Compare commits
108 Commits
208e342f29
...
b28b4b7e65
Author | SHA1 | Date |
---|---|---|
David Abdurachmanov | b28b4b7e65 | |
David Abdurachmanov | 44f4eef37a | |
Zbigniew Jędrzejewski-Szmek | a9b4725785 | |
Zbigniew Jędrzejewski-Szmek | 99506ee643 | |
Zbigniew Jędrzejewski-Szmek | bb2f5f0fab | |
Zbigniew Jędrzejewski-Szmek | 9a522c2a5a | |
Adam Williamson | 18e1ed3201 | |
Zbigniew Jędrzejewski-Szmek | 592d710bfd | |
Zbigniew Jędrzejewski-Szmek | bd2499ee33 | |
Zbigniew Jędrzejewski-Szmek | 5dfe4c64c5 | |
Zbigniew Jędrzejewski-Szmek | 3f41433302 | |
Zbigniew Jędrzejewski-Szmek | 360975c08b | |
Zbigniew Jędrzejewski-Szmek | f66faf9fa1 | |
Zbigniew Jędrzejewski-Szmek | 32656b2b87 | |
Zbigniew Jędrzejewski-Szmek | 6674346bfd | |
Zbigniew Jędrzejewski-Szmek | 8365e8181d | |
Zbigniew Jędrzejewski-Szmek | 14701a7bc8 | |
Zbigniew Jędrzejewski-Szmek | c95e750cfb | |
Zbigniew Jędrzejewski-Szmek | 11c465372a | |
Daan De Meyer | c4232bef96 | |
Daan De Meyer | 46dc8f5060 | |
Yu Watanabe | 45fc64ccd0 | |
Yu Watanabe | 49575fa6ed | |
Zbigniew Jędrzejewski-Szmek | f5162af2a6 | |
Zbigniew Jędrzejewski-Szmek | 3c4a463e49 | |
Zbigniew Jędrzejewski-Szmek | 453f57749f | |
Zbigniew Jędrzejewski-Szmek | c4c8de9e3e | |
Daan De Meyer | 993f682ecc | |
Daan De Meyer | 2b6870dbdc | |
Daan De Meyer | 6775af66c5 | |
Zbigniew Jędrzejewski-Szmek | d9fe7ec043 | |
Zbigniew Jędrzejewski-Szmek | 1edbd67466 | |
Fedora Release Engineering | 8e1134ffe7 | |
Zbigniew Jędrzejewski-Szmek | 219083fc04 | |
Stewart Smith | 5c840a72b5 | |
Stewart Smith | 379f9bfba1 | |
Zbigniew Jędrzejewski-Szmek | c50dc7ccda | |
Zbigniew Jędrzejewski-Szmek | d80a45533d | |
Yaakov Selkowitz | 9c05b44a4b | |
Panu Matilainen | dce828f167 | |
Anita Zhang | d64ddbaa83 | |
Yaakov Selkowitz | 5982ae9504 | |
Yaakov Selkowitz | 4980b39c44 | |
Alessandro Astone | aedd5488be | |
Zbigniew Jędrzejewski-Szmek | 21df2af848 | |
Zbigniew Jędrzejewski-Szmek | 3d02d53d87 | |
Michael Catanzaro | 806c95e1c7 | |
Zbigniew Jędrzejewski-Szmek | 5448e2ee0e | |
Zbigniew Jędrzejewski-Szmek | 7e62bd0762 | |
Zbigniew Jędrzejewski-Szmek | ef79df9490 | |
Zbigniew Jędrzejewski-Szmek | 1fa99260fc | |
Zbigniew Jędrzejewski-Szmek | 7f6f230506 | |
Zbigniew Jędrzejewski-Szmek | 1320fc3009 | |
Zbigniew Jędrzejewski-Szmek | 1a6178ce6e | |
Zbigniew Jędrzejewski-Szmek | 01af054efc | |
Zbigniew Jędrzejewski-Szmek | 9a0266ff7b | |
Zbigniew Jędrzejewski-Szmek | 5227302c98 | |
Zbigniew Jędrzejewski-Szmek | ddd4dcd1fe | |
Zbigniew Jędrzejewski-Szmek | 68db5d4680 | |
Zbigniew Jędrzejewski-Szmek | 7a81930dd2 | |
Zbigniew Jędrzejewski-Szmek | 55ee787b77 | |
Dusty Mabe | 6770ee3c6d | |
Dusty Mabe | cfc2c60978 | |
Zbigniew Jędrzejewski-Szmek | 0104b2cfb3 | |
Zbigniew Jędrzejewski-Szmek | 4bdd16eba5 | |
Zbigniew Jędrzejewski-Szmek | 296e35b054 | |
Zbigniew Jędrzejewski-Szmek | 4f23aac033 | |
Zbigniew Jędrzejewski-Szmek | b642986a84 | |
Zbigniew Jędrzejewski-Szmek | 8eea43e714 | |
Zbigniew Jędrzejewski-Szmek | 0dfb1a37e1 | |
Zbigniew Jędrzejewski-Szmek | eb6fe37e3c | |
Thomas Haller | aff167152e | |
Michael Catanzaro | ba02e90496 | |
Zbigniew Jędrzejewski-Szmek | 708a09cead | |
Zbigniew Jędrzejewski-Szmek | ba48b51817 | |
Yaakov Selkowitz | 3c935dd203 | |
Zbigniew Jędrzejewski-Szmek | 189f5d16f4 | |
Zbigniew Jędrzejewski-Szmek | efa3d301b9 | |
Zbigniew Jędrzejewski-Szmek | 58eb55671d | |
Zbigniew Jędrzejewski-Szmek | 903ce887fd | |
Zbigniew Jędrzejewski-Szmek | a142c87042 | |
Fedora Release Engineering | 17d16267e2 | |
Daan De Meyer | 67561d75bf | |
Zbigniew Jędrzejewski-Szmek | befb0e11dd | |
Zbigniew Jędrzejewski-Szmek | 732bdcb223 | |
Zbigniew Jędrzejewski-Szmek | 1d366e53d8 | |
Zbigniew Jędrzejewski-Szmek | 2a3fc2e21f | |
Zbigniew Jędrzejewski-Szmek | ef4c00c6a4 | |
Zbigniew Jędrzejewski-Szmek | 778f8ef8a5 | |
Zbigniew Jędrzejewski-Szmek | 54a3b6f942 | |
Zbigniew Jędrzejewski-Szmek | da37ad3139 | |
Martin Osvald | 83301531c0 | |
Zbigniew Jędrzejewski-Szmek | b3fa8789f9 | |
Zbigniew Jędrzejewski-Szmek | c6d202c6ac | |
Zbigniew Jędrzejewski-Szmek | eeb9a47dfb | |
Zbigniew Jędrzejewski-Szmek | 9acedf97ae | |
Zbigniew Jędrzejewski-Szmek | 6594cdc49b | |
Zbigniew Jędrzejewski-Szmek | bab6dfc23a | |
Zbigniew Jędrzejewski-Szmek | 3c5b26ff79 | |
Zbigniew Jędrzejewski-Szmek | b2ad8fb38b | |
Zbigniew Jędrzejewski-Szmek | 0b51ecfabd | |
Zbigniew Jędrzejewski-Szmek | 58777c7cac | |
Zbigniew Jędrzejewski-Szmek | 1ffb1df909 | |
Yu Watanabe | 38161d034a | |
Yu Watanabe | 0455d50768 | |
Luca BRUNO | f27d461663 | |
Anita Zhang | 7665e1796f | |
Zbigniew Jędrzejewski-Szmek | aac22baa3b |
|
@ -1,5 +1,7 @@
|
||||||
- project:
|
- project:
|
||||||
vars:
|
vars:
|
||||||
install_repo_exclude:
|
install_repo_exclude:
|
||||||
|
- systemd-standalone-repart
|
||||||
|
- systemd-standalone-shutdown
|
||||||
|
- systemd-standalone-sysusers
|
||||||
- systemd-standalone-tmpfiles
|
- systemd-standalone-tmpfiles
|
||||||
- systemd-standalone-sysuser
|
|
||||||
|
|
|
@ -0,0 +1,243 @@
|
||||||
|
From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Sat, 9 Sep 2023 14:46:32 +0200
|
||||||
|
Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units
|
||||||
|
|
||||||
|
This adds a new "PollLimit" pair of settings to .socket units, very
|
||||||
|
similar to existing "TriggerLimit" logic. The differences are:
|
||||||
|
|
||||||
|
* PollLimit focusses on the polling on the sockets, and pauses that
|
||||||
|
temporarily if a ratelimit on that is reached. TriggerLimit otoh
|
||||||
|
focusses on the triggering effect of socket units, and stops
|
||||||
|
triggering once the ratelimit is hit.
|
||||||
|
|
||||||
|
* While the trigger limit being hit is an action that causes the socket
|
||||||
|
unit to fail the polling limit being reached will just temporarily
|
||||||
|
disable polling on the socket fd, and it is resumed once the ratelimit
|
||||||
|
interval is over.
|
||||||
|
|
||||||
|
* When a socket unit operates on multiple socket fds (e,g, ListenStream=
|
||||||
|
on both some ipv6 and an ipv4 address or so). Then the PollLimit will
|
||||||
|
be specific to each fd, while the trigger limit is specific to the
|
||||||
|
whole unit.
|
||||||
|
|
||||||
|
Implementation-wise this is mostly a wrapper around sd-event's
|
||||||
|
sd_event_source_set_ratelimit(), which exposes the desired behaviour
|
||||||
|
directly.
|
||||||
|
|
||||||
|
Usecase for all of this: socket services which when overloaded with
|
||||||
|
connections should just slow down reception of it, but not fail
|
||||||
|
persistently.
|
||||||
|
|
||||||
|
(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e)
|
||||||
|
---
|
||||||
|
man/org.freedesktop.systemd1.xml | 12 ++++++++++
|
||||||
|
src/core/dbus-socket.c | 8 +++++++
|
||||||
|
src/core/load-fragment-gperf.gperf.in | 2 ++
|
||||||
|
src/core/socket.c | 32 +++++++++++++++++++--------
|
||||||
|
src/core/socket.h | 2 ++
|
||||||
|
src/shared/bus-unit-util.c | 10 +++++----
|
||||||
|
6 files changed, 53 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
|
||||||
|
index 56906e2f3b..0557dc2379 100644
|
||||||
|
--- a/man/org.freedesktop.systemd1.xml
|
||||||
|
+++ b/man/org.freedesktop.systemd1.xml
|
||||||
|
@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||||
|
readonly t TriggerLimitIntervalUSec = ...;
|
||||||
|
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||||
|
readonly u TriggerLimitBurst = ...;
|
||||||
|
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||||
|
+ readonly t PollLimitIntervalUSec = ...;
|
||||||
|
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||||
|
+ readonly u PollLimitBurst = ...;
|
||||||
|
readonly u UID = ...;
|
||||||
|
readonly u GID = ...;
|
||||||
|
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
|
||||||
|
@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||||
|
|
||||||
|
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitBurst"/>
|
||||||
|
|
||||||
|
+ <variablelist class="dbus-property" generated="True" extra-ref="PollLimitIntervalUSec"/>
|
||||||
|
+
|
||||||
|
+ <variablelist class="dbus-property" generated="True" extra-ref="PollLimitBurst"/>
|
||||||
|
+
|
||||||
|
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
|
||||||
|
|
||||||
|
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
|
||||||
|
@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||||
|
|
||||||
|
<!--End of Autogenerated section-->
|
||||||
|
|
||||||
|
+ <para><varname>PollLimitIntervalUSec</varname>/<varname>PollLimitBurst</varname> properties configure the
|
||||||
|
+ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to
|
||||||
|
+ zero the limiting feature is turned off.</para>
|
||||||
|
+
|
||||||
|
<refsect2>
|
||||||
|
<title>Properties</title>
|
||||||
|
|
||||||
|
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
|
||||||
|
index 09a3a9502b..04552b7c60 100644
|
||||||
|
--- a/src/core/dbus-socket.c
|
||||||
|
+++ b/src/core/dbus-socket.c
|
||||||
|
@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = {
|
||||||
|
SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
|
SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
|
SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
|
+ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
|
+ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
|
SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
||||||
|
SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
||||||
|
BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
|
||||||
|
@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property(
|
||||||
|
if (streq(name, "TriggerLimitBurst"))
|
||||||
|
return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error);
|
||||||
|
|
||||||
|
+ if (streq(name, "PollLimitBurst"))
|
||||||
|
+ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error);
|
||||||
|
+
|
||||||
|
if (streq(name, "SocketMode"))
|
||||||
|
return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error);
|
||||||
|
|
||||||
|
@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property(
|
||||||
|
if (streq(name, "TriggerLimitIntervalUSec"))
|
||||||
|
return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error);
|
||||||
|
|
||||||
|
+ if (streq(name, "PollLimitIntervalUSec"))
|
||||||
|
+ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error);
|
||||||
|
+
|
||||||
|
if (streq(name, "SmackLabel"))
|
||||||
|
return bus_set_transient_string(u, name, &s->smack, message, flags, error);
|
||||||
|
|
||||||
|
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
|
||||||
|
index b66adf2811..0d1ee9c231 100644
|
||||||
|
--- a/src/core/load-fragment-gperf.gperf.in
|
||||||
|
+++ b/src/core/load-fragment-gperf.gperf.in
|
||||||
|
@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname,
|
||||||
|
Socket.Service, config_parse_socket_service, 0, 0
|
||||||
|
Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval)
|
||||||
|
Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst)
|
||||||
|
+Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval)
|
||||||
|
+Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst)
|
||||||
|
{% if ENABLE_SMACK %}
|
||||||
|
Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack)
|
||||||
|
Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in)
|
||||||
|
diff --git a/src/core/socket.c b/src/core/socket.c
|
||||||
|
index 75034ac357..dc18744f54 100644
|
||||||
|
--- a/src/core/socket.c
|
||||||
|
+++ b/src/core/socket.c
|
||||||
|
@@ -101,6 +101,9 @@ static void socket_init(Unit *u) {
|
||||||
|
|
||||||
|
s->trigger_limit.interval = USEC_INFINITY;
|
||||||
|
s->trigger_limit.burst = UINT_MAX;
|
||||||
|
+
|
||||||
|
+ s->poll_limit_interval = USEC_INFINITY;
|
||||||
|
+ s->poll_limit_burst = UINT_MAX;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void socket_unwatch_control_pid(Socket *s) {
|
||||||
|
@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) {
|
||||||
|
* off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
|
||||||
|
* process whatever is queued in one go, and thus should normally never have to be started frequently. This is
|
||||||
|
* different for Accept=yes where each connection is processed by a new service instance, and thus frequent
|
||||||
|
- * service starts are typical. */
|
||||||
|
+ * service starts are typical.
|
||||||
|
+ *
|
||||||
|
+ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to
|
||||||
|
+ * trigger this earlier. */
|
||||||
|
|
||||||
|
if (s->trigger_limit.interval == USEC_INFINITY)
|
||||||
|
s->trigger_limit.interval = 2 * USEC_PER_SEC;
|
||||||
|
+ if (s->trigger_limit.burst == UINT_MAX)
|
||||||
|
+ s->trigger_limit.burst = s->accept ? 200 : 20;
|
||||||
|
|
||||||
|
- if (s->trigger_limit.burst == UINT_MAX) {
|
||||||
|
- if (s->accept)
|
||||||
|
- s->trigger_limit.burst = 200;
|
||||||
|
- else
|
||||||
|
- s->trigger_limit.burst = 20;
|
||||||
|
- }
|
||||||
|
+ if (s->poll_limit_interval == USEC_INFINITY)
|
||||||
|
+ s->poll_limit_interval = 2 * USEC_PER_SEC;
|
||||||
|
+ if (s->poll_limit_burst == UINT_MAX)
|
||||||
|
+ s->poll_limit_burst = s->accept ? 150 : 15;
|
||||||
|
|
||||||
|
if (have_non_accept_socket(s)) {
|
||||||
|
|
||||||
|
@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
|
||||||
|
|
||||||
|
fprintf(f,
|
||||||
|
"%sTriggerLimitIntervalSec: %s\n"
|
||||||
|
- "%sTriggerLimitBurst: %u\n",
|
||||||
|
+ "%sTriggerLimitBurst: %u\n"
|
||||||
|
+ "%sPollLimitIntervalSec: %s\n"
|
||||||
|
+ "%sPollLimitBurst: %u\n",
|
||||||
|
prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC),
|
||||||
|
- prefix, s->trigger_limit.burst);
|
||||||
|
+ prefix, s->trigger_limit.burst,
|
||||||
|
+ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC),
|
||||||
|
+ prefix, s->poll_limit_burst);
|
||||||
|
|
||||||
|
str = ip_protocol_to_name(s->socket_protocol);
|
||||||
|
if (str)
|
||||||
|
@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) {
|
||||||
|
|
||||||
|
(void) sd_event_source_set_description(p->event_source, "socket-port-io");
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst);
|
||||||
|
+ if (r < 0)
|
||||||
|
+ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m");
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
diff --git a/src/core/socket.h b/src/core/socket.h
|
||||||
|
index 191d27f46d..b03a291e4a 100644
|
||||||
|
--- a/src/core/socket.h
|
||||||
|
+++ b/src/core/socket.h
|
||||||
|
@@ -158,6 +158,8 @@ struct Socket {
|
||||||
|
char *fdname;
|
||||||
|
|
||||||
|
RateLimit trigger_limit;
|
||||||
|
+ usec_t poll_limit_interval;
|
||||||
|
+ unsigned poll_limit_burst;
|
||||||
|
};
|
||||||
|
|
||||||
|
SocketPeer *socket_peer_ref(SocketPeer *p);
|
||||||
|
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
|
||||||
|
index e7b44cc39b..9f0f37488d 100644
|
||||||
|
--- a/src/shared/bus-unit-util.c
|
||||||
|
+++ b/src/shared/bus-unit-util.c
|
||||||
|
@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (streq(field, "TriggerLimitBurst"))
|
||||||
|
+ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst"))
|
||||||
|
return bus_append_safe_atou(m, field, eq);
|
||||||
|
|
||||||
|
- if (streq(field, "TriggerLimitIntervalSec"))
|
||||||
|
+ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec"))
|
||||||
|
return bus_append_parse_sec_rename(m, field, eq);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
|
||||||
|
"MaxConnections",
|
||||||
|
"MaxConnectionsPerSource",
|
||||||
|
"KeepAliveProbes",
|
||||||
|
- "TriggerLimitBurst"))
|
||||||
|
+ "TriggerLimitBurst",
|
||||||
|
+ "PollLimitBurst"))
|
||||||
|
return bus_append_safe_atou(m, field, eq);
|
||||||
|
|
||||||
|
if (STR_IN_SET(field, "SocketMode",
|
||||||
|
@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
|
||||||
|
"KeepAliveTimeSec",
|
||||||
|
"KeepAliveIntervalSec",
|
||||||
|
"DeferAcceptSec",
|
||||||
|
- "TriggerLimitIntervalSec"))
|
||||||
|
+ "TriggerLimitIntervalSec",
|
||||||
|
+ "PollLimitIntervalSec"))
|
||||||
|
return bus_append_parse_sec_rename(m, field, eq);
|
||||||
|
|
||||||
|
if (STR_IN_SET(field, "ReceiveBuffer",
|
|
@ -0,0 +1,50 @@
|
||||||
|
From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adam Williamson <awilliam@redhat.com>
|
||||||
|
Date: Tue, 19 Sep 2023 16:06:26 -0700
|
||||||
|
Subject: [PATCH] find_legacy_keymap: extend variant match bonus again
|
||||||
|
|
||||||
|
If the column is "-" and the X context variant specifer only
|
||||||
|
contains commas, we should also give the match bonus. The variant
|
||||||
|
string is supposed to be a comma-separated list as long as the
|
||||||
|
list of layouts, so it's quite natural for consumers to be written
|
||||||
|
in such a way that they pass a string only containing commas if
|
||||||
|
there are multiple layouts and no variants. anaconda is a real
|
||||||
|
world case that does this.
|
||||||
|
|
||||||
|
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||||
|
---
|
||||||
|
src/locale/localed-util.c | 2 +-
|
||||||
|
src/locale/test-localed-util.c | 7 +++++++
|
||||||
|
2 files changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
|
||||||
|
index eba13a2ac3..9b6949e14d 100644
|
||||||
|
--- a/src/locale/localed-util.c
|
||||||
|
+++ b/src/locale/localed-util.c
|
||||||
|
@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||||
|
if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
|
||||||
|
matching++;
|
||||||
|
|
||||||
|
- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
|
||||||
|
+ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) {
|
||||||
|
matching++;
|
||||||
|
|
||||||
|
if (streq_ptr(xc->options, a[4]))
|
||||||
|
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
|
||||||
|
index f702ff29b0..e92c178a98 100644
|
||||||
|
--- a/src/locale/test-localed-util.c
|
||||||
|
+++ b/src/locale/test-localed-util.c
|
||||||
|
@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) {
|
||||||
|
assert_se(streq(vc.keymap, "bg_bds-utf8"));
|
||||||
|
vc_context_clear(&vc);
|
||||||
|
|
||||||
|
+ /* same, but with variant specified as "," */
|
||||||
|
+ log_info("/* test with variant as ',', desired match second (bg,us:) */");
|
||||||
|
+ assert_se(free_and_strdup(&xc.variant, ",") >= 0);
|
||||||
|
+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
|
||||||
|
+ assert_se(streq(vc.keymap, "bg_bds-utf8"));
|
||||||
|
+ vc_context_clear(&vc);
|
||||||
|
+
|
||||||
|
log_info("/* test with old mapping (fr:latin9) */");
|
||||||
|
assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
|
||||||
|
assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);
|
|
@ -0,0 +1,58 @@
|
||||||
|
From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adam Williamson <awilliam@redhat.com>
|
||||||
|
Date: Fri, 15 Sep 2023 15:35:36 -0700
|
||||||
|
Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching
|
||||||
|
|
||||||
|
We should give a match bonus if the X context variant is empty
|
||||||
|
and the xvariant column in kbd-model-map is "-" (which means
|
||||||
|
none). Currently, we don't, which means that if you call this
|
||||||
|
on a context with layouts bg,us and no variant, you get the
|
||||||
|
console layout bg_pho-utf8 instead of bg_bds-utf8 (because both
|
||||||
|
score the same, and the bg_pho-utf8 row comes first). You should
|
||||||
|
get bg_bds-utf8 in this case.
|
||||||
|
|
||||||
|
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||||
|
---
|
||||||
|
src/locale/localed-util.c | 2 +-
|
||||||
|
src/locale/test-localed-util.c | 12 ++++++++++++
|
||||||
|
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
|
||||||
|
index 02fac9786b..6a05b50a31 100644
|
||||||
|
--- a/src/locale/localed-util.c
|
||||||
|
+++ b/src/locale/localed-util.c
|
||||||
|
@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||||
|
if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
|
||||||
|
matching++;
|
||||||
|
|
||||||
|
- if (streq_ptr(xc->variant, a[3])) {
|
||||||
|
+ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
|
||||||
|
matching++;
|
||||||
|
|
||||||
|
if (streq_ptr(xc->options, a[4]))
|
||||||
|
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
|
||||||
|
index cb66dffd48..a19d80a967 100644
|
||||||
|
--- a/src/locale/test-localed-util.c
|
||||||
|
+++ b/src/locale/test-localed-util.c
|
||||||
|
@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) {
|
||||||
|
assert_se(streq(vc.keymap, "es-dvorak"));
|
||||||
|
vc_context_clear(&vc);
|
||||||
|
|
||||||
|
+ /* es no-variant test is not very good as the desired match
|
||||||
|
+ comes first in the list so will win if both candidates score
|
||||||
|
+ the same. in this case the desired match comes second so will
|
||||||
|
+ not win unless we correctly give the no-variant match a bonus
|
||||||
|
+ */
|
||||||
|
+ log_info("/* test without variant, desired match second (bg,us:) */");
|
||||||
|
+ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0);
|
||||||
|
+ assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
|
||||||
|
+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
|
||||||
|
+ assert_se(streq(vc.keymap, "bg_bds-utf8"));
|
||||||
|
+ vc_context_clear(&vc);
|
||||||
|
+
|
||||||
|
log_info("/* test with old mapping (fr:latin9) */");
|
||||||
|
assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
|
||||||
|
assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adam Williamson <awilliam@redhat.com>
|
||||||
|
Date: Wed, 20 Sep 2023 15:14:31 -0700
|
||||||
|
Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry
|
||||||
|
|
||||||
|
qwerty here is a variant, not an option.
|
||||||
|
|
||||||
|
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||||
|
---
|
||||||
|
src/locale/kbd-model-map | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map
|
||||||
|
index a145e13ecd..279d1a36d8 100644
|
||||||
|
--- a/src/locale/kbd-model-map
|
||||||
|
+++ b/src/locale/kbd-model-map
|
||||||
|
@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp
|
||||||
|
ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp
|
||||||
|
ie ie pc105 - terminate:ctrl_alt_bksp
|
||||||
|
et ee pc105 - terminate:ctrl_alt_bksp
|
||||||
|
-sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty
|
||||||
|
+sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp
|
||||||
|
sk-qwertz sk pc105 - terminate:ctrl_alt_bksp
|
||||||
|
fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp
|
||||||
|
fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp
|
|
@ -0,0 +1,117 @@
|
||||||
|
From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adam Williamson <awilliam@redhat.com>
|
||||||
|
Date: Fri, 15 Sep 2023 16:02:29 -0700
|
||||||
|
Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order
|
||||||
|
reversed
|
||||||
|
|
||||||
|
The lines in kbd-model-map date back to ye olde times (RH's old
|
||||||
|
system-config-keyboard), and I think predate this bug:
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1039185
|
||||||
|
|
||||||
|
where we got strong feedback that, for 'switched' layout setups
|
||||||
|
like Russian, US English should be the *first* layout and the
|
||||||
|
native layout the *second* one. This is how anaconda and, as of
|
||||||
|
recently, gnome-initial-setup configure such cases - but that
|
||||||
|
means, if we try to use localed to convert these configurations
|
||||||
|
using kbd-model-map, we get the wrong result (we get "us" as the
|
||||||
|
console layout). See also:
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1912609
|
||||||
|
|
||||||
|
where we first noticed this wasn't working right, but sadly, we
|
||||||
|
'fixed' it with a not-really-correct bodge in anaconda instead
|
||||||
|
of doing it properly.
|
||||||
|
|
||||||
|
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||||
|
---
|
||||||
|
src/locale/localed-util.c | 44 ++++++++++++++++++++++------------
|
||||||
|
src/locale/test-localed-util.c | 5 +++-
|
||||||
|
2 files changed, 33 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
|
||||||
|
index 6a05b50a31..eba13a2ac3 100644
|
||||||
|
--- a/src/locale/localed-util.c
|
||||||
|
+++ b/src/locale/localed-util.c
|
||||||
|
@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||||
|
/* If we got an exact match, this is the best */
|
||||||
|
matching = 10;
|
||||||
|
else {
|
||||||
|
- /* We have multiple X layouts, look for an
|
||||||
|
- * entry that matches our key with everything
|
||||||
|
- * but the first layout stripped off. */
|
||||||
|
- if (startswith_comma(xc->layout, a[1]))
|
||||||
|
- matching = 5;
|
||||||
|
+ /* see if we get an exact match with the order reversed */
|
||||||
|
+ _cleanup_strv_free_ char **b = NULL;
|
||||||
|
+ _cleanup_free_ char *c = NULL;
|
||||||
|
+ r = strv_split_full(&b, a[1], ",", 0);
|
||||||
|
+ if (r < 0)
|
||||||
|
+ return r;
|
||||||
|
+ strv_reverse(b);
|
||||||
|
+ c = strv_join(b, ",");
|
||||||
|
+ if (!c)
|
||||||
|
+ return log_oom();
|
||||||
|
+ if (streq(xc->layout, c))
|
||||||
|
+ matching = 9;
|
||||||
|
else {
|
||||||
|
- _cleanup_free_ char *x = NULL;
|
||||||
|
-
|
||||||
|
- /* If that didn't work, strip off the
|
||||||
|
- * other layouts from the entry, too */
|
||||||
|
- x = strdupcspn(a[1], ",");
|
||||||
|
- if (!x)
|
||||||
|
- return -ENOMEM;
|
||||||
|
- if (startswith_comma(xc->layout, x))
|
||||||
|
- matching = 1;
|
||||||
|
+ /* We have multiple X layouts, look for an
|
||||||
|
+ * entry that matches our key with everything
|
||||||
|
+ * but the first layout stripped off. */
|
||||||
|
+ if (startswith_comma(xc->layout, a[1]))
|
||||||
|
+ matching = 5;
|
||||||
|
+ else {
|
||||||
|
+ _cleanup_free_ char *x = NULL;
|
||||||
|
+
|
||||||
|
+ /* If that didn't work, strip off the
|
||||||
|
+ * other layouts from the entry, too */
|
||||||
|
+ x = strdupcspn(a[1], ",");
|
||||||
|
+ if (!x)
|
||||||
|
+ return -ENOMEM;
|
||||||
|
+ if (startswith_comma(xc->layout, x))
|
||||||
|
+ matching = 1;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (best_matching < 10 && !isempty(xc->layout)) {
|
||||||
|
+ if (best_matching < 9 && !isempty(xc->layout)) {
|
||||||
|
_cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL;
|
||||||
|
|
||||||
|
/* The best match is only the first part of the X11
|
||||||
|
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
|
||||||
|
index a19d80a967..f702ff29b0 100644
|
||||||
|
--- a/src/locale/test-localed-util.c
|
||||||
|
+++ b/src/locale/test-localed-util.c
|
||||||
|
@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) {
|
||||||
|
assert_se(streq(vc.keymap, "fr-latin9"));
|
||||||
|
vc_context_clear(&vc);
|
||||||
|
|
||||||
|
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */
|
||||||
|
+ /* us,ru is the x config users want, but they still want ru
|
||||||
|
+ as the console layout in this case */
|
||||||
|
log_info("/* test with a compound mapping (us,ru:) */");
|
||||||
|
assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0);
|
||||||
|
assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
|
||||||
|
assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
|
||||||
|
- assert_se(streq(vc.keymap, "us"));
|
||||||
|
+ assert_se(streq(vc.keymap, "ru"));
|
||||||
|
vc_context_clear(&vc);
|
||||||
|
|
||||||
|
log_info("/* test with a compound mapping (ru,us:) */");
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
|
@ -0,0 +1,80 @@
|
||||||
|
From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Mon, 18 Sep 2023 17:51:49 +0200
|
||||||
|
Subject: [PATCH 2/3] man: document the new
|
||||||
|
PollLimitIntervalSec=/PollLimitBurst= settings
|
||||||
|
|
||||||
|
(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e)
|
||||||
|
---
|
||||||
|
man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++--------
|
||||||
|
1 file changed, 47 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
|
||||||
|
index 45555302f1..462978d438 100644
|
||||||
|
--- a/man/systemd.socket.xml
|
||||||
|
+++ b/man/systemd.socket.xml
|
||||||
|
@@ -830,17 +830,53 @@
|
||||||
|
<term><varname>TriggerLimitIntervalSec=</varname></term>
|
||||||
|
<term><varname>TriggerLimitBurst=</varname></term>
|
||||||
|
|
||||||
|
- <listitem><para>Configures a limit on how often this socket unit may be activated within a specific time
|
||||||
|
- interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time
|
||||||
|
- interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>,
|
||||||
|
- <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
|
||||||
|
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on
|
||||||
|
- the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer
|
||||||
|
- value and specifies the number of permitted activations per time interval, and defaults to 200 for
|
||||||
|
- <varname>Accept=yes</varname> sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20
|
||||||
|
- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the
|
||||||
|
- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this
|
||||||
|
- limit is enforced before the service activation is enqueued.</para></listitem>
|
||||||
|
+ <listitem><para>Configures a limit on how often this socket unit may be activated within a specific
|
||||||
|
+ time interval. The <varname>TriggerLimitIntervalSec=</varname> setting may be used to configure the
|
||||||
|
+ length of the time interval in the usual time units <literal>us</literal>, <literal>ms</literal>,
|
||||||
|
+ <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
|
||||||
|
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||||
|
+ details on the various time units understood). The <varname>TriggerLimitBurst=</varname> setting
|
||||||
|
+ takes a positive integer value and specifies the number of permitted activations per time interval,
|
||||||
|
+ and defaults to 200 for <varname>Accept=yes</varname> sockets (thus by default permitting 200
|
||||||
|
+ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of
|
||||||
|
+ trigger rate limiting.</para>
|
||||||
|
+
|
||||||
|
+ <para>If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible
|
||||||
|
+ anymore until restarted. Note that this limit is enforced before the service activation is
|
||||||
|
+ enqueued.</para>
|
||||||
|
+
|
||||||
|
+ <para>Compare with <varname>PollLimitIntervalSec=</varname>/<varname>PollLimitBurst=</varname>
|
||||||
|
+ described below, which implements a temporary slowdown if a socket unit is flooded with incoming
|
||||||
|
+ traffic, as opposed to the permanent failure state
|
||||||
|
+ <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> results in.</para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
+
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term><varname>PollLimitIntervalSec=</varname></term>
|
||||||
|
+ <term><varname>PollLimitBurst=</varname></term>
|
||||||
|
+
|
||||||
|
+ <listitem><para>Configures a limit on how often polling events on the file descriptors backing this
|
||||||
|
+ socket unit will be considered. This pair of settings is similar to
|
||||||
|
+ <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> but instead of
|
||||||
|
+ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling
|
||||||
|
+ frequency. The expected parameter syntax and range are identical to that of the aforementioned
|
||||||
|
+ options, and can be disabled the same way.</para>
|
||||||
|
+
|
||||||
|
+ <para>If the polling limit is hit polling is temporarily disabled on it until the specified time
|
||||||
|
+ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger
|
||||||
|
+ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts
|
||||||
|
+ through packet flooding.</para>
|
||||||
|
+
|
||||||
|
+ <para>The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit
|
||||||
|
+ which is enforced for the entire socket unit. This distinction matters for socket units that listen
|
||||||
|
+ on multiple file descriptors (i.e. have multiple <varname>ListenXYZ=</varname> stanzas).</para>
|
||||||
|
+
|
||||||
|
+ <para>These setting defaults to 150 (in case of <varname>Accept=yes</varname>) and 15 (otherwise)
|
||||||
|
+ polling events per 2s. This is considerably lower than the default values for the trigger limit (see
|
||||||
|
+ above) and means that the polling limit should typically ensure the trigger limit is never hit,
|
||||||
|
+ unless one of them is reconfigured or disabled.</para>
|
||||||
|
+ </listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
|
@ -0,0 +1,79 @@
|
||||||
|
From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Mon, 18 Sep 2023 18:05:27 +0200
|
||||||
|
Subject: [PATCH 3/3] ci: add test for poll limit
|
||||||
|
|
||||||
|
(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853)
|
||||||
|
---
|
||||||
|
test/TEST-07-PID1/test.sh | 2 ++
|
||||||
|
test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++
|
||||||
|
2 files changed, 50 insertions(+)
|
||||||
|
create mode 100755 test/units/testsuite-07.poll-limit.sh
|
||||||
|
|
||||||
|
diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh
|
||||||
|
index 1c3d7137fe..d0e35d870f 100755
|
||||||
|
--- a/test/TEST-07-PID1/test.sh
|
||||||
|
+++ b/test/TEST-07-PID1/test.sh
|
||||||
|
@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount
|
||||||
|
EOF
|
||||||
|
"${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount
|
||||||
|
ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount"
|
||||||
|
+
|
||||||
|
+ image_install logger
|
||||||
|
}
|
||||||
|
|
||||||
|
do_test "$@"
|
||||||
|
diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000000..480d7ee8df
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/units/testsuite-07.poll-limit.sh
|
||||||
|
@@ -0,0 +1,48 @@
|
||||||
|
+#!/usr/bin/env bash
|
||||||
|
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
+set -eux
|
||||||
|
+set -o pipefail
|
||||||
|
+
|
||||||
|
+systemd-analyze log-level debug
|
||||||
|
+
|
||||||
|
+cat > /run/systemd/system/floodme@.service <<EOF
|
||||||
|
+[Service]
|
||||||
|
+ExecStart=/bin/true
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+cat > /run/systemd/system/floodme.socket <<EOF
|
||||||
|
+[Socket]
|
||||||
|
+ListenStream=/tmp/floodme
|
||||||
|
+PollLimitIntervalSec=10s
|
||||||
|
+Accept=yes
|
||||||
|
+PollLimitBurst=3
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+systemctl daemon-reload
|
||||||
|
+systemctl start floodme.socket
|
||||||
|
+
|
||||||
|
+START=$(date +%s%N)
|
||||||
|
+
|
||||||
|
+# Trigger this 100 times in a flood
|
||||||
|
+for (( i=0 ; i < 100; i++ )) ; do
|
||||||
|
+ logger -u /tmp/floodme foo &
|
||||||
|
+done
|
||||||
|
+
|
||||||
|
+# Let some time pass
|
||||||
|
+sleep 5
|
||||||
|
+
|
||||||
|
+END=$(date +%s%N)
|
||||||
|
+
|
||||||
|
+PASSED=$((END-START))
|
||||||
|
+
|
||||||
|
+# Calculate (round up) how many trigger events could have happened in the passed time
|
||||||
|
+MAXCOUNT=$(((PASSED+10000000000)*3/10000000000))
|
||||||
|
+
|
||||||
|
+# We started 100 connection attempts, but only 3 should have gone through, as per limit
|
||||||
|
+test "$(systemctl show -P NAccepted floodme.socket)" -le "$MAXCOUNT"
|
||||||
|
+
|
||||||
|
+systemctl stop floodme.socket floodme@*.service
|
||||||
|
+
|
||||||
|
+rm /run/systemd/system/floodme@.service /run/systemd/system/floodme.socket /tmp/floodme
|
||||||
|
+
|
||||||
|
+systemctl daemon-reload
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Increase the number of virtual memory areas that one process may request
|
||||||
|
# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
|
||||||
|
vm.max_map_count=1048576
|
|
@ -0,0 +1,3 @@
|
||||||
|
[Slice]
|
||||||
|
ManagedOOMMemoryPressure=kill
|
||||||
|
ManagedOOMMemoryPressureLimit=80%
|
|
@ -1,2 +0,0 @@
|
||||||
[Slice]
|
|
||||||
ManagedOOMSwap=kill
|
|
|
@ -1,3 +0,0 @@
|
||||||
[Service]
|
|
||||||
ManagedOOMMemoryPressure=kill
|
|
||||||
ManagedOOMMemoryPressureLimit=50%
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# This file is part of the systemd package.
|
||||||
|
# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
|
||||||
|
#
|
||||||
|
# To facilitate debugging when a service fails to stop cleanly,
|
||||||
|
# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
|
||||||
|
# the time allotted. This will cause the service to be terminated with SIGABRT
|
||||||
|
# and a coredump to be generated.
|
||||||
|
#
|
||||||
|
# To undo this configuration change, create a mask file:
|
||||||
|
# sudo mkdir -p /etc/systemd/system/service.d
|
||||||
|
# sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
TimeoutStopFailureMode=abort
|
|
@ -0,0 +1,30 @@
|
||||||
|
From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||||
|
Date: Mon, 20 Feb 2023 12:00:30 +0900
|
||||||
|
Subject: [PATCH] core/manager: run generators directly when we are in initrd
|
||||||
|
|
||||||
|
Some initrd system write files at ourside of /run, /etc, or other
|
||||||
|
allowed places. This is a kind of workaround, but in most cases, such
|
||||||
|
sandboxing is not necessary as the filesystem is on ramfs when we are in
|
||||||
|
initrd.
|
||||||
|
|
||||||
|
Fixes #26488.
|
||||||
|
---
|
||||||
|
src/core/manager.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||||
|
index 7b394794b0d4..306477c6e6c2 100644
|
||||||
|
--- a/src/core/manager.c
|
||||||
|
+++ b/src/core/manager.c
|
||||||
|
@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
|
||||||
|
/* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
|
||||||
|
* we are the user manager, let's just execute the generators directly. We might not have the
|
||||||
|
* necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
|
||||||
|
- */
|
||||||
|
- if (MANAGER_IS_USER(m)) {
|
||||||
|
+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
|
||||||
|
+ if (MANAGER_IS_USER(m) || in_initrd()) {
|
||||||
|
r = manager_execute_generators(m, paths, /* remount_ro= */ false);
|
||||||
|
goto finish;
|
||||||
|
}
|
|
@ -0,0 +1,94 @@
|
||||||
|
From 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Wed, 26 Jul 2023 09:02:04 +0200
|
||||||
|
Subject: [PATCH] rpm: add %systemd_postun_with_reload and
|
||||||
|
%systemd_user_postun_with_reload
|
||||||
|
|
||||||
|
For some units, the package would like to issue a reload. The machinery was
|
||||||
|
already in place since c9615f73521986b3607b852c139036d58973043c:
|
||||||
|
|
||||||
|
systemctl reload-or-restart --marked
|
||||||
|
|
||||||
|
Enqueues restart jobs for all units that have the 'needs-restart'
|
||||||
|
mark, and reload jobs for units that have the 'needs-reload' mark.
|
||||||
|
When a unit marked for reload does not support reload, restart will
|
||||||
|
be queued.
|
||||||
|
|
||||||
|
The new macros allow a reload to be issued instead of a restart.
|
||||||
|
|
||||||
|
Based on the discussion on fedora-devel:
|
||||||
|
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/
|
||||||
|
|
||||||
|
Tested using dummy package https://github.com/keszybz/rpm-test-reload.
|
||||||
|
---
|
||||||
|
src/rpm/macros.systemd.in | 16 ++++++++++++++++
|
||||||
|
src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++
|
||||||
|
2 files changed, 38 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
|
||||||
|
index c07541c7286c..f05553f557e9 100644
|
||||||
|
--- a/src/rpm/macros.systemd.in
|
||||||
|
+++ b/src/rpm/macros.systemd.in
|
||||||
|
@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
|
||||||
|
fi \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
+%systemd_postun_with_reload() \
|
||||||
|
+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \
|
||||||
|
+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
|
||||||
|
+ # Package upgrade, not uninstall \
|
||||||
|
+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \
|
||||||
|
+fi \
|
||||||
|
+%{nil}
|
||||||
|
+
|
||||||
|
+%systemd_user_postun_with_reload() \
|
||||||
|
+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \
|
||||||
|
+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
|
||||||
|
+ # Package upgrade, not uninstall \
|
||||||
|
+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \
|
||||||
|
+fi \
|
||||||
|
+%{nil}
|
||||||
|
+
|
||||||
|
%udev_hwdb_update() %{nil}
|
||||||
|
|
||||||
|
%udev_rules_update() %{nil}
|
||||||
|
diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
|
||||||
|
index c623a5ea1722..c81e16c3d3ff 100755
|
||||||
|
--- a/src/rpm/systemd-update-helper.in
|
||||||
|
+++ b/src/rpm/systemd-update-helper.in
|
||||||
|
@@ -47,6 +47,15 @@ case "$command" in
|
||||||
|
wait
|
||||||
|
;;
|
||||||
|
|
||||||
|
+ mark-reload-system-units)
|
||||||
|
+ [ -d /run/systemd/system ] || exit 0
|
||||||
|
+
|
||||||
|
+ for unit in "$@"; do
|
||||||
|
+ systemctl set-property "$unit" Markers=+needs-reload &
|
||||||
|
+ done
|
||||||
|
+ wait
|
||||||
|
+ ;;
|
||||||
|
+
|
||||||
|
mark-restart-user-units)
|
||||||
|
[ -d /run/systemd/system ] || exit 0
|
||||||
|
|
||||||
|
@@ -60,6 +69,19 @@ case "$command" in
|
||||||
|
wait
|
||||||
|
;;
|
||||||
|
|
||||||
|
+ mark-reload-user-units)
|
||||||
|
+ [ -d /run/systemd/system ] || exit 0
|
||||||
|
+
|
||||||
|
+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
|
||||||
|
+ for user in $users; do
|
||||||
|
+ for unit in "$@"; do
|
||||||
|
+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \
|
||||||
|
+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload &
|
||||||
|
+ done
|
||||||
|
+ done
|
||||||
|
+ wait
|
||||||
|
+ ;;
|
||||||
|
+
|
||||||
|
system-reload-restart|system-reload|system-restart)
|
||||||
|
if [ -n "$*" ]; then
|
||||||
|
echo "Unexpected arguments for '$command': $*"
|
|
@ -1,98 +0,0 @@
|
||||||
From 93651582aef1ee626dc6f8d032195acd73bc9372 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jonathan Lebon <jonathan@jlebon.com>
|
|
||||||
Date: Mon, 23 Mar 2020 12:25:19 -0400
|
|
||||||
Subject: [PATCH] manager: optionally, do a full preset on first boot
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
A compile time option is added to select behaviour: by default
|
|
||||||
UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to
|
|
||||||
UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to
|
|
||||||
opt-in can use the config option to change the behaviour.
|
|
||||||
|
|
||||||
(The option is just a boolean: it would be possible to make it multi-valued,
|
|
||||||
and allow full, enable-only, disable-only, none. But so far nobody has asked
|
|
||||||
for this, and it's better not to complicate things needlessly.)
|
|
||||||
|
|
||||||
With the configuration option flipped, instead of only doing enablements,
|
|
||||||
perform a full preset on first boot. The reason is that although
|
|
||||||
`/etc/machine-id` might be missing, there may be other files provisioned in
|
|
||||||
`/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of
|
|
||||||
those possible files include enablement symlinks even if presets dictate it
|
|
||||||
should be disabled.
|
|
||||||
|
|
||||||
Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS,
|
|
||||||
where we ship `/etc` as if `preset-all` were called. However, we want to
|
|
||||||
allow users to disable default-enabled services via Ignition, which does
|
|
||||||
this by creating preset dropins before switchroot. (For why we do
|
|
||||||
`preset-all` at compose time, see:
|
|
||||||
https://github.com/coreos/fedora-coreos-config/pull/77).
|
|
||||||
|
|
||||||
For example, the composed FCOS image has a `enable zincati.service`
|
|
||||||
preset and an enablement for that in `/etc`, while at boot time when we
|
|
||||||
switch root, there may be a `disable zincati.service` preset with higher
|
|
||||||
precedence. In that case, we want systemd to disable the service.
|
|
||||||
|
|
||||||
This is essentially a revert of 304b3079a203. It seems like systemd
|
|
||||||
*used* to do this, but it was changed to try to make the container
|
|
||||||
workflow a bit faster.
|
|
||||||
|
|
||||||
Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392
|
|
||||||
|
|
||||||
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
|
||||||
---
|
|
||||||
meson.build | 3 +++
|
|
||||||
meson_options.txt | 2 ++
|
|
||||||
src/core/manager.c | 4 +++-
|
|
||||||
3 files changed, 8 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/meson.build b/meson.build
|
|
||||||
index 582e33c9a73d..72e586aa97c7 100644
|
|
||||||
--- a/meson.build
|
|
||||||
+++ b/meson.build
|
|
||||||
@@ -285,6 +285,8 @@ conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_
|
|
||||||
conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper())
|
|
||||||
conf.set_quoted('STATUS_UNIT_FORMAT_DEFAULT_STR', status_unit_format_default)
|
|
||||||
|
|
||||||
+conf.set10('FIRST_BOOT_FULL_PRESET', get_option('first-boot-full-preset'))
|
|
||||||
+
|
|
||||||
#####################################################################
|
|
||||||
|
|
||||||
cc = meson.get_compiler('c')
|
|
||||||
@@ -4271,6 +4273,7 @@ foreach tuple : [
|
|
||||||
['link-networkd-shared', get_option('link-networkd-shared')],
|
|
||||||
['link-timesyncd-shared', get_option('link-timesyncd-shared')],
|
|
||||||
['link-boot-shared', get_option('link-boot-shared')],
|
|
||||||
+ ['first-boot-full-preset'],
|
|
||||||
['fexecve'],
|
|
||||||
['standalone-binaries', get_option('standalone-binaries')],
|
|
||||||
['coverage', get_option('b_coverage')],
|
|
||||||
diff --git a/meson_options.txt b/meson_options.txt
|
|
||||||
index 2a030ac28ec0..28765f900e87 100644
|
|
||||||
--- a/meson_options.txt
|
|
||||||
+++ b/meson_options.txt
|
|
||||||
@@ -27,6 +27,8 @@ option('link-timesyncd-shared', type: 'boolean',
|
|
||||||
description : 'link systemd-timesyncd and its helpers to libsystemd-shared.so')
|
|
||||||
option('link-boot-shared', type: 'boolean',
|
|
||||||
description : 'link bootctl and systemd-bless-boot against libsystemd-shared.so')
|
|
||||||
+option('first-boot-full-preset', type: 'boolean', value: false,
|
|
||||||
+ description : 'during first boot, do full preset-all (default will be changed to true later)')
|
|
||||||
|
|
||||||
option('static-libsystemd', type : 'combo',
|
|
||||||
choices : ['false', 'true', 'pic', 'no-pic'],
|
|
||||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
|
||||||
index 18daff66c780..f4dacef1005d 100644
|
|
||||||
--- a/src/core/manager.c
|
|
||||||
+++ b/src/core/manager.c
|
|
||||||
@@ -1728,7 +1728,9 @@ static void manager_preset_all(Manager *m) {
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* If this is the first boot, and we are in the host system, then preset everything */
|
|
||||||
- r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0);
|
|
||||||
+ UnitFilePresetMode mode = FIRST_BOOT_FULL_PRESET ? UNIT_FILE_PRESET_FULL : UNIT_FILE_PRESET_ENABLE_ONLY;
|
|
||||||
+
|
|
||||||
+ r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, mode, NULL, 0);
|
|
||||||
if (r < 0)
|
|
||||||
log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r,
|
|
||||||
"Failed to populate /etc with preset unit settings, ignoring: %m");
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
# SPDX-License-Identifier: MIT-0
|
||||||
|
#
|
||||||
|
# This config file is installed as part of systemd.
|
||||||
|
# It may be freely copied and edited (following the MIT No Attribution license).
|
||||||
|
#
|
||||||
|
# To make local modifications, one of the following methods may be used:
|
||||||
|
# 1. add a drop-in file that extends this file by creating the
|
||||||
|
# /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a
|
||||||
|
# new .conf file there.
|
||||||
|
# 2. copy this file into /etc/systemd/network or one of the other paths checked
|
||||||
|
# by systemd-udevd and edit it there.
|
||||||
|
# This file should not be edited in place, because it'll be overwritten on upgrades.
|
||||||
|
|
||||||
|
[Match]
|
||||||
|
Kind=bridge bond team
|
||||||
|
|
||||||
|
[Link]
|
||||||
|
NamePolicy=keep kernel database onboard slot path
|
||||||
|
AlternativeNamesPolicy=database onboard slot path
|
||||||
|
MACAddressPolicy=none
|
|
@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM).
|
||||||
git clone https://github.com/systemd/systemd
|
git clone https://github.com/systemd/systemd
|
||||||
fedpkg clone systemd fedora-systemd
|
fedpkg clone systemd fedora-systemd
|
||||||
cd systemd
|
cd systemd
|
||||||
rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec
|
rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec
|
||||||
sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
|
sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,3 @@
|
||||||
* Fri Sep 30 2022 David Abdurachmanov <davidlt@rivosinc.com> - 251.4-53.3.riscv64
|
|
||||||
- Rebuild
|
|
||||||
|
|
||||||
* Fri Aug 19 2022 Neal Gompa <ngompa@fedoraproject.org> - 251.4-53
|
* Fri Aug 19 2022 Neal Gompa <ngompa@fedoraproject.org> - 251.4-53
|
||||||
- Set compile-time fallback hostname to "localhost"
|
- Set compile-time fallback hostname to "localhost"
|
||||||
https://fedoraproject.org/wiki/Changes/FallbackHostname
|
https://fedoraproject.org/wiki/Changes/FallbackHostname
|
||||||
|
|
|
@ -1,129 +0,0 @@
|
||||||
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
||||||
Date: Mon, 14 Sep 2020 17:58:03 +0200
|
|
||||||
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
|
|
||||||
|
|
||||||
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
|
|
||||||
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
|
|
||||||
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
|
|
||||||
|
|
||||||
(gdb) !uname -r
|
|
||||||
5.6.19-200.fc31.ppc64le
|
|
||||||
|
|
||||||
(gdb) !cat /proc/self/mountinfo
|
|
||||||
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
|
||||||
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
|
||||||
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
|
||||||
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
|
|
||||||
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
|
|
||||||
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
|
|
||||||
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
|
|
||||||
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
|
|
||||||
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
|
||||||
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
|
|
||||||
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
|
||||||
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
|
||||||
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
|
||||||
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
|
||||||
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
|
||||||
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
|
||||||
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
|
|
||||||
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
|
|
||||||
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
|
||||||
|
|
||||||
The test process does
|
|
||||||
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
|
|
||||||
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
|
|
||||||
read(open("/proc/self/fdinfo/4", ...)) which gives
|
|
||||||
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
|
|
||||||
|
|
||||||
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
|
|
||||||
|
|
||||||
We could either drop the fallback path (and fail name_to_handle_at() is not
|
|
||||||
avaliable) or ignore the error in the test. Not sure what is better. I think
|
|
||||||
this issue only occurs sometimes and with older kernels, so probably continuing
|
|
||||||
with the current flaky implementation is better than ripping out the fallback.
|
|
||||||
|
|
||||||
Another strace:
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
|
|
||||||
) = 28
|
|
||||||
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
|
|
||||||
) = 20
|
|
||||||
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
|
|
||||||
) = 30
|
|
||||||
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
|
|
||||||
) = 23
|
|
||||||
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
|
|
||||||
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
|
|
||||||
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
|
|
||||||
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
|
||||||
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
|
||||||
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
|
|
||||||
read(5</proc/20/fdinfo/4>, "", 1024) = 0
|
|
||||||
close(5</proc/20/fdinfo/4>) = 0
|
|
||||||
close(4</proc/filesystems>) = 0
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
|
|
||||||
) = 42
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
|
|
||||||
) = 39
|
|
||||||
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
|
|
||||||
) = 109
|
|
||||||
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
|
|
||||||
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
|
|
||||||
getpid() = 20
|
|
||||||
gettid() = 20
|
|
||||||
tgkill(20, 20, SIGABRT) = 0
|
|
||||||
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
|
|
||||||
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
|
|
||||||
+++ killed by SIGABRT (core dumped) +++
|
|
||||||
---
|
|
||||||
src/test/test-mountpoint-util.c | 8 ++++++--
|
|
||||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
|
||||||
index 30b00ae4d8b..ffe5144b04a 100644
|
|
||||||
--- a/src/test/test-mountpoint-util.c
|
|
||||||
+++ b/src/test/test-mountpoint-util.c
|
|
||||||
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
|
|
||||||
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
|
|
||||||
* that's really the case */
|
|
||||||
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
|
|
||||||
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
|
|
||||||
- assert_se(path_equal(p, t));
|
|
||||||
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
|
|
||||||
+
|
|
||||||
+ if (!path_equal(p, t))
|
|
||||||
+ /* Apparent kernel bug in /proc/self/fdinfo */
|
|
||||||
+ log_warning("Bad mount id given for %s: %d, should be %d",
|
|
||||||
+ p, mnt_id2, mnt_id);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Wed, 14 Dec 2022 22:24:53 +0100
|
||||||
|
Subject: [PATCH] fedora: use system-auth in pam systemd-user
|
||||||
|
|
||||||
|
---
|
||||||
|
src/login/systemd-user.in | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
|
||||||
|
index 8a3c9e0165..74ef5f2552 100644
|
||||||
|
--- a/src/login/systemd-user.in
|
||||||
|
+++ b/src/login/systemd-user.in
|
||||||
|
@@ -7,7 +7,7 @@
|
||||||
|
-account sufficient pam_systemd_home.so
|
||||||
|
{% endif %}
|
||||||
|
account sufficient pam_unix.so no_pass_expiry
|
||||||
|
-account required pam_permit.so
|
||||||
|
+account include system-auth
|
||||||
|
|
||||||
|
{% if HAVE_SELINUX %}
|
||||||
|
session required pam_selinux.so close
|
||||||
|
@@ -20,4 +20,4 @@ session required pam_namespace.so
|
||||||
|
-session optional pam_systemd_home.so
|
||||||
|
{% endif %}
|
||||||
|
session optional pam_umask.so silent
|
||||||
|
-session optional pam_systemd.so
|
||||||
|
+session include system-auth
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
# Disable badfuncs check that has tons of false positives.
|
# Disable badfuncs check that has tons of false positives.
|
||||||
badfuncs:
|
badfuncs:
|
||||||
exclude_path: .*
|
allowed:
|
||||||
|
/usr/lib/systemd/tests/unit-tests/*:
|
||||||
|
- inet_addr
|
||||||
|
- inet_aton
|
||||||
|
/usr/bin/networkctl:
|
||||||
|
- inet_addr
|
||||||
|
- inet_aton
|
||||||
|
|
||||||
# don't report changed content of compiled files
|
# don't report changed content of compiled files
|
||||||
# that is expected with every update
|
# that is expected with every update
|
||||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
||||||
SHA512 (systemd-251.4.tar.gz) = 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738
|
SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a
|
||||||
|
|
|
@ -17,6 +17,8 @@ def files(root):
|
||||||
|
|
||||||
o_libs = open('.file-list-libs', 'w')
|
o_libs = open('.file-list-libs', 'w')
|
||||||
o_udev = open('.file-list-udev', 'w')
|
o_udev = open('.file-list-udev', 'w')
|
||||||
|
o_ukify = open('.file-list-ukify', 'w')
|
||||||
|
o_boot = open('.file-list-boot', 'w')
|
||||||
o_pam = open('.file-list-pam', 'w')
|
o_pam = open('.file-list-pam', 'w')
|
||||||
o_rpm_macros = open('.file-list-rpm-macros', 'w')
|
o_rpm_macros = open('.file-list-rpm-macros', 'w')
|
||||||
o_devel = open('.file-list-devel', 'w')
|
o_devel = open('.file-list-devel', 'w')
|
||||||
|
@ -26,8 +28,10 @@ o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
|
||||||
o_remote = open('.file-list-remote', 'w')
|
o_remote = open('.file-list-remote', 'w')
|
||||||
o_resolve = open('.file-list-resolve', 'w')
|
o_resolve = open('.file-list-resolve', 'w')
|
||||||
o_tests = open('.file-list-tests', 'w')
|
o_tests = open('.file-list-tests', 'w')
|
||||||
|
o_standalone_repart = open('.file-list-standalone-repart', 'w')
|
||||||
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
|
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
|
||||||
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
|
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
|
||||||
|
o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w')
|
||||||
o_main = open('.file-list-main', 'w')
|
o_main = open('.file-list-main', 'w')
|
||||||
for file in files(buildroot):
|
for file in files(buildroot):
|
||||||
n = file.path[1:]
|
n = file.path[1:]
|
||||||
|
@ -52,12 +56,27 @@ for file in files(buildroot):
|
||||||
/var(/cache|/log|/lib|/run|)$
|
/var(/cache|/log|/lib|/run|)$
|
||||||
''', n, re.X):
|
''', n, re.X):
|
||||||
continue
|
continue
|
||||||
if '/security/pam_' in n or '/man8/pam_' in n:
|
|
||||||
|
if n.endswith('.standalone'):
|
||||||
|
if 'repart' in n:
|
||||||
|
o = o_standalone_repart
|
||||||
|
elif 'tmpfiles' in n:
|
||||||
|
o = o_standalone_tmpfiles
|
||||||
|
elif 'sysusers' in n:
|
||||||
|
o = o_standalone_sysusers
|
||||||
|
elif 'shutdown' in n:
|
||||||
|
o = o_standalone_shutdown
|
||||||
|
else:
|
||||||
|
assert False, 'Found .standalone not belonging to known packages'
|
||||||
|
|
||||||
|
elif '/security/pam_' in n or '/man8/pam_' in n:
|
||||||
o = o_pam
|
o = o_pam
|
||||||
elif '/rpm/' in n:
|
elif '/rpm/' in n:
|
||||||
o = o_rpm_macros
|
o = o_rpm_macros
|
||||||
elif '/usr/lib/systemd/tests' in n:
|
elif '/usr/lib/systemd/tests' in n:
|
||||||
o = o_tests
|
o = o_tests
|
||||||
|
elif 'ukify' in n:
|
||||||
|
o = o_ukify
|
||||||
elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
|
elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
|
||||||
o = o_main
|
o = o_main
|
||||||
elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
|
elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
|
||||||
|
@ -101,10 +120,10 @@ for file in files(buildroot):
|
||||||
hwdb|
|
hwdb|
|
||||||
bootctl|
|
bootctl|
|
||||||
boot-update|
|
boot-update|
|
||||||
sd-boot|systemd-boot\.|loader.conf|
|
|
||||||
bless-boot|
|
bless-boot|
|
||||||
boot-system-token|
|
boot-system-token|
|
||||||
kernel-install|
|
kernel-install|
|
||||||
|
installkernel|
|
||||||
vconsole|
|
vconsole|
|
||||||
backlight|
|
backlight|
|
||||||
rfkill|
|
rfkill|
|
||||||
|
@ -119,6 +138,7 @@ for file in files(buildroot):
|
||||||
pstore|
|
pstore|
|
||||||
sleep|suspend|hibernate|
|
sleep|suspend|hibernate|
|
||||||
systemd-tmpfiles-setup-dev|
|
systemd-tmpfiles-setup-dev|
|
||||||
|
network/98-default-mac-none.link|
|
||||||
network/99-default.link|
|
network/99-default.link|
|
||||||
growfs|makefs|makeswap|mkswap|
|
growfs|makefs|makeswap|mkswap|
|
||||||
fsck|
|
fsck|
|
||||||
|
@ -129,8 +149,10 @@ for file in files(buildroot):
|
||||||
integritysetup|
|
integritysetup|
|
||||||
integritytab|
|
integritytab|
|
||||||
remount-fs|
|
remount-fs|
|
||||||
|
/initrd|
|
||||||
|
systemd-pcrphase|
|
||||||
|
systemd-measure|
|
||||||
/boot$|
|
/boot$|
|
||||||
/boot/efi|
|
|
||||||
/kernel/|
|
/kernel/|
|
||||||
/kernel$|
|
/kernel$|
|
||||||
/modprobe.d|
|
/modprobe.d|
|
||||||
|
@ -144,6 +166,12 @@ for file in files(buildroot):
|
||||||
# confused if those user-facing binaries are not available.
|
# confused if those user-facing binaries are not available.
|
||||||
o = o_udev
|
o = o_udev
|
||||||
|
|
||||||
|
elif re.search(r'''/boot/efi|
|
||||||
|
/usr/lib/systemd/boot|
|
||||||
|
sd-boot|systemd-boot\.|loader.conf
|
||||||
|
''', n, re.X):
|
||||||
|
o = o_boot
|
||||||
|
|
||||||
elif re.search(r'''resolved|resolve1|
|
elif re.search(r'''resolved|resolve1|
|
||||||
systemd-resolve|
|
systemd-resolve|
|
||||||
resolvconf|
|
resolvconf|
|
||||||
|
@ -154,14 +182,6 @@ for file in files(buildroot):
|
||||||
elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
|
elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
|
||||||
o = o_oomd_defaults
|
o = o_oomd_defaults
|
||||||
|
|
||||||
elif n.endswith('.standalone'):
|
|
||||||
if 'tmpfiles' in n:
|
|
||||||
o = o_standalone_tmpfiles
|
|
||||||
elif 'sysusers' in n:
|
|
||||||
o = o_standalone_sysusers
|
|
||||||
else:
|
|
||||||
assert False, 'Found .standalone not belonging to known packages'
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
o = o_main
|
o = o_main
|
||||||
|
|
||||||
|
|
14
systemd-user
14
systemd-user
|
@ -1,14 +0,0 @@
|
||||||
# This file is part of systemd.
|
|
||||||
#
|
|
||||||
# Used by systemd --user instances.
|
|
||||||
|
|
||||||
-account sufficient pam_systemd_home.so
|
|
||||||
account sufficient pam_unix.so no_pass_expiry
|
|
||||||
account include system-auth
|
|
||||||
|
|
||||||
session required pam_selinux.so close
|
|
||||||
session required pam_selinux.so nottys open
|
|
||||||
session required pam_loginuid.so
|
|
||||||
session required pam_namespace.so
|
|
||||||
-session optional pam_systemd_home.so
|
|
||||||
session include system-auth
|
|
356
systemd.spec
356
systemd.spec
|
@ -1,8 +1,6 @@
|
||||||
#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
|
#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
|
||||||
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
|
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
|
||||||
|
|
||||||
%global stable 1
|
|
||||||
|
|
||||||
# We ship a .pc file but don't want to have a dep on pkg-config. We
|
# We ship a .pc file but don't want to have a dep on pkg-config. We
|
||||||
# strip the automatically generated dep here and instead co-own the
|
# strip the automatically generated dep here and instead co-own the
|
||||||
# directory.
|
# directory.
|
||||||
|
@ -17,28 +15,37 @@
|
||||||
%global elf_suffix ()%{elf_bits}
|
%global elf_suffix ()%{elf_bits}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%bcond bzip2 1
|
||||||
|
%bcond gnutls 1
|
||||||
|
%bcond lz4 1
|
||||||
|
%bcond xz 1
|
||||||
|
%bcond zlib 1
|
||||||
|
%bcond zstd 1
|
||||||
|
|
||||||
# Bootstrap may be needed to break circular dependencies with cryptsetup,
|
# Bootstrap may be needed to break circular dependencies with cryptsetup,
|
||||||
# e.g. when re-building cryptsetup on a json-c SONAME-bump.
|
# e.g. when re-building cryptsetup on a json-c SONAME-bump.
|
||||||
%bcond_with bootstrap
|
%bcond bootstrap 0
|
||||||
%bcond_without tests
|
%bcond tests 1
|
||||||
%bcond_without lto
|
%bcond lto 1
|
||||||
|
|
||||||
# Support for quick builds with rpmbuild --build-in-place.
|
# Support for quick builds with rpmbuild --build-in-place.
|
||||||
# See README.build-in-place.
|
# See README.build-in-place.
|
||||||
%bcond_with inplace
|
%bcond inplace 0
|
||||||
|
|
||||||
Name: systemd
|
Name: systemd
|
||||||
Url: https://www.freedesktop.org/wiki/Software/systemd
|
Url: https://systemd.io
|
||||||
%if %{without inplace}
|
%if %{without inplace}
|
||||||
Version: 251.4
|
Version: 254.5
|
||||||
%else
|
%else
|
||||||
# determine the build information from local checkout
|
# determine the build information from local checkout
|
||||||
Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
|
Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
|
||||||
%endif
|
%endif
|
||||||
Release: %autorelease -b 28 -e 3.riscv64
|
Release: %autorelease -e 0.riscv64
|
||||||
|
|
||||||
|
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
|
||||||
|
|
||||||
# For a breakdown of the licensing, see README
|
# For a breakdown of the licensing, see README
|
||||||
License: LGPLv2+ and MIT and GPLv2+
|
License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
|
||||||
Summary: System and Service Manager
|
Summary: System and Service Manager
|
||||||
|
|
||||||
# download tarballs with "spectool -g systemd.spec"
|
# download tarballs with "spectool -g systemd.spec"
|
||||||
|
@ -66,18 +73,21 @@ Source7: systemd-journal-remote.xml
|
||||||
Source8: systemd-journal-gatewayd.xml
|
Source8: systemd-journal-gatewayd.xml
|
||||||
Source9: 20-yama-ptrace.conf
|
Source9: 20-yama-ptrace.conf
|
||||||
Source10: systemd-udev-trigger-no-reload.conf
|
Source10: systemd-udev-trigger-no-reload.conf
|
||||||
Source12: systemd-user
|
# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports
|
||||||
Source13: libsystemd-shared.abignore
|
Source13: .abignore
|
||||||
|
|
||||||
Source14: 10-oomd-defaults.conf
|
Source14: 10-oomd-defaults.conf
|
||||||
Source15: 10-oomd-root-slice-defaults.conf
|
Source15: 10-oomd-per-slice-defaults.conf
|
||||||
Source16: 10-oomd-user-service-defaults.conf
|
Source16: 10-timeout-abort.conf
|
||||||
|
Source17: 10-map-count.conf
|
||||||
|
|
||||||
Source21: macros.sysusers
|
Source21: macros.sysusers
|
||||||
Source22: sysusers.attr
|
Source22: sysusers.attr
|
||||||
Source23: sysusers.prov
|
Source23: sysusers.prov
|
||||||
Source24: sysusers.generate-pre.sh
|
Source24: sysusers.generate-pre.sh
|
||||||
|
|
||||||
|
Source25: 98-default-mac-none.link
|
||||||
|
|
||||||
%if 0
|
%if 0
|
||||||
GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
|
GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
|
||||||
i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
|
i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
|
||||||
|
@ -90,16 +100,32 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
|
||||||
# than in the next section. Packit CI will drop any patches in this range before
|
# than in the next section. Packit CI will drop any patches in this range before
|
||||||
# applying upstream pull requests.
|
# applying upstream pull requests.
|
||||||
|
|
||||||
# https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot
|
# Work-around for dracut issue: run generators directly when we are in initrd
|
||||||
Patch0001: https://github.com/systemd/systemd/commit/93651582ae.patch
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2164404
|
||||||
|
Patch0001: https://github.com/systemd/systemd/pull/26494.patch
|
||||||
|
|
||||||
|
# Backport of patches that allow reloading of units
|
||||||
|
Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch
|
||||||
|
|
||||||
|
# Backport of improvements to console keyboard layout guessing
|
||||||
|
# https://github.com/systemd/systemd/pull/29215
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1912609
|
||||||
|
Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch
|
||||||
|
Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch
|
||||||
|
Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch
|
||||||
|
Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch
|
||||||
|
|
||||||
|
# Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
|
||||||
|
Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch
|
||||||
|
Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch
|
||||||
|
Patch0012: 0003-ci-add-test-for-poll-limit.patch
|
||||||
|
|
||||||
# Those are downstream-only patches, but we don't want them in packit builds:
|
# Those are downstream-only patches, but we don't want them in packit builds:
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
|
||||||
Patch0490: use-bfq-scheduler.patch
|
Patch0490: use-bfq-scheduler.patch
|
||||||
|
|
||||||
# Other downstream-only patches (5000–9999)
|
# Adjust upstream config to use our shared stack
|
||||||
# https://github.com/systemd/systemd/pull/17050
|
Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch
|
||||||
Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
|
|
||||||
|
|
||||||
%ifarch %{ix86} x86_64 aarch64
|
%ifarch %{ix86} x86_64 aarch64
|
||||||
%global have_gnu_efi 1
|
%global have_gnu_efi 1
|
||||||
|
@ -126,19 +152,31 @@ BuildRequires: /usr/bin/getfacl
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
BuildRequires: gobject-introspection-devel
|
BuildRequires: gobject-introspection-devel
|
||||||
BuildRequires: libblkid-devel
|
BuildRequires: libblkid-devel
|
||||||
|
%if %{with xz}
|
||||||
BuildRequires: xz-devel
|
BuildRequires: xz-devel
|
||||||
BuildRequires: xz
|
BuildRequires: xz
|
||||||
|
%endif
|
||||||
|
%if %{with lz4}
|
||||||
BuildRequires: lz4-devel
|
BuildRequires: lz4-devel
|
||||||
BuildRequires: lz4
|
BuildRequires: lz4
|
||||||
|
%endif
|
||||||
|
%if %{with bzip2}
|
||||||
BuildRequires: bzip2-devel
|
BuildRequires: bzip2-devel
|
||||||
|
%endif
|
||||||
|
%if %{with zstd}
|
||||||
BuildRequires: libzstd-devel
|
BuildRequires: libzstd-devel
|
||||||
|
%endif
|
||||||
BuildRequires: libidn2-devel
|
BuildRequires: libidn2-devel
|
||||||
BuildRequires: libcurl-devel
|
BuildRequires: libcurl-devel
|
||||||
BuildRequires: kmod-devel
|
BuildRequires: kmod-devel
|
||||||
BuildRequires: elfutils-devel
|
BuildRequires: elfutils-devel
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
|
%if %{with gnutls}
|
||||||
BuildRequires: gnutls-devel
|
BuildRequires: gnutls-devel
|
||||||
|
%endif
|
||||||
|
%if %{undefined rhel}
|
||||||
BuildRequires: qrencode-devel
|
BuildRequires: qrencode-devel
|
||||||
|
%endif
|
||||||
BuildRequires: libmicrohttpd-devel
|
BuildRequires: libmicrohttpd-devel
|
||||||
BuildRequires: libxkbcommon-devel
|
BuildRequires: libxkbcommon-devel
|
||||||
BuildRequires: iptables-devel
|
BuildRequires: iptables-devel
|
||||||
|
@ -155,12 +193,19 @@ BuildRequires: gperf
|
||||||
BuildRequires: gawk
|
BuildRequires: gawk
|
||||||
BuildRequires: tree
|
BuildRequires: tree
|
||||||
BuildRequires: hostname
|
BuildRequires: hostname
|
||||||
BuildRequires: python3dist(lxml)
|
BuildRequires: python3
|
||||||
|
BuildRequires: python3-devel
|
||||||
BuildRequires: python3dist(jinja2)
|
BuildRequires: python3dist(jinja2)
|
||||||
BuildRequires: firewalld-filesystem
|
BuildRequires: python3dist(lxml)
|
||||||
%if 0%{?have_gnu_efi}
|
BuildRequires: python3dist(pefile)
|
||||||
BuildRequires: gnu-efi gnu-efi-devel
|
%if %{undefined rhel}
|
||||||
|
BuildRequires: python3dist(pillow)
|
||||||
|
BuildRequires: python3dist(pytest-flakes)
|
||||||
%endif
|
%endif
|
||||||
|
BuildRequires: python3dist(pytest)
|
||||||
|
BuildRequires: python3dist(zstd)
|
||||||
|
# gzip and lzma are provided by the stdlib
|
||||||
|
BuildRequires: firewalld-filesystem
|
||||||
BuildRequires: libseccomp-devel
|
BuildRequires: libseccomp-devel
|
||||||
BuildRequires: meson >= 0.43
|
BuildRequires: meson >= 0.43
|
||||||
BuildRequires: gettext
|
BuildRequires: gettext
|
||||||
|
@ -178,19 +223,27 @@ BuildRequires: bpftool
|
||||||
%global have_bpf 1
|
%global have_bpf 1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora}
|
||||||
|
%ifarch x86_64 aarch64
|
||||||
|
%global have_xen 1
|
||||||
|
# That package is only built for those two architectures
|
||||||
|
BuildRequires: xen-devel
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
Requires(post): coreutils
|
Requires(post): coreutils
|
||||||
Requires(post): grep
|
Requires(post): grep
|
||||||
# systemd-machine-id-setup requires libssl
|
# systemd-machine-id-setup requires libssl
|
||||||
Requires(post): openssl-libs
|
Requires(post): openssl-libs
|
||||||
Requires: dbus >= 1.9.18
|
Requires: dbus >= 1.9.18
|
||||||
Requires: %{name}-pam = %{version}-%{release}
|
Requires: %{name}-pam%{_isa} = %{version}-%{release}
|
||||||
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
|
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
|
||||||
Requires: %{name}-libs = %{version}-%{release}
|
Requires: %{name}-libs%{_isa} = %{version}-%{release}
|
||||||
%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}}
|
%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}}
|
||||||
%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}}
|
%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}}
|
||||||
Recommends: diffutils
|
Recommends: diffutils
|
||||||
Requires: (util-linux-core or util-linux)
|
Requires: (util-linux-core or util-linux)
|
||||||
Recommends: libxkbcommon%{?_isa}
|
Recommends: libxkbcommon%{_isa}
|
||||||
Provides: /bin/systemctl
|
Provides: /bin/systemctl
|
||||||
Provides: /sbin/shutdown
|
Provides: /sbin/shutdown
|
||||||
Provides: syslog
|
Provides: syslog
|
||||||
|
@ -208,10 +261,14 @@ Conflicts: fedora-release < 23-0.12
|
||||||
%endif
|
%endif
|
||||||
Obsoletes: timedatex < 0.6-3
|
Obsoletes: timedatex < 0.6-3
|
||||||
Provides: timedatex = 0.6-3
|
Provides: timedatex = 0.6-3
|
||||||
|
Conflicts: %{name}-standalone-repart < %{version}-%{release}^
|
||||||
|
Provides: %{name}-repart = %{version}-%{release}
|
||||||
Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^
|
Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^
|
||||||
Provides: %{name}-tmpfiles = %{version}-%{release}
|
Provides: %{name}-tmpfiles = %{version}-%{release}
|
||||||
Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^
|
Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^
|
||||||
Provides: %{name}-sysusers = %{version}-%{release}
|
Provides: %{name}-sysusers = %{version}-%{release}
|
||||||
|
Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^
|
||||||
|
Provides: %{name}-shutdown = %{version}-%{release}
|
||||||
|
|
||||||
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
|
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
|
||||||
Recommends: libidn2.so.0%{?elf_suffix}
|
Recommends: libidn2.so.0%{?elf_suffix}
|
||||||
|
@ -219,9 +276,11 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
|
||||||
Recommends: libpcre2-8.so.0%{?elf_suffix}
|
Recommends: libpcre2-8.so.0%{?elf_suffix}
|
||||||
Recommends: libpwquality.so.1%{?elf_suffix}
|
Recommends: libpwquality.so.1%{?elf_suffix}
|
||||||
Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
|
Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
|
||||||
|
%if %{undefined rhel}
|
||||||
Recommends: libqrencode.so.4%{?elf_suffix}
|
Recommends: libqrencode.so.4%{?elf_suffix}
|
||||||
Recommends: libbpf.so.0%{?elf_suffix}
|
%endif
|
||||||
Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits}
|
Recommends: libbpf.so.1%{?elf_suffix}
|
||||||
|
Recommends: libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits}
|
||||||
|
|
||||||
# used by systemd-coredump and systemd-analyze
|
# used by systemd-coredump and systemd-analyze
|
||||||
Recommends: libdw.so.1%{?elf_suffix}
|
Recommends: libdw.so.1%{?elf_suffix}
|
||||||
|
@ -245,12 +304,12 @@ utilities to control basic system configuration like the hostname, date, locale,
|
||||||
maintain a list of logged-in users, system accounts, runtime directories and
|
maintain a list of logged-in users, system accounts, runtime directories and
|
||||||
settings, and a logging daemons.
|
settings, and a logging daemons.
|
||||||
%if 0%{?stable}
|
%if 0%{?stable}
|
||||||
This package was built from the %{version}-stable branch of systemd.
|
This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%package libs
|
%package libs
|
||||||
Summary: systemd libraries
|
Summary: systemd libraries
|
||||||
License: LGPLv2+ and MIT
|
License: LGPL-2.1-or-later AND MIT
|
||||||
Obsoletes: libudev < 183
|
Obsoletes: libudev < 183
|
||||||
Obsoletes: systemd < 185-4
|
Obsoletes: systemd < 185-4
|
||||||
Conflicts: systemd < 185-4
|
Conflicts: systemd < 185-4
|
||||||
|
@ -282,8 +341,9 @@ for information how to use those macros.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development headers for systemd
|
Summary: Development headers for systemd
|
||||||
License: LGPLv2+ and MIT
|
License: LGPL-2.1-or-later AND MIT
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{_isa} = %{version}-%{release}
|
||||||
|
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
|
||||||
Provides: libudev-devel = %{version}
|
Provides: libudev-devel = %{version}
|
||||||
Provides: libudev-devel%{_isa} = %{version}
|
Provides: libudev-devel%{_isa} = %{version}
|
||||||
Obsoletes: libudev-devel < 183
|
Obsoletes: libudev-devel < 183
|
||||||
|
@ -294,9 +354,9 @@ to libudev or libsystemd.
|
||||||
|
|
||||||
%package udev
|
%package udev
|
||||||
Summary: Rule-based device node and kernel event manager
|
Summary: Rule-based device node and kernel event manager
|
||||||
License: LGPLv2+
|
License: LGPL-2.1-or-later
|
||||||
|
|
||||||
Requires: systemd%{?_isa} = %{version}-%{release}
|
Requires: systemd%{_isa} = %{version}-%{release}
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
|
@ -307,6 +367,8 @@ Obsoletes: systemd < 245.6-1
|
||||||
Provides: udev = %{version}
|
Provides: udev = %{version}
|
||||||
Provides: udev%{_isa} = %{version}
|
Provides: udev%{_isa} = %{version}
|
||||||
Obsoletes: udev < 183
|
Obsoletes: udev < 183
|
||||||
|
Requires: (grubby > 8.40-72 if grubby)
|
||||||
|
Requires: (sdubby > 1.0-3 if sdubby)
|
||||||
|
|
||||||
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
|
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
|
||||||
# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
|
# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
|
||||||
|
@ -319,8 +381,9 @@ Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits}
|
||||||
Recommends: libelf.so.1%{?elf_suffix}
|
Recommends: libelf.so.1%{?elf_suffix}
|
||||||
Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits}
|
Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits}
|
||||||
|
|
||||||
# used by home, cryptsetup, cryptenroll
|
# used by home, cryptsetup, cryptenroll, logind
|
||||||
Recommends: libfido2.so.1%{?elf_suffix}
|
Recommends: libfido2.so.1%{?elf_suffix}
|
||||||
|
Recommends: libp11-kit.so.0%{?elf_suffix}
|
||||||
Recommends: libtss2-esys.so.0%{?elf_suffix}
|
Recommends: libtss2-esys.so.0%{?elf_suffix}
|
||||||
Recommends: libtss2-mu.so.0%{?elf_suffix}
|
Recommends: libtss2-mu.so.0%{?elf_suffix}
|
||||||
Recommends: libtss2-rc.so.0%{?elf_suffix}
|
Recommends: libtss2-rc.so.0%{?elf_suffix}
|
||||||
|
@ -334,6 +397,9 @@ Requires: kbd
|
||||||
Provides: u2f-hidraw-policy = 1.0.2-40
|
Provides: u2f-hidraw-policy = 1.0.2-40
|
||||||
Obsoletes: u2f-hidraw-policy < 1.0.2-40
|
Obsoletes: u2f-hidraw-policy < 1.0.2-40
|
||||||
|
|
||||||
|
# self-obsoletes to install both packages after split of systemd-boot
|
||||||
|
Obsoletes: systemd-udev < 252.2^
|
||||||
|
|
||||||
%description udev
|
%description udev
|
||||||
This package contains systemd-udev and the rules and hardware database needed to
|
This package contains systemd-udev and the rules and hardware database needed to
|
||||||
manage device nodes. This package is necessary on physical machines and in
|
manage device nodes. This package is necessary on physical machines and in
|
||||||
|
@ -344,10 +410,49 @@ This package also provides systemd-timesyncd, a network time protocol daemon.
|
||||||
It also contains tools to manage encrypted home areas and secrets bound to the
|
It also contains tools to manage encrypted home areas and secrets bound to the
|
||||||
machine, and to create or grow partitions and make file systems automatically.
|
machine, and to create or grow partitions and make file systems automatically.
|
||||||
|
|
||||||
|
%if 0%{?have_gnu_efi}
|
||||||
|
%package ukify
|
||||||
|
Summary: Tool to build Unified Kernel Images
|
||||||
|
Requires: %{name} = %{version}-%{release}
|
||||||
|
|
||||||
|
Requires: python3dist(pefile)
|
||||||
|
Requires: python3dist(zstd)
|
||||||
|
Requires: python3dist(cryptography)
|
||||||
|
Recommends: python3dist(pillow)
|
||||||
|
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description ukify
|
||||||
|
This package provides ukify, a script that combines a kernel image, an initrd,
|
||||||
|
with a command line, and possibly PCR measurements and other metadata, into a
|
||||||
|
Unified Kernel Image (UKI).
|
||||||
|
|
||||||
|
%package boot-unsigned
|
||||||
|
Summary: UEFI boot manager (unsigned version)
|
||||||
|
|
||||||
|
Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release
|
||||||
|
Provides: systemd-boot = %version-%release
|
||||||
|
Provides: systemd-boot%{_isa} = %version-%release
|
||||||
|
# A provides with just the version, no release or dist, used to build systemd-boot
|
||||||
|
Provides: version(systemd-boot-unsigned) = %version
|
||||||
|
Provides: version(systemd-boot-unsigned)%{_isa} = %version
|
||||||
|
|
||||||
|
# self-obsoletes to install both packages after split of systemd-boot
|
||||||
|
Obsoletes: systemd-udev < 252.2^
|
||||||
|
|
||||||
|
%description boot-unsigned
|
||||||
|
systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a
|
||||||
|
graphical menu to select the entry to boot and an editor for the kernel command
|
||||||
|
line. systemd-boot supports systems with UEFI firmware only.
|
||||||
|
|
||||||
|
This package contains the unsigned version. Install systemd-boot instead to get
|
||||||
|
the version that works with Secure Boot.
|
||||||
|
%endif
|
||||||
|
|
||||||
%package container
|
%package container
|
||||||
# Name is the same as in Debian
|
# Name is the same as in Debian
|
||||||
Summary: Tools for containers and VMs
|
Summary: Tools for containers and VMs
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
|
@ -355,7 +460,7 @@ Requires(postun): systemd
|
||||||
Obsoletes: %{name} < 229-5
|
Obsoletes: %{name} < 229-5
|
||||||
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
|
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
|
||||||
Suggests: libcurl-minimal
|
Suggests: libcurl-minimal
|
||||||
License: LGPLv2+
|
License: LGPL-2.1-or-later
|
||||||
|
|
||||||
%description container
|
%description container
|
||||||
Systemd tools to spawn and manage containers and virtual machines.
|
Systemd tools to spawn and manage containers and virtual machines.
|
||||||
|
@ -366,8 +471,8 @@ systemd-importd.
|
||||||
%package journal-remote
|
%package journal-remote
|
||||||
# Name is the same as in Debian
|
# Name is the same as in Debian
|
||||||
Summary: Tools to send journal events over the network
|
Summary: Tools to send journal events over the network
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
License: LGPLv2+
|
License: LGPL-2.1-or-later
|
||||||
Requires: firewalld-filesystem
|
Requires: firewalld-filesystem
|
||||||
Provides: %{name}-journal-gateway = %{version}-%{release}
|
Provides: %{name}-journal-gateway = %{version}-%{release}
|
||||||
Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release}
|
Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release}
|
||||||
|
@ -384,8 +489,8 @@ systemd-journal-upload.
|
||||||
|
|
||||||
%package networkd
|
%package networkd
|
||||||
Summary: System daemon that manages network configurations
|
Summary: System daemon that manages network configurations
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
License: LGPLv2+
|
License: LGPL-2.1-or-later
|
||||||
# https://src.fedoraproject.org/rpms/systemd/pull-request/34
|
# https://src.fedoraproject.org/rpms/systemd/pull-request/34
|
||||||
Obsoletes: systemd < 246.6-2
|
Obsoletes: systemd < 246.6-2
|
||||||
|
|
||||||
|
@ -396,7 +501,7 @@ devices.
|
||||||
|
|
||||||
%package resolved
|
%package resolved
|
||||||
Summary: Network Name Resolution manager
|
Summary: Network Name Resolution manager
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
Obsoletes: %{name} < 249~~
|
Obsoletes: %{name} < 249~~
|
||||||
Requires: libidn2.so.0%{?elf_suffix}
|
Requires: libidn2.so.0%{?elf_suffix}
|
||||||
Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
|
Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
|
||||||
|
@ -410,7 +515,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder.
|
||||||
%package oomd-defaults
|
%package oomd-defaults
|
||||||
Summary: Configuration files for systemd-oomd
|
Summary: Configuration files for systemd-oomd
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
License: LGPLv2+
|
License: LGPL-2.1-or-later
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
%description oomd-defaults
|
%description oomd-defaults
|
||||||
|
@ -419,40 +524,69 @@ a userspace out-of-memory (OOM) killer.
|
||||||
|
|
||||||
%package tests
|
%package tests
|
||||||
Summary: Internal unit tests for systemd
|
Summary: Internal unit tests for systemd
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
License: LGPLv2+
|
# This dependency is provided transitively. Also add it explicitly to
|
||||||
|
# appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231:
|
||||||
|
Requires: %{name}-libs%{_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
License: LGPL-2.1-or-later
|
||||||
|
|
||||||
%description tests
|
%description tests
|
||||||
"Installed tests" that are usually run as part of the build system. They can be
|
"Installed tests" that are usually run as part of the build system. They can be
|
||||||
useful to test systemd internals.
|
useful to test systemd internals.
|
||||||
|
|
||||||
|
%package standalone-repart
|
||||||
|
Summary: Standalone systemd-repart binary for use on systems without systemd
|
||||||
|
Provides: %{name}-repart = %{version}-%{release}
|
||||||
|
RemovePathPostfixes: .standalone
|
||||||
|
|
||||||
|
%description standalone-repart
|
||||||
|
Standalone systemd-repart binary with no dependencies on the systemd-shared library or
|
||||||
|
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||||
|
package and is meant for use on systems without systemd.
|
||||||
|
|
||||||
%package standalone-tmpfiles
|
%package standalone-tmpfiles
|
||||||
Summary: Standalone tmpfiles binary for use in non-systemd systems
|
Summary: Standalone systemd-tmpfiles binary for use on systems without systemd
|
||||||
Provides: %{name}-tmpfiles = %{version}-%{release}
|
Provides: %{name}-tmpfiles = %{version}-%{release}
|
||||||
RemovePathPostfixes: .standalone
|
RemovePathPostfixes: .standalone
|
||||||
|
|
||||||
%description standalone-tmpfiles
|
%description standalone-tmpfiles
|
||||||
Standalone tmpfiles binary with no dependencies on the systemd-shared library or
|
Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or
|
||||||
other libraries from systemd-libs. This package conflicts with the main systemd
|
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||||
package and is meant for use in non-systemd systems.
|
package and is meant for use on systems without systemd.
|
||||||
|
|
||||||
%package standalone-sysusers
|
%package standalone-sysusers
|
||||||
Summary: Standalone sysusers binary for use in non-systemd systems
|
Summary: Standalone systemd-sysusers binary for use on systems without systemd
|
||||||
Provides: %{name}-sysusers = %{version}-%{release}
|
Provides: %{name}-sysusers = %{version}-%{release}
|
||||||
RemovePathPostfixes: .standalone
|
RemovePathPostfixes: .standalone
|
||||||
|
|
||||||
%description standalone-sysusers
|
%description standalone-sysusers
|
||||||
Standalone sysusers binary with no dependencies on the systemd-shared library or
|
Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or
|
||||||
other libraries from systemd-libs. This package conflicts with the main systemd
|
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||||
package and is meant for use in non-systemd systems.
|
package and is meant for use on systems without systemd.
|
||||||
|
|
||||||
|
%package standalone-shutdown
|
||||||
|
Summary: Standalone systemd-shutdown binary for use on systems without systemd
|
||||||
|
Provides: %{name}-shutdown = %{version}-%{release}
|
||||||
|
RemovePathPostfixes: .standalone
|
||||||
|
|
||||||
|
%description standalone-shutdown
|
||||||
|
Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or
|
||||||
|
other libraries from systemd-libs. This package conflicts with the main systemd
|
||||||
|
package and is meant for use in exitrds.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
|
%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1
|
||||||
|
|
||||||
test -f src/login/systemd-user.in
|
%generate_buildrequires
|
||||||
# Restore systemd-user pam config from before "removal of Fedora-specific bits".
|
%if 0%{?have_gnu_efi}
|
||||||
# We'll systemd process it and install in the right place.
|
if grep -q gnu-efi meson_options.txt; then
|
||||||
cp %{SOURCE12} src/login/systemd-user.in
|
echo 'gnu-efi'
|
||||||
|
echo 'gnu-efi-devel'
|
||||||
|
else
|
||||||
|
echo 'python3dist(pyelftools)'
|
||||||
|
fi
|
||||||
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%global ntpvendor %(source /etc/os-release; echo ${ID})
|
%global ntpvendor %(source /etc/os-release; echo ${ID})
|
||||||
|
@ -477,11 +611,11 @@ CONFIGURE_OPTS=(
|
||||||
-Dbpf-framework=%[0%{?have_bpf}?"true":"false"]
|
-Dbpf-framework=%[0%{?have_bpf}?"true":"false"]
|
||||||
-Dapparmor=false
|
-Dapparmor=false
|
||||||
-Dpolkit=true
|
-Dpolkit=true
|
||||||
-Dxz=true
|
-Dxz=%[%{with xz}?"true":"false"]
|
||||||
-Dzlib=true
|
-Dzlib=%[%{with zlib}?"true":"false"]
|
||||||
-Dbzip2=true
|
-Dbzip2=%[%{with bzip2}?"true":"false"]
|
||||||
-Dlz4=true
|
-Dlz4=%[%{with lz4}?"true":"false"]
|
||||||
-Dzstd=true
|
-Dzstd=%[%{with zstd}?"true":"false"]
|
||||||
-Dpam=true
|
-Dpam=true
|
||||||
-Dacl=true
|
-Dacl=true
|
||||||
-Dsmack=true
|
-Dsmack=true
|
||||||
|
@ -494,15 +628,15 @@ CONFIGURE_OPTS=(
|
||||||
-Dlibcryptsetup=%[%{with bootstrap}?"false":"true"]
|
-Dlibcryptsetup=%[%{with bootstrap}?"false":"true"]
|
||||||
-Delfutils=true
|
-Delfutils=true
|
||||||
-Dpwquality=true
|
-Dpwquality=true
|
||||||
-Dqrencode=true
|
-Dqrencode=%[%{defined rhel}?"false":"true"]
|
||||||
-Dgnutls=true
|
-Dgnutls=%[%{with gnutls}?"true":"false"]
|
||||||
-Dmicrohttpd=true
|
-Dmicrohttpd=true
|
||||||
-Dlibidn2=true
|
-Dlibidn2=true
|
||||||
-Dlibiptc=false
|
-Dlibiptc=false
|
||||||
-Dlibcurl=true
|
-Dlibcurl=true
|
||||||
-Dlibfido2=true
|
-Dlibfido2=true
|
||||||
|
-Dxenctrl=%[0%{?have_xen}?"true":"false"]
|
||||||
-Defi=true
|
-Defi=true
|
||||||
-Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"]
|
|
||||||
-Dtpm=true
|
-Dtpm=true
|
||||||
-Dtpm2=true
|
-Dtpm2=true
|
||||||
-Dhwdb=true
|
-Dhwdb=true
|
||||||
|
@ -533,6 +667,9 @@ CONFIGURE_OPTS=(
|
||||||
-Ddefault-llmnr=resolve
|
-Ddefault-llmnr=resolve
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2028169
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2028169
|
||||||
-Dstatus-unit-format-default=combined
|
-Dstatus-unit-format-default=combined
|
||||||
|
# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
|
||||||
|
-Ddefault-timeout-sec=45
|
||||||
|
-Ddefault-user-timeout-sec=45
|
||||||
-Doomd=true
|
-Doomd=true
|
||||||
-Dadm-gid=4
|
-Dadm-gid=4
|
||||||
-Daudio-gid=63
|
-Daudio-gid=63
|
||||||
|
@ -557,6 +694,20 @@ CONFIGURE_OPTS=(
|
||||||
# -Dsystemd-timesync-uid=, not set yet
|
# -Dsystemd-timesync-uid=, not set yet
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if grep gnu-efi meson_options.txt; then
|
||||||
|
CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] )
|
||||||
|
else
|
||||||
|
# For now, let's build the bootloader in the same places where we
|
||||||
|
# built with gnu-efi. Later on, we might want to extend coverage, but
|
||||||
|
# considering that that support is untested, let's not do this now.
|
||||||
|
# Note, ukify requires bootloader, let's also explicitly enable/disable it
|
||||||
|
# here for https://github.com/systemd/systemd/pull/24175.
|
||||||
|
CONFIGURE_OPTS+=(
|
||||||
|
-Dbootloader=%[%{?have_gnu_efi}?"true":"false"]
|
||||||
|
-Dukify=%[%{?have_gnu_efi}?"true":"false"]
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
%if %{without lto}
|
%if %{without lto}
|
||||||
%global _lto_cflags %nil
|
%global _lto_cflags %nil
|
||||||
%endif
|
%endif
|
||||||
|
@ -580,6 +731,8 @@ if ! diff -u %{SOURCE1} ${new_triggers}; then
|
||||||
sleep 5
|
sleep 5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%meson_install
|
%meson_install
|
||||||
|
|
||||||
|
@ -665,16 +818,30 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
|
||||||
|
|
||||||
# systemd-oomd default configuration
|
# systemd-oomd default configuration
|
||||||
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
|
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
|
||||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/-.slice.d/ %{SOURCE15}
|
install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
|
||||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/user@.service.d/ %{SOURCE16}
|
install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}
|
||||||
|
# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
|
||||||
|
install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16}
|
||||||
|
install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf
|
||||||
|
|
||||||
|
# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
|
||||||
|
install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17}
|
||||||
|
|
||||||
sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py
|
sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py
|
||||||
|
|
||||||
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21}
|
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21}
|
||||||
|
# Use rpm's own sysusers provides where available
|
||||||
|
%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10)
|
||||||
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
|
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
|
||||||
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
|
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
|
||||||
|
%endif
|
||||||
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
|
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2107754
|
||||||
|
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25}
|
||||||
|
|
||||||
|
ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel
|
||||||
|
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
|
||||||
# Split files in build root into rpms. See split-files.py for the
|
# Split files in build root into rpms. See split-files.py for the
|
||||||
|
@ -682,7 +849,7 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
|
||||||
# here.
|
# here.
|
||||||
python3 %{SOURCE2} %buildroot <<EOF
|
python3 %{SOURCE2} %buildroot <<EOF
|
||||||
%ghost %config(noreplace) /etc/crypttab
|
%ghost %config(noreplace) /etc/crypttab
|
||||||
%ghost /etc/udev/hwdb.bin
|
%ghost %attr(0444,root,root) /etc/udev/hwdb.bin
|
||||||
/etc/inittab
|
/etc/inittab
|
||||||
/usr/lib/systemd/purge-nobody-user
|
/usr/lib/systemd/purge-nobody-user
|
||||||
%ghost %config(noreplace) /etc/vconsole.conf
|
%ghost %config(noreplace) /etc/vconsole.conf
|
||||||
|
@ -708,7 +875,7 @@ python3 %{SOURCE2} %buildroot <<EOF
|
||||||
%ghost %dir /var/lib/systemd/coredump
|
%ghost %dir /var/lib/systemd/coredump
|
||||||
%ghost /var/lib/systemd/journal-upload
|
%ghost /var/lib/systemd/journal-upload
|
||||||
%ghost %dir /var/lib/systemd/linger
|
%ghost %dir /var/lib/systemd/linger
|
||||||
%ghost /var/lib/systemd/random-seed
|
%ghost %attr(0600,root,root) /var/lib/systemd/random-seed
|
||||||
%ghost %dir /var/lib/systemd/rfkill
|
%ghost %dir /var/lib/systemd/rfkill
|
||||||
%ghost %dir %verify(not mode group) /var/log/journal
|
%ghost %dir %verify(not mode group) /var/log/journal
|
||||||
%ghost %dir /var/log/journal/remote
|
%ghost %dir /var/log/journal/remote
|
||||||
|
@ -791,10 +958,16 @@ if [ $1 -eq 1 ]; then
|
||||||
systemd-tmpfiles --create &>/dev/null || :
|
systemd-tmpfiles --create &>/dev/null || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
|
%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
|
||||||
|
|
||||||
# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
|
# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
|
||||||
# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec
|
|
||||||
|
# This is the explanded form of %%systemd_user_daemon_reexec. We
|
||||||
|
# can't use the macro because we define it ourselves.
|
||||||
|
if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
|
||||||
|
# Package upgrade, not uninstall
|
||||||
|
/usr/lib/systemd/systemd-update-helper user-reexec || :
|
||||||
|
fi
|
||||||
|
|
||||||
%triggerun resolved -- systemd < 246.1-1
|
%triggerun resolved -- systemd < 246.1-1
|
||||||
# This is for upgrades from previous versions before systemd-resolved became the default.
|
# This is for upgrades from previous versions before systemd-resolved became the default.
|
||||||
|
@ -812,13 +985,18 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
|
||||||
systemctl start systemd-resolved.service &>/dev/null || :
|
systemctl start systemd-resolved.service &>/dev/null || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%triggerpostun -- systemd < 247.3-2
|
%triggerun -- systemd < 247.3-2
|
||||||
# This is for upgrades from previous versions before oomd-defaults is available.
|
# This is for upgrades from previous versions before oomd-defaults is available.
|
||||||
# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with
|
|
||||||
# a different package version.
|
|
||||||
systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
|
systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
|
||||||
|
|
||||||
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service}
|
%triggerpostun -- systemd < 253~rc1-2
|
||||||
|
# This is for upgrades from previous versions where systemd-journald-audit.socket
|
||||||
|
# had a static enablement symlink.
|
||||||
|
# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with
|
||||||
|
# a different package version.
|
||||||
|
systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || :
|
||||||
|
|
||||||
|
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target
|
||||||
|
|
||||||
%post udev
|
%post udev
|
||||||
# Move old stuff around in /var/lib
|
# Move old stuff around in /var/lib
|
||||||
|
@ -913,6 +1091,8 @@ fi
|
||||||
[ $1 -eq 1 ] || exit 0
|
[ $1 -eq 1 ] || exit 0
|
||||||
# Initial installation
|
# Initial installation
|
||||||
|
|
||||||
|
touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
|
||||||
|
|
||||||
# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
|
# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
|
||||||
if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
|
if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
|
||||||
echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
|
echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
|
||||||
|
@ -922,14 +1102,17 @@ fi
|
||||||
%systemd_post systemd-resolved.service
|
%systemd_post systemd-resolved.service
|
||||||
|
|
||||||
%posttrans resolved
|
%posttrans resolved
|
||||||
[ $1 -eq 1 ] || exit 0
|
[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0
|
||||||
|
rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
|
||||||
# Initial installation
|
# Initial installation
|
||||||
|
|
||||||
# Create /etc/resolv.conf symlink.
|
# Create /etc/resolv.conf symlink.
|
||||||
# We would also create it using tmpfiles, but let's do this here
|
# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856)
|
||||||
# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
|
#
|
||||||
# does not do this, because it's marked with ! and we don't specify --boot.)
|
# We would also create it using tmpfiles, but let's do this here too
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1873856
|
# before NetworkManager gets a chance. (systemd-tmpfiles invocation
|
||||||
|
# above does not do this, because the line is marked with ! and
|
||||||
|
# tmpfiles is invoked without --boot in the scriptlet.)
|
||||||
#
|
#
|
||||||
# *Create* the symlink if nothing is present yet.
|
# *Create* the symlink if nothing is present yet.
|
||||||
# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)
|
# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)
|
||||||
|
@ -991,6 +1174,11 @@ fi
|
||||||
|
|
||||||
%files udev -f .file-list-udev
|
%files udev -f .file-list-udev
|
||||||
|
|
||||||
|
%if 0%{?have_gnu_efi}
|
||||||
|
%files ukify -f .file-list-ukify
|
||||||
|
%files boot-unsigned -f .file-list-boot
|
||||||
|
%endif
|
||||||
|
|
||||||
%files container -f .file-list-container
|
%files container -f .file-list-container
|
||||||
%ghost %dir %attr(0700,-,-) /var/lib/machines
|
%ghost %dir %attr(0700,-,-) /var/lib/machines
|
||||||
|
|
||||||
|
@ -1002,9 +1190,19 @@ fi
|
||||||
|
|
||||||
%files tests -f .file-list-tests
|
%files tests -f .file-list-tests
|
||||||
|
|
||||||
|
%files standalone-repart -f .file-list-standalone-repart
|
||||||
|
|
||||||
%files standalone-tmpfiles -f .file-list-standalone-tmpfiles
|
%files standalone-tmpfiles -f .file-list-standalone-tmpfiles
|
||||||
|
|
||||||
%files standalone-sysusers -f .file-list-standalone-sysusers
|
%files standalone-sysusers -f .file-list-standalone-sysusers
|
||||||
|
|
||||||
|
%files standalone-shutdown -f .file-list-standalone-shutdown
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
rm -f 10-timeout-abort.conf.user
|
||||||
|
rm -f .file-list-*
|
||||||
|
rm -f %{name}.lang
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
%autochangelog
|
%autochangelog
|
||||||
|
|
|
@ -1,79 +1,96 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*-
|
||||||
|
|
||||||
# This script turns sysuser.d files into scriptlets mandated by Fedora
|
# This script turns sysuser.d files into scriptlets mandated by Fedora
|
||||||
# packaging guidelines. The general idea is to define users using the
|
# packaging guidelines. The general idea is to define users using the
|
||||||
# declarative syntax but to turn this into traditional scriptlets.
|
# declarative syntax but to turn this into traditional scriptlets.
|
||||||
|
|
||||||
user() {
|
user() {
|
||||||
user="$1"
|
user="$1"
|
||||||
uid="$2"
|
uid="$2"
|
||||||
desc="$3"
|
desc="$3"
|
||||||
group="$4"
|
group="$4"
|
||||||
home="$5"
|
home="$5"
|
||||||
shell="$6"
|
shell="$6"
|
||||||
|
|
||||||
[ "$desc" = '-' ] && desc=
|
[ "$desc" = '-' ] && desc=
|
||||||
{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
|
{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
|
||||||
{ [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin
|
{ [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin
|
||||||
|
|
||||||
if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
|
if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
|
||||||
cat <<EOF
|
cat <<-EOF
|
||||||
getent passwd '$user' >/dev/null || \\
|
getent passwd '$user' >/dev/null || \\
|
||||||
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
|
useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
|
||||||
EOF
|
EOF
|
||||||
else
|
else
|
||||||
cat <<EOF
|
cat <<-EOF
|
||||||
if ! getent passwd '$user' >/dev/null; then
|
if ! getent passwd ${user@Q} >/dev/null; then
|
||||||
if ! getent passwd '$uid' >/dev/null; then
|
if ! getent passwd ${uid@Q} >/dev/null; then
|
||||||
useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
|
useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
|
||||||
else
|
else
|
||||||
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
|
useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
group() {
|
group() {
|
||||||
group="$1"
|
group="$1"
|
||||||
gid="$2"
|
gid="$2"
|
||||||
if [ "$gid" = '-' ]; then
|
|
||||||
cat <<-EOF
|
if [ "$gid" = '-' ]; then
|
||||||
getent group '$group' >/dev/null || groupadd -r '$group' || :
|
cat <<-EOF
|
||||||
|
getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || :
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
cat <<-EOF
|
||||||
|
getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || :
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
usermod() {
|
||||||
|
user="$1"
|
||||||
|
group="$2"
|
||||||
|
|
||||||
|
cat <<-EOF
|
||||||
|
if getent group ${group@Q} >/dev/null; then
|
||||||
|
usermod -a -G ${group@Q} '$user' || :
|
||||||
|
fi
|
||||||
EOF
|
EOF
|
||||||
else
|
|
||||||
cat <<-EOF
|
|
||||||
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
parse() {
|
parse() {
|
||||||
while read -r line || [ -n "$line" ] ; do
|
while read -r line || [ -n "$line" ] ; do
|
||||||
{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
|
{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
|
||||||
line="${line## *}"
|
line="${line## *}"
|
||||||
[ -z "$line" ] && continue
|
[ -z "$line" ] && continue
|
||||||
eval "arr=( $line )"
|
eval "arr=( $line )"
|
||||||
case "${arr[0]}" in
|
case "${arr[0]}" in
|
||||||
('u')
|
('u')
|
||||||
group "${arr[1]}" "${arr[2]}"
|
if [[ "${arr[2]}" == *":"* ]]; then
|
||||||
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}"
|
||||||
# TODO: user:group support
|
else
|
||||||
;;
|
group "${arr[1]}" "${arr[2]}"
|
||||||
('g')
|
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
||||||
group "${arr[1]}" "${arr[2]}"
|
fi
|
||||||
;;
|
;;
|
||||||
('m')
|
('g')
|
||||||
group "${arr[2]}" "-"
|
group "${arr[1]}" "${arr[2]}"
|
||||||
user "${arr[1]}" "-" "" "${arr[2]}"
|
;;
|
||||||
;;
|
('m')
|
||||||
esac
|
group "${arr[2]}" "-"
|
||||||
done
|
user "${arr[1]}" "-" "" "${arr[1]}" "" ""
|
||||||
|
usermod "${arr[1]}" "${arr[2]}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
for fn in "$@"; do
|
for fn in "$@"; do
|
||||||
[ -e "$fn" ] || continue
|
[ -e "$fn" ] || continue
|
||||||
echo "# generated from $(basename "$fn")"
|
echo "# generated from $(basename "$fn")"
|
||||||
parse <"$fn"
|
parse <"$fn"
|
||||||
done
|
done
|
||||||
|
|
|
@ -17,11 +17,7 @@
|
||||||
/usr/lib/systemd/systemd-update-helper system-reload-restart || :
|
/usr/lib/systemd/systemd-update-helper system-reload-restart || :
|
||||||
|
|
||||||
%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user
|
%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user
|
||||||
if selinuxenabled &>/dev/null; then
|
/usr/lib/systemd/systemd-update-helper user-reload-restart || :
|
||||||
/usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || :
|
|
||||||
else
|
|
||||||
/usr/lib/systemd/systemd-update-helper user-reload-restart || :
|
|
||||||
fi
|
|
||||||
|
|
||||||
%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
|
%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
|
||||||
# On removal, we need to run daemon-reload after any units have been
|
# On removal, we need to run daemon-reload after any units have been
|
||||||
|
@ -33,11 +29,7 @@ fi
|
||||||
|
|
||||||
%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user
|
%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user
|
||||||
# Execute daemon-reload in user managers.
|
# Execute daemon-reload in user managers.
|
||||||
if selinuxenabled &>/dev/null; then
|
/usr/lib/systemd/systemd-update-helper user-reload || :
|
||||||
/usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || :
|
|
||||||
else
|
|
||||||
/usr/lib/systemd/systemd-update-helper user-reload || :
|
|
||||||
fi
|
|
||||||
|
|
||||||
%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
|
%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
|
||||||
# We restart remaining system services that should be restarted here.
|
# We restart remaining system services that should be restarted here.
|
||||||
|
@ -45,11 +37,7 @@ fi
|
||||||
|
|
||||||
%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user
|
%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user
|
||||||
# We restart remaining user services that should be restarted here.
|
# We restart remaining user services that should be restarted here.
|
||||||
if selinuxenabled &>/dev/null; then
|
/usr/lib/systemd/systemd-update-helper user-restart || :
|
||||||
/usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || :
|
|
||||||
else
|
|
||||||
/usr/lib/systemd/systemd-update-helper user-restart || :
|
|
||||||
fi
|
|
||||||
|
|
||||||
%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
|
%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
|
||||||
# This script will process files installed in /usr/lib/sysusers.d to create
|
# This script will process files installed in /usr/lib/sysusers.d to create
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
From 8a38bc402c8f7c656c7e356c37c432c7b3a8cd6f Mon Sep 17 00:00:00 2001
|
From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
Date: Wed, 14 Aug 2019 15:57:42 +0200
|
Date: Wed, 14 Aug 2019 15:57:42 +0200
|
||||||
Subject: [PATCH] udev: use bfq as the default scheduler
|
Subject: [PATCH] udev: use bfq as the default scheduler
|
||||||
|
@ -17,24 +17,27 @@ See the bug for more discussion and links.
|
||||||
|
|
||||||
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
|
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..480b941761
|
index 0000000000..850b64540e
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/rules.d/60-block-scheduler.rules
|
+++ b/rules.d/60-block-scheduler.rules
|
||||||
@@ -0,0 +1,5 @@
|
@@ -0,0 +1,5 @@
|
||||||
+# do not edit this file, it will be overwritten on update
|
+# do not edit this file, it will be overwritten on update
|
||||||
+
|
+
|
||||||
+ACTION=="add", SUBSYSTEM=="block", \
|
+ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \
|
||||||
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
|
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
|
||||||
+ ATTR{queue/scheduler}="bfq"
|
+ ATTR{queue/scheduler}="bfq"
|
||||||
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||||
index a582e4e922..d300c382fc 100644
|
index 20fca222da..94fee9d7c0 100644
|
||||||
--- a/rules.d/meson.build
|
--- a/rules.d/meson.build
|
||||||
+++ b/rules.d/meson.build
|
+++ b/rules.d/meson.build
|
||||||
@@ -8,6 +8,7 @@ rules = [
|
@@ -7,6 +7,7 @@ install_data(
|
||||||
|
rules = [
|
||||||
[files('60-autosuspend.rules',
|
[files('60-autosuspend.rules',
|
||||||
'60-block.rules',
|
'60-block.rules',
|
||||||
'60-cdrom_id.rules',
|
|
||||||
+ '60-block-scheduler.rules',
|
+ '60-block-scheduler.rules',
|
||||||
|
'60-cdrom_id.rules',
|
||||||
|
'60-dmi-id.rules',
|
||||||
'60-drm.rules',
|
'60-drm.rules',
|
||||||
'60-evdev.rules',
|
--
|
||||||
'60-fido-id.rules',
|
2.41.0
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue