Commit Graph

1213 Commits

Author SHA1 Message Date
Panu Matilainen
dce828f167 Use rpm's sysuser provide generation on Fedora >= 39
Rpm >= 4.19 has native sysusers integration and generates similar
user() and group() provides but encodes additional information into
them, information that is required for the rpm integration to work.

Besides additional data, one noteworthy difference in the rpm generated
provides is there are no provides generated for m(ember) directives.
This is because users and groups possibly created by that directive are
a too implicit for dependency resolution and install ordering purposes
in the case where the user/group is actually owned by some other package.
2023-06-22 08:16:26 -06:00
Anita Zhang
d64ddbaa83 fix typos in standalone package provides 2023-06-21 15:59:17 +01:00
Yaakov Selkowitz
5982ae9504 Avoid pillow and pyflakes in RHEL builds
These test dependencies are unwanted in RHEL.
2023-06-05 12:49:57 -04:00
Yaakov Selkowitz
4980b39c44 Avoid qrencode dependency in RHEL builds
Based on c9s:

c7784e6584
2023-06-05 12:46:26 -04:00
Alessandro Astone
aedd5488be Increase vm.max_map_count
https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
2023-06-02 18:51:48 +02:00
Zbigniew Jędrzejewski-Szmek
21df2af848 Version 253.5 2023-06-01 16:46:08 +02:00
Zbigniew Jędrzejewski-Szmek
3d02d53d87 Version 253.4 2023-05-11 22:54:39 +02:00
Michael Catanzaro
806c95e1c7 Raise ManagedOOMMemoryPressureLimit from 50% to 80%
Admittedly I don't know what I'm doing here, but this should make
systemd-oomd kill things less often, which seems like the direction we
want to move towards, so let's try it.

https://pagure.io/fedora-workstation/issue/358
2023-05-11 18:46:17 +00:00
Zbigniew Jędrzejewski-Szmek
5448e2ee0e Add forgotten Provides and Conflicts for standalones 2023-05-09 14:59:07 +02:00
Zbigniew Jędrzejewski-Szmek
7e62bd0762 sysusers.generate-pre.sh: properly escape quotes in description strings
... (rhbz#2104141)

In the first version, I wanted to use POSIX quotes with $''. But that required
'printf %q', which brings in a dependency on coreutils.

Following mcr0mmand's suggestion, ${foo@Q} is used instead, which should work
equivalently, and does not require anything new.

Tested with 'sysusers.generate-pre.sh /usr/lib/sysusers.d/*conf'. The output is
the same before and after, apart from the dovecot user with a quote.
2023-04-26 13:27:07 +02:00
Zbigniew Jędrzejewski-Szmek
ef79df9490 sysusers.generate-pre.sh: fix indentation in generated scripts
We need to use a mix of spaces and tabs: the tabs are removed because of -EOF,
and then the spaces indent the output. Jesus.
2023-04-26 13:23:03 +02:00
Zbigniew Jędrzejewski-Szmek
1fa99260fc pytest-flakes is required for test_ukify.py
[skip changelog]
2023-04-22 12:37:06 +02:00
Zbigniew Jędrzejewski-Szmek
7f6f230506 Version 253.2 2023-03-29 22:23:51 +02:00
Zbigniew Jędrzejewski-Szmek
1320fc3009 oomd: stop monitoring user-*.slice slices
... (rhbz#2177722)

Oomd was killing a login session (user-*.slice/session-*.scope).

Quoting https://bugzilla.redhat.com/show_bug.cgi?id=2177722#c21:

> In F37 and prior the config was killing based on swap and pressure
> on user-*.slice/user@.service. In 7665e1796f
> it was changed to pressure only on system.slice and all slices under
> user.slice. The relevant point here is that this change now includes
> user-*.slice/session-*.scope which is the critical session bits
> you're seeing killed here.
>
> That session scope should be omitted. The config that I intended
> with the initial PR was for all slices under
> user.slice/user-*.slice/user@.service to be monitored, not for all
> slices under user.slice.

With the file removed:

$ oomctl | rg Path | sort
  Path: /system.slice
  Path: /user.slice/user-1000.slice/user@1000.service/app.slice
  Path: /user.slice/user-1000.slice/user@1000.service/session.slice
2023-03-29 18:17:29 +02:00
Zbigniew Jędrzejewski-Szmek
1a6178ce6e Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage 2023-03-09 09:05:16 +01:00
Zbigniew Jędrzejewski-Szmek
01af054efc Prepare to replace use of gnu-efi with the internal support
See https://github.com/systemd/systemd/pull/26641.
This will allow upstream pull request (and the main branch after the pull
request has been merged) to be built with the new code. This doesn't do
anything for official rpm builds until the new code is part of the sources.

[skip changelog]
2023-03-05 14:12:08 +01:00
Zbigniew Jędrzejewski-Szmek
9a0266ff7b Include two more patches that didn't make it into the stable tag
[skip changelog]
2023-03-03 20:14:38 +01:00
Zbigniew Jędrzejewski-Szmek
5227302c98 Really fix build with gnu-efi-3.0.11-13
It turns out that the patch applied cleanly when backported to
v253-stable, but did not work.

[skip changelog]
2023-03-03 20:11:48 +01:00
Zbigniew Jędrzejewski-Szmek
ddd4dcd1fe Fix build with gnu-efi-3.0.11-13 2023-03-03 18:56:53 +01:00
Zbigniew Jędrzejewski-Szmek
68db5d4680 Version 253.1
- Fixes rhbz#2148464
2023-03-03 18:28:25 +01:00
Zbigniew Jędrzejewski-Szmek
7a81930dd2 Move man pages for sd-boot into systemd-boot-unsigned 2023-03-01 14:09:03 +01:00
Zbigniew Jędrzejewski-Szmek
55ee787b77 Set TimeoutStopFailureMode=abort for services
... (see https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer)
2023-02-22 16:03:38 +01:00
Dusty Mabe
6770ee3c6d remove group write permission from 98-default-mac-none.link
The 99-default.link has 644 perms so let's do the same for
98-default-mac-none.link. This was tripping up a test in the
Fedora CoreOS test framework [1].

https://github.com/coreos/fedora-coreos-tracker/issues/1427
2023-02-21 14:51:35 +00:00
Dusty Mabe
cfc2c60978 fix comment instructions for 98-default-mac-none.link
Fixup for aff1671.
2023-02-21 14:51:35 +00:00
Zbigniew Jędrzejewski-Szmek
0104b2cfb3 Backport patch for container compatibility
... (rhbz#2165004)
2023-02-21 11:14:00 +01:00
Zbigniew Jędrzejewski-Szmek
4bdd16eba5 Add workaround patch for dracut generator issue
... (rhbz#2164404)
2023-02-21 11:06:27 +01:00
Zbigniew Jędrzejewski-Szmek
296e35b054 Version 253
... (mostly some documentation fixes since -rc3).
2023-02-20 21:07:32 +01:00
Zbigniew Jędrzejewski-Szmek
4f23aac033 Version 253-rc3
- A bunch of bugfixes for regressions, some documentation and bug fixes too.
- Really fix rhbz#2165692 (previous build carried an unapplied patch).
2023-02-10 18:57:22 +01:00
Zbigniew Jędrzejewski-Szmek
b642986a84 Revert patch switch causes problems for 'systemctl isolate'
... (rhbz#2165692)
2023-02-09 22:55:13 +01:00
Zbigniew Jędrzejewski-Szmek
8eea43e714 Disable systemd-boot-update.service in presets 2023-02-08 16:39:45 +01:00
Zbigniew Jędrzejewski-Szmek
0dfb1a37e1 Use proper capitalization in license string
[skip changelog]
2023-02-08 12:38:11 +01:00
Zbigniew Jędrzejewski-Szmek
eb6fe37e3c Update License to SPDX 2023-02-08 12:31:21 +01:00
Thomas Haller
aff167152e add "98-default-mac-none.link" to keep default MAC address of bridge/bond/team
https://bugzilla.redhat.com/show_bug.cgi?id=2107754
https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_none
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/FZGH473ZUGPXK2E3GOEQ5TBLJ62FYJBC/
2023-02-06 15:30:29 +01:00
Michael Catanzaro
ba02e90496 Shorten shutdown timeout to 45 s 2023-02-02 20:46:37 +01:00
Zbigniew Jędrzejewski-Szmek
708a09cead Version 253~rc2
- Sysusers fixup (rhbz#2156900) + other small changes
2023-02-02 20:40:31 +01:00
Zbigniew Jędrzejewski-Szmek
ba48b51817 BuildRequire pytest
This is needed to run ukify tests. They were skipped because pytest
was not available.

[skip changelog]
2023-02-02 20:34:01 +01:00
Yaakov Selkowitz
3c935dd203 Build with xen only on Fedora 2023-02-01 20:14:52 -05:00
Zbigniew Jędrzejewski-Szmek
189f5d16f4 Add a new provides with just the version
[skip changelog]
2023-01-27 16:08:56 +01:00
Zbigniew Jędrzejewski-Szmek
efa3d301b9 Reenable systemd-journald-audit.socket after upgrades
... (rhbz#2164594)

The socket exists and is enabled in the initrd. After switch-root, the system
goes into an infinite loop trying to stop the socket while incoming audit
messages trigger start jobs for the socket. This is a bug in the transaction
logic, that'll need to be fixed separately.

We need to preset the socket after the upgrade so that it remains enabled
by default. This should fix the boot issue, though it's not a complete fix,
because we actually want to allow people to disable the socket.

On initial install, the socket is covered by preset-all and gets enabled.
2023-01-26 11:28:32 +01:00
Zbigniew Jędrzejewski-Szmek
58eb55671d Add Requires on Python modules to systemd-ukify and Recommends for libp11-kit 2023-01-25 15:10:41 +01:00
Zbigniew Jędrzejewski-Szmek
903ce887fd Version 253~rc1
- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS
- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone,
  and systemd-ukify.
2023-01-25 00:16:28 +01:00
Zbigniew Jędrzejewski-Szmek
a142c87042 Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3
gcc has a new warning which caught a bug of int/enum mismatches.
And we would crash on some architectures when built with -D_FORTIFY_SOURCE=3
because of our malloc_usable_size() use.

This should resolve the build failure in F38 mass build.
2023-01-22 22:41:22 +01:00
Fedora Release Engineering
17d16267e2 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-21 04:33:41 +00:00
Daan De Meyer
67561d75bf Add python3 to BuildRequires
Let's make it explicit that python3 is required during the build
process.
2023-01-05 13:52:34 +01:00
Zbigniew Jędrzejewski-Szmek
befb0e11dd Version 252.4
- Fixes a few different issues (systemd-timesyncd connectivity problems, broken
  emoji output on the console, crashes in pid1 unit dependency logic)
- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel
  setting
2022-12-20 19:27:52 +01:00
Zbigniew Jędrzejewski-Szmek
732bdcb223 boot: add Provides:systemd-boot(isa)
As requested in https://github.com/rhinstaller/anaconda/pull/4368#discussion_r1043839809,
so that it's easier to depend on the appropriate package. Once we have the
signed version built, this provides might be dropped. But let's add it at least
for now so that there's a stable name to depend on.

While at it, let's drop ? from %{_isa}. Systemd is always archful.
2022-12-17 18:34:31 +01:00
Zbigniew Jędrzejewski-Szmek
1d366e53d8 Stop trying to use removed source file
[skip changelog]
2022-12-15 12:48:00 +01:00
Zbigniew Jędrzejewski-Szmek
2a3fc2e21f Use upstream pam systemd-auth file with a patch, add pam_keyinit
This file changes rarely, but it does every one in a while. And since we have an
independent copy, we forget to adjust it. We have had already two bugs because
of this. I submitted a PR upstream to include pam_namespace (because that makes
sense for all distros), so the diff between upstream and us now is just the
inclusion of system-auth (which is not upstreamable).

Effectively, the only difference right now is that 'pam_keyinit force revoke'
is included. It was added upstream with the comment:

   We want that systemd --user gets its own keyring as usual, even if the
   barebones PAM snippet we ship upstream is used. If we don't do this we get
   the basic keyring systemd --system sets up for us.
2022-12-14 22:35:52 +01:00
Zbigniew Jędrzejewski-Szmek
ef4c00c6a4 Version 252.3
... (rhbz#2136916, rhbz#2083900)
2022-12-08 23:10:51 +01:00
Zbigniew Jędrzejewski-Szmek
778f8ef8a5 Do not create boot subpackage on non-efi arches
This fixes build.
[skip changelog]
2022-12-03 09:47:34 +01:00