Accepting request 508718 from Base:System
1 OBS-URL: https://build.opensuse.org/request/show/508718 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=256
This commit is contained in:
commit
756ba088fb
@ -0,0 +1,31 @@
|
|||||||
|
From 30cceac444bcc67896611154b051669225abaa93 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Franck Bui <fbui@suse.com>
|
||||||
|
Date: Thu, 6 Jul 2017 15:48:10 +0200
|
||||||
|
Subject: [PATCH] core: disable session keyring per system sevice entirely
|
||||||
|
for now
|
||||||
|
|
||||||
|
It seems that this stuff needs more thoughts...
|
||||||
|
|
||||||
|
See also:
|
||||||
|
https://github.com/systemd/systemd/pull/6286
|
||||||
|
|
||||||
|
[fbui: fixes bnc#1045886]
|
||||||
|
---
|
||||||
|
src/core/service.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/service.c b/src/core/service.c
|
||||||
|
index 74054887b..874f2be93 100644
|
||||||
|
--- a/src/core/service.c
|
||||||
|
+++ b/src/core/service.c
|
||||||
|
@@ -1341,7 +1341,6 @@ static int service_spawn(
|
||||||
|
} else
|
||||||
|
path = UNIT(s)->cgroup_path;
|
||||||
|
|
||||||
|
- exec_params.flags |= MANAGER_IS_SYSTEM(UNIT(s)->manager) ? EXEC_NEW_KEYRING : 0;
|
||||||
|
exec_params.argv = c->argv;
|
||||||
|
exec_params.environment = final_env;
|
||||||
|
exec_params.fds = fds;
|
||||||
|
--
|
||||||
|
2.13.1
|
||||||
|
|
@ -1,3 +1,3 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
version https://git-lfs.github.com/spec/v1
|
||||||
oid sha256:68abe8a1ad8d19c64f4e10fdee7b8aceebc7d49fc2bb2711408171bdc841e67a
|
oid sha256:31fe0c3bea971e0dd40b9bec3f08080859ab3710f3882e0009582dd0bf16086d
|
||||||
size 3255548
|
size 3257376
|
||||||
|
@ -1,3 +1,69 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 7 08:19:41 UTC 2017 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Edit pkgconfig(liblz4) dependency: liblz4 now uses 1.x *again*
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
|
||||||
|
|
||||||
|
Temporary patch to disable the session keyring stuff as it's
|
||||||
|
currently broken and may introduce some security holes.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Import commit 21827ea0875ff197e16e72003b2bfaa1c6e8daad
|
||||||
|
|
||||||
|
1ad06735f core: fail when syntactically invalid values for User=/Group= fields are detected (bsc#1047023)
|
||||||
|
d563972e2 timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly
|
||||||
|
f4e0c16f5 gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)
|
||||||
|
e1345aac5 fix add_esp() in the gpt-auto-generator.c (#6251)
|
||||||
|
c591ece9a automount: don't lstat(2) upon umount request (#6086) (bsc#1040968)
|
||||||
|
643ab2eea gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab
|
||||||
|
f07d2022f fstab-util: introduce fstab_has_fstype() helper
|
||||||
|
bf735bb35 fstab-util: don't eat up errors in fstab_is_mount_point()
|
||||||
|
a4b40fbed resolved: simplify alloc size calculation (bsc#1045290 CVE-2017-9445)
|
||||||
|
8b960bec0 only check signature job error if signature job exists (#6118) (boo#1043758)
|
||||||
|
1418bfb5b job: Ensure JobRunningTimeoutSec= survives serialization (#6128) (bsc#1004995)
|
||||||
|
19b6d5f08 udev: turn off -Wformat-nonliteral for one safe case
|
||||||
|
717ace439 udev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933)
|
||||||
|
a3bf2e6b5 core/mount: pass "-c" flag to /bin/umount (#6093)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 5 07:15:17 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Add minimal support for boot.d/* scripts in systemd-sysv-convert (boo#1046750)
|
||||||
|
|
||||||
|
While at it, the handling of the symlink priorities is also removed
|
||||||
|
since it doesn't appear to be used at all.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 22 15:24:22 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't try to restart networkd/resolved if they're disabled (boo#1045521)
|
||||||
|
|
||||||
|
"systemctl try-restart/preset" wants the unit files exist.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 22 13:50:46 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Stop shipping /usr/lib/sysusers.d/basic.conf (bsc#1006978)
|
||||||
|
|
||||||
|
Ok looks like the previous change was the right thing to do and we
|
||||||
|
continue to follow this path by relying on the new user/group scheme
|
||||||
|
|
||||||
|
Therefore the basic system user/group are now managed and created by
|
||||||
|
system-sysusers and udev also relies on this for the groups it uses
|
||||||
|
in its rule files.
|
||||||
|
|
||||||
|
Ideally we should have listed all of the groups in the deps (with
|
||||||
|
"Requires: group(disk)" but the list of the groups is rather long
|
||||||
|
and the risk for those groups to be re-organized is probably low, so
|
||||||
|
currently we simply use "Requires: system-group-hardware" as a
|
||||||
|
shortcut.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com
|
Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
@ -11,7 +77,7 @@ Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com
|
|||||||
package isn't pulled in anymore when building the rescue system.
|
package isn't pulled in anymore when building the rescue system.
|
||||||
|
|
||||||
For now make systemd creates the group by adding
|
For now make systemd creates the group by adding
|
||||||
"Requires: group(post)".
|
"Requires: group(lock)".
|
||||||
|
|
||||||
I'm currently not sure why we don't use sysusers.d stuff for that
|
I'm currently not sure why we don't use sysusers.d stuff for that
|
||||||
purpose and if the "lock" group on /run/lock is still
|
purpose and if the "lock" group on /run/lock is still
|
||||||
|
@ -83,7 +83,7 @@ BuildRequires: suse-module-tools >= 12.4
|
|||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: pkgconfig(blkid) >= 2.26
|
BuildRequires: pkgconfig(blkid) >= 2.26
|
||||||
BuildRequires: pkgconfig(libkmod) >= 15
|
BuildRequires: pkgconfig(libkmod) >= 15
|
||||||
BuildRequires: pkgconfig(liblz4) >= 125
|
BuildRequires: pkgconfig(liblz4)
|
||||||
BuildRequires: pkgconfig(liblzma)
|
BuildRequires: pkgconfig(liblzma)
|
||||||
BuildRequires: pkgconfig(libpci) >= 3
|
BuildRequires: pkgconfig(libpci) >= 3
|
||||||
BuildRequires: pkgconfig(libpcre)
|
BuildRequires: pkgconfig(libpcre)
|
||||||
@ -155,6 +155,14 @@ Source14: kbd-model-map.legacy
|
|||||||
|
|
||||||
Source1065: udev-remount-tmpfs
|
Source1065: udev-remount-tmpfs
|
||||||
|
|
||||||
|
# Patches listed in here are really special cases. Normally all
|
||||||
|
# changes must go to upstream first and then are cherry-picked in the
|
||||||
|
# SUSE git repository. But in very few cases, some stuff might be
|
||||||
|
# broken in upstream and need an urgent fix. Even in this case, the
|
||||||
|
# patches are temporary and should be removed as soon as a fix is
|
||||||
|
# merged by upstream.
|
||||||
|
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Systemd is a system and service manager, compatible with SysV and LSB
|
Systemd is a system and service manager, compatible with SysV and LSB
|
||||||
init scripts for Linux. systemd provides aggressive parallelization
|
init scripts for Linux. systemd provides aggressive parallelization
|
||||||
@ -225,9 +233,8 @@ Summary: A rule-based device node and kernel event manager
|
|||||||
License: GPL-2.0
|
License: GPL-2.0
|
||||||
Group: System/Kernel
|
Group: System/Kernel
|
||||||
Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html
|
Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html
|
||||||
|
Requires: system-group-hardware
|
||||||
Requires(pre): /usr/bin/stat
|
Requires(pre): /usr/bin/stat
|
||||||
Requires(pre): /usr/sbin/groupadd
|
|
||||||
Requires(pre): /usr/bin/getent
|
|
||||||
Requires(post): sed
|
Requires(post): sed
|
||||||
Requires(post): /usr/bin/systemctl
|
Requires(post): /usr/bin/systemctl
|
||||||
|
|
||||||
@ -399,6 +406,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n systemd-%{version}
|
%setup -q -n systemd-%{version}
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
# only needed for bootstrap
|
# only needed for bootstrap
|
||||||
%if 0%{?bootstrap}
|
%if 0%{?bootstrap}
|
||||||
@ -530,6 +538,10 @@ rm %{buildroot}%{_libexecdir}/systemd/libsystemd-shared.so
|
|||||||
# aaa_base (in procps for now)
|
# aaa_base (in procps for now)
|
||||||
rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf
|
rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf
|
||||||
|
|
||||||
|
# The definition of the basic users/groups are defined by system-user
|
||||||
|
# on SUSE (bsc#1006978).
|
||||||
|
rm -f %{buildroot}%{_prefix}/lib/sysusers.d/basic.conf
|
||||||
|
|
||||||
# Remove README file in init.d as (SUSE) rpm requires executable files
|
# Remove README file in init.d as (SUSE) rpm requires executable files
|
||||||
# in this directory... oh well.
|
# in this directory... oh well.
|
||||||
rm -f %{buildroot}/etc/init.d/README
|
rm -f %{buildroot}/etc/init.d/README
|
||||||
@ -682,10 +694,14 @@ if [ $1 -eq 1 ]; then
|
|||||||
# unit.
|
# unit.
|
||||||
systemctl preset remote-fs.target || :
|
systemctl preset remote-fs.target || :
|
||||||
systemctl preset getty@.service || :
|
systemctl preset getty@.service || :
|
||||||
|
systemctl preset systemd-timesyncd.service || :
|
||||||
|
%if %{with networkd}
|
||||||
systemctl preset systemd-networkd.service || :
|
systemctl preset systemd-networkd.service || :
|
||||||
systemctl preset systemd-networkd-wait-online.service || :
|
systemctl preset systemd-networkd-wait-online.service || :
|
||||||
systemctl preset systemd-timesyncd.service || :
|
%endif
|
||||||
|
%if %{with resolved}
|
||||||
systemctl preset systemd-resolved.service || :
|
systemctl preset systemd-resolved.service || :
|
||||||
|
%endif
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
# since v207 /etc/sysctl.conf is no longer parsed, however
|
# since v207 /etc/sysctl.conf is no longer parsed, however
|
||||||
@ -745,9 +761,13 @@ fi
|
|||||||
%systemd_postun
|
%systemd_postun
|
||||||
# Avoid restarting logind until fixed upstream (issue #1163)
|
# Avoid restarting logind until fixed upstream (issue #1163)
|
||||||
%systemd_postun_with_restart systemd-journald.service
|
%systemd_postun_with_restart systemd-journald.service
|
||||||
%systemd_postun_with_restart systemd-networkd.service
|
|
||||||
%systemd_postun_with_restart systemd-timesyncd.service
|
%systemd_postun_with_restart systemd-timesyncd.service
|
||||||
|
%if %{with networkd}
|
||||||
|
%systemd_postun_with_restart systemd-networkd.service
|
||||||
|
%endif
|
||||||
|
%if %{with resolved}
|
||||||
%systemd_postun_with_restart systemd-resolved.service
|
%systemd_postun_with_restart systemd-resolved.service
|
||||||
|
%endif
|
||||||
|
|
||||||
%pretrans -n udev%{?mini} -p <lua>
|
%pretrans -n udev%{?mini} -p <lua>
|
||||||
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
||||||
@ -773,12 +793,6 @@ if [ $1 -eq 1 ]; then
|
|||||||
echo "COMPAT_SYMLINK_GENERATION=2">/usr/lib/udev/compat-symlink-generation
|
echo "COMPAT_SYMLINK_GENERATION=2">/usr/lib/udev/compat-symlink-generation
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create "tape"/"input" group which is referenced by some udev rules
|
|
||||||
# that we're shipping. FIXME: maybe we should consider using
|
|
||||||
# "sysusers_create basic.conf" instead ?
|
|
||||||
getent group tape >/dev/null || groupadd -r tape || :
|
|
||||||
getent group input >/dev/null || groupadd -r input || :
|
|
||||||
|
|
||||||
%post -n udev%{?mini}
|
%post -n udev%{?mini}
|
||||||
%udev_hwdb_update
|
%udev_hwdb_update
|
||||||
|
|
||||||
|
@ -5,8 +5,7 @@ if [ "$UID" != "0" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
declare -A results_runlevel
|
declare -A results_target
|
||||||
declare -A results_priority
|
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
cat << EOF
|
cat << EOF
|
||||||
@ -33,75 +32,30 @@ EOF
|
|||||||
}
|
}
|
||||||
|
|
||||||
find_service() {
|
find_service() {
|
||||||
local service
|
local service=$1
|
||||||
local runlevel
|
local rcnd=$2
|
||||||
declare -i priority
|
|
||||||
|
|
||||||
service=$1
|
case $rcnd in
|
||||||
runlevel=$2
|
boot.d) [ -L /etc/rc.d/$rcnd/S??boot.$service ] ;;
|
||||||
priority=-1
|
*) [ -L /etc/rc.d/$rcnd/S??$service ]
|
||||||
|
esac
|
||||||
for l in $(ls /etc/rc.d/rc$runlevel.d/) ; do
|
|
||||||
initscript=$(basename $l)
|
|
||||||
if [ ${initscript:0:1} != "S" -o ${initscript:3} != "$service" ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if [ ${initscript:1:2} -ge 0 -a ${initscript:1:2} -le 99 -a ${initscript:1:2} -ge $priority ]; then
|
|
||||||
if [ ${initscript:1:1} == 0 ]; then
|
|
||||||
priority=${initscript:2:1}
|
|
||||||
else
|
|
||||||
priority=${initscript:1:2}
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
if [ $priority -ge 0 ]; then
|
|
||||||
return $priority
|
|
||||||
fi
|
|
||||||
return 255
|
|
||||||
}
|
}
|
||||||
|
|
||||||
lookup_database() {
|
lookup_database() {
|
||||||
local services
|
local services=$@
|
||||||
local service
|
local service
|
||||||
local service_file
|
|
||||||
local runlevel
|
local runlevel
|
||||||
local priority
|
local priority
|
||||||
local -i k
|
|
||||||
declare -a parsed
|
|
||||||
|
|
||||||
services=$@
|
# 'priority' field is not used but is kept for backward compat
|
||||||
k=0
|
# reason.
|
||||||
results_runlevel=()
|
while read service runlevel priority; do
|
||||||
results_priority=()
|
|
||||||
|
|
||||||
while read line ; do
|
|
||||||
k+=1
|
|
||||||
parsed=($line)
|
|
||||||
service=${parsed[0]}
|
|
||||||
runlevel=${parsed[1]}
|
|
||||||
priority=${parsed[2]}
|
|
||||||
if [ $runlevel -lt 2 -o $runlevel -gt 5 ]; then
|
|
||||||
echo "Runlevel out of bounds in database line $k. Ignoring" >/dev/stderr
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if [ $priority -lt 0 -o $priority -gt 99 ]; then
|
|
||||||
echo "Priority out of bounds in database line $k. Ignoring" >/dev/stderr
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
declare -i found
|
|
||||||
found=0
|
|
||||||
for s in $services ; do
|
for s in $services ; do
|
||||||
if [ $s == $service ]; then
|
if [ $s == $service ]; then
|
||||||
found=1
|
results_target[$service]+=" runlevel$runlevel.target"
|
||||||
continue
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ $found -eq 0 ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
results_runlevel[$service]+=" $runlevel"
|
|
||||||
results_priority[$service]+=" $priority"
|
|
||||||
done < /var/lib/systemd/sysv-convert/database
|
done < /var/lib/systemd/sysv-convert/database
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -114,16 +68,19 @@ case "$1" in
|
|||||||
--save)
|
--save)
|
||||||
shift
|
shift
|
||||||
for service in $@ ; do
|
for service in $@ ; do
|
||||||
if [ ! -r "/etc/init.d/$service" ]; then
|
if [ ! -r /etc/init.d/$service ] && [ ! -r /etc/init.d/boot.$service ]; then
|
||||||
echo "SysV service $service does not exist, skipping"
|
echo "SysV service $service does not exist, skipping"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
for runlevel in 2 3 4 5; do
|
for rcnd in rc2.d rc3.d rc4.d rc5.d boot.d; do
|
||||||
find_service $service $runlevel
|
case $rcnd in
|
||||||
priority=$?
|
rc*.d) runlevel=${rcnd:2:1} ;;
|
||||||
if [ $priority -lt 255 ]; then
|
boot.d) runlevel=3 ;;
|
||||||
echo "$service $runlevel $priority" >>/var/lib/systemd/sysv-convert/database
|
esac
|
||||||
fi
|
|
||||||
|
# Write a dumb priority as it is not used.
|
||||||
|
find_service $service $rcnd &&
|
||||||
|
echo "$service $runlevel 50" >>/var/lib/systemd/sysv-convert/database
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
@ -132,17 +89,13 @@ case "$1" in
|
|||||||
services=$@
|
services=$@
|
||||||
lookup_database $services
|
lookup_database $services
|
||||||
for service in $services; do
|
for service in $services; do
|
||||||
if [ -z "${results_runlevel[$service]}" ]; then
|
if [ -z "${results_target[$service]}" ]; then
|
||||||
echo No information found about service $service found. >/dev/stderr
|
echo "No information about service $service found." >/dev/stderr
|
||||||
let fail++
|
let fail++
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
declare -i count
|
for target in ${results_target[$service]}; do
|
||||||
count=0
|
echo "SysV service '$service' is pulled by $target"
|
||||||
priority=(${results_priority[$service]})
|
|
||||||
for runlevel in ${results_runlevel[$service]}; do
|
|
||||||
echo SysV service $service enabled in runlevel $runlevel at priority ${priority[$count]}
|
|
||||||
count+=1
|
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
@ -170,16 +123,16 @@ case "$1" in
|
|||||||
if [ -e /var/lib/systemd/sysv-convert/database ]; then
|
if [ -e /var/lib/systemd/sysv-convert/database ]; then
|
||||||
lookup_database $services
|
lookup_database $services
|
||||||
for service in $services; do
|
for service in $services; do
|
||||||
[ -f "/lib/systemd/system/$service.service" ] && service_file="/lib/systemd/system/$service.service"
|
[ -f "/lib/systemd/system/$service.service" ] && unit="/lib/systemd/system/$service.service"
|
||||||
[ -f "/usr/lib/systemd/system/$service.service" ] && service_file="/usr/lib/systemd/system/$service.service"
|
[ -f "/usr/lib/systemd/system/$service.service" ] && unit="/usr/lib/systemd/system/$service.service"
|
||||||
|
|
||||||
# If $service is not present in the database,
|
# If $service is not present in the database,
|
||||||
# then it simply means that the sysv init
|
# then it simply means that the sysv init
|
||||||
# service was not enabled at all.
|
# service was not enabled at all.
|
||||||
for runlevel in ${results_runlevel[$service]}; do
|
for target in ${results_target[$service]}; do
|
||||||
echo ln -sf $service_file /etc/systemd/system/runlevel$runlevel.target.wants/$service.service >/dev/stderr
|
echo ln -sf $unit /etc/systemd/system/$target.wants/$service.service >/dev/stderr
|
||||||
mkdir -p "/etc/systemd/system/runlevel$runlevel.target.wants"
|
mkdir -p "/etc/systemd/system/$target.wants"
|
||||||
/bin/ln -sf $service_file /etc/systemd/system/runlevel$runlevel.target.wants/$service.service
|
/bin/ln -sf $unit /etc/systemd/system/$target.wants/$service.service
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -1,3 +1,69 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 7 08:19:41 UTC 2017 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Edit pkgconfig(liblz4) dependency: liblz4 now uses 1.x *again*
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
|
||||||
|
|
||||||
|
Temporary patch to disable the session keyring stuff as it's
|
||||||
|
currently broken and may introduce some security holes.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Import commit 21827ea0875ff197e16e72003b2bfaa1c6e8daad
|
||||||
|
|
||||||
|
1ad06735f core: fail when syntactically invalid values for User=/Group= fields are detected (bsc#1047023)
|
||||||
|
d563972e2 timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly
|
||||||
|
f4e0c16f5 gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)
|
||||||
|
e1345aac5 fix add_esp() in the gpt-auto-generator.c (#6251)
|
||||||
|
c591ece9a automount: don't lstat(2) upon umount request (#6086) (bsc#1040968)
|
||||||
|
643ab2eea gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab
|
||||||
|
f07d2022f fstab-util: introduce fstab_has_fstype() helper
|
||||||
|
bf735bb35 fstab-util: don't eat up errors in fstab_is_mount_point()
|
||||||
|
a4b40fbed resolved: simplify alloc size calculation (bsc#1045290 CVE-2017-9445)
|
||||||
|
8b960bec0 only check signature job error if signature job exists (#6118) (boo#1043758)
|
||||||
|
1418bfb5b job: Ensure JobRunningTimeoutSec= survives serialization (#6128) (bsc#1004995)
|
||||||
|
19b6d5f08 udev: turn off -Wformat-nonliteral for one safe case
|
||||||
|
717ace439 udev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933)
|
||||||
|
a3bf2e6b5 core/mount: pass "-c" flag to /bin/umount (#6093)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 5 07:15:17 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Add minimal support for boot.d/* scripts in systemd-sysv-convert (boo#1046750)
|
||||||
|
|
||||||
|
While at it, the handling of the symlink priorities is also removed
|
||||||
|
since it doesn't appear to be used at all.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 22 15:24:22 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't try to restart networkd/resolved if they're disabled (boo#1045521)
|
||||||
|
|
||||||
|
"systemctl try-restart/preset" wants the unit files exist.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 22 13:50:46 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Stop shipping /usr/lib/sysusers.d/basic.conf (bsc#1006978)
|
||||||
|
|
||||||
|
Ok looks like the previous change was the right thing to do and we
|
||||||
|
continue to follow this path by relying on the new user/group scheme
|
||||||
|
|
||||||
|
Therefore the basic system user/group are now managed and created by
|
||||||
|
system-sysusers and udev also relies on this for the groups it uses
|
||||||
|
in its rule files.
|
||||||
|
|
||||||
|
Ideally we should have listed all of the groups in the deps (with
|
||||||
|
"Requires: group(disk)" but the list of the groups is rather long
|
||||||
|
and the risk for those groups to be re-organized is probably low, so
|
||||||
|
currently we simply use "Requires: system-group-hardware" as a
|
||||||
|
shortcut.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com
|
Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
@ -11,7 +77,7 @@ Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com
|
|||||||
package isn't pulled in anymore when building the rescue system.
|
package isn't pulled in anymore when building the rescue system.
|
||||||
|
|
||||||
For now make systemd creates the group by adding
|
For now make systemd creates the group by adding
|
||||||
"Requires: group(post)".
|
"Requires: group(lock)".
|
||||||
|
|
||||||
I'm currently not sure why we don't use sysusers.d stuff for that
|
I'm currently not sure why we don't use sysusers.d stuff for that
|
||||||
purpose and if the "lock" group on /run/lock is still
|
purpose and if the "lock" group on /run/lock is still
|
||||||
|
36
systemd.spec
36
systemd.spec
@ -81,7 +81,7 @@ BuildRequires: suse-module-tools >= 12.4
|
|||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: pkgconfig(blkid) >= 2.26
|
BuildRequires: pkgconfig(blkid) >= 2.26
|
||||||
BuildRequires: pkgconfig(libkmod) >= 15
|
BuildRequires: pkgconfig(libkmod) >= 15
|
||||||
BuildRequires: pkgconfig(liblz4) >= 125
|
BuildRequires: pkgconfig(liblz4)
|
||||||
BuildRequires: pkgconfig(liblzma)
|
BuildRequires: pkgconfig(liblzma)
|
||||||
BuildRequires: pkgconfig(libpci) >= 3
|
BuildRequires: pkgconfig(libpci) >= 3
|
||||||
BuildRequires: pkgconfig(libpcre)
|
BuildRequires: pkgconfig(libpcre)
|
||||||
@ -153,6 +153,14 @@ Source14: kbd-model-map.legacy
|
|||||||
|
|
||||||
Source1065: udev-remount-tmpfs
|
Source1065: udev-remount-tmpfs
|
||||||
|
|
||||||
|
# Patches listed in here are really special cases. Normally all
|
||||||
|
# changes must go to upstream first and then are cherry-picked in the
|
||||||
|
# SUSE git repository. But in very few cases, some stuff might be
|
||||||
|
# broken in upstream and need an urgent fix. Even in this case, the
|
||||||
|
# patches are temporary and should be removed as soon as a fix is
|
||||||
|
# merged by upstream.
|
||||||
|
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Systemd is a system and service manager, compatible with SysV and LSB
|
Systemd is a system and service manager, compatible with SysV and LSB
|
||||||
init scripts for Linux. systemd provides aggressive parallelization
|
init scripts for Linux. systemd provides aggressive parallelization
|
||||||
@ -223,9 +231,8 @@ Summary: A rule-based device node and kernel event manager
|
|||||||
License: GPL-2.0
|
License: GPL-2.0
|
||||||
Group: System/Kernel
|
Group: System/Kernel
|
||||||
Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html
|
Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html
|
||||||
|
Requires: system-group-hardware
|
||||||
Requires(pre): /usr/bin/stat
|
Requires(pre): /usr/bin/stat
|
||||||
Requires(pre): /usr/sbin/groupadd
|
|
||||||
Requires(pre): /usr/bin/getent
|
|
||||||
Requires(post): sed
|
Requires(post): sed
|
||||||
Requires(post): /usr/bin/systemctl
|
Requires(post): /usr/bin/systemctl
|
||||||
|
|
||||||
@ -397,6 +404,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n systemd-%{version}
|
%setup -q -n systemd-%{version}
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
# only needed for bootstrap
|
# only needed for bootstrap
|
||||||
%if 0%{?bootstrap}
|
%if 0%{?bootstrap}
|
||||||
@ -528,6 +536,10 @@ rm %{buildroot}%{_libexecdir}/systemd/libsystemd-shared.so
|
|||||||
# aaa_base (in procps for now)
|
# aaa_base (in procps for now)
|
||||||
rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf
|
rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf
|
||||||
|
|
||||||
|
# The definition of the basic users/groups are defined by system-user
|
||||||
|
# on SUSE (bsc#1006978).
|
||||||
|
rm -f %{buildroot}%{_prefix}/lib/sysusers.d/basic.conf
|
||||||
|
|
||||||
# Remove README file in init.d as (SUSE) rpm requires executable files
|
# Remove README file in init.d as (SUSE) rpm requires executable files
|
||||||
# in this directory... oh well.
|
# in this directory... oh well.
|
||||||
rm -f %{buildroot}/etc/init.d/README
|
rm -f %{buildroot}/etc/init.d/README
|
||||||
@ -680,10 +692,14 @@ if [ $1 -eq 1 ]; then
|
|||||||
# unit.
|
# unit.
|
||||||
systemctl preset remote-fs.target || :
|
systemctl preset remote-fs.target || :
|
||||||
systemctl preset getty@.service || :
|
systemctl preset getty@.service || :
|
||||||
|
systemctl preset systemd-timesyncd.service || :
|
||||||
|
%if %{with networkd}
|
||||||
systemctl preset systemd-networkd.service || :
|
systemctl preset systemd-networkd.service || :
|
||||||
systemctl preset systemd-networkd-wait-online.service || :
|
systemctl preset systemd-networkd-wait-online.service || :
|
||||||
systemctl preset systemd-timesyncd.service || :
|
%endif
|
||||||
|
%if %{with resolved}
|
||||||
systemctl preset systemd-resolved.service || :
|
systemctl preset systemd-resolved.service || :
|
||||||
|
%endif
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
# since v207 /etc/sysctl.conf is no longer parsed, however
|
# since v207 /etc/sysctl.conf is no longer parsed, however
|
||||||
@ -743,9 +759,13 @@ fi
|
|||||||
%systemd_postun
|
%systemd_postun
|
||||||
# Avoid restarting logind until fixed upstream (issue #1163)
|
# Avoid restarting logind until fixed upstream (issue #1163)
|
||||||
%systemd_postun_with_restart systemd-journald.service
|
%systemd_postun_with_restart systemd-journald.service
|
||||||
%systemd_postun_with_restart systemd-networkd.service
|
|
||||||
%systemd_postun_with_restart systemd-timesyncd.service
|
%systemd_postun_with_restart systemd-timesyncd.service
|
||||||
|
%if %{with networkd}
|
||||||
|
%systemd_postun_with_restart systemd-networkd.service
|
||||||
|
%endif
|
||||||
|
%if %{with resolved}
|
||||||
%systemd_postun_with_restart systemd-resolved.service
|
%systemd_postun_with_restart systemd-resolved.service
|
||||||
|
%endif
|
||||||
|
|
||||||
%pretrans -n udev%{?mini} -p <lua>
|
%pretrans -n udev%{?mini} -p <lua>
|
||||||
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
||||||
@ -771,12 +791,6 @@ if [ $1 -eq 1 ]; then
|
|||||||
echo "COMPAT_SYMLINK_GENERATION=2">/usr/lib/udev/compat-symlink-generation
|
echo "COMPAT_SYMLINK_GENERATION=2">/usr/lib/udev/compat-symlink-generation
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create "tape"/"input" group which is referenced by some udev rules
|
|
||||||
# that we're shipping. FIXME: maybe we should consider using
|
|
||||||
# "sysusers_create basic.conf" instead ?
|
|
||||||
getent group tape >/dev/null || groupadd -r tape || :
|
|
||||||
getent group input >/dev/null || groupadd -r input || :
|
|
||||||
|
|
||||||
%post -n udev%{?mini}
|
%post -n udev%{?mini}
|
||||||
%udev_hwdb_update
|
%udev_hwdb_update
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user