Merge remote-tracking branch 'up/master' into master-riscv64
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
This commit is contained in:
commit
6b5f51e220
|
@ -1,30 +1,28 @@
|
|||
From 2cce22a4279d4f304e75b87b56b9eeb5cd313566 Mon Sep 17 00:00:00 2001
|
||||
From 224a4eaf6701431af907179e313138213b60ce6c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 22 Dec 2018 11:11:04 +0100
|
||||
Date: Wed, 3 Apr 2019 10:56:14 +0200
|
||||
Subject: [PATCH] Revert "units: set NoNewPrivileges= for all long-running
|
||||
services"
|
||||
|
||||
This reverts commit 64d7f7b4a15f1534fb19fda6b601fec50783bee4.
|
||||
---
|
||||
units/systemd-coredump@.service.in | 1 -
|
||||
units/systemd-hostnamed.service.in | 1 -
|
||||
units/systemd-initctl.service.in | 1 -
|
||||
units/systemd-journal-gatewayd.service.in | 1 -
|
||||
units/systemd-journal-remote.service.in | 1 -
|
||||
units/systemd-journal-upload.service.in | 1 -
|
||||
units/systemd-journald.service.in | 1 -
|
||||
units/systemd-localed.service.in | 1 -
|
||||
units/systemd-logind.service.in | 1 -
|
||||
units/systemd-machined.service.in | 1 -
|
||||
units/systemd-networkd.service.in | 1 -
|
||||
units/systemd-resolved.service.in | 1 -
|
||||
units/systemd-rfkill.service.in | 1 -
|
||||
units/systemd-timedated.service.in | 1 -
|
||||
units/systemd-timesyncd.service.in | 1 -
|
||||
15 files changed, 15 deletions(-)
|
||||
units/systemd-coredump@.service.in | 1 -
|
||||
units/systemd-hostnamed.service.in | 1 -
|
||||
units/systemd-initctl.service.in | 1 -
|
||||
units/systemd-journal-remote.service.in | 1 -
|
||||
units/systemd-journald.service.in | 1 -
|
||||
units/systemd-localed.service.in | 1 -
|
||||
units/systemd-logind.service.in | 1 -
|
||||
units/systemd-machined.service.in | 1 -
|
||||
units/systemd-networkd.service.in | 1 -
|
||||
units/systemd-resolved.service.in | 1 -
|
||||
units/systemd-rfkill.service.in | 1 -
|
||||
units/systemd-timedated.service.in | 1 -
|
||||
units/systemd-timesyncd.service.in | 1 -
|
||||
13 files changed, 13 deletions(-)
|
||||
|
||||
diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in
|
||||
index ffcb5f36ca..74dcf7fe06 100644
|
||||
index afb2ab9d17..5babc11e4c 100644
|
||||
--- a/units/systemd-coredump@.service.in
|
||||
+++ b/units/systemd-coredump@.service.in
|
||||
@@ -22,7 +22,6 @@ IPAddressDeny=any
|
||||
|
@ -36,7 +34,7 @@ index ffcb5f36ca..74dcf7fe06 100644
|
|||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
|
||||
index 9c925e80d9..696d4e2e60 100644
|
||||
index b4f606cf78..f7977e1504 100644
|
||||
--- a/units/systemd-hostnamed.service.in
|
||||
+++ b/units/systemd-hostnamed.service.in
|
||||
@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed
|
||||
|
@ -58,20 +56,8 @@ index c276283908..f48d673d58 100644
|
|||
-NoNewPrivileges=yes
|
||||
NotifyAccess=all
|
||||
SystemCallArchitectures=native
|
||||
diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in
|
||||
index ebc8bf9a25..5ef4ee0058 100644
|
||||
--- a/units/systemd-journal-gatewayd.service.in
|
||||
+++ b/units/systemd-journal-gatewayd.service.in
|
||||
@@ -17,7 +17,6 @@ DynamicUser=yes
|
||||
ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
-NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
ProtectControlGroups=yes
|
||||
diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
|
||||
index 29a99aaec1..ec1311da88 100644
|
||||
index dd6322e62c..c867aca104 100644
|
||||
--- a/units/systemd-journal-remote.service.in
|
||||
+++ b/units/systemd-journal-remote.service.in
|
||||
@@ -17,7 +17,6 @@ ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/va
|
||||
|
@ -82,20 +68,8 @@ index 29a99aaec1..ec1311da88 100644
|
|||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
PrivateTmp=yes
|
||||
diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
|
||||
index 92cd4e5259..a15744e1e8 100644
|
||||
--- a/units/systemd-journal-upload.service.in
|
||||
+++ b/units/systemd-journal-upload.service.in
|
||||
@@ -18,7 +18,6 @@ DynamicUser=yes
|
||||
ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
-NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||
index 4684f095c0..7b659d4b03 100644
|
||||
index fab405502a..308622e9b3 100644
|
||||
--- a/units/systemd-journald.service.in
|
||||
+++ b/units/systemd-journald.service.in
|
||||
@@ -22,7 +22,6 @@ FileDescriptorStoreMax=4224
|
||||
|
@ -107,7 +81,7 @@ index 4684f095c0..7b659d4b03 100644
|
|||
RestartSec=0
|
||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
||||
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
|
||||
index 01e0703d0e..7d40fb4897 100644
|
||||
index 7bca34409a..05fb4f0c80 100644
|
||||
--- a/units/systemd-localed.service.in
|
||||
+++ b/units/systemd-localed.service.in
|
||||
@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-localed
|
||||
|
@ -119,7 +93,7 @@ index 01e0703d0e..7d40fb4897 100644
|
|||
PrivateNetwork=yes
|
||||
PrivateTmp=yes
|
||||
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
|
||||
index 38a7f269ac..6b362ccdca 100644
|
||||
index 3eef95c661..53af530aea 100644
|
||||
--- a/units/systemd-logind.service.in
|
||||
+++ b/units/systemd-logind.service.in
|
||||
@@ -27,7 +27,6 @@ FileDescriptorStoreMax=512
|
||||
|
@ -127,11 +101,11 @@ index 38a7f269ac..6b362ccdca 100644
|
|||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
-NoNewPrivileges=yes
|
||||
Restart=always
|
||||
RestartSec=0
|
||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
||||
PrivateTmp=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
|
||||
index 9f1476814d..d90e71ae67 100644
|
||||
index d6deefea08..092abc128f 100644
|
||||
--- a/units/systemd-machined.service.in
|
||||
+++ b/units/systemd-machined.service.in
|
||||
@@ -22,7 +22,6 @@ ExecStart=@rootlibexecdir@/systemd-machined
|
||||
|
@ -139,11 +113,11 @@ index 9f1476814d..d90e71ae67 100644
|
|||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
-NoNewPrivileges=yes
|
||||
ProtectHostname=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
|
||||
RestrictRealtime=yes
|
||||
SystemCallArchitectures=native
|
||||
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
|
||||
index 472ef045de..f23bf227fb 100644
|
||||
index 2c74da6f1e..eaabcb9941 100644
|
||||
--- a/units/systemd-networkd.service.in
|
||||
+++ b/units/systemd-networkd.service.in
|
||||
@@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N
|
||||
|
@ -155,7 +129,7 @@ index 472ef045de..f23bf227fb 100644
|
|||
ProtectHome=yes
|
||||
ProtectKernelModules=yes
|
||||
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
|
||||
index 3144b70063..d08842f0d4 100644
|
||||
index eee5d5ea8f..a8f442ef6f 100644
|
||||
--- a/units/systemd-resolved.service.in
|
||||
+++ b/units/systemd-resolved.service.in
|
||||
@@ -25,7 +25,6 @@ CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||
|
@ -179,7 +153,7 @@ index 3abb958310..7447ed5b5b 100644
|
|||
TimeoutSec=30s
|
||||
Type=notify
|
||||
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
|
||||
index 6d53024195..1105f1a980 100644
|
||||
index df546f471f..4d50999a22 100644
|
||||
--- a/units/systemd-timedated.service.in
|
||||
+++ b/units/systemd-timedated.service.in
|
||||
@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-timedated
|
||||
|
@ -191,7 +165,7 @@ index 6d53024195..1105f1a980 100644
|
|||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
|
||||
index 03ade45d08..8b99e92e01 100644
|
||||
index 6512531e1c..2b2e1d73d2 100644
|
||||
--- a/units/systemd-timesyncd.service.in
|
||||
+++ b/units/systemd-timesyncd.service.in
|
||||
@@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_SYS_TIME
|
||||
|
@ -202,6 +176,3 @@ index 03ade45d08..8b99e92e01 100644
|
|||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectControlGroups=yes
|
||||
--
|
||||
2.19.2
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (systemd-cbf14c9.tar.gz) = b708db5db65c8fc7ef030c18f97d97b4cbfb03d32bb8952ac69adef0301f879db0ada3932845f4e29fe58374e82f5aa83599a6871bf5d0d0860acb71c0f9722b
|
||||
SHA512 (systemd-7a6d834.tar.gz) = 46a7119274e85e71c543bef4f0d30850bd35665813b47f6236dffc54a8c8a8402334830ce909d597bd83609dd21d35bdbaa0002bf0a831172a5d9feb4f11faf2
|
||||
|
|
49
systemd.spec
49
systemd.spec
|
@ -1,4 +1,4 @@
|
|||
%global commit cbf14c9500d5e6820fd7d96166ca0bf75c6850df
|
||||
%global commit 7a6d834c0104304f506852eddc25b22e1ce65e3b
|
||||
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
|
||||
|
||||
%global stable 1
|
||||
|
@ -14,7 +14,7 @@
|
|||
|
||||
Name: systemd
|
||||
Url: https://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 241
|
||||
Version: 242
|
||||
Release: 4%{?commit:.git%{shortcommit}}.0.riscv64%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
|
@ -158,6 +158,10 @@ date, locale, maintain a list of logged-in users, system accounts,
|
|||
runtime directories and settings, and daemons to manage simple network
|
||||
configuration, network time synchronization, log forwarding, and name
|
||||
resolution.
|
||||
%if 0%{stable}
|
||||
This package was built from the %{version}-stable branch of systemd,
|
||||
commit https://github.com/systemd/systemd-stable/commit/%{shortcommit}.
|
||||
%endif
|
||||
|
||||
%package libs
|
||||
Summary: systemd libraries
|
||||
|
@ -292,11 +296,7 @@ CONFIGURE_OPTS=(
|
|||
-Dkmod=true
|
||||
-Dxkbcommon=true
|
||||
-Dblkid=true
|
||||
%ifnarch riscv64
|
||||
-Dseccomp=true
|
||||
%else
|
||||
-Dseccomp=false
|
||||
%endif
|
||||
-Dima=true
|
||||
-Dselinux=true
|
||||
-Dapparmor=false
|
||||
|
@ -541,14 +541,10 @@ if [ $1 -eq 0 ] ; then
|
|||
serial-getty@.service \
|
||||
console-getty.service \
|
||||
debug-shell.service \
|
||||
systemd-readahead-replay.service \
|
||||
systemd-readahead-collect.service \
|
||||
systemd-networkd.service \
|
||||
systemd-networkd-wait-online.service \
|
||||
systemd-resolved.service \
|
||||
>/dev/null || :
|
||||
|
||||
rm -f /etc/systemd/system/default.target &>/dev/null || :
|
||||
fi
|
||||
|
||||
%post libs
|
||||
|
@ -706,8 +702,37 @@ fi
|
|||
%files tests -f .file-list-tests
|
||||
|
||||
%changelog
|
||||
* Tue Apr 02 2019 David Abdurachmanov <david.abdurachmanov@gmail.com> - 241-4.gitcbf14c9.0.riscv64
|
||||
- Disable libseccomp on riscv64 (RISC-V) until it's ported upstream
|
||||
* Tue Jun 25 2019 David Abdurachmanov <david.abdurachmanov@sifive.com> - 242-4.git7a6d834.0.riscv64
|
||||
- Use %{valgrind_arches}
|
||||
|
||||
* Tue Jun 25 2019 Miro Hrončok <mhroncok@redhat.com>- 242-4.git7a6d834
|
||||
- Rebuilt for iptables update (libip4tc.so.2)
|
||||
|
||||
* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242-3.git7a6d834
|
||||
- Add symbol to mark vtable format changes (anything using sd_add_object_vtable
|
||||
or sd_add_fallback_vtable needs to be rebuilt)
|
||||
- Fix wireguard ListenPort handling in systemd-networkd
|
||||
- Fix hang in flush_accept (#1702358)
|
||||
- Fix handling of RUN keys in udevd
|
||||
- Some documentation and shell completion updates and minor fixes
|
||||
|
||||
* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 242-2
|
||||
- Rebuild with Meson fix for #1699099
|
||||
|
||||
* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242-1
|
||||
- Update to latest release
|
||||
- Make scriptlet failure non-fatal
|
||||
|
||||
* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242~rc4-1
|
||||
- Update to latest prerelease
|
||||
|
||||
* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242~rc3-1
|
||||
- Update to latest prerelease
|
||||
|
||||
* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242~rc2-1
|
||||
- Update to the latest prerelease.
|
||||
- The bug reported on latest update that systemd-resolved and systemd-networkd are
|
||||
re-enabled after upgrade is fixed.
|
||||
|
||||
* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241-4.gitcbf14c9
|
||||
- Backport various patches from the v241..v242 range:
|
||||
|
|
|
@ -62,7 +62,7 @@ fi
|
|||
# specified users automatically. The priority is set such that it
|
||||
# will run before the tmpfiles file trigger.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemd-sysusers
|
||||
%{_bindir}/systemd-sysusers || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
|
||||
|
@ -70,35 +70,35 @@ fi
|
|||
# tmpfiles automatically. The priority is set such that it will run
|
||||
# after the sysusers file trigger, but before any other triggers.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemd-tmpfiles --create
|
||||
%{_bindir}/systemd-tmpfiles --create || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
|
||||
# This script will automatically invoke hwdb update if files have been
|
||||
# installed or updated in /usr/lib/udev/hwdb.d.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemd-hwdb update
|
||||
%{_bindir}/systemd-hwdb update || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -- /usr/lib/systemd/catalog
|
||||
# This script will automatically invoke journal catalog update if files
|
||||
# have been installed or updated in /usr/lib/systemd/catalog.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/journalctl --update-catalog
|
||||
%{_bindir}/journalctl --update-catalog || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin udev -- /usr/lib/udev/rules.d
|
||||
# This script will automatically update udev with new rules if files
|
||||
# have been installed or updated in /usr/lib/udev/rules.d.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/udevadm control --reload
|
||||
if test -e /run/udev/control; then
|
||||
%{_bindir}/udevadm control --reload || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -- /usr/lib/sysctl.d
|
||||
# This script will automatically apply sysctl rules if files have been
|
||||
# installed or updated in /usr/lib/sysctl.d.
|
||||
if test -d /run/systemd/system; then
|
||||
/usr/lib/systemd/systemd-sysctl
|
||||
/usr/lib/systemd/systemd-sysctl || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -- /usr/lib/binfmt.d
|
||||
|
|
Loading…
Reference in New Issue