diff --git a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch deleted file mode 100644 index 351f413..0000000 --- a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch +++ /dev/null @@ -1,243 +0,0 @@ -From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Sat, 9 Sep 2023 14:46:32 +0200 -Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units - -This adds a new "PollLimit" pair of settings to .socket units, very -similar to existing "TriggerLimit" logic. The differences are: - -* PollLimit focusses on the polling on the sockets, and pauses that - temporarily if a ratelimit on that is reached. TriggerLimit otoh - focusses on the triggering effect of socket units, and stops - triggering once the ratelimit is hit. - -* While the trigger limit being hit is an action that causes the socket - unit to fail the polling limit being reached will just temporarily - disable polling on the socket fd, and it is resumed once the ratelimit - interval is over. - -* When a socket unit operates on multiple socket fds (e,g, ListenStream= - on both some ipv6 and an ipv4 address or so). Then the PollLimit will - be specific to each fd, while the trigger limit is specific to the - whole unit. - -Implementation-wise this is mostly a wrapper around sd-event's -sd_event_source_set_ratelimit(), which exposes the desired behaviour -directly. - -Usecase for all of this: socket services which when overloaded with -connections should just slow down reception of it, but not fail -persistently. - -(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e) ---- - man/org.freedesktop.systemd1.xml | 12 ++++++++++ - src/core/dbus-socket.c | 8 +++++++ - src/core/load-fragment-gperf.gperf.in | 2 ++ - src/core/socket.c | 32 +++++++++++++++++++-------- - src/core/socket.h | 2 ++ - src/shared/bus-unit-util.c | 10 +++++---- - 6 files changed, 53 insertions(+), 13 deletions(-) - -diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml -index 56906e2f3b..0557dc2379 100644 ---- a/man/org.freedesktop.systemd1.xml -+++ b/man/org.freedesktop.systemd1.xml -@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - readonly t TriggerLimitIntervalUSec = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("const") - readonly u TriggerLimitBurst = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") -+ readonly t PollLimitIntervalUSec = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") -+ readonly u PollLimitBurst = ...; - readonly u UID = ...; - readonly u GID = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") -@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ -+ -+ - - - -@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ PollLimitIntervalUSec/PollLimitBurst properties configure the -+ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to -+ zero the limiting feature is turned off. -+ - - Properties - -diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c -index 09a3a9502b..04552b7c60 100644 ---- a/src/core/dbus-socket.c -+++ b/src/core/dbus-socket.c -@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = { - SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), -@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property( - if (streq(name, "TriggerLimitBurst")) - return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error); - -+ if (streq(name, "PollLimitBurst")) -+ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error); -+ - if (streq(name, "SocketMode")) - return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error); - -@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property( - if (streq(name, "TriggerLimitIntervalUSec")) - return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error); - -+ if (streq(name, "PollLimitIntervalUSec")) -+ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error); -+ - if (streq(name, "SmackLabel")) - return bus_set_transient_string(u, name, &s->smack, message, flags, error); - -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index b66adf2811..0d1ee9c231 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname, - Socket.Service, config_parse_socket_service, 0, 0 - Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval) - Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst) -+Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval) -+Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst) - {% if ENABLE_SMACK %} - Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack) - Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in) -diff --git a/src/core/socket.c b/src/core/socket.c -index 75034ac357..dc18744f54 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -101,6 +101,9 @@ static void socket_init(Unit *u) { - - s->trigger_limit.interval = USEC_INFINITY; - s->trigger_limit.burst = UINT_MAX; -+ -+ s->poll_limit_interval = USEC_INFINITY; -+ s->poll_limit_burst = UINT_MAX; - } - - static void socket_unwatch_control_pid(Socket *s) { -@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) { - * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to - * process whatever is queued in one go, and thus should normally never have to be started frequently. This is - * different for Accept=yes where each connection is processed by a new service instance, and thus frequent -- * service starts are typical. */ -+ * service starts are typical. -+ * -+ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to -+ * trigger this earlier. */ - - if (s->trigger_limit.interval == USEC_INFINITY) - s->trigger_limit.interval = 2 * USEC_PER_SEC; -+ if (s->trigger_limit.burst == UINT_MAX) -+ s->trigger_limit.burst = s->accept ? 200 : 20; - -- if (s->trigger_limit.burst == UINT_MAX) { -- if (s->accept) -- s->trigger_limit.burst = 200; -- else -- s->trigger_limit.burst = 20; -- } -+ if (s->poll_limit_interval == USEC_INFINITY) -+ s->poll_limit_interval = 2 * USEC_PER_SEC; -+ if (s->poll_limit_burst == UINT_MAX) -+ s->poll_limit_burst = s->accept ? 150 : 15; - - if (have_non_accept_socket(s)) { - -@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { - - fprintf(f, - "%sTriggerLimitIntervalSec: %s\n" -- "%sTriggerLimitBurst: %u\n", -+ "%sTriggerLimitBurst: %u\n" -+ "%sPollLimitIntervalSec: %s\n" -+ "%sPollLimitBurst: %u\n", - prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC), -- prefix, s->trigger_limit.burst); -+ prefix, s->trigger_limit.burst, -+ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC), -+ prefix, s->poll_limit_burst); - - str = ip_protocol_to_name(s->socket_protocol); - if (str) -@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) { - - (void) sd_event_source_set_description(p->event_source, "socket-port-io"); - } -+ -+ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst); -+ if (r < 0) -+ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m"); - } - - return 0; -diff --git a/src/core/socket.h b/src/core/socket.h -index 191d27f46d..b03a291e4a 100644 ---- a/src/core/socket.h -+++ b/src/core/socket.h -@@ -158,6 +158,8 @@ struct Socket { - char *fdname; - - RateLimit trigger_limit; -+ usec_t poll_limit_interval; -+ unsigned poll_limit_burst; - }; - - SocketPeer *socket_peer_ref(SocketPeer *p); -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index e7b44cc39b..9f0f37488d 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const - return 1; - } - -- if (streq(field, "TriggerLimitBurst")) -+ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst")) - return bus_append_safe_atou(m, field, eq); - -- if (streq(field, "TriggerLimitIntervalSec")) -+ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec")) - return bus_append_parse_sec_rename(m, field, eq); - - return 0; -@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons - "MaxConnections", - "MaxConnectionsPerSource", - "KeepAliveProbes", -- "TriggerLimitBurst")) -+ "TriggerLimitBurst", -+ "PollLimitBurst")) - return bus_append_safe_atou(m, field, eq); - - if (STR_IN_SET(field, "SocketMode", -@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons - "KeepAliveTimeSec", - "KeepAliveIntervalSec", - "DeferAcceptSec", -- "TriggerLimitIntervalSec")) -+ "TriggerLimitIntervalSec", -+ "PollLimitIntervalSec")) - return bus_append_parse_sec_rename(m, field, eq); - - if (STR_IN_SET(field, "ReceiveBuffer", diff --git a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch deleted file mode 100644 index 02f6fc0..0000000 --- a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Tue, 19 Sep 2023 16:06:26 -0700 -Subject: [PATCH] find_legacy_keymap: extend variant match bonus again - -If the column is "-" and the X context variant specifer only -contains commas, we should also give the match bonus. The variant -string is supposed to be a comma-separated list as long as the -list of layouts, so it's quite natural for consumers to be written -in such a way that they pass a string only containing commas if -there are multiple layouts and no variants. anaconda is a real -world case that does this. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 2 +- - src/locale/test-localed-util.c | 7 +++++++ - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index eba13a2ac3..9b6949e14d 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { - matching++; - -- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { -+ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) { - matching++; - - if (streq_ptr(xc->options, a[4])) -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index f702ff29b0..e92c178a98 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "bg_bds-utf8")); - vc_context_clear(&vc); - -+ /* same, but with variant specified as "," */ -+ log_info("/* test with variant as ',', desired match second (bg,us:) */"); -+ assert_se(free_and_strdup(&xc.variant, ",") >= 0); -+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -+ assert_se(streq(vc.keymap, "bg_bds-utf8")); -+ vc_context_clear(&vc); -+ - log_info("/* test with old mapping (fr:latin9) */"); - assert_se(free_and_strdup(&xc.layout, "fr") >= 0); - assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); diff --git a/0001-find_legacy_keymap-fix-empty-variant-matching.patch b/0001-find_legacy_keymap-fix-empty-variant-matching.patch deleted file mode 100644 index c15a017..0000000 --- a/0001-find_legacy_keymap-fix-empty-variant-matching.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 15 Sep 2023 15:35:36 -0700 -Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching - -We should give a match bonus if the X context variant is empty -and the xvariant column in kbd-model-map is "-" (which means -none). Currently, we don't, which means that if you call this -on a context with layouts bg,us and no variant, you get the -console layout bg_pho-utf8 instead of bg_bds-utf8 (because both -score the same, and the bg_pho-utf8 row comes first). You should -get bg_bds-utf8 in this case. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 2 +- - src/locale/test-localed-util.c | 12 ++++++++++++ - 2 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index 02fac9786b..6a05b50a31 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { - matching++; - -- if (streq_ptr(xc->variant, a[3])) { -+ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { - matching++; - - if (streq_ptr(xc->options, a[4])) -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index cb66dffd48..a19d80a967 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "es-dvorak")); - vc_context_clear(&vc); - -+ /* es no-variant test is not very good as the desired match -+ comes first in the list so will win if both candidates score -+ the same. in this case the desired match comes second so will -+ not win unless we correctly give the no-variant match a bonus -+ */ -+ log_info("/* test without variant, desired match second (bg,us:) */"); -+ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0); -+ assert_se(free_and_strdup(&xc.variant, NULL) >= 0); -+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -+ assert_se(streq(vc.keymap, "bg_bds-utf8")); -+ vc_context_clear(&vc); -+ - log_info("/* test with old mapping (fr:latin9) */"); - assert_se(free_and_strdup(&xc.layout, "fr") >= 0); - assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); --- -2.41.0 - diff --git a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch deleted file mode 100644 index f6a042a..0000000 --- a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Wed, 20 Sep 2023 15:14:31 -0700 -Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry - -qwerty here is a variant, not an option. - -Signed-off-by: Adam Williamson ---- - src/locale/kbd-model-map | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map -index a145e13ecd..279d1a36d8 100644 ---- a/src/locale/kbd-model-map -+++ b/src/locale/kbd-model-map -@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp - ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp - ie ie pc105 - terminate:ctrl_alt_bksp - et ee pc105 - terminate:ctrl_alt_bksp --sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty -+sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp - sk-qwertz sk pc105 - terminate:ctrl_alt_bksp - fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp - fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp diff --git a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch deleted file mode 100644 index d0eb7d0..0000000 --- a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch +++ /dev/null @@ -1,117 +0,0 @@ -From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 15 Sep 2023 16:02:29 -0700 -Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order - reversed - -The lines in kbd-model-map date back to ye olde times (RH's old -system-config-keyboard), and I think predate this bug: - -https://bugzilla.redhat.com/show_bug.cgi?id=1039185 - -where we got strong feedback that, for 'switched' layout setups -like Russian, US English should be the *first* layout and the -native layout the *second* one. This is how anaconda and, as of -recently, gnome-initial-setup configure such cases - but that -means, if we try to use localed to convert these configurations -using kbd-model-map, we get the wrong result (we get "us" as the -console layout). See also: - -https://bugzilla.redhat.com/show_bug.cgi?id=1912609 - -where we first noticed this wasn't working right, but sadly, we -'fixed' it with a not-really-correct bodge in anaconda instead -of doing it properly. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 44 ++++++++++++++++++++++------------ - src/locale/test-localed-util.c | 5 +++- - 2 files changed, 33 insertions(+), 16 deletions(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index 6a05b50a31..eba13a2ac3 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - /* If we got an exact match, this is the best */ - matching = 10; - else { -- /* We have multiple X layouts, look for an -- * entry that matches our key with everything -- * but the first layout stripped off. */ -- if (startswith_comma(xc->layout, a[1])) -- matching = 5; -+ /* see if we get an exact match with the order reversed */ -+ _cleanup_strv_free_ char **b = NULL; -+ _cleanup_free_ char *c = NULL; -+ r = strv_split_full(&b, a[1], ",", 0); -+ if (r < 0) -+ return r; -+ strv_reverse(b); -+ c = strv_join(b, ","); -+ if (!c) -+ return log_oom(); -+ if (streq(xc->layout, c)) -+ matching = 9; - else { -- _cleanup_free_ char *x = NULL; -- -- /* If that didn't work, strip off the -- * other layouts from the entry, too */ -- x = strdupcspn(a[1], ","); -- if (!x) -- return -ENOMEM; -- if (startswith_comma(xc->layout, x)) -- matching = 1; -+ /* We have multiple X layouts, look for an -+ * entry that matches our key with everything -+ * but the first layout stripped off. */ -+ if (startswith_comma(xc->layout, a[1])) -+ matching = 5; -+ else { -+ _cleanup_free_ char *x = NULL; -+ -+ /* If that didn't work, strip off the -+ * other layouts from the entry, too */ -+ x = strdupcspn(a[1], ","); -+ if (!x) -+ return -ENOMEM; -+ if (startswith_comma(xc->layout, x)) -+ matching = 1; -+ } - } - } - -@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - } - } - -- if (best_matching < 10 && !isempty(xc->layout)) { -+ if (best_matching < 9 && !isempty(xc->layout)) { - _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL; - - /* The best match is only the first part of the X11 -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index a19d80a967..f702ff29b0 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "fr-latin9")); - vc_context_clear(&vc); - -+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */ -+ /* us,ru is the x config users want, but they still want ru -+ as the console layout in this case */ - log_info("/* test with a compound mapping (us,ru:) */"); - assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0); - assert_se(free_and_strdup(&xc.variant, NULL) >= 0); - assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -- assert_se(streq(vc.keymap, "us")); -+ assert_se(streq(vc.keymap, "ru")); - vc_context_clear(&vc); - - log_info("/* test with a compound mapping (ru,us:) */"); --- -2.41.0 - diff --git a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch deleted file mode 100644 index e2e80e9..0000000 --- a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch +++ /dev/null @@ -1,80 +0,0 @@ -From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 18 Sep 2023 17:51:49 +0200 -Subject: [PATCH 2/3] man: document the new - PollLimitIntervalSec=/PollLimitBurst= settings - -(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e) ---- - man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 47 insertions(+), 11 deletions(-) - -diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml -index 45555302f1..462978d438 100644 ---- a/man/systemd.socket.xml -+++ b/man/systemd.socket.xml -@@ -830,17 +830,53 @@ - TriggerLimitIntervalSec= - TriggerLimitBurst= - -- Configures a limit on how often this socket unit may be activated within a specific time -- interval. The TriggerLimitIntervalSec= may be used to configure the length of the time -- interval in the usual time units us, ms, s, -- min, h, … and defaults to 2s (See -- systemd.time7 for details on -- the various time units understood). The TriggerLimitBurst= setting takes a positive integer -- value and specifies the number of permitted activations per time interval, and defaults to 200 for -- Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 -- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the -- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this -- limit is enforced before the service activation is enqueued. -+ Configures a limit on how often this socket unit may be activated within a specific -+ time interval. The TriggerLimitIntervalSec= setting may be used to configure the -+ length of the time interval in the usual time units us, ms, -+ s, min, h, … and defaults to 2s (See -+ systemd.time7 for -+ details on the various time units understood). The TriggerLimitBurst= setting -+ takes a positive integer value and specifies the number of permitted activations per time interval, -+ and defaults to 200 for Accept=yes sockets (thus by default permitting 200 -+ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of -+ trigger rate limiting. -+ -+ If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible -+ anymore until restarted. Note that this limit is enforced before the service activation is -+ enqueued. -+ -+ Compare with PollLimitIntervalSec=/PollLimitBurst= -+ described below, which implements a temporary slowdown if a socket unit is flooded with incoming -+ traffic, as opposed to the permanent failure state -+ TriggerLimitIntervalSec=/TriggerLimitBurst= results in. -+ -+ -+ -+ -+ PollLimitIntervalSec= -+ PollLimitBurst= -+ -+ Configures a limit on how often polling events on the file descriptors backing this -+ socket unit will be considered. This pair of settings is similar to -+ TriggerLimitIntervalSec=/TriggerLimitBurst= but instead of -+ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling -+ frequency. The expected parameter syntax and range are identical to that of the aforementioned -+ options, and can be disabled the same way. -+ -+ If the polling limit is hit polling is temporarily disabled on it until the specified time -+ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger -+ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts -+ through packet flooding. -+ -+ The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit -+ which is enforced for the entire socket unit. This distinction matters for socket units that listen -+ on multiple file descriptors (i.e. have multiple ListenXYZ= stanzas). -+ -+ These setting defaults to 150 (in case of Accept=yes) and 15 (otherwise) -+ polling events per 2s. This is considerably lower than the default values for the trigger limit (see -+ above) and means that the polling limit should typically ensure the trigger limit is never hit, -+ unless one of them is reconfigured or disabled. -+ - - - diff --git a/0003-ci-add-test-for-poll-limit.patch b/0003-ci-add-test-for-poll-limit.patch deleted file mode 100644 index 33e2178..0000000 --- a/0003-ci-add-test-for-poll-limit.patch +++ /dev/null @@ -1,79 +0,0 @@ -From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 18 Sep 2023 18:05:27 +0200 -Subject: [PATCH 3/3] ci: add test for poll limit - -(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853) ---- - test/TEST-07-PID1/test.sh | 2 ++ - test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++ - 2 files changed, 50 insertions(+) - create mode 100755 test/units/testsuite-07.poll-limit.sh - -diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh -index 1c3d7137fe..d0e35d870f 100755 ---- a/test/TEST-07-PID1/test.sh -+++ b/test/TEST-07-PID1/test.sh -@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount - EOF - "${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount - ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount" -+ -+ image_install logger - } - - do_test "$@" -diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh -new file mode 100755 -index 0000000000..480d7ee8df ---- /dev/null -+++ b/test/units/testsuite-07.poll-limit.sh -@@ -0,0 +1,48 @@ -+#!/usr/bin/env bash -+# SPDX-License-Identifier: LGPL-2.1-or-later -+set -eux -+set -o pipefail -+ -+systemd-analyze log-level debug -+ -+cat > /run/systemd/system/floodme@.service < /run/systemd/system/floodme.socket < -Date: Wed, 26 Jul 2023 09:02:04 +0200 -Subject: [PATCH] rpm: add %systemd_postun_with_reload and - %systemd_user_postun_with_reload - -For some units, the package would like to issue a reload. The machinery was -already in place since c9615f73521986b3607b852c139036d58973043c: - - systemctl reload-or-restart --marked - - Enqueues restart jobs for all units that have the 'needs-restart' - mark, and reload jobs for units that have the 'needs-reload' mark. - When a unit marked for reload does not support reload, restart will - be queued. - -The new macros allow a reload to be issued instead of a restart. - -Based on the discussion on fedora-devel: -https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/ - -Tested using dummy package https://github.com/keszybz/rpm-test-reload. ---- - src/rpm/macros.systemd.in | 16 ++++++++++++++++ - src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++ - 2 files changed, 38 insertions(+) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index c07541c7286c..f05553f557e9 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - fi \ - %{nil} - -+%systemd_postun_with_reload() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \ -+fi \ -+%{nil} -+ -+%systemd_user_postun_with_reload() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \ -+fi \ -+%{nil} -+ - %udev_hwdb_update() %{nil} - - %udev_rules_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index c623a5ea1722..c81e16c3d3ff 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -47,6 +47,15 @@ case "$command" in - wait - ;; - -+ mark-reload-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-reload & -+ done -+ wait -+ ;; -+ - mark-restart-user-units) - [ -d /run/systemd/system ] || exit 0 - -@@ -60,6 +69,19 @@ case "$command" in - wait - ;; - -+ mark-reload-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ for unit in "$@"; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload & -+ done -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" diff --git a/rpminspect.yaml b/rpminspect.yaml index 7261213..6318820 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -13,7 +13,12 @@ badfuncs: changedfiles: exclude_path: .* -# completely disabled inspections: +# completely disable inspections: inspections: # we know about our patches, no need to report anything patches: off + + # this inspection uses `udevadm` which comes from this package + # disable so we do not check udev rules with a possibly outdated version + # of the command + udevrules: off diff --git a/sources b/sources index 1482dea..ad62708 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a +SHA512 (systemd-255.1.tar.gz) = ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb diff --git a/split-files.py b/split-files.py index 6ab2832..3f66ada 100644 --- a/split-files.py +++ b/split-files.py @@ -1,8 +1,48 @@ import re, sys, os, collections buildroot = sys.argv[1] -known_files = sys.stdin.read().splitlines() -known_files = {line.split()[-1]:line for line in known_files} +no_bootloader = '--no-bootloader' in sys.argv + +known_files = ''' +%ghost %config(noreplace) /etc/crypttab +%ghost %attr(0444,root,root) /etc/udev/hwdb.bin +/etc/inittab +/usr/lib/systemd/purge-nobody-user +# This directory is owned by openssh-server, but we don't want to introduce +# a dependency. So let's copy the config and co-own the directory. +%dir %attr(0700,root,root) /etc/ssh/sshd_config.d +%ghost %config(noreplace) /etc/vconsole.conf +%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf +%ghost %attr(0664,root,root) %verify(not group) /run/utmp +%ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp +%ghost %attr(0660,root,root) %verify(not group) /var/log/btmp +%ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog +%ghost %config(noreplace) /etc/hostname +%ghost %config(noreplace) /etc/localtime +%ghost %config(noreplace) /etc/locale.conf +%ghost %attr(0444,root,root) %config(noreplace) /etc/machine-id +%ghost %config(noreplace) /etc/machine-info +%ghost %attr(0700,root,root) %dir /var/cache/private +%ghost %attr(0700,root,root) %dir /var/lib/private +%ghost %dir /var/lib/private/systemd +%ghost %dir /var/lib/private/systemd/journal-upload +%ghost /var/lib/private/systemd/journal-upload/state +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +%ghost %dir /var/lib/systemd/backlight +%ghost /var/lib/systemd/catalog/database +%ghost %dir /var/lib/systemd/coredump +%ghost /var/lib/systemd/journal-upload +%ghost %dir /var/lib/systemd/linger +%ghost %attr(0600,root,root) /var/lib/systemd/random-seed +%ghost %dir /var/lib/systemd/rfkill +%ghost %dir %verify(not mode group) /var/log/journal +%ghost %dir /var/log/journal/remote +%ghost %attr(0700,root,root) %dir /var/log/private +''' + +known_files = {line.split()[-1]:line for line in known_files.splitlines() + if line and not line.startswith('#')} def files(root): os.chdir(root) @@ -15,24 +55,29 @@ def files(root): if file.is_dir() and not file.is_symlink(): todo.append(file) -o_libs = open('.file-list-libs', 'w') -o_udev = open('.file-list-udev', 'w') -o_ukify = open('.file-list-ukify', 'w') -o_boot = open('.file-list-boot', 'w') -o_pam = open('.file-list-pam', 'w') -o_rpm_macros = open('.file-list-rpm-macros', 'w') -o_devel = open('.file-list-devel', 'w') -o_container = open('.file-list-container', 'w') -o_networkd = open('.file-list-networkd', 'w') -o_oomd_defaults = open('.file-list-oomd-defaults', 'w') -o_remote = open('.file-list-remote', 'w') -o_resolve = open('.file-list-resolve', 'w') -o_tests = open('.file-list-tests', 'w') -o_standalone_repart = open('.file-list-standalone-repart', 'w') -o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') -o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w') -o_main = open('.file-list-main', 'w') +outputs = {suffix: open(f'.file-list-{suffix}', 'w') + for suffix in ( + 'libs', + 'udev', + 'ukify', + 'boot', + 'pam', + 'rpm-macros', + 'devel', + 'container', + 'networkd', + 'networkd-defaults', + 'oomd-defaults', + 'remote', + 'resolve', + 'tests', + 'standalone-repart', + 'standalone-tmpfiles', + 'standalone-sysusers', + 'standalone-shutdown', + 'main', + )} + for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -59,40 +104,41 @@ for file in files(buildroot): if n.endswith('.standalone'): if 'repart' in n: - o = o_standalone_repart + o = outputs['standalone-repart'] elif 'tmpfiles' in n: - o = o_standalone_tmpfiles + o = outputs['standalone-tmpfiles'] elif 'sysusers' in n: - o = o_standalone_sysusers + o = outputs['standalone-sysusers'] elif 'shutdown' in n: - o = o_standalone_shutdown + o = outputs['standalone-shutdown'] else: assert False, 'Found .standalone not belonging to known packages' elif '/security/pam_' in n or '/man8/pam_' in n: - o = o_pam + o = outputs['pam'] elif '/rpm/' in n: - o = o_rpm_macros + o = outputs['rpm-macros'] elif '/usr/lib/systemd/tests' in n: - o = o_tests + o = outputs['tests'] elif 'ukify' in n: - o = o_ukify + o = outputs['ukify'] elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): - o = o_main + o = outputs['main'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): - o = o_udev + o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): - o = o_devel + o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| /usr/share/systemd/gatewayd| /var/log/journal/remote ''', n, re.X): - o = o_remote + o = outputs['remote'] elif re.search(r'''mymachines| machinectl| systemd-nspawn| + systemd-vmspawn| import-pubring.gpg| systemd-(machined|import|pull)| /machine.slice| @@ -100,9 +146,15 @@ for file in files(buildroot): var-lib-machines.mount| org.freedesktop.(import|machine)1 ''', n, re.X): - o = o_container + o = outputs['container'] - elif re.search(r'''/usr/lib/systemd/network/80-| + # .network.example files go into systemd-networkd, and the matching files + # without .example go into systemd-networkd-defaults + elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n) + and os.path.exists(f'./{n}.example')): + o = outputs['networkd-defaults'] + + elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| org.freedesktop.network1| @@ -111,10 +163,13 @@ for file in files(buildroot): systemd\.network| systemd\.netdev ''', n, re.X): - o = o_networkd + o = outputs['networkd'] elif '.so.' in n: - o = o_libs + o = outputs['libs'] + + elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): + o = outputs['oomd-defaults'] elif re.search(r'''udev(?!\.pc)| hwdb| @@ -122,6 +177,7 @@ for file in files(buildroot): boot-update| bless-boot| boot-system-token| + bsod| kernel-install| installkernel| vconsole| @@ -150,7 +206,7 @@ for file in files(buildroot): integritytab| remount-fs| /initrd| - systemd-pcrphase| + systemd-pcr| systemd-measure| /boot$| /kernel/| @@ -160,44 +216,50 @@ for file in files(buildroot): sysctl| coredump| homed|home1| + oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be # confused if those user-facing binaries are not available. - o = o_udev + o = outputs['udev'] elif re.search(r'''/boot/efi| /usr/lib/systemd/boot| sd-boot|systemd-boot\.|loader.conf ''', n, re.X): - o = o_boot + o = outputs['boot'] elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| systemd\.(positive|negative) ''', n, re.X): # resolvectl and nss-resolve are in the main package. - o = o_resolve - - elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): - o = o_oomd_defaults + o = outputs['resolve'] else: - o = o_main + o = outputs['main'] if n in known_files: - prefix = ' '.join(known_files[n].split()[:-1]) - if prefix: - prefix += ' ' + prefix = known_files[n].split()[:-1] elif file.is_dir() and not file.is_symlink(): - prefix = '%dir ' + prefix = ['%dir'] elif 'README' in n: - prefix = '%doc ' + prefix = ['%doc'] elif n.startswith('/etc'): - prefix = '%config(noreplace) ' + prefix = ['%config(noreplace)'] + if file.stat().st_size == 0: + prefix += ['%ghost'] else: - prefix = '' + prefix = [] + prefix = ' '.join(prefix + ['']) if prefix else '' suffix = '*' if '/man/' in n else '' print(f'{prefix}{n}{suffix}', file=o) + +if [print(f'ERROR: no file names were written to {o.name}') + for name, o in outputs.items() + if (o.tell() == 0 and + not (no_bootloader and name in ('ukify', 'boot'))) + ]: + sys.exit(1) diff --git a/systemd.spec b/systemd.spec index c8a1277..666c1a0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.5 +Version: 255.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -102,23 +102,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +# Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch -# Backport of patches that allow reloading of units -Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch - -# Backport of improvements to console keyboard layout guessing -# https://github.com/systemd/systemd/pull/29215 -# https://bugzilla.redhat.com/show_bug.cgi?id=1912609 -Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch -Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch -Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch -Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch - -# Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket -Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch -Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch -Patch0012: 0003-ci-add-test-for-poll-limit.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -128,7 +114,7 @@ Patch0490: use-bfq-scheduler.patch Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 -%global have_gnu_efi 1 +%global want_bootloader 1 %endif BuildRequires: gcc @@ -204,6 +190,9 @@ BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) +%if 0%{?want_bootloader} +BuildRequires: python3dist(pyelftools) +%endif # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem BuildRequires: libseccomp-devel @@ -259,6 +248,9 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif +# Make sure that dracut supports systemd-executor and the renames done for v255 +Conflicts: dracut < 059-16 + Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-repart < %{version}-%{release}^ @@ -410,7 +402,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?have_gnu_efi} +%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} @@ -465,8 +457,8 @@ License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, machinectl, systemd-machined, and -systemd-importd. +This package contains systemd-nspawn, systemd-vmspawn, machinectl, +systemd-machined, and systemd-importd. %package journal-remote # Name is the same as in Debian @@ -499,6 +491,17 @@ systemd-networkd is a system service that manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. +%package networkd-defaults +Summary: Configure network interfaces with networkd by default +Requires: %{name}-networkd = %{version}-%{release} +License: MIT-0 +BuildArch: noarch + +%description networkd-defaults +This package contains a set of config files for systemd-networkd that cause it +to configure network interfaces by default. Note that systemd-networkd needs to +enabled for this to have any effect. + %package resolved Summary: Network Name Resolution manager Requires: %{name}%{_isa} = %{version}-%{release} @@ -514,7 +517,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name} = %{version}-%{release} +Requires: %{name}-udev = %{version}-%{release} License: LGPL-2.1-or-later BuildArch: noarch @@ -578,16 +581,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -%generate_buildrequires -%if 0%{?have_gnu_efi} -if grep -q gnu-efi meson_options.txt; then - echo 'gnu-efi' - echo 'gnu-efi-devel' -else - echo 'python3dist(pyelftools)' -fi -%endif - %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -601,49 +594,51 @@ CONFIGURE_OPTS=( -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 - -Dkmod=true - -Dxkbcommon=true - -Dblkid=true - -Dfdisk=true - -Dseccomp=true + -Dkmod=enabled + -Dxkbcommon=enabled + -Dblkid=enabled + -Dfdisk=enabled + -Dseccomp=enabled -Dima=true - -Dselinux=true - -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] - -Dapparmor=false - -Dpolkit=true - -Dxz=%[%{with xz}?"true":"false"] - -Dzlib=%[%{with zlib}?"true":"false"] - -Dbzip2=%[%{with bzip2}?"true":"false"] - -Dlz4=%[%{with lz4}?"true":"false"] - -Dzstd=%[%{with zstd}?"true":"false"] - -Dpam=true - -Dacl=true + -Dselinux=enabled + -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dapparmor=disabled + -Dpolkit=enabled + -Dxz=%[%{with xz}?"enabled":"disabled"] + -Dzlib=%[%{with zlib}?"enabled":"disabled"] + -Dbzip2=%[%{with bzip2}?"enabled":"disabled"] + -Dlz4=%[%{with lz4}?"enabled":"disabled"] + -Dzstd=%[%{with zstd}?"enabled":"disabled"] + -Dpam=enabled + -Dacl=enabled -Dsmack=true - -Dopenssl=true + -Dopenssl=enabled -Dcryptolib=openssl - -Dp11kit=true - -Dgcrypt=false - -Daudit=true - -Delfutils=true - -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] - -Delfutils=true - -Dpwquality=true - -Dqrencode=%[%{defined rhel}?"false":"true"] - -Dgnutls=%[%{with gnutls}?"true":"false"] - -Dmicrohttpd=true - -Dlibidn2=true - -Dlibiptc=false - -Dlibcurl=true - -Dlibfido2=true - -Dxenctrl=%[0%{?have_xen}?"true":"false"] + -Dp11kit=enabled + -Dgcrypt=disabled + -Daudit=enabled + -Delfutils=enabled + -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] + -Delfutils=enabled + -Dpwquality=enabled + -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] + -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] + -Dmicrohttpd=enabled + -Dvmspawn=enabled + -Dlibidn2=enabled + -Dlibiptc=disabled + -Dlibcurl=enabled + -Dlibfido2=enabled + -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] -Defi=true -Dtpm=true - -Dtpm2=true + -Dtpm2=enabled -Dhwdb=true -Dsysusers=true -Dstandalone-binaries=true -Ddefault-kill-user-processes=false -Dfirst-boot-full-preset=true + -Ddefault-network=true -Dtests=unsafe -Dinstall-tests=true -Dtty-gid=5 @@ -651,11 +646,10 @@ CONFIGURE_OPTS=( -Dnobody-user=nobody -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true - -Dsplit-usr=false -Dsplit-bin=true -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false - -Dman=true + -Dman=enabled -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}-%{release} @@ -670,6 +664,7 @@ CONFIGURE_OPTS=( # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer -Ddefault-timeout-sec=45 -Ddefault-user-timeout-sec=45 + -Dconfigfiledir=/usr/lib -Doomd=true -Dadm-gid=4 -Daudio-gid=63 @@ -692,21 +687,15 @@ CONFIGURE_OPTS=( -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet -) -if grep gnu-efi meson_options.txt; then - CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] ) -else - # For now, let's build the bootloader in the same places where we - # built with gnu-efi. Later on, we might want to extend coverage, but - # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. - CONFIGURE_OPTS+=( - -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] - -Dukify=%[%{?have_gnu_efi}?"true":"false"] - ) -fi + # For now, let's build the bootloader in the same places where we + # built with gnu-efi. Later on, we might want to extend coverage, but + # considering that that support is untested, let's not do this now. + # Note, ukify requires bootloader, let's also explicitly enable/disable it + # here for https://github.com/systemd/systemd/pull/24175. + -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] +) %if %{without lto} %global _lto_cflags %nil @@ -744,6 +733,25 @@ ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm touch %{buildroot}/etc/crypttab chmod 600 %{buildroot}/etc/crypttab +# Config files that were moved under /usr. +# We need to %ghost them so that they are not removed on upgrades. +touch %{buildroot}/etc/systemd/coredump.conf \ + %{buildroot}/etc/systemd/homed.conf \ + %{buildroot}/etc/systemd/journald.conf \ + %{buildroot}/etc/systemd/journal-remote.conf \ + %{buildroot}/etc/systemd/journal-upload.conf \ + %{buildroot}/etc/systemd/logind.conf \ + %{buildroot}/etc/systemd/networkd.conf \ + %{buildroot}/etc/systemd/oomd.conf \ + %{buildroot}/etc/systemd/pstore.conf \ + %{buildroot}/etc/systemd/resolved.conf \ + %{buildroot}/etc/systemd/sleep.conf \ + %{buildroot}/etc/systemd/system.conf \ + %{buildroot}/etc/systemd/timesyncd.conf \ + %{buildroot}/etc/systemd/user.conf \ + %{buildroot}/etc/udev/udev.conf \ + %{buildroot}/etc/udev/iocost.conf + # /etc/initab install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} @@ -844,43 +852,8 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i %find_lang %{name} -# Split files in build root into rpms. See split-files.py for the -# rules towards the end, anything which is an exception needs a line -# here. -python3 %{SOURCE2} %buildroot </dev/null || : # this would make things worse, increasing the number of warnings we get # about needed daemon-reload. -oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) - -# Work-around for #1931034. Remove after F34 is released. -if [ "$oomd_state" == "active" ]; then - systemctl stop -q systemd-oomd 2>/dev/null || : -fi - systemctl daemon-reexec &>/dev/null || { # systemd v239 had bug #9553 in D-Bus authentication of the private socket, # which was later fixed in v240 by #9625. @@ -928,10 +894,6 @@ systemctl daemon-reexec &>/dev/null || { fi } -if [ "$oomd_state" == "active" ]; then - systemctl start -q systemd-oomd 2>/dev/null || : -fi - [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -958,7 +920,7 @@ if [ $1 -eq 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) @@ -996,7 +958,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service %{?want_bootloader:systemd-boot-update.service} systemd-oomd.service systemd-portabled.service systemd-pstore.service systemd-timesyncd.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib @@ -1141,7 +1103,7 @@ fi %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE* # Only the licenses texts for the licenses in License line are included. -%license LICENSE.GPL2 LICENSE.LGPL2.1 +%license LICENSE.GPL2 %license LICENSES/MIT.txt %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants @@ -1174,7 +1136,7 @@ fi %files udev -f .file-list-udev -%if 0%{?have_gnu_efi} +%if 0%{?want_bootloader} %files ukify -f .file-list-ukify %files boot-unsigned -f .file-list-boot %endif @@ -1186,6 +1148,8 @@ fi %files networkd -f .file-list-networkd +%files networkd-defaults -f .file-list-networkd-defaults + %files oomd-defaults -f .file-list-oomd-defaults %files tests -f .file-list-tests