Compare commits
108 Commits
208e342f29
...
b28b4b7e65
Author | SHA1 | Date |
---|---|---|
David Abdurachmanov | b28b4b7e65 | |
David Abdurachmanov | 44f4eef37a | |
Zbigniew Jędrzejewski-Szmek | a9b4725785 | |
Zbigniew Jędrzejewski-Szmek | 99506ee643 | |
Zbigniew Jędrzejewski-Szmek | bb2f5f0fab | |
Zbigniew Jędrzejewski-Szmek | 9a522c2a5a | |
Adam Williamson | 18e1ed3201 | |
Zbigniew Jędrzejewski-Szmek | 592d710bfd | |
Zbigniew Jędrzejewski-Szmek | bd2499ee33 | |
Zbigniew Jędrzejewski-Szmek | 5dfe4c64c5 | |
Zbigniew Jędrzejewski-Szmek | 3f41433302 | |
Zbigniew Jędrzejewski-Szmek | 360975c08b | |
Zbigniew Jędrzejewski-Szmek | f66faf9fa1 | |
Zbigniew Jędrzejewski-Szmek | 32656b2b87 | |
Zbigniew Jędrzejewski-Szmek | 6674346bfd | |
Zbigniew Jędrzejewski-Szmek | 8365e8181d | |
Zbigniew Jędrzejewski-Szmek | 14701a7bc8 | |
Zbigniew Jędrzejewski-Szmek | c95e750cfb | |
Zbigniew Jędrzejewski-Szmek | 11c465372a | |
Daan De Meyer | c4232bef96 | |
Daan De Meyer | 46dc8f5060 | |
Yu Watanabe | 45fc64ccd0 | |
Yu Watanabe | 49575fa6ed | |
Zbigniew Jędrzejewski-Szmek | f5162af2a6 | |
Zbigniew Jędrzejewski-Szmek | 3c4a463e49 | |
Zbigniew Jędrzejewski-Szmek | 453f57749f | |
Zbigniew Jędrzejewski-Szmek | c4c8de9e3e | |
Daan De Meyer | 993f682ecc | |
Daan De Meyer | 2b6870dbdc | |
Daan De Meyer | 6775af66c5 | |
Zbigniew Jędrzejewski-Szmek | d9fe7ec043 | |
Zbigniew Jędrzejewski-Szmek | 1edbd67466 | |
Fedora Release Engineering | 8e1134ffe7 | |
Zbigniew Jędrzejewski-Szmek | 219083fc04 | |
Stewart Smith | 5c840a72b5 | |
Stewart Smith | 379f9bfba1 | |
Zbigniew Jędrzejewski-Szmek | c50dc7ccda | |
Zbigniew Jędrzejewski-Szmek | d80a45533d | |
Yaakov Selkowitz | 9c05b44a4b | |
Panu Matilainen | dce828f167 | |
Anita Zhang | d64ddbaa83 | |
Yaakov Selkowitz | 5982ae9504 | |
Yaakov Selkowitz | 4980b39c44 | |
Alessandro Astone | aedd5488be | |
Zbigniew Jędrzejewski-Szmek | 21df2af848 | |
Zbigniew Jędrzejewski-Szmek | 3d02d53d87 | |
Michael Catanzaro | 806c95e1c7 | |
Zbigniew Jędrzejewski-Szmek | 5448e2ee0e | |
Zbigniew Jędrzejewski-Szmek | 7e62bd0762 | |
Zbigniew Jędrzejewski-Szmek | ef79df9490 | |
Zbigniew Jędrzejewski-Szmek | 1fa99260fc | |
Zbigniew Jędrzejewski-Szmek | 7f6f230506 | |
Zbigniew Jędrzejewski-Szmek | 1320fc3009 | |
Zbigniew Jędrzejewski-Szmek | 1a6178ce6e | |
Zbigniew Jędrzejewski-Szmek | 01af054efc | |
Zbigniew Jędrzejewski-Szmek | 9a0266ff7b | |
Zbigniew Jędrzejewski-Szmek | 5227302c98 | |
Zbigniew Jędrzejewski-Szmek | ddd4dcd1fe | |
Zbigniew Jędrzejewski-Szmek | 68db5d4680 | |
Zbigniew Jędrzejewski-Szmek | 7a81930dd2 | |
Zbigniew Jędrzejewski-Szmek | 55ee787b77 | |
Dusty Mabe | 6770ee3c6d | |
Dusty Mabe | cfc2c60978 | |
Zbigniew Jędrzejewski-Szmek | 0104b2cfb3 | |
Zbigniew Jędrzejewski-Szmek | 4bdd16eba5 | |
Zbigniew Jędrzejewski-Szmek | 296e35b054 | |
Zbigniew Jędrzejewski-Szmek | 4f23aac033 | |
Zbigniew Jędrzejewski-Szmek | b642986a84 | |
Zbigniew Jędrzejewski-Szmek | 8eea43e714 | |
Zbigniew Jędrzejewski-Szmek | 0dfb1a37e1 | |
Zbigniew Jędrzejewski-Szmek | eb6fe37e3c | |
Thomas Haller | aff167152e | |
Michael Catanzaro | ba02e90496 | |
Zbigniew Jędrzejewski-Szmek | 708a09cead | |
Zbigniew Jędrzejewski-Szmek | ba48b51817 | |
Yaakov Selkowitz | 3c935dd203 | |
Zbigniew Jędrzejewski-Szmek | 189f5d16f4 | |
Zbigniew Jędrzejewski-Szmek | efa3d301b9 | |
Zbigniew Jędrzejewski-Szmek | 58eb55671d | |
Zbigniew Jędrzejewski-Szmek | 903ce887fd | |
Zbigniew Jędrzejewski-Szmek | a142c87042 | |
Fedora Release Engineering | 17d16267e2 | |
Daan De Meyer | 67561d75bf | |
Zbigniew Jędrzejewski-Szmek | befb0e11dd | |
Zbigniew Jędrzejewski-Szmek | 732bdcb223 | |
Zbigniew Jędrzejewski-Szmek | 1d366e53d8 | |
Zbigniew Jędrzejewski-Szmek | 2a3fc2e21f | |
Zbigniew Jędrzejewski-Szmek | ef4c00c6a4 | |
Zbigniew Jędrzejewski-Szmek | 778f8ef8a5 | |
Zbigniew Jędrzejewski-Szmek | 54a3b6f942 | |
Zbigniew Jędrzejewski-Szmek | da37ad3139 | |
Martin Osvald | 83301531c0 | |
Zbigniew Jędrzejewski-Szmek | b3fa8789f9 | |
Zbigniew Jędrzejewski-Szmek | c6d202c6ac | |
Zbigniew Jędrzejewski-Szmek | eeb9a47dfb | |
Zbigniew Jędrzejewski-Szmek | 9acedf97ae | |
Zbigniew Jędrzejewski-Szmek | 6594cdc49b | |
Zbigniew Jędrzejewski-Szmek | bab6dfc23a | |
Zbigniew Jędrzejewski-Szmek | 3c5b26ff79 | |
Zbigniew Jędrzejewski-Szmek | b2ad8fb38b | |
Zbigniew Jędrzejewski-Szmek | 0b51ecfabd | |
Zbigniew Jędrzejewski-Szmek | 58777c7cac | |
Zbigniew Jędrzejewski-Szmek | 1ffb1df909 | |
Yu Watanabe | 38161d034a | |
Yu Watanabe | 0455d50768 | |
Luca BRUNO | f27d461663 | |
Anita Zhang | 7665e1796f | |
Zbigniew Jędrzejewski-Szmek | aac22baa3b |
|
@ -1,5 +1,7 @@
|
|||
- project:
|
||||
vars:
|
||||
install_repo_exclude:
|
||||
- systemd-standalone-repart
|
||||
- systemd-standalone-shutdown
|
||||
- systemd-standalone-sysusers
|
||||
- systemd-standalone-tmpfiles
|
||||
- systemd-standalone-sysuser
|
||||
|
|
|
@ -0,0 +1,243 @@
|
|||
From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Sat, 9 Sep 2023 14:46:32 +0200
|
||||
Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units
|
||||
|
||||
This adds a new "PollLimit" pair of settings to .socket units, very
|
||||
similar to existing "TriggerLimit" logic. The differences are:
|
||||
|
||||
* PollLimit focusses on the polling on the sockets, and pauses that
|
||||
temporarily if a ratelimit on that is reached. TriggerLimit otoh
|
||||
focusses on the triggering effect of socket units, and stops
|
||||
triggering once the ratelimit is hit.
|
||||
|
||||
* While the trigger limit being hit is an action that causes the socket
|
||||
unit to fail the polling limit being reached will just temporarily
|
||||
disable polling on the socket fd, and it is resumed once the ratelimit
|
||||
interval is over.
|
||||
|
||||
* When a socket unit operates on multiple socket fds (e,g, ListenStream=
|
||||
on both some ipv6 and an ipv4 address or so). Then the PollLimit will
|
||||
be specific to each fd, while the trigger limit is specific to the
|
||||
whole unit.
|
||||
|
||||
Implementation-wise this is mostly a wrapper around sd-event's
|
||||
sd_event_source_set_ratelimit(), which exposes the desired behaviour
|
||||
directly.
|
||||
|
||||
Usecase for all of this: socket services which when overloaded with
|
||||
connections should just slow down reception of it, but not fail
|
||||
persistently.
|
||||
|
||||
(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e)
|
||||
---
|
||||
man/org.freedesktop.systemd1.xml | 12 ++++++++++
|
||||
src/core/dbus-socket.c | 8 +++++++
|
||||
src/core/load-fragment-gperf.gperf.in | 2 ++
|
||||
src/core/socket.c | 32 +++++++++++++++++++--------
|
||||
src/core/socket.h | 2 ++
|
||||
src/shared/bus-unit-util.c | 10 +++++----
|
||||
6 files changed, 53 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
|
||||
index 56906e2f3b..0557dc2379 100644
|
||||
--- a/man/org.freedesktop.systemd1.xml
|
||||
+++ b/man/org.freedesktop.systemd1.xml
|
||||
@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||
readonly t TriggerLimitIntervalUSec = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly u TriggerLimitBurst = ...;
|
||||
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
+ readonly t PollLimitIntervalUSec = ...;
|
||||
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
+ readonly u PollLimitBurst = ...;
|
||||
readonly u UID = ...;
|
||||
readonly u GID = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
|
||||
@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitBurst"/>
|
||||
|
||||
+ <variablelist class="dbus-property" generated="True" extra-ref="PollLimitIntervalUSec"/>
|
||||
+
|
||||
+ <variablelist class="dbus-property" generated="True" extra-ref="PollLimitBurst"/>
|
||||
+
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
|
||||
@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
|
||||
+ <para><varname>PollLimitIntervalUSec</varname>/<varname>PollLimitBurst</varname> properties configure the
|
||||
+ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to
|
||||
+ zero the limiting feature is turned off.</para>
|
||||
+
|
||||
<refsect2>
|
||||
<title>Properties</title>
|
||||
|
||||
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
|
||||
index 09a3a9502b..04552b7c60 100644
|
||||
--- a/src/core/dbus-socket.c
|
||||
+++ b/src/core/dbus-socket.c
|
||||
@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = {
|
||||
SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
+ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
+ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
||||
SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
||||
BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
|
||||
@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property(
|
||||
if (streq(name, "TriggerLimitBurst"))
|
||||
return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error);
|
||||
|
||||
+ if (streq(name, "PollLimitBurst"))
|
||||
+ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error);
|
||||
+
|
||||
if (streq(name, "SocketMode"))
|
||||
return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error);
|
||||
|
||||
@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property(
|
||||
if (streq(name, "TriggerLimitIntervalUSec"))
|
||||
return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error);
|
||||
|
||||
+ if (streq(name, "PollLimitIntervalUSec"))
|
||||
+ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error);
|
||||
+
|
||||
if (streq(name, "SmackLabel"))
|
||||
return bus_set_transient_string(u, name, &s->smack, message, flags, error);
|
||||
|
||||
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
|
||||
index b66adf2811..0d1ee9c231 100644
|
||||
--- a/src/core/load-fragment-gperf.gperf.in
|
||||
+++ b/src/core/load-fragment-gperf.gperf.in
|
||||
@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname,
|
||||
Socket.Service, config_parse_socket_service, 0, 0
|
||||
Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval)
|
||||
Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst)
|
||||
+Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval)
|
||||
+Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst)
|
||||
{% if ENABLE_SMACK %}
|
||||
Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack)
|
||||
Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in)
|
||||
diff --git a/src/core/socket.c b/src/core/socket.c
|
||||
index 75034ac357..dc18744f54 100644
|
||||
--- a/src/core/socket.c
|
||||
+++ b/src/core/socket.c
|
||||
@@ -101,6 +101,9 @@ static void socket_init(Unit *u) {
|
||||
|
||||
s->trigger_limit.interval = USEC_INFINITY;
|
||||
s->trigger_limit.burst = UINT_MAX;
|
||||
+
|
||||
+ s->poll_limit_interval = USEC_INFINITY;
|
||||
+ s->poll_limit_burst = UINT_MAX;
|
||||
}
|
||||
|
||||
static void socket_unwatch_control_pid(Socket *s) {
|
||||
@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) {
|
||||
* off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
|
||||
* process whatever is queued in one go, and thus should normally never have to be started frequently. This is
|
||||
* different for Accept=yes where each connection is processed by a new service instance, and thus frequent
|
||||
- * service starts are typical. */
|
||||
+ * service starts are typical.
|
||||
+ *
|
||||
+ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to
|
||||
+ * trigger this earlier. */
|
||||
|
||||
if (s->trigger_limit.interval == USEC_INFINITY)
|
||||
s->trigger_limit.interval = 2 * USEC_PER_SEC;
|
||||
+ if (s->trigger_limit.burst == UINT_MAX)
|
||||
+ s->trigger_limit.burst = s->accept ? 200 : 20;
|
||||
|
||||
- if (s->trigger_limit.burst == UINT_MAX) {
|
||||
- if (s->accept)
|
||||
- s->trigger_limit.burst = 200;
|
||||
- else
|
||||
- s->trigger_limit.burst = 20;
|
||||
- }
|
||||
+ if (s->poll_limit_interval == USEC_INFINITY)
|
||||
+ s->poll_limit_interval = 2 * USEC_PER_SEC;
|
||||
+ if (s->poll_limit_burst == UINT_MAX)
|
||||
+ s->poll_limit_burst = s->accept ? 150 : 15;
|
||||
|
||||
if (have_non_accept_socket(s)) {
|
||||
|
||||
@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
|
||||
|
||||
fprintf(f,
|
||||
"%sTriggerLimitIntervalSec: %s\n"
|
||||
- "%sTriggerLimitBurst: %u\n",
|
||||
+ "%sTriggerLimitBurst: %u\n"
|
||||
+ "%sPollLimitIntervalSec: %s\n"
|
||||
+ "%sPollLimitBurst: %u\n",
|
||||
prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC),
|
||||
- prefix, s->trigger_limit.burst);
|
||||
+ prefix, s->trigger_limit.burst,
|
||||
+ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC),
|
||||
+ prefix, s->poll_limit_burst);
|
||||
|
||||
str = ip_protocol_to_name(s->socket_protocol);
|
||||
if (str)
|
||||
@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) {
|
||||
|
||||
(void) sd_event_source_set_description(p->event_source, "socket-port-io");
|
||||
}
|
||||
+
|
||||
+ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst);
|
||||
+ if (r < 0)
|
||||
+ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m");
|
||||
}
|
||||
|
||||
return 0;
|
||||
diff --git a/src/core/socket.h b/src/core/socket.h
|
||||
index 191d27f46d..b03a291e4a 100644
|
||||
--- a/src/core/socket.h
|
||||
+++ b/src/core/socket.h
|
||||
@@ -158,6 +158,8 @@ struct Socket {
|
||||
char *fdname;
|
||||
|
||||
RateLimit trigger_limit;
|
||||
+ usec_t poll_limit_interval;
|
||||
+ unsigned poll_limit_burst;
|
||||
};
|
||||
|
||||
SocketPeer *socket_peer_ref(SocketPeer *p);
|
||||
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
|
||||
index e7b44cc39b..9f0f37488d 100644
|
||||
--- a/src/shared/bus-unit-util.c
|
||||
+++ b/src/shared/bus-unit-util.c
|
||||
@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const
|
||||
return 1;
|
||||
}
|
||||
|
||||
- if (streq(field, "TriggerLimitBurst"))
|
||||
+ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst"))
|
||||
return bus_append_safe_atou(m, field, eq);
|
||||
|
||||
- if (streq(field, "TriggerLimitIntervalSec"))
|
||||
+ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec"))
|
||||
return bus_append_parse_sec_rename(m, field, eq);
|
||||
|
||||
return 0;
|
||||
@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
|
||||
"MaxConnections",
|
||||
"MaxConnectionsPerSource",
|
||||
"KeepAliveProbes",
|
||||
- "TriggerLimitBurst"))
|
||||
+ "TriggerLimitBurst",
|
||||
+ "PollLimitBurst"))
|
||||
return bus_append_safe_atou(m, field, eq);
|
||||
|
||||
if (STR_IN_SET(field, "SocketMode",
|
||||
@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
|
||||
"KeepAliveTimeSec",
|
||||
"KeepAliveIntervalSec",
|
||||
"DeferAcceptSec",
|
||||
- "TriggerLimitIntervalSec"))
|
||||
+ "TriggerLimitIntervalSec",
|
||||
+ "PollLimitIntervalSec"))
|
||||
return bus_append_parse_sec_rename(m, field, eq);
|
||||
|
||||
if (STR_IN_SET(field, "ReceiveBuffer",
|
|
@ -0,0 +1,50 @@
|
|||
From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Williamson <awilliam@redhat.com>
|
||||
Date: Tue, 19 Sep 2023 16:06:26 -0700
|
||||
Subject: [PATCH] find_legacy_keymap: extend variant match bonus again
|
||||
|
||||
If the column is "-" and the X context variant specifer only
|
||||
contains commas, we should also give the match bonus. The variant
|
||||
string is supposed to be a comma-separated list as long as the
|
||||
list of layouts, so it's quite natural for consumers to be written
|
||||
in such a way that they pass a string only containing commas if
|
||||
there are multiple layouts and no variants. anaconda is a real
|
||||
world case that does this.
|
||||
|
||||
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||
---
|
||||
src/locale/localed-util.c | 2 +-
|
||||
src/locale/test-localed-util.c | 7 +++++++
|
||||
2 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
|
||||
index eba13a2ac3..9b6949e14d 100644
|
||||
--- a/src/locale/localed-util.c
|
||||
+++ b/src/locale/localed-util.c
|
||||
@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||
if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
|
||||
matching++;
|
||||
|
||||
- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
|
||||
+ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) {
|
||||
matching++;
|
||||
|
||||
if (streq_ptr(xc->options, a[4]))
|
||||
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
|
||||
index f702ff29b0..e92c178a98 100644
|
||||
--- a/src/locale/test-localed-util.c
|
||||
+++ b/src/locale/test-localed-util.c
|
||||
@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) {
|
||||
assert_se(streq(vc.keymap, "bg_bds-utf8"));
|
||||
vc_context_clear(&vc);
|
||||
|
||||
+ /* same, but with variant specified as "," */
|
||||
+ log_info("/* test with variant as ',', desired match second (bg,us:) */");
|
||||
+ assert_se(free_and_strdup(&xc.variant, ",") >= 0);
|
||||
+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
|
||||
+ assert_se(streq(vc.keymap, "bg_bds-utf8"));
|
||||
+ vc_context_clear(&vc);
|
||||
+
|
||||
log_info("/* test with old mapping (fr:latin9) */");
|
||||
assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
|
||||
assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);
|
|
@ -0,0 +1,58 @@
|
|||
From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001
|
||||
From: Adam Williamson <awilliam@redhat.com>
|
||||
Date: Fri, 15 Sep 2023 15:35:36 -0700
|
||||
Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching
|
||||
|
||||
We should give a match bonus if the X context variant is empty
|
||||
and the xvariant column in kbd-model-map is "-" (which means
|
||||
none). Currently, we don't, which means that if you call this
|
||||
on a context with layouts bg,us and no variant, you get the
|
||||
console layout bg_pho-utf8 instead of bg_bds-utf8 (because both
|
||||
score the same, and the bg_pho-utf8 row comes first). You should
|
||||
get bg_bds-utf8 in this case.
|
||||
|
||||
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||
---
|
||||
src/locale/localed-util.c | 2 +-
|
||||
src/locale/test-localed-util.c | 12 ++++++++++++
|
||||
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
|
||||
index 02fac9786b..6a05b50a31 100644
|
||||
--- a/src/locale/localed-util.c
|
||||
+++ b/src/locale/localed-util.c
|
||||
@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||
if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
|
||||
matching++;
|
||||
|
||||
- if (streq_ptr(xc->variant, a[3])) {
|
||||
+ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
|
||||
matching++;
|
||||
|
||||
if (streq_ptr(xc->options, a[4]))
|
||||
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
|
||||
index cb66dffd48..a19d80a967 100644
|
||||
--- a/src/locale/test-localed-util.c
|
||||
+++ b/src/locale/test-localed-util.c
|
||||
@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) {
|
||||
assert_se(streq(vc.keymap, "es-dvorak"));
|
||||
vc_context_clear(&vc);
|
||||
|
||||
+ /* es no-variant test is not very good as the desired match
|
||||
+ comes first in the list so will win if both candidates score
|
||||
+ the same. in this case the desired match comes second so will
|
||||
+ not win unless we correctly give the no-variant match a bonus
|
||||
+ */
|
||||
+ log_info("/* test without variant, desired match second (bg,us:) */");
|
||||
+ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0);
|
||||
+ assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
|
||||
+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
|
||||
+ assert_se(streq(vc.keymap, "bg_bds-utf8"));
|
||||
+ vc_context_clear(&vc);
|
||||
+
|
||||
log_info("/* test with old mapping (fr:latin9) */");
|
||||
assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
|
||||
assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Williamson <awilliam@redhat.com>
|
||||
Date: Wed, 20 Sep 2023 15:14:31 -0700
|
||||
Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry
|
||||
|
||||
qwerty here is a variant, not an option.
|
||||
|
||||
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||
---
|
||||
src/locale/kbd-model-map | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map
|
||||
index a145e13ecd..279d1a36d8 100644
|
||||
--- a/src/locale/kbd-model-map
|
||||
+++ b/src/locale/kbd-model-map
|
||||
@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp
|
||||
ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp
|
||||
ie ie pc105 - terminate:ctrl_alt_bksp
|
||||
et ee pc105 - terminate:ctrl_alt_bksp
|
||||
-sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty
|
||||
+sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp
|
||||
sk-qwertz sk pc105 - terminate:ctrl_alt_bksp
|
||||
fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp
|
||||
fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp
|
|
@ -0,0 +1,117 @@
|
|||
From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001
|
||||
From: Adam Williamson <awilliam@redhat.com>
|
||||
Date: Fri, 15 Sep 2023 16:02:29 -0700
|
||||
Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order
|
||||
reversed
|
||||
|
||||
The lines in kbd-model-map date back to ye olde times (RH's old
|
||||
system-config-keyboard), and I think predate this bug:
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1039185
|
||||
|
||||
where we got strong feedback that, for 'switched' layout setups
|
||||
like Russian, US English should be the *first* layout and the
|
||||
native layout the *second* one. This is how anaconda and, as of
|
||||
recently, gnome-initial-setup configure such cases - but that
|
||||
means, if we try to use localed to convert these configurations
|
||||
using kbd-model-map, we get the wrong result (we get "us" as the
|
||||
console layout). See also:
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1912609
|
||||
|
||||
where we first noticed this wasn't working right, but sadly, we
|
||||
'fixed' it with a not-really-correct bodge in anaconda instead
|
||||
of doing it properly.
|
||||
|
||||
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||
---
|
||||
src/locale/localed-util.c | 44 ++++++++++++++++++++++------------
|
||||
src/locale/test-localed-util.c | 5 +++-
|
||||
2 files changed, 33 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
|
||||
index 6a05b50a31..eba13a2ac3 100644
|
||||
--- a/src/locale/localed-util.c
|
||||
+++ b/src/locale/localed-util.c
|
||||
@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||
/* If we got an exact match, this is the best */
|
||||
matching = 10;
|
||||
else {
|
||||
- /* We have multiple X layouts, look for an
|
||||
- * entry that matches our key with everything
|
||||
- * but the first layout stripped off. */
|
||||
- if (startswith_comma(xc->layout, a[1]))
|
||||
- matching = 5;
|
||||
+ /* see if we get an exact match with the order reversed */
|
||||
+ _cleanup_strv_free_ char **b = NULL;
|
||||
+ _cleanup_free_ char *c = NULL;
|
||||
+ r = strv_split_full(&b, a[1], ",", 0);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ strv_reverse(b);
|
||||
+ c = strv_join(b, ",");
|
||||
+ if (!c)
|
||||
+ return log_oom();
|
||||
+ if (streq(xc->layout, c))
|
||||
+ matching = 9;
|
||||
else {
|
||||
- _cleanup_free_ char *x = NULL;
|
||||
-
|
||||
- /* If that didn't work, strip off the
|
||||
- * other layouts from the entry, too */
|
||||
- x = strdupcspn(a[1], ",");
|
||||
- if (!x)
|
||||
- return -ENOMEM;
|
||||
- if (startswith_comma(xc->layout, x))
|
||||
- matching = 1;
|
||||
+ /* We have multiple X layouts, look for an
|
||||
+ * entry that matches our key with everything
|
||||
+ * but the first layout stripped off. */
|
||||
+ if (startswith_comma(xc->layout, a[1]))
|
||||
+ matching = 5;
|
||||
+ else {
|
||||
+ _cleanup_free_ char *x = NULL;
|
||||
+
|
||||
+ /* If that didn't work, strip off the
|
||||
+ * other layouts from the entry, too */
|
||||
+ x = strdupcspn(a[1], ",");
|
||||
+ if (!x)
|
||||
+ return -ENOMEM;
|
||||
+ if (startswith_comma(xc->layout, x))
|
||||
+ matching = 1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||
}
|
||||
}
|
||||
|
||||
- if (best_matching < 10 && !isempty(xc->layout)) {
|
||||
+ if (best_matching < 9 && !isempty(xc->layout)) {
|
||||
_cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL;
|
||||
|
||||
/* The best match is only the first part of the X11
|
||||
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
|
||||
index a19d80a967..f702ff29b0 100644
|
||||
--- a/src/locale/test-localed-util.c
|
||||
+++ b/src/locale/test-localed-util.c
|
||||
@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) {
|
||||
assert_se(streq(vc.keymap, "fr-latin9"));
|
||||
vc_context_clear(&vc);
|
||||
|
||||
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */
|
||||
+ /* us,ru is the x config users want, but they still want ru
|
||||
+ as the console layout in this case */
|
||||
log_info("/* test with a compound mapping (us,ru:) */");
|
||||
assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0);
|
||||
assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
|
||||
assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
|
||||
- assert_se(streq(vc.keymap, "us"));
|
||||
+ assert_se(streq(vc.keymap, "ru"));
|
||||
vc_context_clear(&vc);
|
||||
|
||||
log_info("/* test with a compound mapping (ru,us:) */");
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 18 Sep 2023 17:51:49 +0200
|
||||
Subject: [PATCH 2/3] man: document the new
|
||||
PollLimitIntervalSec=/PollLimitBurst= settings
|
||||
|
||||
(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e)
|
||||
---
|
||||
man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++--------
|
||||
1 file changed, 47 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
|
||||
index 45555302f1..462978d438 100644
|
||||
--- a/man/systemd.socket.xml
|
||||
+++ b/man/systemd.socket.xml
|
||||
@@ -830,17 +830,53 @@
|
||||
<term><varname>TriggerLimitIntervalSec=</varname></term>
|
||||
<term><varname>TriggerLimitBurst=</varname></term>
|
||||
|
||||
- <listitem><para>Configures a limit on how often this socket unit may be activated within a specific time
|
||||
- interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time
|
||||
- interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>,
|
||||
- <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
|
||||
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on
|
||||
- the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer
|
||||
- value and specifies the number of permitted activations per time interval, and defaults to 200 for
|
||||
- <varname>Accept=yes</varname> sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20
|
||||
- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the
|
||||
- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this
|
||||
- limit is enforced before the service activation is enqueued.</para></listitem>
|
||||
+ <listitem><para>Configures a limit on how often this socket unit may be activated within a specific
|
||||
+ time interval. The <varname>TriggerLimitIntervalSec=</varname> setting may be used to configure the
|
||||
+ length of the time interval in the usual time units <literal>us</literal>, <literal>ms</literal>,
|
||||
+ <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
|
||||
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
+ details on the various time units understood). The <varname>TriggerLimitBurst=</varname> setting
|
||||
+ takes a positive integer value and specifies the number of permitted activations per time interval,
|
||||
+ and defaults to 200 for <varname>Accept=yes</varname> sockets (thus by default permitting 200
|
||||
+ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of
|
||||
+ trigger rate limiting.</para>
|
||||
+
|
||||
+ <para>If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible
|
||||
+ anymore until restarted. Note that this limit is enforced before the service activation is
|
||||
+ enqueued.</para>
|
||||
+
|
||||
+ <para>Compare with <varname>PollLimitIntervalSec=</varname>/<varname>PollLimitBurst=</varname>
|
||||
+ described below, which implements a temporary slowdown if a socket unit is flooded with incoming
|
||||
+ traffic, as opposed to the permanent failure state
|
||||
+ <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> results in.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><varname>PollLimitIntervalSec=</varname></term>
|
||||
+ <term><varname>PollLimitBurst=</varname></term>
|
||||
+
|
||||
+ <listitem><para>Configures a limit on how often polling events on the file descriptors backing this
|
||||
+ socket unit will be considered. This pair of settings is similar to
|
||||
+ <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> but instead of
|
||||
+ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling
|
||||
+ frequency. The expected parameter syntax and range are identical to that of the aforementioned
|
||||
+ options, and can be disabled the same way.</para>
|
||||
+
|
||||
+ <para>If the polling limit is hit polling is temporarily disabled on it until the specified time
|
||||
+ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger
|
||||
+ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts
|
||||
+ through packet flooding.</para>
|
||||
+
|
||||
+ <para>The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit
|
||||
+ which is enforced for the entire socket unit. This distinction matters for socket units that listen
|
||||
+ on multiple file descriptors (i.e. have multiple <varname>ListenXYZ=</varname> stanzas).</para>
|
||||
+
|
||||
+ <para>These setting defaults to 150 (in case of <varname>Accept=yes</varname>) and 15 (otherwise)
|
||||
+ polling events per 2s. This is considerably lower than the default values for the trigger limit (see
|
||||
+ above) and means that the polling limit should typically ensure the trigger limit is never hit,
|
||||
+ unless one of them is reconfigured or disabled.</para>
|
||||
+ </listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
|
@ -0,0 +1,79 @@
|
|||
From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 18 Sep 2023 18:05:27 +0200
|
||||
Subject: [PATCH 3/3] ci: add test for poll limit
|
||||
|
||||
(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853)
|
||||
---
|
||||
test/TEST-07-PID1/test.sh | 2 ++
|
||||
test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++
|
||||
2 files changed, 50 insertions(+)
|
||||
create mode 100755 test/units/testsuite-07.poll-limit.sh
|
||||
|
||||
diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh
|
||||
index 1c3d7137fe..d0e35d870f 100755
|
||||
--- a/test/TEST-07-PID1/test.sh
|
||||
+++ b/test/TEST-07-PID1/test.sh
|
||||
@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount
|
||||
EOF
|
||||
"${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount
|
||||
ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount"
|
||||
+
|
||||
+ image_install logger
|
||||
}
|
||||
|
||||
do_test "$@"
|
||||
diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh
|
||||
new file mode 100755
|
||||
index 0000000000..480d7ee8df
|
||||
--- /dev/null
|
||||
+++ b/test/units/testsuite-07.poll-limit.sh
|
||||
@@ -0,0 +1,48 @@
|
||||
+#!/usr/bin/env bash
|
||||
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
+set -eux
|
||||
+set -o pipefail
|
||||
+
|
||||
+systemd-analyze log-level debug
|
||||
+
|
||||
+cat > /run/systemd/system/floodme@.service <<EOF
|
||||
+[Service]
|
||||
+ExecStart=/bin/true
|
||||
+EOF
|
||||
+
|
||||
+cat > /run/systemd/system/floodme.socket <<EOF
|
||||
+[Socket]
|
||||
+ListenStream=/tmp/floodme
|
||||
+PollLimitIntervalSec=10s
|
||||
+Accept=yes
|
||||
+PollLimitBurst=3
|
||||
+EOF
|
||||
+
|
||||
+systemctl daemon-reload
|
||||
+systemctl start floodme.socket
|
||||
+
|
||||
+START=$(date +%s%N)
|
||||
+
|
||||
+# Trigger this 100 times in a flood
|
||||
+for (( i=0 ; i < 100; i++ )) ; do
|
||||
+ logger -u /tmp/floodme foo &
|
||||
+done
|
||||
+
|
||||
+# Let some time pass
|
||||
+sleep 5
|
||||
+
|
||||
+END=$(date +%s%N)
|
||||
+
|
||||
+PASSED=$((END-START))
|
||||
+
|
||||
+# Calculate (round up) how many trigger events could have happened in the passed time
|
||||
+MAXCOUNT=$(((PASSED+10000000000)*3/10000000000))
|
||||
+
|
||||
+# We started 100 connection attempts, but only 3 should have gone through, as per limit
|
||||
+test "$(systemctl show -P NAccepted floodme.socket)" -le "$MAXCOUNT"
|
||||
+
|
||||
+systemctl stop floodme.socket floodme@*.service
|
||||
+
|
||||
+rm /run/systemd/system/floodme@.service /run/systemd/system/floodme.socket /tmp/floodme
|
||||
+
|
||||
+systemctl daemon-reload
|
|
@ -0,0 +1,3 @@
|
|||
# Increase the number of virtual memory areas that one process may request
|
||||
# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
|
||||
vm.max_map_count=1048576
|
|
@ -0,0 +1,3 @@
|
|||
[Slice]
|
||||
ManagedOOMMemoryPressure=kill
|
||||
ManagedOOMMemoryPressureLimit=80%
|
|
@ -1,2 +0,0 @@
|
|||
[Slice]
|
||||
ManagedOOMSwap=kill
|
|
@ -1,3 +0,0 @@
|
|||
[Service]
|
||||
ManagedOOMMemoryPressure=kill
|
||||
ManagedOOMMemoryPressureLimit=50%
|
|
@ -0,0 +1,14 @@
|
|||
# This file is part of the systemd package.
|
||||
# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
|
||||
#
|
||||
# To facilitate debugging when a service fails to stop cleanly,
|
||||
# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
|
||||
# the time allotted. This will cause the service to be terminated with SIGABRT
|
||||
# and a coredump to be generated.
|
||||
#
|
||||
# To undo this configuration change, create a mask file:
|
||||
# sudo mkdir -p /etc/systemd/system/service.d
|
||||
# sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf
|
||||
|
||||
[Service]
|
||||
TimeoutStopFailureMode=abort
|
|
@ -0,0 +1,30 @@
|
|||
From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Mon, 20 Feb 2023 12:00:30 +0900
|
||||
Subject: [PATCH] core/manager: run generators directly when we are in initrd
|
||||
|
||||
Some initrd system write files at ourside of /run, /etc, or other
|
||||
allowed places. This is a kind of workaround, but in most cases, such
|
||||
sandboxing is not necessary as the filesystem is on ramfs when we are in
|
||||
initrd.
|
||||
|
||||
Fixes #26488.
|
||||
---
|
||||
src/core/manager.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 7b394794b0d4..306477c6e6c2 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
|
||||
/* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
|
||||
* we are the user manager, let's just execute the generators directly. We might not have the
|
||||
* necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
|
||||
- */
|
||||
- if (MANAGER_IS_USER(m)) {
|
||||
+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
|
||||
+ if (MANAGER_IS_USER(m) || in_initrd()) {
|
||||
r = manager_execute_generators(m, paths, /* remount_ro= */ false);
|
||||
goto finish;
|
||||
}
|
|
@ -0,0 +1,94 @@
|
|||
From 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 26 Jul 2023 09:02:04 +0200
|
||||
Subject: [PATCH] rpm: add %systemd_postun_with_reload and
|
||||
%systemd_user_postun_with_reload
|
||||
|
||||
For some units, the package would like to issue a reload. The machinery was
|
||||
already in place since c9615f73521986b3607b852c139036d58973043c:
|
||||
|
||||
systemctl reload-or-restart --marked
|
||||
|
||||
Enqueues restart jobs for all units that have the 'needs-restart'
|
||||
mark, and reload jobs for units that have the 'needs-reload' mark.
|
||||
When a unit marked for reload does not support reload, restart will
|
||||
be queued.
|
||||
|
||||
The new macros allow a reload to be issued instead of a restart.
|
||||
|
||||
Based on the discussion on fedora-devel:
|
||||
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/
|
||||
|
||||
Tested using dummy package https://github.com/keszybz/rpm-test-reload.
|
||||
---
|
||||
src/rpm/macros.systemd.in | 16 ++++++++++++++++
|
||||
src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++
|
||||
2 files changed, 38 insertions(+)
|
||||
|
||||
diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
|
||||
index c07541c7286c..f05553f557e9 100644
|
||||
--- a/src/rpm/macros.systemd.in
|
||||
+++ b/src/rpm/macros.systemd.in
|
||||
@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
|
||||
fi \
|
||||
%{nil}
|
||||
|
||||
+%systemd_postun_with_reload() \
|
||||
+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \
|
||||
+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
|
||||
+ # Package upgrade, not uninstall \
|
||||
+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \
|
||||
+fi \
|
||||
+%{nil}
|
||||
+
|
||||
+%systemd_user_postun_with_reload() \
|
||||
+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \
|
||||
+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
|
||||
+ # Package upgrade, not uninstall \
|
||||
+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \
|
||||
+fi \
|
||||
+%{nil}
|
||||
+
|
||||
%udev_hwdb_update() %{nil}
|
||||
|
||||
%udev_rules_update() %{nil}
|
||||
diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
|
||||
index c623a5ea1722..c81e16c3d3ff 100755
|
||||
--- a/src/rpm/systemd-update-helper.in
|
||||
+++ b/src/rpm/systemd-update-helper.in
|
||||
@@ -47,6 +47,15 @@ case "$command" in
|
||||
wait
|
||||
;;
|
||||
|
||||
+ mark-reload-system-units)
|
||||
+ [ -d /run/systemd/system ] || exit 0
|
||||
+
|
||||
+ for unit in "$@"; do
|
||||
+ systemctl set-property "$unit" Markers=+needs-reload &
|
||||
+ done
|
||||
+ wait
|
||||
+ ;;
|
||||
+
|
||||
mark-restart-user-units)
|
||||
[ -d /run/systemd/system ] || exit 0
|
||||
|
||||
@@ -60,6 +69,19 @@ case "$command" in
|
||||
wait
|
||||
;;
|
||||
|
||||
+ mark-reload-user-units)
|
||||
+ [ -d /run/systemd/system ] || exit 0
|
||||
+
|
||||
+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
|
||||
+ for user in $users; do
|
||||
+ for unit in "$@"; do
|
||||
+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \
|
||||
+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload &
|
||||
+ done
|
||||
+ done
|
||||
+ wait
|
||||
+ ;;
|
||||
+
|
||||
system-reload-restart|system-reload|system-restart)
|
||||
if [ -n "$*" ]; then
|
||||
echo "Unexpected arguments for '$command': $*"
|
|
@ -1,98 +0,0 @@
|
|||
From 93651582aef1ee626dc6f8d032195acd73bc9372 Mon Sep 17 00:00:00 2001
|
||||
From: Jonathan Lebon <jonathan@jlebon.com>
|
||||
Date: Mon, 23 Mar 2020 12:25:19 -0400
|
||||
Subject: [PATCH] manager: optionally, do a full preset on first boot
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
A compile time option is added to select behaviour: by default
|
||||
UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to
|
||||
UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to
|
||||
opt-in can use the config option to change the behaviour.
|
||||
|
||||
(The option is just a boolean: it would be possible to make it multi-valued,
|
||||
and allow full, enable-only, disable-only, none. But so far nobody has asked
|
||||
for this, and it's better not to complicate things needlessly.)
|
||||
|
||||
With the configuration option flipped, instead of only doing enablements,
|
||||
perform a full preset on first boot. The reason is that although
|
||||
`/etc/machine-id` might be missing, there may be other files provisioned in
|
||||
`/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of
|
||||
those possible files include enablement symlinks even if presets dictate it
|
||||
should be disabled.
|
||||
|
||||
Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS,
|
||||
where we ship `/etc` as if `preset-all` were called. However, we want to
|
||||
allow users to disable default-enabled services via Ignition, which does
|
||||
this by creating preset dropins before switchroot. (For why we do
|
||||
`preset-all` at compose time, see:
|
||||
https://github.com/coreos/fedora-coreos-config/pull/77).
|
||||
|
||||
For example, the composed FCOS image has a `enable zincati.service`
|
||||
preset and an enablement for that in `/etc`, while at boot time when we
|
||||
switch root, there may be a `disable zincati.service` preset with higher
|
||||
precedence. In that case, we want systemd to disable the service.
|
||||
|
||||
This is essentially a revert of 304b3079a203. It seems like systemd
|
||||
*used* to do this, but it was changed to try to make the container
|
||||
workflow a bit faster.
|
||||
|
||||
Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392
|
||||
|
||||
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
||||
---
|
||||
meson.build | 3 +++
|
||||
meson_options.txt | 2 ++
|
||||
src/core/manager.c | 4 +++-
|
||||
3 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 582e33c9a73d..72e586aa97c7 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -285,6 +285,8 @@ conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_
|
||||
conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper())
|
||||
conf.set_quoted('STATUS_UNIT_FORMAT_DEFAULT_STR', status_unit_format_default)
|
||||
|
||||
+conf.set10('FIRST_BOOT_FULL_PRESET', get_option('first-boot-full-preset'))
|
||||
+
|
||||
#####################################################################
|
||||
|
||||
cc = meson.get_compiler('c')
|
||||
@@ -4271,6 +4273,7 @@ foreach tuple : [
|
||||
['link-networkd-shared', get_option('link-networkd-shared')],
|
||||
['link-timesyncd-shared', get_option('link-timesyncd-shared')],
|
||||
['link-boot-shared', get_option('link-boot-shared')],
|
||||
+ ['first-boot-full-preset'],
|
||||
['fexecve'],
|
||||
['standalone-binaries', get_option('standalone-binaries')],
|
||||
['coverage', get_option('b_coverage')],
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index 2a030ac28ec0..28765f900e87 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -27,6 +27,8 @@ option('link-timesyncd-shared', type: 'boolean',
|
||||
description : 'link systemd-timesyncd and its helpers to libsystemd-shared.so')
|
||||
option('link-boot-shared', type: 'boolean',
|
||||
description : 'link bootctl and systemd-bless-boot against libsystemd-shared.so')
|
||||
+option('first-boot-full-preset', type: 'boolean', value: false,
|
||||
+ description : 'during first boot, do full preset-all (default will be changed to true later)')
|
||||
|
||||
option('static-libsystemd', type : 'combo',
|
||||
choices : ['false', 'true', 'pic', 'no-pic'],
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 18daff66c780..f4dacef1005d 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -1728,7 +1728,9 @@ static void manager_preset_all(Manager *m) {
|
||||
return;
|
||||
|
||||
/* If this is the first boot, and we are in the host system, then preset everything */
|
||||
- r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0);
|
||||
+ UnitFilePresetMode mode = FIRST_BOOT_FULL_PRESET ? UNIT_FILE_PRESET_FULL : UNIT_FILE_PRESET_ENABLE_ONLY;
|
||||
+
|
||||
+ r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, mode, NULL, 0);
|
||||
if (r < 0)
|
||||
log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r,
|
||||
"Failed to populate /etc with preset unit settings, ignoring: %m");
|
|
@ -0,0 +1,20 @@
|
|||
# SPDX-License-Identifier: MIT-0
|
||||
#
|
||||
# This config file is installed as part of systemd.
|
||||
# It may be freely copied and edited (following the MIT No Attribution license).
|
||||
#
|
||||
# To make local modifications, one of the following methods may be used:
|
||||
# 1. add a drop-in file that extends this file by creating the
|
||||
# /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a
|
||||
# new .conf file there.
|
||||
# 2. copy this file into /etc/systemd/network or one of the other paths checked
|
||||
# by systemd-udevd and edit it there.
|
||||
# This file should not be edited in place, because it'll be overwritten on upgrades.
|
||||
|
||||
[Match]
|
||||
Kind=bridge bond team
|
||||
|
||||
[Link]
|
||||
NamePolicy=keep kernel database onboard slot path
|
||||
AlternativeNamesPolicy=database onboard slot path
|
||||
MACAddressPolicy=none
|
|
@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM).
|
|||
git clone https://github.com/systemd/systemd
|
||||
fedpkg clone systemd fedora-systemd
|
||||
cd systemd
|
||||
rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec
|
||||
rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec
|
||||
sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
|
||||
```
|
||||
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
* Fri Sep 30 2022 David Abdurachmanov <davidlt@rivosinc.com> - 251.4-53.3.riscv64
|
||||
- Rebuild
|
||||
|
||||
* Fri Aug 19 2022 Neal Gompa <ngompa@fedoraproject.org> - 251.4-53
|
||||
- Set compile-time fallback hostname to "localhost"
|
||||
https://fedoraproject.org/wiki/Changes/FallbackHostname
|
||||
|
|
|
@ -1,129 +0,0 @@
|
|||
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 14 Sep 2020 17:58:03 +0200
|
||||
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
|
||||
|
||||
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
|
||||
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
|
||||
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
|
||||
|
||||
(gdb) !uname -r
|
||||
5.6.19-200.fc31.ppc64le
|
||||
|
||||
(gdb) !cat /proc/self/mountinfo
|
||||
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
|
||||
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
|
||||
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
|
||||
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
|
||||
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
|
||||
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
|
||||
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
|
||||
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
|
||||
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
|
||||
The test process does
|
||||
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
|
||||
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
|
||||
read(open("/proc/self/fdinfo/4", ...)) which gives
|
||||
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
|
||||
|
||||
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
|
||||
|
||||
We could either drop the fallback path (and fail name_to_handle_at() is not
|
||||
avaliable) or ignore the error in the test. Not sure what is better. I think
|
||||
this issue only occurs sometimes and with older kernels, so probably continuing
|
||||
with the current flaky implementation is better than ripping out the fallback.
|
||||
|
||||
Another strace:
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
|
||||
) = 28
|
||||
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
|
||||
) = 20
|
||||
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
|
||||
) = 30
|
||||
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
|
||||
) = 23
|
||||
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
|
||||
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
|
||||
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
|
||||
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
|
||||
read(5</proc/20/fdinfo/4>, "", 1024) = 0
|
||||
close(5</proc/20/fdinfo/4>) = 0
|
||||
close(4</proc/filesystems>) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
|
||||
) = 42
|
||||
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
|
||||
) = 39
|
||||
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
|
||||
) = 109
|
||||
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
|
||||
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
|
||||
getpid() = 20
|
||||
gettid() = 20
|
||||
tgkill(20, 20, SIGABRT) = 0
|
||||
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
|
||||
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
|
||||
+++ killed by SIGABRT (core dumped) +++
|
||||
---
|
||||
src/test/test-mountpoint-util.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
||||
index 30b00ae4d8b..ffe5144b04a 100644
|
||||
--- a/src/test/test-mountpoint-util.c
|
||||
+++ b/src/test/test-mountpoint-util.c
|
||||
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
|
||||
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
|
||||
* that's really the case */
|
||||
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
|
||||
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
|
||||
- assert_se(path_equal(p, t));
|
||||
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
|
||||
+
|
||||
+ if (!path_equal(p, t))
|
||||
+ /* Apparent kernel bug in /proc/self/fdinfo */
|
||||
+ log_warning("Bad mount id given for %s: %d, should be %d",
|
||||
+ p, mnt_id2, mnt_id);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 14 Dec 2022 22:24:53 +0100
|
||||
Subject: [PATCH] fedora: use system-auth in pam systemd-user
|
||||
|
||||
---
|
||||
src/login/systemd-user.in | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
|
||||
index 8a3c9e0165..74ef5f2552 100644
|
||||
--- a/src/login/systemd-user.in
|
||||
+++ b/src/login/systemd-user.in
|
||||
@@ -7,7 +7,7 @@
|
||||
-account sufficient pam_systemd_home.so
|
||||
{% endif %}
|
||||
account sufficient pam_unix.so no_pass_expiry
|
||||
-account required pam_permit.so
|
||||
+account include system-auth
|
||||
|
||||
{% if HAVE_SELINUX %}
|
||||
session required pam_selinux.so close
|
||||
@@ -20,4 +20,4 @@ session required pam_namespace.so
|
||||
-session optional pam_systemd_home.so
|
||||
{% endif %}
|
||||
session optional pam_umask.so silent
|
||||
-session optional pam_systemd.so
|
||||
+session include system-auth
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -1,6 +1,12 @@
|
|||
# Disable badfuncs check that has tons of false positives.
|
||||
badfuncs:
|
||||
exclude_path: .*
|
||||
allowed:
|
||||
/usr/lib/systemd/tests/unit-tests/*:
|
||||
- inet_addr
|
||||
- inet_aton
|
||||
/usr/bin/networkctl:
|
||||
- inet_addr
|
||||
- inet_aton
|
||||
|
||||
# don't report changed content of compiled files
|
||||
# that is expected with every update
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (systemd-251.4.tar.gz) = 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738
|
||||
SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a
|
||||
|
|
|
@ -17,6 +17,8 @@ def files(root):
|
|||
|
||||
o_libs = open('.file-list-libs', 'w')
|
||||
o_udev = open('.file-list-udev', 'w')
|
||||
o_ukify = open('.file-list-ukify', 'w')
|
||||
o_boot = open('.file-list-boot', 'w')
|
||||
o_pam = open('.file-list-pam', 'w')
|
||||
o_rpm_macros = open('.file-list-rpm-macros', 'w')
|
||||
o_devel = open('.file-list-devel', 'w')
|
||||
|
@ -26,8 +28,10 @@ o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
|
|||
o_remote = open('.file-list-remote', 'w')
|
||||
o_resolve = open('.file-list-resolve', 'w')
|
||||
o_tests = open('.file-list-tests', 'w')
|
||||
o_standalone_repart = open('.file-list-standalone-repart', 'w')
|
||||
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
|
||||
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
|
||||
o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w')
|
||||
o_main = open('.file-list-main', 'w')
|
||||
for file in files(buildroot):
|
||||
n = file.path[1:]
|
||||
|
@ -52,12 +56,27 @@ for file in files(buildroot):
|
|||
/var(/cache|/log|/lib|/run|)$
|
||||
''', n, re.X):
|
||||
continue
|
||||
if '/security/pam_' in n or '/man8/pam_' in n:
|
||||
|
||||
if n.endswith('.standalone'):
|
||||
if 'repart' in n:
|
||||
o = o_standalone_repart
|
||||
elif 'tmpfiles' in n:
|
||||
o = o_standalone_tmpfiles
|
||||
elif 'sysusers' in n:
|
||||
o = o_standalone_sysusers
|
||||
elif 'shutdown' in n:
|
||||
o = o_standalone_shutdown
|
||||
else:
|
||||
assert False, 'Found .standalone not belonging to known packages'
|
||||
|
||||
elif '/security/pam_' in n or '/man8/pam_' in n:
|
||||
o = o_pam
|
||||
elif '/rpm/' in n:
|
||||
o = o_rpm_macros
|
||||
elif '/usr/lib/systemd/tests' in n:
|
||||
o = o_tests
|
||||
elif 'ukify' in n:
|
||||
o = o_ukify
|
||||
elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
|
||||
o = o_main
|
||||
elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
|
||||
|
@ -101,10 +120,10 @@ for file in files(buildroot):
|
|||
hwdb|
|
||||
bootctl|
|
||||
boot-update|
|
||||
sd-boot|systemd-boot\.|loader.conf|
|
||||
bless-boot|
|
||||
boot-system-token|
|
||||
kernel-install|
|
||||
installkernel|
|
||||
vconsole|
|
||||
backlight|
|
||||
rfkill|
|
||||
|
@ -119,6 +138,7 @@ for file in files(buildroot):
|
|||
pstore|
|
||||
sleep|suspend|hibernate|
|
||||
systemd-tmpfiles-setup-dev|
|
||||
network/98-default-mac-none.link|
|
||||
network/99-default.link|
|
||||
growfs|makefs|makeswap|mkswap|
|
||||
fsck|
|
||||
|
@ -129,8 +149,10 @@ for file in files(buildroot):
|
|||
integritysetup|
|
||||
integritytab|
|
||||
remount-fs|
|
||||
/initrd|
|
||||
systemd-pcrphase|
|
||||
systemd-measure|
|
||||
/boot$|
|
||||
/boot/efi|
|
||||
/kernel/|
|
||||
/kernel$|
|
||||
/modprobe.d|
|
||||
|
@ -144,6 +166,12 @@ for file in files(buildroot):
|
|||
# confused if those user-facing binaries are not available.
|
||||
o = o_udev
|
||||
|
||||
elif re.search(r'''/boot/efi|
|
||||
/usr/lib/systemd/boot|
|
||||
sd-boot|systemd-boot\.|loader.conf
|
||||
''', n, re.X):
|
||||
o = o_boot
|
||||
|
||||
elif re.search(r'''resolved|resolve1|
|
||||
systemd-resolve|
|
||||
resolvconf|
|
||||
|
@ -154,14 +182,6 @@ for file in files(buildroot):
|
|||
elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
|
||||
o = o_oomd_defaults
|
||||
|
||||
elif n.endswith('.standalone'):
|
||||
if 'tmpfiles' in n:
|
||||
o = o_standalone_tmpfiles
|
||||
elif 'sysusers' in n:
|
||||
o = o_standalone_sysusers
|
||||
else:
|
||||
assert False, 'Found .standalone not belonging to known packages'
|
||||
|
||||
else:
|
||||
o = o_main
|
||||
|
||||
|
|
14
systemd-user
14
systemd-user
|
@ -1,14 +0,0 @@
|
|||
# This file is part of systemd.
|
||||
#
|
||||
# Used by systemd --user instances.
|
||||
|
||||
-account sufficient pam_systemd_home.so
|
||||
account sufficient pam_unix.so no_pass_expiry
|
||||
account include system-auth
|
||||
|
||||
session required pam_selinux.so close
|
||||
session required pam_selinux.so nottys open
|
||||
session required pam_loginuid.so
|
||||
session required pam_namespace.so
|
||||
-session optional pam_systemd_home.so
|
||||
session include system-auth
|
356
systemd.spec
356
systemd.spec
|
@ -1,8 +1,6 @@
|
|||
#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
|
||||
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
|
||||
|
||||
%global stable 1
|
||||
|
||||
# We ship a .pc file but don't want to have a dep on pkg-config. We
|
||||
# strip the automatically generated dep here and instead co-own the
|
||||
# directory.
|
||||
|
@ -17,28 +15,37 @@
|
|||
%global elf_suffix ()%{elf_bits}
|
||||
%endif
|
||||
|
||||
%bcond bzip2 1
|
||||
%bcond gnutls 1
|
||||
%bcond lz4 1
|
||||
%bcond xz 1
|
||||
%bcond zlib 1
|
||||
%bcond zstd 1
|
||||
|
||||
# Bootstrap may be needed to break circular dependencies with cryptsetup,
|
||||
# e.g. when re-building cryptsetup on a json-c SONAME-bump.
|
||||
%bcond_with bootstrap
|
||||
%bcond_without tests
|
||||
%bcond_without lto
|
||||
%bcond bootstrap 0
|
||||
%bcond tests 1
|
||||
%bcond lto 1
|
||||
|
||||
# Support for quick builds with rpmbuild --build-in-place.
|
||||
# See README.build-in-place.
|
||||
%bcond_with inplace
|
||||
%bcond inplace 0
|
||||
|
||||
Name: systemd
|
||||
Url: https://www.freedesktop.org/wiki/Software/systemd
|
||||
Url: https://systemd.io
|
||||
%if %{without inplace}
|
||||
Version: 251.4
|
||||
Version: 254.5
|
||||
%else
|
||||
# determine the build information from local checkout
|
||||
Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
|
||||
%endif
|
||||
Release: %autorelease -b 28 -e 3.riscv64
|
||||
Release: %autorelease -e 0.riscv64
|
||||
|
||||
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
|
||||
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
|
||||
Summary: System and Service Manager
|
||||
|
||||
# download tarballs with "spectool -g systemd.spec"
|
||||
|
@ -66,18 +73,21 @@ Source7: systemd-journal-remote.xml
|
|||
Source8: systemd-journal-gatewayd.xml
|
||||
Source9: 20-yama-ptrace.conf
|
||||
Source10: systemd-udev-trigger-no-reload.conf
|
||||
Source12: systemd-user
|
||||
Source13: libsystemd-shared.abignore
|
||||
# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports
|
||||
Source13: .abignore
|
||||
|
||||
Source14: 10-oomd-defaults.conf
|
||||
Source15: 10-oomd-root-slice-defaults.conf
|
||||
Source16: 10-oomd-user-service-defaults.conf
|
||||
Source15: 10-oomd-per-slice-defaults.conf
|
||||
Source16: 10-timeout-abort.conf
|
||||
Source17: 10-map-count.conf
|
||||
|
||||
Source21: macros.sysusers
|
||||
Source22: sysusers.attr
|
||||
Source23: sysusers.prov
|
||||
Source24: sysusers.generate-pre.sh
|
||||
|
||||
Source25: 98-default-mac-none.link
|
||||
|
||||
%if 0
|
||||
GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
|
||||
i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
|
||||
|
@ -90,16 +100,32 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
|
|||
# than in the next section. Packit CI will drop any patches in this range before
|
||||
# applying upstream pull requests.
|
||||
|
||||
# https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot
|
||||
Patch0001: https://github.com/systemd/systemd/commit/93651582ae.patch
|
||||
# Work-around for dracut issue: run generators directly when we are in initrd
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2164404
|
||||
Patch0001: https://github.com/systemd/systemd/pull/26494.patch
|
||||
|
||||
# Backport of patches that allow reloading of units
|
||||
Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch
|
||||
|
||||
# Backport of improvements to console keyboard layout guessing
|
||||
# https://github.com/systemd/systemd/pull/29215
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1912609
|
||||
Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch
|
||||
Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch
|
||||
Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch
|
||||
Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch
|
||||
|
||||
# Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
|
||||
Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch
|
||||
Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch
|
||||
Patch0012: 0003-ci-add-test-for-poll-limit.patch
|
||||
|
||||
# Those are downstream-only patches, but we don't want them in packit builds:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
|
||||
Patch0490: use-bfq-scheduler.patch
|
||||
|
||||
# Other downstream-only patches (5000–9999)
|
||||
# https://github.com/systemd/systemd/pull/17050
|
||||
Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
|
||||
# Adjust upstream config to use our shared stack
|
||||
Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch
|
||||
|
||||
%ifarch %{ix86} x86_64 aarch64
|
||||
%global have_gnu_efi 1
|
||||
|
@ -126,19 +152,31 @@ BuildRequires: /usr/bin/getfacl
|
|||
BuildRequires: libacl-devel
|
||||
BuildRequires: gobject-introspection-devel
|
||||
BuildRequires: libblkid-devel
|
||||
%if %{with xz}
|
||||
BuildRequires: xz-devel
|
||||
BuildRequires: xz
|
||||
%endif
|
||||
%if %{with lz4}
|
||||
BuildRequires: lz4-devel
|
||||
BuildRequires: lz4
|
||||
%endif
|
||||
%if %{with bzip2}
|
||||
BuildRequires: bzip2-devel
|
||||
%endif
|
||||
%if %{with zstd}
|
||||
BuildRequires: libzstd-devel
|
||||
%endif
|
||||
BuildRequires: libidn2-devel
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: kmod-devel
|
||||
BuildRequires: elfutils-devel
|
||||
BuildRequires: openssl-devel
|
||||
%if %{with gnutls}
|
||||
BuildRequires: gnutls-devel
|
||||
%endif
|
||||
%if %{undefined rhel}
|
||||
BuildRequires: qrencode-devel
|
||||
%endif
|
||||
BuildRequires: libmicrohttpd-devel
|
||||
BuildRequires: libxkbcommon-devel
|
||||
BuildRequires: iptables-devel
|
||||
|
@ -155,12 +193,19 @@ BuildRequires: gperf
|
|||
BuildRequires: gawk
|
||||
BuildRequires: tree
|
||||
BuildRequires: hostname
|
||||
BuildRequires: python3dist(lxml)
|
||||
BuildRequires: python3
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3dist(jinja2)
|
||||
BuildRequires: firewalld-filesystem
|
||||
%if 0%{?have_gnu_efi}
|
||||
BuildRequires: gnu-efi gnu-efi-devel
|
||||
BuildRequires: python3dist(lxml)
|
||||
BuildRequires: python3dist(pefile)
|
||||
%if %{undefined rhel}
|
||||
BuildRequires: python3dist(pillow)
|
||||
BuildRequires: python3dist(pytest-flakes)
|
||||
%endif
|
||||
BuildRequires: python3dist(pytest)
|
||||
BuildRequires: python3dist(zstd)
|
||||
# gzip and lzma are provided by the stdlib
|
||||
BuildRequires: firewalld-filesystem
|
||||
BuildRequires: libseccomp-devel
|
||||
BuildRequires: meson >= 0.43
|
||||
BuildRequires: gettext
|
||||
|
@ -178,19 +223,27 @@ BuildRequires: bpftool
|
|||
%global have_bpf 1
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora}
|
||||
%ifarch x86_64 aarch64
|
||||
%global have_xen 1
|
||||
# That package is only built for those two architectures
|
||||
BuildRequires: xen-devel
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Requires(post): coreutils
|
||||
Requires(post): grep
|
||||
# systemd-machine-id-setup requires libssl
|
||||
Requires(post): openssl-libs
|
||||
Requires: dbus >= 1.9.18
|
||||
Requires: %{name}-pam = %{version}-%{release}
|
||||
Requires: %{name}-pam%{_isa} = %{version}-%{release}
|
||||
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: %{name}-libs%{_isa} = %{version}-%{release}
|
||||
%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}}
|
||||
%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}}
|
||||
Recommends: diffutils
|
||||
Requires: (util-linux-core or util-linux)
|
||||
Recommends: libxkbcommon%{?_isa}
|
||||
Recommends: libxkbcommon%{_isa}
|
||||
Provides: /bin/systemctl
|
||||
Provides: /sbin/shutdown
|
||||
Provides: syslog
|
||||
|
@ -208,10 +261,14 @@ Conflicts: fedora-release < 23-0.12
|
|||
%endif
|
||||
Obsoletes: timedatex < 0.6-3
|
||||
Provides: timedatex = 0.6-3
|
||||
Conflicts: %{name}-standalone-repart < %{version}-%{release}^
|
||||
Provides: %{name}-repart = %{version}-%{release}
|
||||
Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^
|
||||
Provides: %{name}-tmpfiles = %{version}-%{release}
|
||||
Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^
|
||||
Provides: %{name}-sysusers = %{version}-%{release}
|
||||
Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^
|
||||
Provides: %{name}-shutdown = %{version}-%{release}
|
||||
|
||||
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
|
||||
Recommends: libidn2.so.0%{?elf_suffix}
|
||||
|
@ -219,9 +276,11 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
|
|||
Recommends: libpcre2-8.so.0%{?elf_suffix}
|
||||
Recommends: libpwquality.so.1%{?elf_suffix}
|
||||
Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
|
||||
%if %{undefined rhel}
|
||||
Recommends: libqrencode.so.4%{?elf_suffix}
|
||||
Recommends: libbpf.so.0%{?elf_suffix}
|
||||
Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits}
|
||||
%endif
|
||||
Recommends: libbpf.so.1%{?elf_suffix}
|
||||
Recommends: libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits}
|
||||
|
||||
# used by systemd-coredump and systemd-analyze
|
||||
Recommends: libdw.so.1%{?elf_suffix}
|
||||
|
@ -245,12 +304,12 @@ utilities to control basic system configuration like the hostname, date, locale,
|
|||
maintain a list of logged-in users, system accounts, runtime directories and
|
||||
settings, and a logging daemons.
|
||||
%if 0%{?stable}
|
||||
This package was built from the %{version}-stable branch of systemd.
|
||||
This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd.
|
||||
%endif
|
||||
|
||||
%package libs
|
||||
Summary: systemd libraries
|
||||
License: LGPLv2+ and MIT
|
||||
License: LGPL-2.1-or-later AND MIT
|
||||
Obsoletes: libudev < 183
|
||||
Obsoletes: systemd < 185-4
|
||||
Conflicts: systemd < 185-4
|
||||
|
@ -282,8 +341,9 @@ for information how to use those macros.
|
|||
|
||||
%package devel
|
||||
Summary: Development headers for systemd
|
||||
License: LGPLv2+ and MIT
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
License: LGPL-2.1-or-later AND MIT
|
||||
Requires: %{name}-libs%{_isa} = %{version}-%{release}
|
||||
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
|
||||
Provides: libudev-devel = %{version}
|
||||
Provides: libudev-devel%{_isa} = %{version}
|
||||
Obsoletes: libudev-devel < 183
|
||||
|
@ -294,9 +354,9 @@ to libudev or libsystemd.
|
|||
|
||||
%package udev
|
||||
Summary: Rule-based device node and kernel event manager
|
||||
License: LGPLv2+
|
||||
License: LGPL-2.1-or-later
|
||||
|
||||
Requires: systemd%{?_isa} = %{version}-%{release}
|
||||
Requires: systemd%{_isa} = %{version}-%{release}
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
@ -307,6 +367,8 @@ Obsoletes: systemd < 245.6-1
|
|||
Provides: udev = %{version}
|
||||
Provides: udev%{_isa} = %{version}
|
||||
Obsoletes: udev < 183
|
||||
Requires: (grubby > 8.40-72 if grubby)
|
||||
Requires: (sdubby > 1.0-3 if sdubby)
|
||||
|
||||
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
|
||||
# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
|
||||
|
@ -319,8 +381,9 @@ Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits}
|
|||
Recommends: libelf.so.1%{?elf_suffix}
|
||||
Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits}
|
||||
|
||||
# used by home, cryptsetup, cryptenroll
|
||||
# used by home, cryptsetup, cryptenroll, logind
|
||||
Recommends: libfido2.so.1%{?elf_suffix}
|
||||
Recommends: libp11-kit.so.0%{?elf_suffix}
|
||||
Recommends: libtss2-esys.so.0%{?elf_suffix}
|
||||
Recommends: libtss2-mu.so.0%{?elf_suffix}
|
||||
Recommends: libtss2-rc.so.0%{?elf_suffix}
|
||||
|
@ -334,6 +397,9 @@ Requires: kbd
|
|||
Provides: u2f-hidraw-policy = 1.0.2-40
|
||||
Obsoletes: u2f-hidraw-policy < 1.0.2-40
|
||||
|
||||
# self-obsoletes to install both packages after split of systemd-boot
|
||||
Obsoletes: systemd-udev < 252.2^
|
||||
|
||||
%description udev
|
||||
This package contains systemd-udev and the rules and hardware database needed to
|
||||
manage device nodes. This package is necessary on physical machines and in
|
||||
|
@ -344,10 +410,49 @@ This package also provides systemd-timesyncd, a network time protocol daemon.
|
|||
It also contains tools to manage encrypted home areas and secrets bound to the
|
||||
machine, and to create or grow partitions and make file systems automatically.
|
||||
|
||||
%if 0%{?have_gnu_efi}
|
||||
%package ukify
|
||||
Summary: Tool to build Unified Kernel Images
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
Requires: python3dist(pefile)
|
||||
Requires: python3dist(zstd)
|
||||
Requires: python3dist(cryptography)
|
||||
Recommends: python3dist(pillow)
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
%description ukify
|
||||
This package provides ukify, a script that combines a kernel image, an initrd,
|
||||
with a command line, and possibly PCR measurements and other metadata, into a
|
||||
Unified Kernel Image (UKI).
|
||||
|
||||
%package boot-unsigned
|
||||
Summary: UEFI boot manager (unsigned version)
|
||||
|
||||
Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release
|
||||
Provides: systemd-boot = %version-%release
|
||||
Provides: systemd-boot%{_isa} = %version-%release
|
||||
# A provides with just the version, no release or dist, used to build systemd-boot
|
||||
Provides: version(systemd-boot-unsigned) = %version
|
||||
Provides: version(systemd-boot-unsigned)%{_isa} = %version
|
||||
|
||||
# self-obsoletes to install both packages after split of systemd-boot
|
||||
Obsoletes: systemd-udev < 252.2^
|
||||
|
||||
%description boot-unsigned
|
||||
systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a
|
||||
graphical menu to select the entry to boot and an editor for the kernel command
|
||||
line. systemd-boot supports systems with UEFI firmware only.
|
||||
|
||||
This package contains the unsigned version. Install systemd-boot instead to get
|
||||
the version that works with Secure Boot.
|
||||
%endif
|
||||
|
||||
%package container
|
||||
# Name is the same as in Debian
|
||||
Summary: Tools for containers and VMs
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
@ -355,7 +460,7 @@ Requires(postun): systemd
|
|||
Obsoletes: %{name} < 229-5
|
||||
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
|
||||
Suggests: libcurl-minimal
|
||||
License: LGPLv2+
|
||||
License: LGPL-2.1-or-later
|
||||
|
||||
%description container
|
||||
Systemd tools to spawn and manage containers and virtual machines.
|
||||
|
@ -366,8 +471,8 @@ systemd-importd.
|
|||
%package journal-remote
|
||||
# Name is the same as in Debian
|
||||
Summary: Tools to send journal events over the network
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
License: LGPLv2+
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
License: LGPL-2.1-or-later
|
||||
Requires: firewalld-filesystem
|
||||
Provides: %{name}-journal-gateway = %{version}-%{release}
|
||||
Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release}
|
||||
|
@ -384,8 +489,8 @@ systemd-journal-upload.
|
|||
|
||||
%package networkd
|
||||
Summary: System daemon that manages network configurations
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
License: LGPLv2+
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
License: LGPL-2.1-or-later
|
||||
# https://src.fedoraproject.org/rpms/systemd/pull-request/34
|
||||
Obsoletes: systemd < 246.6-2
|
||||
|
||||
|
@ -396,7 +501,7 @@ devices.
|
|||
|
||||
%package resolved
|
||||
Summary: Network Name Resolution manager
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
Obsoletes: %{name} < 249~~
|
||||
Requires: libidn2.so.0%{?elf_suffix}
|
||||
Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
|
||||
|
@ -410,7 +515,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder.
|
|||
%package oomd-defaults
|
||||
Summary: Configuration files for systemd-oomd
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
License: LGPLv2+
|
||||
License: LGPL-2.1-or-later
|
||||
BuildArch: noarch
|
||||
|
||||
%description oomd-defaults
|
||||
|
@ -419,40 +524,69 @@ a userspace out-of-memory (OOM) killer.
|
|||
|
||||
%package tests
|
||||
Summary: Internal unit tests for systemd
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
License: LGPLv2+
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
# This dependency is provided transitively. Also add it explicitly to
|
||||
# appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231:
|
||||
Requires: %{name}-libs%{_isa} = %{version}-%{release}
|
||||
|
||||
License: LGPL-2.1-or-later
|
||||
|
||||
%description tests
|
||||
"Installed tests" that are usually run as part of the build system. They can be
|
||||
useful to test systemd internals.
|
||||
|
||||
%package standalone-repart
|
||||
Summary: Standalone systemd-repart binary for use on systems without systemd
|
||||
Provides: %{name}-repart = %{version}-%{release}
|
||||
RemovePathPostfixes: .standalone
|
||||
|
||||
%description standalone-repart
|
||||
Standalone systemd-repart binary with no dependencies on the systemd-shared library or
|
||||
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||
package and is meant for use on systems without systemd.
|
||||
|
||||
%package standalone-tmpfiles
|
||||
Summary: Standalone tmpfiles binary for use in non-systemd systems
|
||||
Summary: Standalone systemd-tmpfiles binary for use on systems without systemd
|
||||
Provides: %{name}-tmpfiles = %{version}-%{release}
|
||||
RemovePathPostfixes: .standalone
|
||||
|
||||
%description standalone-tmpfiles
|
||||
Standalone tmpfiles binary with no dependencies on the systemd-shared library or
|
||||
Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or
|
||||
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||
package and is meant for use in non-systemd systems.
|
||||
package and is meant for use on systems without systemd.
|
||||
|
||||
%package standalone-sysusers
|
||||
Summary: Standalone sysusers binary for use in non-systemd systems
|
||||
Summary: Standalone systemd-sysusers binary for use on systems without systemd
|
||||
Provides: %{name}-sysusers = %{version}-%{release}
|
||||
RemovePathPostfixes: .standalone
|
||||
|
||||
%description standalone-sysusers
|
||||
Standalone sysusers binary with no dependencies on the systemd-shared library or
|
||||
Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or
|
||||
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||
package and is meant for use in non-systemd systems.
|
||||
package and is meant for use on systems without systemd.
|
||||
|
||||
%package standalone-shutdown
|
||||
Summary: Standalone systemd-shutdown binary for use on systems without systemd
|
||||
Provides: %{name}-shutdown = %{version}-%{release}
|
||||
RemovePathPostfixes: .standalone
|
||||
|
||||
%description standalone-shutdown
|
||||
Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or
|
||||
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||
package and is meant for use in exitrds.
|
||||
|
||||
%prep
|
||||
%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
|
||||
%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1
|
||||
|
||||
test -f src/login/systemd-user.in
|
||||
# Restore systemd-user pam config from before "removal of Fedora-specific bits".
|
||||
# We'll systemd process it and install in the right place.
|
||||
cp %{SOURCE12} src/login/systemd-user.in
|
||||
%generate_buildrequires
|
||||
%if 0%{?have_gnu_efi}
|
||||
if grep -q gnu-efi meson_options.txt; then
|
||||
echo 'gnu-efi'
|
||||
echo 'gnu-efi-devel'
|
||||
else
|
||||
echo 'python3dist(pyelftools)'
|
||||
fi
|
||||
%endif
|
||||
|
||||
%build
|
||||
%global ntpvendor %(source /etc/os-release; echo ${ID})
|
||||
|
@ -477,11 +611,11 @@ CONFIGURE_OPTS=(
|
|||
-Dbpf-framework=%[0%{?have_bpf}?"true":"false"]
|
||||
-Dapparmor=false
|
||||
-Dpolkit=true
|
||||
-Dxz=true
|
||||
-Dzlib=true
|
||||
-Dbzip2=true
|
||||
-Dlz4=true
|
||||
-Dzstd=true
|
||||
-Dxz=%[%{with xz}?"true":"false"]
|
||||
-Dzlib=%[%{with zlib}?"true":"false"]
|
||||
-Dbzip2=%[%{with bzip2}?"true":"false"]
|
||||
-Dlz4=%[%{with lz4}?"true":"false"]
|
||||
-Dzstd=%[%{with zstd}?"true":"false"]
|
||||
-Dpam=true
|
||||
-Dacl=true
|
||||
-Dsmack=true
|
||||
|
@ -494,15 +628,15 @@ CONFIGURE_OPTS=(
|
|||
-Dlibcryptsetup=%[%{with bootstrap}?"false":"true"]
|
||||
-Delfutils=true
|
||||
-Dpwquality=true
|
||||
-Dqrencode=true
|
||||
-Dgnutls=true
|
||||
-Dqrencode=%[%{defined rhel}?"false":"true"]
|
||||
-Dgnutls=%[%{with gnutls}?"true":"false"]
|
||||
-Dmicrohttpd=true
|
||||
-Dlibidn2=true
|
||||
-Dlibiptc=false
|
||||
-Dlibcurl=true
|
||||
-Dlibfido2=true
|
||||
-Dxenctrl=%[0%{?have_xen}?"true":"false"]
|
||||
-Defi=true
|
||||
-Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"]
|
||||
-Dtpm=true
|
||||
-Dtpm2=true
|
||||
-Dhwdb=true
|
||||
|
@ -533,6 +667,9 @@ CONFIGURE_OPTS=(
|
|||
-Ddefault-llmnr=resolve
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2028169
|
||||
-Dstatus-unit-format-default=combined
|
||||
# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
|
||||
-Ddefault-timeout-sec=45
|
||||
-Ddefault-user-timeout-sec=45
|
||||
-Doomd=true
|
||||
-Dadm-gid=4
|
||||
-Daudio-gid=63
|
||||
|
@ -557,6 +694,20 @@ CONFIGURE_OPTS=(
|
|||
# -Dsystemd-timesync-uid=, not set yet
|
||||
)
|
||||
|
||||
if grep gnu-efi meson_options.txt; then
|
||||
CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] )
|
||||
else
|
||||
# For now, let's build the bootloader in the same places where we
|
||||
# built with gnu-efi. Later on, we might want to extend coverage, but
|
||||
# considering that that support is untested, let's not do this now.
|
||||
# Note, ukify requires bootloader, let's also explicitly enable/disable it
|
||||
# here for https://github.com/systemd/systemd/pull/24175.
|
||||
CONFIGURE_OPTS+=(
|
||||
-Dbootloader=%[%{?have_gnu_efi}?"true":"false"]
|
||||
-Dukify=%[%{?have_gnu_efi}?"true":"false"]
|
||||
)
|
||||
fi
|
||||
|
||||
%if %{without lto}
|
||||
%global _lto_cflags %nil
|
||||
%endif
|
||||
|
@ -580,6 +731,8 @@ if ! diff -u %{SOURCE1} ${new_triggers}; then
|
|||
sleep 5
|
||||
fi
|
||||
|
||||
sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user
|
||||
|
||||
%install
|
||||
%meson_install
|
||||
|
||||
|
@ -665,16 +818,30 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
|
|||
|
||||
# systemd-oomd default configuration
|
||||
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
|
||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/-.slice.d/ %{SOURCE15}
|
||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/user@.service.d/ %{SOURCE16}
|
||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
|
||||
install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}
|
||||
# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
|
||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16}
|
||||
install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf
|
||||
|
||||
# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
|
||||
install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17}
|
||||
|
||||
sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py
|
||||
|
||||
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21}
|
||||
# Use rpm's own sysusers provides where available
|
||||
%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10)
|
||||
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
|
||||
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
|
||||
%endif
|
||||
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2107754
|
||||
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25}
|
||||
|
||||
ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel
|
||||
|
||||
%find_lang %{name}
|
||||
|
||||
# Split files in build root into rpms. See split-files.py for the
|
||||
|
@ -682,7 +849,7 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
|
|||
# here.
|
||||
python3 %{SOURCE2} %buildroot <<EOF
|
||||
%ghost %config(noreplace) /etc/crypttab
|
||||
%ghost /etc/udev/hwdb.bin
|
||||
%ghost %attr(0444,root,root) /etc/udev/hwdb.bin
|
||||
/etc/inittab
|
||||
/usr/lib/systemd/purge-nobody-user
|
||||
%ghost %config(noreplace) /etc/vconsole.conf
|
||||
|
@ -708,7 +875,7 @@ python3 %{SOURCE2} %buildroot <<EOF
|
|||
%ghost %dir /var/lib/systemd/coredump
|
||||
%ghost /var/lib/systemd/journal-upload
|
||||
%ghost %dir /var/lib/systemd/linger
|
||||
%ghost /var/lib/systemd/random-seed
|
||||
%ghost %attr(0600,root,root) /var/lib/systemd/random-seed
|
||||
%ghost %dir /var/lib/systemd/rfkill
|
||||
%ghost %dir %verify(not mode group) /var/log/journal
|
||||
%ghost %dir /var/log/journal/remote
|
||||
|
@ -791,10 +958,16 @@ if [ $1 -eq 1 ]; then
|
|||
systemd-tmpfiles --create &>/dev/null || :
|
||||
fi
|
||||
|
||||
%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
|
||||
%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
|
||||
|
||||
# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
|
||||
# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec
|
||||
|
||||
# This is the explanded form of %%systemd_user_daemon_reexec. We
|
||||
# can't use the macro because we define it ourselves.
|
||||
if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
|
||||
# Package upgrade, not uninstall
|
||||
/usr/lib/systemd/systemd-update-helper user-reexec || :
|
||||
fi
|
||||
|
||||
%triggerun resolved -- systemd < 246.1-1
|
||||
# This is for upgrades from previous versions before systemd-resolved became the default.
|
||||
|
@ -812,13 +985,18 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
|
|||
systemctl start systemd-resolved.service &>/dev/null || :
|
||||
fi
|
||||
|
||||
%triggerpostun -- systemd < 247.3-2
|
||||
%triggerun -- systemd < 247.3-2
|
||||
# This is for upgrades from previous versions before oomd-defaults is available.
|
||||
# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with
|
||||
# a different package version.
|
||||
systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
|
||||
|
||||
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service}
|
||||
%triggerpostun -- systemd < 253~rc1-2
|
||||
# This is for upgrades from previous versions where systemd-journald-audit.socket
|
||||
# had a static enablement symlink.
|
||||
# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with
|
||||
# a different package version.
|
||||
systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || :
|
||||
|
||||
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target
|
||||
|
||||
%post udev
|
||||
# Move old stuff around in /var/lib
|
||||
|
@ -913,6 +1091,8 @@ fi
|
|||
[ $1 -eq 1 ] || exit 0
|
||||
# Initial installation
|
||||
|
||||
touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
|
||||
|
||||
# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
|
||||
if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
|
||||
echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
|
||||
|
@ -922,14 +1102,17 @@ fi
|
|||
%systemd_post systemd-resolved.service
|
||||
|
||||
%posttrans resolved
|
||||
[ $1 -eq 1 ] || exit 0
|
||||
[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0
|
||||
rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
|
||||
# Initial installation
|
||||
|
||||
# Create /etc/resolv.conf symlink.
|
||||
# We would also create it using tmpfiles, but let's do this here
|
||||
# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
|
||||
# does not do this, because it's marked with ! and we don't specify --boot.)
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1873856
|
||||
# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856)
|
||||
#
|
||||
# We would also create it using tmpfiles, but let's do this here too
|
||||
# before NetworkManager gets a chance. (systemd-tmpfiles invocation
|
||||
# above does not do this, because the line is marked with ! and
|
||||
# tmpfiles is invoked without --boot in the scriptlet.)
|
||||
#
|
||||
# *Create* the symlink if nothing is present yet.
|
||||
# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)
|
||||
|
@ -991,6 +1174,11 @@ fi
|
|||
|
||||
%files udev -f .file-list-udev
|
||||
|
||||
%if 0%{?have_gnu_efi}
|
||||
%files ukify -f .file-list-ukify
|
||||
%files boot-unsigned -f .file-list-boot
|
||||
%endif
|
||||
|
||||
%files container -f .file-list-container
|
||||
%ghost %dir %attr(0700,-,-) /var/lib/machines
|
||||
|
||||
|
@ -1002,9 +1190,19 @@ fi
|
|||
|
||||
%files tests -f .file-list-tests
|
||||
|
||||
%files standalone-repart -f .file-list-standalone-repart
|
||||
|
||||
%files standalone-tmpfiles -f .file-list-standalone-tmpfiles
|
||||
|
||||
%files standalone-sysusers -f .file-list-standalone-sysusers
|
||||
|
||||
%files standalone-shutdown -f .file-list-standalone-shutdown
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
rm -f 10-timeout-abort.conf.user
|
||||
rm -f .file-list-*
|
||||
rm -f %{name}.lang
|
||||
|
||||
%changelog
|
||||
%autochangelog
|
||||
|
|
|
@ -1,79 +1,96 @@
|
|||
#!/bin/bash
|
||||
# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*-
|
||||
|
||||
# This script turns sysuser.d files into scriptlets mandated by Fedora
|
||||
# packaging guidelines. The general idea is to define users using the
|
||||
# declarative syntax but to turn this into traditional scriptlets.
|
||||
|
||||
user() {
|
||||
user="$1"
|
||||
uid="$2"
|
||||
desc="$3"
|
||||
group="$4"
|
||||
home="$5"
|
||||
shell="$6"
|
||||
user="$1"
|
||||
uid="$2"
|
||||
desc="$3"
|
||||
group="$4"
|
||||
home="$5"
|
||||
shell="$6"
|
||||
|
||||
[ "$desc" = '-' ] && desc=
|
||||
{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
|
||||
{ [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin
|
||||
[ "$desc" = '-' ] && desc=
|
||||
{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
|
||||
{ [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin
|
||||
|
||||
if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
|
||||
cat <<EOF
|
||||
getent passwd '$user' >/dev/null || \\
|
||||
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
|
||||
EOF
|
||||
else
|
||||
cat <<EOF
|
||||
if ! getent passwd '$user' >/dev/null; then
|
||||
if ! getent passwd '$uid' >/dev/null; then
|
||||
useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
|
||||
else
|
||||
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
|
||||
fi
|
||||
fi
|
||||
if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
|
||||
cat <<-EOF
|
||||
getent passwd '$user' >/dev/null || \\
|
||||
useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
|
||||
EOF
|
||||
else
|
||||
cat <<-EOF
|
||||
if ! getent passwd ${user@Q} >/dev/null; then
|
||||
if ! getent passwd ${uid@Q} >/dev/null; then
|
||||
useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
|
||||
else
|
||||
useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
|
||||
fi
|
||||
fi
|
||||
|
||||
EOF
|
||||
fi
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
group() {
|
||||
group="$1"
|
||||
gid="$2"
|
||||
if [ "$gid" = '-' ]; then
|
||||
cat <<-EOF
|
||||
getent group '$group' >/dev/null || groupadd -r '$group' || :
|
||||
group="$1"
|
||||
gid="$2"
|
||||
|
||||
if [ "$gid" = '-' ]; then
|
||||
cat <<-EOF
|
||||
getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || :
|
||||
EOF
|
||||
else
|
||||
cat <<-EOF
|
||||
getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || :
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
usermod() {
|
||||
user="$1"
|
||||
group="$2"
|
||||
|
||||
cat <<-EOF
|
||||
if getent group ${group@Q} >/dev/null; then
|
||||
usermod -a -G ${group@Q} '$user' || :
|
||||
fi
|
||||
EOF
|
||||
else
|
||||
cat <<-EOF
|
||||
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
parse() {
|
||||
while read -r line || [ -n "$line" ] ; do
|
||||
{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
|
||||
line="${line## *}"
|
||||
[ -z "$line" ] && continue
|
||||
eval "arr=( $line )"
|
||||
case "${arr[0]}" in
|
||||
('u')
|
||||
group "${arr[1]}" "${arr[2]}"
|
||||
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
||||
# TODO: user:group support
|
||||
;;
|
||||
('g')
|
||||
group "${arr[1]}" "${arr[2]}"
|
||||
;;
|
||||
('m')
|
||||
group "${arr[2]}" "-"
|
||||
user "${arr[1]}" "-" "" "${arr[2]}"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
while read -r line || [ -n "$line" ] ; do
|
||||
{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
|
||||
line="${line## *}"
|
||||
[ -z "$line" ] && continue
|
||||
eval "arr=( $line )"
|
||||
case "${arr[0]}" in
|
||||
('u')
|
||||
if [[ "${arr[2]}" == *":"* ]]; then
|
||||
user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}"
|
||||
else
|
||||
group "${arr[1]}" "${arr[2]}"
|
||||
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
||||
fi
|
||||
;;
|
||||
('g')
|
||||
group "${arr[1]}" "${arr[2]}"
|
||||
;;
|
||||
('m')
|
||||
group "${arr[2]}" "-"
|
||||
user "${arr[1]}" "-" "" "${arr[1]}" "" ""
|
||||
usermod "${arr[1]}" "${arr[2]}"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
for fn in "$@"; do
|
||||
[ -e "$fn" ] || continue
|
||||
echo "# generated from $(basename "$fn")"
|
||||
parse <"$fn"
|
||||
[ -e "$fn" ] || continue
|
||||
echo "# generated from $(basename "$fn")"
|
||||
parse <"$fn"
|
||||
done
|
||||
|
|
|
@ -17,11 +17,7 @@
|
|||
/usr/lib/systemd/systemd-update-helper system-reload-restart || :
|
||||
|
||||
%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user
|
||||
if selinuxenabled &>/dev/null; then
|
||||
/usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || :
|
||||
else
|
||||
/usr/lib/systemd/systemd-update-helper user-reload-restart || :
|
||||
fi
|
||||
/usr/lib/systemd/systemd-update-helper user-reload-restart || :
|
||||
|
||||
%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
|
||||
# On removal, we need to run daemon-reload after any units have been
|
||||
|
@ -33,11 +29,7 @@ fi
|
|||
|
||||
%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user
|
||||
# Execute daemon-reload in user managers.
|
||||
if selinuxenabled &>/dev/null; then
|
||||
/usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || :
|
||||
else
|
||||
/usr/lib/systemd/systemd-update-helper user-reload || :
|
||||
fi
|
||||
/usr/lib/systemd/systemd-update-helper user-reload || :
|
||||
|
||||
%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
|
||||
# We restart remaining system services that should be restarted here.
|
||||
|
@ -45,11 +37,7 @@ fi
|
|||
|
||||
%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user
|
||||
# We restart remaining user services that should be restarted here.
|
||||
if selinuxenabled &>/dev/null; then
|
||||
/usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || :
|
||||
else
|
||||
/usr/lib/systemd/systemd-update-helper user-restart || :
|
||||
fi
|
||||
/usr/lib/systemd/systemd-update-helper user-restart || :
|
||||
|
||||
%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
|
||||
# This script will process files installed in /usr/lib/sysusers.d to create
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
From 8a38bc402c8f7c656c7e356c37c432c7b3a8cd6f Mon Sep 17 00:00:00 2001
|
||||
From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 14 Aug 2019 15:57:42 +0200
|
||||
Subject: [PATCH] udev: use bfq as the default scheduler
|
||||
|
@ -17,24 +17,27 @@ See the bug for more discussion and links.
|
|||
|
||||
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
|
||||
new file mode 100644
|
||||
index 0000000000..480b941761
|
||||
index 0000000000..850b64540e
|
||||
--- /dev/null
|
||||
+++ b/rules.d/60-block-scheduler.rules
|
||||
@@ -0,0 +1,5 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+ACTION=="add", SUBSYSTEM=="block", \
|
||||
+ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \
|
||||
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
|
||||
+ ATTR{queue/scheduler}="bfq"
|
||||
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||
index a582e4e922..d300c382fc 100644
|
||||
index 20fca222da..94fee9d7c0 100644
|
||||
--- a/rules.d/meson.build
|
||||
+++ b/rules.d/meson.build
|
||||
@@ -8,6 +8,7 @@ rules = [
|
||||
@@ -7,6 +7,7 @@ install_data(
|
||||
rules = [
|
||||
[files('60-autosuspend.rules',
|
||||
'60-block.rules',
|
||||
'60-cdrom_id.rules',
|
||||
+ '60-block-scheduler.rules',
|
||||
'60-cdrom_id.rules',
|
||||
'60-dmi-id.rules',
|
||||
'60-drm.rules',
|
||||
'60-evdev.rules',
|
||||
'60-fido-id.rules',
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
|
Loading…
Reference in New Issue