rpms
/
systemd
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport a bunch of patches from v234..v235+

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-10-26 12:14:13 +02:00
parent ac49c72d1e
commit 44a72b9a54
92 changed files with 5368 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch
View File

@ -1,4 +1,4 @@
From e48936b0be085f15a2e2ac88b2e50a91a66782ac Mon Sep 17 00:00:00 2001
From ce0609bc26d33e47b23fbbe1aa7465283a10fb10 Mon Sep 17 00:00:00 2001
From: Daniel Berrange <berrange@redhat.com>
Date: Wed, 19 Jul 2017 10:06:07 +0100
Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399)

2
0013-test-condition-don-t-assume-that-all-non-root-users-.patch
View File

@ -1,4 +1,4 @@
From 8864ff594b43a34e5a593da42336f28e2f30b9f5 Mon Sep 17 00:00:00 2001
From 6e4a6549267f3e932b3478abfe9f863b55259538 Mon Sep 17 00:00:00 2001
From: Felipe Sateler <fsateler@users.noreply.github.com>
Date: Wed, 19 Jul 2017 20:48:23 -0400
Subject: [PATCH] test-condition: don't assume that all non-root users are

2
0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch → 0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch
View File

@ -1,4 +1,4 @@
From 29d9cfc097586ac79911a5f5035c45b1971a5b1f Mon Sep 17 00:00:00 2001
From 5b499dab86989eb61d7b82053a3b1a2e5e054a2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 22 Jul 2017 08:39:49 -0400
Subject: [PATCH] Revert "core: don't load dropin data multiple times for the

2
0017-bash-completion-use-the-first-argument-instead-of-th.patch → 0015-bash-completion-use-the-first-argument-instead-of-th.patch
View File

@ -1,4 +1,4 @@
From f6441eaf050267c05ef8df8d5614bb598528942f Mon Sep 17 00:00:00 2001
From 4c02374f27cd8bbd4cc101cf350b1219c05e8911 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 27 Jul 2017 20:22:54 +0900
Subject: [PATCH] bash-completion: use the first argument instead of the global

2
0019-meson-D-remote-and-D-importd-should-be-combo-options.patch → 0016-meson-D-remote-and-D-importd-should-be-combo-options.patch
View File

@ -1,4 +1,4 @@
From 9c27ced1fac191139a131d179a25801ce9ca3357 Mon Sep 17 00:00:00 2001
From e3568f4365b867b6d2e80dc86c8e348f660c5f82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 26 Jul 2017 14:11:15 -0400
Subject: [PATCH] meson: -D remote and -D importd should be "combo" options

2
0020-cryptsetup-fix-infinite-timeout-6486.patch → 0017-cryptsetup-fix-infinite-timeout-6486.patch
View File

@ -1,4 +1,4 @@
From c64c6a8b259abfbff5ce202d5d5982b120cf928f Mon Sep 17 00:00:00 2001
From 6ef8e216e15fba045e8f8a13b7b57f56db767840 Mon Sep 17 00:00:00 2001
From: Andrew Soutar <andrew@andrewsoutar.com>
Date: Mon, 31 Jul 2017 02:19:16 -0400
Subject: [PATCH] cryptsetup: fix infinite timeout (#6486)

162
0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch Normal file
View File

@ -0,0 +1,162 @@
From ca0cebc3f106d89973e0b02dbfc325c37d4c78b3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Sep 2017 17:30:50 +0200
Subject: [PATCH] unit: when JobTimeoutSec= is turned off, implicitly turn off
JobRunningTimeoutSec= too
We added JobRunningTimeoutSec= late, and Dracut configured only
JobTimeoutSec= to turn of root device timeouts before. With this change
we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=,
but only if the latter wasn't set explicitly.
This should restore compatibility with older systemd versions.
Fixes: #6402
(cherry picked from commit eae51da36e8800f6d466580a817eb5877220376d)
---
src/basic/time-util.c | 4 ++
src/core/load-fragment-gperf.gperf.m4 | 4 +-
src/core/load-fragment.c | 72 +++++++++++++++++++++++++++++++++++
src/core/load-fragment.h | 2 +
src/core/unit.h | 1 +
5 files changed, 81 insertions(+), 2 deletions(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 68ba86f6a5..9199b6490d 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1010,7 +1010,11 @@ int parse_sec(const char *t, usec_t *usec) {
}
int parse_sec_fix_0(const char *t, usec_t *usec) {
+ assert(t);
+ assert(usec);
+
t += strspn(t, WHITESPACE);
+
if (streq(t, "0")) {
*usec = USEC_INFINITY;
return 0;
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 7fb39cf948..a32385931e 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -193,8 +193,8 @@ Unit.OnFailureJobMode, config_parse_job_mode, 0,
Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0, offsetof(Unit, on_failure_job_mode)
Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate)
Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0
-Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout)
-Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout)
+Unit.JobTimeoutSec, config_parse_job_timeout_sec, 0, 0
+Unit.JobRunningTimeoutSec, config_parse_job_running_timeout_sec, 0, 0
Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action)
Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg)
Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 9d5c39b3dd..23bca0094c 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4178,6 +4178,78 @@ int config_parse_protect_system(
return 0;
}
+int config_parse_job_timeout_sec(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Unit *u = data;
+ usec_t usec;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(u);
+
+ r = parse_sec_fix_0(rvalue, &usec);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
+ * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the usec picked should
+ * count. */
+
+ if (!u->job_running_timeout_set)
+ u->job_running_timeout = usec;
+
+ u->job_timeout = usec;
+
+ return 0;
+}
+
+int config_parse_job_running_timeout_sec(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Unit *u = data;
+ usec_t usec;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(u);
+
+ r = parse_sec_fix_0(rvalue, &usec);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ u->job_running_timeout = usec;
+ u->job_running_timeout_set = true;
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index fc27a07955..5079d4c00c 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -118,6 +118,8 @@ int config_parse_user_group(const char *unit, const char *filename, unsigned lin
int config_parse_user_group_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_restrict_namespaces(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_bind_paths(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_job_timeout_sec(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_job_running_timeout_sec(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
/* gperf prototypes */
const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
diff --git a/src/core/unit.h b/src/core/unit.h
index cf21b37e22..d70fc970b5 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -115,6 +115,7 @@ struct Unit {
/* Job timeout and action to take */
usec_t job_timeout;
usec_t job_running_timeout;
+ bool job_running_timeout_set:1;
EmergencyAction job_timeout_action;
char *job_timeout_reboot_arg;

2
0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch → 0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch
View File

@ -1,4 +1,4 @@
From eca55fbc51056b2a4fa3242917b6fc2f0c02e981 Mon Sep 17 00:00:00 2001
From 95f02a94777902e9a46ac18e2bd3d54ab440c361 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 20 Jul 2017 19:13:09 +0200
Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411)

2
0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch → 0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch
View File

@ -1,4 +1,4 @@
From 0e50428d3699e3ad25861f458540d24038cfaa4e Mon Sep 17 00:00:00 2001
From 1d84ae053f1ffb95913f6f8407ef267a9c38cb4d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Jul 2017 20:46:58 +0200
Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message

2
0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch → 0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch
View File

@ -1,4 +1,4 @@
From ea0ff5cd4efb1d67820572fb0d7d1d8da0fc1dc1 Mon Sep 17 00:00:00 2001
From 2fa3d5f243b8e0bb6ef51b5a4a66c538b2941812 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 28 Jul 2017 09:46:05 +0200
Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473)

2
0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch → 0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
View File

@ -1,4 +1,4 @@
From cb81159ce49380d39c80f803353784633b8f306c Mon Sep 17 00:00:00 2001
From cd8a9ccb7c06394a64bfe0cd2a88fad7be8e3f9f Mon Sep 17 00:00:00 2001
From: "S. Fan" <sfanxiang@gmail.com>
Date: Mon, 31 Jul 2017 05:10:10 -0500
Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor

2
0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch → 0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch
View File

@ -1,4 +1,4 @@
From b56c4c19c8d0adca67eb34e1924d881e7d61b97f Mon Sep 17 00:00:00 2001
From ed10d8afb4f327536a1fb4c2873c95d3ba457efa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= <abdo.roig@gmail.com>
Date: Mon, 31 Jul 2017 12:32:09 +0200
Subject: [PATCH] core: Do not fail perpetual mount units without fragment

63
0024-process-util-update-the-end-pointer-of-the-process-n.patch Normal file
View File

@ -0,0 +1,63 @@
From 4caa10a6bedf7a18b42e011bdbdb4b9c425c0d6d Mon Sep 17 00:00:00 2001
From: Jouke Witteveen <j.witteveen@gmail.com>
Date: Wed, 2 Aug 2017 17:08:31 +0200
Subject: [PATCH] process-util: update the end pointer of the process name on
rename (#6492)
We only updated the end pointer when allocating new memory, i.e. on the first
call to rename_process.
(cherry picked from commit 01f989c66253ea923679ffddf266ea13339c295b)
---
src/basic/process-util.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index b80cacaa42..99b75c65f1 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -312,19 +312,18 @@ int rename_process(const char name[]) {
/* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but
* has the advantage that the argv[] array is exactly what we want it to be, and not filled up with zeros at
* the end. This is the best option for changing /proc/self/cmdline. */
- if (mm_size < l+1) {
+
+ /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the
+ * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is
+ * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if
+ * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but
+ * mmap() is not. */
+ if (geteuid() != 0)
+ log_debug("Skipping PR_SET_MM, as we don't have privileges.");
+ else if (mm_size < l+1) {
size_t nn_size;
char *nn;
- /* Let's not bother with this if we don't have euid == 0. Strictly speaking if people do weird stuff
- * with capabilities this could work even for euid != 0, but our own code generally doesn't do that,
- * hence let's use this as quick bypass check, to avoid calling mmap() if PR_SET_MM_ARG_START fails
- * with EPERM later on anyway. After all geteuid() is dead cheap to call, but mmap() is not. */
- if (geteuid() != 0) {
- log_debug("Skipping PR_SET_MM_ARG_START, as we don't have privileges.");
- goto use_saved_argv;
- }
-
nn_size = PAGE_ALIGN(l+1);
nn = mmap(NULL, nn_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
if (nn == MAP_FAILED) {
@@ -351,9 +350,14 @@ int rename_process(const char name[]) {
mm = nn;
mm_size = nn_size;
- } else
+ } else {
strncpy(mm, name, mm_size);
+ /* Update the end pointer, continuing regardless of any failure. */
+ if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) mm + l + 1, 0, 0) < 0)
+ log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m");
+ }
+
use_saved_argv:
/* Fourth step: in all cases we'll also update the original argv[], so that our own code gets it right too if
* it still looks here */

98
0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch Normal file
View File

@ -0,0 +1,98 @@
From 672eb11bf702aa194e1c9e40f9b2acc6434540d4 Mon Sep 17 00:00:00 2001
From: bengal <bengal@users.noreply.github.com>
Date: Tue, 8 Aug 2017 18:55:31 +0200
Subject: [PATCH] dhcp-network: adjust sockaddr length for addresses longer
than 8 bytes (#6527)
An infiniband hardware address is 20 bytes, but sockaddr_ll.sll_addr is only 8
bytes. Explicitly ensure that sockaddr_union has enough space for infiniband
addresses, even if they run over sockaddr_ll and add a macro to compute the
proper size to pass to kernel.
(cherry picked from commit b1f24b75af135fe8efba9c7264447985e2843511)
---
src/basic/socket-util.h | 20 ++++++++++++++++++++
src/libsystemd-network/dhcp-network.c | 16 +++++++++-------
2 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index 73c3a339fc..43edc05c63 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -27,6 +27,7 @@
#include <sys/types.h>
#include <sys/un.h>
#include <linux/netlink.h>
+#include <linux/if_infiniband.h>
#include <linux/if_packet.h>
#include "macro.h"
@@ -42,6 +43,8 @@ union sockaddr_union {
struct sockaddr_storage storage;
struct sockaddr_ll ll;
struct sockaddr_vm vm;
+ /* Ensure there is enough space to store Infiniband addresses */
+ uint8_t ll_buffer[offsetof(struct sockaddr_ll, sll_addr) + CONST_MAX(ETH_ALEN, INFINIBAND_ALEN)];
};
typedef struct SocketAddress {
@@ -147,6 +150,23 @@ int flush_accept(int fd);
struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length);
+/*
+ * Certain hardware address types (e.g Infiniband) do not fit into sll_addr
+ * (8 bytes) and run over the structure. This macro returns the correct size that
+ * must be passed to kernel.
+ */
+#define SOCKADDR_LL_LEN(sa) \
+ ({ \
+ const struct sockaddr_ll *_sa = &(sa); \
+ size_t _mac_len = sizeof(_sa->sll_addr); \
+ assert(_sa->sll_family == AF_PACKET); \
+ if (be16toh(_sa->sll_hatype) == ARPHRD_ETHER) \
+ _mac_len = MAX(_mac_len, (size_t) ETH_ALEN); \
+ if (be16toh(_sa->sll_hatype) == ARPHRD_INFINIBAND) \
+ _mac_len = MAX(_mac_len, (size_t) INFINIBAND_ALEN); \
+ offsetof(struct sockaddr_ll, sll_addr) + _mac_len; \
+ })
+
/* Covers only file system and abstract AF_UNIX socket addresses, but not unnamed socket addresses. */
#define SOCKADDR_UN_LEN(sa) \
({ \
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index 65405dcce0..a440a20f96 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -108,14 +108,16 @@ static int _bind_raw_socket(int ifindex, union sockaddr_union *link,
if (r < 0)
return -errno;
- link->ll.sll_family = AF_PACKET;
- link->ll.sll_protocol = htobe16(ETH_P_IP);
- link->ll.sll_ifindex = ifindex;
- link->ll.sll_hatype = htobe16(arp_type);
- link->ll.sll_halen = mac_addr_len;
+ link->ll = (struct sockaddr_ll) {
+ .sll_family = AF_PACKET,
+ .sll_protocol = htobe16(ETH_P_IP),
+ .sll_ifindex = ifindex,
+ .sll_hatype = htobe16(arp_type),
+ .sll_halen = mac_addr_len,
+ };
memcpy(link->ll.sll_addr, bcast_addr, mac_addr_len);
- r = bind(s, &link->sa, sizeof(link->ll));
+ r = bind(s, &link->sa, SOCKADDR_LL_LEN(link->ll));
if (r < 0)
return -errno;
@@ -221,7 +223,7 @@ int dhcp_network_send_raw_socket(int s, const union sockaddr_union *link,
assert(packet);
assert(len);
- r = sendto(s, packet, len, 0, &link->sa, sizeof(link->ll));
+ r = sendto(s, packet, len, 0, &link->sa, SOCKADDR_LL_LEN(link->ll));
if (r < 0)
return -errno;

79
0026-service-attempt-to-execute-next-main-command-only-fo.patch Normal file
View File

@ -0,0 +1,79 @@
From 950410cf37fd2ab5f7362f8d64fdc280dcce8810 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Fri, 25 Aug 2017 15:36:10 +0200
Subject: [PATCH] service: attempt to execute next main command only for
oneshot services (#6619)
This commit fixes crash described in
https://github.com/systemd/systemd/issues/6533
Multiple ExecStart lines are allowed only for oneshot services
anyway so it doesn't make sense to call service_run_next_main() with
services of type other than SERVICE_ONESHOT.
Referring back to reproducer from the issue, previously we didn't observe
this problem because s->main_command was reset after daemon-reload hence
we never reached the assert statement in service_run_next_main().
Fixes #6533
(cherry picked from commit b58aeb70dbd1cab5908b003ef5187da1fc241839)
---
src/core/service.c | 1 +
test/test-exec-deserialization.py | 31 +++++++++++++++++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/src/core/service.c b/src/core/service.c
index 4c577db8d7..499f964322 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2884,6 +2884,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
if (s->main_command &&
s->main_command->command_next &&
+ s->type == SERVICE_ONESHOT &&
f == SERVICE_SUCCESS) {
/* There is another command to *
diff --git a/test/test-exec-deserialization.py b/test/test-exec-deserialization.py
index 39a9e62e15..c3fe0824c7 100755
--- a/test/test-exec-deserialization.py
+++ b/test/test-exec-deserialization.py
@@ -178,6 +178,37 @@ class ExecutionResumeTest(unittest.TestCase):
self.assertTrue(not os.path.exists(self.output_file))
+ def test_issue_6533(self):
+ unit = "test-issue-6533.service"
+ unitfile_path = "/run/systemd/system/{}".format(unit)
+
+ content = '''
+ [Service]
+ ExecStart=/bin/sleep 5
+ '''
+
+ with open(unitfile_path, 'w') as f:
+ f.write(content)
+
+ self.reload()
+
+ subprocess.check_call(['systemctl', '--job-mode=replace', '--no-block', 'start', unit])
+ time.sleep(2)
+
+ content = '''
+ [Service]
+ ExecStart=/bin/sleep 5
+ ExecStart=/bin/true
+ '''
+
+ with open(unitfile_path, 'w') as f:
+ f.write(content)
+
+ self.reload()
+ time.sleep(5)
+
+ self.assertTrue(subprocess.call("journalctl -b _PID=1 | grep -q 'Freezing execution'", shell=True) != 0)
+
def tearDown(self):
for f in [self.output_file, self.unitfile_path]:
try:

31
0027-namespace-avoid-assertion-failure-6649.patch Normal file
View File

@ -0,0 +1,31 @@
From 65f6532eea53d862f7ad51d81f1f7b7c0fb3ac3a Mon Sep 17 00:00:00 2001
From: Topi Miettinen <topimiettinen@users.noreply.github.com>
Date: Tue, 29 Aug 2017 15:31:24 +0000
Subject: [PATCH] namespace: avoid assertion failure (#6649)
If the root image is not decrypted, it must not be relinquished.
(cherry picked from commit 07ce74074da29d8577ccbc98001d57253afd88d2)
---
src/core/namespace.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 05175e9552..3e0d786ca5 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1062,9 +1062,11 @@ int setup_namespace(
if (r < 0)
goto finish;
- r = decrypted_image_relinquish(decrypted_image);
- if (r < 0)
- goto finish;
+ if (decrypted_image) {
+ r = decrypted_image_relinquish(decrypted_image);
+ if (r < 0)
+ goto finish;
+ }
loop_device_relinquish(loop_device);

60
0028-terminal-reset-should-honour-default_utf8-kernel-set.patch Normal file
View File

@ -0,0 +1,60 @@
From ca9cb19a170921a17fa175ed68b8eb36f05ec4ed Mon Sep 17 00:00:00 2001
From: g0tar <gotar@polanet.pl>
Date: Wed, 30 Aug 2017 10:00:44 +0200
Subject: [PATCH] terminal reset should honour default_utf8 kernel setting
(#6606)
terminal reset should honour default_utf8 kernel setting
(cherry picked from commit 73e669e0fde6b9aabec48327d95c875a70555d34)
---
src/basic/terminal-util.c | 10 ++++++++--
src/login/logind-session.c | 6 +++---
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index 9a8ef825c5..2b6aa6400a 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -244,6 +244,8 @@ int ask_string(char **ret, const char *text, ...) {
int reset_terminal_fd(int fd, bool switch_to_text) {
struct termios termios;
+ _cleanup_free_ char *utf8 = NULL;
+ int kb;
int r = 0;
/* Set terminal to some sane defaults */
@@ -261,8 +263,12 @@ int reset_terminal_fd(int fd, bool switch_to_text) {
if (switch_to_text)
(void) ioctl(fd, KDSETMODE, KD_TEXT);
- /* Enable console unicode mode */
- (void) ioctl(fd, KDSKBMODE, K_UNICODE);
+ /* Set default keyboard mode */
+ if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && parse_boolean(utf8) == 0)
+ kb = K_XLATE;
+ else
+ kb = K_UNICODE;
+ (void) ioctl(fd, KDSKBMODE, kb);
if (tcgetattr(fd, &termios) < 0) {
r = -errno;
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 42dfecaffb..66c27d4fb4 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -1155,10 +1155,10 @@ void session_restore_vt(Session *s) {
(void) ioctl(vt, KDSETMODE, KD_TEXT);
- if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && *utf8 == '1')
- kb = K_UNICODE;
- else
+ if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && parse_boolean(utf8) == 0)
kb = K_XLATE;
+ else
+ kb = K_UNICODE;
(void) ioctl(vt, KDSKBMODE, kb);

26
0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch Normal file
View File

@ -0,0 +1,26 @@
From 60b0ab5c4f7f15454e91902b5ecd3e629a930b32 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 23 Aug 2017 12:36:36 +0900
Subject: [PATCH] networkd: do not fail manager_connect_bus() if dbus is not
active yet
Fixes #6618.
(cherry picked from commit fb72b1d99f661ea62fd534e4bc1174c6337611c8)
---
src/network/networkd-manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index 5f10b4f993..718c8bb03f 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -136,7 +136,7 @@ int manager_connect_bus(Manager *m) {
assert(m);
r = sd_bus_default_system(&m->bus);
- if (r == -ENOENT) {
+ if (r < 0) {
/* We failed to connect? Yuck, we must be in early
* boot. Let's try in 5s again. As soon as we have
* kdbus we can stop doing this... */

35
0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch Normal file
View File

@ -0,0 +1,35 @@
From 6bd2824d07a7cdb622df9a7876185142ad1f48e1 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Wed, 30 Aug 2017 13:09:03 +0200
Subject: [PATCH] sd-bus: socket - only transmit auxillary FDs once (#6603)
If a message is too large to fit into the output buffer, it will be
transmitted to the kernel in several chunks. However, the FDs must
only ever be transmitted once or they will bereceived by the remote
end repeatedly.
The D-Bus specification disallows several sets of FDs attached to
one message, however, the reference implementation of D-Bus will
not reject such a message, rather it will reassign the duplicate
FDs to subsequent FD-carrying messages.
This attaches the FD array only to the first byte of the message.
(cherry picked from commit f29eef2e9072eac6f6570ff7975680bc9caeda2f)
---
src/libsystemd/sd-bus/bus-socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index 8b25002f01..ab70a0c6e1 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -800,7 +800,7 @@ int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
.msg_iovlen = m->n_iovec,
};
- if (m->n_fds > 0) {
+ if (m->n_fds > 0 && *idx == 0) {
struct cmsghdr *control;
mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));

7
0024-device-make-sure-to-remove-all-device-units-sharing-.patch → 0031-device-make-sure-to-remove-all-device-units-sharing-.patch
View File

@ -1,4 +1,4 @@
From 6d0fe8a5809ef5ccc8e92bdf2eea031178b87083 Mon Sep 17 00:00:00 2001
From 75c8530d909c088c4c3dc63d2cbbc078db9b70c0 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 30 Aug 2017 17:16:16 +0200
Subject: [PATCH] device: make sure to remove all device units sharing the same
@ -18,7 +18,7 @@ LIST_FOREACH_SAFE must be use instead.
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 77601c552..87186f135 100644
index 77601c5520..87186f135b 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool
@ -39,6 +39,3 @@ index 77601c552..87186f135 100644
device_update_found_one(d, add, found, now);
return 0;
--
2.13.5

81
0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch Normal file
View File

@ -0,0 +1,81 @@
From a7c3c58bd9fac86d5f8e626ec402daa2a93d7bb3 Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Thu, 31 Aug 2017 02:48:25 +1000
Subject: [PATCH] shutdown: don't remount,ro network filesystems. (#6588)
systemd-shutdown is run after the network is stopped,
so remounting a network filesystem read-only can hang.
A simple umount is the most useful thing that can
be done for a network filesystem once the network is down.
(cherry picked from commit 9cbc4547702aac28466c497f720038b9e2dc510c)
---
src/core/umount.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/core/umount.c b/src/core/umount.c
index 591dac71f0..b83f631141 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
@@ -37,12 +37,14 @@
#include "string-util.h"
#include "udev-util.h"
#include "umount.h"
+#include "mount-util.h"
#include "util.h"
#include "virt.h"
typedef struct MountPoint {
char *path;
char *options;
+ char *type;
dev_t devnum;
LIST_FIELDS(struct MountPoint, mount_point);
} MountPoint;
@@ -76,7 +78,7 @@ static int mount_points_list_get(MountPoint **head) {
return -errno;
for (i = 1;; i++) {
- _cleanup_free_ char *path = NULL, *options = NULL;
+ _cleanup_free_ char *path = NULL, *options = NULL, *type = NULL;
char *p = NULL;
MountPoint *m;
int k;
@@ -90,11 +92,11 @@ static int mount_points_list_get(MountPoint **head) {
"%*s" /* (6) mount flags */
"%*[^-]" /* (7) optional fields */
"- " /* (8) separator */
- "%*s " /* (9) file system type */
+ "%ms " /* (9) file system type */
"%*s" /* (10) mount source */
"%ms" /* (11) mount options */
"%*[^\n]", /* some rubbish at the end */
- &path, &options);
+ &path, &type, &options);
if (k != 2) {
if (k == EOF)
break;
@@ -132,6 +134,8 @@ static int mount_points_list_get(MountPoint **head) {
m->path = p;
m->options = options;
options = NULL;
+ m->type = type;
+ type = NULL;
LIST_PREPEND(mount_point, *head, m);
}
@@ -388,8 +392,12 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
/* If we are in a container, don't attempt to
read-only mount anything as that brings no real
benefits, but might confuse the host, as we remount
- the superblock here, not the bind mount. */
- if (detect_container() <= 0) {
+ the superblock here, not the bind mount.
+ If the filesystem is a network fs, also skip the
+ remount. It brings no value (we cannot leave
+ a "dirty fs") and could hang if the network is down. */
+ if (detect_container() <= 0 &&
+ !fstype_is_network(m->type)) {
_cleanup_free_ char *options = NULL;
/* MS_REMOUNT requires that the data parameter
* should be the same from the original mount

29
0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch Normal file
View File

@ -0,0 +1,29 @@
From f5f367d4a9872453888da79bdff3a50f78a9758a Mon Sep 17 00:00:00 2001
From: Ivan Shapovalov <intelfx@intelfx.name>
Date: Wed, 30 Aug 2017 19:49:07 +0300
Subject: [PATCH] cryptsetup-generator: do not bind to the decrypted device
unit (#6538)
This breaks things when the decrypted device is not immediately
`SYSTEMD_READY=1` (e. g. when a multi-device btrfs system is placed on
multiple cryptsetup devices).
Fixes #6537.
(cherry picked from commit e9ea4526a3a3b41eced29b8d742498cc36750424)
---
src/cryptsetup/cryptsetup-generator.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index b58b6db7c9..f737f82b55 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -109,7 +109,6 @@ static int create_disk(
"SourcePath=/etc/crypttab\n"
"DefaultDependencies=no\n"
"Conflicts=umount.target\n"
- "BindsTo=dev-mapper-%i.device\n"
"IgnoreOnIsolate=true\n"
"After=cryptsetup-pre.target\n",
f);

33
0034-log-reopen-log-for-failed-assertions-6703.patch Normal file
View File

@ -0,0 +1,33 @@
From 342c2fdaf94f195f6273a88f9fe430c189e7168f Mon Sep 17 00:00:00 2001
From: Topi Miettinen <topimiettinen@users.noreply.github.com>
Date: Thu, 31 Aug 2017 08:37:32 +0000
Subject: [PATCH] log: reopen log for failed assertions (#6703)
Reopen log so that failed and aborting assertions can be written to log.
Closes: #6658
(cherry picked from commit ea89a119cda917a17bd186b3c13197acfd655b12)
---
src/basic/log.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/log.c b/src/basic/log.c
index 3fd53800a0..ad99773cbb 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -804,6 +804,7 @@ noreturn void log_assert_failed_realm(
const char *file,
int line,
const char *func) {
+ log_open();
log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func,
"Assertion '%s' failed at %s:%u, function %s(). Aborting.");
abort();
@@ -815,6 +816,7 @@ noreturn void log_assert_failed_unreachable_realm(
const char *file,
int line,
const char *func) {
+ log_open();
log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func,
"Code should not be reached '%s' at %s:%u, function %s(). Aborting.");
abort();

38
0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch Normal file
View File

@ -0,0 +1,38 @@
From 7943496d000c91b917a6f61dd42749c490ba3b2d Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 31 Aug 2017 11:38:30 +0300
Subject: [PATCH] sd-bus: use -- when passing arguments to ssh (#6706)
This prevents `systemctl` from runnning /bin/touch when the following
command is used:
```
systemctl -H '-oProxyCommand=/bin/touch i-shouldnt-be-here' show-environment
```
(cherry picked from commit 58c6e4a2c00c47d0941cb978ec025b13e1798bf3)
---
src/libsystemd/sd-bus/sd-bus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 2f065c2657..fc01191e4e 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -1344,7 +1344,7 @@ int bus_set_address_system_remote(sd_bus *b, const char *host) {
if (!e)
return -ENOMEM;
- c = strjoina(",argv4=--machine=", m);
+ c = strjoina(",argv5=--machine=", m);
}
}
@@ -1354,7 +1354,7 @@ int bus_set_address_system_remote(sd_bus *b, const char *host) {
return -ENOMEM;
}
- b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=", e, ",argv3=systemd-stdio-bridge", c);
+ b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=--,argv3=", e, ",argv4=systemd-stdio-bridge", c);
if (!b->address)
return -ENOMEM;

38
0036-networkd-dont-crash-when-mtu-changes-6594.patch Normal file
View File

@ -0,0 +1,38 @@
From 642b62dfb642a2695c091d11db727ef920715250 Mon Sep 17 00:00:00 2001
From: Andrew Jeddeloh <andrewjeddeloh@gmail.com>
Date: Thu, 31 Aug 2017 01:58:39 -0700
Subject: [PATCH] networkd: dont crash when mtu changes (#6594)
Prevent networkd from crashing when UseMTU is used. Many drivers will
bring the link down and then back up to configure a new MTU. Networkd
will also asynchonously send rtnl messages to configure the link and may
receive responses after the link has gone down and come back up (which
networkd will handle and set the lease and network to NULL.
This changes the behavior to instead return if this is the case instead
of crashing via assert.
(cherry picked from commit 0c9b15a38a558d8f84257455ee24174221069e9e)
---
src/network/networkd-dhcp4.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 9229b5753c..77771688e1 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -71,8 +71,12 @@ static int link_set_dhcp_routes(Link *link) {
int r, n, i;
assert(link);
- assert(link->dhcp_lease);
- assert(link->network);
+
+ if (!link->dhcp_lease) /* link went down while we configured the IP addresses? */
+ return 0;
+
+ if (!link->network) /* link went down while we configured the IP addresses? */
+ return 0;
if (!link->network->dhcp_use_routes)
return 0;

22
0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch Normal file
View File

@ -0,0 +1,22 @@
From af9f32c663c244f9f5f8bf5e0a7ae40b07bda4c7 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Wed, 23 Aug 2017 15:58:03 +0100
Subject: [PATCH] logind: remember to remove '/run/systemd/shutdown/scheduled'
(cherry picked from commit cbc373502f1d6e2df01e43538006e31975f555ec)
---
src/login/logind-dbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c9b7d99818..242ad4fb2b 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1496,6 +1496,7 @@ static void reset_scheduled_shutdown(Manager *m) {
(void) unlink("/run/nologin");
m->unlink_nologin = false;
}
+ (void) unlink("/run/systemd/shutdown/scheduled");
}
static int execute_shutdown_or_sleep(

34
0038-logind-method_schedule_shutdown-already-rejects-empt.patch Normal file
View File

@ -0,0 +1,34 @@
From 2a0c34eea8f68811f6eee2ad32652f20182d322e Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Tue, 22 Aug 2017 13:54:21 +0100
Subject: [PATCH] logind: method_schedule_shutdown() already rejects empty
`type`
Don't test for an empty `type` afterwards. This is not how you cancel
scheduled shutdowns - there's a separate method for that.
(cherry picked from commit f8169e62dfc9ea903bc880064a5d384cdc68db3e)
---
src/login/logind-dbus.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 242ad4fb2b..f0943e56e0 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -2051,12 +2051,9 @@ static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_
if (r < 0)
return r;
- if (!isempty(type)) {
- r = update_schedule_file(m);
- if (r < 0)
- return r;
- } else
- (void) unlink("/run/systemd/shutdown/scheduled");
+ r = update_schedule_file(m);
+ if (r < 0)
+ return r;
return sd_bus_reply_method_return(message, NULL);
}

55
0039-logind-add-missing-check-for-conflicting-operation-v.patch Normal file
View File

@ -0,0 +1,55 @@
From d0968b783128667b1db0e97d6774a0a1f15fa152 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 21 Aug 2017 11:49:25 +0100
Subject: [PATCH] logind: add missing check for conflicting operation v.s.
scheduled shutdown
> We don't want to shutdown while a suspend is running, and vice versa.
> This would be confusing and could lead to data loss in the worst case.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1441253/comments/4
According to the above comment, if the conflicting operation is hung,
we don't want to force things when the admin has not passed a force option.
Similarly if you're not an admin, you probably shouldn't get to sneak
around this check by using a scheduled shutdown instead of an unscheduled
one. (And no-one so far thought it necessary to add such a permission in
PolKit).
Note that if the conflicting operation was _not_ hung, and we lost the
race with suspend, the system might not have shut down at the scheduled
time anyway. Which is no good if you were scheduling a power outage.
And scheduling a shutdown for an arbitrary time when the system is resumed,
does not seem a very useful semantic. More likely, scheduled shutdowns are
useful on systems which do not use suspend, such as multi-user servers.
(In which case even PolKit defaults likely don't let the users trigger
suspend).
(cherry picked from commit b498d6ea9f72520c579035928d16c527d992bca8)
---
src/login/logind-dbus.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index f0943e56e0..3f05c86f5c 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1946,9 +1946,15 @@ static int manager_scheduled_shutdown_handler(
else
target = SPECIAL_REBOOT_TARGET;
- r = execute_shutdown_or_sleep(m, 0, target, &error);
+ /* Don't allow multiple jobs being executed at the same time */
+ if (m->action_what) {
+ log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target);
+ return -EALREADY;
+ }
+
+ r = execute_shutdown_or_sleep(m, INHIBIT_SHUTDOWN, target, &error);
if (r < 0)
- return log_error_errno(r, "Unable to execute transition to %s: %m", target);
+ return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
return 0;
}

179
0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch Normal file
View File

@ -0,0 +1,179 @@
From 7d9e4212490f7c42d419de4befb438e173380da7 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 21 Aug 2017 17:28:35 +0100
Subject: [PATCH] logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
(cherry picked from commit df75a1a8aa5420335a56093077fa8cfcbfffac78)
---
src/login/logind-dbus.c | 91 ++++++++++++++++++++++++++-----------------------
1 file changed, 48 insertions(+), 43 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 3f05c86f5c..1fd64d32b7 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1399,7 +1399,6 @@ static int have_multiple_sessions(
static int bus_manager_log_shutdown(
Manager *m,
- InhibitWhat w,
const char *unit_name) {
const char *p, *q;
@@ -1407,9 +1406,6 @@ static int bus_manager_log_shutdown(
assert(m);
assert(unit_name);
- if (w != INHIBIT_SHUTDOWN)
- return 0;
-
if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) {
p = "MESSAGE=System is powering down";
q = "SHUTDOWN=power-off";
@@ -1484,21 +1480,6 @@ int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
return r;
}
-static void reset_scheduled_shutdown(Manager *m) {
- m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
- m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
- m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
- m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
- m->scheduled_shutdown_timeout = 0;
- m->shutdown_dry_run = false;
-
- if (m->unlink_nologin) {
- (void) unlink("/run/nologin");
- m->unlink_nologin = false;
- }
- (void) unlink("/run/systemd/shutdown/scheduled");
-}
-
static int execute_shutdown_or_sleep(
Manager *m,
InhibitWhat w,
@@ -1515,32 +1496,28 @@ static int execute_shutdown_or_sleep(
assert(w < _INHIBIT_WHAT_MAX);
assert(unit_name);
- bus_manager_log_shutdown(m, w, unit_name);
+ if (w == INHIBIT_SHUTDOWN)
+ bus_manager_log_shutdown(m, unit_name);
- if (m->shutdown_dry_run) {
- log_info("Running in dry run, suppressing action.");
- reset_scheduled_shutdown(m);
- } else {
- r = sd_bus_call_method(
- m->bus,
- "org.freedesktop.systemd1",
- "/org/freedesktop/systemd1",
- "org.freedesktop.systemd1.Manager",
- "StartUnit",
- error,
- &reply,
- "ss", unit_name, "replace-irreversibly");
- if (r < 0)
- return r;
+ r = sd_bus_call_method(
+ m->bus,
+ "org.freedesktop.systemd1",
+ "/org/freedesktop/systemd1",
+ "org.freedesktop.systemd1.Manager",
+ "StartUnit",
+ error,
+ &reply,
+ "ss", unit_name, "replace-irreversibly");
+ if (r < 0)
+ return r;
- r = sd_bus_message_read(reply, "o", &p);
- if (r < 0)
- return r;
+ r = sd_bus_message_read(reply, "o", &p);
+ if (r < 0)
+ return r;
- c = strdup(p);
- if (!c)
- return -ENOMEM;
- }
+ c = strdup(p);
+ if (!c)
+ return -ENOMEM;
m->action_unit = unit_name;
free(m->action_job);
@@ -1924,6 +1901,21 @@ fail:
return log_error_errno(r, "Failed to write information about scheduled shutdowns: %m");
}
+static void reset_scheduled_shutdown(Manager *m) {
+ m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
+ m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
+ m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
+ m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
+ m->scheduled_shutdown_timeout = 0;
+ m->shutdown_dry_run = false;
+
+ if (m->unlink_nologin) {
+ (void) unlink("/run/nologin");
+ m->unlink_nologin = false;
+ }
+ (void) unlink("/run/systemd/shutdown/scheduled");
+}
+
static int manager_scheduled_shutdown_handler(
sd_event_source *s,
uint64_t usec,
@@ -1952,7 +1944,20 @@ static int manager_scheduled_shutdown_handler(
return -EALREADY;
}
- r = execute_shutdown_or_sleep(m, INHIBIT_SHUTDOWN, target, &error);
+ if (m->shutdown_dry_run) {
+ /* We do not process delay inhibitors here. Otherwise, we
+ * would have to be considered "in progress" (like the check
+ * above) for some seconds after our admin has seen the final
+ * wall message. */
+
+ bus_manager_log_shutdown(m, target);
+ log_info("Running in dry run, suppressing action.");
+ reset_scheduled_shutdown(m);
+
+ return 0;
+ }
+
+ r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error);
if (r < 0)
return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);

166
0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch Normal file
View File

@ -0,0 +1,166 @@
From 1e3b4e30a2d030e9f81584a61b32b6541754fe02 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Thu, 24 Aug 2017 10:33:24 +0100
Subject: [PATCH] logind: add missing resume signal when we fail to initiate
sleep/shutdown
This fixed https://bugzilla.redhat.com/show_bug.cgi?id=1476313
as much as I was able to reproduce it in a VM, at least.
E.g. this signal might wake the screen back up, providing a more visible
indicator of suspend failure. In my VM testing, it was also required in
order to unblock keyboard input in gnome-shell after the failed suspend.
At the same time, fix the error handling for scheduled shutdowns. This now
mirrors the behaviour of when you use `shutdown -k` - it sends all the
scary messages about shutting down, "but you'll have to do it [shut down
the system] yourself". It also avoids the risk of locking out the admin
(nologin file), in case they logged out for some reason (and they use
`sudo` instead of root).
Not that I have any idea why you'd want to use `shutdown -k`, but the code
is easier to analyze if it rolls back on error (in the absence of any code
comment as to why that's not wanted).
(cherry picked from commit 6d7f7fd49f8a094fc36e750de1e80afea80c8228)
---
src/login/logind-dbus.c | 76 ++++++++++++++++++++++++++++++-------------------
1 file changed, 46 insertions(+), 30 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 1fd64d32b7..e868a48f8c 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1480,6 +1480,28 @@ int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
return r;
}
+static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
+
+ static const char * const signal_name[_INHIBIT_WHAT_MAX] = {
+ [INHIBIT_SHUTDOWN] = "PrepareForShutdown",
+ [INHIBIT_SLEEP] = "PrepareForSleep"
+ };
+
+ int active = _active;
+
+ assert(m);
+ assert(w >= 0);
+ assert(w < _INHIBIT_WHAT_MAX);
+ assert(signal_name[w]);
+
+ return sd_bus_emit_signal(m->bus,
+ "/org/freedesktop/login1",
+ "org.freedesktop.login1.Manager",
+ signal_name[w],
+ "b",
+ active);
+}
+
static int execute_shutdown_or_sleep(
Manager *m,
InhibitWhat w,
@@ -1509,15 +1531,17 @@ static int execute_shutdown_or_sleep(
&reply,
"ss", unit_name, "replace-irreversibly");
if (r < 0)
- return r;
+ goto error;
r = sd_bus_message_read(reply, "o", &p);
if (r < 0)
- return r;
+ goto error;
c = strdup(p);
- if (!c)
- return -ENOMEM;
+ if (!c) {
+ r = -ENOMEM;
+ goto error;
+ }
m->action_unit = unit_name;
free(m->action_job);
@@ -1528,6 +1552,12 @@ static int execute_shutdown_or_sleep(
manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec);
return 0;
+
+error:
+ /* Tell people that they now may take a lock again */
+ send_prepare_for(m, m->action_what, false);
+
+ return r;
}
int manager_dispatch_delayed(Manager *manager, bool timeout) {
@@ -1558,7 +1588,8 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) {
/* Actually do the operation */
r = execute_shutdown_or_sleep(manager, manager->action_what, manager->action_unit, &error);
if (r < 0) {
- log_warning("Failed to send delayed message: %s", bus_error_message(&error, r));
+ log_warning("Error during inhibitor-delayed operation (already returned success to client): %s",
+ bus_error_message(&error, r));
manager->action_unit = NULL;
manager->action_what = 0;
@@ -1619,28 +1650,6 @@ static int delay_shutdown_or_sleep(
return 0;
}
-static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
-
- static const char * const signal_name[_INHIBIT_WHAT_MAX] = {
- [INHIBIT_SHUTDOWN] = "PrepareForShutdown",
- [INHIBIT_SLEEP] = "PrepareForSleep"
- };
-
- int active = _active;
-
- assert(m);
- assert(w >= 0);
- assert(w < _INHIBIT_WHAT_MAX);
- assert(signal_name[w]);
-
- return sd_bus_emit_signal(m->bus,
- "/org/freedesktop/login1",
- "org.freedesktop.login1.Manager",
- signal_name[w],
- "b",
- active);
-}
-
int bus_manager_shutdown_or_sleep_now_or_later(
Manager *m,
const char *unit_name,
@@ -1940,8 +1949,9 @@ static int manager_scheduled_shutdown_handler(
/* Don't allow multiple jobs being executed at the same time */
if (m->action_what) {
+ r = -EALREADY;
log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target);
- return -EALREADY;
+ goto error;
}
if (m->shutdown_dry_run) {
@@ -1958,10 +1968,16 @@ static int manager_scheduled_shutdown_handler(
}
r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error);
- if (r < 0)
- return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
+ if (r < 0) {
+ log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
+ goto error;
+ }
return 0;
+
+error:
+ reset_scheduled_shutdown(m);
+ return r;
}
static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {

37
0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch Normal file
View File

@ -0,0 +1,37 @@
From ee4cb7618ab6232c78865357a153d99a4023ad13 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Thu, 24 Aug 2017 15:21:21 +0100
Subject: [PATCH] logind: tighten assertion in execute_shutdown_or_sleep()
Following commit b498d6ea, I belated realized we should tighten the
assertions as well, to make sure that we're setting `m->action_what` to
represent an action in progress. (The check for an action in progress is
to compare `m->action_what` to zero)
(cherry picked from commit b61fa4e00166b2bf593e0f6edbb277543f03915f)
---
src/login/logind-dbus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index e868a48f8c..ba5cb19c6b 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1514,7 +1514,7 @@ static int execute_shutdown_or_sleep(
int r;
assert(m);
- assert(w >= 0);
+ assert(w > 0);
assert(w < _INHIBIT_WHAT_MAX);
assert(unit_name);
@@ -1661,7 +1661,7 @@ int bus_manager_shutdown_or_sleep_now_or_later(
assert(m);
assert(unit_name);
- assert(w >= 0);
+ assert(w > 0);
assert(w <= _INHIBIT_WHAT_MAX);
assert(!m->action_job);

60
0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch Normal file
View File

@ -0,0 +1,60 @@
From 9ad12be34d5f12c91b26e859fb8aac184f50cea5 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Thu, 31 Aug 2017 12:45:25 +0200
Subject: [PATCH] tmpfiles: with "e" don't attempt to set permissions when file
doesn't exist (#6682)
tmpfiles.d option "e" when run through systemd-tmpfiles --create should
apply configured permissions (uid,gid) only to already existing
files. When file doesn't exist we bail out with error. Instead we should
silently ignore non-existing files.
$ useradd test
$ cat /etc/tmpfiles.d/foobar.conf
e /tmp/test - test test 1d
$ ls -l /tmp/test
ls: cannot access '/tmp/test': No such file or directory
Before:
$ systemd-tmpfiles --create /etc/tmpfiles.d/foobar.conf
Adjusting owner and mode for /tmp/test failed: No such file or directory
$ echo $?
1
After:
$ systemd-tmpfiles --create /etc/tmpfiles.d/foobar.conf
$ echo $?
0
(cherry picked from commit 780e2ee187e373565f9ded2859f8c6c7760b814a)
---
src/tmpfiles/tmpfiles.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 9419c99e28..0ee606fc30 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -617,8 +617,20 @@ static int path_set_perms(Item *i, const char *path) {
* O_PATH. */
fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH);
- if (fd < 0)
- return log_error_errno(errno, "Adjusting owner and mode for %s failed: %m", path);
+ if (fd < 0) {
+ int level = LOG_ERR, r = -errno;
+
+ /* Option "e" operates only on existing objects. Do not
+ * print errors about non-existent files or directories */
+ if (i->type == EMPTY_DIRECTORY && errno == ENOENT) {
+ level = LOG_DEBUG;
+ r = 0;
+ }
+
+ log_full_errno(level, errno, "Adjusting owner and mode for %s failed: %m", path);
+
+ return r;
+ }
if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
return log_error_errno(errno, "Failed to fstat() file %s: %m", path);

23
0044-man-fix-path-for-storing-random-seed.patch Normal file
View File

@ -0,0 +1,23 @@
From 000caa49a4ca3c18f38ac8dbb3d8bde39bc7cbbe Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 31 Aug 2017 18:31:08 +0900
Subject: [PATCH] man: fix path for storing random seed
(cherry picked from commit 621a2c804ce91763221799cde9d412423fcf8b51)
---
man/systemd-random-seed.service.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd-random-seed.service.xml b/man/systemd-random-seed.service.xml
index f3b5a947da..9ec01b6c34 100644
--- a/man/systemd-random-seed.service.xml
+++ b/man/systemd-random-seed.service.xml
@@ -48,7 +48,7 @@
<refsynopsisdiv>
<para><filename>systemd-random-seed.service</filename></para>
- <para><filename>/usr/lib/systemd/systemd-random-seed</filename></para>
+ <para><filename>/usr/lib/systemd/random-seed</filename></para>
</refsynopsisdiv>
<refsect1>

91
0045-Load-virtio_rng-early-in-the-game-6710.patch Normal file
View File

@ -0,0 +1,91 @@
From 59e70293dbf06106c2f4a152f234581e284fae5f Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 31 Aug 2017 15:33:33 +0200
Subject: [PATCH] Load virtio_rng early in the game (#6710)
If true randomness is needed before udev is triggered, which would load
virtio_rng, reading /dev/random takes forever and the boot stalls for a
long time.
(cherry picked from commit 6c1f72f626355615daee0e5a7ef7044759251a23)
---
src/core/kmod-setup.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
index fd1021f706..9f69a6d925 100644
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@@ -17,6 +17,7 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <ftw.h>
#include <string.h>
#include <unistd.h>
@@ -24,10 +25,13 @@
#include <libkmod.h>
#endif
+#include "alloc-util.h"
#include "bus-util.h"
#include "capability-util.h"
+#include "fileio.h"
#include "kmod-setup.h"
#include "macro.h"
+#include "string-util.h"
#ifdef HAVE_KMOD
static void systemd_kmod_log(
@@ -45,6 +49,41 @@ static void systemd_kmod_log(
}
#endif
+static int has_virtio_rng_nftw_cb(
+ const char *fpath,
+ const struct stat *sb,
+ int tflag,
+ struct FTW *ftwbuf) {
+
+ _cleanup_free_ char *alias = NULL;
+ int r;
+
+ if ((FTW_D == tflag) && (ftwbuf->level > 2))
+ return FTW_SKIP_SUBTREE;
+
+ if (FTW_F != tflag)
+ return FTW_CONTINUE;
+
+ if (!endswith(fpath, "/modalias"))
+ return FTW_CONTINUE;
+
+ r = read_one_line_file(fpath, &alias);
+ if (r < 0)
+ return FTW_SKIP_SIBLINGS;
+
+ if (startswith(alias, "pci:v00001AF4d00001005"))
+ return FTW_STOP;
+
+ if (startswith(alias, "pci:v00001AF4d00001044"))
+ return FTW_STOP;
+
+ return FTW_SKIP_SIBLINGS;
+}
+
+static bool has_virtio_rng(void) {
+ return (nftw("/sys/devices/pci0000:00", has_virtio_rng_nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL) == FTW_STOP);
+}
+
int kmod_setup(void) {
#ifdef HAVE_KMOD
@@ -68,6 +107,8 @@ int kmod_setup(void) {
/* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
{ "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
#endif
+ /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
+ { "virtio_rng", NULL, false, false, has_virtio_rng },
};
struct kmod_ctx *ctx = NULL;
unsigned int i;

76
0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch Normal file
View File

@ -0,0 +1,76 @@
From 2c655092f8cd7c20c4146254cb549ff9ba795fda Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Mon, 4 Sep 2017 23:35:07 +1000
Subject: [PATCH] tmpfiles: silently ignore any path that passes through autofs
(#6506)
If a path passes though an autofs filesystem, then accessing
the path might trigger and automount. As systemd-tmpfiles is run before
the network is up, and as automounts are often used for networked
filesystems, this can cause a deadlock.
So chase_symlinks is enhance to accept a new flag which tells it
to check for autofs, and return -EREMOTE if autofs is found.
tmpfiles is changed to check just before acting on a path so that it
can avoid autofs even if a symlink was created earlier by tmpfiles
that would send this path through an autofs.
This fixes a deadlock that happens when /home is listed in /etc/fstab as
x-systemd.automount for an NFS directory.
(cherry picked from commit 655f2da0790d0f8670f7a4c7da1833786ce0137e)
---
src/basic/fs-util.c | 4 ++++
src/basic/fs-util.h | 1 +
src/tmpfiles/tmpfiles.c | 3 +++
3 files changed, 8 insertions(+)
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index 8fe19ee4e4..5b3bd0c45d 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -23,6 +23,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
+#include <linux/magic.h>
#include <time.h>
#include <unistd.h>
@@ -721,6 +722,9 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fstat(child, &st) < 0)
return -errno;
+ if ((flags & CHASE_NO_AUTOFS) &&
+ fd_check_fstype(child, AUTOFS_SUPER_MAGIC) > 0)
+ return -EREMOTE;
if (S_ISLNK(st.st_mode)) {
char *joined;
diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h
index 094acf1799..d3342d5cda 100644
--- a/src/basic/fs-util.h
+++ b/src/basic/fs-util.h
@@ -81,6 +81,7 @@ int inotify_add_watch_fd(int fd, int what, uint32_t mask);
enum {
CHASE_PREFIX_ROOT = 1, /* If set, the specified path will be prefixed by the specified root before beginning the iteration */
CHASE_NONEXISTENT = 2, /* If set, it's OK if the path doesn't actually exist. */
+ CHASE_NO_AUTOFS = 4, /* If set, return -EREMOTE if autofs mount point found */
};
int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 0ee606fc30..be52398f5f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -1655,6 +1655,9 @@ static int process_item(Item *i) {
}
}
+ if (chase_symlinks(i->path, NULL, CHASE_NO_AUTOFS, NULL) == -EREMOTE)
+ return t;
+
r = arg_create ? create_item(i) : 0;
q = arg_remove ? remove_item(i) : 0;
p = arg_clean ? clean_item(i) : 0;

36
0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch Normal file
View File

@ -0,0 +1,36 @@
From adc820ae57baf6d60884a5280cbb2f4842454131 Mon Sep 17 00:00:00 2001
From: ettavolt <ettavolt@gmail.com>
Date: Mon, 4 Sep 2017 16:36:52 +0300
Subject: [PATCH] 6647 - use path_startswith("/dev") in cryptsetup (#6732)
For both key and partition paths.
(cherry picked from commit 048dd629c4590eefb2ebd6a316c7350ed3a6ff19)
This fixes https://github.com/systemd/systemd/issues/6647.
---
src/cryptsetup/cryptsetup-generator.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index f737f82b55..afc5d7cf49 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -129,7 +129,7 @@ static int create_disk(
if (!path_equal(uu, "/dev/null")) {
- if (is_device_path(uu)) {
+ if (path_startswith(uu, "/dev/")) {
_cleanup_free_ char *dd = NULL;
r = unit_name_from_path(uu, ".device", &dd);
@@ -143,7 +143,7 @@ static int create_disk(
}
}
- if (is_device_path(u)) {
+ if (path_startswith(u, "/dev/")) {
fprintf(f,
"BindsTo=%s\n"
"After=%s\n"

26
0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch Normal file
View File

@ -0,0 +1,26 @@
From 7fa052cef9680e30e07a74423c440a2b79e81916 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 1 Sep 2017 17:03:01 +0900
Subject: [PATCH] systemd-mount: fix that wrong argument is used for
arg_mount_what
(cherry picked from commit 4185da7c4daf32bd9b5809fd6de99e52cb903bba)
---
src/mount/mount-tool.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c
index ed6578d540..10bb5dda63 100644
--- a/src/mount/mount-tool.c
+++ b/src/mount/mount-tool.c
@@ -344,9 +344,8 @@ static int parse_argv(int argc, char *argv[]) {
arg_mount_what = canonicalize_file_name(p);
if (!arg_mount_what)
return log_error_errno(errno, "Failed to canonicalize path: %m");
-
} else {
- arg_mount_what = strdup(argv[optind+1]);
+ arg_mount_what = strdup(argv[optind]);
if (!arg_mount_what)
return log_oom();

90
0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch Normal file
View File

@ -0,0 +1,90 @@
From 3e8acdaf07d4f32b9df199d47b08f1ce67d27435 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 4 Sep 2017 10:55:51 +0900
Subject: [PATCH] systemd-mount: allow to specify an arbitrary string for
arg_mount_what when vfs is used
Fixes #6591.
(cherry picked from commit e2be442e791fa1150aa835c684acc6d7189de3e1)
---
src/basic/mount-util.c | 26 ++++++++++++++++++++++++++
src/basic/mount-util.h | 1 +
src/mount/mount-tool.c | 8 +++++++-
3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 7b9400b47c..cff44116c8 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -552,6 +552,32 @@ bool fstype_is_network(const char *fstype) {
return nulstr_contains(table, fstype);
}
+bool fstype_is_api_vfs(const char *fstype) {
+ static const char table[] =
+ "autofs\0"
+ "bpf\0"
+ "cgroup\0"
+ "cgroup2\0"
+ "configfs\0"
+ "cpuset\0"
+ "debugfs\0"
+ "devpts\0"
+ "devtmpfs\0"
+ "efivarfs\0"
+ "hugetlbfs\0"
+ "mqueue\0"
+ "proc\0"
+ "pstore\0"
+ "ramfs\0"
+ "securityfs\0"
+ "sysfs\0"
+ "tmpfs\0"
+ "tracefs\0"
+ ;
+
+ return nulstr_contains(table, fstype);
+}
+
int repeat_unmount(const char *path, int flags) {
bool done = false;
diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h
index 2e24a184c5..70af11c2ff 100644
--- a/src/basic/mount-util.h
+++ b/src/basic/mount-util.h
@@ -44,6 +44,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent);
#define _cleanup_endmntent_ _cleanup_(endmntentp)
bool fstype_is_network(const char *fstype);
+bool fstype_is_api_vfs(const char *fstype);
union file_handle_union {
struct file_handle handle;
diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c
index 10bb5dda63..3c974addda 100644
--- a/src/mount/mount-tool.c
+++ b/src/mount/mount-tool.c
@@ -30,6 +30,7 @@
#include "fd-util.h"
#include "fileio.h"
#include "fstab-util.h"
+#include "mount-util.h"
#include "pager.h"
#include "parse-util.h"
#include "path-util.h"
@@ -330,7 +331,12 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
- if (arg_transport == BUS_TRANSPORT_LOCAL) {
+ if (arg_mount_type && (fstype_is_api_vfs(arg_mount_type) || fstype_is_network(arg_mount_type))) {
+ arg_mount_what = strdup(argv[optind]);
+ if (!arg_mount_what)
+ return log_oom();
+
+ } else if (arg_transport == BUS_TRANSPORT_LOCAL) {
_cleanup_free_ char *u = NULL, *p = NULL;
u = fstab_node_to_udev_node(argv[optind]);

83
0050-rfkill-Lookup-device-in-determine_state_file.patch Normal file
View File

@ -0,0 +1,83 @@
From 55a2b3a6031502c97cb467f1bfd5ddc86f7ac408 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 31 Aug 2017 17:34:08 +0200
Subject: [PATCH] rfkill: Lookup device in determine_state_file
None of the callers actually need the device itself. So it makes sense
to do the lookup inside determine_state_file instead.
(cherry picked from commit 8e707663135d28176163c9363c558ecac17c9ddb)
---
src/rfkill/rfkill.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index 470853d1d2..3adbd20d8b 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -162,18 +162,21 @@ static int wait_for_initialized(
static int determine_state_file(
struct udev *udev,
const struct rfkill_event *event,
- struct udev_device *d,
char **ret) {
+ _cleanup_udev_device_unref_ struct udev_device *d = NULL;
_cleanup_udev_device_unref_ struct udev_device *device = NULL;
const char *path_id, *type;
char *state_file;
int r;
assert(event);
- assert(d);
assert(ret);
+ r = find_device(udev, event, &d);
+ if (r < 0)
+ return r;
+
r = wait_for_initialized(udev, d, &device);
if (r < 0)
return r;
@@ -204,7 +207,6 @@ static int load_state(
struct udev *udev,
const struct rfkill_event *event) {
- _cleanup_udev_device_unref_ struct udev_device *device = NULL;
_cleanup_free_ char *state_file = NULL, *value = NULL;
struct rfkill_event we;
ssize_t l;
@@ -217,11 +219,7 @@ static int load_state(
if (shall_restore_state() == 0)
return 0;
- r = find_device(udev, event, &device);
- if (r < 0)
- return r;
-
- r = determine_state_file(udev, event, device, &state_file);
+ r = determine_state_file(udev, event, &state_file);
if (r < 0)
return r;
@@ -266,7 +264,6 @@ static int save_state(
struct udev *udev,
const struct rfkill_event *event) {
- _cleanup_udev_device_unref_ struct udev_device *device = NULL;
_cleanup_free_ char *state_file = NULL;
int r;
@@ -274,11 +271,7 @@ static int save_state(
assert(udev);
assert(event);
- r = find_device(udev, event, &device);
- if (r < 0)
- return r;
-
- r = determine_state_file(udev, event, device, &state_file);
+ r = determine_state_file(udev, event, &state_file);
if (r < 0)
return r;

191
0051-rfkill-Delay-writes-until-exit-5768.patch Normal file
View File

@ -0,0 +1,191 @@
From a43c13e3cafe4f4499f81014cbbf6bd8a4d4712b Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Thu, 31 Aug 2017 17:36:37 +0200
Subject: [PATCH] rfkill: Delay writes until exit (#5768)
On thinkpads there are two rfkill devices for bluetooth. The first is an
ACPI switch which powers down the USB dongle and the second one is the
USB dongle itself. So when userspace decides to enable rfkill on all
devices systemd would randomly save the soft block state of the USB
dongle. This later causes issue when re-enabling the devie as
systemd-rfkill would put the USB dongle into soft block state right
after the ACPI rfkill switch is unblocked by userspace.
The simple way to avoid this is to not store rfkill changes for devices
that disappear shortly after. That way only the "main" ACPI switch will
get stored and systemd-rfkill will not end up blocking the device right
after it is being added back again.
(cherry picked from commit 202cb8c396deb90f841359054ca19f1c47fc8604)
---
src/rfkill/rfkill.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 99 insertions(+), 5 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index 3adbd20d8b..c934b70156 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -35,9 +35,27 @@
#include "string-util.h"
#include "udev-util.h"
#include "util.h"
+#include "list.h"
+/* Note that any write is delayed until exit and the rfkill state will not be
+ * stored for rfkill indices that disappear after a change. */
#define EXIT_USEC (5 * USEC_PER_SEC)
+typedef struct write_queue_item {
+ LIST_FIELDS(struct write_queue_item, queue);
+ int rfkill_idx;
+ char *file;
+ int state;
+} write_queue_item;
+
+static void write_queue_item_free(struct write_queue_item *item)
+{
+ assert(item);
+
+ free(item->file);
+ free(item);
+}
+
static const char* const rfkill_type_table[NUM_RFKILL_TYPES] = {
[RFKILL_TYPE_ALL] = "all",
[RFKILL_TYPE_WLAN] = "wlan",
@@ -259,12 +277,30 @@ static int load_state(
return 0;
}
-static int save_state(
+static void save_state_queue_remove(
+ struct write_queue_item **write_queue,
+ int idx,
+ char *state_file) {
+
+ struct write_queue_item *item, *tmp;
+
+ LIST_FOREACH_SAFE(queue, item, tmp, *write_queue) {
+ if ((state_file && streq(item->file, state_file)) || idx == item->rfkill_idx) {
+ log_debug("Canceled previous save state of '%s' to %s.", one_zero(item->state), item->file);
+ LIST_REMOVE(queue, *write_queue, item);
+ write_queue_item_free(item);
+ }
+ }
+}
+
+static int save_state_queue(
+ struct write_queue_item **write_queue,
int rfkill_fd,
struct udev *udev,
const struct rfkill_event *event) {
_cleanup_free_ char *state_file = NULL;
+ struct write_queue_item *item;
int r;
assert(rfkill_fd >= 0);
@@ -274,16 +310,69 @@ static int save_state(
r = determine_state_file(udev, event, &state_file);
if (r < 0)
return r;
+ save_state_queue_remove(write_queue, event->idx, state_file);
+
+ item = new0(struct write_queue_item, 1);
+ if (!item)
+ return -ENOMEM;
- r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+ item->file = state_file;
+ item->rfkill_idx = event->idx;
+ item->state = event->soft;
+ state_file = NULL;
+
+ LIST_APPEND(queue, *write_queue, item);
+
+ return 0;
+}
+
+static int save_state_cancel(
+ struct write_queue_item **write_queue,
+ int rfkill_fd,
+ struct udev *udev,
+ const struct rfkill_event *event) {
+
+ _cleanup_free_ char *state_file = NULL;
+ int r;
+
+ assert(rfkill_fd >= 0);
+ assert(udev);
+ assert(event);
+
+ r = determine_state_file(udev, event, &state_file);
+ save_state_queue_remove(write_queue, event->idx, state_file);
if (r < 0)
- return log_error_errno(r, "Failed to write state file %s: %m", state_file);
+ return r;
- log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file);
return 0;
}
+static int save_state_write(struct write_queue_item **write_queue) {
+ struct write_queue_item *item, *tmp;
+ int result = 0;
+ bool error_logged = false;
+ int r;
+
+ LIST_FOREACH_SAFE(queue, item, tmp, *write_queue) {
+ r = write_string_file(item->file, one_zero(item->state), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+ if (r < 0) {
+ result = r;
+ if (!error_logged) {
+ log_error_errno(r, "Failed to write state file %s: %m", item->file);
+ error_logged = true;
+ } else
+ log_warning_errno(r, "Failed to write state file %s: %m", item->file);
+ } else
+ log_debug("Saved state '%s' to %s.", one_zero(item->state), item->file);
+
+ LIST_REMOVE(queue, *write_queue, item);
+ write_queue_item_free(item);
+ }
+ return result;
+}
+
int main(int argc, char *argv[]) {
+ LIST_HEAD(write_queue_item, write_queue);
_cleanup_udev_unref_ struct udev *udev = NULL;
_cleanup_close_ int rfkill_fd = -1;
bool ready = false;
@@ -294,6 +383,8 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
+ LIST_HEAD_INIT(write_queue);
+
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
@@ -403,11 +494,12 @@ int main(int argc, char *argv[]) {
case RFKILL_OP_DEL:
log_debug("An rfkill device has been removed with index %i and type %s", event.idx, type);
+ (void) save_state_cancel(&write_queue, rfkill_fd, udev, &event);
break;
case RFKILL_OP_CHANGE:
log_debug("An rfkill device has changed state with index %i and type %s", event.idx, type);
- (void) save_state(rfkill_fd, udev, &event);
+ (void) save_state_queue(&write_queue, rfkill_fd, udev, &event);
break;
default:
@@ -419,5 +511,7 @@ int main(int argc, char *argv[]) {
r = 0;
finish:
+ (void) save_state_write(&write_queue);
+
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}

36
0052-systemctl-check-existence-of-all-units-not-just-the-.patch Normal file
View File

@ -0,0 +1,36 @@
From 6aaee522ca978f2982e630508d7e14dc28d74907 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 2 Sep 2017 17:37:08 +0300
Subject: [PATCH] systemctl: check existence of all units, not just the first
one
(cherry picked from commit f8d6cb48a363ddae6fab50636ccc433b5f4dd604)
---
src/systemctl/systemctl.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 83ed9ef9f7..a1b956111b 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -6201,11 +6201,15 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
sd_bus *bus;
if (STR_IN_SET(verb, "mask", "unmask")) {
- r = unit_exists(*names);
- if (r < 0)
- return r;
- if (r == 0)
- log_notice("Unit %s does not exist, proceeding anyway.", *names);
+ char **name;
+
+ STRV_FOREACH(name, names) {
+ r = unit_exists(*name);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ log_notice("Unit %s does not exist, proceeding anyway.", *names);
+ }
}
r = acquire_bus(BUS_MANAGER, &bus);

151
0053-systemctl-fix-masking-of-template-units.patch Normal file
View File

@ -0,0 +1,151 @@
From 332a9f7e0105d223aed58e9b6504ec78bd22328c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 3 Sep 2017 17:45:54 +0300
Subject: [PATCH] systemctl: fix masking of template units
systemctl would try to load the properties of the unit, which is impossible
for template names, and the whole operation would fail. It seems that this
regression was introduced in 00c83b430020914499bebf22be6b258f518ae291.
Export the part of unit_find_paths() responsible for locating instance unit
fragments and reuse it from unit_exists() to fix the handling of template
units.
Fixes #6412.
(cherry picked from commit 173471b771a52baa7f705019600956e875b0cb9a)
---
src/systemctl/systemctl.c | 68 ++++++++++++++++++++++++++++++++++-------------
1 file changed, 49 insertions(+), 19 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index a1b956111b..a5f248e865 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -2480,7 +2480,6 @@ static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **un
assert(lp);
assert(unit_name);
- assert(unit_path);
STRV_FOREACH(p, lp->search_path) {
_cleanup_free_ char *path = NULL, *lpath = NULL;
@@ -2498,14 +2497,48 @@ static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **un
if (r < 0)
return log_error_errno(r, "Failed to access path '%s': %m", path);
- *unit_path = lpath;
- lpath = NULL;
+ if (unit_path) {
+ *unit_path = lpath;
+ lpath = NULL;
+ }
return 1;
}
return 0;
}
+static int unit_find_template_path(
+ const char *unit_name,
+ LookupPaths *lp,
+ char **fragment_path,
+ char **template) {
+
+ _cleanup_free_ char *_template = NULL;
+ int r;
+
+ /* Returns 1 if a fragment was found, 0 if not found, negative on error. */
+
+ r = unit_file_find_path(lp, unit_name, fragment_path);
+ if (r != 0)
+ return r; /* error or found a real unit */
+
+ r = unit_name_template(unit_name, &_template);
+ if (r == -EINVAL)
+ return 0; /* not a template, does not exist */
+ if (r < 0)
+ return log_error_errno(r, "Failed to determine template name: %m");
+
+ r = unit_file_find_path(lp, _template, fragment_path);
+ if (r < 0)
+ return r;
+
+ if (template) {
+ *template = _template;
+ _template = NULL;
+ }
+ return r;
+}
+
static int unit_find_paths(
sd_bus *bus,
const char *unit_name,
@@ -2561,29 +2594,18 @@ static int unit_find_paths(
return log_error_errno(r, "Failed to get DropInPaths: %s", bus_error_message(&error, r));
}
} else {
- _cleanup_set_free_ Set *names;
+ _cleanup_set_free_ Set *names = NULL;
_cleanup_free_ char *template = NULL;
names = set_new(NULL);
if (!names)
return log_oom();
- r = unit_file_find_path(lp, unit_name, &path);
+ r = unit_find_template_path(unit_name, lp, &path, &template);
if (r < 0)
return r;
- if (r == 0) {
- r = unit_name_template(unit_name, &template);
- if (r < 0 && r != -EINVAL)
- return log_error_errno(r, "Failed to determine template name: %m");
- if (r >= 0) {
- r = unit_file_find_path(lp, template, &path);
- if (r < 0)
- return r;
- }
- }
-
- if (path)
+ if (r > 0)
/* We found the unit file. If we followed symlinks, this name might be
* different then the unit_name with started with. Look for dropins matching
* that "final" name. */
@@ -6084,7 +6106,7 @@ static int normalize_names(char **names, bool warn_if_path) {
return 0;
}
-static int unit_exists(const char *unit) {
+static int unit_exists(LookupPaths *lp, const char *unit) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_free_ char *path = NULL;
@@ -6097,6 +6119,9 @@ static int unit_exists(const char *unit) {
sd_bus *bus;
int r;
+ if (unit_name_is_valid(unit, UNIT_NAME_TEMPLATE))
+ return unit_find_template_path(unit, lp, NULL, NULL);
+
path = unit_dbus_path_from_name(unit);
if (!path)
return log_oom();
@@ -6202,9 +6227,14 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
if (STR_IN_SET(verb, "mask", "unmask")) {
char **name;
+ _cleanup_lookup_paths_free_ LookupPaths lp = {};
+
+ r = lookup_paths_init(&lp, arg_scope, 0, arg_root);
+ if (r < 0)
+ return r;
STRV_FOREACH(name, names) {
- r = unit_exists(*name);
+ r = unit_exists(&lp, *name);
if (r < 0)
return r;
if (r == 0)

30
0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch Normal file
View File

@ -0,0 +1,30 @@
From 18647aa3d8f3ef8033cba55384d297d7ef8f3d9c Mon Sep 17 00:00:00 2001
From: juga0 <juga@riseup.net>
Date: Tue, 5 Sep 2017 10:26:32 +0000
Subject: [PATCH] networkd: send dhcp option NTP when UseNTP is true (#6726)
(cherry picked from commit ead36ce651955999e7cf1f6167aa0065f8cd5f3f)
---
src/network/networkd-dhcp4.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 77771688e1..84a25b1a03 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -635,10 +635,11 @@ int dhcp4_configure(Link *link) {
return r;
}
- /* Always acquire the timezone and NTP */
- r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NTP_SERVER);
- if (r < 0)
- return r;
+ if (link->network->dhcp_use_ntp) {
+ r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NTP_SERVER);
+ if (r < 0)
+ return r;
+ }
r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE);
if (r < 0)

30
0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch Normal file
View File

@ -0,0 +1,30 @@
From 63f2647249e5d55e6ae62c484d70690aedd41a41 Mon Sep 17 00:00:00 2001
From: juga0 <juga@riseup.net>
Date: Wed, 6 Sep 2017 08:10:50 +0000
Subject: [PATCH] networkd: send dhcp timezone option when UseTimezone is true
(#6725)
(cherry picked from commit 89573b3728fc14033b99fc69f3f6181be9c8c6be)
---
src/network/networkd-dhcp4.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 84a25b1a03..546c90b6bb 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -641,9 +641,11 @@ int dhcp4_configure(Link *link) {
return r;
}
- r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE);
- if (r < 0)
- return r;
+ if (link->network->dhcp_use_timezone) {
+ r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE);
+ if (r < 0)
+ return r;
+ }
r = dhcp4_set_hostname(link);
if (r < 0)

28
0056-journalctl-honor-quiet-when-vacuuming-6771.patch Normal file
View File

@ -0,0 +1,28 @@
From b2403e6ea4cd04e3624d4ae4f7f2d7dde98f23dd Mon Sep 17 00:00:00 2001
From: Kai-Heng Feng <kaihengfeng@gmail.com>
Date: Fri, 8 Sep 2017 20:25:44 +0800
Subject: [PATCH] journalctl: honor --quiet when vacuuming (#6771)
'journalctl --vacuum-*' does not suppress output message with --quiet.
Let journal_directory_vacuum honors --quiet to fix the problem.
BugLink: https://bugs.launchpad.net/bugs/1692188
(cherry picked from commit e3695e499a54071aa5fa3b79bdbff0be2c528204)
---
src/journal/journalctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 2313c8c678..1bb4d89159 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -2170,7 +2170,7 @@ int main(int argc, char *argv[]) {
if (d->is_root)
continue;
- q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, true);
+ q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, !arg_quiet);
if (q < 0) {
log_error_errno(q, "Failed to vacuum %s: %m", d->path);
r = q;

45
0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch Normal file
View File

@ -0,0 +1,45 @@
From 21879b710e669f9965650bcafa8d504e617fd7ee Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Fri, 8 Sep 2017 15:41:44 +0200
Subject: [PATCH] manager: when reexecuting try to connect to bus only when
dbus.service is around (#6773)
Trying to connect otherwise is pointless, because if socket isn't around
we won't connect. However, when dbus.socket is present we attempt to
connect. That attempt can't succeed because we are then supposed
to activate dbus.service as a response to connection from
us. This results in deadlock.
Fixes #6303
(cherry picked from commit 5463fa0a88f95d2002858592578f9bf4e0d2660a)
---
src/core/manager.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 283720750f..482eab0f19 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -880,15 +880,19 @@ static int manager_setup_user_lookup_fd(Manager *m) {
static int manager_connect_bus(Manager *m, bool reexecuting) {
bool try_bus_connect;
+ Unit *u = NULL;
assert(m);
if (m->test_run)
return 0;
+ u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
+
try_bus_connect =
- reexecuting ||
- (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS"));
+ (u && UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) &&
+ (reexecuting ||
+ (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS")));
/* Try to connect to the buses, if possible. */
return bus_init(m, try_bus_connect);

28
0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch Normal file
View File

@ -0,0 +1,28 @@
From ab76f797e85ba755f02db58f18b455c46dfed12a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 8 Sep 2017 17:34:11 +0200
Subject: [PATCH] efivars: don't crash when somebody wants to remove an efi
variable
This corrects b3c908b4a230c5cca0dcdd7e94d02ec54a298abf by allowing a
NULL value again for variable deletion.
Fixes: #6753
(cherry picked from commit e1e26566ec60aa66a3c21682322ebc376df609b2)
---
src/shared/efivars.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
index 8229e6b183..2503346610 100644
--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
@@ -269,7 +269,7 @@ int efi_set_variable(
_cleanup_close_ int fd = -1;
assert(name);
- assert(value);
+ assert(value || size == 0);
if (asprintf(&p,
"/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",

310
0059-util-make-get_block_device-available.patch Normal file
View File

@ -0,0 +1,310 @@
From cd7bcbfad5c1319f8c7a9f74c2649ace096f6e2a Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 13 Sep 2017 11:47:15 +0200
Subject: [PATCH] util: make get_block_device() available
(cherry picked from commit c43b2b9c71e6e5f9af90ca178674d248acb0b9fc)
---
src/basic/util.c | 131 ++++++++++++++++++++++++++++
src/basic/util.h | 3 +
src/gpt-auto-generator/gpt-auto-generator.c | 130 ---------------------------
3 files changed, 134 insertions(+), 130 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index b52a5db31b..6cbb58bdea 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -34,6 +34,7 @@
#include <unistd.h>
#include "alloc-util.h"
+#include "btrfs-util.h"
#include "build.h"
#include "cgroup-util.h"
#include "def.h"
@@ -719,3 +720,133 @@ int version(void) {
SYSTEMD_FEATURES);
return 0;
}
+
+int get_block_device(const char *path, dev_t *dev) {
+ struct stat st;
+ struct statfs sfs;
+
+ assert(path);
+ assert(dev);
+
+ /* Get's the block device directly backing a file system. If
+ * the block device is encrypted, returns the device mapper
+ * block device. */
+
+ if (lstat(path, &st))
+ return -errno;
+
+ if (major(st.st_dev) != 0) {
+ *dev = st.st_dev;
+ return 1;
+ }
+
+ if (statfs(path, &sfs) < 0)
+ return -errno;
+
+ if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC))
+ return btrfs_get_block_device(path, dev);
+
+ return 0;
+}
+
+int get_block_device_harder(const char *path, dev_t *dev) {
+ _cleanup_closedir_ DIR *d = NULL;
+ _cleanup_free_ char *p = NULL, *t = NULL;
+ struct dirent *de, *found = NULL;
+ const char *q;
+ unsigned maj, min;
+ dev_t dt;
+ int r;
+
+ assert(path);
+ assert(dev);
+
+ /* Gets the backing block device for a file system, and
+ * handles LUKS encrypted file systems, looking for its
+ * immediate parent, if there is one. */
+
+ r = get_block_device(path, &dt);
+ if (r <= 0)
+ return r;
+
+ if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0)
+ return -ENOMEM;
+
+ d = opendir(p);
+ if (!d) {
+ if (errno == ENOENT)
+ goto fallback;
+
+ return -errno;
+ }
+
+ FOREACH_DIRENT_ALL(de, d, return -errno) {
+
+ if (dot_or_dot_dot(de->d_name))
+ continue;
+
+ if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
+ continue;
+
+ if (found) {
+ _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL;
+
+ /* We found a device backed by multiple other devices. We don't really support automatic
+ * discovery on such setups, with the exception of dm-verity partitions. In this case there are
+ * two backing devices: the data partition and the hash partition. We are fine with such
+ * setups, however, only if both partitions are on the same physical device. Hence, let's
+ * verify this. */
+
+ u = strjoin(p, "/", de->d_name, "/../dev");
+ if (!u)
+ return -ENOMEM;
+
+ v = strjoin(p, "/", found->d_name, "/../dev");
+ if (!v)
+ return -ENOMEM;
+
+ r = read_one_line_file(u, &a);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to read %s: %m", u);
+ goto fallback;
+ }
+
+ r = read_one_line_file(v, &b);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to read %s: %m", v);
+ goto fallback;
+ }
+
+ /* Check if the parent device is the same. If not, then the two backing devices are on
+ * different physical devices, and we don't support that. */
+ if (!streq(a, b))
+ goto fallback;
+ }
+
+ found = de;
+ }
+
+ if (!found)
+ goto fallback;
+
+ q = strjoina(p, "/", found->d_name, "/dev");
+
+ r = read_one_line_file(q, &t);
+ if (r == -ENOENT)
+ goto fallback;
+ if (r < 0)
+ return r;
+
+ if (sscanf(t, "%u:%u", &maj, &min) != 2)
+ return -EINVAL;
+
+ if (maj == 0)
+ goto fallback;
+
+ *dev = makedev(maj, min);
+ return 1;
+
+fallback:
+ *dev = dt;
+ return 1;
+}
diff --git a/src/basic/util.h b/src/basic/util.h
index c7da6c39bf..b31dfd1c92 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -192,3 +192,6 @@ uint64_t system_tasks_max_scale(uint64_t v, uint64_t max);
int update_reboot_parameter_and_warn(const char *param);
int version(void);
+
+int get_block_device(const char *path, dev_t *dev);
+int get_block_device_harder(const char *path, dev_t *dev);
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index a072242430..dc307ff585 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -609,136 +609,6 @@ static int enumerate_partitions(dev_t devnum) {
return r;
}
-static int get_block_device(const char *path, dev_t *dev) {
- struct stat st;
- struct statfs sfs;
-
- assert(path);
- assert(dev);
-
- /* Get's the block device directly backing a file system. If
- * the block device is encrypted, returns the device mapper
- * block device. */
-
- if (lstat(path, &st))
- return -errno;
-
- if (major(st.st_dev) != 0) {
- *dev = st.st_dev;
- return 1;
- }
-
- if (statfs(path, &sfs) < 0)
- return -errno;
-
- if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC))
- return btrfs_get_block_device(path, dev);
-
- return 0;
-}
-
-static int get_block_device_harder(const char *path, dev_t *dev) {
- _cleanup_closedir_ DIR *d = NULL;
- _cleanup_free_ char *p = NULL, *t = NULL;
- struct dirent *de, *found = NULL;
- const char *q;
- unsigned maj, min;
- dev_t dt;
- int r;
-
- assert(path);
- assert(dev);
-
- /* Gets the backing block device for a file system, and
- * handles LUKS encrypted file systems, looking for its
- * immediate parent, if there is one. */
-
- r = get_block_device(path, &dt);
- if (r <= 0)
- return r;
-
- if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0)
- return -ENOMEM;
-
- d = opendir(p);
- if (!d) {
- if (errno == ENOENT)
- goto fallback;
-
- return -errno;
- }
-
- FOREACH_DIRENT_ALL(de, d, return -errno) {
-
- if (dot_or_dot_dot(de->d_name))
- continue;
-
- if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
- continue;
-
- if (found) {
- _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL;
-
- /* We found a device backed by multiple other devices. We don't really support automatic
- * discovery on such setups, with the exception of dm-verity partitions. In this case there are
- * two backing devices: the data partition and the hash partition. We are fine with such
- * setups, however, only if both partitions are on the same physical device. Hence, let's
- * verify this. */
-
- u = strjoin(p, "/", de->d_name, "/../dev");
- if (!u)
- return -ENOMEM;
-
- v = strjoin(p, "/", found->d_name, "/../dev");
- if (!v)
- return -ENOMEM;
-
- r = read_one_line_file(u, &a);
- if (r < 0) {
- log_debug_errno(r, "Failed to read %s: %m", u);
- goto fallback;
- }
-
- r = read_one_line_file(v, &b);
- if (r < 0) {
- log_debug_errno(r, "Failed to read %s: %m", v);
- goto fallback;
- }
-
- /* Check if the parent device is the same. If not, then the two backing devices are on
- * different physical devices, and we don't support that. */
- if (!streq(a, b))
- goto fallback;
- }
-
- found = de;
- }
-
- if (!found)
- goto fallback;
-
- q = strjoina(p, "/", found->d_name, "/dev");
-
- r = read_one_line_file(q, &t);
- if (r == -ENOENT)
- goto fallback;
- if (r < 0)
- return r;
-
- if (sscanf(t, "%u:%u", &maj, &min) != 2)
- return -EINVAL;
-
- if (maj == 0)
- goto fallback;
-
- *dev = makedev(maj, min);
- return 1;
-
-fallback:
- *dev = dt;
- return 1;
-}
-
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
int r;

51
0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch Normal file
View File

@ -0,0 +1,51 @@
From c86784ebf6a8dc572a52ac1322ae558c39e61d92 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 13 Sep 2017 11:04:17 +0200
Subject: [PATCH] shutdown: don't be fooled when detaching DM devices with
BTRFS
Otherwise we would try to detach the DM device hosting the rootfs with BTRFS
which is doomed to fail.
(cherry picked from commit 33e8d8af1482fd94edf8a41462012468ba852687)
---
src/core/umount.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/core/umount.c b/src/core/umount.c
index b83f631141..87c5aa9029 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
@@ -517,22 +517,22 @@ static int loopback_points_list_detach(MountPoint **head, bool *changed) {
static int dm_points_list_detach(MountPoint **head, bool *changed) {
MountPoint *m, *n;
- int n_failed = 0, k;
- struct stat root_st;
+ int n_failed = 0, r;
+ dev_t rootdev;
assert(head);
- k = lstat("/", &root_st);
+ r = get_block_device("/", &rootdev);
+ if (r <= 0)
+ rootdev = 0;
LIST_FOREACH_SAFE(mount_point, m, n, *head) {
- int r;
- if (k >= 0 &&
- major(root_st.st_dev) != 0 &&
- root_st.st_dev == m->devnum) {
- n_failed++;
- continue;
- }
+ if (major(rootdev) != 0)
+ if (rootdev == m->devnum) {
+ n_failed ++;
+ continue;
+ }
log_info("Detaching DM %u:%u.", major(m->devnum), minor(m->devnum));
r = delete_dm(m->devnum);

62
0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch Normal file
View File

@ -0,0 +1,62 @@
From 7f4b159f88d8d3b932e24646b50e4bdcac885581 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Sep 2017 19:08:26 +0200
Subject: [PATCH] sd-bus: extend D-Bus authentication timeout considerably
(#6813)
As it turns out the authentication phase times out too often than is
good, mostly due to PRNG pools not being populated during boot. Hence,
let's increase the authentication timeout from 25s to 90s, to cover for
that.
(Note that we leave the D-Bus method call timeout at 25s, matching the
reference implementation's value. And if the auth phase managed to
complete then the pools should be populated enough and mehtod calls
shouldn't take needlessly long anymore).
Fixes: #6418
(cherry picked from commit 036d61b32e7e684a532904ec26a6ebaa1b850ab9)
---
src/libsystemd/sd-bus/bus-internal.h | 6 ++++++
src/libsystemd/sd-bus/bus-socket.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
index 3575ea8cde..473f486c3d 100644
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@@ -27,6 +27,7 @@
#include "bus-error.h"
#include "bus-kernel.h"
#include "bus-match.h"
+#include "def.h"
#include "hashmap.h"
#include "kdbus.h"
#include "list.h"
@@ -327,8 +328,13 @@ struct sd_bus {
LIST_HEAD(sd_bus_track, tracks);
};
+/* For method calls we time-out at 25s, like in the D-Bus reference implementation */
#define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
+/* For the authentication phase we grant 90s, to provide extra room during boot, when RNGs and such are not filled up
+ * with enough entropy yet and might delay the boot */
+#define BUS_AUTH_TIMEOUT ((usec_t) DEFAULT_TIMEOUT_USEC)
+
#define BUS_WQUEUE_MAX (192*1024)
#define BUS_RQUEUE_MAX (192*1024)
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index ab70a0c6e1..fa7dcbb888 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -661,7 +661,7 @@ int bus_socket_start_auth(sd_bus *b) {
bus_get_peercred(b);
b->state = BUS_AUTHENTICATING;
- b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
+ b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_AUTH_TIMEOUT;
if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;

48
0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch Normal file
View File

@ -0,0 +1,48 @@
From eb877dacc9f98f646ff9509d6df5c71bd4a33a17 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Sep 2017 18:26:10 +0200
Subject: [PATCH] timer: don't use persietent file timestamps from the future
(#6823)
Also, use the mtime rather than the atime of the timestamp file. While
the atime is not completely wrong, the mtime appears more appropriate
as that's what we actually explicitly change, and is not effected by
mere reading.
Fixes: #6821
(cherry picked from commit 77542a7905520f1d637912bf47bddb4855506e41)
---
src/core/timer.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/core/timer.c b/src/core/timer.c
index 701949fd60..3032a237b1 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -614,9 +614,23 @@ static int timer_start(Unit *u) {
if (t->stamp_path) {
struct stat st;
- if (stat(t->stamp_path, &st) >= 0)
- t->last_trigger.realtime = timespec_load(&st.st_atim);
- else if (errno == ENOENT)
+ if (stat(t->stamp_path, &st) >= 0) {
+ usec_t ft;
+
+ /* Load the file timestamp, but only if it is actually in the past. If it is in the future,
+ * something is wrong with the system clock. */
+
+ ft = timespec_load(&st.st_mtim);
+ if (ft < now(CLOCK_REALTIME))
+ t->last_trigger.realtime = ft;
+ else {
+ char z[FORMAT_TIMESTAMP_MAX];
+
+ log_unit_warning(u, "Not using persistent file timestamp %s as it is in the future.",
+ format_timestamp(z, sizeof(z), ft));
+ }
+
+ } else if (errno == ENOENT)
/* The timer has never run before,
* make sure a stamp file exists.
*/

46
0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch Normal file
View File

@ -0,0 +1,46 @@
From 760a486ff45797b65093c5f0550cc42bfd5d70aa Mon Sep 17 00:00:00 2001
From: Felipe Sateler <fsateler@users.noreply.github.com>
Date: Thu, 14 Sep 2017 14:51:20 -0300
Subject: [PATCH] shared: end string with % if one was found at the end of a
expandible string (#6828)
Current behavior is that %X where X is an unidentified specifier, then the result is
the same %X string. This was not the case when the string ended with a stray %, where
the character would have not been output. Lets add that missing character.
Fixes: #6374
(cherry picked from commit 038492aed3e0293fd9cf4998fd891addb597b954)
---
src/shared/specifier.c | 4 ++++
src/test/test-unit-name.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/shared/specifier.c b/src/shared/specifier.c
index 1c17eb5251..81379041cc 100644
--- a/src/shared/specifier.c
+++ b/src/shared/specifier.c
@@ -107,6 +107,10 @@ int specifier_printf(const char *text, const Specifier table[], void *userdata,
*(t++) = *f;
}
+ /* if string ended with a stray %, also end with % */
+ if (percent)
+ *(t++) = '%';
+
*t = 0;
*_ret = ret;
return 0;
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index 2fd83f321c..2af90c69ee 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -237,7 +237,8 @@ static int test_unit_printf(void) {
/* general tests */
expect(u, "%%", "%");
expect(u, "%%s", "%s");
- expect(u, "%", ""); // REALLY?
+ expect(u, "%,", "%,");
+ expect(u, "%", "%");
/* normal unit */
expect(u, "%n", "blah.service");

13
0023-build-sys-bump-xslt-maxdepth-limit.patch → 0064-build-sys-bump-xslt-maxdepth-limit-6863.patch
View File

@ -1,16 +1,18 @@
From f2618d3474090751ae364ca326f3563797cce54a Mon Sep 17 00:00:00 2001
From bd69342ded37a30850de4c85cbc709aaecfee396 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 18 Sep 2017 17:09:52 +0200
Subject: [PATCH] build-sys: bump xslt maxdepth limit
Date: Tue, 19 Sep 2017 08:04:02 +0200
Subject: [PATCH] build-sys: bump xslt maxdepth limit (#6863)
With libxslt-1.30, builds were failing on some recursion depth limit
with systemd.index.xml. Bumping the limit fixes the issue.
(cherry picked from commit f2adcd22d5d5498f1a00fdc303f71e7198b238ab)
---
man/meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/man/meson.build b/man/meson.build
index 8ddbd5557c..5b6a21fb9f 100644
index 4f2ddad31a..c9fa91589a 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found()
@ -21,6 +23,3 @@ index 8ddbd5557c..5b6a21fb9f 100644
'--stringparam', 'man.output.quietly', '1',
'--stringparam', 'funcsynopsis.style', 'ansi',
'--stringparam', 'man.authors.section.enabled', '0',
--
2.13.5

175
0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch Normal file
View File

@ -0,0 +1,175 @@
From 7c4392650657a5ef264c4b1e2c55d5051b60fb30 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 17:55:53 +0200
Subject: [PATCH] fileio: add new helper call read_line() as bounded getline()
replacement
read_line() is much like getline(), and returns a line read from a
FILE*, of arbitrary sizes. In contrast to gets() it will grow the buffer
dynamically, and in contrast to getline() it will place a user-specified
boundary on the line.
(cherry picked from commit 4f9a66a32dda1d9a28f9bb3fa31c2148524bc46a)
---
src/basic/fileio.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/basic/fileio.h | 2 ++
src/test/test-fileio.c | 44 +++++++++++++++++++++++++++++
3 files changed, 123 insertions(+)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 9a185e3e60..db5897c360 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -1497,3 +1497,80 @@ int mkdtemp_malloc(const char *template, char **ret) {
*ret = p;
return 0;
}
+
+int read_line(FILE *f, size_t limit, char **ret) {
+ _cleanup_free_ char *buffer = NULL;
+ size_t n = 0, allocated = 0, count = 0;
+ int r;
+
+ assert(f);
+
+ /* Something like a bounded version of getline().
+ *
+ * Considers EOF, \n and \0 end of line delimiters, and does not include these delimiters in the string
+ * returned.
+ *
+ * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
+ * the number of characters in the returned string). When EOF is hit, 0 is returned.
+ *
+ * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
+ * delimiters. If the limit is hit we fail and return -ENOBUFS.
+ *
+ * If a line shall be skipped ret may be initialized as NULL. */
+
+ if (ret) {
+ if (!GREEDY_REALLOC(buffer, allocated, 1))
+ return -ENOMEM;
+ }
+
+ flockfile(f);
+
+ for (;;) {
+ int c;
+
+ if (n >= limit) {
+ funlockfile(f);
+ return -ENOBUFS;
+ }
+
+ errno = 0;
+ c = fgetc_unlocked(f);
+ if (c == EOF) {
+ /* if we read an error, and have no data to return, then propagate the error */
+ if (ferror_unlocked(f) && n == 0) {
+ r = errno > 0 ? -errno : -EIO;
+ funlockfile(f);
+ return r;
+ }
+
+ break;
+ }
+
+ count++;
+
+ if (IN_SET(c, '\n', 0)) /* Reached a delimiter */
+ break;
+
+ if (ret) {
+ if (!GREEDY_REALLOC(buffer, allocated, n + 2)) {
+ funlockfile(f);
+ return -ENOMEM;
+ }
+
+ buffer[n] = (char) c;
+ }
+
+ n++;
+ }
+
+ funlockfile(f);
+
+ if (ret) {
+ buffer[n] = 0;
+
+ *ret = buffer;
+ buffer = NULL;
+ }
+
+ return (int) count;
+}
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index 6098562265..2674148efe 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -99,3 +99,5 @@ int link_tmpfile(int fd, const char *path, const char *target);
int read_nul_string(FILE *f, char **ret);
int mkdtemp_malloc(const char *template, char **ret);
+
+int read_line(FILE *f, size_t limit, char **ret);
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index b1d688c89e..375b7a8910 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -663,6 +663,49 @@ static void test_tempfn(void) {
free(ret);
}
+static void test_read_line(void) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *line = NULL;
+
+ char buffer[] =
+ "Some test data\n"
+ "With newlines, and a NUL byte\0"
+ "\n"
+ "an empty line\n"
+ "an ignored line\n"
+ "and a very long line that is supposed to be truncated, because it is so long\n";
+
+ f = fmemopen(buffer, sizeof(buffer), "re");
+ assert_se(f);
+
+ assert_se(read_line(f, (size_t) -1, &line) == 15 && streq(line, "Some test data"));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 30 && streq(line, "With newlines, and a NUL byte"));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 1 && streq(line, ""));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 14 && streq(line, "an empty line"));
+ line = mfree(line);
+
+ assert_se(read_line(f, (size_t) -1, NULL) == 16);
+
+ assert_se(read_line(f, 16, &line) == -ENOBUFS);
+ line = mfree(line);
+
+ /* read_line() stopped when it hit the limit, that means when we continue reading we'll read at the first
+ * character after the previous limit. Let's make use of tha to continue our test. */
+ assert_se(read_line(f, 1024, &line) == 61 && streq(line, "line that is supposed to be truncated, because it is so long"));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 1 && streq(line, ""));
+ line = mfree(line);
+
+ assert_se(read_line(f, 1024, &line) == 0 && streq(line, ""));
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -684,6 +727,7 @@ int main(int argc, char *argv[]) {
test_search_and_fopen_nulstr();
test_writing_tmpfile();
test_tempfn();
+ test_read_line();
return 0;
}

26
0066-def-add-new-constant-LONG_LINE_MAX.patch Normal file
View File

@ -0,0 +1,26 @@
From 8eda468cb9445e5a9e2505d47fc5b15eae453a0a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 20:23:58 +0200
Subject: [PATCH] def: add new constant LONG_LINE_MAX
LONG_LINE_MAX is much like LINE_MAX, but longer.
As it turns out LINE_MAX at 4096 is too short for many usecases. Since
the general concept of having a common maximum line length limit makes
sense let's add our own, and make it larger (1MB for now).
(cherry picked from commit 189912440f6545404e84b3cd1d6ca54f1057e3e6)
---
src/basic/def.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/def.h b/src/basic/def.h
index b1a3bc190b..e2d91519ba 100644
--- a/src/basic/def.h
+++ b/src/basic/def.h
@@ -86,3 +86,5 @@
"/usr/local/lib/" n "\0" \
"/usr/lib/" n "\0" \
_CONF_PATHS_SPLIT_USR(n)
+
+#define LONG_LINE_MAX (1U*1024U*1024U)

53
0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch Normal file
View File

@ -0,0 +1,53 @@
From 773fe149cec50517ff1ed113c802c4e1a047a3e4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 18:01:32 +0200
Subject: [PATCH] fileio: rework read_one_line_file() on top of read_line()
(cherry picked from commit f4b51a2d092685c9a080e84130fec2d74c834f5c)
---
src/basic/fileio.c | 18 ++----------------
1 file changed, 2 insertions(+), 16 deletions(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index db5897c360..c66b7b814e 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -30,6 +30,7 @@
#include "alloc-util.h"
#include "ctype.h"
+#include "def.h"
#include "env-util.h"
#include "escape.h"
#include "fd-util.h"
@@ -163,7 +164,6 @@ fail:
int read_one_line_file(const char *fn, char **line) {
_cleanup_fclose_ FILE *f = NULL;
- char t[LINE_MAX], *c;
assert(fn);
assert(line);
@@ -172,21 +172,7 @@ int read_one_line_file(const char *fn, char **line) {
if (!f)
return -errno;
- if (!fgets(t, sizeof(t), f)) {
-
- if (ferror(f))
- return errno > 0 ? -errno : -EIO;
-
- t[0] = 0;
- }
-
- c = strdup(t);
- if (!c)
- return -ENOMEM;
- truncate_nl(c);
-
- *line = c;
- return 0;
+ return read_line(f, LONG_LINE_MAX, line);
}
int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {

31
0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch Normal file
View File

@ -0,0 +1,31 @@
From f4037dc520045b4779cf8589bd75ced2d343c215 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 18:25:45 +0200
Subject: [PATCH] cgroup-util: replace one use of fgets() by read_line()
(cherry picked from commit 2351e44d3ed57b7a48b9e544a59c3b797ac4d216)
---
src/basic/cgroup-util.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 6344372610..9148a7b1ab 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2326,7 +2326,6 @@ int cg_mask_supported(CGroupMask *ret) {
int cg_kernel_controllers(Set *controllers) {
_cleanup_fclose_ FILE *f = NULL;
- char buf[LINE_MAX];
int r;
assert(controllers);
@@ -2344,7 +2343,7 @@ int cg_kernel_controllers(Set *controllers) {
}
/* Ignore the header line */
- (void) fgets(buf, sizeof(buf), f);
+ (void) read_line(f, (size_t) -1, NULL);
for (;;) {
char *controller;

128
0069-test-conf-parser-add-some-basic-tests-for-config_par.patch Normal file
View File

@ -0,0 +1,128 @@
From 663be46f39f6c6e51b035683b304671eaffdafe8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 21 Sep 2017 14:24:01 +0200
Subject: [PATCH] test-conf-parser: add some basic tests for config_parse()
This function is pretty important, but we weren't calling it directly
even once in tests.
v2: add a few tests for escaping and line continuations
(cherry picked from commit e3f46367f577f8bd4b3a62ea0149bdcb112da573)
---
src/test/test-conf-parser.c | 89 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 89 insertions(+)
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index 77fcbc0dd3..81db9d1bd7 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -18,6 +18,8 @@
***/
#include "conf-parser.h"
+#include "fd-util.h"
+#include "fileio.h"
#include "log.h"
#include "macro.h"
#include "string-util.h"
@@ -227,7 +229,91 @@ static void test_config_parse_iec_uint64(void) {
assert_se(config_parse_iec_uint64(NULL, "/this/file", 11, "Section", 22, "Size", 0, "4.5M", &offset, NULL) == 0);
}
+static const char* const config_file[] = {
+ "[Section]\n"
+ "setting1=1\n",
+
+ "[Section]\n"
+ "setting1=1", /* no terminating newline */
+
+ "\n\n\n\n[Section]\n\n\n"
+ "setting1=1", /* some whitespace, no terminating newline */
+
+ "[Section]\n"
+ "[Section]\n"
+ "setting1=1\n"
+ "setting1=2\n"
+ "setting1=1\n", /* repeated settings */
+
+ "[Section]\n"
+ "setting1=1\\\n" /* normal continuation */
+ "2\\\n"
+ "3\n",
+
+ "[Section]\n"
+ "setting1=1\\\\\\\n" /* continuation with trailing escape symbols */
+ "\\\\2\n", /* note that C requires one level of escaping, so the
+ * parser gets "…1 BS BS BS NL BS BS 2 NL", which
+ * it translates into "…1 BS BS SP BS BS 2" */
+};
+
+static void test_config_parse(unsigned i, const char *s) {
+ char name[] = "/tmp/test-conf-parser.XXXXXX";
+ int fd, r;
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *setting1 = NULL;
+
+ const ConfigTableItem items[] = {
+ { "Section", "setting1", config_parse_string, 0, &setting1},
+ {}
+ };
+
+ log_info("== %s[%i] ==", __func__, i);
+
+ fd = mkostemp_safe(name);
+ assert_se(fd >= 0);
+ assert_se((size_t) write(fd, s, strlen(s)) == strlen(s));
+
+ assert_se(lseek(fd, 0, SEEK_SET) == 0);
+ assert_se(f = fdopen(fd, "r"));
+
+ /*
+ int config_parse(const char *unit,
+ const char *filename,
+ FILE *f,
+ const char *sections,
+ ConfigItemLookup lookup,
+ const void *table,
+ bool relaxed,
+ bool allow_include,
+ bool warn,
+ void *userdata)
+ */
+
+ r = config_parse(NULL, name, f,
+ "Section\0",
+ config_item_table_lookup, items,
+ false, false, true, NULL);
+ assert_se(r == 0);
+
+ switch (i) {
+ case 0 ... 3:
+ assert_se(streq(setting1, "1"));
+ break;
+
+ case 4:
+ assert_se(streq(setting1, "1 2 3"));
+ break;
+
+ case 5:
+ assert_se(streq(setting1, "1\\\\ \\\\2"));
+ break;
+ }
+}
+
int main(int argc, char **argv) {
+ unsigned i;
+
log_parse_environment();
log_open();
@@ -244,5 +330,8 @@ int main(int argc, char **argv) {
test_config_parse_nsec();
test_config_parse_iec_uint64();
+ for (i = 0; i < ELEMENTSOF(config_file); i++)
+ test_config_parse(i, config_file[i]);
+
return 0;
}

93
0070-conf-parse-remove-4K-line-length-limit.patch Normal file
View File

@ -0,0 +1,93 @@
From 032ba8cf22cc58b801d747c4063fcfe2364772de Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Sep 2017 18:26:35 +0200
Subject: [PATCH] conf-parse: remove 4K line length limit
Let's use read_line() to solve our long line limitation.
Fixes #3302.
(cherry picked from commit e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af)
---
src/shared/conf-parser.c | 43 ++++++++++++++++++++++++++++++++-----------
1 file changed, 32 insertions(+), 11 deletions(-)
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index e08402e3d2..57bc8e3036 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -28,8 +28,10 @@
#include "alloc-util.h"
#include "conf-files.h"
#include "conf-parser.h"
+#include "def.h"
#include "extract-word.h"
#include "fd-util.h"
+#include "fileio.h"
#include "fs-util.h"
#include "log.h"
#include "macro.h"
@@ -316,24 +318,44 @@ int config_parse(const char *unit,
fd_warn_permissions(filename, fileno(f));
for (;;) {
- char buf[LINE_MAX], *l, *p, *c = NULL, *e;
+ _cleanup_free_ char *buf = NULL;
+ char *l, *p, *c = NULL, *e;
bool escaped = false;
- if (!fgets(buf, sizeof buf, f)) {
- if (feof(f))
- break;
+ r = read_line(f, LONG_LINE_MAX, &buf);
+ if (r == 0)
+ break;
+ if (r == -ENOBUFS) {
+ if (warn)
+ log_error_errno(r, "%s:%u: Line too long", filename, line);
- return log_error_errno(errno, "Failed to read configuration file '%s': %m", filename);
+ return r;
+ }
+ if (r < 0) {
+ if (warn)
+ log_error_errno(r, "%s:%u: Error while reading configuration file: %m", filename, line);
+
+ return r;
}
l = buf;
- if (allow_bom && startswith(l, UTF8_BYTE_ORDER_MARK))
- l += strlen(UTF8_BYTE_ORDER_MARK);
- allow_bom = false;
+ if (allow_bom) {
+ char *q;
- truncate_nl(l);
+ q = startswith(buf, UTF8_BYTE_ORDER_MARK);
+ if (q) {
+ l = q;
+ allow_bom = false;
+ }
+ }
if (continuation) {
+ if (strlen(continuation) + strlen(l) > LONG_LINE_MAX) {
+ if (warn)
+ log_error("%s:%u: Continuation line too long", filename, line);
+ return -ENOBUFS;
+ }
+
c = strappend(continuation, l);
if (!c) {
if (warn)
@@ -387,8 +409,7 @@ int config_parse(const char *unit,
if (r < 0) {
if (warn)
- log_warning_errno(r, "Failed to parse file '%s': %m",
- filename);
+ log_warning_errno(r, "%s:%u: Failed to parse file: %m", filename, line);
return r;
}
}

101
0071-fileio-use-_cleanup_-for-FILE-unlocking.patch Normal file
View File

@ -0,0 +1,101 @@
From 2269f63e3bee44993cf57843d83369b03bec1d6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 23 Sep 2017 10:48:09 +0200
Subject: [PATCH] fileio: use _cleanup_ for FILE unlocking
(cherry picked from commit f858e5148e4f36335555dfaac812197ebd3ef036)
---
src/basic/fileio.c | 57 ++++++++++++++++++++++++++----------------------------
1 file changed, 27 insertions(+), 30 deletions(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index c66b7b814e..36cb0edaf4 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -1484,10 +1484,13 @@ int mkdtemp_malloc(const char *template, char **ret) {
return 0;
}
+static inline void funlockfilep(FILE **f) {
+ funlockfile(*f);
+}
+
int read_line(FILE *f, size_t limit, char **ret) {
_cleanup_free_ char *buffer = NULL;
size_t n = 0, allocated = 0, count = 0;
- int r;
assert(f);
@@ -1509,48 +1512,42 @@ int read_line(FILE *f, size_t limit, char **ret) {
return -ENOMEM;
}
- flockfile(f);
+ {
+ _cleanup_(funlockfilep) FILE *flocked = f;
+ flockfile(f);
- for (;;) {
- int c;
+ for (;;) {
+ int c;
- if (n >= limit) {
- funlockfile(f);
- return -ENOBUFS;
- }
+ if (n >= limit)
+ return -ENOBUFS;
+
+ errno = 0;
+ c = fgetc_unlocked(f);
+ if (c == EOF) {
+ /* if we read an error, and have no data to return, then propagate the error */
+ if (ferror_unlocked(f) && n == 0)
+ return errno > 0 ? -errno : -EIO;
- errno = 0;
- c = fgetc_unlocked(f);
- if (c == EOF) {
- /* if we read an error, and have no data to return, then propagate the error */
- if (ferror_unlocked(f) && n == 0) {
- r = errno > 0 ? -errno : -EIO;
- funlockfile(f);
- return r;
+ break;
}
- break;
- }
+ count++;
- count++;
+ if (IN_SET(c, '\n', 0)) /* Reached a delimiter */
+ break;
- if (IN_SET(c, '\n', 0)) /* Reached a delimiter */
- break;
+ if (ret) {
+ if (!GREEDY_REALLOC(buffer, allocated, n + 2))
+ return -ENOMEM;
- if (ret) {
- if (!GREEDY_REALLOC(buffer, allocated, n + 2)) {
- funlockfile(f);
- return -ENOMEM;
+ buffer[n] = (char) c;
}
- buffer[n] = (char) c;
+ n++;
}
-
- n++;
}
- funlockfile(f);
-
if (ret) {
buffer[n] = 0;

42
0072-test-conf-parser-use-_cleanup_.patch Normal file
View File

@ -0,0 +1,42 @@
From f365f6b194f4335e77f6c0f54b88b831c99a0f6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 21 Sep 2017 12:02:49 +0200
Subject: [PATCH] test-conf-parser: use _cleanup_
(cherry picked from commit a12807aaeaf20ff9507cf2c1e338d5c16d528a1e)
---
src/test/test-conf-parser.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index 81db9d1bd7..cd538f0d40 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -27,12 +27,10 @@
#include "util.h"
static void test_config_parse_path_one(const char *rvalue, const char *expected) {
- char *path = NULL;
+ _cleanup_free_ char *path = NULL;
assert_se(config_parse_path("unit", "filename", 1, "section", 1, "lvalue", 0, rvalue, &path, NULL) >= 0);
assert_se(streq_ptr(expected, path));
-
- free(path);
}
static void test_config_parse_log_level_one(const char *rvalue, int expected) {
@@ -78,12 +76,10 @@ static void test_config_parse_unsigned_one(const char *rvalue, unsigned expected
}
static void test_config_parse_strv_one(const char *rvalue, char **expected) {
- char **strv = 0;
+ _cleanup_strv_free_ char **strv = NULL;
assert_se(config_parse_strv("unit", "filename", 1, "section", 1, "lvalue", 0, rvalue, &strv, NULL) >= 0);
assert_se(strv_equal(expected, strv));
-
- strv_free(strv);
}
static void test_config_parse_mode_one(const char *rvalue, mode_t expected) {

90
0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch Normal file
View File

@ -0,0 +1,90 @@
From fd59e9d550fd944b4b629342c080c92703e7ef0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 21 Sep 2017 14:36:12 +0200
Subject: [PATCH] test-conf-parser: add tests for the new long lines, including
overflow handling
(cherry picked from commit 8f313f4febb4df13279aaae86c846bbb142a5a39)
---
src/test/test-conf-parser.c | 41 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index cd538f0d40..7a7de98bec 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -225,6 +225,10 @@ static void test_config_parse_iec_uint64(void) {
assert_se(config_parse_iec_uint64(NULL, "/this/file", 11, "Section", 22, "Size", 0, "4.5M", &offset, NULL) == 0);
}
+#define x10(x) x x x x x x x x x x
+#define x100(x) x10(x10(x))
+#define x1000(x) x10(x100(x))
+
static const char* const config_file[] = {
"[Section]\n"
"setting1=1\n",
@@ -251,6 +255,24 @@ static const char* const config_file[] = {
"\\\\2\n", /* note that C requires one level of escaping, so the
* parser gets "…1 BS BS BS NL BS BS 2 NL", which
* it translates into "…1 BS BS SP BS BS 2" */
+
+ "\n[Section]\n\n"
+ "setting1=" /* a line above LINE_MAX length */
+ x1000("ABCD")
+ "\n",
+
+ "[Section]\n"
+ "setting1=" /* a line above LINE_MAX length, with continuation */
+ x1000("ABCD") "\\\n"
+ "foobar",
+
+ "[Section]\n"
+ "setting1=" /* a line above the allowed limit: 9 + 1050000 + 1 */
+ x1000(x1000("x") x10("abcde")) "\n",
+
+ "[Section]\n"
+ "setting1=" /* many continuation lines, together above the limit */
+ x1000(x1000("x") x10("abcde") "\\\n") "xxx",
};
static void test_config_parse(unsigned i, const char *s) {
@@ -290,20 +312,37 @@ static void test_config_parse(unsigned i, const char *s) {
"Section\0",
config_item_table_lookup, items,
false, false, true, NULL);
- assert_se(r == 0);
switch (i) {
case 0 ... 3:
+ assert_se(r == 0);
assert_se(streq(setting1, "1"));
break;
case 4:
+ assert_se(r == 0);
assert_se(streq(setting1, "1 2 3"));
break;
case 5:
+ assert_se(r == 0);
assert_se(streq(setting1, "1\\\\ \\\\2"));
break;
+
+ case 6:
+ assert_se(r == 0);
+ assert_se(streq(setting1, x1000("ABCD")));
+ break;
+
+ case 7:
+ assert_se(r == 0);
+ assert_se(streq(setting1, x1000("ABCD") " foobar"));
+ break;
+
+ case 8 ... 9:
+ assert_se(r == -ENOBUFS);
+ assert_se(setting1 == NULL);
+ break;
}
}

32
0074-test-fileio-close-two-leaked-file-handles.patch Normal file
View File

@ -0,0 +1,32 @@
From 8873d22603623b4d611b178dfd597ed16081375a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 24 Sep 2017 08:59:49 +0200
Subject: [PATCH] test-fileio: close two leaked file handles
(cherry picked from commit 9707d55213959bb171ea810d56e9226f5ffa5466)
---
src/test/test-fileio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index 375b7a8910..eebaa2c155 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -209,7 +209,7 @@ static void test_parse_multiline_env_file(void) {
static void test_merge_env_file(void) {
char t[] = "/tmp/test-fileio-XXXXXX";
int fd, r;
- FILE *f;
+ _cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **a = NULL;
char **i;
@@ -278,7 +278,7 @@ static void test_merge_env_file(void) {
static void test_merge_env_file_invalid(void) {
char t[] = "/tmp/test-fileio-XXXXXX";
int fd, r;
- FILE *f;
+ _cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **a = NULL;
char **i;

104
0075-test-fileio-also-test-read_line-with-actual-files.patch Normal file
View File

@ -0,0 +1,104 @@
From 0e1ae5aba8476602b3e69ac470e20a2efa0380a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 24 Sep 2017 09:10:48 +0200
Subject: [PATCH] test-fileio: also test read_line() with actual files
Just in case the real FILE and the one from fmemopen weren't exactly
the same.
(cherry picked from commit 2c9de13912350f5887ccccdae9e1707512208053)
---
src/test/test-fileio.c | 64 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 51 insertions(+), 13 deletions(-)
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index eebaa2c155..7f22973157 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -663,21 +663,17 @@ static void test_tempfn(void) {
free(ret);
}
-static void test_read_line(void) {
- _cleanup_fclose_ FILE *f = NULL;
+static const char buffer[] =
+ "Some test data\n"
+ "With newlines, and a NUL byte\0"
+ "\n"
+ "an empty line\n"
+ "an ignored line\n"
+ "and a very long line that is supposed to be truncated, because it is so long\n";
+
+static void test_read_line_one_file(FILE *f) {
_cleanup_free_ char *line = NULL;
- char buffer[] =
- "Some test data\n"
- "With newlines, and a NUL byte\0"
- "\n"
- "an empty line\n"
- "an ignored line\n"
- "and a very long line that is supposed to be truncated, because it is so long\n";
-
- f = fmemopen(buffer, sizeof(buffer), "re");
- assert_se(f);
-
assert_se(read_line(f, (size_t) -1, &line) == 15 && streq(line, "Some test data"));
line = mfree(line);
@@ -706,6 +702,46 @@ static void test_read_line(void) {
assert_se(read_line(f, 1024, &line) == 0 && streq(line, ""));
}
+static void test_read_line(void) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *line = NULL;
+
+ f = fmemopen((void*) buffer, sizeof(buffer), "re");
+ assert_se(f);
+
+ test_read_line_one_file(f);
+}
+
+static void test_read_line2(void) {
+ char name[] = "/tmp/test-fileio.XXXXXX";
+ int fd;
+ _cleanup_fclose_ FILE *f = NULL;
+
+ fd = mkostemp_safe(name);
+ assert_se(fd >= 0);
+ assert_se((size_t) write(fd, buffer, sizeof(buffer)) == sizeof(buffer));
+
+ assert_se(lseek(fd, 0, SEEK_SET) == 0);
+ assert_se(f = fdopen(fd, "r"));
+
+ test_read_line_one_file(f);
+}
+
+static void test_read_line3(void) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *line = NULL;
+ int r;
+
+ f = fopen("/proc/cmdline", "re");
+ if (!f && IN_SET(errno, ENOENT, EPERM))
+ return;
+ assert_se(f);
+
+ r = read_line(f, LINE_MAX, &line);
+ assert_se((size_t) r == strlen(line) + 1);
+ assert_se(read_line(f, LINE_MAX, NULL) == 0);
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -728,6 +764,8 @@ int main(int argc, char *argv[]) {
test_writing_tmpfile();
test_tempfn();
test_read_line();
+ test_read_line2();
+ test_read_line3();
return 0;
}

34
0076-fileio-return-0-from-read_one_line_file-on-success.patch Normal file
View File

@ -0,0 +1,34 @@
From 32c49980110767e0ff013c0235e5e9a6bc2f3c31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 24 Sep 2017 14:27:21 +0200
Subject: [PATCH] fileio: return 0 from read_one_line_file on success
Fixup for f4b51a2d09. Suggested by Evgeny Vereshchagin.
(cherry picked from commit 2e33df93dee35af986683d1226f93e0f9659de5d)
---
src/basic/fileio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 36cb0edaf4..9d56b7ccbc 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -164,6 +164,7 @@ fail:
int read_one_line_file(const char *fn, char **line) {
_cleanup_fclose_ FILE *f = NULL;
+ int r;
assert(fn);
assert(line);
@@ -172,7 +173,8 @@ int read_one_line_file(const char *fn, char **line) {
if (!f)
return -errno;
- return read_line(f, LONG_LINE_MAX, line);
+ r = read_line(f, LONG_LINE_MAX, line);
+ return r < 0 ? r : 0;
}
int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {

25
0077-string-util-use-size_t-for-strjoina-macro-6914.patch Normal file
View File

@ -0,0 +1,25 @@
From 3c2e58887a5d9282670b3e41b6e584367a2bda18 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jlebon@users.noreply.github.com>
Date: Mon, 25 Sep 2017 15:56:57 -0400
Subject: [PATCH] string-util: use size_t for strjoina macro (#6914)
`strlen` returns a `size_t` and `alloca` expects a `size_t`.
(cherry picked from commit 35207e259ef44f62faf71acc4bbc7d43311a4583)
---
src/basic/string-util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
index be44dedff4..f8dde61549 100644
--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@@ -120,7 +120,7 @@ char *strjoin_real(const char *x, ...) _sentinel_;
({ \
const char *_appendees_[] = { a, __VA_ARGS__ }; \
char *_d_, *_p_; \
- int _len_ = 0; \
+ size_t _len_ = 0; \
unsigned _i_; \
for (_i_ = 0; _i_ < ELEMENTSOF(_appendees_) && _appendees_[_i_]; _i_++) \
_len_ += strlen(_appendees_[_i_]); \

22
0078-mount-util-add-fusectl-to-list-of-API-VFS.patch Normal file
View File

@ -0,0 +1,22 @@
From 63fe668593009a59cc2670d78974fccacb245c61 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 29 Sep 2017 14:36:06 +0200
Subject: [PATCH] mount-util: add fusectl to list of API VFS
(cherry picked from commit 7941e2189bf0a2118d4ad1fcf5ff2da534c3b67d)
---
src/basic/mount-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index cff44116c8..a13f12096c 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -564,6 +564,7 @@ bool fstype_is_api_vfs(const char *fstype) {
"devpts\0"
"devtmpfs\0"
"efivarfs\0"
+ "fusectl\0"
"hugetlbfs\0"
"mqueue\0"
"proc\0"

47
0079-units-do-not-kill-rescue-shell-when-machines.target-.patch Normal file
View File

@ -0,0 +1,47 @@
From a1bf52c278196d4bc8d419afeb6507c48e5fd461 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 11:38:08 +0100
Subject: [PATCH] units: do not kill rescue shell when machines.target is
started
The original aim of this commit is that starting machines.target from the
rescue shell would not kill the rescue shell and lock you out of the
system.
This is similar to commit 6579a622, for the conflict between
sysinit.target and the _emergency_ shell. That particular commit
introduced an ordering cycle and will need to be reverted and/or
fixed. This one does not, because it does not need to introduce any new
dependencies.
The reason why this commit is allowable also has it's own merit:
machines.target was not marked as AllowIsolate. Also, the point of
containers is to not escape them... I don't think we want to promote
machines.target as a default target or similar; you would generally want
some system service to allow you to shut down the machine, for example. I
don't see this approach used in CoreOS, nor in Fedora Atomic Host; we are
missing any positive examples of its utility.
Requires=basic.target / After=basic.target can be removed for the same
reason.
(cherry picked from commit a3b22cc5962efef2f4cd57d49f59a67e0617e9e0)
---
units/machines.target | 3 ---
1 file changed, 3 deletions(-)
diff --git a/units/machines.target b/units/machines.target
index 99618a19f7..e07b0bb6ae 100644
--- a/units/machines.target
+++ b/units/machines.target
@@ -8,9 +8,6 @@
[Unit]
Description=Containers
Documentation=man:systemd.special(7)
-Requires=basic.target
-Conflicts=rescue.service rescue.target
-After=basic.target rescue.service rescue.target
Before=multi-user.target
[Install]

62
0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch Normal file
View File

@ -0,0 +1,62 @@
From cbe2db129832eb71c03857a0029c1ff8dea27a45 Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Fri, 29 Sep 2017 17:20:31 +0100
Subject: [PATCH] units: express Conflict in syslog.socket instead of
emergency.service
Note this commit only changes how the code is expressed; it does not change
the existence of any dependency.
The `Conflicts=` was added in 3136ec90, "Stop syslog.socket when entering
emergency mode". The discussion in the issue #266 raised concerns that
this might be needed for other units, but failed to point out why
syslog.socket is special. The reason is that syslog.socket has
DefaultDepedencies=no, so it does not get Requires=sysinit.target like
other socket units do. But syslog.service does require sysinit.target,
among other things.
We don't have many socket, path, or timer units with
DefaultDependencies=no, and I don't think any of the triggered services
have such additional hard dependencies as syslog.service does.
It is much less confusing if we keep this `Conflicts=` in the same file as
the `DefaultDependencies=no` which made it necessary.
(cherry picked from commit 950d8fcdd9aa7e71ad32ea224e7d6fbe0f9f53de)
---
units/emergency.service.in | 1 -
units/syslog.socket | 6 +++++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/units/emergency.service.in b/units/emergency.service.in
index e9eb238b98..8768fe137e 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -11,7 +11,6 @@ Documentation=man:sulogin(8)
DefaultDependencies=no
Conflicts=shutdown.target
Conflicts=rescue.service
-Conflicts=syslog.socket
Before=shutdown.target
[Service]
diff --git a/units/syslog.socket b/units/syslog.socket
index d3987cb9a8..372e8fcd45 100644
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -10,10 +10,14 @@ Description=Syslog Socket
Documentation=man:systemd.special(7)
Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog
DefaultDependencies=no
-Before=sockets.target shutdown.target
+Before=sockets.target
# Don't allow logging until the very end
Conflicts=shutdown.target
+Before=shutdown.target
+
+# Don't try to activate syslog.service if sysinit.target has failed.
+Conflicts=emergency.service
[Socket]
ListenDatagram=/run/systemd/journal/syslog

45
0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch Normal file
View File

@ -0,0 +1,45 @@
From 7533ad492b3c7e9fd3901ab948eb6a030761ce2f Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 11:45:03 +0100
Subject: [PATCH] units: add missing ordering deps for Conflicts= of
emergency.service
1. If we exited emergency mode immediately, we don't want to have an
irreversible stop job still running for syslog.socket. I _suspect_ that
can't happen, but let's not waste effort working out exactly why it's
impossible and not just very improbable.
2. Similarly, it seems undesirable to have rescue.service and
emergency.service both running with an open FD of /dev/console, for
however short a period.
(cherry picked from commit 6f6d1a8a6abae490e14e6a448895e36c6cefdefc)
---
units/emergency.service.in | 1 +
units/syslog.socket | 1 +
2 files changed, 2 insertions(+)
diff --git a/units/emergency.service.in b/units/emergency.service.in
index 8768fe137e..27c9a1c23e 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -12,6 +12,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
Conflicts=rescue.service
Before=shutdown.target
+Before=rescue.service
[Service]
Environment=HOME=/root
diff --git a/units/syslog.socket b/units/syslog.socket
index 372e8fcd45..43981904ea 100644
--- a/units/syslog.socket
+++ b/units/syslog.socket
@@ -18,6 +18,7 @@ Before=shutdown.target
# Don't try to activate syslog.service if sysinit.target has failed.
Conflicts=emergency.service
+Before=emergency.service
[Socket]
ListenDatagram=/run/systemd/journal/syslog

55
0082-units-add-missing-Before-shutdown.target-for-units-w.patch Normal file
View File

@ -0,0 +1,55 @@
From ae3540d2387f24f3620ac1cd03dc952df654264b Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 12:10:38 +0100
Subject: [PATCH] units: add missing Before=shutdown.target for units which it
Conflicts
There's a few services missing this ordering.
Also remove a duplicate Conflicts=shutdown.target from
systemd-volatile-root.service.
(cherry picked from commit 0b9ad5bf2ec09e963f706fdba498d99f29f97a54)
---
units/system-update-cleanup.service.in | 1 +
units/systemd-networkd-wait-online.service.in | 2 +-
units/systemd-volatile-root.service.in | 1 -
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/units/system-update-cleanup.service.in b/units/system-update-cleanup.service.in
index 116be8bc2d..dc524da7a3 100644
--- a/units/system-update-cleanup.service.in
+++ b/units/system-update-cleanup.service.in
@@ -11,6 +11,7 @@ Documentation=man:systemd.special(5) man:systemd.offline-updates(7)
After=system-update.target
DefaultDependencies=no
Conflicts=shutdown.target
+Before=shutdown.target
# system-update-generator uses laccess("/system-update"), while a plain
# ConditionPathExists=/system-update uses access("/system-update"), so
diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in
index a84e91906d..89ca865b55 100644
--- a/units/systemd-networkd-wait-online.service.in
+++ b/units/systemd-networkd-wait-online.service.in
@@ -12,7 +12,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
Requires=systemd-networkd.service
After=systemd-networkd.service
-Before=network-online.target
+Before=network-online.target shutdown.target
[Service]
Type=oneshot
diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in
index cc4e604e4c..c5a4ca3c27 100644
--- a/units/systemd-volatile-root.service.in
+++ b/units/systemd-volatile-root.service.in
@@ -12,7 +12,6 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=sysroot.mount
Before=initrd-root-fs.target shutdown.target
-Conflicts=shutdown.target
AssertPathExists=/etc/initrd-release
[Service]

26
0083-units-DefaultDependencies-already-implies-conflict-w.patch Normal file
View File

@ -0,0 +1,26 @@
From 0854289230b44c44e2c312f50be24c2c286dc90f Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Mon, 25 Sep 2017 12:46:32 +0100
Subject: [PATCH] units: DefaultDependencies already implies conflict with
shutdown.target
(and system-update.target does not have DefaultDependencies=no)
(cherry picked from commit 2d4b910383c6c14b3720e26cca11c223ad868d9d)
---
units/system-update.target | 2 --
1 file changed, 2 deletions(-)
diff --git a/units/system-update.target b/units/system-update.target
index 3542879706..b95639a876 100644
--- a/units/system-update.target
+++ b/units/system-update.target
@@ -10,8 +10,6 @@ Description=Offline System Update
Documentation=man:systemd.offline-updates(7)
Documentation=man:systemd.special(7) man:systemd-system-update-generator(8)
Requires=sysinit.target
-Conflicts=shutdown.target
After=sysinit.target
-Before=shutdown.target
AllowIsolate=yes
Wants=system-update-cleanup.service

26
0084-systemctl-supress-enable-disable-messages-when-q-is-.patch Normal file
View File

@ -0,0 +1,26 @@
From 2dcc7e34ae37e1a8f3af9ed91329b9cb9afd3e65 Mon Sep 17 00:00:00 2001
From: John Lin <johnlinp@gmail.com>
Date: Thu, 12 Oct 2017 02:22:51 +0800
Subject: [PATCH] systemctl: supress enable/disable messages when -q is given
(#7067)
Fixes: #7036
(cherry picked from commit 35d379b2e8b92388a73f245e5cfcaa7e7371e8a7)
(cherry picked from commit 6c5ff1d86e7e54f460599e92abbb4a5327e6a6db)
---
src/shared/bus-unit-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 5cbe663fa8..1e6cd05054 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -1071,7 +1071,7 @@ int bus_deserialize_and_dump_unit_file_changes(sd_bus_message *m, bool quiet, Un
if (r < 0)
return bus_log_parse_error(r);
- unit_file_dump_changes(0, NULL, *changes, *n_changes, false);
+ unit_file_dump_changes(0, NULL, *changes, *n_changes, quiet);
return 0;
}

64
0085-basic-env-util-drop-the-validation-when-deserializin.patch Normal file
View File

@ -0,0 +1,64 @@
From 91545520e9e0313302b1c1391a691e567f7b41dd Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 11 Oct 2017 09:29:30 +0200
Subject: [PATCH] basic/env-util: drop the validation when deserializing
environment
The environment variables we've serialized can quite possibly contain
characters outside the set allowed by env_assignment_is_valid(). In
fact, my environment seems to contain a couple of these:
* TERMCAP set by screen contains a '\x7f' character
* BASH_FUNC_module%% variable has a '%' character in name
Strict check of environment variables name and value certainly makes sense for
unit files, but not so much for deserialization of values we already had
in our environment.
(cherry picked from commit ea43bdd1d7c14e3695a4cc081e4ef4f964160dc1)
(cherry picked from commit cdc2ef6ba88210264f00997e7c99b7f3339c629e)
---
src/basic/env-util.c | 5 -----
src/test/test-env-util.c | 5 +++--
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
index 56e7b6fd8c..7c271973a3 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -799,10 +799,5 @@ int deserialize_environment(char ***environment, const char *line) {
if (r < 0)
return r;
- if (!env_assignment_is_valid(uce)) {
- free(uce);
- return -EINVAL;
- }
-
return strv_env_replace(environment, uce);
}
diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c
index 3a2492dc6f..b14d62760f 100644
--- a/src/test/test-env-util.c
+++ b/src/test/test-env-util.c
@@ -319,10 +319,10 @@ static void test_env_assignment_is_valid(void) {
static void test_deserialize_environment(void) {
_cleanup_strv_free_ char **env = strv_new("A=1", NULL);
- assert_se(deserialize_environment(&env, "env=test") < 0);
assert_se(deserialize_environment(&env, "env=B=2") >= 0);
+ assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0);
- assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2")));
+ assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e")));
}
static void test_serialize_environment(void) {
@@ -334,6 +334,7 @@ static void test_serialize_environment(void) {
"B=2",
"C=ąęółń",
"D=D=a\\x0Ab",
+ "FOO%%=a\177b\nc\td e",
NULL);
_cleanup_strv_free_ char **env2 = NULL;

42
0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch Normal file
View File

@ -0,0 +1,42 @@
From 24ee53d5b566b12c8c5be026b55bb8e48c1ca19f Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 11 Oct 2017 15:05:38 +0200
Subject: [PATCH] basic/env-util: don't relax unesaping of serialized
environment strings
We wrote them ourselves -- they shouldn't contain invalid sequences.
(cherry picked from commit c7d797bbdfaccd950988698823e17103f418a3c5)
(cherry picked from commit 1ff2852a188de9235a293a347683c4c012708fe8)
---
src/basic/env-util.c | 2 +-
src/test/test-env-util.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
index 7c271973a3..f629a1fc37 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -795,7 +795,7 @@ int deserialize_environment(char ***environment, const char *line) {
assert(environment);
assert(startswith(line, "env="));
- r = cunescape(line + 4, UNESCAPE_RELAX, &uce);
+ r = cunescape(line + 4, 0, &uce);
if (r < 0)
return r;
diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c
index b14d62760f..a76f691b79 100644
--- a/src/test/test-env-util.c
+++ b/src/test/test-env-util.c
@@ -323,6 +323,9 @@ static void test_deserialize_environment(void) {
assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0);
assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e")));
+
+ assert_se(deserialize_environment(&env, "env=foo\\") < 0);
+ assert_se(deserialize_environment(&env, "env=bar\\_baz") < 0);
}
static void test_serialize_environment(void) {

34
0087-networkd-Consider-linkLocalAddressing-state-while-co.patch Normal file
View File

@ -0,0 +1,34 @@
From ee8f87bc3433035652b053211b44c485eb81d72b Mon Sep 17 00:00:00 2001
From: Susant Sahani <145210+ssahani@users.noreply.github.com>
Date: Wed, 18 Oct 2017 14:42:59 +0530
Subject: [PATCH] networkd: Consider linkLocalAddressing state while
configuring ndisc. (#7012)
If linkLocalAddressing is disabled in for the interface still then
we look for ndisc configured or not in link_check_ready.
Link local is used automatic address configuration and neighbor discovery protocol.
If link local is disabled we should not configure ndisc.
Fixes #2713, #6441, #5841.
(cherry picked from commit 702c979fefc6d3e69c5982b8469ec8a47792d62f)
(cherry picked from commit 610f5ddb3c4ae3b08ddb1334bbdcbcf7799f091f)
---
src/network/networkd-link.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 4c57fa1793..d8b13be381 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -225,6 +225,9 @@ static bool link_ipv6_accept_ra_enabled(Link *link) {
if (!link->network)
return false;
+ if (!link_ipv6ll_enabled(link))
+ return false;
+
/* If unset use system default (enabled if local forwarding is disabled.
* disabled if local forwarding is enabled).
* If set, ignore or enforce RA independent of local forwarding state.

38
0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch Normal file
View File

@ -0,0 +1,38 @@
From ace9b102d1977c7776cb185f29aa6b6814897939 Mon Sep 17 00:00:00 2001
From: Susant Sahani <145210+ssahani@users.noreply.github.com>
Date: Wed, 18 Oct 2017 16:08:56 +0530
Subject: [PATCH] networkd: don't stop the dhcp server if it's not configured.
(#7083)
we call sd_dhcp_server_stop even if it's not configured when link is
down resulting unwanted logs.
```
Oct 10 13:41:07 nena systemd-networkd[126]: eth0: Lost carrier
Oct 10 13:41:07 nena systemd-networkd[126]: DHCP CLIENT (0x560f2dc5): STOPPED
Oct 10 13:41:07 nena systemd-networkd[126]: eth0: DHCP lease lost
Oct 10 13:41:07 nena systemd-networkd[126]: NDISC: Stopping IPv6 Router Solicitation client
Oct 10 13:41:07 nena systemd-networkd[126]: Assertion 'server' failed at ../src/libsystemd-network/sd-dhcp-server.c:256, function sd_dhcp_server_stop(). Ignoring.
```
fixes #7047
(cherry picked from commit 28464ae0e21e7b9dfea7b733f9470091b2480a9a)
(cherry picked from commit 14d3f593b115fb46361e5dab4de0bead8451ca27)
---
src/network/networkd-link.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index d8b13be381..fd6106c13d 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -3063,7 +3063,8 @@ static int link_carrier_lost(Link *link) {
return r;
}
- (void) sd_dhcp_server_stop(link->dhcp_server);
+ if (link_dhcp4_server_enabled(link))
+ (void) sd_dhcp_server_stop(link->dhcp_server);
r = link_drop_config(link);
if (r < 0)

32
0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch Normal file
View File

@ -0,0 +1,32 @@
From 02b8ffe180bc10370a172e8272499648f396fed7 Mon Sep 17 00:00:00 2001
From: myrkr <torsten.hilbrich@gmx.net>
Date: Tue, 24 Oct 2017 09:56:40 +0200
Subject: [PATCH] nspawn: Fix calculation of capabilities for configuration
file (#7087)
The current code shifting an integer 1 failed for capabilities like
CAP_MAC_ADMIN (numerical value 33). This caused issues when specifying
them in the nspawn configuration file. Using an uint64_t 1 instead.
The similar code for processing the --capability command line option
was already correctly working.
(cherry picked from commit 1898e5f9a37d1a50f8c0bd1147abe11c3d38a16b)
(cherry picked from commit b4c63693634d3a56a1afe22dd59c63a7e8fe99f8)
---
src/nspawn/nspawn-settings.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
index 5217d10665..19bc8ba4b8 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -200,7 +200,7 @@ int config_parse_capability(
continue;
}
- u |= 1 << ((uint64_t) cap);
+ u |= UINT64_C(1) << cap;
}
if (u == 0)

120
0090-timedatectl-stop-using-xstrftime.patch Normal file
View File

@ -0,0 +1,120 @@
From f720fbe4564bb322847a34a930e124bab2aac8b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Oct 2017 16:15:09 +0200
Subject: [PATCH] timedatectl: stop using xstrftime
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When using strftime in arbitrary locales, we cannot really say how big the
buffer should be. Let's make the buffer "large", which will work fine pretty
much always, and just print n/a if the timestamp does not fit. strftime returns
0 if the buffer is too small and a NUL-terminated string otherwise, so we
can drop the size specifications in string formatting.
$ export LANG=fa_IR.UTF-8
$ date
چهارشنبه ۱۸ اكتبر ۱۷، ساعت ۱۰:۵۴:۲۴ (+0330)
$ timedatectl
Assertion 'xstrftime: a[] must be big enough' failed at ../src/timedate/timedatectl.c:105, function print_status_info(). Aborting.
now:
$ timedatectl
Local time: چهارشنبه 2017-10-18 16:29:40 CEST
Universal time: چهارشنبه 2017-10-18 14:29:40 UTC
RTC time: چهارشنبه 2017-10-18 14:29:40
https://bugzilla.redhat.com/show_bug.cgi?id=1503452
(cherry picked from commit 14ce0c25c28ba58e80084e28b4f23884199900e4)
(cherry picked from commit b3e823e43c45b6233405d62e5f095c11130e638f)
---
src/basic/time-util.h | 4 ----
src/timedate/timedatectl.c | 27 ++++++++++++++-------------
2 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/src/basic/time-util.h b/src/basic/time-util.h
index 3b7f0e99c0..73f7e40066 100644
--- a/src/basic/time-util.h
+++ b/src/basic/time-util.h
@@ -148,10 +148,6 @@ clockid_t clock_boottime_or_monotonic(void);
usec_t usec_shift_clock(usec_t, clockid_t from, clockid_t to);
-#define xstrftime(buf, fmt, tm) \
- assert_message_se(strftime(buf, ELEMENTSOF(buf), fmt, tm) > 0, \
- "xstrftime: " #buf "[] must be big enough")
-
int get_timezone(char **timezone);
time_t mktime_or_timegm(struct tm *tm, bool utc);
diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
index 281b1534a3..2a011208ce 100644
--- a/src/timedate/timedatectl.c
+++ b/src/timedate/timedatectl.c
@@ -72,12 +72,13 @@ static void status_info_clear(StatusInfo *info) {
}
static void print_status_info(const StatusInfo *i) {
- char a[FORMAT_TIMESTAMP_MAX];
+ char a[LINE_MAX];
struct tm tm;
time_t sec;
bool have_time = false;
const char *old_tz = NULL, *tz;
int r;
+ size_t n;
assert(i);
@@ -102,11 +103,11 @@ static void print_status_info(const StatusInfo *i) {
log_warning("Could not get time from timedated and not operating locally, ignoring.");
if (have_time) {
- xstrftime(a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm));
- printf(" Local time: %.*s\n", (int) sizeof(a), a);
+ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm));
+ printf(" Local time: %s\n", n > 0 ? a : "n/a");
- xstrftime(a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm));
- printf(" Universal time: %.*s\n", (int) sizeof(a), a);
+ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm));
+ printf(" Universal time: %s\n", n > 0 ? a : "n/a");
} else {
printf(" Local time: %s\n", "n/a");
printf(" Universal time: %s\n", "n/a");
@@ -116,13 +117,13 @@ static void print_status_info(const StatusInfo *i) {
time_t rtc_sec;
rtc_sec = (time_t) (i->rtc_time / USEC_PER_SEC);
- xstrftime(a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm));
- printf(" RTC time: %.*s\n", (int) sizeof(a), a);
+ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm));
+ printf(" RTC time: %s\n", n > 0 ? a : "n/a");
} else
printf(" RTC time: %s\n", "n/a");
if (have_time)
- xstrftime(a, "%Z, %z", localtime_r(&sec, &tm));
+ n = strftime(a, sizeof a, "%Z, %z", localtime_r(&sec, &tm));
/* Restore the $TZ */
if (old_tz)
@@ -134,11 +135,11 @@ static void print_status_info(const StatusInfo *i) {
else
tzset();
- printf(" Time zone: %s (%.*s)\n"
- " Network time on: %s\n"
- "NTP synchronized: %s\n"
- " RTC in local TZ: %s\n",
- strna(i->timezone), (int) sizeof(a), have_time ? a : "n/a",
+ printf(" Time zone: %s (%s)\n"
+ " System clock synchronized: %s\n"
+ "systemd-timesyncd.service active: %s\n"
+ " RTC in local TZ: %s\n",
+ strna(i->timezone), have_time && n > 0 ? a : "n/a",
i->ntp_capable ? yes_no(i->ntp_enabled) : "n/a",
yes_no(i->ntp_synced),
yes_no(i->rtc_local));

38
0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch Normal file
View File

@ -0,0 +1,38 @@
From d6ac00972a031eda491a354bf3e2a6c9a7f2b553 Mon Sep 17 00:00:00 2001
From: Lauri Tirkkonen <lotheac@iki.fi>
Date: Tue, 24 Oct 2017 20:40:50 +0300
Subject: [PATCH] nspawn: EROFS for chowning mount points is not fatal (#7122)
This fixes --read-only with --private-users. mkdir_userns_p may return
-EROFS if either mkdir or lchown fails; lchown failing is fine as the
mount point will just be overmounted, and if mkdir fails then the
following mount() will also fail (with ENOENT).
(cherry picked from commit 4f13e534282414b5e58ef31a26cc5c3f06f8cb18)
(cherry picked from commit 1b7014dfc1584d1f3b10eb91c4f22e0deaca999d)
---
src/nspawn/nspawn-mount.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index ac7290732e..3d2151a06a 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -601,11 +601,15 @@ int mount_all(const char *dest,
r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift);
if (r < 0 && r != -EEXIST) {
- if (fatal)
+ if (fatal && r != -EROFS)
return log_error_errno(r, "Failed to create directory %s: %m", where);
log_debug_errno(r, "Failed to create directory %s: %m", where);
- continue;
+ /* If we failed mkdir() or chown() due to the root
+ * directory being read only, attempt to mount this fs
+ * anyway and let mount_verbose log any errors */
+ if (r != -EROFS)
+ continue;
}
o = mount_table[k].options;

38
0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch Normal file
View File

@ -0,0 +1,38 @@
From 1e20ca63e06337b95f4b0deedc062511d2ff31cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 25 Oct 2017 11:19:19 +0200
Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62)
(cherry picked from commit 743b771c559c6101544f7358a42c8c519fe4b0db)
---
src/resolve/resolved-dns-packet.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 49a04615d4..1165940e0d 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1503,7 +1503,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
found = true;
- while (bitmask) {
+ for (; bitmask; bit++, bitmask >>= 1)
if (bitmap[i] & bitmask) {
uint16_t n;
@@ -1517,10 +1517,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
if (r < 0)
return r;
}
-
- bit++;
- bitmask >>= 1;
- }
}
if (!found)

143
0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch Normal file
View File

@ -0,0 +1,143 @@
From ea8cb69ee23cd67ef45ca34f1b192c9adb5fa878 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 9 Jul 2017 23:31:47 -0400
Subject: [PATCH] cryptsetup-generator: add a helper utility to create symlinks
It seems that there's a common pattern among the various generators. Let's add
a helper function for it and make use of it in cryptsetup-generator.
This fixes a bunch of theoretical memleaks in error paths, since *to wasn't
generally freed properly. Not thath it matters.
(cherry picked from commit b559616f2321643c5194b474d39a722cefaf6059)
---
src/cryptsetup/cryptsetup-generator.c | 53 ++++++++++-------------------------
src/shared/generator.c | 15 ++++++++++
src/shared/generator.h | 2 ++
3 files changed, 32 insertions(+), 38 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index afc5d7cf49..4edf709c3e 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -58,11 +58,11 @@ static int create_disk(
const char *password,
const char *options) {
- _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
+ _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *e = NULL,
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
+ const char *dmname;
bool noauto, nofail, tmp, swap;
- char *from;
int r;
assert(name);
@@ -120,7 +120,7 @@ static int create_disk(
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
fputs("After=systemd-random-seed.service\n", f);
- else if (!streq(password, "-") && !streq(password, "none")) {
+ else if (!STR_IN_SET(password, "-", "none")) {
_cleanup_free_ char *uu;
uu = fstab_node_to_udev_node(password);
@@ -186,46 +186,23 @@ static int create_disk(
if (r < 0)
return log_error_errno(r, "Failed to write file %s: %m", p);
- from = strjoina("../", n);
-
if (!noauto) {
-
- to = strjoin(arg_dest, "/", d, ".wants/", n);
- if (!to)
- return log_oom();
-
- mkdir_parents_label(to, 0755);
- if (symlink(from, to) < 0)
- return log_error_errno(errno, "Failed to create symlink %s: %m", to);
-
- free(to);
- if (!nofail)
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
- else
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
- if (!to)
- return log_oom();
-
- mkdir_parents_label(to, 0755);
- if (symlink(from, to) < 0)
- return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+ r = generator_add_symlink(arg_dest, d, "wants", n);
+ if (r < 0)
+ return r;
+
+ r = generator_add_symlink(arg_dest, "cryptsetup.target",
+ nofail ? "wants" : "requires", n);
+ if (r < 0)
+ return r;
}
- free(to);
- to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n);
- if (!to)
- return log_oom();
-
- mkdir_parents_label(to, 0755);
- if (symlink(from, to) < 0)
- return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+ dmname = strjoina("dev-mapper-", e, ".device");
+ r = generator_add_symlink(arg_dest, dmname, "requires", n);
+ if (r < 0)
+ return r;
if (!noauto && !nofail) {
- _cleanup_free_ char *dmname;
- dmname = strjoin("dev-mapper-", e, ".device");
- if (!dmname)
- return log_oom();
-
r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
"# Automatically generated by systemd-cryptsetup-generator \n\n"
"[Unit]\nJobTimeoutSec=0");
diff --git a/src/shared/generator.c b/src/shared/generator.c
index 6a887e3aad..325fe9fcbf 100644
--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@@ -37,6 +37,21 @@
#include "unit-name.h"
#include "util.h"
+int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src) {
+ /* Adds a symlink from <dst>.<dep_type>.d/ to ../<src> */
+
+ const char *from, *to;
+
+ from = strjoina("../", src);
+ to = strjoina(root, "/", dst, ".", dep_type, "/", src);
+
+ mkdir_parents_label(to, 0755);
+ if (symlink(from, to) < 0)
+ return log_error_errno(errno, "Failed to create symlink \"%s\": %m", to);
+
+ return 0;
+}
+
static int write_fsck_sysroot_service(const char *dir, const char *what) {
_cleanup_free_ char *device = NULL, *escaped = NULL;
_cleanup_fclose_ FILE *f = NULL;
diff --git a/src/shared/generator.h b/src/shared/generator.h
index 825d934c8e..e70016839f 100644
--- a/src/shared/generator.h
+++ b/src/shared/generator.h
@@ -21,6 +21,8 @@
#include <stdio.h>
+int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src);
+
int generator_write_fsck_deps(
FILE *f,
const char *dir,

24
0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch Normal file
View File

@ -0,0 +1,24 @@
From c55ccd92b9503bc074e6ffb07925f09024e9949d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 09:14:51 +0200
Subject: [PATCH] units: order cryptsetup-pre.target before cryptsetup.target
Normally this happens automatically, but if it happened that both targets were
pulled in, even though there were no cryptsetup units, they could be started
in reverse order, which would be somewhat confusing. Add an explicit ordering
to avoid this potential issue.
(cherry picked from commit 947d21171bdd8375db6482bc7d758d74b27f7dd4)
---
units/cryptsetup-pre.target | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 65353419fc..42e35dd4e4 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -9,3 +9,4 @@
Description=Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
+Before=cryptsetup.target

138
0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch Normal file
View File

@ -0,0 +1,138 @@
From ca24b1e7731260a972af22387aad16e506dc1826 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 10:15:13 +0200
Subject: [PATCH] units: add remote-cryptsetup.target and
remote-cryptsetup-pre.target
The pair is similar to remote-fs.target and remote-fs-pre.target. Any
cryptsetup devices which require network shall be ordered after
remote-cryptsetup-pre.target and before remote-cryptsetup.target.
(cherry picked from commit 889128b8b27abb13e1691a72e4ce0562c564e257)
---
man/systemd.special.xml | 23 +++++++++++++++++++++++
units/cryptsetup-pre.target | 2 +-
units/cryptsetup.target | 2 +-
units/meson.build | 3 +++
units/remote-cryptsetup-pre.target | 15 +++++++++++++++
units/remote-cryptsetup.target | 10 ++++++++++
6 files changed, 53 insertions(+), 2 deletions(-)
create mode 100644 units/remote-cryptsetup-pre.target
create mode 100644 units/remote-cryptsetup.target
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 66c45e39a3..7107b8a920 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,6 +81,8 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
+ <filename>remote-cryptsetup-pre.target</filename>,
+ <filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
<filename>rescue.target</filename>,
@@ -450,6 +452,27 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is automatically ordered before all cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to execute additional
+ units before such devices are set up.</para>
+
+ <para>It is ordered after <filename>network.target</filename> and
+ <filename>network-online.target</filename>, and also pulls the latter in as a
+ <varname>Wants=</varname> dependency.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup.target</filename></term>
+ <listitem>
+ <para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
+ devices which are accessed over the network. It is used for
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ entries marked with <option>_netdev</option>.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><filename>remote-fs.target</filename></term>
<listitem>
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 42e35dd4e4..6cb28a61ae 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes (Pre)
+Description=Local Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
Before=cryptsetup.target
diff --git a/units/cryptsetup.target b/units/cryptsetup.target
index 25d3e33f6a..10b17fd387 100644
--- a/units/cryptsetup.target
+++ b/units/cryptsetup.target
@@ -6,5 +6,5 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes
+Description=Local Encrypted Volumes
Documentation=man:systemd.special(7)
diff --git a/units/meson.build b/units/meson.build
index e94add6a6f..e6351c7a2e 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,6 +47,9 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
['remote-fs.target', '',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
new file mode 100644
index 0000000000..a375e61889
--- /dev/null
+++ b/units/remote-cryptsetup-pre.target
@@ -0,0 +1,15 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
+Before=remote-cryptsetup.target
+
+After=network.target network-online.target
+Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
new file mode 100644
index 0000000000..60943bd1cb
--- /dev/null
+++ b/units/remote-cryptsetup.target
@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes
+Documentation=man:systemd.special(7)

106
0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch Normal file
View File

@ -0,0 +1,106 @@
From 8f21747f369f6d88768d1409d95527c60f2cd7c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 11:30:33 +0200
Subject: [PATCH] cryptsetup-generator: use remote-cryptsetup.target when
_netdev is present
This allows such devices to depend on the network. Their startup will
be delayed similarly to network mount units.
Fixes #4642.
(cherry picked from commit b001ad61e91b6499897f0c977045c7608c233bfa)
---
man/crypttab.xml | 13 +++++++++++++
src/cryptsetup/cryptsetup-generator.c | 30 +++++++++++++++++-------------
2 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 17976f3704..162377ebc1 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -213,6 +213,19 @@
<option>size=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>_netdev</option></term>
+
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
+ started after the network is available, similarly to
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ units marked with <option>_netdev</option>. The service unit to set up this device
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ <filename>remote-cryptsetup.target</filename>, instead of
+ <filename>cryptsetup-pre.target</filename> and
+ <filename>cryptsetup.target</filename>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>noauto</option></term>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 4edf709c3e..962d712639 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -62,7 +62,7 @@ static int create_disk(
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
const char *dmname;
- bool noauto, nofail, tmp, swap;
+ bool noauto, nofail, tmp, swap, netdev;
int r;
assert(name);
@@ -72,6 +72,7 @@ static int create_disk(
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
tmp = fstab_test_option(options, "tmp\0");
swap = fstab_test_option(options, "swap\0");
+ netdev = fstab_test_option(options, "_netdev\0");
if (tmp && swap) {
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
@@ -102,20 +103,22 @@ static int create_disk(
if (!f)
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
- "[Unit]\n"
- "Description=Cryptography Setup for %I\n"
- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
- "SourcePath=/etc/crypttab\n"
- "DefaultDependencies=no\n"
- "Conflicts=umount.target\n"
- "IgnoreOnIsolate=true\n"
- "After=cryptsetup-pre.target\n",
- f);
+ fprintf(f,
+ "# Automatically generated by systemd-cryptsetup-generator\n\n"
+ "[Unit]\n"
+ "Description=Cryptography Setup for %%I\n"
+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
+ "SourcePath=/etc/crypttab\n"
+ "DefaultDependencies=no\n"
+ "Conflicts=umount.target\n"
+ "IgnoreOnIsolate=true\n"
+ "After=%s\n",
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
- "Before=cryptsetup.target\n");
+ "Before=%s\n",
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
@@ -191,7 +194,8 @@ static int create_disk(
if (r < 0)
return r;
- r = generator_add_symlink(arg_dest, "cryptsetup.target",
+ r = generator_add_symlink(arg_dest,
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target",
nofail ? "wants" : "requires", n);
if (r < 0)
return r;

44
0097-units-add-Install-section-to-remote-cryptsetup.targe.patch Normal file
View File

@ -0,0 +1,44 @@
From e937bdf0271e664ede61fafd74f8487334745d01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Oct 2017 22:13:03 +0200
Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target
This makes this target the same as remote-fs.target in this regard. In practice
it probably doesn't make that much difference, because all encrypted devices
that are part of remote-fs.target (marked with _netdev) will be used for mount
points, so they will be pulled in anyway individually, but with this change any
such device will be configured, even if it is not pulled by any other unit.
(cherry picked from commit 8f462b074eb9830d6d5029f70c9010ce50e68357)
(cherry picked from commit eaaa52cc40bc7f94762ca622d4bd3e9440ccee90)
---
system-preset/90-systemd.preset | 1 +
units/remote-cryptsetup.target | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset
index 3ba4bb760d..98bc4c3c55 100644
--- a/system-preset/90-systemd.preset
+++ b/system-preset/90-systemd.preset
@@ -9,6 +9,7 @@
# generally follow a default-off policy.
enable remote-fs.target
+enable remote-cryptsetup.target
enable machines.target
enable getty@.service
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index 60943bd1cb..c306d521f7 100644
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,3 +8,9 @@
[Unit]
Description=Remote Encrypted Volumes
Documentation=man:systemd.special(7)
+After=remote-cryptsetup-pre.target
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Install]
+WantedBy=multi-user.target

150
0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch Normal file
View File

@ -0,0 +1,150 @@
From e4340effce763b111fc14a64f759beef6ed3a276 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Oct 2017 22:34:54 +0200
Subject: [PATCH] units: replace remote-cryptsetup-pre.target with
remote-fs-pre.target
remote-cryptsetup-pre.target was designed as an active unit (that pulls in
network-online.target), the opposite of remote-fs-pre.target (a passive unit,
with individual provider services ordering itself before it and pulling it in,
for example iscsi.service and nfs-client.target).
To make remote-cryptsetup-pre.target really work, those services should be
ordered before it too. But this would require updates to all those services,
not just changes from systemd side.
But the requirements for remote-fs-pre.target and remote-cryptset-pre.target
are fairly similar (e.g. iscsi devices can certainly be used for both), so
let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses
a bit of flexibility, but does away with the requirement for various provider
services to know about remote-cryptsetup-pre.target.
(cherry picked from commit a0dd209763f9e67054ee322a2dfd52bccf345c2e)
(cherry picked from commit c5e8935962eadc9e901f4fe13e187aaaad487142)
---
man/crypttab.xml | 2 +-
man/systemd.special.xml | 20 ++++----------------
src/cryptsetup/cryptsetup-generator.c | 2 +-
units/meson.build | 1 -
units/remote-cryptsetup-pre.target | 15 ---------------
units/remote-cryptsetup.target | 2 +-
6 files changed, 7 insertions(+), 35 deletions(-)
delete mode 100644 units/remote-cryptsetup-pre.target
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 162377ebc1..239bbfa87d 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -220,7 +220,7 @@
started after the network is available, similarly to
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
units marked with <option>_netdev</option>. The service unit to set up this device
- will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ will be ordered between <filename>remote-fs-pre.target</filename> and
<filename>remote-cryptsetup.target</filename>, instead of
<filename>cryptsetup-pre.target</filename> and
<filename>cryptsetup.target</filename>.</para></listitem>
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 7107b8a920..145848dbc5 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,7 +81,6 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
- <filename>remote-cryptsetup-pre.target</filename>,
<filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
@@ -452,18 +451,6 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><filename>remote-cryptsetup-pre.target</filename></term>
- <listitem>
- <para>This target unit is automatically ordered before all cryptsetup devices
- marked with the <option>_netdev</option>. It can be used to execute additional
- units before such devices are set up.</para>
-
- <para>It is ordered after <filename>network.target</filename> and
- <filename>network-online.target</filename>, and also pulls the latter in as a
- <varname>Wants=</varname> dependency.</para>
- </listitem>
- </varlistentry>
<varlistentry>
<term><filename>remote-cryptsetup.target</filename></term>
<listitem>
@@ -864,9 +851,10 @@
<term><filename>remote-fs-pre.target</filename></term>
<listitem>
<para>This target unit is automatically ordered before all
- remote mount point units (see above). It can be used to run
- certain units before the remote mounts are established. Note
- that this unit is generally not part of the initial
+ mount point units (see above) and cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to run
+ certain units before remote encrypted devices and mounts are established.
+ Note that this unit is generally not part of the initial
transaction, unless the unit that wants to be ordered before
all remote mounts pulls it in via a
<varname>Wants=</varname> type dependency. If the unit wants
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 962d712639..4d68710c1d 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -113,7 +113,7 @@ static int create_disk(
"Conflicts=umount.target\n"
"IgnoreOnIsolate=true\n"
"After=%s\n",
- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
+ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
diff --git a/units/meson.build b/units/meson.build
index e6351c7a2e..d85cc491c9 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,7 +47,6 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
- ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
deleted file mode 100644
index a375e61889..0000000000
--- a/units/remote-cryptsetup-pre.target
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-[Unit]
-Description=Remote Encrypted Volumes (Pre)
-Documentation=man:systemd.special(7)
-RefuseManualStart=yes
-Before=remote-cryptsetup.target
-
-After=network.target network-online.target
-Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index c306d521f7..d485b06726 100644
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,7 +8,7 @@
[Unit]
Description=Remote Encrypted Volumes
Documentation=man:systemd.special(7)
-After=remote-cryptsetup-pre.target
+After=remote-fs-pre.target
DefaultDependencies=no
Conflicts=shutdown.target

41
0099-man-add-a-note-about-_netdev-usage.patch Normal file
View File

@ -0,0 +1,41 @@
From 3557377795afb0410c703707633dd5ad589fdd11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Oct 2017 22:43:58 +0200
Subject: [PATCH] man: add a note about _netdev usage
(cherry picked from commit 288c26165e0ff71857394f360f42432bc808556f)
(cherry picked from commit 51f2176d0df1088407afbadc138aeaa9dbe017e8)
---
man/crypttab.xml | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 239bbfa87d..88f8909a60 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -223,7 +223,16 @@
will be ordered between <filename>remote-fs-pre.target</filename> and
<filename>remote-cryptsetup.target</filename>, instead of
<filename>cryptsetup-pre.target</filename> and
- <filename>cryptsetup.target</filename>.</para></listitem>
+ <filename>cryptsetup.target</filename>.</para>
+
+ <para>Hint: if this device is used for a mount point that is specified in
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ the <option>_netdev</option> option should also be used for the mount
+ point. Otherwise, a dependency loop might be created where the mount point
+ will be pulled in by <filename>local-fs.target</filename>, while the
+ service to configure the network is usually only started <emphasis>after</emphasis>
+ the local file system has been mounted.</para>
+ </listitem>
</varlistentry>
<varlistentry>
@@ -431,6 +440,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>

28
0100-units-make-remote-cryptsetup.target-also-after-crypt.patch Normal file
View File

@ -0,0 +1,28 @@
From a33807a581643c73377d3ef476979bf1d53ccf08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Oct 2017 15:14:46 +0200
Subject: [PATCH] units: make remote-cryptsetup.target also after
cryptsetup-pre.target
This way people can order units before cryptsetup-pre.target and
have them run before any cryptsetup-related stuff.
(cherry picked from commit a0e030f53bad355be1084a0475eb30aae20e3e43)
(cherry picked from commit d56bbe6540ed5075ab6c2845c63d08c12499e46d)
---
units/remote-cryptsetup.target | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index d485b06726..ac4e1b71db 100644
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,7 +8,7 @@
[Unit]
Description=Remote Encrypted Volumes
Documentation=man:systemd.special(7)
-After=remote-fs-pre.target
+After=remote-fs-pre.target cryptsetup-pre.target
DefaultDependencies=no
Conflicts=shutdown.target

123
0101-man-describe-how-machine-id-should-be-initialized-70.patch Normal file
View File

@ -0,0 +1,123 @@
From 3a5ffde6675f952785d39593bb5038e8f827b22d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Oct 2017 18:47:34 +0200
Subject: [PATCH] man: describe how machine-id should be initialized (#7051)
(cherry picked from commit 74a79c657e17fc43172a59f1f158d4a26aec2be1)
(cherry picked from commit 07ba9da0bc0d4e3309e766d3734ac56683d3298d)
---
man/machine-id.xml | 90 +++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 69 insertions(+), 21 deletions(-)
diff --git a/man/machine-id.xml b/man/machine-id.xml
index 3c261bffcc..e434c89de9 100644
--- a/man/machine-id.xml
+++ b/man/machine-id.xml
@@ -53,18 +53,26 @@
<refsect1>
<title>Description</title>
- <para>The <filename>/etc/machine-id</filename> file contains the unique machine ID of the local
- system that is set during installation. The machine ID is a single newline-terminated,
- hexadecimal, 32-character, lowercase ID. When decoded from hexadecimal, this corresponds to a
- 16-byte/128-bit value.</para>
+ <para>The <filename>/etc/machine-id</filename> file contains the unique machine ID of
+ the local system that is set during installation or boot. The machine ID is a single
+ newline-terminated, hexadecimal, 32-character, lowercase ID. When decoded from
+ hexadecimal, this corresponds to a 16-byte/128-bit value. This ID may not be all
+ zeros.</para>
- <para>The machine ID is usually generated from a random source
- during system installation and stays constant for all subsequent
- boots. Optionally, for stateless systems, it is generated during
- runtime at early boot if it is found to be empty.</para>
+ <para>The machine ID is usually generated from a random source during system
+ installation or first boot and stays constant for all subsequent boots. Optionally,
+ for stateless systems, it is generated during runtime during early boot if necessary.
+ </para>
- <para>The machine ID does not change based on local or network configuration or when hardware is
- replaced. Due to this and its greater length, it is a more useful replacement for the
+ <para>The machine ID may be set, for example when network booting, with the
+ <varname>systemd.machine_id=</varname> kernel command line parameter or by passing the
+ option <option>--machine-id=</option> to systemd. An ID is specified in this manner
+ has higher priority and will be used instead of the ID stored in
+ <filename>/etc/machine-id</filename>.</para>
+
+ <para>The machine ID does not change based on local or network configuration or when
+ hardware is replaced. Due to this and its greater length, it is a more useful
+ replacement for the
<citerefentry project='man-pages'><refentrytitle>gethostid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call that POSIX specifies.</para>
@@ -79,19 +87,59 @@
the original machine ID from the application-specific one. The
<citerefentry><refentrytitle>sd_id128_get_machine_app_specific</refentrytitle><manvolnum>3</manvolnum></citerefentry>
API provides an implementation of such an algorithm.</para>
+ </refsect1>
- <para>The
+ <refsect1>
+ <title>Initialization</title>
+
+ <para>Each machine should have a non-empty ID in normal operation. The ID of each
+ machine should be unique. To achive those objectives,
+ <filename>/etc/machine-id</filename> can be initialized in a few different ways.
+ </para>
+
+ <para>For normal operating system installations, where a custom image is created for a
+ specific machine, <filename>/etc/machine-id</filename> should be populated during
+ installation.</para>
+
+ <para>
<citerefentry><refentrytitle>systemd-machine-id-setup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- tool may be used by installer tools to initialize the machine ID
- at install time. Use
- <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- to initialize it on mounted (but not booted) system images.</para>
-
- <para>The machine-id may also be set, for example when network
- booting, by setting the <varname>systemd.machine_id=</varname>
- kernel command line parameter or passing the option
- <option>--machine-id=</option> to systemd. A machine-id may not
- be set to all zeros.</para>
+ may be used by installer tools to initialize the machine ID at install time, but
+ <filename>/etc/machine-id</filename> may also be written using any other means.
+ </para>
+
+ <para>For operating system images which are created once and used on multiple
+ machines, for example for containers or in the cloud,
+ <filename>/etc/machine-id</filename> should be an empty file in the generic file
+ system image. An ID will be generated during boot and saved to this file if
+ possible. Having an empty file in place is useful because it allows a temporary file
+ to be bind-mounted over the real file, in case the image is used read-only.</para>
+
+ <para><citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ may be used to to initialize <filename>/etc/machine-id</filename> on mounted (but not
+ booted) system images.</para>
+
+ <para>When a machine is booted with
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ the ID of the machine will be established. If <varname>systemd.machine_id=</varname>
+ or <option>--machine-id=</option> options (see first section) are specified, this
+ value will be used. Otherwise, the value in <filename>/etc/machine-id</filename> will
+ be used. If this file is empty or missing, <filename>systemd</filename> will attempt
+ to use the D-Bus machine ID from <filename>/var/lib/dbus/machine-id</filename>, the
+ value of the kernel command line option <varname>container_uuid</varname>, the KVM DMI
+ <filename>product_uuid</filename> (on KVM systems), and finally a randomly generated
+ UUID.</para>
+
+ <para>After the machine ID is established,
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ will attempt to save it to <filename>/etc/machine-id</filename>. If this fails, it
+ will attempt to bind-mount a temporary file over <filename>/etc/machine-id</filename>.
+ It is an error if the file system is read-only and does not contain a (possibly empty)
+ <filename>/etc/machine-id</filename> file.</para>
+
+ <para><citerefentry><refentrytitle>systemd-machine-id-commit.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ will attempt to write the machine ID to the file system if
+ <filename>/etc/machine-id</filename> or <filename>/etc</filename> are read-only during
+ early boot but become writable later on.</para>
</refsect1>
<refsect1>

280
0999-netdev-crypttab.patch
View File

@ -1,280 +0,0 @@
From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 09:14:51 +0200
Subject: [PATCH 1/3] units: order cryptsetup-pre.target before
cryptsetup.target
Normally this happens automatically, but if it happened that both targets were
pulled in, even though there were no cryptsetup units, they could be started
in reverse order, which would be somewhat confusing. Add an explicit ordering
to avoid this potential issue.
---
units/cryptsetup-pre.target | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 65353419f..42e35dd4e 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -9,3 +9,4 @@
Description=Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
+Before=cryptsetup.target
--
2.14.1
From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 10:15:13 +0200
Subject: [PATCH 2/3] units: add remote-cryptsetup.target and
remote-cryptsetup-pre.target
The pair is similar to remote-fs.target and remote-fs-pre.target. Any
cryptsetup devices which require network shall be ordered after
remote-cryptsetup-pre.target and before remote-cryptsetup.target.
---
man/systemd.special.xml | 23 +++++++++++++++++++++++
units/cryptsetup-pre.target | 2 +-
units/cryptsetup.target | 2 +-
units/meson.build | 3 +++
units/remote-cryptsetup-pre.target | 15 +++++++++++++++
units/remote-cryptsetup.target | 10 ++++++++++
6 files changed, 53 insertions(+), 2 deletions(-)
create mode 100644 units/remote-cryptsetup-pre.target
create mode 100644 units/remote-cryptsetup.target
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 66c45e39a..7107b8a92 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,6 +81,8 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
+ <filename>remote-cryptsetup-pre.target</filename>,
+ <filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
<filename>rescue.target</filename>,
@@ -450,6 +452,27 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is automatically ordered before all cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to execute additional
+ units before such devices are set up.</para>
+
+ <para>It is ordered after <filename>network.target</filename> and
+ <filename>network-online.target</filename>, and also pulls the latter in as a
+ <varname>Wants=</varname> dependency.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup.target</filename></term>
+ <listitem>
+ <para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
+ devices which are accessed over the network. It is used for
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ entries marked with <option>_netdev</option>.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><filename>remote-fs.target</filename></term>
<listitem>
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 42e35dd4e..6cb28a61a 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes (Pre)
+Description=Local Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
Before=cryptsetup.target
diff --git a/units/cryptsetup.target b/units/cryptsetup.target
index 25d3e33f6..10b17fd38 100644
--- a/units/cryptsetup.target
+++ b/units/cryptsetup.target
@@ -6,5 +6,5 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes
+Description=Local Encrypted Volumes
Documentation=man:systemd.special(7)
diff --git a/units/meson.build b/units/meson.build
index e94add6a6..e6351c7a2 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,6 +47,9 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
['remote-fs.target', '',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
new file mode 100644
index 000000000..a375e6188
--- /dev/null
+++ b/units/remote-cryptsetup-pre.target
@@ -0,0 +1,15 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
+Before=remote-cryptsetup.target
+
+After=network.target network-online.target
+Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
new file mode 100644
index 000000000..60943bd1c
--- /dev/null
+++ b/units/remote-cryptsetup.target
@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes
+Documentation=man:systemd.special(7)
--
2.14.1
From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 11:30:33 +0200
Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when
_netdev is present
This allows such devices to depend on the network. Their startup will
be delayed similarly to network mount units.
Fixes #4642.
---
man/crypttab.xml | 13 +++++++++++++
src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++-----------------
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 17976f370..162377ebc 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -213,6 +213,19 @@
<option>size=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>_netdev</option></term>
+
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
+ started after the network is available, similarly to
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ units marked with <option>_netdev</option>. The service unit to set up this device
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ <filename>remote-cryptsetup.target</filename>, instead of
+ <filename>cryptsetup-pre.target</filename> and
+ <filename>cryptsetup.target</filename>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>noauto</option></term>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index b58b6db7c..8571ab06e 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -61,7 +61,7 @@ static int create_disk(
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
- bool noauto, nofail, tmp, swap;
+ bool noauto, nofail, tmp, swap, netdev;
char *from;
int r;
@@ -72,6 +72,7 @@ static int create_disk(
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
tmp = fstab_test_option(options, "tmp\0");
swap = fstab_test_option(options, "swap\0");
+ netdev = fstab_test_option(options, "_netdev\0");
if (tmp && swap) {
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
@@ -102,21 +103,22 @@ static int create_disk(
if (!f)
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
- "[Unit]\n"
- "Description=Cryptography Setup for %I\n"
- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
- "SourcePath=/etc/crypttab\n"
- "DefaultDependencies=no\n"
- "Conflicts=umount.target\n"
- "BindsTo=dev-mapper-%i.device\n"
- "IgnoreOnIsolate=true\n"
- "After=cryptsetup-pre.target\n",
- f);
+ fprintf(f,
+ "# Automatically generated by systemd-cryptsetup-generator\n\n"
+ "[Unit]\n"
+ "Description=Cryptography Setup for %%I\n"
+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
+ "SourcePath=/etc/crypttab\n"
+ "DefaultDependencies=no\n"
+ "Conflicts=umount.target\n"
+ "IgnoreOnIsolate=true\n"
+ "After=%s\n",
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
- "Before=cryptsetup.target\n");
+ "Before=%s\n",
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
@@ -200,10 +202,10 @@ static int create_disk(
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
free(to);
- if (!nofail)
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
- else
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
+ to = strjoin(arg_dest,
+ netdev ? "/remote-cryptsetup" : "/cryptsetup",
+ ".target.",
+ nofail ? "wants/" : "requires/", n);
if (!to)
return log_oom();
--
2.14.1

136
systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 234
Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist}
Release: 9%{?gitcommit:.git%{gitcommitshort}}%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -42,7 +42,7 @@ Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60cead
%if 0
GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v234..v234-stable
i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
i=1; for j in 0[0-8]*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
%endif
@ -59,20 +59,96 @@ Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch
Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch
Patch0012: 0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch
Patch0013: 0013-test-condition-don-t-assume-that-all-non-root-users-.patch
Patch0014: 0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch
Patch0015: 0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch
Patch0016: 0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch
Patch0017: 0017-bash-completion-use-the-first-argument-instead-of-th.patch
Patch0018: 0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch
Patch0019: 0019-meson-D-remote-and-D-importd-should-be-combo-options.patch
Patch0020: 0020-cryptsetup-fix-infinite-timeout-6486.patch
Patch0021: 0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
Patch0022: 0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch
Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch
Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch
Patch0014: 0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch
Patch0015: 0015-bash-completion-use-the-first-argument-instead-of-th.patch
Patch0016: 0016-meson-D-remote-and-D-importd-should-be-combo-options.patch
Patch0017: 0017-cryptsetup-fix-infinite-timeout-6486.patch
Patch0018: 0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch
Patch0019: 0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch
Patch0020: 0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch
Patch0021: 0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch
Patch0022: 0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
Patch0023: 0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch
Patch0024: 0024-process-util-update-the-end-pointer-of-the-process-n.patch
Patch0025: 0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch
Patch0026: 0026-service-attempt-to-execute-next-main-command-only-fo.patch
Patch0027: 0027-namespace-avoid-assertion-failure-6649.patch
Patch0028: 0028-terminal-reset-should-honour-default_utf8-kernel-set.patch
Patch0029: 0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch
Patch0030: 0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch
Patch0031: 0031-device-make-sure-to-remove-all-device-units-sharing-.patch
Patch0032: 0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch
Patch0033: 0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch
Patch0034: 0034-log-reopen-log-for-failed-assertions-6703.patch
Patch0035: 0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch
Patch0036: 0036-networkd-dont-crash-when-mtu-changes-6594.patch
Patch0037: 0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch
Patch0038: 0038-logind-method_schedule_shutdown-already-rejects-empt.patch
Patch0039: 0039-logind-add-missing-check-for-conflicting-operation-v.patch
Patch0040: 0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch
Patch0041: 0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch
Patch0042: 0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch
Patch0043: 0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch
Patch0044: 0044-man-fix-path-for-storing-random-seed.patch
Patch0045: 0045-Load-virtio_rng-early-in-the-game-6710.patch
Patch0046: 0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch
Patch0047: 0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch
Patch0048: 0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch
Patch0049: 0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch
Patch0050: 0050-rfkill-Lookup-device-in-determine_state_file.patch
Patch0051: 0051-rfkill-Delay-writes-until-exit-5768.patch
Patch0052: 0052-systemctl-check-existence-of-all-units-not-just-the-.patch
Patch0053: 0053-systemctl-fix-masking-of-template-units.patch
Patch0054: 0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch
Patch0055: 0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch
Patch0056: 0056-journalctl-honor-quiet-when-vacuuming-6771.patch
Patch0057: 0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch
Patch0058: 0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch
Patch0059: 0059-util-make-get_block_device-available.patch
Patch0060: 0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch
Patch0061: 0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch
Patch0062: 0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch
Patch0063: 0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch
Patch0064: 0064-build-sys-bump-xslt-maxdepth-limit-6863.patch
Patch0065: 0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch
Patch0066: 0066-def-add-new-constant-LONG_LINE_MAX.patch
Patch0067: 0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch
Patch0068: 0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch
Patch0069: 0069-test-conf-parser-add-some-basic-tests-for-config_par.patch
Patch0070: 0070-conf-parse-remove-4K-line-length-limit.patch
Patch0071: 0071-fileio-use-_cleanup_-for-FILE-unlocking.patch
Patch0072: 0072-test-conf-parser-use-_cleanup_.patch
Patch0073: 0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch
Patch0074: 0074-test-fileio-close-two-leaked-file-handles.patch
Patch0075: 0075-test-fileio-also-test-read_line-with-actual-files.patch
Patch0076: 0076-fileio-return-0-from-read_one_line_file-on-success.patch
Patch0077: 0077-string-util-use-size_t-for-strjoina-macro-6914.patch
Patch0078: 0078-mount-util-add-fusectl-to-list-of-API-VFS.patch
Patch0079: 0079-units-do-not-kill-rescue-shell-when-machines.target-.patch
Patch0080: 0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch
Patch0081: 0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch
Patch0082: 0082-units-add-missing-Before-shutdown.target-for-units-w.patch
Patch0083: 0083-units-DefaultDependencies-already-implies-conflict-w.patch
Patch0084: 0084-systemctl-supress-enable-disable-messages-when-q-is-.patch
Patch0085: 0085-basic-env-util-drop-the-validation-when-deserializin.patch
Patch0086: 0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch
Patch0087: 0087-networkd-Consider-linkLocalAddressing-state-while-co.patch
Patch0088: 0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch
Patch0089: 0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch
Patch0090: 0090-timedatectl-stop-using-xstrftime.patch
Patch0091: 0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch
Patch0092: 0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
Patch0093: 0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch
Patch0094: 0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch
Patch0095: 0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch
Patch0096: 0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch
Patch0097: 0097-units-add-Install-section-to-remote-cryptsetup.targe.patch
Patch0098: 0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch
Patch0099: 0099-man-add-a-note-about-_netdev-usage.patch
Patch0100: 0100-units-make-remote-cryptsetup.target-also-after-crypt.patch
Patch0101: 0101-man-describe-how-machine-id-should-be-initialized-70.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
Patch0999: 0999-netdev-crypttab.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@ -1053,6 +1129,38 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
%{pkgdir}/tests
%changelog
* Thu Oct 26 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-9
- Use infinite timeouts for passwords during boot when JobTimeoutSec=0
- Some tty utf8-mode fixes
- Only send one auxillary fd set over dbus
- Various network-manager crash and spurious assert fixes
- Do not remount network filesystems ro during shutdown and unmount DM
devices better
- Fix cryptsetup devices disappearing when used for btrfs
- Fix assertions messages sometimes not appearing during bootup/shutdown
- Fix passing arguments over ssh (-H)
- Fix networks crash on MTU changes
- Respect delay inhibitors in scheduled shutdowns using logind
- Send resume signal on failed sleep/shutdown from logind (#1476313)
- Make tmpfiles treat various errors more leniently and ignore autofs paths
- Load virtio_rng early
- Fix cryptsetup generator usage in initramfs
- Fix mounting of APIFSs using systemd-mount
- Fix rfkill on some thinkpads
- Fix masking of template units
- Honour quiet flag in more places
- Fix crash when removing EFI variables
- Fix handling of persistent timer timestamps from the future
- Extend dbus timeouts to handle slow dbus daemon startup
- Allow lines of unlimited length in configuration files
- Fix starting of units in emergency mode
- Make environment variable validation allow all shell variables
- Fix systemd-networkd issues when LinkLocalAddressing=no and DHCPServer=no
- Fix assertion triggered in timedatectl under Iranian locale
- Fix systemd-resolved DOS with crafted NSEC packets (LP#1725351)
- Backport /etc/crypttab _netdev feature from upstream
(v2, with crypttab _netdev units using remote-fs-pre.target)
* Tue Sep 26 2017 Nathaniel McCallum <npmccallum@redhat.com> - 234-8
- Backport /etc/crypttab _netdev feature from upstream