From 3cb114522993f47be9db096be6c766bcd25eec0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 6 Oct 2017 15:58:05 +0200 Subject: [PATCH] Update to v235 --- 0001-escape-Fix-help-description-6352.patch | 23 -- 0001-po-update-Polish-translation-7015.patch | 249 ++++++++++++++++ ...l-udev-rule-70-joystick.-rules-hwdb-.patch | 51 ---- ...rsion-argument-to-help-function-6377.patch | 22 -- ...eccomp-arm64-x32-do-not-have-_sysctl.patch | 79 ----- 0005-seccomp-arm64-does-not-have-mmap2.patch | 40 --- ...-arm64-does-not-have-access-and-poll.patch | 41 --- ...ignore-x-systemd.device-timeout-for-.patch | 31 -- ...y-resource-leak-by-SmackProcessLabel.patch | 22 -- ...re-dump-also-missed-security-context.patch | 31 -- ...re-we-retain-all-stream-fds-across-r.patch | 32 -- ..._sec_fix_0-also-for-JobRunningTimeou.patch | 37 --- ...le-detecting-QEMU-TCG-via-CPUID-6399.patch | 31 -- ...on-t-assume-that-all-non-root-users-.patch | 28 -- ...inks-without-the-sysroot-prefix-6411.patch | 31 -- ...-warning-when-we-get-sd_notify-messa.patch | 31 -- ...t-load-dropin-data-multiple-times-fo.patch | 71 ----- ...use-the-first-argument-instead-of-th.patch | 73 ----- ...ard-fail-on-error-for-tpm-measure-64.patch | 49 --- ...nd-D-importd-should-be-combo-options.patch | 37 --- ...cryptsetup-fix-infinite-timeout-6486.patch | 42 --- ...eous-behavior-when-polling-the-udev-.patch | 45 --- ...-perpetual-mount-units-without-fragm.patch | 34 --- 0023-build-sys-bump-xslt-maxdepth-limit.patch | 26 -- ...-to-remove-all-device-units-sharing-.patch | 44 --- ...e-etc-resolv.conf-symlink-at-runtime.patch | 30 +- 0999-netdev-crypttab.patch | 280 ------------------ sources | 2 +- systemd.spec | 36 +-- 29 files changed, 273 insertions(+), 1275 deletions(-) delete mode 100644 0001-escape-Fix-help-description-6352.patch create mode 100644 0001-po-update-Polish-translation-7015.patch delete mode 100644 0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch delete mode 100644 0003-add-version-argument-to-help-function-6377.patch delete mode 100644 0004-seccomp-arm64-x32-do-not-have-_sysctl.patch delete mode 100644 0005-seccomp-arm64-does-not-have-mmap2.patch delete mode 100644 0006-test-seccomp-arm64-does-not-have-access-and-poll.patch delete mode 100644 0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch delete mode 100644 0008-core-modify-resource-leak-by-SmackProcessLabel.patch delete mode 100644 0009-core-dump-also-missed-security-context.patch delete mode 100644 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch delete mode 100644 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch delete mode 100644 0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch delete mode 100644 0013-test-condition-don-t-assume-that-all-non-root-users-.patch delete mode 100644 0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch delete mode 100644 0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch delete mode 100644 0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch delete mode 100644 0017-bash-completion-use-the-first-argument-instead-of-th.patch delete mode 100644 0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch delete mode 100644 0019-meson-D-remote-and-D-importd-should-be-combo-options.patch delete mode 100644 0020-cryptsetup-fix-infinite-timeout-6486.patch delete mode 100644 0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch delete mode 100644 0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch delete mode 100644 0023-build-sys-bump-xslt-maxdepth-limit.patch delete mode 100644 0024-device-make-sure-to-remove-all-device-units-sharing-.patch delete mode 100644 0999-netdev-crypttab.patch diff --git a/0001-escape-Fix-help-description-6352.patch b/0001-escape-Fix-help-description-6352.patch deleted file mode 100644 index 7b8249d..0000000 --- a/0001-escape-Fix-help-description-6352.patch +++ /dev/null @@ -1,23 +0,0 @@ -From b2954c2fbed0409adba2687b17fb956f002b2bbe Mon Sep 17 00:00:00 2001 -From: Jeremy Bicha -Date: Thu, 13 Jul 2017 10:44:33 -0400 -Subject: [PATCH] escape: Fix help description (#6352) - -Resolves: #6351(cherry picked from commit 303608c1bcf9568371625fbbd9442946cadba422) ---- - src/escape/escape.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/escape/escape.c b/src/escape/escape.c -index af98c98e40..89e885d47c 100644 ---- a/src/escape/escape.c -+++ b/src/escape/escape.c -@@ -38,7 +38,7 @@ static bool arg_path = false; - - static void help(void) { - printf("%s [OPTIONS...] [NAME...]\n\n" -- "Show system and user paths.\n\n" -+ "Escape strings for usage in system unit names.\n\n" - " -h --help Show this help\n" - " --version Show package version\n" - " --suffix=SUFFIX Unit suffix to append to escaped strings\n" diff --git a/0001-po-update-Polish-translation-7015.patch b/0001-po-update-Polish-translation-7015.patch new file mode 100644 index 0000000..4542584 --- /dev/null +++ b/0001-po-update-Polish-translation-7015.patch @@ -0,0 +1,249 @@ +From b32bceb6c319f5a7b61f8bbfc14af8bb43effc11 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Piotr=20Dr=C4=85g?= +Date: Fri, 6 Oct 2017 16:10:33 +0200 +Subject: [PATCH] po: update Polish translation (#7015) + +--- + po/pl.po | 104 +++++++++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 68 insertions(+), 36 deletions(-) + +diff --git a/po/pl.po b/po/pl.po +index c289a2cd4c..0c8bec37dd 100644 +--- a/po/pl.po ++++ b/po/pl.po +@@ -1,15 +1,15 @@ + # Polish translation for systemd. +-# Copyright © 2011-2016 the systemd authors. ++# Copyright © 2011-2017 the systemd authors. + # This file is distributed under the same license as the systemd package. +-# Piotr Drąg , 2011, 2013-2016. ++# Piotr Drąg , 2011, 2013-2017. + # Zbigniew Jędrzejewski-Szmek , 2011. + # + msgid "" + msgstr "" + "Project-Id-Version: systemd\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2016-10-05 19:01+0200\n" +-"PO-Revision-Date: 2016-10-05 19:02+0200\n" ++"POT-Creation-Date: 2017-10-06 15:29+0200\n" ++"PO-Revision-Date: 2017-10-05 15:30+0200\n" + "Last-Translator: Piotr Drąg \n" + "Language-Team: Polish \n" + "Language: pl\n" +@@ -89,7 +89,7 @@ msgid "" + "as well as the pretty host name." + msgstr "" + "Wymagane jest uwierzytelnienie, aby ustawić statycznie skonfigurowaną nazwę " +-"lokalnego komputera, a także jego ładną nazwę." ++"lokalnego komputera, a także jego nazwę czytelną dla człowieka." + + #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5 + msgid "Set machine information" +@@ -347,18 +347,50 @@ msgstr "" + "zażądał jego wstrzymania." + + #: ../src/login/org.freedesktop.login1.policy.in.h:39 ++msgid "Halt the system" ++msgstr "Zatrzymanie systemu" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++msgid "Authentication is required for halting the system." ++msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać system." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++msgid "Halt the system while other users are logged in" ++msgstr "Zatrzymanie systemu, kiedy są zalogowani inni użytkownicy" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++msgid "" ++"Authentication is required for halting the system while other users are " ++"logged in." ++msgstr "" ++"Wymagane jest uwierzytelnienie, aby zatrzymać system, kiedy są zalogowani " ++"inni użytkownicy." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++msgid "Halt the system while an application asked to inhibit it" ++msgstr "Zatrzymanie systemu, kiedy program zażądał jego wstrzymania" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++msgid "" ++"Authentication is required for halting the system while an application asked " ++"to inhibit it." ++msgstr "" ++"Wymagane jest uwierzytelnienie, aby zatrzymać system, kiedy program zażądał " ++"jego wstrzymania." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:45 + msgid "Suspend the system" + msgstr "Uśpienie systemu" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++#: ../src/login/org.freedesktop.login1.policy.in.h:46 + msgid "Authentication is required for suspending the system." + msgstr "Wymagane jest uwierzytelnienie, aby uśpić system." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++#: ../src/login/org.freedesktop.login1.policy.in.h:47 + msgid "Suspend the system while other users are logged in" + msgstr "Uśpienie systemu, kiedy są zalogowani inni użytkownicy" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++#: ../src/login/org.freedesktop.login1.policy.in.h:48 + msgid "" + "Authentication is required for suspending the system while other users are " + "logged in." +@@ -366,11 +398,11 @@ msgstr "" + "Wymagane jest uwierzytelnienie, aby uśpić system, kiedy są zalogowani inni " + "użytkownicy." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++#: ../src/login/org.freedesktop.login1.policy.in.h:49 + msgid "Suspend the system while an application asked to inhibit it" + msgstr "Uśpienie systemu, kiedy program zażądał jego wstrzymania" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++#: ../src/login/org.freedesktop.login1.policy.in.h:50 + msgid "" + "Authentication is required for suspending the system while an application " + "asked to inhibit it." +@@ -378,19 +410,19 @@ msgstr "" + "Wymagane jest uwierzytelnienie, aby uśpić system, kiedy program zażądał jego " + "wstrzymania." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:45 ++#: ../src/login/org.freedesktop.login1.policy.in.h:51 + msgid "Hibernate the system" + msgstr "Hibernacja systemu" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:46 ++#: ../src/login/org.freedesktop.login1.policy.in.h:52 + msgid "Authentication is required for hibernating the system." + msgstr "Wymagane jest uwierzytelnienie, aby zahibernować system." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:47 ++#: ../src/login/org.freedesktop.login1.policy.in.h:53 + msgid "Hibernate the system while other users are logged in" + msgstr "Hibernacja systemu, kiedy są zalogowani inni użytkownicy" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:48 ++#: ../src/login/org.freedesktop.login1.policy.in.h:54 + msgid "" + "Authentication is required for hibernating the system while other users are " + "logged in." +@@ -398,11 +430,11 @@ msgstr "" + "Wymagane jest uwierzytelnienie, aby zahibernować system, kiedy są zalogowani " + "inni użytkownicy." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:49 ++#: ../src/login/org.freedesktop.login1.policy.in.h:55 + msgid "Hibernate the system while an application asked to inhibit it" + msgstr "Hibernacja systemu, kiedy program zażądał jej wstrzymania" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:50 ++#: ../src/login/org.freedesktop.login1.policy.in.h:56 + msgid "" + "Authentication is required for hibernating the system while an application " + "asked to inhibit it." +@@ -410,31 +442,31 @@ msgstr "" + "Wymagane jest uwierzytelnienie, aby zahibernować system, kiedy program " + "zażądał jej wstrzymania." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:51 ++#: ../src/login/org.freedesktop.login1.policy.in.h:57 + msgid "Manage active sessions, users and seats" + msgstr "Zarządzanie aktywnymi sesjami, użytkownikami i stanowiskami" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:52 ++#: ../src/login/org.freedesktop.login1.policy.in.h:58 + msgid "" + "Authentication is required for managing active sessions, users and seats." + msgstr "" + "Wymagane jest uwierzytelnienie, aby zarządzać aktywnymi sesjami, " + "użytkownikami i stanowiskami." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:53 ++#: ../src/login/org.freedesktop.login1.policy.in.h:59 + msgid "Lock or unlock active sessions" + msgstr "Zablokowanie lub odblokowanie aktywnych sesji" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:54 ++#: ../src/login/org.freedesktop.login1.policy.in.h:60 + msgid "Authentication is required to lock or unlock active sessions." + msgstr "" + "Wymagane jest uwierzytelnienie, aby zablokować lub odblokować aktywne sesje." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:55 ++#: ../src/login/org.freedesktop.login1.policy.in.h:61 + msgid "Allow indication to the firmware to boot to setup interface" + msgstr "Wskazanie oprogramowaniu sprzętowemu, aby uruchomić interfejs ustawień" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:56 ++#: ../src/login/org.freedesktop.login1.policy.in.h:62 + msgid "" + "Authentication is required to indicate to the firmware to boot to setup " + "interface." +@@ -442,11 +474,11 @@ msgstr "" + "Wymagane jest uwierzytelnienie, aby wskazać oprogramowaniu sprzętowemu, że " + "należy uruchomić interfejs ustawień." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:57 ++#: ../src/login/org.freedesktop.login1.policy.in.h:63 + msgid "Set a wall message" + msgstr "Ustawienie komunikatu wall" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:58 ++#: ../src/login/org.freedesktop.login1.policy.in.h:64 + msgid "Authentication is required to set a wall message" + msgstr "Wymagane jest uwierzytelnienie, aby ustawić komunikat wall" + +@@ -569,36 +601,36 @@ msgstr "" + "Wymagane jest uwierzytelnienie, aby kontrolować, czy włączyć synchronizację " + "czasu przez sieć." + +-#: ../src/core/dbus-unit.c:459 ++#: ../src/core/dbus-unit.c:458 + msgid "Authentication is required to start '$(unit)'." +-msgstr "Wymagane jest uwierzytelnienie, aby uruchomić jednostkę „$(unit)”." ++msgstr "Wymagane jest uwierzytelnienie, aby uruchomić jednostkę „$(unit)”." + +-#: ../src/core/dbus-unit.c:460 ++#: ../src/core/dbus-unit.c:459 + msgid "Authentication is required to stop '$(unit)'." +-msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać jednostkę „$(unit)”." ++msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać jednostkę „$(unit)”." + +-#: ../src/core/dbus-unit.c:461 ++#: ../src/core/dbus-unit.c:460 + msgid "Authentication is required to reload '$(unit)'." + msgstr "" +-"Wymagane jest uwierzytelnienie, aby ponownie wczytać jednostkę „$(unit)”." ++"Wymagane jest uwierzytelnienie, aby ponownie wczytać jednostkę „$(unit)”." + +-#: ../src/core/dbus-unit.c:462 ../src/core/dbus-unit.c:463 ++#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462 + msgid "Authentication is required to restart '$(unit)'." + msgstr "" +-"Wymagane jest uwierzytelnienie, aby ponownie uruchomić jednostkę „$(unit)”." ++"Wymagane jest uwierzytelnienie, aby ponownie uruchomić jednostkę „$(unit)”." + +-#: ../src/core/dbus-unit.c:570 ++#: ../src/core/dbus-unit.c:569 + msgid "Authentication is required to kill '$(unit)'." + msgstr "" +-"Wymagane jest uwierzytelnienie, aby wymusić wyłączenie jednostki „$(unit)”." ++"Wymagane jest uwierzytelnienie, aby wymusić wyłączenie jednostki „$(unit)”." + +-#: ../src/core/dbus-unit.c:601 ++#: ../src/core/dbus-unit.c:600 + msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." + msgstr "" + "Wymagane jest uwierzytelnienie, aby przywrócić stan „failed” (niepowodzenia) " + "jednostki „$(unit)”." + +-#: ../src/core/dbus-unit.c:634 ++#: ../src/core/dbus-unit.c:633 + msgid "Authentication is required to set properties on '$(unit)'." + msgstr "" + "Wymagane jest uwierzytelnienie, aby ustawić właściwości jednostki „$(unit)”." diff --git a/0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch b/0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch deleted file mode 100644 index 06e6edd..0000000 --- a/0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 33145774d9d41ac306f972e0247c9a073d5dbfc9 Mon Sep 17 00:00:00 2001 -From: Christian Hesse -Date: Fri, 14 Jul 2017 18:28:28 +0200 -Subject: [PATCH] build-sys: install udev rule 70-joystick.{rules,hwdb} (#6363) - -* meson: install udev files 70-joystick.{rules,hwdb} -* Makefile: install udev file 70-joystick.hwdb - -(cherry picked from commit 816be2ba448940e2517dba81492e80b1e6a5954f) ---- - Makefile.am | 1 + - hwdb/meson.build | 1 + - rules/meson.build | 1 + - 3 files changed, 3 insertions(+) - -diff --git a/Makefile.am b/Makefile.am -index c16e62280b..b95c93bb98 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4062,6 +4062,7 @@ dist_udevhwdb_DATA = \ - hwdb/60-evdev.hwdb \ - hwdb/60-keyboard.hwdb \ - hwdb/60-sensor.hwdb \ -+ hwdb/70-joystick.hwdb \ - hwdb/70-mouse.hwdb \ - hwdb/70-pointingstick.hwdb \ - hwdb/70-touchpad.hwdb -diff --git a/hwdb/meson.build b/hwdb/meson.build -index 74a93f9ccb..6fceff2b3b 100644 ---- a/hwdb/meson.build -+++ b/hwdb/meson.build -@@ -12,6 +12,7 @@ hwdb_files = files(''' - 60-evdev.hwdb - 60-keyboard.hwdb - 60-sensor.hwdb -+ 70-joystick.hwdb - 70-mouse.hwdb - 70-pointingstick.hwdb - 70-touchpad.hwdb -diff --git a/rules/meson.build b/rules/meson.build -index 0f818a506f..7f4725ad65 100644 ---- a/rules/meson.build -+++ b/rules/meson.build -@@ -12,6 +12,7 @@ rules = files(''' - 60-sensor.rules - 60-serial.rules - 64-btrfs.rules -+ 70-joystick.rules - 70-mouse.rules - 70-touchpad.rules - 75-net-description.rules diff --git a/0003-add-version-argument-to-help-function-6377.patch b/0003-add-version-argument-to-help-function-6377.patch deleted file mode 100644 index 817077e..0000000 --- a/0003-add-version-argument-to-help-function-6377.patch +++ /dev/null @@ -1,22 +0,0 @@ -From a1b21ca91835ec0322ccd0eedf9951ba0e52db80 Mon Sep 17 00:00:00 2001 -From: IPv4v6 -Date: Sat, 15 Jul 2017 13:53:21 +0200 -Subject: [PATCH] add version argument to help function (#6377) - -Signed-off-by: Stefan Pietsch (cherry picked from commit cb4069d95e447e8a01fc3feee6d6cb99669c4c38) ---- - src/core/main.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/core/main.c b/src/core/main.c -index 88e2c92504..babcab4978 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -1091,6 +1091,7 @@ static int help(void) { - printf("%s [OPTIONS...]\n\n" - "Starts up and maintains the system or user services.\n\n" - " -h --help Show this help\n" -+ " --version Show version\n" - " --test Determine startup sequence, dump it and exit\n" - " --no-pager Do not pipe output into a pager\n" - " --dump-configuration-items Dump understood unit configuration items\n" diff --git a/0004-seccomp-arm64-x32-do-not-have-_sysctl.patch b/0004-seccomp-arm64-x32-do-not-have-_sysctl.patch deleted file mode 100644 index 1aa9de3..0000000 --- a/0004-seccomp-arm64-x32-do-not-have-_sysctl.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 5d56b6fb41fb29cd636e64f079f9a1e1982820be Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 15 Jul 2017 19:28:02 +0000 -Subject: [PATCH] seccomp: arm64/x32 do not have _sysctl - -So don't even try to added the filter to reduce noise. -The test is updated to skip calling _sysctl because the kernel prints -an oops-like message that is confusing and unhelpful: - -Jul 15 21:07:01 rpi3 kernel: test-seccomp[8448]: syscall -10080 -Jul 15 21:07:01 rpi3 kernel: Code: aa0503e4 aa0603e5 aa0703e6 d4000001 (b13ffc1f) -Jul 15 21:07:01 rpi3 kernel: CPU: 3 PID: 8448 Comm: test-seccomp Tainted: G W 4.11.8-300.fc26.aarch64 #1 -Jul 15 21:07:01 rpi3 kernel: Hardware name: raspberrypi rpi/rpi, BIOS 2017.05 06/24/2017 -Jul 15 21:07:01 rpi3 kernel: task: ffff80002bb0bb00 task.stack: ffff800036354000 -Jul 15 21:07:01 rpi3 kernel: PC is at 0xffff8669c7c4 -Jul 15 21:07:01 rpi3 kernel: LR is at 0xaaaac64b6750 -Jul 15 21:07:01 rpi3 kernel: pc : [<0000ffff8669c7c4>] lr : [<0000aaaac64b6750>] pstate: 60000000 -Jul 15 21:07:01 rpi3 kernel: sp : 0000ffffdc640fd0 -Jul 15 21:07:01 rpi3 kernel: x29: 0000ffffdc640fd0 x28: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x27: 0000000000000000 x26: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x25: 0000000000000000 x24: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x23: 0000000000000000 x22: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x21: 0000aaaac64b4940 x20: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x19: 0000aaaac64b88f8 x18: 0000000000000020 -Jul 15 21:07:01 rpi3 kernel: x17: 0000ffff8669c7a0 x16: 0000aaaac64d2ee0 -Jul 15 21:07:01 rpi3 kernel: x15: 0000000000000000 x14: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x13: 203a657275746365 x12: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x11: 0000ffffdc640418 x10: 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x9 : 0000000000000005 x8 : 00000000ffffd8a0 -Jul 15 21:07:01 rpi3 kernel: x7 : 7f7f7f7f7f7f7f7f x6 : 7f7f7f7f7f7f7f7f -Jul 15 21:07:01 rpi3 kernel: x5 : 65736d68716f7277 x4 : 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x3 : 0000000000000008 x2 : 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: x1 : 0000000000000000 x0 : 0000000000000000 -Jul 15 21:07:01 rpi3 kernel: - -(cherry picked from commit 1e20e640132c700c23494bb9e2619afb83878380) -(cherry picked from commit 2e64e8f46d726689a44d4084226fe3e0ea255c29) ---- - src/shared/seccomp-util.c | 4 ++++ - src/test/test-seccomp.c | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 36843d4bf5..1a8bfbe416 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -899,6 +899,10 @@ int seccomp_protect_sysctl(void) { - - log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); - -+ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) -+ /* No _sysctl syscall */ -+ continue; -+ - r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); - if (r < 0) - return r; -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index efd145e063..50fe24c794 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -244,13 +244,17 @@ static void test_protect_sysctl(void) { - assert_se(pid >= 0); - - if (pid == 0) { -+#if __NR__sysctl > 0 - assert_se(syscall(__NR__sysctl, NULL) < 0); - assert_se(errno == EFAULT); -+#endif - - assert_se(seccomp_protect_sysctl() >= 0); - -+#if __NR__sysctl > 0 - assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); - assert_se(errno == EPERM); -+#endif - - _exit(EXIT_SUCCESS); - } diff --git a/0005-seccomp-arm64-does-not-have-mmap2.patch b/0005-seccomp-arm64-does-not-have-mmap2.patch deleted file mode 100644 index ea9e622..0000000 --- a/0005-seccomp-arm64-does-not-have-mmap2.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e04118bd11f8268e7ee7b893f861f18f03bc6970 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 15 Jul 2017 19:30:01 +0000 -Subject: [PATCH] seccomp: arm64 does not have mmap2 - -I messed up when adding the definitions in 4278d1f5310f5acb4c6a6788233625234edb5145. -Unfortunately I didn't have the hardware at hand and went by -looking at the kernel headers. - -(cherry picked from commit 53196fafcb7b24b45ed4f48ab894d00a24a6d871) -(cherry picked from commit 79873bc850177050baa0c5165b119adafeebb891) ---- - src/shared/seccomp-util.c | 7 ++----- - 1 file changed, 2 insertions(+), 5 deletions(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 1a8bfbe416..637ee8526e 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -1223,10 +1223,6 @@ int seccomp_memory_deny_write_execute(void) { - - break; - -- case SCMP_ARCH_AARCH64: -- block_syscall = SCMP_SYS(mmap); -- /* fall through */ -- - case SCMP_ARCH_ARM: - filter_syscall = SCMP_SYS(mmap2); /* arm has only mmap2 */ - shmat_syscall = SCMP_SYS(shmat); -@@ -1234,7 +1230,8 @@ int seccomp_memory_deny_write_execute(void) { - - case SCMP_ARCH_X86_64: - case SCMP_ARCH_X32: -- filter_syscall = SCMP_SYS(mmap); /* amd64 and x32 have only mmap */ -+ case SCMP_ARCH_AARCH64: -+ filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ - shmat_syscall = SCMP_SYS(shmat); - break; - diff --git a/0006-test-seccomp-arm64-does-not-have-access-and-poll.patch b/0006-test-seccomp-arm64-does-not-have-access-and-poll.patch deleted file mode 100644 index 7000aa4..0000000 --- a/0006-test-seccomp-arm64-does-not-have-access-and-poll.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 5a3e65fa2537b31334ccb8b73a28208a3b535076 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 15 Jul 2017 19:30:48 +0000 -Subject: [PATCH] test-seccomp: arm64 does not have access() and poll() - -glibc uses faccessat and ppoll, so just add a filters for that. - -(cherry picked from commit abc0213839fef92e2e2b98a434914f22ece48490) -(cherry picked from commit f60a865a496e1e6fde7436b4013dd8ff677f29a1) ---- - src/test/test-seccomp.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 50fe24c794..28fe206507 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -529,7 +529,11 @@ static void test_load_syscall_filter_set_raw(void) { - assert_se(poll(NULL, 0, 0) == 0); - - assert_se(s = set_new(NULL)); -+#if SCMP_SYS(access) >= 0 - assert_se(set_put(s, UINT32_TO_PTR(__NR_access + 1)) >= 0); -+#else -+ assert_se(set_put(s, UINT32_TO_PTR(__NR_faccessat + 1)) >= 0); -+#endif - - assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN)) >= 0); - -@@ -541,7 +545,11 @@ static void test_load_syscall_filter_set_raw(void) { - s = set_free(s); - - assert_se(s = set_new(NULL)); -+#if SCMP_SYS(poll) >= 0 - assert_se(set_put(s, UINT32_TO_PTR(__NR_poll + 1)) >= 0); -+#else -+ assert_se(set_put(s, UINT32_TO_PTR(__NR_ppoll + 1)) >= 0); -+#endif - - assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH)) >= 0); - diff --git a/0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch b/0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch deleted file mode 100644 index 16e85bf..0000000 --- a/0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 713917bd94272fc65d94016a208b72309ae1320a Mon Sep 17 00:00:00 2001 -From: NeilBrown -Date: Mon, 17 Jul 2017 18:03:34 +1000 -Subject: [PATCH] fstab-generator: ignore x-systemd.device-timeout for - non-devices (#6368) - -If you specify "x-systemd.device-timeout" for an NFS mount -point, you get no warning and a meaningless device unit -dependency created. - -Better to have a warning and no dependency. -(cherry picked from commit c67bd1f758f087496741ce0b3e227d82c6b4a304) ---- - src/shared/generator.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/shared/generator.c b/src/shared/generator.c -index 6a78ebbda7..6a887e3aad 100644 ---- a/src/shared/generator.c -+++ b/src/shared/generator.c -@@ -182,6 +182,10 @@ int generator_write_timeouts( - node = fstab_node_to_udev_node(what); - if (!node) - return log_oom(); -+ if (!is_device_path(node)) { -+ log_warning("x-systemd.device-timeout ignored for %s", what); -+ return 0; -+ } - - r = unit_name_from_path(node, ".device", &unit); - if (r < 0) diff --git a/0008-core-modify-resource-leak-by-SmackProcessLabel.patch b/0008-core-modify-resource-leak-by-SmackProcessLabel.patch deleted file mode 100644 index d27b8e9..0000000 --- a/0008-core-modify-resource-leak-by-SmackProcessLabel.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 83030c7aea991d863591df2e09d41bb19d6e01d0 Mon Sep 17 00:00:00 2001 -From: WaLyong Cho -Date: Thu, 13 Jul 2017 13:06:34 +0900 -Subject: [PATCH] core: modify resource leak by SmackProcessLabel= - -(cherry picked from commit 5b8e1b7755092e162bcf0bad8afe2e55dfbbd9e2) ---- - src/core/execute.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/core/execute.c b/src/core/execute.c -index d72e5bf08c..4ed133fb6a 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -3099,6 +3099,7 @@ void exec_context_done(ExecContext *c) { - c->utmp_id = mfree(c->utmp_id); - c->selinux_context = mfree(c->selinux_context); - c->apparmor_profile = mfree(c->apparmor_profile); -+ c->smack_process_label = mfree(c->smack_process_label); - - c->syscall_filter = set_free(c->syscall_filter); - c->syscall_archs = set_free(c->syscall_archs); diff --git a/0009-core-dump-also-missed-security-context.patch b/0009-core-dump-also-missed-security-context.patch deleted file mode 100644 index 40ab919..0000000 --- a/0009-core-dump-also-missed-security-context.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d8e3c9d25867f7081f060f1491186b6e3b30975b Mon Sep 17 00:00:00 2001 -From: WaLyong Cho -Date: Thu, 13 Jul 2017 13:10:41 +0900 -Subject: [PATCH] core: dump also missed security context - -(cherry picked from commit 80c21aea118eeccfb2a0fcc5986b4432588dc857) ---- - src/core/execute.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 4ed133fb6a..62faa028a1 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -3614,6 +3614,16 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { - "%sSELinuxContext: %s%s\n", - prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context); - -+ if (c->apparmor_profile) -+ fprintf(f, -+ "%sAppArmorProfile: %s%s\n", -+ prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile); -+ -+ if (c->smack_process_label) -+ fprintf(f, -+ "%sSmackProcessLabel: %s%s\n", -+ prefix, c->smack_process_label_ignore ? "-" : "", c->smack_process_label); -+ - if (c->personality != PERSONALITY_INVALID) - fprintf(f, - "%sPersonality: %s\n", diff --git a/0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch b/0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch deleted file mode 100644 index 1546e98..0000000 --- a/0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3dd07ebf08dd630b0f50dfff3ef6d05628b8708b Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 17 Jul 2017 10:04:37 +0200 -Subject: [PATCH] journald: make sure we retain all stream fds across restarts - (#6348) - -Currently we set 4096 as maximum for number of stream connections that -we accept. However maximum number of file descriptors that systemd is -willing to accept from us is just 1024. This means we can't retain all -stream connections that we accepted. Hence bump the limit of fds in a -unit file so that systemd holds open all stream fds while we are -restarted. - -New limit is set to 4224 (4096 + 128). -(cherry picked from commit 3c978aca69e0e43d4dd453437ec9c498ea788795) ---- - units/systemd-journald.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 66b7c6a48e..1e86d63648 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -21,7 +21,7 @@ Restart=always - RestartSec=0 - StandardOutput=null - WatchdogSec=3min --FileDescriptorStoreMax=1024 -+FileDescriptorStoreMax=4224 - CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE - MemoryDenyWriteExecute=yes - RestrictRealtime=yes diff --git a/0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch b/0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch deleted file mode 100644 index 6a275fa..0000000 --- a/0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d52e2bb9c20216972754c054e8534bca28baab66 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 17 Jul 2017 15:45:44 -0400 -Subject: [PATCH] Use config_parse_sec_fix_0() also for JobRunningTimeoutSec - -2d79a0bbb9f651656384a0a86ed814e6306fb5dd did that for TimeoutSec=, -89beff89edba592366b2960bd830d3f6e602c2c7 did that for JobTimeoutSec=, -and 0004f698df1410ef8b6ab3fb5f4b41a60c91182c did that for -x-systemd.device-timeout=. But after parsing x-systemd.device-timeout=xxx -we write it out as JobRunningTimeoutSec=xxx. Two options: -- write out JobRunningTimeoutSec=, -- change JobRunningTimeoutSec= to behave like the other options. - -I think it would be confusing for JobRunningTimeoutSec= to have different -syntax then TimeoutSec= and JobTimeoutSec=, so this patch implements the -second option. - -Fixes #6264, https://bugzilla.redhat.com/show_bug.cgi?id=1462378. - -(cherry picked from commit 4a06cbf8387555c7c04a1ee6f0c5a6f858bf4b19) ---- - src/core/load-fragment-gperf.gperf.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 -index 5b5a86250e..7fb39cf948 100644 ---- a/src/core/load-fragment-gperf.gperf.m4 -+++ b/src/core/load-fragment-gperf.gperf.m4 -@@ -194,7 +194,7 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0, - Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate) - Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0 - Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout) --Unit.JobRunningTimeoutSec, config_parse_sec, 0, offsetof(Unit, job_running_timeout) -+Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout) - Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action) - Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg) - Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval) diff --git a/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch b/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch deleted file mode 100644 index 5856ed0..0000000 --- a/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e48936b0be085f15a2e2ac88b2e50a91a66782ac Mon Sep 17 00:00:00 2001 -From: Daniel Berrange -Date: Wed, 19 Jul 2017 10:06:07 +0100 -Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399) - -QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG" -on x86 when running with the TCG CPU emulator: - - https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html - -Existing methods of detecting QEMU are left unchanged for sake of -backcompatibility. - -Signed-off-by: Daniel P. Berrange -(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe) ---- - src/basic/virt.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 6011744523..5143ac6656 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -46,6 +46,7 @@ static int detect_vm_cpuid(void) { - } cpuid_vendor_table[] = { - { "XenVMMXenVMM", VIRTUALIZATION_XEN }, - { "KVMKVMKVM", VIRTUALIZATION_KVM }, -+ { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU }, - /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ - { "VMwareVMware", VIRTUALIZATION_VMWARE }, - /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */ diff --git a/0013-test-condition-don-t-assume-that-all-non-root-users-.patch b/0013-test-condition-don-t-assume-that-all-non-root-users-.patch deleted file mode 100644 index 8212cd4..0000000 --- a/0013-test-condition-don-t-assume-that-all-non-root-users-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8864ff594b43a34e5a593da42336f28e2f30b9f5 Mon Sep 17 00:00:00 2001 -From: Felipe Sateler -Date: Wed, 19 Jul 2017 20:48:23 -0400 -Subject: [PATCH] test-condition: don't assume that all non-root users are - normal users (#6409) - -Automated builders may run under a dedicated system user, and this test would fail that - -Fixes #6366 - -(cherry picked from commit 708d423915c4ea48d408b5a3395c11055247b9bc) ---- - src/test/test-condition.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/test/test-condition.c b/src/test/test-condition.c -index 121345cfd1..b15f1b98c0 100644 ---- a/src/test/test-condition.c -+++ b/src/test/test-condition.c -@@ -390,7 +390,7 @@ static void test_condition_test_user(void) { - assert_se(condition); - r = condition_test(condition); - log_info("ConditionUser=@system → %i", r); -- if (geteuid() == 0) -+ if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX) - assert_se(r > 0); - else - assert_se(r == 0); diff --git a/0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch b/0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch deleted file mode 100644 index 79a140d..0000000 --- a/0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch +++ /dev/null @@ -1,31 +0,0 @@ -From eca55fbc51056b2a4fa3242917b6fc2f0c02e981 Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Thu, 20 Jul 2017 19:13:09 +0200 -Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411) - -In case fstab-generator is called in the initrd, chase_symlinks() -returns with a canonical path "/sysroot/sysroot/", if the -"/sysroot" prefix is present in the path. - -This patch skips the "/sysroot" prefix for the chase_symlinks() call, -because "/sysroot" is already the root directory and chase_symlinks() -prepends the root directory in the canonical path returned. - -(cherry picked from commit 98eda38aed6a10c4f6d6ad0cac6e5361e87de52b) ---- - src/fstab-generator/fstab-generator.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index 7f23b9fd74..f172e9c07b 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -537,7 +537,7 @@ static int parse_fstab(bool initrd) { - continue; - } - -- where = initrd ? strappend("/sysroot/", me->mnt_dir) : strdup(me->mnt_dir); -+ where = strdup(me->mnt_dir); - if (!where) - return log_oom(); - diff --git a/0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch b/0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch deleted file mode 100644 index 0dc1b02..0000000 --- a/0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0e50428d3699e3ad25861f458540d24038cfaa4e Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 20 Jul 2017 20:46:58 +0200 -Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message - from unexpected process (#6416) - -Given that we set NOTIFY_SOCKET unconditionally it's not surprising that -processes way down the process tree think it's smart to send us a -notification message. - -It's still useful to keep this message, for debugging things, but it -shouldn't be generated by default. - -(cherry picked from commit 8cb574307963d1aeb1c53e1d1fbeee4a2be37259) ---- - src/nspawn/nspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 8a5fedd4b0..0cbd8c3491 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -2836,7 +2836,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r - } - - if (!ucred || ucred->pid != inner_child_pid) { -- log_warning("Received notify message without valid credentials. Ignoring."); -+ log_debug("Received notify message without valid credentials. Ignoring."); - return 0; - } - diff --git a/0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch b/0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch deleted file mode 100644 index 383d5bd..0000000 --- a/0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 29d9cfc097586ac79911a5f5035c45b1971a5b1f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 22 Jul 2017 08:39:49 -0400 -Subject: [PATCH] Revert "core: don't load dropin data multiple times for the - same unit (#5139)" - -This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244. - -When we add another name to a unit (by following an alias), we need to -reload all drop-ins. This is necessary to load any additional dropins -found in the dirs created from the alias name. - -Fixes #6334. - -(cherry picked from commit 9e4ea9cc34fa032a47c253ddd94ac6c7afda663e) ---- - src/core/unit.c | 23 +++++++---------------- - 1 file changed, 7 insertions(+), 16 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index b28eeb2262..9d913e8c64 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1098,7 +1098,6 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { - - /* Common implementation for multiple backends */ - int unit_load_fragment_and_dropin(Unit *u) { -- Unit *t; - int r; - - assert(u); -@@ -1111,18 +1110,15 @@ int unit_load_fragment_and_dropin(Unit *u) { - if (u->load_state == UNIT_STUB) - return -ENOENT; - -- /* If the unit is an alias and the final unit has already been -- * loaded, there's no point in reloading the dropins one more time. */ -- t = unit_follow_merge(u); -- if (t != u && t->load_state != UNIT_STUB) -- return 0; -- -- return unit_load_dropin(t); -+ /* Load drop-in directory data. If u is an alias, we might be reloading the -+ * target unit needlessly. But we cannot be sure which drops-ins have already -+ * been loaded and which not, at least without doing complicated book-keeping, -+ * so let's always reread all drop-ins. */ -+ return unit_load_dropin(unit_follow_merge(u)); - } - - /* Common implementation for multiple backends */ - int unit_load_fragment_and_dropin_optional(Unit *u) { -- Unit *t; - int r; - - assert(u); -@@ -1138,13 +1134,8 @@ int unit_load_fragment_and_dropin_optional(Unit *u) { - if (u->load_state == UNIT_STUB) - u->load_state = UNIT_LOADED; - -- /* If the unit is an alias and the final unit has already been -- * loaded, there's no point in reloading the dropins one more time. */ -- t = unit_follow_merge(u); -- if (t != u && t->load_state != UNIT_STUB) -- return 0; -- -- return unit_load_dropin(t); -+ /* Load drop-in directory data */ -+ return unit_load_dropin(unit_follow_merge(u)); - } - - int unit_add_default_target_dependency(Unit *u, Unit *target) { diff --git a/0017-bash-completion-use-the-first-argument-instead-of-th.patch b/0017-bash-completion-use-the-first-argument-instead-of-th.patch deleted file mode 100644 index 82333fe..0000000 --- a/0017-bash-completion-use-the-first-argument-instead-of-th.patch +++ /dev/null @@ -1,73 +0,0 @@ -From f6441eaf050267c05ef8df8d5614bb598528942f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 27 Jul 2017 20:22:54 +0900 -Subject: [PATCH] bash-completion: use the first argument instead of the global - variable (#6457) - -Without this fix: - -$ systemctl start -Display all 135 possibilities? (y or n) -$ __get_startable_units --system | wc -l -224 - -the number of the suggestions are quite different, as __get_startable_units --system does -not filter already started units. With this fix, - -$ systemctl start -Display all 135 possibilities? (y or n) -$ __get_startable_units --system | wc -l -123 -$ __get_template_names --system | wc -l -12 - -the number of the suggestions matches one the function returns. -For consistency with the other internal functions, it should use the first argument -instead of the global variable $mode. - -[zj: add commit message to make it sound like we know what we're doing] - -(cherry picked from commit 6bda23dd6aaba50cf8e3e6024248cf736cc443ca) ---- - shell-completion/bash/systemctl.in | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in -index 0398d09d18..bde28efc3e 100644 ---- a/shell-completion/bash/systemctl.in -+++ b/shell-completion/bash/systemctl.in -@@ -68,7 +68,7 @@ __filter_units_by_properties () { - done - for ((i=0; i < ${#units[*]}; i++)); do - for ((j=0; j < ${#conditions[*]}; j++)); do -- if [[ "${props[ i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then -+ if [[ "${props[i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then - break - fi - done -@@ -87,19 +87,19 @@ __get_active_units () { __systemctl $1 list-units \ - | { while read -r a b; do echo " $a"; done; }; } - __get_startable_units () { - # find startable inactive units -- __filter_units_by_properties $mode ActiveState,CanStart inactive,yes $( -- { __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \ -+ __filter_units_by_properties $1 ActiveState,CanStart inactive,yes $( -+ { __systemctl $1 list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \ - { while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; } -- __systemctl $mode list-units --state inactive,failed | \ -+ __systemctl $1 list-units --state inactive,failed | \ - { while read -r a b c; do [[ $b == "loaded" ]] && echo " $a"; done; } - } | sort -u ) - } - __get_restartable_units () { - # filter out masked and not-found -- __filter_units_by_property $mode CanStart yes $( -- __systemctl $mode list-unit-files --state enabled,disabled,static | \ -+ __filter_units_by_property $1 CanStart yes $( -+ __systemctl $1 list-unit-files --state enabled,disabled,static | \ - { while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; } -- __systemctl $mode list-units | \ -+ __systemctl $1 list-units | \ - { while read -r a b; do echo " $a"; done; } ) - } - __get_failed_units () { __systemctl $1 list-units \ diff --git a/0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch b/0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch deleted file mode 100644 index 6d5976f..0000000 --- a/0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch +++ /dev/null @@ -1,49 +0,0 @@ -From ea0ff5cd4efb1d67820572fb0d7d1d8da0fc1dc1 Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Fri, 28 Jul 2017 09:46:05 +0200 -Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473) - -Display the error for a small amount of time, but don't fail hard. - -In case of a faulty BIOS, a TPM error should not prevent the boot. -If something cares about the PCM measurement, it will be noticed -anyway later on. - -Especially important now, that TPM measurement is the default now on -some distribution builds. - -https://bugzilla.redhat.com/show_bug.cgi?id=1411156 -(cherry picked from commit 522aa9f5f8755d7389131da41bd60b6276917ff2) ---- - src/boot/efi/boot.c | 3 +-- - src/boot/efi/stub.c | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 1e990b3825..316e95a72b 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -1657,8 +1657,7 @@ static EFI_STATUS image_start(EFI_HANDLE parent_image, const Config *config, con - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); - if (EFI_ERROR(err)) { - Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000); - } - #endif - } -diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c -index bab5d46de9..2562228090 100644 ---- a/src/boot/efi/stub.c -+++ b/src/boot/efi/stub.c -@@ -94,8 +94,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); - if (EFI_ERROR(err)) { - Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000); - } - #endif - } diff --git a/0019-meson-D-remote-and-D-importd-should-be-combo-options.patch b/0019-meson-D-remote-and-D-importd-should-be-combo-options.patch deleted file mode 100644 index 6d79dce..0000000 --- a/0019-meson-D-remote-and-D-importd-should-be-combo-options.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 9c27ced1fac191139a131d179a25801ce9ca3357 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 26 Jul 2017 14:11:15 -0400 -Subject: [PATCH] meson: -D remote and -D importd should be "combo" options - -The default should be 'auto', and we allow 'true' -and 'false' too. - -Fixes #6445. - -(cherry picked from commit b1519d656691e725a8b8950fc0e6cc8d25b1016a) ---- - meson_options.txt | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/meson_options.txt b/meson_options.txt -index 1594fec41f..b7a45d5806 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -69,7 +69,7 @@ option('timedated', type : 'boolean', - description : 'install the systemd-timedated daemon') - option('timesyncd', type : 'boolean', - description : 'install the systemd-timesyncd daemon') --option('remote', type : 'boolean', -+option('remote', type : 'combo', choices : ['auto', 'true', 'false'], - description : 'support for "journal over the network"') - option('myhostname', type : 'boolean', - description : 'nss-myhostname support') -@@ -87,7 +87,7 @@ option('sysusers', type : 'boolean', - description : 'support for the sysusers configuration') - option('tmpfiles', type : 'boolean', - description : 'support for tmpfiles.d') --option('importd', type : 'boolean', -+option('importd', type : 'combo', choices : ['auto', 'true', 'false'], - description : 'install the systemd-importd daemon') - option('hwdb', type : 'boolean', - description : 'support for the hardware database') diff --git a/0020-cryptsetup-fix-infinite-timeout-6486.patch b/0020-cryptsetup-fix-infinite-timeout-6486.patch deleted file mode 100644 index 860d816..0000000 --- a/0020-cryptsetup-fix-infinite-timeout-6486.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c64c6a8b259abfbff5ce202d5d5982b120cf928f Mon Sep 17 00:00:00 2001 -From: Andrew Soutar -Date: Mon, 31 Jul 2017 02:19:16 -0400 -Subject: [PATCH] cryptsetup: fix infinite timeout (#6486) - -0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The -logic here now matches this change. - -Fixes #6381 - -(cherry picked from commit 0864d311766498563331f486909a0d950ba7de87) ---- - src/cryptsetup/cryptsetup.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c -index 3b4c086162..08ed7e53ba 100644 ---- a/src/cryptsetup/cryptsetup.c -+++ b/src/cryptsetup/cryptsetup.c -@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false; - static char **arg_tcrypt_keyfiles = NULL; - static uint64_t arg_offset = 0; - static uint64_t arg_skip = 0; --static usec_t arg_timeout = 0; -+static usec_t arg_timeout = USEC_INFINITY; - - /* Options Debian's crypttab knows we don't: - -@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) { - if (arg_discards) - flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; - -- if (arg_timeout > 0) -- until = now(CLOCK_MONOTONIC) + arg_timeout; -- else -+ if (arg_timeout == USEC_INFINITY) - until = 0; -+ else -+ until = now(CLOCK_MONOTONIC) + arg_timeout; - - arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); - diff --git a/0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch b/0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch deleted file mode 100644 index 4790389..0000000 --- a/0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From cb81159ce49380d39c80f803353784633b8f306c Mon Sep 17 00:00:00 2001 -From: "S. Fan" -Date: Mon, 31 Jul 2017 05:10:10 -0500 -Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor - (#6489) - -Comparing udev_device_get_sysname(device) and sysname will always return -true. We need to check the device received from udev monitor instead. - -Also, fd_wait_for_event() sometimes never exits. Better set a timeout -here. - -(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f) ---- - src/rfkill/rfkill.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c -index c0f138b4f4..470853d1d2 100644 ---- a/src/rfkill/rfkill.c -+++ b/src/rfkill/rfkill.c -@@ -138,17 +138,21 @@ static int wait_for_initialized( - for (;;) { - _cleanup_udev_device_unref_ struct udev_device *t = NULL; - -- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY); -+ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC); - if (r == -EINTR) - continue; - if (r < 0) - return log_error_errno(r, "Failed to watch udev monitor: %m"); -+ if (r == 0) { -+ log_error("Timed out wating for udev monitor."); -+ return -ETIMEDOUT; -+ } - - t = udev_monitor_receive_device(monitor); - if (!t) - continue; - -- if (streq_ptr(udev_device_get_sysname(device), sysname)) { -+ if (streq_ptr(udev_device_get_sysname(t), sysname)) { - *ret = udev_device_ref(t); - return 0; - } diff --git a/0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch b/0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch deleted file mode 100644 index f310a4f..0000000 --- a/0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b56c4c19c8d0adca67eb34e1924d881e7d61b97f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= -Date: Mon, 31 Jul 2017 12:32:09 +0200 -Subject: [PATCH] core: Do not fail perpetual mount units without fragment - (#6459) - -mount_load does not require fragment files to be present in order to -load mount units which are perpetual, or come from /proc/self/mountinfo. - -mount_verify should do the same, otherwise a synthesized '-.mount' would -be marked as failed with "No such file or directory", as it is perpetual -but not marked to come from /proc/self/mountinfo at this point. - -This happens for the user instance, and I suspect it was the cause of #5375 -for the system instance, without gpt-generator. - -(cherry picked from commit 1df96fcb31b3bc30c4a983de4734f61ed5a29115) ---- - src/core/mount.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 214364d87d..7d9644e305 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -503,7 +503,7 @@ static int mount_verify(Mount *m) { - if (UNIT(m)->load_state != UNIT_LOADED) - return 0; - -- if (!m->from_fragment && !m->from_proc_self_mountinfo) -+ if (!m->from_fragment && !m->from_proc_self_mountinfo && !UNIT(m)->perpetual) - return -ENOENT; - - r = unit_name_from_path(m->where, ".mount", &e); diff --git a/0023-build-sys-bump-xslt-maxdepth-limit.patch b/0023-build-sys-bump-xslt-maxdepth-limit.patch deleted file mode 100644 index f33ddb8..0000000 --- a/0023-build-sys-bump-xslt-maxdepth-limit.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f2618d3474090751ae364ca326f3563797cce54a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 18 Sep 2017 17:09:52 +0200 -Subject: [PATCH] build-sys: bump xslt maxdepth limit - -With libxslt-1.30, builds were failing on some recursion depth limit -with systemd.index.xml. Bumping the limit fixes the issue. ---- - man/meson.build | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/man/meson.build b/man/meson.build -index 8ddbd5557c..5b6a21fb9f 100644 ---- a/man/meson.build -+++ b/man/meson.build -@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found() - xsltproc_flags = [ - '--nonet', - '--xinclude', -+ '--maxdepth', '9000', - '--stringparam', 'man.output.quietly', '1', - '--stringparam', 'funcsynopsis.style', 'ansi', - '--stringparam', 'man.authors.section.enabled', '0', --- -2.13.5 - diff --git a/0024-device-make-sure-to-remove-all-device-units-sharing-.patch b/0024-device-make-sure-to-remove-all-device-units-sharing-.patch deleted file mode 100644 index dd853fe..0000000 --- a/0024-device-make-sure-to-remove-all-device-units-sharing-.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 6d0fe8a5809ef5ccc8e92bdf2eea031178b87083 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Wed, 30 Aug 2017 17:16:16 +0200 -Subject: [PATCH] device: make sure to remove all device units sharing the same - sysfs path (#6679) - -When a device is unplugged all device units sharing the same sysfs path -pointing to that device are supposed to be removed. - -However it didn't work since while iterating the device unit list containing -all the relevant units, each unit was removed during each iteration of -LIST_FOREACH. However LIST_FOREACH doesn't support this use case and -LIST_FOREACH_SAFE must be use instead. - -(cherry picked from commit cc0df6cc35339976c367977dc292278a1939db0c) ---- - src/core/device.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 77601c552..87186f135 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool - } - - static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, DeviceFound found, bool now) { -- Device *d, *l; -+ Device *d, *l, *n; - - assert(m); - assert(sysfs); -@@ -523,7 +523,7 @@ static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, - return 0; - - l = hashmap_get(m->devices_by_sysfs, sysfs); -- LIST_FOREACH(same_sysfs, d, l) -+ LIST_FOREACH_SAFE(same_sysfs, d, n, l) - device_update_found_one(d, add, found, now); - - return 0; --- -2.13.5 - diff --git a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch index 2418bc7..0c00857 100644 --- a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ b/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -1,4 +1,4 @@ -From 108c060c5521309b9448e3a7905b50dd505f36a8 Mon Sep 17 00:00:00 2001 +From 67ba0816708038ad282fcb38f250a54bb781866a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 11 Mar 2016 17:06:17 -0500 Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime @@ -18,34 +18,34 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1313085 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index deb75f9ae5..914d3b8a2d 100644 +index 2eb7bfd030..75e2f7928c 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c -@@ -67,6 +67,10 @@ int main(int argc, char *argv[]) { - goto finish; - } +@@ -70,6 +70,10 @@ int main(int argc, char *argv[]) { + /* Drop privileges, but only if we have been started as root. If we are not running as root we assume all + * privileges are already dropped. */ + if (getuid() == 0) { ++ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); ++ if (r < 0 && errno != EEXIST) ++ log_warning_errno(errno, ++ "Could not create /etc/resolv.conf symlink: %m"); -+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); -+ if (r < 0 && errno != EEXIST) -+ log_warning_errno(errno, "Could not create /etc/resolv.conf symlink: %m"); -+ - /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ - r = drop_privileges(uid, gid, - (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ + /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ + r = drop_privileges(uid, gid, diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 -index 064eae94f1..928105ea8d 100644 +index 35e3809f57..928105ea8d 100644 --- a/tmpfiles.d/etc.conf.m4 +++ b/tmpfiles.d/etc.conf.m4 @@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts m4_ifdef(`HAVE_SMACK_RUN_LABEL', t /etc/mtab - - - - security.SMACK64=_ )m4_dnl --m4_ifdef(`ENABLE_RESOLVED', +-m4_ifdef(`ENABLE_RESOLVE', -L! /etc/resolv.conf - - - - ../usr/lib/systemd/resolv.conf -)m4_dnl C /etc/nsswitch.conf - - - - m4_ifdef(`HAVE_PAM', C /etc/pam.d - - - - -- -2.9.2 +2.13.6 diff --git a/0999-netdev-crypttab.patch b/0999-netdev-crypttab.patch deleted file mode 100644 index ba91dee..0000000 --- a/0999-netdev-crypttab.patch +++ /dev/null @@ -1,280 +0,0 @@ -From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 5 Sep 2017 09:14:51 +0200 -Subject: [PATCH 1/3] units: order cryptsetup-pre.target before - cryptsetup.target - -Normally this happens automatically, but if it happened that both targets were -pulled in, even though there were no cryptsetup units, they could be started -in reverse order, which would be somewhat confusing. Add an explicit ordering -to avoid this potential issue. ---- - units/cryptsetup-pre.target | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target -index 65353419f..42e35dd4e 100644 ---- a/units/cryptsetup-pre.target -+++ b/units/cryptsetup-pre.target -@@ -9,3 +9,4 @@ - Description=Encrypted Volumes (Pre) - Documentation=man:systemd.special(7) - RefuseManualStart=yes -+Before=cryptsetup.target --- -2.14.1 - - -From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 5 Sep 2017 10:15:13 +0200 -Subject: [PATCH 2/3] units: add remote-cryptsetup.target and - remote-cryptsetup-pre.target - -The pair is similar to remote-fs.target and remote-fs-pre.target. Any -cryptsetup devices which require network shall be ordered after -remote-cryptsetup-pre.target and before remote-cryptsetup.target. ---- - man/systemd.special.xml | 23 +++++++++++++++++++++++ - units/cryptsetup-pre.target | 2 +- - units/cryptsetup.target | 2 +- - units/meson.build | 3 +++ - units/remote-cryptsetup-pre.target | 15 +++++++++++++++ - units/remote-cryptsetup.target | 10 ++++++++++ - 6 files changed, 53 insertions(+), 2 deletions(-) - create mode 100644 units/remote-cryptsetup-pre.target - create mode 100644 units/remote-cryptsetup.target - -diff --git a/man/systemd.special.xml b/man/systemd.special.xml -index 66c45e39a..7107b8a92 100644 ---- a/man/systemd.special.xml -+++ b/man/systemd.special.xml -@@ -81,6 +81,8 @@ - poweroff.target, - printer.target, - reboot.target, -+ remote-cryptsetup-pre.target, -+ remote-cryptsetup.target, - remote-fs-pre.target, - remote-fs.target, - rescue.target, -@@ -450,6 +452,27 @@ - this target unit, for compatibility with SysV. - - -+ -+ remote-cryptsetup-pre.target -+ -+ This target unit is automatically ordered before all cryptsetup devices -+ marked with the . It can be used to execute additional -+ units before such devices are set up. -+ -+ It is ordered after network.target and -+ network-online.target, and also pulls the latter in as a -+ Wants= dependency. -+ -+ -+ -+ remote-cryptsetup.target -+ -+ Similar to cryptsetup.target, but for encrypted -+ devices which are accessed over the network. It is used for -+ crypttab8 -+ entries marked with . -+ -+ - - remote-fs.target - -diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target -index 42e35dd4e..6cb28a61a 100644 ---- a/units/cryptsetup-pre.target -+++ b/units/cryptsetup-pre.target -@@ -6,7 +6,7 @@ - # (at your option) any later version. - - [Unit] --Description=Encrypted Volumes (Pre) -+Description=Local Encrypted Volumes (Pre) - Documentation=man:systemd.special(7) - RefuseManualStart=yes - Before=cryptsetup.target -diff --git a/units/cryptsetup.target b/units/cryptsetup.target -index 25d3e33f6..10b17fd38 100644 ---- a/units/cryptsetup.target -+++ b/units/cryptsetup.target -@@ -6,5 +6,5 @@ - # (at your option) any later version. - - [Unit] --Description=Encrypted Volumes -+Description=Local Encrypted Volumes - Documentation=man:systemd.special(7) -diff --git a/units/meson.build b/units/meson.build -index e94add6a6..e6351c7a2 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -47,6 +47,9 @@ units = [ - ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], - ['reboot.target', '', - 'runlevel6.target ctrl-alt-del.target'], -+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], -+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', -+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], - ['remote-fs-pre.target', ''], - ['remote-fs.target', '', - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], -diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target -new file mode 100644 -index 000000000..a375e6188 ---- /dev/null -+++ b/units/remote-cryptsetup-pre.target -@@ -0,0 +1,15 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+[Unit] -+Description=Remote Encrypted Volumes (Pre) -+Documentation=man:systemd.special(7) -+RefuseManualStart=yes -+Before=remote-cryptsetup.target -+ -+After=network.target network-online.target -+Wants=network-online.target -diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target -new file mode 100644 -index 000000000..60943bd1c ---- /dev/null -+++ b/units/remote-cryptsetup.target -@@ -0,0 +1,10 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+[Unit] -+Description=Remote Encrypted Volumes -+Documentation=man:systemd.special(7) --- -2.14.1 - - -From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 5 Sep 2017 11:30:33 +0200 -Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when - _netdev is present - -This allows such devices to depend on the network. Their startup will -be delayed similarly to network mount units. - -Fixes #4642. ---- - man/crypttab.xml | 13 +++++++++++++ - src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++----------------- - 2 files changed, 32 insertions(+), 17 deletions(-) - -diff --git a/man/crypttab.xml b/man/crypttab.xml -index 17976f370..162377ebc 100644 ---- a/man/crypttab.xml -+++ b/man/crypttab.xml -@@ -213,6 +213,19 @@ - . - - -+ -+ -+ -+ Marks this cryptsetup device as requiring network. It will be -+ started after the network is available, similarly to -+ systemd.mount5 -+ units marked with . The service unit to set up this device -+ will be ordered between remote-cryptsetup-pre.target and -+ remote-cryptsetup.target, instead of -+ cryptsetup-pre.target and -+ cryptsetup.target. -+ -+ - - - -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index b58b6db7c..8571ab06e 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -61,7 +61,7 @@ static int create_disk( - _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL, - *filtered = NULL; - _cleanup_fclose_ FILE *f = NULL; -- bool noauto, nofail, tmp, swap; -+ bool noauto, nofail, tmp, swap, netdev; - char *from; - int r; - -@@ -72,6 +72,7 @@ static int create_disk( - nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); - tmp = fstab_test_option(options, "tmp\0"); - swap = fstab_test_option(options, "swap\0"); -+ netdev = fstab_test_option(options, "_netdev\0"); - - if (tmp && swap) { - log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); -@@ -102,21 +103,22 @@ static int create_disk( - if (!f) - return log_error_errno(errno, "Failed to create unit file %s: %m", p); - -- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n" -- "[Unit]\n" -- "Description=Cryptography Setup for %I\n" -- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" -- "SourcePath=/etc/crypttab\n" -- "DefaultDependencies=no\n" -- "Conflicts=umount.target\n" -- "BindsTo=dev-mapper-%i.device\n" -- "IgnoreOnIsolate=true\n" -- "After=cryptsetup-pre.target\n", -- f); -+ fprintf(f, -+ "# Automatically generated by systemd-cryptsetup-generator\n\n" -+ "[Unit]\n" -+ "Description=Cryptography Setup for %%I\n" -+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" -+ "SourcePath=/etc/crypttab\n" -+ "DefaultDependencies=no\n" -+ "Conflicts=umount.target\n" -+ "IgnoreOnIsolate=true\n" -+ "After=%s\n", -+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); - - if (!nofail) - fprintf(f, -- "Before=cryptsetup.target\n"); -+ "Before=%s\n", -+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); - - if (password) { - if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) -@@ -200,10 +202,10 @@ static int create_disk( - return log_error_errno(errno, "Failed to create symlink %s: %m", to); - - free(to); -- if (!nofail) -- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n); -- else -- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n); -+ to = strjoin(arg_dest, -+ netdev ? "/remote-cryptsetup" : "/cryptsetup", -+ ".target.", -+ nofail ? "wants/" : "requires/", n); - if (!to) - return log_oom(); - --- -2.14.1 - diff --git a/sources b/sources index 5454322..cd7956a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-234.tar.gz) = 762336a7d96c6583cf71cad62efce95a0ed93cd0a0d7251f128d10dba8200c0c8df0e5a7d168179ababa5b221295a231e73b7e7ea2697cb3fb5c1b33538efa68 +SHA512 (systemd-235.tar.gz) = 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993 diff --git a/systemd.spec b/systemd.spec index 1ef9152..4913b17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -12,8 +12,8 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 234 -Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Version: 235 +Release: 1%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -46,33 +46,9 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done| GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch %endif -Patch0001: 0001-escape-Fix-help-description-6352.patch -Patch0002: 0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch -Patch0003: 0003-add-version-argument-to-help-function-6377.patch -Patch0004: 0004-seccomp-arm64-x32-do-not-have-_sysctl.patch -Patch0005: 0005-seccomp-arm64-does-not-have-mmap2.patch -Patch0006: 0006-test-seccomp-arm64-does-not-have-access-and-poll.patch -Patch0007: 0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch -Patch0008: 0008-core-modify-resource-leak-by-SmackProcessLabel.patch -Patch0009: 0009-core-dump-also-missed-security-context.patch -Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch -Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch -Patch0012: 0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch -Patch0013: 0013-test-condition-don-t-assume-that-all-non-root-users-.patch -Patch0014: 0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch -Patch0015: 0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch -Patch0016: 0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch -Patch0017: 0017-bash-completion-use-the-first-argument-instead-of-th.patch -Patch0018: 0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch -Patch0019: 0019-meson-D-remote-and-D-importd-should-be-combo-options.patch -Patch0020: 0020-cryptsetup-fix-infinite-timeout-6486.patch -Patch0021: 0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch -Patch0022: 0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch -Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch -Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch +Patch0001: 0001-po-update-Polish-translation-7015.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch -Patch0999: 0999-netdev-crypttab.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -667,6 +643,8 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %dir %{_prefix}/lib/binfmt.d %dir %{_prefix}/lib/environment.d %{_prefix}/lib/environment.d/99-environment.conf +%dir %{_prefix}/lib/modprobe.d +%{_prefix}/lib/modprobe.d/systemd.conf %dir %{_prefix}/lib/kernel %dir %{_datadir}/systemd %dir %{_datadir}/dbus-1/system.d @@ -1040,7 +1018,6 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/systemd-journal-gatewayd %{pkgdir}/systemd-journal-remote %{pkgdir}/systemd-journal-upload -%{_prefix}/lib/tmpfiles.d/systemd-remote.conf %{_prefix}/lib/sysusers.d/systemd-remote.conf %dir %attr(0755,systemd-journal-upload,systemd-journal-upload) %{_localstatedir}/lib/systemd/journal-upload %{_datadir}/systemd/gatewayd @@ -1053,6 +1030,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/tests %changelog +* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 +- Update to latest version + * Tue Sep 26 2017 Nathaniel McCallum - 234-8 - Backport /etc/crypttab _netdev feature from upstream