool ready = false;
@@ -294,6 +383,8 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
+ LIST_HEAD_INIT(write_queue);
+
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
@@ -403,11 +494,12 @@ int main(int argc, char *argv[]) {
case RFKILL_OP_DEL:
log_debug("An rfkill device has been removed with index %i and type %s", event.idx, type);
+ (void) save_state_cancel(&write_queue, rfkill_fd, udev, &event);
break;
case RFKILL_OP_CHANGE:
log_debug("An rfkill device has changed state with index %i and type %s", event.idx, type);
- (void) save_state(rfkill_fd, udev, &event);
+ (void) save_state_queue(&write_queue, rfkill_fd, udev, &event);
break;
default:
@@ -419,5 +511,7 @@ int main(int argc, char *argv[]) {
r = 0;
finish:
+ (void) save_state_write(&write_queue);
+
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}

36
0052-systemctl-check-existence-of-all-units-not-just-the-.patch
View File

@ -1,36 +0,0 @@
From 6aaee522ca978f2982e630508d7e14dc28d74907 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 2 Sep 2017 17:37:08 +0300
Subject: [PATCH] systemctl: check existence of all units, not just the first
one
(cherry picked from commit f8d6cb48a363ddae6fab50636ccc433b5f4dd604)
---
src/systemctl/systemctl.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 83ed9ef9f7..a1b956111b 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -6201,11 +6201,15 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
sd_bus *bus;
if (STR_IN_SET(verb, "mask", "unmask")) {
- r = unit_exists(*names);
- if (r < 0)
- return r;
- if (r == 0)
- log_notice("Unit %s does not exist, proceeding anyway.", *names);
+ char **name;
+
+ STRV_FOREACH(name, names) {
+ r = unit_exists(*name);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ log_notice("Unit %s does not exist, proceeding anyway.", *names);
+ }
}
r = acquire_bus(BUS_MANAGER, &bus);

151
0053-systemctl-fix-masking-of-template-units.patch
View File

@ -1,151 +0,0 @@
From 332a9f7e0105d223aed58e9b6504ec78bd22328c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 3 Sep 2017 17:45:54 +0300
Subject: [PATCH] systemctl: fix masking of template units
systemctl would try to load the properties of the unit, which is impossible
for template names, and the whole operation would fail. It seems that this
regression was introduced in 00c83b430020914499bebf22be6b258f518ae291.
Export the part of unit_find_paths() responsible for locating instance unit
fragments and reuse it from unit_exists() to fix the handling of template
units.
Fixes #6412.
(cherry picked from commit 173471b771a52baa7f705019600956e875b0cb9a)
---
src/systemctl/systemctl.c | 68 ++++++++++++++++++++++++++++++++++-------------
1 file changed, 49 insertions(+), 19 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index a1b956111b..a5f248e865 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -2480,7 +2480,6 @@ static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **un
assert(lp);
assert(unit_name);
- assert(unit_path);
STRV_FOREACH(p, lp->search_path) {
_cleanup_free_ char *path = NULL, *lpath = NULL;
@@ -2498,14 +2497,48 @@ static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **un
if (r < 0)
return log_error_errno(r, "Failed to access path '%s': %m", path);
- *unit_path = lpath;
- lpath = NULL;
+ if (unit_path) {
+ *unit_path = lpath;
+ lpath = NULL;
+ }
return 1;
}
return 0;
}
+static int unit_find_template_path(
+ const char *unit_name,
+ LookupPaths *lp,
+ char **fragment_path,
+ char **template) {
+
+ _cleanup_free_ char *_template = NULL;
+ int r;
+
+ /* Returns 1 if a fragment was found, 0 if not found, negative on error. */
+
+ r = unit_file_find_path(lp, unit_name, fragment_path);
+ if (r != 0)
+ return r; /* error or found a real unit */
+
+ r = unit_name_template(unit_name, &_template);
+ if (r == -EINVAL)
+ return 0; /* not a template, does not exist */
+ if (r < 0)
+ return log_error_errno(r, "Failed to determine template name: %m");
+
+ r = unit_file_find_path(lp, _template, fragment_path);
+ if (r < 0)
+ return r;
+
+ if (template) {
+ *template = _template;
+ _template = NULL;
+ }
+ return r;
+}
+
static int unit_find_paths(
sd_bus *bus,
const char *unit_name,
@@ -2561,29 +2594,18 @@ static int unit_find_paths(
return log_error_errno(r, "Failed to get DropInPaths: %s", bus_error_message(&error, r));
}
} else {
- _cleanup_set_free_ Set *names;
+ _cleanup_set_free_ Set *names = NULL;
_cleanup_free_ char *template = NULL;
names = set_new(NULL);
if (!names)
return log_oom();
- r = unit_file_find_path(lp, unit_name, &path);
+ r = unit_find_template_path(unit_name, lp, &path, &template);
if (r < 0)
return r;
- if (r == 0) {
- r = unit_name_template(unit_name, &template);
- if (r < 0 && r != -EINVAL)
- return log_error_errno(r, "Failed to determine template name: %m");
- if (r >= 0) {
- r = unit_file_find_path(lp, template, &path);
- if (r < 0)
- return r;
- }
- }
-
- if (path)
+ if (r > 0)
/* We found the unit file. If we followed symlinks, this name might be
* different then the unit_name with started with. Look for dropins matching
* that "final" name. */
@@ -6084,7 +6106,7 @@ static int normalize_names(char **names, bool warn_if_path) {
return 0;
}
-static int unit_exists(const char *unit) {
+static int unit_exists(LookupPaths *lp, const char *unit) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_free_ char *path = NULL;
@@ -6097,6 +6119,9 @@ static int unit_exists(const char *unit) {
sd_bus *bus;
int r;
+ if (unit_name_is_valid(unit, UNIT_NAME_TEMPLATE))
+ return unit_find_template_path(unit, lp, NULL, NULL);
+
path = unit_dbus_path_from_name(unit);
if (!path)
return log_oom();
@@ -6202,9 +6227,14 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
if (STR_IN_SET(verb, "mask", "unmask")) {
char **name;
+ _cleanup_lookup_paths_free_ LookupPaths lp = {};
+
+ r = lookup_paths_init(&lp, arg_scope, 0, arg_root);
+ if (r < 0)
+ return r;
STRV_FOREACH(name, names) {
- r = unit_exists(*name);
+ r = unit_exists(&lp, *name);
if (r < 0)
return r;
if (r == 0)

30
0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch
View File

@ -1,30 +0,0 @@
From 18647aa3d8f3ef8033cba55384d297d7ef8f3d9c Mon Sep 17 00:00:00 2001
From: juga0 <juga@riseup.net>
Date: Tue, 5 Sep 2017 10:26:32 +0000
Subject: [PATCH] networkd: send dhcp option NTP when UseNTP is true (#6726)
(cherry picked from commit ead36ce651955999e7cf1f6167aa0065f8cd5f3f)
---
src/network/networkd-dhcp4.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 77771688e1..84a25b1a03 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -635,10 +635,11 @@ int dhcp4_configure(Link *link) {
return r;
}
- /* Always acquire the timezone and NTP */
- r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NTP_SERVER);
- if (r < 0)
- return r;
+ if (link->network->dhcp_use_ntp) {
+ r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NTP_SERVER);
+ if (r < 0)
+ return r;
+ }
r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE);
if (r < 0)

30
0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch
View File

@ -1,30 +0,0 @@
From 63f2647249e5d55e6ae62c484d70690aedd41a41 Mon Sep 17 00:00:00 2001
From: juga0 <juga@riseup.net>
Date: Wed, 6 Sep 2017 08:10:50 +0000
Subject: [PATCH] networkd: send dhcp timezone option when UseTimezone is true
(#6725)
(cherry picked from commit 89573b3728fc14033b99fc69f3f6181be9c8c6be)
---
src/network/networkd-dhcp4.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 84a25b1a03..546c90b6bb 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -641,9 +641,11 @@ int dhcp4_configure(Link *link) {
return r;
}
- r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE);
- if (r < 0)
- return r;
+ if (link->network->dhcp_use_timezone) {
+ r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE);
+ if (r < 0)
+ return r;
+ }
r = dhcp4_set_hostname(link);
if (r < 0)

28
0056-journalctl-honor-quiet-when-vacuuming-6771.patch
View File

@ -1,28 +0,0 @@
From b2403e6ea4cd04e3624d4ae4f7f2d7dde98f23dd Mon Sep 17 00:00:00 2001
From: Kai-Heng Feng <kaihengfeng@gmail.com>
Date: Fri, 8 Sep 2017 20:25:44 +0800
Subject: [PATCH] journalctl: honor --quiet when vacuuming (#6771)
'journalctl --vacuum-*' does not suppress output message with --quiet.
Let journal_directory_vacuum honors --quiet to fix the problem.
BugLink: https://bugs.launchpad.net/bugs/1692188
(cherry picked from commit e3695e499a54071aa5fa3b79bdbff0be2c528204)
---
src/journal/journalctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 2313c8c678..1bb4d89159 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -2170,7 +2170,7 @@ int main(int argc, char *argv[]) {
if (d->is_root)
continue;
- q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, true);
+ q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, !arg_quiet);
if (q < 0) {
log_error_errno(q, "Failed to vacuum %s: %m", d->path);
r = q;

45
0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch
View File

@ -1,45 +0,0 @@
From 21879b710e669f9965650bcafa8d504e617fd7ee Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Fri, 8 Sep 2017 15:41:44 +0200
Subject: [PATCH] manager: when reexecuting try to connect to bus only when
dbus.service is around (#6773)
Trying to connect otherwise is pointless, because if socket isn't around
we won't connect. However, when dbus.socket is present we attempt to
connect. That attempt can't succeed because we are then supposed
to activate dbus.service as a response to connection from
us. This results in deadlock.
Fixes #6303
(cherry picked from commit 5463fa0a88f95d2002858592578f9bf4e0d2660a)
---
src/core/manager.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 283720750f..482eab0f19 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -880,15 +880,19 @@ static int manager_setup_user_lookup_fd(Manager *m) {
static int manager_connect_bus(Manager *m, bool reexecuting) {
bool try_bus_connect;
+ Unit *u = NULL;
assert(m);
if (m->test_run)
return 0;
+ u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
+
try_bus_connect =
- reexecuting ||
- (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS"));
+ (u && UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) &&
+ (reexecuting ||
+ (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS")));
/* Try to connect to the buses, if possible. */
return bus_init(m, try_bus_connect);

28
0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch
View File

@ -1,28 +0,0 @@
From ab76f797e85ba755f02db58f18b455c46dfed12a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 8 Sep 2017 17:34:11 +0200
Subject: [PATCH] efivars: don't crash when somebody wants to remove an efi
variable
This corrects b3c908b4a230c5cca0dcdd7e94d02ec54a298abf by allowing a
NULL value again for variable deletion.
Fixes: #6753
(cherry picked from commit e1e26566ec60aa66a3c21682322ebc376df609b2)
---
src/shared/efivars.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
index 8229e6b183..2503346610 100644
--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
@@ -269,7 +269,7 @@ int efi_set_variable(
_cleanup_close_ int fd = -1;
assert(name);
- assert(value);
+ assert(value || size == 0);
if (asprintf(&p,
"/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",

310
0059-util-make-get_block_device-available.patch
View File

@ -1,310 +0,0 @@
From cd7bcbfad5c1319f8c7a9f74c2649ace096f6e2a Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 13 Sep 2017 11:47:15 +0200
Subject: [PATCH] util: make get_block_device() available
(cherry picked from commit c43b2b9c71e6e5f9af90ca178674d248acb0b9fc)
---
src/basic/util.c | 131 ++++++++++++++++++++++++++++
src/basic/util.h | 3 +
src/gpt-auto-generator/gpt-auto-generator.c | 130 ---------------------------
3 files changed, 134 insertions(+), 130 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index b52a5db31b..6cbb58bdea 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -34,6 +34,7 @@
#include <unistd.h>
#include "alloc-util.h"
+#include "btrfs-util.h"
#include "build.h"
#include "cgroup-util.h"
#include "def.h"
@@ -719,3 +720,133 @@ int version(void) {
SYSTEMD_FEATURES);
return 0;
}
+
+int get_block_device(const char *path, dev_t *dev) {
+ struct stat st;
+ struct statfs sfs;
+
+ assert(path);
+ assert(dev);
+
+ /* Get's the block device directly backing a file system. If
+ * the block device is encrypted, returns the device mapper
+ * block device. */
+
+ if (lstat(path, &st))
+ return -errno;
+
+ if (major(st.st_dev) != 0) {
+ *dev = st.st_dev;
+ return 1;
+ }
+
+ if (statfs(path, &sfs) < 0)
+ return -errno;
+
+ if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC))
+ return btrfs_get_block_device(path, dev);
+
+ return 0;
+}
+
+int get_block_device_harder(const char *path, dev_t *dev) {
+ _cleanup_closedir_ DIR *d = NULL;
+ _cleanup_free_ char *p = NULL, *t = NULL;
+ struct dirent *de, *found = NULL;
+ const char *q;
+ unsigned maj, min;
+ dev_t dt;
+ int r;
+
+ assert(path);
+ assert(dev);
+
+ /* Gets the backing block device for a file system, and
+ * handles LUKS encrypted file systems, looking for its
+ * immediate parent, if there is one. */
+
+ r = get_block_device(path, &dt);
+ if (r <= 0)
+ return r;
+
+ if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0)
+ return -ENOMEM;
+
+ d = opendir(p);
+ if (!d) {
+ if (errno == ENOENT)
+ goto fallback;
+
+ return -errno;
+ }
+
+ FOREACH_DIRENT_ALL(de, d, return -errno) {
+
+ if (dot_or_dot_dot(de->d_name))
+ continue;
+
+ if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
+ continue;
+
+ if (found) {
+ _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL;
+
+ /* We found a device backed by multiple other devices. We don't really support automatic
+ * discovery on such setups, with the exception of dm-verity partitions. In this case there are
+ * two backing devices: the data partition and the hash partition. We are fine with such
+ * setups, however, only if both partitions are on the same physical device. Hence, let's
+ * verify this. */
+
+ u = strjoin(p, "/", de->d_name, "/../dev");
+ if (!u)
+ return -ENOMEM;
+
+ v = strjoin(p, "/", found->d_name, "/../dev");
+ if (!v)
+ return -ENOMEM;
+
+ r = read_one_line_file(u, &a);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to read %s: %m", u);
+ goto fallback;
+ }
+
+ r = read_one_line_file(v, &b);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to read %s: %m", v);
+ goto fallback;
+ }
+
+ /* Check if the parent device is the same. If not, then the two backing devices are on
+ * different physical devices, and we don't support that. */
+ if (!streq(a, b))
+ goto fallback;
+ }
+
+ found = de;
+ }
+
+ if (!found)
+ goto fallback;
+
+ q = strjoina(p, "/", found->d_name, "/dev");
+
+ r = read_one_line_file(q, &t);
+ if (r == -ENOENT)
+ goto fallback;
+ if (r < 0)
+ return r;
+
+ if (sscanf(t, "%u:%u", &maj, &min) != 2)
+ return -EINVAL;
+
+ if (maj == 0)
+ goto fallback;
+
+ *dev = makedev(maj, min);
+ return 1;
+
+fallback:
+ *dev = dt;
+ return 1;
+}
diff --git a/src/basic/util.h b/src/basic/util.h
index c7da6c39bf..b31dfd1c92 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -192,3 +192,6 @@ uint64_t system_tasks_max_scale(uint64_t v, uint64_t max);
int update_reboot_parameter_and_warn(const char *param);
int version(void);
+
+int get_block_device(const char *path, dev_t *dev);
+int get_block_device_harder(const char *path, dev_t *dev);
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index a072242430..dc307ff585 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -609,136 +609,6 @@ static int enumerate_partitions(dev_t devnum) {
return r;
}
-static int get_block_device(const char *path, dev_t *dev) {
- struct stat st;
- struct statfs sfs;
-
- assert(path);
- assert(dev);
-
- /* Get's the block device directly backing a file system. If
- * the block device is encrypted, returns the device mapper
- * block device. */
-
- if (lstat(path, &st))
- return -errno;
-
- if (major(st.st_dev) != 0) {
- *dev = st.st_dev;
- return 1;
- }
-
- if (statfs(path, &sfs) < 0)
- return -errno;
-
- if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC))
- return btrfs_get_block_device(path, dev);
-
- return 0;
-}
-
-static int get_block_device_harder(const char *path, dev_t *dev) {
- _cleanup_closedir_ DIR *d = NULL;
- _cleanup_free_ char *p = NULL, *t = NULL;
- struct dirent *de, *found = NULL;
- const char *q;
- unsigned maj, min;
- dev_t dt;
- int r;
-
- assert(path);
- assert(dev);
-
- /* Gets the backing block device for a file system, and
- * handles LUKS encrypted file systems, looking for its
- * immediate parent, if there is one. */
-
- r = get_block_device(path, &dt);
- if (r <= 0)
- return r;
-
- if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0)
- return -ENOMEM;
-
- d = opendir(p);
- if (!d) {
- if (errno == ENOENT)
- goto fallback;
-
- return -errno;
- }
-
- FOREACH_DIRENT_ALL(de, d, return -errno) {
-
- if (dot_or_dot_dot(de->d_name))
- continue;
-
- if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
- continue;
-
- if (found) {
- _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL;
-
- /* We found a device backed by multiple other devices. We don't really support automatic
- * discovery on such setups, with the exception of dm-verity partitions. In this case there are
- * two backing devices: the data partition and the hash partition. We are fine with such
- * setups, however, only if both partitions are on the same physical device. Hence, let's
- * verify this. */
-
- u = strjoin(p, "/", de->d_name, "/../dev");
- if (!u)
- return -ENOMEM;
-
- v = strjoin(p, "/", found->d_name, "/../dev");
- if (!v)
- return -ENOMEM;
-
- r = read_one_line_file(u, &a);
- if (r < 0) {
- log_debug_errno(r, "Failed to read %s: %m", u);
- goto fallback;
- }
-
- r = read_one_line_file(v, &b);
- if (r < 0) {
- log_debug_errno(r, "Failed to read %s: %m", v);
- goto fallback;
- }
-
- /* Check if the parent device is the same. If not, then the two backing devices are on
- * different physical devices, and we don't support that. */
- if (!streq(a, b))
- goto fallback;
- }
-
- found = de;
- }
-
- if (!found)
- goto fallback;
-
- q = strjoina(p, "/", found->d_name, "/dev");
-
- r = read_one_line_file(q, &t);
- if (r == -ENOENT)
- goto fallback;
- if (r < 0)
- return r;
-
- if (sscanf(t, "%u:%u", &maj, &min) != 2)
- return -EINVAL;
-
- if (maj == 0)
- goto fallback;
-
- *dev = makedev(maj, min);
- return 1;
-
-fallback:
- *dev = dt;
- return 1;
-}
-
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
int r;

51
0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch
View File

@ -1,51 +0,0 @@
From c86784ebf6a8dc572a52ac1322ae558c39e61d92 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 13 Sep 2017 11:04:17 +0200
Subject: [PATCH] shutdown: don't be fooled when detaching DM devices with
BTRFS
Otherwise we would try to detach the DM device hosting the rootfs with BTRFS
which is doomed to fail.
(cherry picked from commit 33e8d8af1482fd94edf8a41462012468ba852687)
---
src/core/umount.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/core/umount.c b/src/core/umount.c
index b83f631141..87c5aa9029 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
@@ -517,22 +517,22 @@ static int loopback_points_list_detach(MountPoint **head, bool *changed) {
static int dm_points_list_detach(MountPoint **head, bool *changed) {
MountPoint *m, *n;
- int n_failed = 0, k;
- struct stat root_st;
+ int n_failed = 0, r;
+ dev_t rootdev;
assert(head);
- k = lstat("/", &root_st);
+ r = get_block_device("/", &rootdev);
+ if (r <= 0)
+ rootdev = 0;
LIST_FOREACH_SAFE(mount_point, m, n, *head) {
- int r;
- if (k >= 0 &&
- major(root_st.st_dev) != 0 &&
- root_st.st_dev == m->devnum) {
- n_failed++;
- continue;
- }
+ if (major(rootdev) != 0)
+ if (rootdev == m->devnum) {
+ n_failed ++;
+ continue;
+ }
log_info("Detaching DM %u:%u.", major(m->devnum), minor(m->devnum));
r = delete_dm(m->devnum);

62
0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch
View File

@ -1,62 +0,0 @@
From 7f4b159f88d8d3b932e24646b50e4bdcac885581 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Sep 2017 19:08:26 +0200
Subject: [PATCH] sd-bus: extend D-Bus authentication timeout considerably
(#6813)
As it turns out the authentication phase times out too often than is
good, mostly due to PRNG pools not being populated during boot. Hence,
let's increase the authentication timeout from 25s to 90s, to cover for
that.
(Note that we leave the D-Bus method call timeout at 25s, matching the
reference implementation's value. And if the auth phase managed to
complete then the pools should be populated enough and mehtod calls
shouldn't take needlessly long anymore).
Fixes: #6418
(cherry picked from commit 036d61b32e7e684a532904ec26a6ebaa1b850ab9)
---
src/libsystemd/sd-bus/bus-internal.h | 6 ++++++
src/libsystemd/sd-bus/bus-socket.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
index 3575ea8cde..473f486c3d 100644
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@@ -27,6 +27,7 @@
#include "bus-error.h"
#include "bus-kernel.h"
#include "bus-match.h"
+#include "def.h"
#include "hashmap.h"
#include "kdbus.h"
#include "list.h"
@@ -327,8 +328,13 @@ struct sd_bus {
LIST_HEAD(sd_bus_track, tracks);
};
+/* For method calls we time-out at 25s, like in the D-Bus reference implementation */
#define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
+/* For the authentication phase we grant 90s, to provide extra room during boot, when RNGs and such are not filled up
+ * with enough entropy yet and might delay the boot */
+#define BUS_AUTH_TIMEOUT ((usec_t) DEFAULT_TIMEOUT_USEC)
+
#define BUS_WQUEUE_MAX (192*1024)
#define BUS_RQUEUE_MAX (192*1024)
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index ab70a0c6e1..fa7dcbb888 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -661,7 +661,7 @@ int bus_socket_start_auth(sd_bus *b) {
bus_get_peercred(b);
b->state = BUS_AUTHENTICATING;
- b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
+ b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_AUTH_TIMEOUT;
if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;

48
0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch
View File

@ -1,48 +0,0 @@
From eb877dacc9f98f646ff9509d6df5c71bd4a33a17 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Sep 2017 18:26:10 +0200
Subject: [PATCH] timer: don't use persietent file timestamps from the future
(#6823)
Also, use the mtime rather than the atime of the timestamp file. While
the atime is not completely wrong, the mtime appears more appropriate
as that's what we actually explicitly change, and is not effected by
mere reading.
Fixes: #6821
(cherry picked from commit 77542a7905520f1d637912bf47bddb4855506e41)
---
src/core/timer.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/core/timer.c b/src/core/timer.c
index 701949fd60..3032a237b1 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -614,9 +614,23 @@ static int timer_start(Unit *u) {
if (t->stamp_path) {
struct stat st;
- if (stat(t->stamp_path, &st) >= 0)
- t->last_trigger.realtime = timespec_load(&st.st_atim);
- else if (errno == ENOENT)
+ if (stat(t->stamp_path, &st) >= 0) {
+ usec_t ft;
+
+ /* Load the file timestamp, but only if it is actually in the past. If it is in the future,
+ * something is wrong with the system clock. */
+
+ ft = timespec_load(&st.st_mtim);
+ if (ft < now(CLOCK_REALTIME))
+ t->last_trigger.realtime = ft;
+ else {
+ char z[FORMAT_TIMESTAMP_MAX];
+
+ log_unit_warning(u, "Not using persistent file timestamp %s as it is in the future.",
+ format_timestamp(z, sizeof(z), ft));
+ }
+
+ } else if (errno == ENOENT)
/* The timer has never run before,
* make sure a stamp file exists.
*/

46
0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch
View File

@ -1,46 +0,0 @@
From 760a486ff45797b65093c5f0550cc42bfd5d70aa Mon Sep 17 00:00:00 2001
From: Felipe Sateler <fsateler@users.noreply.github.com>
Date: Thu, 14 Sep 2017 14:51:20 -0300
Subject: [PATCH] shared: end string with % if one was found at the end of a
expandible string (#6828)
Current behavior is that %X where X is an unidentified specifier, then the result is
the same %X string. This was not the case when the string ended with a stray %, where
the character would have not been output. Lets add that missing character.
Fixes: #6374
(cherry picked from commit 038492aed3e0293fd9cf4998fd891addb597b954)
---
src/shared/specifier.c | 4 ++++
src/test/test-unit-name.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/shared/specifier.c b/src/shared/specifier.c
index 1c17eb5251..81379041cc 100644
--- a/src/shared/specifier.c
+++ b/src/shared/specifier.c
@@ -107,6 +107,10 @@ int specifier_printf(const char *text, const Specifier table[], void *userdata,
*(t++) = *f;
}
+ /* if string ended with a stray %, also end with % */
+ if (percent)
+ *(t++) = '%';
+
*t = 0;
*_ret = ret;
return 0;
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index 2fd83f321c..2af90c69ee 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -237,7 +237,8 @@ static int test_unit_printf(void) {
/* general tests */
expect(u, "%%", "%");
expect(u, "%%s", "%s");
- expect(u, "%", ""); // REALLY?
+ expect(u, "%,", "%,");
+ expect(u, "%", "%");
/* normal unit */
expect(u, "%n", "blah.service");

25
0064-build-sys-bump-xslt-maxdepth-limit-6863.patch
View File

@ -1,25 +0,0 @@
From bd69342ded37a30850de4c85cbc709aaecfee396 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 19 Sep 2017 08:04:02 +0200
Subject: [PATCH] build-sys: bump xslt maxdepth limit (#6863)
With libxslt-1.30, builds were failing on some recursion depth limit
with systemd.index.xml. Bumping the limit fixes the issue.
(cherry picked from commit f2adcd22d5d5498f1a00fdc303f71e7198b238ab)
---
man/meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/man/meson.build b/man/meson.build
index 4f2ddad31a..c9fa91589a 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found()
xsltproc_flags = [
'--nonet',
'--xinclude',
+ '--maxdepth', '9000',
'--stringparam', 'man.output.quietly', '1',
'--stringparam', 'funcsynopsis.style', 'ansi',
'--stringparam', 'man.authors.section.enabled', '0',

175
0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch
View File

@ -1,175 +0,0 @@
From 7c4392650657a5ef264c4b1e2c55d5051b60fb30 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 17:55:53 +0200
Subject: [PATCH] fileio: add new helper call read_line() as bounded getline()
replacement
read_line() is much like getline(), and returns a line read from a
FILE*, of arbitrary sizes. In contrast to gets() it will grow the buffer
dynamically, and in contrast to getline() it will place a user-specified
boundary on the line.
(cherry picked from commit 4f9a66a32dda1d9a28f9bb3fa31c2148524bc46a)
---
src/basic/fileio.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/basic/fileio.h | 2 ++
src/test/test-fileio.c | 44 +++++++++++++++++++++++++++++
3 files changed, 123 insertions(+)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 9a185e3e60..db5897c360 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -1497,3 +1497,80 @@ int mkdtemp_malloc(const char *template, char **ret) {
*ret = p;
return 0;
}
+
+int read_line(FILE *f, size_t limit, char **ret) {
+ _cleanup_free_ char *buffer = NULL;
+ size_t n = 0, allocated = 0, count = 0;
+ int r;
+
+ assert(f);
+
+ /* Something like a bounded version of getline().
+ *
+ * Considers EOF, \n and \0 end of line delimiters, and does not include these delimiters in the string
+ * returned.
+ *
+ * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
+ * the number of characters in the returned string). When EOF is hit, 0 is returned.
+ *
+ * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
+ * delimiters. If the limit is hit we fail and return -ENOBUFS.
+ *
+ * If a line shall be skipped ret may be initialized as NULL. */
+
+ if (ret) {
+ if (!GREEDY_REALLOC(buffer, allocated, 1))
+ return -ENOMEM;
+ }
+
+ flockfile(f);
+
+ for (;;) {
+ int c;
+
+ if (n >= limit) {
+ funlockfile(f);
+ return -ENOBUFS;
+ }
+
+ errno = 0;
+ c = fgetc_unlocked(f);
+ if (c == EOF) {
+ /* if we read an error, and have no data to return, then propagate the error */
+ if (ferror_unlocked(f) && n == 0) {
+ r = errno > 0 ? -errno : -EIO;
+ funlockfile(f);
+ return r;
+ }
+
+ break;
+ }
+
+ count++;
+
+ if (IN_SET(c, '\n', 0)) /* Reached a delimiter */
+ break;
+
+ if (ret) {
+ if (!GREEDY_REALLOC(buffer, allocated, n + 2)) {
+ funlockfile(f);
+ return -ENOMEM;
+ }
+
+ buffer[n] = (char) c;
+ }
+
+ n++;
+ }
+
+ funlockfile(f);
+
+ if (ret) {
+ buffer[n] = 0;
+
+ *ret = buffer;
+ buffer = NULL;
+ }
+
+ return (int) count;
+}
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index 6098562265..2674148efe 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -99,3 +99,5 @@ int link_tmpfile(int fd, const char *path, const char *target);
int read_nul_string(FILE *f, char **ret);
int mkdtemp_malloc(const char *template, char **ret);
+
+int read_line(FILE *f, size_t limit, char **ret);
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index b1d688c89e..375b7a8910 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -663,6 +663,49 @@ static void test_tempfn(void) {
free(ret);
}
+static void test_read_line(void) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *line = NULL;
+
+ char buffer[] =
+ "Some test data\n"
+ "With newlines, and a NUL byte\0"
+ "\n"
+ "an empty line\n"
+ "an ignored line\n"
+ "and a very long line that is supposed to be truncated, because it is so long\n";
+
+ f = fmemopen(buffer, sizeof(buffer), "re");
+ assert_se(f);
+
+ assert_se(read_line(f, (size_t) -1, &line) == 15 && streq(line, "Some test data"));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 30 && streq(line, "With newlines, and a NUL byte"));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 1 && streq(line, ""));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 14 && streq(line, "an empty line"));
+ line = mfree(line);
+
+ assert_se(read_line(f, (size_t) -1, NULL) == 16);
+
+ assert_se(read_line(f, 16, &line) == -ENOBUFS);
+ line = mfree(line);
+
+ /* read_line() stopped when it hit the limit, that means when we continue reading we'll read at the first
+ * character after the previous limit. Let's make use of tha to continue our test. */
+ assert_se(read_line(f, 1024, &line) == 61 && streq(line, "line that is supposed to be truncated, because it is so long"));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 1 && streq(line, ""));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 0 && streq(line, ""));
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -684,6 +727,7 @@ int main(int argc, char *argv[]) {
test_search_and_fopen_nulstr();
test_writing_tmpfile();
test_tempfn();
+ test_read_line();
return 0;
}

26
0066-def-add-new-constant-LONG_LINE_MAX.patch
View File

@ -1,26 +0,0 @@
From 8eda468cb9445e5a9e2505d47fc5b15eae453a0a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 20:23:58 +0200
Subject: [PATCH] def: add new constant LONG_LINE_MAX
LONG_LINE_MAX is much like LINE_MAX, but longer.
As it turns out LINE_MAX at 4096 is too short for many usecases. Since
the general concept of having a common maximum line length limit makes
sense let's add our own, and make it larger (1MB for now).
(cherry picked from commit 189912440f6545404e84b3cd1d6ca54f1057e3e6)
---
src/basic/def.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/def.h b/src/basic/def.h
index b1a3bc190b..e2d91519ba 100644
--- a/src/basic/def.h
+++ b/src/basic/def.h
@@ -86,3 +86,5 @@
"/usr/local/lib/" n "\0" \
"/usr/lib/" n "\0" \
_CONF_PATHS_SPLIT_USR(n)
+
+#define LONG_LINE_MAX (1U*1024U*1024U)

53
0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch
View File

@ -1,53 +0,0 @@
From 773fe149cec50517ff1ed113c802c4e1a047a3e4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 18:01:32 +0200
Subject: [PATCH] fileio: rework read_one_line_file() on top of read_line()
(cherry picked from commit f4b51a2d092685c9a080e84130fec2d74c834f5c)
---
src/basic/fileio.c | 18 ++----------------
1 file changed, 2 insertions(+), 16 deletions(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index db5897c360..c66b7b814e 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -30,6 +30,7 @@
#include "alloc-util.h"
#include "ctype.h"
+#include "def.h"
#include "env-util.h"
#include "escape.h"
#include "fd-util.h"
@@ -163,7 +164,6 @@ fail:
int read_one_line_file(const char *fn, char **line) {
_cleanup_fclose_ FILE *f = NULL;
- char t[LINE_MAX], *c;
assert(fn);
assert(line);
@@ -172,21 +172,7 @@ int read_one_line_file(const char *fn, char **line) {
if (!f)
return -errno;
- if (!fgets(t, sizeof(t), f)) {
-
- if (ferror(f))
- return errno > 0 ? -errno : -EIO;
-
- t[0] = 0;
- }
-
- c = strdup(t);
- if (!c)
- return -ENOMEM;
- truncate_nl(c);
-
- *line = c;
- return 0;
+ return read_line(f, LONG_LINE_MAX, line);
}
int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {

31
0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch
View File

@ -1,31 +0,0 @@
From f4037dc520045b4779cf8589bd75ced2d343c215 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 18:25:45 +0200
Subject: [PATCH] cgroup-util: replace one use of fgets() by read_line()
(cherry picked from commit 2351e44d3ed57b7a48b9e544a59c3b797ac4d216)
---
src/basic/cgroup-util.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 6344372610..9148a7b1ab 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2326,7 +2326,6 @@ int cg_mask_supported(CGroupMask *ret) {
int cg_kernel_controllers(Set *controllers) {
_cleanup_fclose_ FILE *f = NULL;
- char buf[LINE_MAX];
int r;
assert(controllers);
@@ -2344,7 +2343,7 @@ int cg_kernel_controllers(Set *controllers) {
}
/* Ignore the header line */
- (void) fgets(buf, sizeof(buf), f);
+ (void) read_line(f, (size_t) -1, NULL);
for (;;) {
char *controller;

128
0069-test-conf-parser-add-some-basic-tests-for-config_par.patch
View File

@ -1,128 +0,0 @@
From 663be46f39f6c6e51b035683b304671eaffdafe8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 21 Sep 2017 14:24:01 +0200
Subject: [PATCH] test-conf-parser: add some basic tests for config_parse()
This function is pretty important, but we weren't calling it directly
even once in tests.
v2: add a few tests for escaping and line continuations
(cherry picked from commit e3f46367f577f8bd4b3a62ea0149bdcb112da573)
---
src/test/test-conf-parser.c | 89 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 89 insertions(+)
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index 77fcbc0dd3..81db9d1bd7 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -18,6 +18,8 @@
***/
#include "conf-parser.h"
+#include "fd-util.h"
+#include "fileio.h"
#include "log.h"
#include "macro.h"
#include "string-util.h"
@@ -227,7 +229,91 @@ static void test_config_parse_iec_uint64(void) {
assert_se(config_parse_iec_uint64(NULL, "/this/file", 11, "Section", 22, "Size", 0, "4.5M", &offset, NULL) == 0);
}
+static const char* const config_file[] = {
+ "[Section]\n"
+ "setting1=1\n",
+
+ "[Section]\n"
+ "setting1=1", /* no terminating newline */
+
+ "\n\n\n\n[Section]\n\n\n"
+ "setting1=1", /* some whitespace, no terminating newline */
+
+ "[Section]\n"
+ "[Section]\n"
+ "setting1=1\n"
+ "setting1=2\n"
+ "setting1=1\n", /* repeated settings */
+
+ "[Section]\n"
+ "setting1=1\\\n" /* normal continuation */
+ "2\\\n"
+ "3\n",
+
+ "[Section]\n"
+ "setting1=1\\\\\\\n" /* continuation with trailing escape symbols */
+ "\\\\2\n", /* note that C requires one level of escaping, so the
+ * parser gets "…1 BS BS BS NL BS BS 2 NL", which
+ * it translates into "…1 BS BS SP BS BS 2" */
+};
+
+static void test_config_parse(unsigned i, const char *s) {
+ char name[] = "/tmp/test-conf-parser.XXXXXX";
+ int fd, r;
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *setting1 = NULL;
+
+ const ConfigTableItem items[] = {
+ { "Section", "setting1", config_parse_string, 0, &setting1},
+ {}
+ };
+
+ log_info("== %s[%i] ==", __func__, i);
+
+ fd = mkostemp_safe(name);
+ assert_se(fd >= 0);
+ assert_se((size_t) write(fd, s, strlen(s)) == strlen(s));
+
+ assert_se(lseek(fd, 0, SEEK_SET) == 0);
+ assert_se(f = fdopen(fd, "r"));
+
+ /*
+ int config_parse(const char *unit,
+ const char *filename,
+ FILE *f,
+ const char *sections,
+ ConfigItemLookup lookup,
+ const void *table,
+ bool relaxed,
+ bool allow_include,
+ bool warn,
+ void *userdata)
+ */
+
+ r = config_parse(NULL, name, f,
+ "Section\0",
+ config_item_table_lookup, items,
+ false, false, true, NULL);
+ assert_se(r == 0);
+
+ switch (i) {
+ case 0 ... 3:
+ assert_se(streq(setting1, "1"));
+ break;
+
+ case 4:
+ assert_se(streq(setting1, "1 2 3"));
+ break;
+
+ case 5:
+ assert_se(streq(setting1, "1\\\\ \\\\2"));
+ break;
+ }
+}
+
int main(int argc, char **argv) {
+ unsigned i;
+
log_parse_environment();
log_open();
@@ -244,5 +330,8 @@ int main(int argc, char **argv) {
test_config_parse_nsec();
test_config_parse_iec_uint64();
+ for (i = 0; i < ELEMENTSOF(config_file); i++)
+ test_config_parse(i, config_file[i]);
+
return 0;
}

93
0070-conf-parse-remove-4K-line-length-limit.patch
View File

@ -1,93 +0,0 @@
From 032ba8cf22cc58b801d747c4063fcfe2364772de Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 18:26:35 +0200
Subject: [PATCH] conf-parse: remove 4K line length limit
Let's use read_line() to solve our long line limitation.
Fixes #3302.
(cherry picked from commit e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af)
---
src/shared/conf-parser.c | 43 ++++++++++++++++++++++++++++++++-----------
1 file changed, 32 insertions(+), 11 deletions(-)
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index e08402e3d2..57bc8e3036 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -28,8 +28,10 @@
#include "alloc-util.h"
#include "conf-files.h"
#include "conf-parser.h"
+#include "def.h"
#include "extract-word.h"
#include "fd-util.h"
+#include "fileio.h"
#include "fs-util.h"
#include "log.h"
#include "macro.h"
@@ -316,24 +318,44 @@ int config_parse(const char *unit,
fd_warn_permissions(filename, fileno(f));
for (;;) {
- char buf[LINE_MAX], *l, *p, *c = NULL, *e;
+ _cleanup_free_ char *buf = NULL;
+ char *l, *p, *c = NULL, *e;
bool escaped = false;
- if (!fgets(buf, sizeof buf, f)) {
- if (feof(f))
- break;
+ r = read_line(f, LONG_LINE_MAX, &buf);
+ if (r == 0)
+ break;
+ if (r == -ENOBUFS) {
+ if (warn)
+ log_error_errno(r, "%s:%u: Line too long", filename, line);
- return log_error_errno(errno, "Failed to read configuration file '%s': %m", filename);
+ return r;
+ }
+ if (r < 0) {
+ if (warn)
+ log_error_errno(r, "%s:%u: Error while reading configuration file: %m", filename, line);
+
+ return r;
}
l = buf;
- if (allow_bom && startswith(l, UTF8_BYTE_ORDER_MARK))
- l += strlen(UTF8_BYTE_ORDER_MARK);
- allow_bom = false;
+ if (allow_bom) {
+ char *q;
- truncate_nl(l);
+ q = startswith(buf, UTF8_BYTE_ORDER_MARK);
+ if (q) {
+ l = q;
+ allow_bom = false;
+ }
+ }
if (continuation) {
+ if (strlen(continuation) + strlen(l) > LONG_LINE_MAX) {
+ if (warn)
+ log_error("%s:%u: Continuation line too long", filename, line);
+ return -ENOBUFS;
+ }
+
c = strappend(continuation, l);
if (!c) {
if (warn)
@@ -387,8 +409,7 @@ int config_parse(const char *unit,
if (r < 0) {
if (warn)
- log_warning_errno(r, "Failed to parse file '%s': %m",
- filename);
+ log_warning_errno(r, "%s:%u: Failed to parse file: %m", filename, line);
return r;
}
}

101
0071-fileio-use-_cleanup_-for-FILE-unlocking.patch
View File

@ -1,101 +0,0 @@
From 2269f63e3bee44993cf57843d83369b03bec1d6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 23 Sep 2017 10:48:09 +0200
Subject: [PATCH] fileio: use _cleanup_ for FILE unlocking
(cherry picked from commit f858e5148e4f36335555dfaac812197ebd3ef036)
---
src/basic/fileio.c | 57 ++++++++++++++++++++++++++----------------------------
1 file changed, 27 insertions(+), 30 deletions(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index c66b7b814e..36cb0edaf4 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -1484,10 +1484,13 @@ int mkdtemp_malloc(const char *template, char **ret) {
return 0;
}
+static inline void funlockfilep(FILE **f) {
+ funlockfile(*f);
+}
+
int read_line(FILE *f, size_t limit, char **ret) {
_cleanup_free_ char *buffer = NULL;
size_t n = 0, allocated = 0, count = 0;
- int r;
assert(f);
@@ -1509,48 +1512,42 @@ int read_line(FILE *f, size_t limit, char **ret) {
return -ENOMEM;
}
- flockfile(f);
+ {
+ _cleanup_(funlockfilep) FILE *flocked = f;
+ flockfile(f);
- for (;;) {
- int c;
+ for (;;) {
+ int c;
- if (n >= limit) {
- funlockfile(f);
- return -ENOBUFS;
- }
+ if (n >= limit)
+ return -ENOBUFS;
+
+ errno = 0;
+ c = fgetc_unlocked(f);
+ if (c == EOF) {
+ /* if we read an error, and have no data to return, then propagate the error */
+ if (ferror_unlocked(f) && n == 0)
+ return errno > 0 ? -errno : -EIO;
- errno = 0;
- c = fgetc_unlocked(f);
- if (c == EOF) {
- /* if we read an error, and have no data to return, then propagate the error */
- if (ferror_unlocked(f) && n == 0) {
- r = errno > 0 ? -errno : -EIO;
- funlockfile(f);
- return r;
+ break;
}
- break;
- }
+ count++;
- count++;
+ if (IN_SET(c, '\n', 0)) /* Reached a delimiter */
+ break;
- if (IN_SET(c, '\n', 0)) /* Reached a delimiter */
- break;
+ if (ret) {
+ if (!GREEDY_REALLOC(buffer, allocated, n + 2))
+ return -ENOMEM;
- if (ret) {
- if (!GREEDY_REALLOC(buffer, allocated, n + 2)) {
- funlockfile(f);
- return -ENOMEM;
+ buffer[n] = (char) c;
}
- buffer[n] = (char) c;
+ n++;
}
-
- n++;
}
- funlockfile(f);
-
if (ret) {
buffer[n] = 0;

42
0072-test-conf-parser-use-_cleanup_.patch
View File

@ -1,42 +0,0 @@
From f365f6b194f4335e77f6c0f54b88b831c99a0f6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 21 Sep 2017 12:02:49 +0200
Subject: [PATCH] test-conf-parser: use _cleanup_
(cherry picked from commit a12807aaeaf20ff9507cf2c1e338d5c16d528a1e)
---
src/test/test-conf-parser.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index 81db9d1bd7..cd538f0d40 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -27,12 +27,10 @@
#include "util.h"
static void test_config_parse_path_one(const char *rvalue, const char *expected) {
- char *path = NULL;
+ _cleanup_free_ char *path = NULL;
assert_se(config_parse_path("unit", "filename", 1, "section", 1, "lvalue", 0, rvalue, &path, NULL) >= 0);
assert_se(streq_ptr(expected, path));
-
- free(path);
}
static void test_config_parse_log_level_one(const char *rvalue, int expected) {
@@ -78,12 +76,10 @@ static void test_config_parse_unsigned_one(const char *rvalue, unsigned expected
}
static void test_config_parse_strv_one(const char *rvalue, char **expected) {
- char **strv = 0;
+ _cleanup_strv_free_ char **strv = NULL;
assert_se(config_parse_strv("unit", "filename", 1, "section", 1, "lvalue", 0, rvalue, &strv, NULL) >= 0);
assert_se(strv_equal(expected, strv));
-
- strv_free(strv);
}
static void test_config_parse_mode_one(const char *rvalue, mode_t expected) {

90
0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch
View File

@ -1,90 +0,0 @@
From fd59e9d550fd944b4b629342c080c92703e7ef0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 21 Sep 2017 14:36:12 +0200
Subject: [PATCH] test-conf-parser: add tests for the new long lines, including
overflow handling
(cherry picked from commit 8f313f4febb4df13279aaae86c846bbb142a5a39)
---
src/test/test-conf-parser.c | 41 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index cd538f0d40..7a7de98bec 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -225,6 +225,10 @@ static void test_config_parse_iec_uint64(void) {
assert_se(config_parse_iec_uint64(NULL, "/this/file", 11, "Section", 22, "Size", 0, "4.5M", &offset, NULL) == 0);
}
+#define x10(x) x x x x x x x x x x
+#define x100(x) x10(x10(x))
+#define x1000(x) x10(x100(x))
+
static const char* const config_file[] = {
"[Section]\n"
"setting1=1\n",
@@ -251,6 +255,24 @@ static const char* const config_file[] = {
"\\\\2\n", /* note that C requires one level of escaping, so the
* parser gets "…1 BS BS BS NL BS BS 2 NL", which
* it translates into "…1 BS BS SP BS BS 2" */
+
+ "\n[Section]\n\n"
+ "setting1=" /* a line above LINE_MAX length */
+ x1000("ABCD")
+ "\n",
+
+ "[Section]\n"
+ "setting1=" /* a line above LINE_MAX length, with continuation */
+ x1000("ABCD") "\\\n"
+ "foobar",
+
+ "[Section]\n"
+ "setting1=" /* a line above the allowed limit: 9 + 1050000 + 1 */
+ x1000(x1000("x") x10("abcde")) "\n",
+
+ "[Section]\n"
+ "setting1=" /* many continuation lines, together above the limit */
+ x1000(x1000("x") x10("abcde") "\\\n") "xxx",
};
static void test_config_parse(unsigned i, const char *s) {
@@ -290,20 +312,37 @@ static void test_config_parse(unsigned i, const char *s) {
"Section\0",
config_item_table_lookup, items,
false, false, true, NULL);
- assert_se(r == 0);
switch (i) {
case 0 ... 3:
+ assert_se(r == 0);
assert_se(streq(setting1, "1"));
break;
case 4:
+ assert_se(r == 0);
assert_se(streq(setting1, "1 2 3"));
break;
case 5:
+ assert_se(r == 0);
assert_se(streq(setting1, "1\\\\ \\\\2"));
break;
+
+ case 6:
+ assert_se(r == 0);
+ assert_se(streq(setting1, x1000("ABCD")));
+ break;
+
+ case 7:
+ assert_se(r == 0);
+ assert_se(streq(setting1, x1000("ABCD") " foobar"));
+ break;
+
+ case 8 ... 9:
+ assert_se(r == -ENOBUFS);
+ assert_se(setting1 == NULL);
+ break;
}
}

32
0074-test-fileio-close-two-leaked-file-handles.patch
View File

@ -1,32 +0,0 @@
From 8873d22603623b4d611b178dfd597ed16081375a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 24 Sep 2017 08:59:49 +0200
Subject: [PATCH] test-fileio: close two leaked file handles
(cherry picked from commit 9707d55213959bb171ea810d56e9226f5ffa5466)
---
src/test/test-fileio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index 375b7a8910..eebaa2c155 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -209,7 +209,7 @@ static void test_parse_multiline_env_file(void) {
static void test_merge_env_file(void) {
char t[] = "/tmp/test-fileio-XXXXXX";
int fd, r;
- FILE *f;
+ _cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **a = NULL;
char **i;
@@ -278,7 +278,7 @@ static void test_merge_env_file(void) {
static void test_merge_env_file_invalid(void) {
char t[] = "/tmp/test-fileio-XXXXXX";
int fd, r;
- FILE *f;
+ _cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **a = NULL;
char **i;

104
0075-test-fileio-also-test-read_line-with-actual-files.patch
View File

@ -1,104 +0,0 @@
From 0e1ae5aba8476602b3e69ac470e20a2efa0380a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 24 Sep 2017 09:10:48 +0200
Subject: [PATCH] test-fileio: also test read_line() with actual files
Just in case the real FILE and the one from fmemopen weren't exactly
the same.
(cherry picked from commit 2c9de13912350f5887ccccdae9e1707512208053)
---
src/test/test-fileio.c | 64 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 51 insertions(+), 13 deletions(-)
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index eebaa2c155..7f22973157 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -663,21 +663,17 @@ static void test_tempfn(void) {
free(ret);
}
-static void test_read_line(void) {
- _cleanup_fclose_ FILE *f = NULL;
+static const char buffer[] =
+ "Some test data\n"
+ "With newlines, and a NUL byte\0"
+ "\n"
+ "an empty line\n"
+ "an ignored line\n"
+ "and a very long line that is supposed to be truncated, because it is so long\n";
+
+static void test_read_line_one_file(FILE *f) {
_cleanup_free_ char *line = NULL;
- char buffer[] =
- "Some test data\n"
- "With newlines, and a NUL byte\0"
- "\n"
- "an empty line\n"
- "an ignored line\n"
- "and a very long line that is supposed to be truncated, because it is so long\n";
-
- f = fmemopen(buffer, sizeof(buffer), "re");
- assert_se(f);
-
assert_se(read_line(f, (size_t) -1, &line) == 15 && streq(line, "Some test data"));
line = mfree(line);
@@ -706,6 +702,46 @@ static void test_read_line(void) {
assert_se(read_line(f, 1024, &line) == 0 && streq(line, ""));
}
+static void test_read_line(void) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *line = NULL;
+
+ f = fmemopen((void*) buffer, sizeof(buffer), "re");
+ assert_se(f);
+
+ test_read_line_one_file(f);
+}
+
+static void test_read_line2(void) {
+ char name[] = "/tmp/test-fileio.XXXXXX";
+ int fd;
+ _cleanup_fclose_ FILE *f = NULL;
+
+ fd = mkostemp_safe(name);
+ assert_se(fd >= 0);
+ assert_se((size_t) write(fd, buffer, sizeof(buffer)) == sizeof(buffer));
+
+ assert_se(lseek(fd, 0, SEEK_SET) == 0);
+ assert_se(f = fdopen(fd, "r"));
+
+ test_read_line_one_file(f);
+}
+
+static void test_read_line3(void) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *line = NULL;
+ int r;
+
+ f = fopen("/proc/cmdline", "re");
+ if (!f && IN_SET(errno, ENOENT, EPERM))
+ return;
+ assert_se(f);
+
+ r = read_line(f, LINE_MAX, &line);
+ assert_se((size_t) r == strlen(line) + 1);
+ assert_se(read_line(f, LINE_MAX, NULL) == 0);
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -728,6 +764,8 @@ int main(int argc, char *argv[]) {
test_writing_tmpfile();
test_tempfn();
test_read_line();
+ test_read_line2();
+ test_read_line3();
return 0;
}

34
0076-fileio-return-0-from-read_one_line_file-on-success.patch
View File

@ -1,34 +0,0 @@
From 32c49980110767e0ff013c0235e5e9a6bc2f3c31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 24 Sep 2017 14:27:21 +0200
Subject: [PATCH] fileio: return 0 from read_one_line_file on success
Fixup for f4b51a2d09. Suggested by Evgeny Vereshchagin.
(cherry picked from commit 2e33df93dee35af986683d1226f93e0f9659de5d)
---
src/basic/fileio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 36cb0edaf4..9d56b7ccbc 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -164,6 +164,7 @@ fail:
int read_one_line_file(const char *fn, char **line) {
_cleanup_fclose_ FILE *f = NULL;
+ int r;
assert(fn);
assert(line);
@@ -172,7 +173,8 @@ int read_one_line_file(const char *fn, char **line) {
if (!f)
return -errno;
- return read_line(f, LONG_LINE_MAX, line);
+ r = read_line(f, LONG_LINE_MAX, line);
+ return r < 0 ? r : 0;
}
int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {

25
0077-string-util-use-size_t-for-strjoina-macro-6914.patch
View File

@ -1,25 +0,0 @@
From 3c2e58887a5d9282670b3e41b6e584367a2bda18 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jlebon@users.noreply.github.com>
Date: Mon, 25 Sep 2017 15:56:57 -0400
Subject: [PATCH] string-util: use size_t for strjoina macro (#6914)
`strlen` returns a `size_t` and `alloca` expects a `size_t`.
(cherry picked from commit 35207e259ef44f62faf71acc4bbc7d43311a4583)
---
src/basic/string-util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
index be44dedff4..f8dde61549 100644
--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@@ -120,7 +120,7 @@ char *strjoin_real(const char *x, ...) _sentinel_;
({ \
const char *_appendees_[] = { a, __VA_ARGS__ }; \
char *_d_, *_p_; \
- int _len_ = 0; \
+ size_t _len_ = 0; \
unsigned _i_; \
for (_i_ = 0; _i_ < ELEMENTSOF(_appendees_) && _appendees_[_i_]; _i_++) \
_len_ += strlen(_appendees_[_i_]); \

22
0078-mount-util-add-fusectl-to-list-of-API-VFS.patch
View File

@ -1,22 +0,0 @@
From 63fe668593009a59cc2670d78974fccacb245c61 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 29 Sep 2017 14:36:06 +0200
Subject: [PATCH] mount-util: add fusectl to list of API VFS
(cherry picked from commit 7941e2189bf0a2118d4ad1fcf5ff2da534c3b67d)
---
src/basic/mount-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index cff44116c8..a13f12096c 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -564,6 +564,7 @@ bool fstype_is_api_vfs(const char *fstype) {
"devpts\0"
"devtmpfs\0"
"efivarfs\0"
+ "fusectl\0"
"hugetlbfs\0"
"mqueue\0"
"proc\0"

47
0079-units-do-not-kill-rescue-shell-when-machines.target-.patch
View File

@ -1,47 +0,0 @@
From a1bf52c278196d4bc8d419afeb6507c48e5fd461 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 11:38:08 +0100
Subject: [PATCH] units: do not kill rescue shell when machines.target is
started
The original aim of this commit is that starting machines.target from the
rescue shell would not kill the rescue shell and lock you out of the
system.
This is similar to commit 6579a622, for the conflict between
sysinit.target and the _emergency_ shell. That particular commit
introduced an ordering cycle and will need to be reverted and/or
fixed. This one does not, because it does not need to introduce any new
dependencies.
The reason why this commit is allowable also has it's own merit:
machines.target was not marked as AllowIsolate. Also, the point of
containers is to not escape them... I don't think we want to promote
machines.target as a default target or similar; you would generally want
some system service to allow you to shut down the machine, for example. I
don't see this approach used in CoreOS, nor in Fedora Atomic Host; we are
missing any positive examples of its utility.
Requires=basic.target / After=basic.target can be removed for the same
reason.
(cherry picked from commit a3b22cc5962efef2f4cd57d49f59a67e0617e9e0)
---
units/machines.target | 3 ---
1 file changed, 3 deletions(-)
diff --git a/units/machines.target b/units/machines.target
index 99618a19f7..e07b0bb6ae 100644
--- a/units/machines.target
+++ b/units/machines.target
@@ -8,9 +8,6 @@
[Unit]
Description=Containers
Documentation=man:systemd.special(7)
-Requires=basic.target
-Conflicts=rescue.service rescue.target
-After=basic.target rescue.service rescue.target
Before=multi-user.target
[Install]

62
0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch
View File

@ -1,62 +0,0 @@
From cbe2db129832eb71c03857a0029c1ff8dea27a45 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Fri, 29 Sep 2017 17:20:31 +0100
Subject: [PATCH] units: express Conflict in syslog.socket instead of
emergency.service
Note this commit only changes how the code is expressed; it does not change
the existence of any dependency.
The `Conflicts=` was added in 3136ec90, "Stop syslog.socket when entering
emergency mode". The discussion in the issue #266 raised concerns that
this might be needed for other units, but failed to point out why
syslog.socket is special. The reason is that syslog.socket has
DefaultDepedencies=no, so it does not get Requires=sysinit.target like
other socket units do. But syslog.service does require sysinit.target,
among other things.
We don't have many socket, path, or timer units with
DefaultDependencies=no, and I don't think any of the triggered services
have such additional hard dependencies as syslog.service does.
It is much less confusing if we keep this `Conflicts=` in the same file as
the `DefaultDependencies=no` which made it necessary.
(cherry picked from commit 950d8fcdd9aa7e71ad32ea224e7d6fbe0f9f53de)
---
units/emergency.service.in | 1 -
units/syslog.socket | 6 +++++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/units/emergency.service.in b/units/emergency.service.in
index e9eb238b98..8768fe137e 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -11,7 +11,6 @@ Documentation=man:sulogin(8)
DefaultDependencies=no
Conflicts=shutdown.target
Conflicts=rescue.service
-Conflicts=syslog.socket
Before=shutdown.target
[Service]
diff --git a/units/syslog.socket b/units/syslog.socket
index d3987cb9a8..372e8fcd45 100644
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -10,10 +10,14 @@ Description=Syslog Socket
Documentation=man:systemd.special(7)
Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog
DefaultDependencies=no
-Before=sockets.target shutdown.target
+Before=sockets.target
# Don't allow logging until the very end
Conflicts=shutdown.target
+Before=shutdown.target
+
+# Don't try to activate syslog.service if sysinit.target has failed.
+Conflicts=emergency.service
[Socket]
ListenDatagram=/run/systemd/journal/syslog

45
0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch
View File

@ -1,45 +0,0 @@
From 7533ad492b3c7e9fd3901ab948eb6a030761ce2f Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 11:45:03 +0100
Subject: [PATCH] units: add missing ordering deps for Conflicts= of
emergency.service
1. If we exited emergency mode immediately, we don't want to have an
irreversible stop job still running for syslog.socket. I _suspect_ that
can't happen, but let's not waste effort working out exactly why it's
impossible and not just very improbable.
2. Similarly, it seems undesirable to have rescue.service and
emergency.service both running with an open FD of /dev/console, for
however short a period.
(cherry picked from commit 6f6d1a8a6abae490e14e6a448895e36c6cefdefc)
---
units/emergency.service.in | 1 +
units/syslog.socket | 1 +
2 files changed, 2 insertions(+)
diff --git a/units/emergency.service.in b/units/emergency.service.in
index 8768fe137e..27c9a1c23e 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -12,6 +12,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
Conflicts=rescue.service
Before=shutdown.target
+Before=rescue.service
[Service]
Environment=HOME=/root
diff --git a/units/syslog.socket b/units/syslog.socket
index 372e8fcd45..43981904ea 100644
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -18,6 +18,7 @@ Before=shutdown.target
# Don't try to activate syslog.service if sysinit.target has failed.
Conflicts=emergency.service
+Before=emergency.service
[Socket]
ListenDatagram=/run/systemd/journal/syslog

55
0082-units-add-missing-Before-shutdown.target-for-units-w.patch
View File

@ -1,55 +0,0 @@
From ae3540d2387f24f3620ac1cd03dc952df654264b Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 12:10:38 +0100
Subject: [PATCH] units: add missing Before=shutdown.target for units which it
Conflicts
There's a few services missing this ordering.
Also remove a duplicate Conflicts=shutdown.target from
systemd-volatile-root.service.
(cherry picked from commit 0b9ad5bf2ec09e963f706fdba498d99f29f97a54)
---
units/system-update-cleanup.service.in | 1 +
units/systemd-networkd-wait-online.service.in | 2 +-
units/systemd-volatile-root.service.in | 1 -
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/units/system-update-cleanup.service.in b/units/system-update-cleanup.service.in
index 116be8bc2d..dc524da7a3 100644
--- a/units/system-update-cleanup.service.in
+++ b/units/system-update-cleanup.service.in
@@ -11,6 +11,7 @@ Documentation=man:systemd.special(5) man:systemd.offline-updates(7)
After=system-update.target
DefaultDependencies=no
Conflicts=shutdown.target
+Before=shutdown.target
# system-update-generator uses laccess("/system-update"), while a plain
# ConditionPathExists=/system-update uses access("/system-update"), so
diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in
index a84e91906d..89ca865b55 100644
--- a/units/systemd-networkd-wait-online.service.in
+++ b/units/systemd-networkd-wait-online.service.in
@@ -12,7 +12,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
Requires=systemd-networkd.service
After=systemd-networkd.service
-Before=network-online.target
+Before=network-online.target shutdown.target
[Service]
Type=oneshot
diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in
index cc4e604e4c..c5a4ca3c27 100644
--- a/units/systemd-volatile-root.service.in
+++ b/units/systemd-volatile-root.service.in
@@ -12,7 +12,6 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=sysroot.mount
Before=initrd-root-fs.target shutdown.target
-Conflicts=shutdown.target
AssertPathExists=/etc/initrd-release
[Service]

26
0083-units-DefaultDependencies-already-implies-conflict-w.patch
View File

@ -1,26 +0,0 @@
From 0854289230b44c44e2c312f50be24c2c286dc90f Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 12:46:32 +0100
Subject: [PATCH] units: DefaultDependencies already implies conflict with
shutdown.target
(and system-update.target does not have DefaultDependencies=no)
(cherry picked from commit 2d4b910383c6c14b3720e26cca11c223ad868d9d)
---
units/system-update.target | 2 --
1 file changed, 2 deletions(-)
diff --git a/units/system-update.target b/units/system-update.target
index 3542879706..b95639a876 100644
--- a/units/system-update.target
+++ b/units/system-update.target
@@ -10,8 +10,6 @@ Description=Offline System Update
Documentation=man:systemd.offline-updates(7)
Documentation=man:systemd.special(7) man:systemd-system-update-generator(8)
Requires=sysinit.target
-Conflicts=shutdown.target
After=sysinit.target
-Before=shutdown.target
AllowIsolate=yes
Wants=system-update-cleanup.service

26
0084-systemctl-supress-enable-disable-messages-when-q-is-.patch
View File

@ -1,26 +0,0 @@
From 2dcc7e34ae37e1a8f3af9ed91329b9cb9afd3e65 Mon Sep 17 00:00:00 2001
From: John Lin <johnlinp@gmail.com>
Date: Thu, 12 Oct 2017 02:22:51 +0800
Subject: [PATCH] systemctl: supress enable/disable messages when -q is given
(#7067)
Fixes: #7036
(cherry picked from commit 35d379b2e8b92388a73f245e5cfcaa7e7371e8a7)
(cherry picked from commit 6c5ff1d86e7e54f460599e92abbb4a5327e6a6db)
---
src/shared/bus-unit-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 5cbe663fa8..1e6cd05054 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -1071,7 +1071,7 @@ int bus_deserialize_and_dump_unit_file_changes(sd_bus_message *m, bool quiet, Un
if (r < 0)
return bus_log_parse_error(r);
- unit_file_dump_changes(0, NULL, *changes, *n_changes, false);
+ unit_file_dump_changes(0, NULL, *changes, *n_changes, quiet);
return 0;
}

64
0085-basic-env-util-drop-the-validation-when-deserializin.patch
View File

@ -1,64 +0,0 @@
From 91545520e9e0313302b1c1391a691e567f7b41dd Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 11 Oct 2017 09:29:30 +0200
Subject: [PATCH] basic/env-util: drop the validation when deserializing
environment
The environment variables we've serialized can quite possibly contain
characters outside the set allowed by env_assignment_is_valid(). In
fact, my environment seems to contain a couple of these:
* TERMCAP set by screen contains a '\x7f' character
* BASH_FUNC_module%% variable has a '%' character in name
Strict check of environment variables name and value certainly makes sense for
unit files, but not so much for deserialization of values we already had
in our environment.
(cherry picked from commit ea43bdd1d7c14e3695a4cc081e4ef4f964160dc1)
(cherry picked from commit cdc2ef6ba88210264f00997e7c99b7f3339c629e)
---
src/basic/env-util.c | 5 -----
src/test/test-env-util.c | 5 +++--
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
index 56e7b6fd8c..7c271973a3 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -799,10 +799,5 @@ int deserialize_environment(char ***environment, const char *line) {
if (r < 0)
return r;
- if (!env_assignment_is_valid(uce)) {
- free(uce);
- return -EINVAL;
- }
-
return strv_env_replace(environment, uce);
}
diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c
index 3a2492dc6f..b14d62760f 100644
--- a/src/test/test-env-util.c
+++ b/src/test/test-env-util.c
@@ -319,10 +319,10 @@ static void test_env_assignment_is_valid(void) {
static void test_deserialize_environment(void) {
_cleanup_strv_free_ char **env = strv_new("A=1", NULL);
- assert_se(deserialize_environment(&env, "env=test") < 0);
assert_se(deserialize_environment(&env, "env=B=2") >= 0);
+ assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0);
- assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2")));
+ assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e")));
}
static void test_serialize_environment(void) {
@@ -334,6 +334,7 @@ static void test_serialize_environment(void) {
"B=2",
"C=ąęółń",
"D=D=a\\x0Ab",
+ "FOO%%=a\177b\nc\td e",
NULL);
_cleanup_strv_free_ char **env2 = NULL;

42
0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch
View File

@ -1,42 +0,0 @@
From 24ee53d5b566b12c8c5be026b55bb8e48c1ca19f Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 11 Oct 2017 15:05:38 +0200
Subject: [PATCH] basic/env-util: don't relax unesaping of serialized
environment strings
We wrote them ourselves -- they shouldn't contain invalid sequences.
(cherry picked from commit c7d797bbdfaccd950988698823e17103f418a3c5)
(cherry picked from commit 1ff2852a188de9235a293a347683c4c012708fe8)
---
src/basic/env-util.c | 2 +-
src/test/test-env-util.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
index 7c271973a3..f629a1fc37 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -795,7 +795,7 @@ int deserialize_environment(char ***environment, const char *line) {
assert(environment);
assert(startswith(line, "env="));
- r = cunescape(line + 4, UNESCAPE_RELAX, &uce);
+ r = cunescape(line + 4, 0, &uce);
if (r < 0)
return r;
diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c
index b14d62760f..a76f691b79 100644
--- a/src/test/test-env-util.c
+++ b/src/test/test-env-util.c
@@ -323,6 +323,9 @@ static void test_deserialize_environment(void) {
assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0);
assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e")));
+
+ assert_se(deserialize_environment(&env, "env=foo\\") < 0);
+ assert_se(deserialize_environment(&env, "env=bar\\_baz") < 0);
}
static void test_serialize_environment(void) {

34
0087-networkd-Consider-linkLocalAddressing-state-while-co.patch
View File

@ -1,34 +0,0 @@
From ee8f87bc3433035652b053211b44c485eb81d72b Mon Sep 17 00:00:00 2001
From: Susant Sahani <145210+ssahani@users.noreply.github.com>
Date: Wed, 18 Oct 2017 14:42:59 +0530
Subject: [PATCH] networkd: Consider linkLocalAddressing state while
configuring ndisc. (#7012)
If linkLocalAddressing is disabled in for the interface still then
we look for ndisc configured or not in link_check_ready.
Link local is used automatic address configuration and neighbor discovery protocol.
If link local is disabled we should not configure ndisc.
Fixes #2713, #6441, #5841.
(cherry picked from commit 702c979fefc6d3e69c5982b8469ec8a47792d62f)
(cherry picked from commit 610f5ddb3c4ae3b08ddb1334bbdcbcf7799f091f)
---
src/network/networkd-link.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 4c57fa1793..d8b13be381 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -225,6 +225,9 @@ static bool link_ipv6_accept_ra_enabled(Link *link) {
if (!link->network)
return false;
+ if (!link_ipv6ll_enabled(link))
+ return false;
+
/* If unset use system default (enabled if local forwarding is disabled.
* disabled if local forwarding is enabled).
* If set, ignore or enforce RA independent of local forwarding state.

38
0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch
View File

@ -1,38 +0,0 @@
From ace9b102d1977c7776cb185f29aa6b6814897939 Mon Sep 17 00:00:00 2001
From: Susant Sahani <145210+ssahani@users.noreply.github.com>
Date: Wed, 18 Oct 2017 16:08:56 +0530
Subject: [PATCH] networkd: don't stop the dhcp server if it's not configured.
(#7083)
we call sd_dhcp_server_stop even if it's not configured when link is
down resulting unwanted logs.
```
Oct 10 13:41:07 nena systemd-networkd[126]: eth0: Lost carrier
Oct 10 13:41:07 nena systemd-networkd[126]: DHCP CLIENT (0x560f2dc5): STOPPED
Oct 10 13:41:07 nena systemd-networkd[126]: eth0: DHCP lease lost
Oct 10 13:41:07 nena systemd-networkd[126]: NDISC: Stopping IPv6 Router Solicitation client
Oct 10 13:41:07 nena systemd-networkd[126]: Assertion 'server' failed at ../src/libsystemd-network/sd-dhcp-server.c:256, function sd_dhcp_server_stop(). Ignoring.
```
fixes #7047
(cherry picked from commit 28464ae0e21e7b9dfea7b733f9470091b2480a9a)
(cherry picked from commit 14d3f593b115fb46361e5dab4de0bead8451ca27)
---
src/network/networkd-link.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index d8b13be381..fd6106c13d 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -3063,7 +3063,8 @@ static int link_carrier_lost(Link *link) {
return r;
}
- (void) sd_dhcp_server_stop(link->dhcp_server);
+ if (link_dhcp4_server_enabled(link))
+ (void) sd_dhcp_server_stop(link->dhcp_server);
r = link_drop_config(link);
if (r < 0)

32
0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch
View File

@ -1,32 +0,0 @@
From 02b8ffe180bc10370a172e8272499648f396fed7 Mon Sep 17 00:00:00 2001
From: myrkr <torsten.hilbrich@gmx.net>
Date: Tue, 24 Oct 2017 09:56:40 +0200
Subject: [PATCH] nspawn: Fix calculation of capabilities for configuration
file (#7087)
The current code shifting an integer 1 failed for capabilities like
CAP_MAC_ADMIN (numerical value 33). This caused issues when specifying
them in the nspawn configuration file. Using an uint64_t 1 instead.
The similar code for processing the --capability command line option
was already correctly working.
(cherry picked from commit 1898e5f9a37d1a50f8c0bd1147abe11c3d38a16b)
(cherry picked from commit b4c63693634d3a56a1afe22dd59c63a7e8fe99f8)
---
src/nspawn/nspawn-settings.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
index 5217d10665..19bc8ba4b8 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -200,7 +200,7 @@ int config_parse_capability(
continue;
}
- u |= 1 << ((uint64_t) cap);
+ u |= UINT64_C(1) << cap;
}
if (u == 0)

120
0090-timedatectl-stop-using-xstrftime.patch
View File

@ -1,120 +0,0 @@
From f720fbe4564bb322847a34a930e124bab2aac8b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Oct 2017 16:15:09 +0200
Subject: [PATCH] timedatectl: stop using xstrftime
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When using strftime in arbitrary locales, we cannot really say how big the
buffer should be. Let's make the buffer "large", which will work fine pretty
much always, and just print n/a if the timestamp does not fit. strftime returns
0 if the buffer is too small and a NUL-terminated string otherwise, so we
can drop the size specifications in string formatting.
$ export LANG=fa_IR.UTF-8
$ date
چهارشنبه ۱۸ اكتبر ۱۷، ساعت ۱۰:۵۴:۲۴ (+0330)
$ timedatectl
Assertion 'xstrftime: a[] must be big enough' failed at ../src/timedate/timedatectl.c:105, function print_status_info(). Aborting.
now:
$ timedatectl
Local time: چهارشنبه 2017-10-18 16:29:40 CEST
Universal time: چهارشنبه 2017-10-18 14:29:40 UTC
RTC time: چهارشنبه 2017-10-18 14:29:40
https://bugzilla.redhat.com/show_bug.cgi?id=1503452
(cherry picked from commit 14ce0c25c28ba58e80084e28b4f23884199900e4)
(cherry picked from commit b3e823e43c45b6233405d62e5f095c11130e638f)
---
src/basic/time-util.h | 4 ----
src/timedate/timedatectl.c | 27 ++++++++++++++-------------
2 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/src/basic/time-util.h b/src/basic/time-util.h
index 3b7f0e99c0..73f7e40066 100644
--- a/src/basic/time-util.h
+++ b/src/basic/time-util.h
@@ -148,10 +148,6 @@ clockid_t clock_boottime_or_monotonic(void);
usec_t usec_shift_clock(usec_t, clockid_t from, clockid_t to);
-#define xstrftime(buf, fmt, tm) \
- assert_message_se(strftime(buf, ELEMENTSOF(buf), fmt, tm) > 0, \
- "xstrftime: " #buf "[] must be big enough")
-
int get_timezone(char **timezone);
time_t mktime_or_timegm(struct tm *tm, bool utc);
diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
index 281b1534a3..2a011208ce 100644
--- a/src/timedate/timedatectl.c
+++ b/src/timedate/timedatectl.c
@@ -72,12 +72,13 @@ static void status_info_clear(StatusInfo *info) {
}
static void print_status_info(const StatusInfo *i) {
- char a[FORMAT_TIMESTAMP_MAX];
+ char a[LINE_MAX];
struct tm tm;
time_t sec;
bool have_time = false;
const char *old_tz = NULL, *tz;
int r;
+ size_t n;
assert(i);
@@ -102,11 +103,11 @@ static void print_status_info(const StatusInfo *i) {
log_warning("Could not get time from timedated and not operating locally, ignoring.");
if (have_time) {
- xstrftime(a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm));
- printf(" Local time: %.*s\n", (int) sizeof(a), a);
+ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm));
+ printf(" Local time: %s\n", n > 0 ? a : "n/a");
- xstrftime(a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm));
- printf(" Universal time: %.*s\n", (int) sizeof(a), a);
+ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm));
+ printf(" Universal time: %s\n", n > 0 ? a : "n/a");
} else {
printf(" Local time: %s\n", "n/a");
printf(" Universal time: %s\n", "n/a");
@@ -116,13 +117,13 @@ static void print_status_info(const StatusInfo *i) {
time_t rtc_sec;
rtc_sec = (time_t) (i->rtc_time / USEC_PER_SEC);
- xstrftime(a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm));
- printf(" RTC time: %.*s\n", (int) sizeof(a), a);
+ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm));
+ printf(" RTC time: %s\n", n > 0 ? a : "n/a");
} else
printf(" RTC time: %s\n", "n/a");
if (have_time)
- xstrftime(a, "%Z, %z", localtime_r(&sec, &tm));
+ n = strftime(a, sizeof a, "%Z, %z", localtime_r(&sec, &tm));
/* Restore the $TZ */
if (old_tz)
@@ -134,11 +135,11 @@ static void print_status_info(const StatusInfo *i) {
else
tzset();
- printf(" Time zone: %s (%.*s)\n"
- " Network time on: %s\n"
- "NTP synchronized: %s\n"
- " RTC in local TZ: %s\n",
- strna(i->timezone), (int) sizeof(a), have_time ? a : "n/a",
+ printf(" Time zone: %s (%s)\n"
+ " System clock synchronized: %s\n"
+ "systemd-timesyncd.service active: %s\n"
+ " RTC in local TZ: %s\n",
+ strna(i->timezone), have_time && n > 0 ? a : "n/a",
i->ntp_capable ? yes_no(i->ntp_enabled) : "n/a",
yes_no(i->ntp_synced),
yes_no(i->rtc_local));

38
0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch
View File

@ -1,38 +0,0 @@
From d6ac00972a031eda491a354bf3e2a6c9a7f2b553 Mon Sep 17 00:00:00 2001
From: Lauri Tirkkonen <lotheac@iki.fi>
Date: Tue, 24 Oct 2017 20:40:50 +0300
Subject: [PATCH] nspawn: EROFS for chowning mount points is not fatal (#7122)
This fixes --read-only with --private-users. mkdir_userns_p may return
-EROFS if either mkdir or lchown fails; lchown failing is fine as the
mount point will just be overmounted, and if mkdir fails then the
following mount() will also fail (with ENOENT).
(cherry picked from commit 4f13e534282414b5e58ef31a26cc5c3f06f8cb18)
(cherry picked from commit 1b7014dfc1584d1f3b10eb91c4f22e0deaca999d)
---
src/nspawn/nspawn-mount.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index ac7290732e..3d2151a06a 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -601,11 +601,15 @@ int mount_all(const char *dest,
r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift);
if (r < 0 && r != -EEXIST) {
- if (fatal)
+ if (fatal && r != -EROFS)
return log_error_errno(r, "Failed to create directory %s: %m", where);
log_debug_errno(r, "Failed to create directory %s: %m", where);
- continue;
+ /* If we failed mkdir() or chown() due to the root
+ * directory being read only, attempt to mount this fs
+ * anyway and let mount_verbose log any errors */
+ if (r != -EROFS)
+ continue;
}
o = mount_table[k].options;

38
0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
View File

@ -1,38 +0,0 @@
From 1e20ca63e06337b95f4b0deedc062511d2ff31cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 25 Oct 2017 11:19:19 +0200
Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62)
(cherry picked from commit 743b771c559c6101544f7358a42c8c519fe4b0db)
---
src/resolve/resolved-dns-packet.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 49a04615d4..1165940e0d 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1503,7 +1503,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
found = true;
- while (bitmask) {
+ for (; bitmask; bit++, bitmask >>= 1)
if (bitmap[i] & bitmask) {
uint16_t n;
@@ -1517,10 +1517,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
if (r < 0)
return r;
}
-
- bit++;
- bitmask >>= 1;
- }
}
if (!found)

143
0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch
View File

@ -1,143 +0,0 @@
From ea8cb69ee23cd67ef45ca34f1b192c9adb5fa878 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 9 Jul 2017 23:31:47 -0400
Subject: [PATCH] cryptsetup-generator: add a helper utility to create symlinks
It seems that there's a common pattern among the various generators. Let's add
a helper function for it and make use of it in cryptsetup-generator.
This fixes a bunch of theoretical memleaks in error paths, since *to wasn't
generally freed properly. Not thath it matters.
(cherry picked from commit b559616f2321643c5194b474d39a722cefaf6059)
---
src/cryptsetup/cryptsetup-generator.c | 53 ++++++++++-------------------------
src/shared/generator.c | 15 ++++++++++
src/shared/generator.h | 2 ++
3 files changed, 32 insertions(+), 38 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index afc5d7cf49..4edf709c3e 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -58,11 +58,11 @@ static int create_disk(
const char *password,
const char *options) {
- _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
+ _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *e = NULL,
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
+ const char *dmname;
bool noauto, nofail, tmp, swap;
- char *from;
int r;
assert(name);
@@ -120,7 +120,7 @@ static int create_disk(
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
fputs("After=systemd-random-seed.service\n", f);
- else if (!streq(password, "-") && !streq(password, "none")) {
+ else if (!STR_IN_SET(password, "-", "none")) {
_cleanup_free_ char *uu;
uu = fstab_node_to_udev_node(password);
@@ -186,46 +186,23 @@ static int create_disk(
if (r < 0)
return log_error_errno(r, "Failed to write file %s: %m", p);
- from = strjoina("../", n);
-
if (!noauto) {
-
- to = strjoin(arg_dest, "/", d, ".wants/", n);
- if (!to)
- return log_oom();
-
- mkdir_parents_label(to, 0755);
- if (symlink(from, to) < 0)
- return log_error_errno(errno, "Failed to create symlink %s: %m", to);
-
- free(to);
- if (!nofail)
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
- else
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
- if (!to)
- return log_oom();
-
- mkdir_parents_label(to, 0755);
- if (symlink(from, to) < 0)
- return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+ r = generator_add_symlink(arg_dest, d, "wants", n);
+ if (r < 0)
+ return r;
+
+ r = generator_add_symlink(arg_dest, "cryptsetup.target",
+ nofail ? "wants" : "requires", n);
+ if (r < 0)
+ return r;
}
- free(to);
- to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n);
- if (!to)
- return log_oom();
-
- mkdir_parents_label(to, 0755);
- if (symlink(from, to) < 0)
- return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+ dmname = strjoina("dev-mapper-", e, ".device");
+ r = generator_add_symlink(arg_dest, dmname, "requires", n);
+ if (r < 0)
+ return r;
if (!noauto && !nofail) {
- _cleanup_free_ char *dmname;
- dmname = strjoin("dev-mapper-", e, ".device");
- if (!dmname)
- return log_oom();
-
r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
"# Automatically generated by systemd-cryptsetup-generator \n\n"
"[Unit]\nJobTimeoutSec=0");
diff --git a/src/shared/generator.c b/src/shared/generator.c
index 6a887e3aad..325fe9fcbf 100644
--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@@ -37,6 +37,21 @@
#include "unit-name.h"
#include "util.h"
+int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src) {
+ /* Adds a symlink from <dst>.<dep_type>.d/ to ../<src> */
+
+ const char *from, *to;
+
+ from = strjoina("../", src);
+ to = strjoina(root, "/", dst, ".", dep_type, "/", src);
+
+ mkdir_parents_label(to, 0755);
+ if (symlink(from, to) < 0)
+ return log_error_errno(errno, "Failed to create symlink \"%s\": %m", to);
+
+ return 0;
+}
+
static int write_fsck_sysroot_service(const char *dir, const char *what) {
_cleanup_free_ char *device = NULL, *escaped = NULL;
_cleanup_fclose_ FILE *f = NULL;
diff --git a/src/shared/generator.h b/src/shared/generator.h
index 825d934c8e..e70016839f 100644
--- a/src/shared/generator.h
+++ b/src/shared/generator.h
@@ -21,6 +21,8 @@
#include <stdio.h>
+int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src);
+
int generator_write_fsck_deps(
FILE *f,
const char *dir,

24
0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch
View File

@ -1,24 +0,0 @@
From c55ccd92b9503bc074e6ffb07925f09024e9949d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 09:14:51 +0200
Subject: [PATCH] units: order cryptsetup-pre.target before cryptsetup.target
Normally this happens automatically, but if it happened that both targets were
pulled in, even though there were no cryptsetup units, they could be started
in reverse order, which would be somewhat confusing. Add an explicit ordering
to avoid this potential issue.
(cherry picked from commit 947d21171bdd8375db6482bc7d758d74b27f7dd4)
---
units/cryptsetup-pre.target | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 65353419fc..42e35dd4e4 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -9,3 +9,4 @@
Description=Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
+Before=cryptsetup.target

138
0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch
View File

@ -1,138 +0,0 @@
From ca24b1e7731260a972af22387aad16e506dc1826 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 10:15:13 +0200
Subject: [PATCH] units: add remote-cryptsetup.target and
remote-cryptsetup-pre.target
The pair is similar to remote-fs.target and remote-fs-pre.target. Any
cryptsetup devices which require network shall be ordered after
remote-cryptsetup-pre.target and before remote-cryptsetup.target.
(cherry picked from commit 889128b8b27abb13e1691a72e4ce0562c564e257)
---
man/systemd.special.xml | 23 +++++++++++++++++++++++
units/cryptsetup-pre.target | 2 +-
units/cryptsetup.target | 2 +-
units/meson.build | 3 +++
units/remote-cryptsetup-pre.target | 15 +++++++++++++++
units/remote-cryptsetup.target | 10 ++++++++++
6 files changed, 53 insertions(+), 2 deletions(-)
create mode 100644 units/remote-cryptsetup-pre.target
create mode 100644 units/remote-cryptsetup.target
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 66c45e39a3..7107b8a920 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,6 +81,8 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
+ <filename>remote-cryptsetup-pre.target</filename>,
+ <filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
<filename>rescue.target</filename>,
@@ -450,6 +452,27 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is automatically ordered before all cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to execute additional
+ units before such devices are set up.</para>
+
+ <para>It is ordered after <filename>network.target</filename> and
+ <filename>network-online.target</filename>, and also pulls the latter in as a
+ <varname>Wants=</varname> dependency.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup.target</filename></term>
+ <listitem>
+ <para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
+ devices which are accessed over the network. It is used for
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ entries marked with <option>_netdev</option>.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><filename>remote-fs.target</filename></term>
<listitem>
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 42e35dd4e4..6cb28a61ae 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes (Pre)
+Description=Local Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
Before=cryptsetup.target
diff --git a/units/cryptsetup.target b/units/cryptsetup.target
index 25d3e33f6a..10b17fd387 100644
--- a/units/cryptsetup.target
+++ b/units/cryptsetup.target
@@ -6,5 +6,5 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes
+Description=Local Encrypted Volumes
Documentation=man:systemd.special(7)
diff --git a/units/meson.build b/units/meson.build
index e94add6a6f..e6351c7a2e 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,6 +47,9 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
['remote-fs.target', '',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
new file mode 100644
index 0000000000..a375e61889
--- /dev/null
+++ b/units/remote-cryptsetup-pre.target
@@ -0,0 +1,15 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
+Before=remote-cryptsetup.target
+
+After=network.target network-online.target
+Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
new file mode 100644
index 0000000000..60943bd1cb
--- /dev/null
+++ b/units/remote-cryptsetup.target
@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes
+Documentation=man:systemd.special(7)

106
0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch
View File

@ -1,106 +0,0 @@
From 8f21747f369f6d88768d1409d95527c60f2cd7c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 11:30:33 +0200
Subject: [PATCH] cryptsetup-generator: use remote-cryptsetup.target when
_netdev is present
This allows such devices to depend on the network. Their startup will
be delayed similarly to network mount units.
Fixes #4642.
(cherry picked from commit b001ad61e91b6499897f0c977045c7608c233bfa)
---
man/crypttab.xml | 13 +++++++++++++
src/cryptsetup/cryptsetup-generator.c | 30 +++++++++++++++++-------------
2 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 17976f3704..162377ebc1 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -213,6 +213,19 @@
<option>size=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>_netdev</option></term>
+
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
+ started after the network is available, similarly to
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ units marked with <option>_netdev</option>. The service unit to set up this device
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ <filename>remote-cryptsetup.target</filename>, instead of
+ <filename>cryptsetup-pre.target</filename> and
+ <filename>cryptsetup.target</filename>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>noauto</option></term>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 4edf709c3e..962d712639 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -62,7 +62,7 @@ static int create_disk(
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
const char *dmname;
- bool noauto, nofail, tmp, swap;
+ bool noauto, nofail, tmp, swap, netdev;
int r;
assert(name);
@@ -72,6 +72,7 @@ static int create_disk(
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
tmp = fstab_test_option(options, "tmp\0");
swap = fstab_test_option(options, "swap\0");
+ netdev = fstab_test_option(options, "_netdev\0");
if (tmp && swap) {
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
@@ -102,20 +103,22 @@ static int create_disk(
if (!f)
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
- "[Unit]\n"
- "Description=Cryptography Setup for %I\n"
- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
- "SourcePath=/etc/crypttab\n"
- "DefaultDependencies=no\n"
- "Conflicts=umount.target\n"
- "IgnoreOnIsolate=true\n"
- "After=cryptsetup-pre.target\n",
- f);
+ fprintf(f,
+ "# Automatically generated by systemd-cryptsetup-generator\n\n"
+ "[Unit]\n"
+ "Description=Cryptography Setup for %%I\n"
+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
+ "SourcePath=/etc/crypttab\n"
+ "DefaultDependencies=no\n"
+ "Conflicts=umount.target\n"
+ "IgnoreOnIsolate=true\n"
+ "After=%s\n",
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
- "Before=cryptsetup.target\n");
+ "Before=%s\n",
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
@@ -191,7 +194,8 @@ static int create_disk(
if (r < 0)
return r;
- r = generator_add_symlink(arg_dest, "cryptsetup.target",
+ r = generator_add_symlink(arg_dest,
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target",
nofail ? "wants" : "requires", n);
if (r < 0)
return r;

44
0097-units-add-Install-section-to-remote-cryptsetup.targe.patch
View File

@ -1,44 +0,0 @@
From e937bdf0271e664ede61fafd74f8487334745d01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Oct 2017 22:13:03 +0200
Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target
This makes this target the same as remote-fs.target in this regard. In practice
it probably doesn't make that much difference, because all encrypted devices
that are part of remote-fs.target (marked with _netdev) will be used for mount
points, so they will be pulled in anyway individually, but with this change any
such device will be configured, even if it is not pulled by any other unit.
(cherry picked from commit 8f462b074eb9830d6d5029f70c9010ce50e68357)
(cherry picked from commit eaaa52cc40bc7f94762ca622d4bd3e9440ccee90)
---
system-preset/90-systemd.preset | 1 +
units/remote-cryptsetup.target | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset
index 3ba4bb760d..98bc4c3c55 100644
--- a/system-preset/90-systemd.preset
+++ b/system-preset/90-systemd.preset
@@ -9,6 +9,7 @@
# generally follow a default-off policy.
enable remote-fs.target
+enable remote-cryptsetup.target
enable machines.target
enable getty@.service
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index 60943bd1cb..c306d521f7 100644
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,3 +8,9 @@
[Unit]
Description=Remote Encrypted Volumes
Documentation=man:systemd.special(7)
+After=remote-cryptsetup-pre.target
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Install]
+WantedBy=multi-user.target

150
0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch
View File

@ -1,150 +0,0 @@
From e4340effce763b111fc14a64f759beef6ed3a276 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Oct 2017 22:34:54 +0200
Subject: [PATCH] units: replace remote-cryptsetup-pre.target with
remote-fs-pre.target
remote-cryptsetup-pre.target was designed as an active unit (that pulls in
network-online.target), the opposite of remote-fs-pre.target (a passive unit,
with individual provider services ordering itself before it and pulling it in,
for example iscsi.service and nfs-client.target).
To make remote-cryptsetup-pre.target really work, those services should be
ordered before it too. But this would require updates to all those services,
not just changes from systemd side.
But the requirements for remote-fs-pre.target and remote-cryptset-pre.target
are fairly similar (e.g. iscsi devices can certainly be used for both), so
let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses
a bit of flexibility, but does away with the requirement for various provider
services to know about remote-cryptsetup-pre.target.
(cherry picked from commit a0dd209763f9e67054ee322a2dfd52bccf345c2e)
(cherry picked from commit c5e8935962eadc9e901f4fe13e187aaaad487142)
---
man/crypttab.xml | 2 +-
man/systemd.special.xml | 20 ++++----------------
src/cryptsetup/cryptsetup-generator.c | 2 +-
units/meson.build | 1 -
units/remote-cryptsetup-pre.target | 15 ---------------
units/remote-cryptsetup.target | 2 +-
6 files changed, 7 insertions(+), 35 deletions(-)
delete mode 100644 units/remote-cryptsetup-pre.target
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 162377ebc1..239bbfa87d 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -220,7 +220,7 @@
started after the network is available, similarly to
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
units marked with <option>_netdev</option>. The service unit to set up this device
- will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ will be ordered between <filename>remote-fs-pre.target</filename> and
<filename>remote-cryptsetup.target</filename>, instead of
<filename>cryptsetup-pre.target</filename> and
<filename>cryptsetup.target</filename>.</para></listitem>
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 7107b8a920..145848dbc5 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,7 +81,6 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
- <filename>remote-cryptsetup-pre.target</filename>,
<filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
@@ -452,18 +451,6 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><filename>remote-cryptsetup-pre.target</filename></term>
- <listitem>
- <para>This target unit is automatically ordered before all cryptsetup devices
- marked with the <option>_netdev</option>. It can be used to execute additional
- units before such devices are set up.</para>
-
- <para>It is ordered after <filename>network.target</filename> and
- <filename>network-online.target</filename>, and also pulls the latter in as a
- <varname>Wants=</varname> dependency.</para>
- </listitem>
- </varlistentry>
<varlistentry>
<term><filename>remote-cryptsetup.target</filename></term>
<listitem>
@@ -864,9 +851,10 @@
<term><filename>remote-fs-pre.target</filename></term>
<listitem>
<para>This target unit is automatically ordered before all
- remote mount point units (see above). It can be used to run
- certain units before the remote mounts are established. Note
- that this unit is generally not part of the initial
+ mount point units (see above) and cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to run
+ certain units before remote encrypted devices and mounts are established.
+ Note that this unit is generally not part of the initial
transaction, unless the unit that wants to be ordered before
all remote mounts pulls it in via a
<varname>Wants=</varname> type dependency. If the unit wants
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 962d712639..4d68710c1d 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -113,7 +113,7 @@ static int create_disk(
"Conflicts=umount.target\n"
"IgnoreOnIsolate=true\n"
"After=%s\n",
- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
+ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
diff --git a/units/meson.build b/units/meson.build
index e6351c7a2e..d85cc491c9 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,7 +47,6 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
- ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
deleted file mode 100644
index a375e61889..0000000000
--- a/units/remote-cryptsetup-pre.target
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-[Unit]
-Description=Remote Encrypted Volumes (Pre)
-Documentation=man:systemd.special(7)
-RefuseManualStart=yes
-Before=remote-cryptsetup.target
-
-After=network.target network-online.target
-Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index c306d521f7..d485b06726 100644
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,7 +8,7 @@
[Unit]
Description=Remote Encrypted Volumes
Documentation=man:systemd.special(7)
-After=remote-cryptsetup-pre.target
+After=remote-fs-pre.target
DefaultDependencies=no
Conflicts=shutdown.target

41
0099-man-add-a-note-about-_netdev-usage.patch
View File

@ -1,41 +0,0 @@
From 3557377795afb0410c703707633dd5ad589fdd11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Oct 2017 22:43:58 +0200
Subject: [PATCH] man: add a note about _netdev usage
(cherry picked from commit 288c26165e0ff71857394f360f42432bc808556f)
(cherry picked from commit 51f2176d0df1088407afbadc138aeaa9dbe017e8)
---
man/crypttab.xml | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 239bbfa87d..88f8909a60 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -223,7 +223,16 @@
will be ordered between <filename>remote-fs-pre.target</filename> and
<filename>remote-cryptsetup.target</filename>, instead of
<filename>cryptsetup-pre.target</filename> and
- <filename>cryptsetup.target</filename>.</para></listitem>
+ <filename>cryptsetup.target</filename>.</para>
+
+ <para>Hint: if this device is used for a mount point that is specified in
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ the <option>_netdev</option> option should also be used for the mount
+ point. Otherwise, a dependency loop might be created where the mount point
+ will be pulled in by <filename>local-fs.target</filename>, while the
+ service to configure the network is usually only started <emphasis>after</emphasis>
+ the local file system has been mounted.</para>
+ </listitem>
</varlistentry>
<varlistentry>
@@ -431,6 +440,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>

28
0100-units-make-remote-cryptsetup.target-also-after-crypt.patch
View File

@ -1,28 +0,0 @@
From a33807a581643c73377d3ef476979bf1d53ccf08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Oct 2017 15:14:46 +0200
Subject: [PATCH] units: make remote-cryptsetup.target also after
cryptsetup-pre.target
This way people can order units before cryptsetup-pre.target and
have them run before any cryptsetup-related stuff.
(cherry picked from commit a0e030f53bad355be1084a0475eb30aae20e3e43)
(cherry picked from commit d56bbe6540ed5075ab6c2845c63d08c12499e46d)
---
units/remote-cryptsetup.target | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index d485b06726..ac4e1b71db 100644
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,7 +8,7 @@
[Unit]
Description=Remote Encrypted Volumes
Documentation=man:systemd.special(7)
-After=remote-fs-pre.target
+After=remote-fs-pre.target cryptsetup-pre.target
DefaultDependencies=no
Conflicts=shutdown.target

Some files were not shown because too many files have changed in this diff Show More