Commit Graph

1014 Commits

Author SHA1 Message Date
Anita Zhang
7665e1796f Update systemd-oomd defaults to friendlier values
- Remove swap policy. Default amount of swap (8GB?) is a lot lower than
  what we use internally with the swap policy. Which frequently leads to
  GNOME getting killed
  (e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other
  BZs not linked here). Internally we use 0.5x-1x size of physical memory
  for swap via swapfiles (this will be documented in systemd upstream).
  In simple cases of using more memory than is available (but without
  memory pressure), the Kernel OOM killer can handle killing the
  offending process.

- Expand the memory pressure policy to system.slice, user-.slice, and
  all user owned slices. Support for ManagedOOM*= on user services was
  added in https://github.com/systemd/systemd/pull/20690 which allows
  us to be more fine grained on the pressure monitoring at the user
  level. In addition to the system.slice and user-.slice PSI monitoring
  this should result in a better systemd-oomd experience for desktop
  systems.
2022-09-30 14:49:03 +00:00
Zbigniew Jędrzejewski-Szmek
aac22baa3b Make systemd-devel conditionally pull in systemd-rpm-macros
If people BR:systemd-devel, they should get the macros too. It's a
tiny package, and we shouldn't require people to BR two things.

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/A5BGKRZVFDOBNMCBUPUCKLKHWEW5V2JE/
2022-09-29 10:22:45 +02:00
Neal Gompa
95413629b4 Manually bump release and add changelog for previous commit
C.f. https://pagure.io/fedora-infra/rpmautospec/pull-request/267

[skip changelog]
2022-08-19 15:49:11 -04:00
Neal Gompa
f5157f6a05 Set compile-time fallback hostname to "localhost"
This ensures that we have a universal unbranded fallback hostname.
The branded fallback hostname will be set in os-release(5) instead.

Reference: https://fedoraproject.org/wiki/Changes/FallbackHostname
2022-08-19 19:41:09 +00:00
Kalev Lember
76ce06c4a6 Manually bump release and add changelog for previous commit
C.f. https://pagure.io/fedora-infra/rpmautospec/pull-request/267

[skip changelog]
2022-08-19 14:44:43 +02:00
Kalev Lember
1e997acc65 Avoid requiring systemd-pam from -devel subpackage
Instead, add systemd-pam to pungi-fedora's multilib whitelist:
https://pagure.io/pungi-fedora/pull-request/1113

This should help with flatpak runtime packaging so that we can avoid
having to ship systemd-pam in the flatpak container.
2022-08-18 18:45:42 +02:00
Zbigniew Jędrzejewski-Szmek
aeb2225403 Manually bump release version for rpmautospec
C.f. https://pagure.io/releng/issue/10952.

[skip changelog]
2022-08-09 16:31:12 +02:00
Zbigniew Jędrzejewski-Szmek
89715a5ded Backport patches and do a full preset on first boot
... (#2114065,
https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot)
2022-08-09 13:02:59 +02:00
Zbigniew Jędrzejewski-Szmek
fa3038d631 Version 251.4
... (fixes rhbz#2112551)
- A bunch of fixes to documentation, crashes in systemd-resolved,
  systemd-networkd, systemd itself, and other smaller fixes.
2022-08-08 13:10:27 +02:00
Zbigniew Jędrzejewski-Szmek
99fbfcd5a2 Convert to rpmautospec 2022-08-08 13:10:06 +02:00
Fedora Release Engineering
31a512dde1 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-23 09:59:57 +00:00
Zbigniew Jędrzejewski-Szmek
8ed6e37eb4 Version 251.3 2022-07-14 09:48:35 +02:00
Zbigniew Jędrzejewski-Szmek
9e8220ffd3 Drop forgotten "temporary" workaround for #1663040 2022-07-13 15:06:22 +02:00
Zbigniew Jędrzejewski-Szmek
27c0d43eff Drop Obsoletes for systemd-standalone-{tmpfiles,sysusers}
It turns out that with the Obsoletes, dnf will just install the normal
systemd package if systemd-standalone-* is requested. The commit message
for b36512ad8f which added this says I tested
with local package builds (where it works), but not when going through the
full repo with all packages.

I'm adding the Provides instead, so that it's possible to request on or
the other more easily.
2022-07-03 21:31:40 +02:00
Zbigniew Jędrzejewski-Szmek
ee5cf7fbad Drop forward-secure-sealing code from sd-journal and tools
I asked on fedora-devel@, and the lone reply was from Matthew Miller
who tried it once when it was introduced and hasn't used it since.
Dropping this removes the last dependency on libgcrypt and libgpg-error
in libsystemd, significantly reducing our installation footprint.

Right now libmicrohttpd is still linked to libgcrypt, so
libsystemd-journal-remote subpackage will pull libgcrypt in.
2022-06-29 17:17:14 +02:00
Zbigniew Jędrzejewski-Szmek
fae302cf1d Revert "Add workaround for audit breakage"
This reverts commit a4d136e22a.

audit-3.0.8 is out, so this should be fixed now.
2022-06-29 08:37:59 +02:00
Zbigniew Jędrzejewski-Szmek
6af49ef1a1 Add patch to fix build on i686 2022-06-03 10:15:05 +02:00
Zbigniew Jędrzejewski-Szmek
81108b2d49 Version 251.2 2022-06-02 20:30:56 +02:00
Zbigniew Jędrzejewski-Szmek
b45625adb1 Revert "Drop old work-around patch"
This reverts commit 9a48377e0a.

Apparently the patch is still needed, without it we get issues in CI
packit builds.
2022-05-25 21:48:16 +02:00
Zbigniew Jędrzejewski-Szmek
6ac7409b1e Bump release 2022-05-25 15:38:21 +02:00
Zbigniew Jędrzejewski-Szmek
9a48377e0a Drop old work-around patch
This was reported to be an issue on older kernels, so let's hope
it is resolved now.
2022-05-25 14:48:33 +02:00
Zbigniew Jędrzejewski-Szmek
7776269804 Reintroduce the tag for shared libraries 2022-05-25 14:45:31 +02:00
Zbigniew Jędrzejewski-Szmek
ee6588e902 Drop "v" from the version tag, add tilde back
When -Dversion-tag was initially added in edaa157918,
I used "v" without any comment. But upstream does not use "v", so we have
versions which don't compare directly:

$ build/systemctl --version|head -n1
systemd 251 (251-66-g7e46a5c+)
$ systemctl --version|head -n1
systemd 251 (v251-1.fc37)

And in 3c4f9413a7, when -Dshared-lib-tag= was
introduced, %{version} was replaced by %{version_no_tilde}, again without any
specific comment. For the shared-lib-tag, it makes sense to use _no_tilde,
because it's enough to have non-conflicting file names, and we don't compare
the tags. I guess I wanted both uses to be consistent. But if we substitute
the tilde, we can't do proper comparisons.

I noticed the following issue: with sd-boot installed from git and a
package, upgrades wouldn't work:

Comparing versions: "systemd-boot v251-1.fc37" < "systemd-boot 251-rc1-390-g3603f15
Skipping "/boot/efi/EFI/systemd/systemd-bootx64.efi", since newer boot loader version in place already.

The two changes should make those comparisons work properly in most
cases.
2022-05-25 14:32:47 +02:00
Zbigniew Jędrzejewski-Szmek
a65bd010dd Supress errors from useradd/groupadd 2022-05-25 14:18:25 +02:00
Zbigniew Jędrzejewski-Szmek
25bb51fde1 Version 251.1 2022-05-24 23:38:53 +02:00
Zbigniew Jędrzejewski-Szmek
3b52a12c30 Version 251 2022-05-21 18:27:30 +02:00
Zbigniew Jędrzejewski-Szmek
98759ccb29 Skip workaround patch in packit builds 2022-05-19 12:39:10 +02:00
Zbigniew Jędrzejewski-Szmek
3a876074d2 Run sysusers and friends also if systemd is not running
I tested this with 'sudo dnf --installroot=…', with both
systemd+system-udev installed in one transaction, and in two separate
transactions. Users are created as expected in both cases.
2022-05-16 22:11:21 +02:00
Zbigniew Jędrzejewski-Szmek
4cd7098f04 Version 251-rc3 2022-05-16 19:05:09 +02:00
Adam Williamson
7d3e9ecfd7 Backport #23352 to fix RHBZ #2083374 2022-05-11 14:17:03 -07:00
Zbigniew Jędrzejewski-Szmek
95c9cf61af Remove bfq patch in packit builds 2022-05-06 20:48:00 +02:00
Zbigniew Jędrzejewski-Szmek
04e285047a Version 251-rc2 2022-05-05 19:40:03 +02:00
Zbigniew Jędrzejewski-Szmek
d3aa9f1d33 Two patches to maybe help with the compose
This is really a stab in the dark.
2022-04-12 22:07:51 +02:00
Zbigniew Jędrzejewski-Szmek
4047e4fb7b Do not touch /etc/resolv.conf on upgrades 2022-04-12 10:28:28 +02:00
Frantisek Sumsal
b022402aba Do not require bpftool for i386 builds 2022-04-12 10:28:26 +02:00
Zbigniew Jędrzejewski-Szmek
16421fb073 Temporarily revert libsystemd-core and private shared suffix 2022-04-04 11:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
3c4f9413a7 Version 251-rc1 2022-03-29 22:41:15 +02:00
Zbigniew Jędrzejewski-Szmek
98684a818d Fix the wrong file assignment done in previous version 2022-03-18 13:37:38 +01:00
Zbigniew Jędrzejewski-Szmek
5cd5963410 Update to version 250.4
250.3 does not build because of the rebased bfq patch.
2022-03-17 22:02:39 +01:00
Zbigniew Jędrzejewski-Szmek
0078f9a102 Really move libcryptsetup plugins to -udev 2022-03-17 21:37:30 +01:00
Michael Catanzaro
28acb3f912 Disable default DNS over TLS (#1889901) 2022-03-14 09:48:35 -05:00
Zbigniew Jędrzejewski-Szmek
5e7fc47a08 Avoid trying to create the symlink if there's a dangling symlink already
'test -e' says 'no' for dangling symlinks.

Let's also ignore the error if this fails. We shouldn't fail the
transaction.
2022-02-24 20:27:09 +01:00
Zbigniew Jędrzejewski-Szmek
a4d136e22a Add workaround for audit breakage 2022-02-24 08:56:56 +01:00
Zbigniew Jędrzejewski-Szmek
c971c5b980 Drop some unnecessary requirements 2022-02-24 08:45:02 +01:00
Zbigniew Jędrzejewski-Szmek
8c4c6daba9 Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing
The analysis in 1ba983e0be was wrong.
Both systemd-journal and utmp need to be created. For some reason rpm
reports only the first group which is not available. It was
complaining about systemd-journal, and when that was "fixed", it
started complaining about utmp. Let's apply the same logic here.
Non-root users of files owned by utmp group should only matter after a
reboot, and tmpfiles will adjust the ownership.

Running transaction
  Running scriptlet: filesystem-3.16-2.fc36.x86_64                        1/1
  Preparing        :                                                      1/1
  Installing       : libgcc-12.0.1-0.8.fc37.x86_64                       1/76
  Running scriptlet: libgcc-12.0.1-0.8.fc37.x86_64                       1/76
  Installing       : fedora-release-identity-basic-37-0.2.noarch         2/76
  Installing       : tzdata-2021e-4.fc36.noarch                          3/76
  Installing       : pcre2-syntax-10.39-1.fc36.1.noarch                  4/76
  Installing       : ncurses-base-6.2-9.20210508.fc36.noarch             5/76
  Installing       : fedora-gpg-keys-37-0.1.noarch                       6/76
  Installing       : fedora-release-37-0.2.noarch                        7/76
  Installing       : fedora-release-common-37-0.2.noarch                 8/76
  Installing       : fedora-repos-rawhide-37-0.1.noarch                  9/76
  Installing       : fedora-repos-37-0.1.noarch                         10/76
  Installing       : setup-2.13.9.1-3.fc36.noarch                       11/76
  Running scriptlet: setup-2.13.9.1-3.fc36.noarch                       11/76
  Installing       : filesystem-3.16-2.fc36.x86_64                      12/76
  Installing       : basesystem-11-13.fc36.noarch                       13/76
  Installing       : glibc-minimal-langpack-2.35-2.fc37.x86_64          14/76
  Installing       : glibc-common-2.35-2.fc37.x86_64                    15/76
  Running scriptlet: glibc-2.35-2.fc37.x86_64                           16/76
  Installing       : glibc-2.35-2.fc37.x86_64                           16/76
  Running scriptlet: glibc-2.35-2.fc37.x86_64                           16/76
  Installing       : ncurses-libs-6.2-9.20210508.fc36.x86_64            17/76
  Installing       : bash-5.1.16-2.fc36.x86_64                          18/76
  Running scriptlet: bash-5.1.16-2.fc36.x86_64                          18/76
  Installing       : libuuid-2.38-0.2.fc36.x86_64                       19/76
  Installing       : libcap-2.48-4.fc36.x86_64                          20/76
  Installing       : libattr-2.5.1-4.fc36.x86_64                        21/76
  Installing       : libacl-2.3.1-3.fc36.x86_64                         22/76
  Installing       : libzstd-1.5.2-1.fc36.x86_64                        23/76
  Installing       : xz-libs-5.2.5-8.fc36.x86_64                        24/76
  Installing       : zlib-1.2.11-31.fc36.x86_64                         25/76
  Installing       : bzip2-libs-1.0.8-11.fc36.x86_64                    26/76
  Installing       : libcap-ng-0.8.2-9.fc36.x86_64                      27/76
  Installing       : audit-libs-3.0.7-1.fc36.x86_64                     28/76
  Installing       : libsepol-3.3-3.fc36.x86_64                         29/76
  Installing       : libxcrypt-4.4.28-1.fc37.x86_64                     30/76
  Installing       : lz4-libs-1.9.3-4.fc36.x86_64                       31/76
  Installing       : pcre2-10.39-1.fc36.1.x86_64                        32/76
  Installing       : libselinux-3.3-4.fc36.x86_64                       33/76
  Installing       : libsemanage-3.3-3.fc37.x86_64                      34/76
  Installing       : shadow-utils-2:4.11.1-2.fc37.x86_64                35/76
  Installing       : sed-4.8-10.fc36.x86_64                             36/76
  Installing       : dbus-common-1:1.13.20-3.fc36.noarch                37/76
  Running scriptlet: dbus-common-1:1.13.20-3.fc36.noarch                37/76
  Installing       : alternatives-1.19-2.fc36.x86_64                    38/76
  Installing       : expat-2.4.6-1.fc37.x86_64                          39/76
  Installing       : gmp-1:6.2.1-2.fc36.x86_64                          40/76
  Installing       : json-c-0.15-3.fc36.x86_64                          41/76
  Installing       : libargon2-20171227-8.fc36.x86_64                   42/76
  Installing       : libeconf-0.4.0-3.fc36.x86_64                       43/76
  Installing       : pam-libs-1.5.2-11.fc37.x86_64                      44/76
  Installing       : libffi-3.4.2-8.fc36.x86_64                         45/76
  Installing       : p11-kit-0.24.1-2.fc36.x86_64                       46/76
  Installing       : libgpg-error-1.44-1.fc36.x86_64                    47/76
  Installing       : libgcrypt-1.10.0-1.fc36.x86_64                     48/76
  Installing       : systemd-libs-250.3-4.fc37.x86_64                   49/76
  Running scriptlet: dbus-broker-29-5.fc36.x86_64                       50/76
useradd warning: dbus's uid 81 outside of the SYS_UID_MIN 201 and SYS_UID_MAX 999 range.

  Installing       : dbus-broker-29-5.fc36.x86_64                       50/76
  Running scriptlet: dbus-broker-29-5.fc36.x86_64                       50/76
  Installing       : dbus-1:1.13.20-3.fc36.x86_64                       51/76
  Installing       : libseccomp-2.5.3-2.fc36.x86_64                     52/76
  Installing       : libsmartcols-2.38-0.2.fc36.x86_64                  53/76
  Installing       : libtasn1-4.18.0-2.fc36.x86_64                      54/76
  Installing       : p11-kit-trust-0.24.1-2.fc36.x86_64                 55/76
  Running scriptlet: p11-kit-trust-0.24.1-2.fc36.x86_64                 55/76
  Installing       : libunistring-1.0-1.fc36.x86_64                     56/76
  Installing       : libidn2-2.3.2-4.fc36.x86_64                        57/76
  Installing       : pcre-8.45-1.fc36.1.x86_64                          58/76
  Installing       : grep-3.7-2.fc36.x86_64                             59/76
  Installing       : crypto-policies-20220203-2.git112f859.fc36.noarch  60/76
  Running scriptlet: crypto-policies-20220203-2.git112f859.fc36.noarch  60/76
  Installing       : coreutils-common-9.0-3.fc36.x86_64                 61/76
  Installing       : openssl-libs-1:3.0.0-1.fc36.x86_64                 62/76
  Installing       : coreutils-9.0-3.fc36.x86_64                        63/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Installing       : ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Installing       : libblkid-2.38-0.2.fc36.x86_64                      65/76
  Running scriptlet: libblkid-2.38-0.2.fc36.x86_64                      65/76
  Installing       : libmount-2.38-0.2.fc36.x86_64                      66/76
  Installing       : util-linux-core-2.38-0.2.fc36.x86_64               67/76
  Running scriptlet: util-linux-core-2.38-0.2.fc36.x86_64               67/76
  Installing       : libfdisk-2.38-0.2.fc36.x86_64                      68/76
  Installing       : kmod-libs-29-7.fc36.x86_64                         69/76
  Installing       : cryptsetup-libs-2.4.3-2.fc36.x86_64                70/76
  Installing       : device-mapper-libs-1.02.175-7.fc36.x86_64          71/76
  Installing       : device-mapper-1.02.175-7.fc36.x86_64               72/76
  Installing       : systemd-pam-250.3-4.fc37.x86_64                    73/76
  Installing       : systemd-resolved-250.3-4.fc37.x86_64               74/76
  Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64               74/76
  Installing       : systemd-networkd-250.3-4.fc37.x86_64               75/76
  Running scriptlet: systemd-networkd-250.3-4.fc37.x86_64               75/76
  Installing       : systemd-250.3-4.fc37.x86_64                        76/76
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root

  Running scriptlet: systemd-250.3-4.fc37.x86_64                        76/76
Creating group 'utmp' with GID 22.
Creating group 'input' with GID 104.
Creating group 'kvm' with GID 36.
Creating group 'render' with GID 105.
Creating group 'sgx' with GID 106.
Creating group 'systemd-journal' with GID 190.
Creating group 'systemd-network' with GID 192.
Creating user 'systemd-network' (systemd Network Management) with UID 192 and GID 192.
Creating group 'systemd-oom' with GID 999.
Creating user 'systemd-oom' (systemd Userspace OOM Killer) with UID 999 and GID 999.
Creating group 'systemd-resolve' with GID 193.
Creating user 'systemd-resolve' (systemd Resolver) with UID 193 and GID 193.

  Running scriptlet: filesystem-3.16-2.fc36.x86_64                      76/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            76/76
  Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64               76/76
'/etc/resolv.conf' -> '../run/systemd/resolve/stub-resolv.conf'

  Running scriptlet: systemd-250.3-4.fc37.x86_64                        76/76
2022-02-24 00:11:19 +01:00
Zbigniew Jędrzejewski-Szmek
4cc75bbba5 Move part of %post scriptlet for resolved to %posttrans (rhbz#2018913) 2022-02-23 23:52:08 +01:00
Zbigniew Jędrzejewski-Szmek
996c95efaf Bump release 2022-02-16 22:42:27 +01:00
Zbigniew Jędrzejewski-Szmek
4c2d7265ec Add patch for new kernel headers
It's already included in systemd-stable, but v250.4 hasn't been tagged
yet.
2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
e48b9066b7 Drop unused dependencies for scriptlets 2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
1ba983e0be Specify owner of /var/log/journal as root in the rpm listing
$ rpm -qlv systemd |grep -v 'root     root'
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /run/utmp
-rw-rw----    1 root     utmp         0 Jan 22 03:38 /var/log/btmp
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/lastlog
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/wtmp
drwxr-sr-x    2 root     systemd-     0 Jan 22 03:38 /var/log/journal

During installation rpm would log an error that systemd-journal group
is unknown. We create all our users by calling sysusers in the %post
scriptlet, but that is too late. To avoid the warning we could either
add a %pre scriptlet, but that'd require adding a dependency on
shadow-utils for groupadd, since we can't use our own tools before we
are installed. Let's instead create the directory owned by root.root,
and change the group afterwards. The group ownership is for file
ownership, and in the worst case (we don't assign the group or set
mode +s), unprivileged users will not be able to read the logs.

We also use 'utmp' group, but that is provided by setup.rpm and is not
an issue.

https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24
2022-02-16 22:33:01 +01:00