Update to v235

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-10-06 15:58:05 +02:00
parent ac49c72d1e
commit 3cb1145229
29 changed files with 273 additions and 1275 deletions

View File

@ -1,23 +0,0 @@
From b2954c2fbed0409adba2687b17fb956f002b2bbe Mon Sep 17 00:00:00 2001
From: Jeremy Bicha <jbicha@ubuntu.com>
Date: Thu, 13 Jul 2017 10:44:33 -0400
Subject: [PATCH] escape: Fix help description (#6352)
Resolves: #6351(cherry picked from commit 303608c1bcf9568371625fbbd9442946cadba422)
---
src/escape/escape.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/escape/escape.c b/src/escape/escape.c
index af98c98e40..89e885d47c 100644
--- a/src/escape/escape.c
+++ b/src/escape/escape.c
@@ -38,7 +38,7 @@ static bool arg_path = false;
static void help(void) {
printf("%s [OPTIONS...] [NAME...]\n\n"
- "Show system and user paths.\n\n"
+ "Escape strings for usage in system unit names.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --suffix=SUFFIX Unit suffix to append to escaped strings\n"

View File

@ -0,0 +1,249 @@
From b32bceb6c319f5a7b61f8bbfc14af8bb43effc11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20Dr=C4=85g?= <piotrdrag@gmail.com>
Date: Fri, 6 Oct 2017 16:10:33 +0200
Subject: [PATCH] po: update Polish translation (#7015)
---
po/pl.po | 104 +++++++++++++++++++++++++++++++++++++++++----------------------
1 file changed, 68 insertions(+), 36 deletions(-)
diff --git a/po/pl.po b/po/pl.po
index c289a2cd4c..0c8bec37dd 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -1,15 +1,15 @@
# Polish translation for systemd.
-# Copyright © 2011-2016 the systemd authors.
+# Copyright © 2011-2017 the systemd authors.
# This file is distributed under the same license as the systemd package.
-# Piotr Drąg <piotrdrag@gmail.com>, 2011, 2013-2016.
+# Piotr Drąg <piotrdrag@gmail.com>, 2011, 2013-2017.
# Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>, 2011.
#
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-10-05 19:01+0200\n"
-"PO-Revision-Date: 2016-10-05 19:02+0200\n"
+"POT-Creation-Date: 2017-10-06 15:29+0200\n"
+"PO-Revision-Date: 2017-10-05 15:30+0200\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
"Language: pl\n"
@@ -89,7 +89,7 @@ msgid ""
"as well as the pretty host name."
msgstr ""
"Wymagane jest uwierzytelnienie, aby ustawić statycznie skonfigurowaną nazwę "
-"lokalnego komputera, a także jego ładną nazwę."
+"lokalnego komputera, a także jego nazwę czytelną dla człowieka."
#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
msgid "Set machine information"
@@ -347,18 +347,50 @@ msgstr ""
"zażądał jego wstrzymania."
#: ../src/login/org.freedesktop.login1.policy.in.h:39
+msgid "Halt the system"
+msgstr "Zatrzymanie systemu"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:40
+msgid "Authentication is required for halting the system."
+msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać system."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:41
+msgid "Halt the system while other users are logged in"
+msgstr "Zatrzymanie systemu, kiedy są zalogowani inni użytkownicy"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:42
+msgid ""
+"Authentication is required for halting the system while other users are "
+"logged in."
+msgstr ""
+"Wymagane jest uwierzytelnienie, aby zatrzymać system, kiedy są zalogowani "
+"inni użytkownicy."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:43
+msgid "Halt the system while an application asked to inhibit it"
+msgstr "Zatrzymanie systemu, kiedy program zażądał jego wstrzymania"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:44
+msgid ""
+"Authentication is required for halting the system while an application asked "
+"to inhibit it."
+msgstr ""
+"Wymagane jest uwierzytelnienie, aby zatrzymać system, kiedy program zażądał "
+"jego wstrzymania."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:45
msgid "Suspend the system"
msgstr "Uśpienie systemu"
-#: ../src/login/org.freedesktop.login1.policy.in.h:40
+#: ../src/login/org.freedesktop.login1.policy.in.h:46
msgid "Authentication is required for suspending the system."
msgstr "Wymagane jest uwierzytelnienie, aby uśpić system."
-#: ../src/login/org.freedesktop.login1.policy.in.h:41
+#: ../src/login/org.freedesktop.login1.policy.in.h:47
msgid "Suspend the system while other users are logged in"
msgstr "Uśpienie systemu, kiedy są zalogowani inni użytkownicy"
-#: ../src/login/org.freedesktop.login1.policy.in.h:42
+#: ../src/login/org.freedesktop.login1.policy.in.h:48
msgid ""
"Authentication is required for suspending the system while other users are "
"logged in."
@@ -366,11 +398,11 @@ msgstr ""
"Wymagane jest uwierzytelnienie, aby uśpić system, kiedy są zalogowani inni "
"użytkownicy."
-#: ../src/login/org.freedesktop.login1.policy.in.h:43
+#: ../src/login/org.freedesktop.login1.policy.in.h:49
msgid "Suspend the system while an application asked to inhibit it"
msgstr "Uśpienie systemu, kiedy program zażądał jego wstrzymania"
-#: ../src/login/org.freedesktop.login1.policy.in.h:44
+#: ../src/login/org.freedesktop.login1.policy.in.h:50
msgid ""
"Authentication is required for suspending the system while an application "
"asked to inhibit it."
@@ -378,19 +410,19 @@ msgstr ""
"Wymagane jest uwierzytelnienie, aby uśpić system, kiedy program zażądał jego "
"wstrzymania."
-#: ../src/login/org.freedesktop.login1.policy.in.h:45
+#: ../src/login/org.freedesktop.login1.policy.in.h:51
msgid "Hibernate the system"
msgstr "Hibernacja systemu"
-#: ../src/login/org.freedesktop.login1.policy.in.h:46
+#: ../src/login/org.freedesktop.login1.policy.in.h:52
msgid "Authentication is required for hibernating the system."
msgstr "Wymagane jest uwierzytelnienie, aby zahibernować system."
-#: ../src/login/org.freedesktop.login1.policy.in.h:47
+#: ../src/login/org.freedesktop.login1.policy.in.h:53
msgid "Hibernate the system while other users are logged in"
msgstr "Hibernacja systemu, kiedy są zalogowani inni użytkownicy"
-#: ../src/login/org.freedesktop.login1.policy.in.h:48
+#: ../src/login/org.freedesktop.login1.policy.in.h:54
msgid ""
"Authentication is required for hibernating the system while other users are "
"logged in."
@@ -398,11 +430,11 @@ msgstr ""
"Wymagane jest uwierzytelnienie, aby zahibernować system, kiedy są zalogowani "
"inni użytkownicy."
-#: ../src/login/org.freedesktop.login1.policy.in.h:49
+#: ../src/login/org.freedesktop.login1.policy.in.h:55
msgid "Hibernate the system while an application asked to inhibit it"
msgstr "Hibernacja systemu, kiedy program zażądał jej wstrzymania"
-#: ../src/login/org.freedesktop.login1.policy.in.h:50
+#: ../src/login/org.freedesktop.login1.policy.in.h:56
msgid ""
"Authentication is required for hibernating the system while an application "
"asked to inhibit it."
@@ -410,31 +442,31 @@ msgstr ""
"Wymagane jest uwierzytelnienie, aby zahibernować system, kiedy program "
"zażądał jej wstrzymania."
-#: ../src/login/org.freedesktop.login1.policy.in.h:51
+#: ../src/login/org.freedesktop.login1.policy.in.h:57
msgid "Manage active sessions, users and seats"
msgstr "Zarządzanie aktywnymi sesjami, użytkownikami i stanowiskami"
-#: ../src/login/org.freedesktop.login1.policy.in.h:52
+#: ../src/login/org.freedesktop.login1.policy.in.h:58
msgid ""
"Authentication is required for managing active sessions, users and seats."
msgstr ""
"Wymagane jest uwierzytelnienie, aby zarządzać aktywnymi sesjami, "
"użytkownikami i stanowiskami."
-#: ../src/login/org.freedesktop.login1.policy.in.h:53
+#: ../src/login/org.freedesktop.login1.policy.in.h:59
msgid "Lock or unlock active sessions"
msgstr "Zablokowanie lub odblokowanie aktywnych sesji"
-#: ../src/login/org.freedesktop.login1.policy.in.h:54
+#: ../src/login/org.freedesktop.login1.policy.in.h:60
msgid "Authentication is required to lock or unlock active sessions."
msgstr ""
"Wymagane jest uwierzytelnienie, aby zablokować lub odblokować aktywne sesje."
-#: ../src/login/org.freedesktop.login1.policy.in.h:55
+#: ../src/login/org.freedesktop.login1.policy.in.h:61
msgid "Allow indication to the firmware to boot to setup interface"
msgstr "Wskazanie oprogramowaniu sprzętowemu, aby uruchomić interfejs ustawień"
-#: ../src/login/org.freedesktop.login1.policy.in.h:56
+#: ../src/login/org.freedesktop.login1.policy.in.h:62
msgid ""
"Authentication is required to indicate to the firmware to boot to setup "
"interface."
@@ -442,11 +474,11 @@ msgstr ""
"Wymagane jest uwierzytelnienie, aby wskazać oprogramowaniu sprzętowemu, że "
"należy uruchomić interfejs ustawień."
-#: ../src/login/org.freedesktop.login1.policy.in.h:57
+#: ../src/login/org.freedesktop.login1.policy.in.h:63
msgid "Set a wall message"
msgstr "Ustawienie komunikatu wall"
-#: ../src/login/org.freedesktop.login1.policy.in.h:58
+#: ../src/login/org.freedesktop.login1.policy.in.h:64
msgid "Authentication is required to set a wall message"
msgstr "Wymagane jest uwierzytelnienie, aby ustawić komunikat wall"
@@ -569,36 +601,36 @@ msgstr ""
"Wymagane jest uwierzytelnienie, aby kontrolować, czy włączyć synchronizację "
"czasu przez sieć."
-#: ../src/core/dbus-unit.c:459
+#: ../src/core/dbus-unit.c:458
msgid "Authentication is required to start '$(unit)'."
-msgstr "Wymagane jest uwierzytelnienie, aby uruchomić jednostkę „$(unit)”."
+msgstr "Wymagane jest uwierzytelnienie, aby uruchomić jednostkę „$(unit)”."
-#: ../src/core/dbus-unit.c:460
+#: ../src/core/dbus-unit.c:459
msgid "Authentication is required to stop '$(unit)'."
-msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać jednostkę „$(unit)”."
+msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać jednostkę „$(unit)”."
-#: ../src/core/dbus-unit.c:461
+#: ../src/core/dbus-unit.c:460
msgid "Authentication is required to reload '$(unit)'."
msgstr ""
-"Wymagane jest uwierzytelnienie, aby ponownie wczytać jednostkę „$(unit)”."
+"Wymagane jest uwierzytelnienie, aby ponownie wczytać jednostkę „$(unit)”."
-#: ../src/core/dbus-unit.c:462 ../src/core/dbus-unit.c:463
+#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462
msgid "Authentication is required to restart '$(unit)'."
msgstr ""
-"Wymagane jest uwierzytelnienie, aby ponownie uruchomić jednostkę „$(unit)”."
+"Wymagane jest uwierzytelnienie, aby ponownie uruchomić jednostkę „$(unit)”."
-#: ../src/core/dbus-unit.c:570
+#: ../src/core/dbus-unit.c:569
msgid "Authentication is required to kill '$(unit)'."
msgstr ""
-"Wymagane jest uwierzytelnienie, aby wymusić wyłączenie jednostki „$(unit)”."
+"Wymagane jest uwierzytelnienie, aby wymusić wyłączenie jednostki „$(unit)”."
-#: ../src/core/dbus-unit.c:601
+#: ../src/core/dbus-unit.c:600
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Wymagane jest uwierzytelnienie, aby przywrócić stan „failed” (niepowodzenia) "
"jednostki „$(unit)”."
-#: ../src/core/dbus-unit.c:634
+#: ../src/core/dbus-unit.c:633
msgid "Authentication is required to set properties on '$(unit)'."
msgstr ""
"Wymagane jest uwierzytelnienie, aby ustawić właściwości jednostki „$(unit)”."

View File

@ -1,51 +0,0 @@
From 33145774d9d41ac306f972e0247c9a073d5dbfc9 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 14 Jul 2017 18:28:28 +0200
Subject: [PATCH] build-sys: install udev rule 70-joystick.{rules,hwdb} (#6363)
* meson: install udev files 70-joystick.{rules,hwdb}
* Makefile: install udev file 70-joystick.hwdb
(cherry picked from commit 816be2ba448940e2517dba81492e80b1e6a5954f)
---
Makefile.am | 1 +
hwdb/meson.build | 1 +
rules/meson.build | 1 +
3 files changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index c16e62280b..b95c93bb98 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4062,6 +4062,7 @@ dist_udevhwdb_DATA = \
hwdb/60-evdev.hwdb \
hwdb/60-keyboard.hwdb \
hwdb/60-sensor.hwdb \
+ hwdb/70-joystick.hwdb \
hwdb/70-mouse.hwdb \
hwdb/70-pointingstick.hwdb \
hwdb/70-touchpad.hwdb
diff --git a/hwdb/meson.build b/hwdb/meson.build
index 74a93f9ccb..6fceff2b3b 100644
--- a/hwdb/meson.build
+++ b/hwdb/meson.build
@@ -12,6 +12,7 @@ hwdb_files = files('''
60-evdev.hwdb
60-keyboard.hwdb
60-sensor.hwdb
+ 70-joystick.hwdb
70-mouse.hwdb
70-pointingstick.hwdb
70-touchpad.hwdb
diff --git a/rules/meson.build b/rules/meson.build
index 0f818a506f..7f4725ad65 100644
--- a/rules/meson.build
+++ b/rules/meson.build
@@ -12,6 +12,7 @@ rules = files('''
60-sensor.rules
60-serial.rules
64-btrfs.rules
+ 70-joystick.rules
70-mouse.rules
70-touchpad.rules
75-net-description.rules

View File

@ -1,22 +0,0 @@
From a1b21ca91835ec0322ccd0eedf9951ba0e52db80 Mon Sep 17 00:00:00 2001
From: IPv4v6 <mail.ipv4v6@gmail.com>
Date: Sat, 15 Jul 2017 13:53:21 +0200
Subject: [PATCH] add version argument to help function (#6377)
Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>(cherry picked from commit cb4069d95e447e8a01fc3feee6d6cb99669c4c38)
---
src/core/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/main.c b/src/core/main.c
index 88e2c92504..babcab4978 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1091,6 +1091,7 @@ static int help(void) {
printf("%s [OPTIONS...]\n\n"
"Starts up and maintains the system or user services.\n\n"
" -h --help Show this help\n"
+ " --version Show version\n"
" --test Determine startup sequence, dump it and exit\n"
" --no-pager Do not pipe output into a pager\n"
" --dump-configuration-items Dump understood unit configuration items\n"

View File

@ -1,79 +0,0 @@
From 5d56b6fb41fb29cd636e64f079f9a1e1982820be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:28:02 +0000
Subject: [PATCH] seccomp: arm64/x32 do not have _sysctl
So don't even try to added the filter to reduce noise.
The test is updated to skip calling _sysctl because the kernel prints
an oops-like message that is confusing and unhelpful:
Jul 15 21:07:01 rpi3 kernel: test-seccomp[8448]: syscall -10080
Jul 15 21:07:01 rpi3 kernel: Code: aa0503e4 aa0603e5 aa0703e6 d4000001 (b13ffc1f)
Jul 15 21:07:01 rpi3 kernel: CPU: 3 PID: 8448 Comm: test-seccomp Tainted: G W 4.11.8-300.fc26.aarch64 #1
Jul 15 21:07:01 rpi3 kernel: Hardware name: raspberrypi rpi/rpi, BIOS 2017.05 06/24/2017
Jul 15 21:07:01 rpi3 kernel: task: ffff80002bb0bb00 task.stack: ffff800036354000
Jul 15 21:07:01 rpi3 kernel: PC is at 0xffff8669c7c4
Jul 15 21:07:01 rpi3 kernel: LR is at 0xaaaac64b6750
Jul 15 21:07:01 rpi3 kernel: pc : [<0000ffff8669c7c4>] lr : [<0000aaaac64b6750>] pstate: 60000000
Jul 15 21:07:01 rpi3 kernel: sp : 0000ffffdc640fd0
Jul 15 21:07:01 rpi3 kernel: x29: 0000ffffdc640fd0 x28: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x27: 0000000000000000 x26: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x25: 0000000000000000 x24: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x23: 0000000000000000 x22: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x21: 0000aaaac64b4940 x20: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x19: 0000aaaac64b88f8 x18: 0000000000000020
Jul 15 21:07:01 rpi3 kernel: x17: 0000ffff8669c7a0 x16: 0000aaaac64d2ee0
Jul 15 21:07:01 rpi3 kernel: x15: 0000000000000000 x14: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x13: 203a657275746365 x12: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x11: 0000ffffdc640418 x10: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x9 : 0000000000000005 x8 : 00000000ffffd8a0
Jul 15 21:07:01 rpi3 kernel: x7 : 7f7f7f7f7f7f7f7f x6 : 7f7f7f7f7f7f7f7f
Jul 15 21:07:01 rpi3 kernel: x5 : 65736d68716f7277 x4 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x3 : 0000000000000008 x2 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x1 : 0000000000000000 x0 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel:
(cherry picked from commit 1e20e640132c700c23494bb9e2619afb83878380)
(cherry picked from commit 2e64e8f46d726689a44d4084226fe3e0ea255c29)
---
src/shared/seccomp-util.c | 4 ++++
src/test/test-seccomp.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 36843d4bf5..1a8bfbe416 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -899,6 +899,10 @@ int seccomp_protect_sysctl(void) {
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
+ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64))
+ /* No _sysctl syscall */
+ continue;
+
r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW);
if (r < 0)
return r;
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index efd145e063..50fe24c794 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -244,13 +244,17 @@ static void test_protect_sysctl(void) {
assert_se(pid >= 0);
if (pid == 0) {
+#if __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, NULL) < 0);
assert_se(errno == EFAULT);
+#endif
assert_se(seccomp_protect_sysctl() >= 0);
+#if __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
assert_se(errno == EPERM);
+#endif
_exit(EXIT_SUCCESS);
}

View File

@ -1,40 +0,0 @@
From e04118bd11f8268e7ee7b893f861f18f03bc6970 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:30:01 +0000
Subject: [PATCH] seccomp: arm64 does not have mmap2
I messed up when adding the definitions in 4278d1f5310f5acb4c6a6788233625234edb5145.
Unfortunately I didn't have the hardware at hand and went by
looking at the kernel headers.
(cherry picked from commit 53196fafcb7b24b45ed4f48ab894d00a24a6d871)
(cherry picked from commit 79873bc850177050baa0c5165b119adafeebb891)
---
src/shared/seccomp-util.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 1a8bfbe416..637ee8526e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1223,10 +1223,6 @@ int seccomp_memory_deny_write_execute(void) {
break;
- case SCMP_ARCH_AARCH64:
- block_syscall = SCMP_SYS(mmap);
- /* fall through */
-
case SCMP_ARCH_ARM:
filter_syscall = SCMP_SYS(mmap2); /* arm has only mmap2 */
shmat_syscall = SCMP_SYS(shmat);
@@ -1234,7 +1230,8 @@ int seccomp_memory_deny_write_execute(void) {
case SCMP_ARCH_X86_64:
case SCMP_ARCH_X32:
- filter_syscall = SCMP_SYS(mmap); /* amd64 and x32 have only mmap */
+ case SCMP_ARCH_AARCH64:
+ filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */
shmat_syscall = SCMP_SYS(shmat);
break;

View File

@ -1,41 +0,0 @@
From 5a3e65fa2537b31334ccb8b73a28208a3b535076 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:30:48 +0000
Subject: [PATCH] test-seccomp: arm64 does not have access() and poll()
glibc uses faccessat and ppoll, so just add a filters for that.
(cherry picked from commit abc0213839fef92e2e2b98a434914f22ece48490)
(cherry picked from commit f60a865a496e1e6fde7436b4013dd8ff677f29a1)
---
src/test/test-seccomp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 50fe24c794..28fe206507 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -529,7 +529,11 @@ static void test_load_syscall_filter_set_raw(void) {
assert_se(poll(NULL, 0, 0) == 0);
assert_se(s = set_new(NULL));
+#if SCMP_SYS(access) >= 0
assert_se(set_put(s, UINT32_TO_PTR(__NR_access + 1)) >= 0);
+#else
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_faccessat + 1)) >= 0);
+#endif
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN)) >= 0);
@@ -541,7 +545,11 @@ static void test_load_syscall_filter_set_raw(void) {
s = set_free(s);
assert_se(s = set_new(NULL));
+#if SCMP_SYS(poll) >= 0
assert_se(set_put(s, UINT32_TO_PTR(__NR_poll + 1)) >= 0);
+#else
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_ppoll + 1)) >= 0);
+#endif
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH)) >= 0);

View File

@ -1,31 +0,0 @@
From 713917bd94272fc65d94016a208b72309ae1320a Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Mon, 17 Jul 2017 18:03:34 +1000
Subject: [PATCH] fstab-generator: ignore x-systemd.device-timeout for
non-devices (#6368)
If you specify "x-systemd.device-timeout" for an NFS mount
point, you get no warning and a meaningless device unit
dependency created.
Better to have a warning and no dependency.
(cherry picked from commit c67bd1f758f087496741ce0b3e227d82c6b4a304)
---
src/shared/generator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/shared/generator.c b/src/shared/generator.c
index 6a78ebbda7..6a887e3aad 100644
--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@@ -182,6 +182,10 @@ int generator_write_timeouts(
node = fstab_node_to_udev_node(what);
if (!node)
return log_oom();
+ if (!is_device_path(node)) {
+ log_warning("x-systemd.device-timeout ignored for %s", what);
+ return 0;
+ }
r = unit_name_from_path(node, ".device", &unit);
if (r < 0)

View File

@ -1,22 +0,0 @@
From 83030c7aea991d863591df2e09d41bb19d6e01d0 Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 13 Jul 2017 13:06:34 +0900
Subject: [PATCH] core: modify resource leak by SmackProcessLabel=
(cherry picked from commit 5b8e1b7755092e162bcf0bad8afe2e55dfbbd9e2)
---
src/core/execute.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index d72e5bf08c..4ed133fb6a 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3099,6 +3099,7 @@ void exec_context_done(ExecContext *c) {
c->utmp_id = mfree(c->utmp_id);
c->selinux_context = mfree(c->selinux_context);
c->apparmor_profile = mfree(c->apparmor_profile);
+ c->smack_process_label = mfree(c->smack_process_label);
c->syscall_filter = set_free(c->syscall_filter);
c->syscall_archs = set_free(c->syscall_archs);

View File

@ -1,31 +0,0 @@
From d8e3c9d25867f7081f060f1491186b6e3b30975b Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 13 Jul 2017 13:10:41 +0900
Subject: [PATCH] core: dump also missed security context
(cherry picked from commit 80c21aea118eeccfb2a0fcc5986b4432588dc857)
---
src/core/execute.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index 4ed133fb6a..62faa028a1 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3614,6 +3614,16 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
"%sSELinuxContext: %s%s\n",
prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
+ if (c->apparmor_profile)
+ fprintf(f,
+ "%sAppArmorProfile: %s%s\n",
+ prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
+
+ if (c->smack_process_label)
+ fprintf(f,
+ "%sSmackProcessLabel: %s%s\n",
+ prefix, c->smack_process_label_ignore ? "-" : "", c->smack_process_label);
+
if (c->personality != PERSONALITY_INVALID)
fprintf(f,
"%sPersonality: %s\n",

View File

@ -1,32 +0,0 @@
From 3dd07ebf08dd630b0f50dfff3ef6d05628b8708b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Mon, 17 Jul 2017 10:04:37 +0200
Subject: [PATCH] journald: make sure we retain all stream fds across restarts
(#6348)
Currently we set 4096 as maximum for number of stream connections that
we accept. However maximum number of file descriptors that systemd is
willing to accept from us is just 1024. This means we can't retain all
stream connections that we accepted. Hence bump the limit of fds in a
unit file so that systemd holds open all stream fds while we are
restarted.
New limit is set to 4224 (4096 + 128).
(cherry picked from commit 3c978aca69e0e43d4dd453437ec9c498ea788795)
---
units/systemd-journald.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 66b7c6a48e..1e86d63648 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -21,7 +21,7 @@ Restart=always
RestartSec=0
StandardOutput=null
WatchdogSec=3min
-FileDescriptorStoreMax=1024
+FileDescriptorStoreMax=4224
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
MemoryDenyWriteExecute=yes
RestrictRealtime=yes

View File

@ -1,37 +0,0 @@
From d52e2bb9c20216972754c054e8534bca28baab66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 17 Jul 2017 15:45:44 -0400
Subject: [PATCH] Use config_parse_sec_fix_0() also for JobRunningTimeoutSec
2d79a0bbb9f651656384a0a86ed814e6306fb5dd did that for TimeoutSec=,
89beff89edba592366b2960bd830d3f6e602c2c7 did that for JobTimeoutSec=,
and 0004f698df1410ef8b6ab3fb5f4b41a60c91182c did that for
x-systemd.device-timeout=. But after parsing x-systemd.device-timeout=xxx
we write it out as JobRunningTimeoutSec=xxx. Two options:
- write out JobRunningTimeoutSec=<a very big number>,
- change JobRunningTimeoutSec= to behave like the other options.
I think it would be confusing for JobRunningTimeoutSec= to have different
syntax then TimeoutSec= and JobTimeoutSec=, so this patch implements the
second option.
Fixes #6264, https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
(cherry picked from commit 4a06cbf8387555c7c04a1ee6f0c5a6f858bf4b19)
---
src/core/load-fragment-gperf.gperf.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 5b5a86250e..7fb39cf948 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -194,7 +194,7 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0,
Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate)
Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0
Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout)
-Unit.JobRunningTimeoutSec, config_parse_sec, 0, offsetof(Unit, job_running_timeout)
+Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout)
Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action)
Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg)
Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval)

View File

@ -1,31 +0,0 @@
From e48936b0be085f15a2e2ac88b2e50a91a66782ac Mon Sep 17 00:00:00 2001
From: Daniel Berrange <berrange@redhat.com>
Date: Wed, 19 Jul 2017 10:06:07 +0100
Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399)
QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG"
on x86 when running with the TCG CPU emulator:
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html
Existing methods of detecting QEMU are left unchanged for sake of
backcompatibility.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe)
---
src/basic/virt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 6011744523..5143ac6656 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -46,6 +46,7 @@ static int detect_vm_cpuid(void) {
} cpuid_vendor_table[] = {
{ "XenVMMXenVMM", VIRTUALIZATION_XEN },
{ "KVMKVMKVM", VIRTUALIZATION_KVM },
+ { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU },
/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
{ "VMwareVMware", VIRTUALIZATION_VMWARE },
/* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */

View File

@ -1,28 +0,0 @@
From 8864ff594b43a34e5a593da42336f28e2f30b9f5 Mon Sep 17 00:00:00 2001
From: Felipe Sateler <fsateler@users.noreply.github.com>
Date: Wed, 19 Jul 2017 20:48:23 -0400
Subject: [PATCH] test-condition: don't assume that all non-root users are
normal users (#6409)
Automated builders may run under a dedicated system user, and this test would fail that
Fixes #6366
(cherry picked from commit 708d423915c4ea48d408b5a3395c11055247b9bc)
---
src/test/test-condition.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index 121345cfd1..b15f1b98c0 100644
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -390,7 +390,7 @@ static void test_condition_test_user(void) {
assert_se(condition);
r = condition_test(condition);
log_info("ConditionUser=@system → %i", r);
- if (geteuid() == 0)
+ if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX)
assert_se(r > 0);
else
assert_se(r == 0);

View File

@ -1,31 +0,0 @@
From eca55fbc51056b2a4fa3242917b6fc2f0c02e981 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 20 Jul 2017 19:13:09 +0200
Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411)
In case fstab-generator is called in the initrd, chase_symlinks()
returns with a canonical path "/sysroot/sysroot/<mountpoint>", if the
"/sysroot" prefix is present in the path.
This patch skips the "/sysroot" prefix for the chase_symlinks() call,
because "/sysroot" is already the root directory and chase_symlinks()
prepends the root directory in the canonical path returned.
(cherry picked from commit 98eda38aed6a10c4f6d6ad0cac6e5361e87de52b)
---
src/fstab-generator/fstab-generator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 7f23b9fd74..f172e9c07b 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -537,7 +537,7 @@ static int parse_fstab(bool initrd) {
continue;
}
- where = initrd ? strappend("/sysroot/", me->mnt_dir) : strdup(me->mnt_dir);
+ where = strdup(me->mnt_dir);
if (!where)
return log_oom();

View File

@ -1,31 +0,0 @@
From 0e50428d3699e3ad25861f458540d24038cfaa4e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Jul 2017 20:46:58 +0200
Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message
from unexpected process (#6416)
Given that we set NOTIFY_SOCKET unconditionally it's not surprising that
processes way down the process tree think it's smart to send us a
notification message.
It's still useful to keep this message, for debugging things, but it
shouldn't be generated by default.
(cherry picked from commit 8cb574307963d1aeb1c53e1d1fbeee4a2be37259)
---
src/nspawn/nspawn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 8a5fedd4b0..0cbd8c3491 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2836,7 +2836,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
}
if (!ucred || ucred->pid != inner_child_pid) {
- log_warning("Received notify message without valid credentials. Ignoring.");
+ log_debug("Received notify message without valid credentials. Ignoring.");
return 0;
}

View File

@ -1,71 +0,0 @@
From 29d9cfc097586ac79911a5f5035c45b1971a5b1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 22 Jul 2017 08:39:49 -0400
Subject: [PATCH] Revert "core: don't load dropin data multiple times for the
same unit (#5139)"
This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244.
When we add another name to a unit (by following an alias), we need to
reload all drop-ins. This is necessary to load any additional dropins
found in the dirs created from the alias name.
Fixes #6334.
(cherry picked from commit 9e4ea9cc34fa032a47c253ddd94ac6c7afda663e)
---
src/core/unit.c | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index b28eeb2262..9d913e8c64 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1098,7 +1098,6 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
/* Common implementation for multiple backends */
int unit_load_fragment_and_dropin(Unit *u) {
- Unit *t;
int r;
assert(u);
@@ -1111,18 +1110,15 @@ int unit_load_fragment_and_dropin(Unit *u) {
if (u->load_state == UNIT_STUB)
return -ENOENT;
- /* If the unit is an alias and the final unit has already been
- * loaded, there's no point in reloading the dropins one more time. */
- t = unit_follow_merge(u);
- if (t != u && t->load_state != UNIT_STUB)
- return 0;
-
- return unit_load_dropin(t);
+ /* Load drop-in directory data. If u is an alias, we might be reloading the
+ * target unit needlessly. But we cannot be sure which drops-ins have already
+ * been loaded and which not, at least without doing complicated book-keeping,
+ * so let's always reread all drop-ins. */
+ return unit_load_dropin(unit_follow_merge(u));
}
/* Common implementation for multiple backends */
int unit_load_fragment_and_dropin_optional(Unit *u) {
- Unit *t;
int r;
assert(u);
@@ -1138,13 +1134,8 @@ int unit_load_fragment_and_dropin_optional(Unit *u) {
if (u->load_state == UNIT_STUB)
u->load_state = UNIT_LOADED;
- /* If the unit is an alias and the final unit has already been
- * loaded, there's no point in reloading the dropins one more time. */
- t = unit_follow_merge(u);
- if (t != u && t->load_state != UNIT_STUB)
- return 0;
-
- return unit_load_dropin(t);
+ /* Load drop-in directory data */
+ return unit_load_dropin(unit_follow_merge(u));
}
int unit_add_default_target_dependency(Unit *u, Unit *target) {

View File

@ -1,73 +0,0 @@
From f6441eaf050267c05ef8df8d5614bb598528942f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 27 Jul 2017 20:22:54 +0900
Subject: [PATCH] bash-completion: use the first argument instead of the global
variable (#6457)
Without this fix:
$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
224
the number of the suggestions are quite different, as __get_startable_units --system does
not filter already started units. With this fix,
$ systemctl start <tab>
Display all 135 possibilities? (y or n)
$ __get_startable_units --system | wc -l
123
$ __get_template_names --system | wc -l
12
the number of the suggestions matches one the function returns.
For consistency with the other internal functions, it should use the first argument
instead of the global variable $mode.
[zj: add commit message to make it sound like we know what we're doing]
(cherry picked from commit 6bda23dd6aaba50cf8e3e6024248cf736cc443ca)
---
shell-completion/bash/systemctl.in | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in
index 0398d09d18..bde28efc3e 100644
--- a/shell-completion/bash/systemctl.in
+++ b/shell-completion/bash/systemctl.in
@@ -68,7 +68,7 @@ __filter_units_by_properties () {
done
for ((i=0; i < ${#units[*]}; i++)); do
for ((j=0; j < ${#conditions[*]}; j++)); do
- if [[ "${props[ i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then
+ if [[ "${props[i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then
break
fi
done
@@ -87,19 +87,19 @@ __get_active_units () { __systemctl $1 list-units \
| { while read -r a b; do echo " $a"; done; }; }
__get_startable_units () {
# find startable inactive units
- __filter_units_by_properties $mode ActiveState,CanStart inactive,yes $(
- { __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \
+ __filter_units_by_properties $1 ActiveState,CanStart inactive,yes $(
+ { __systemctl $1 list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \
{ while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; }
- __systemctl $mode list-units --state inactive,failed | \
+ __systemctl $1 list-units --state inactive,failed | \
{ while read -r a b c; do [[ $b == "loaded" ]] && echo " $a"; done; }
} | sort -u )
}
__get_restartable_units () {
# filter out masked and not-found
- __filter_units_by_property $mode CanStart yes $(
- __systemctl $mode list-unit-files --state enabled,disabled,static | \
+ __filter_units_by_property $1 CanStart yes $(
+ __systemctl $1 list-unit-files --state enabled,disabled,static | \
{ while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; }
- __systemctl $mode list-units | \
+ __systemctl $1 list-units | \
{ while read -r a b; do echo " $a"; done; } )
}
__get_failed_units () { __systemctl $1 list-units \

View File

@ -1,49 +0,0 @@
From ea0ff5cd4efb1d67820572fb0d7d1d8da0fc1dc1 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 28 Jul 2017 09:46:05 +0200
Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473)
Display the error for a small amount of time, but don't fail hard.
In case of a faulty BIOS, a TPM error should not prevent the boot.
If something cares about the PCM measurement, it will be noticed
anyway later on.
Especially important now, that TPM measurement is the default now on
some distribution builds.
https://bugzilla.redhat.com/show_bug.cgi?id=1411156
(cherry picked from commit 522aa9f5f8755d7389131da41bd60b6276917ff2)
---
src/boot/efi/boot.c | 3 +--
src/boot/efi/stub.c | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 1e990b3825..316e95a72b 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -1657,8 +1657,7 @@ static EFI_STATUS image_start(EFI_HANDLE parent_image, const Config *config, con
loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
if (EFI_ERROR(err)) {
Print(L"Unable to add image options measurement: %r", err);
- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
- return err;
+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000);
}
#endif
}
diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index bab5d46de9..2562228090 100644
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -94,8 +94,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
if (EFI_ERROR(err)) {
Print(L"Unable to add image options measurement: %r", err);
- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
- return err;
+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000);
}
#endif
}

View File

@ -1,37 +0,0 @@
From 9c27ced1fac191139a131d179a25801ce9ca3357 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 26 Jul 2017 14:11:15 -0400
Subject: [PATCH] meson: -D remote and -D importd should be "combo" options
The default should be 'auto', and we allow 'true'
and 'false' too.
Fixes #6445.
(cherry picked from commit b1519d656691e725a8b8950fc0e6cc8d25b1016a)
---
meson_options.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson_options.txt b/meson_options.txt
index 1594fec41f..b7a45d5806 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -69,7 +69,7 @@ option('timedated', type : 'boolean',
description : 'install the systemd-timedated daemon')
option('timesyncd', type : 'boolean',
description : 'install the systemd-timesyncd daemon')
-option('remote', type : 'boolean',
+option('remote', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'support for "journal over the network"')
option('myhostname', type : 'boolean',
description : 'nss-myhostname support')
@@ -87,7 +87,7 @@ option('sysusers', type : 'boolean',
description : 'support for the sysusers configuration')
option('tmpfiles', type : 'boolean',
description : 'support for tmpfiles.d')
-option('importd', type : 'boolean',
+option('importd', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install the systemd-importd daemon')
option('hwdb', type : 'boolean',
description : 'support for the hardware database')

View File

@ -1,42 +0,0 @@
From c64c6a8b259abfbff5ce202d5d5982b120cf928f Mon Sep 17 00:00:00 2001
From: Andrew Soutar <andrew@andrewsoutar.com>
Date: Mon, 31 Jul 2017 02:19:16 -0400
Subject: [PATCH] cryptsetup: fix infinite timeout (#6486)
0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
logic here now matches this change.
Fixes #6381
(cherry picked from commit 0864d311766498563331f486909a0d950ba7de87)
---
src/cryptsetup/cryptsetup.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 3b4c086162..08ed7e53ba 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false;
static char **arg_tcrypt_keyfiles = NULL;
static uint64_t arg_offset = 0;
static uint64_t arg_skip = 0;
-static usec_t arg_timeout = 0;
+static usec_t arg_timeout = USEC_INFINITY;
/* Options Debian's crypttab knows we don't:
@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) {
if (arg_discards)
flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
- if (arg_timeout > 0)
- until = now(CLOCK_MONOTONIC) + arg_timeout;
- else
+ if (arg_timeout == USEC_INFINITY)
until = 0;
+ else
+ until = now(CLOCK_MONOTONIC) + arg_timeout;
arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));

View File

@ -1,45 +0,0 @@
From cb81159ce49380d39c80f803353784633b8f306c Mon Sep 17 00:00:00 2001
From: "S. Fan" <sfanxiang@gmail.com>
Date: Mon, 31 Jul 2017 05:10:10 -0500
Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor
(#6489)
Comparing udev_device_get_sysname(device) and sysname will always return
true. We need to check the device received from udev monitor instead.
Also, fd_wait_for_event() sometimes never exits. Better set a timeout
here.
(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f)
---
src/rfkill/rfkill.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index c0f138b4f4..470853d1d2 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -138,17 +138,21 @@ static int wait_for_initialized(
for (;;) {
_cleanup_udev_device_unref_ struct udev_device *t = NULL;
- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
+ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC);
if (r == -EINTR)
continue;
if (r < 0)
return log_error_errno(r, "Failed to watch udev monitor: %m");
+ if (r == 0) {
+ log_error("Timed out wating for udev monitor.");
+ return -ETIMEDOUT;
+ }
t = udev_monitor_receive_device(monitor);
if (!t)
continue;
- if (streq_ptr(udev_device_get_sysname(device), sysname)) {
+ if (streq_ptr(udev_device_get_sysname(t), sysname)) {
*ret = udev_device_ref(t);
return 0;
}

View File

@ -1,34 +0,0 @@
From b56c4c19c8d0adca67eb34e1924d881e7d61b97f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= <abdo.roig@gmail.com>
Date: Mon, 31 Jul 2017 12:32:09 +0200
Subject: [PATCH] core: Do not fail perpetual mount units without fragment
(#6459)
mount_load does not require fragment files to be present in order to
load mount units which are perpetual, or come from /proc/self/mountinfo.
mount_verify should do the same, otherwise a synthesized '-.mount' would
be marked as failed with "No such file or directory", as it is perpetual
but not marked to come from /proc/self/mountinfo at this point.
This happens for the user instance, and I suspect it was the cause of #5375
for the system instance, without gpt-generator.
(cherry picked from commit 1df96fcb31b3bc30c4a983de4734f61ed5a29115)
---
src/core/mount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 214364d87d..7d9644e305 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -503,7 +503,7 @@ static int mount_verify(Mount *m) {
if (UNIT(m)->load_state != UNIT_LOADED)
return 0;
- if (!m->from_fragment && !m->from_proc_self_mountinfo)
+ if (!m->from_fragment && !m->from_proc_self_mountinfo && !UNIT(m)->perpetual)
return -ENOENT;
r = unit_name_from_path(m->where, ".mount", &e);

View File

@ -1,26 +0,0 @@
From f2618d3474090751ae364ca326f3563797cce54a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 18 Sep 2017 17:09:52 +0200
Subject: [PATCH] build-sys: bump xslt maxdepth limit
With libxslt-1.30, builds were failing on some recursion depth limit
with systemd.index.xml. Bumping the limit fixes the issue.
---
man/meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/man/meson.build b/man/meson.build
index 8ddbd5557c..5b6a21fb9f 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found()
xsltproc_flags = [
'--nonet',
'--xinclude',
+ '--maxdepth', '9000',
'--stringparam', 'man.output.quietly', '1',
'--stringparam', 'funcsynopsis.style', 'ansi',
'--stringparam', 'man.authors.section.enabled', '0',
--
2.13.5

View File

@ -1,44 +0,0 @@
From 6d0fe8a5809ef5ccc8e92bdf2eea031178b87083 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 30 Aug 2017 17:16:16 +0200
Subject: [PATCH] device: make sure to remove all device units sharing the same
sysfs path (#6679)
When a device is unplugged all device units sharing the same sysfs path
pointing to that device are supposed to be removed.
However it didn't work since while iterating the device unit list containing
all the relevant units, each unit was removed during each iteration of
LIST_FOREACH. However LIST_FOREACH doesn't support this use case and
LIST_FOREACH_SAFE must be use instead.
(cherry picked from commit cc0df6cc35339976c367977dc292278a1939db0c)
---
src/core/device.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 77601c552..87186f135 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool
}
static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, DeviceFound found, bool now) {
- Device *d, *l;
+ Device *d, *l, *n;
assert(m);
assert(sysfs);
@@ -523,7 +523,7 @@ static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add,
return 0;
l = hashmap_get(m->devices_by_sysfs, sysfs);
- LIST_FOREACH(same_sysfs, d, l)
+ LIST_FOREACH_SAFE(same_sysfs, d, n, l)
device_update_found_one(d, add, found, now);
return 0;
--
2.13.5

View File

@ -1,4 +1,4 @@
From 108c060c5521309b9448e3a7905b50dd505f36a8 Mon Sep 17 00:00:00 2001
From 67ba0816708038ad282fcb38f250a54bb781866a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 11 Mar 2016 17:06:17 -0500
Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime
@ -18,34 +18,34 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1313085
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index deb75f9ae5..914d3b8a2d 100644
index 2eb7bfd030..75e2f7928c 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -67,6 +67,10 @@ int main(int argc, char *argv[]) {
goto finish;
}
@@ -70,6 +70,10 @@ int main(int argc, char *argv[]) {
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
* privileges are already dropped. */
if (getuid() == 0) {
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
+ if (r < 0 && errno != EEXIST)
+ log_warning_errno(errno,
+ "Could not create /etc/resolv.conf symlink: %m");
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
+ if (r < 0 && errno != EEXIST)
+ log_warning_errno(errno, "Could not create /etc/resolv.conf symlink: %m");
+
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
r = drop_privileges(uid, gid,
(UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
r = drop_privileges(uid, gid,
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index 064eae94f1..928105ea8d 100644
index 35e3809f57..928105ea8d 100644
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
m4_ifdef(`HAVE_SMACK_RUN_LABEL',
t /etc/mtab - - - - security.SMACK64=_
)m4_dnl
-m4_ifdef(`ENABLE_RESOLVED',
-m4_ifdef(`ENABLE_RESOLVE',
-L! /etc/resolv.conf - - - - ../usr/lib/systemd/resolv.conf
-)m4_dnl
C /etc/nsswitch.conf - - - -
m4_ifdef(`HAVE_PAM',
C /etc/pam.d - - - -
--
2.9.2
2.13.6

View File

@ -1,280 +0,0 @@
From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 09:14:51 +0200
Subject: [PATCH 1/3] units: order cryptsetup-pre.target before
cryptsetup.target
Normally this happens automatically, but if it happened that both targets were
pulled in, even though there were no cryptsetup units, they could be started
in reverse order, which would be somewhat confusing. Add an explicit ordering
to avoid this potential issue.
---
units/cryptsetup-pre.target | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 65353419f..42e35dd4e 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -9,3 +9,4 @@
Description=Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
+Before=cryptsetup.target
--
2.14.1
From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 10:15:13 +0200
Subject: [PATCH 2/3] units: add remote-cryptsetup.target and
remote-cryptsetup-pre.target
The pair is similar to remote-fs.target and remote-fs-pre.target. Any
cryptsetup devices which require network shall be ordered after
remote-cryptsetup-pre.target and before remote-cryptsetup.target.
---
man/systemd.special.xml | 23 +++++++++++++++++++++++
units/cryptsetup-pre.target | 2 +-
units/cryptsetup.target | 2 +-
units/meson.build | 3 +++
units/remote-cryptsetup-pre.target | 15 +++++++++++++++
units/remote-cryptsetup.target | 10 ++++++++++
6 files changed, 53 insertions(+), 2 deletions(-)
create mode 100644 units/remote-cryptsetup-pre.target
create mode 100644 units/remote-cryptsetup.target
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 66c45e39a..7107b8a92 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,6 +81,8 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
+ <filename>remote-cryptsetup-pre.target</filename>,
+ <filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
<filename>rescue.target</filename>,
@@ -450,6 +452,27 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is automatically ordered before all cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to execute additional
+ units before such devices are set up.</para>
+
+ <para>It is ordered after <filename>network.target</filename> and
+ <filename>network-online.target</filename>, and also pulls the latter in as a
+ <varname>Wants=</varname> dependency.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup.target</filename></term>
+ <listitem>
+ <para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
+ devices which are accessed over the network. It is used for
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ entries marked with <option>_netdev</option>.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><filename>remote-fs.target</filename></term>
<listitem>
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 42e35dd4e..6cb28a61a 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes (Pre)
+Description=Local Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
Before=cryptsetup.target
diff --git a/units/cryptsetup.target b/units/cryptsetup.target
index 25d3e33f6..10b17fd38 100644
--- a/units/cryptsetup.target
+++ b/units/cryptsetup.target
@@ -6,5 +6,5 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes
+Description=Local Encrypted Volumes
Documentation=man:systemd.special(7)
diff --git a/units/meson.build b/units/meson.build
index e94add6a6..e6351c7a2 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,6 +47,9 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
['remote-fs.target', '',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
new file mode 100644
index 000000000..a375e6188
--- /dev/null
+++ b/units/remote-cryptsetup-pre.target
@@ -0,0 +1,15 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
+Before=remote-cryptsetup.target
+
+After=network.target network-online.target
+Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
new file mode 100644
index 000000000..60943bd1c
--- /dev/null
+++ b/units/remote-cryptsetup.target
@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes
+Documentation=man:systemd.special(7)
--
2.14.1
From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 11:30:33 +0200
Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when
_netdev is present
This allows such devices to depend on the network. Their startup will
be delayed similarly to network mount units.
Fixes #4642.
---
man/crypttab.xml | 13 +++++++++++++
src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++-----------------
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 17976f370..162377ebc 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -213,6 +213,19 @@
<option>size=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>_netdev</option></term>
+
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
+ started after the network is available, similarly to
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ units marked with <option>_netdev</option>. The service unit to set up this device
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ <filename>remote-cryptsetup.target</filename>, instead of
+ <filename>cryptsetup-pre.target</filename> and
+ <filename>cryptsetup.target</filename>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>noauto</option></term>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index b58b6db7c..8571ab06e 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -61,7 +61,7 @@ static int create_disk(
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
- bool noauto, nofail, tmp, swap;
+ bool noauto, nofail, tmp, swap, netdev;
char *from;
int r;
@@ -72,6 +72,7 @@ static int create_disk(
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
tmp = fstab_test_option(options, "tmp\0");
swap = fstab_test_option(options, "swap\0");
+ netdev = fstab_test_option(options, "_netdev\0");
if (tmp && swap) {
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
@@ -102,21 +103,22 @@ static int create_disk(
if (!f)
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
- "[Unit]\n"
- "Description=Cryptography Setup for %I\n"
- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
- "SourcePath=/etc/crypttab\n"
- "DefaultDependencies=no\n"
- "Conflicts=umount.target\n"
- "BindsTo=dev-mapper-%i.device\n"
- "IgnoreOnIsolate=true\n"
- "After=cryptsetup-pre.target\n",
- f);
+ fprintf(f,
+ "# Automatically generated by systemd-cryptsetup-generator\n\n"
+ "[Unit]\n"
+ "Description=Cryptography Setup for %%I\n"
+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
+ "SourcePath=/etc/crypttab\n"
+ "DefaultDependencies=no\n"
+ "Conflicts=umount.target\n"
+ "IgnoreOnIsolate=true\n"
+ "After=%s\n",
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
- "Before=cryptsetup.target\n");
+ "Before=%s\n",
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
@@ -200,10 +202,10 @@ static int create_disk(
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
free(to);
- if (!nofail)
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
- else
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
+ to = strjoin(arg_dest,
+ netdev ? "/remote-cryptsetup" : "/cryptsetup",
+ ".target.",
+ nofail ? "wants/" : "requires/", n);
if (!to)
return log_oom();
--
2.14.1

View File

@ -1 +1 @@
SHA512 (systemd-234.tar.gz) = 762336a7d96c6583cf71cad62efce95a0ed93cd0a0d7251f128d10dba8200c0c8df0e5a7d168179ababa5b221295a231e73b7e7ea2697cb3fb5c1b33538efa68
SHA512 (systemd-235.tar.gz) = 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993

View File

@ -12,8 +12,8 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 234
Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist}
Version: 235
Release: 1%{?gitcommit:.git%{gitcommitshort}}%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -46,33 +46,9 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
%endif
Patch0001: 0001-escape-Fix-help-description-6352.patch
Patch0002: 0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch
Patch0003: 0003-add-version-argument-to-help-function-6377.patch
Patch0004: 0004-seccomp-arm64-x32-do-not-have-_sysctl.patch
Patch0005: 0005-seccomp-arm64-does-not-have-mmap2.patch
Patch0006: 0006-test-seccomp-arm64-does-not-have-access-and-poll.patch
Patch0007: 0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch
Patch0008: 0008-core-modify-resource-leak-by-SmackProcessLabel.patch
Patch0009: 0009-core-dump-also-missed-security-context.patch
Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch
Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch
Patch0012: 0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch
Patch0013: 0013-test-condition-don-t-assume-that-all-non-root-users-.patch
Patch0014: 0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch
Patch0015: 0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch
Patch0016: 0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch
Patch0017: 0017-bash-completion-use-the-first-argument-instead-of-th.patch
Patch0018: 0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch
Patch0019: 0019-meson-D-remote-and-D-importd-should-be-combo-options.patch
Patch0020: 0020-cryptsetup-fix-infinite-timeout-6486.patch
Patch0021: 0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
Patch0022: 0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch
Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch
Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch
Patch0001: 0001-po-update-Polish-translation-7015.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
Patch0999: 0999-netdev-crypttab.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@ -667,6 +643,8 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
%dir %{_prefix}/lib/binfmt.d
%dir %{_prefix}/lib/environment.d
%{_prefix}/lib/environment.d/99-environment.conf
%dir %{_prefix}/lib/modprobe.d
%{_prefix}/lib/modprobe.d/systemd.conf
%dir %{_prefix}/lib/kernel
%dir %{_datadir}/systemd
%dir %{_datadir}/dbus-1/system.d
@ -1040,7 +1018,6 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
%{pkgdir}/systemd-journal-gatewayd
%{pkgdir}/systemd-journal-remote
%{pkgdir}/systemd-journal-upload
%{_prefix}/lib/tmpfiles.d/systemd-remote.conf
%{_prefix}/lib/sysusers.d/systemd-remote.conf
%dir %attr(0755,systemd-journal-upload,systemd-journal-upload) %{_localstatedir}/lib/systemd/journal-upload
%{_datadir}/systemd/gatewayd
@ -1053,6 +1030,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
%{pkgdir}/tests
%changelog
* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-1
- Update to latest version
* Tue Sep 26 2017 Nathaniel McCallum <npmccallum@redhat.com> - 234-8
- Backport /etc/crypttab _netdev feature from upstream