From c939ecec0c9218dd9c95663abdc31e5e149565813b00894c014a2e3ade8cc586 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Fri, 4 Sep 2020 06:47:46 +0000 Subject: [PATCH] - Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446) See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for details. Now that the number of SUSE specific patches has been shrinked and is pretty low (12 at the time of this writing), they are no more tracked by the git repo and are now handled at the package level. Hence It is easier to maintain and identify them. This effectively means that SUSE/v246 will contain upstream commits only. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1113 --- ...and-var-lock-bind-mount-if-they-aren.patch | 80 +++++++++++ ...ering-startup-for-etc-init.d-boot.lo.patch | 27 ++++ ...-part-from-etc-hostname-when-setting.patch | 43 ++++++ ...-exclude-statements-based-on-file-ow.patch | 124 ++++++++++++++++++ ...ult-symlinks-for-primary-cd_dvd-driv.patch | 29 ++++ ...dd-back-support-for-SysV-scripts-for.patch | 123 +++++++++++++++++ ...twork.service-an-alias-of-systemd-ne.patch | 29 ++++ ...ranslate-Required-Start-into-a-Wants.patch | 73 +++++++++++ ...ole-specificities-weirdness-for-s390.patch | 60 +++++++++ ...-audit-support-completely-from-the-j.patch | 80 +++++++++++ ...sion-keyring-per-system-sevice-entir.patch | 45 +++++++ ...e-etc-resolv.conf-symlink-at-runtime.patch | 53 ++++++++ systemd-mini.changes | 14 ++ systemd-mini.spec | 41 ++++-- systemd-v245.7+suse.51.ga4e393eecb.tar.xz | 3 - systemd-v246.4+suse.20.gf1344d5b7f.tar.xz | 3 + systemd.changes | 14 ++ systemd.spec | 41 ++++-- 18 files changed, 861 insertions(+), 21 deletions(-) create mode 100644 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch create mode 100644 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch create mode 100644 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch create mode 100644 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch create mode 100644 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch create mode 100644 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch create mode 100644 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch create mode 100644 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch create mode 100644 0009-pid1-handle-console-specificities-weirdness-for-s390.patch create mode 100644 0010-journald-disable-audit-support-completely-from-the-j.patch create mode 100644 0011-core-disable-session-keyring-per-system-sevice-entir.patch create mode 100644 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch delete mode 100644 systemd-v245.7+suse.51.ga4e393eecb.tar.xz create mode 100644 systemd-v246.4+suse.20.gf1344d5b7f.tar.xz diff --git a/0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch b/0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch new file mode 100644 index 0000000..dfc696e --- /dev/null +++ b/0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch @@ -0,0 +1,80 @@ +From f98af900e625b15862f9173a5c55662d4cee7356 Mon Sep 17 00:00:00 2001 +From: Frederic Crozat +Date: Mon, 29 Oct 2012 13:01:20 +0000 +Subject: [PATCH 01/12] restore /var/run and /var/lock bind mount if they + aren't symlink + +--- + units/meson.build | 2 ++ + units/var-lock.mount | 19 +++++++++++++++++++ + units/var-run.mount | 19 +++++++++++++++++++ + 3 files changed, 40 insertions(+) + create mode 100644 units/var-lock.mount + create mode 100644 units/var-run.mount + +diff --git a/units/meson.build b/units/meson.build +index 275daad3f4..dadc9432ef 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -150,6 +150,8 @@ units = [ + ['umount.target', ''], + ['usb-gadget.target', ''], + ['user.slice', ''], ++ ['var-run.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'], ++ ['var-lock.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'], + ['var-lib-machines.mount', 'ENABLE_MACHINED', + 'remote-fs.target.wants/ machines.target.wants/'], + ] +diff --git a/units/var-lock.mount b/units/var-lock.mount +new file mode 100644 +index 0000000000..07277adac3 +--- /dev/null ++++ b/units/var-lock.mount +@@ -0,0 +1,19 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Lock Directory ++Before=local-fs.target ++# skip mounting if the directory does not exist or is a symlink ++ConditionPathIsDirectory=/var/lock ++ConditionPathIsSymbolicLink=!/var/lock ++ ++[Mount] ++What=/run/lock ++Where=/var/lock ++Type=bind ++Options=bind +diff --git a/units/var-run.mount b/units/var-run.mount +new file mode 100644 +index 0000000000..ab4da424c9 +--- /dev/null ++++ b/units/var-run.mount +@@ -0,0 +1,19 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Runtime Directory ++Before=local-fs.target ++# skip mounting if the directory does not exist or is a symlink ++ConditionPathIsDirectory=/var/run ++ConditionPathIsSymbolicLink=!/var/run ++ ++[Mount] ++What=/run ++Where=/var/run ++Type=bind ++Options=bind +-- +2.26.2 + diff --git a/0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch b/0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch new file mode 100644 index 0000000..352b252 --- /dev/null +++ b/0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch @@ -0,0 +1,27 @@ +From 59f2eadb29ac38803fd32fe52f1403343a7d74ac Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Tue, 25 Mar 2014 13:08:56 +0000 +Subject: [PATCH 02/12] rc-local: fix ordering startup for + /etc/init.d/boot.local + +[tblume: fixes bnc#869142] +--- + units/rc-local.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/rc-local.service.in b/units/rc-local.service.in +index 78ce69e0ae..0bcea82bed 100644 +--- a/units/rc-local.service.in ++++ b/units/rc-local.service.in +@@ -13,7 +13,7 @@ + Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility + Documentation=man:systemd-rc-local-generator(8) + ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@ +-After=network.target ++After=basic.target + + [Service] + Type=forking +-- +2.26.2 + diff --git a/0003-strip-the-domain-part-from-etc-hostname-when-setting.patch b/0003-strip-the-domain-part-from-etc-hostname-when-setting.patch new file mode 100644 index 0000000..5e9a1df --- /dev/null +++ b/0003-strip-the-domain-part-from-etc-hostname-when-setting.patch @@ -0,0 +1,43 @@ +From f299a8180f1db0680b454c0e37696891361e3067 Mon Sep 17 00:00:00 2001 +From: Frederic Crozat +Date: Tue, 28 May 2013 15:17:35 +0200 +Subject: [PATCH 03/12] strip the domain part from /etc/hostname when setting + system host name + +[fbui: fixes bnc#820213] +[fbui: forwardported from bfd2462b8ddec591d953841ab22bb30bdc6f9085] +[fbui: adjust context and make sure that strip of the domain name is + only done when setting the system host name. Therefore it's + still possible to pass an FQDN to hostnamectl] +[fbui: I'm still not sure that it was the right thing to do. Other + possibility was to fix the installer to create a correct + /etc/hostname file. Need to investigate...] +--- + src/core/hostname-setup.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/core/hostname-setup.c b/src/core/hostname-setup.c +index 6d047db838..1acc0c998b 100644 +--- a/src/core/hostname-setup.c ++++ b/src/core/hostname-setup.c +@@ -39,8 +39,16 @@ int hostname_setup(void) { + enoent = true; + else + log_warning_errno(r, "Failed to read configured hostname: %m"); +- } else ++ } else { ++ char *domain; ++ ++ /* SUSE: strip the domain name */ ++ domain = strchr(b, '.'); ++ if (domain) ++ *domain = '\0'; ++ + hn = b; ++ } + } + + if (isempty(hn)) { +-- +2.26.2 + diff --git a/0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch b/0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch new file mode 100644 index 0000000..570f2c9 --- /dev/null +++ b/0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch @@ -0,0 +1,124 @@ +From b46d43bf980afe13cfff39fc2876aed10f33db1d Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Thu, 14 Apr 2016 15:42:02 +0200 +Subject: [PATCH 04/12] tmpfiles: support exclude statements based on file + ownership + +SUSE supported tmpfile cleanups based on file ownership before systemd. +So this feature needs to be available in systemd. +This was part of fate#314974 + +[tblume: suse-only patch ported from SLES12-SP1 commit e769a63907ae4b] +[tblume: part of fate#314974] +--- + man/tmpfiles.d.xml | 4 +++- + src/tmpfiles/tmpfiles.c | 49 ++++++++++++++++++++++++++++++++--------- + 2 files changed, 42 insertions(+), 11 deletions(-) + +diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml +index b9e9eee96c..b90ae01345 100644 +--- a/man/tmpfiles.d.xml ++++ b/man/tmpfiles.d.xml +@@ -605,7 +605,9 @@ w- /proc/sys/vm/swappiness - - - - 10 + suffixed by a newline. For C, specifies the source file or directory. For t + and T, determines extended attributes to be set. For a and + A, determines ACL attributes to be set. For h and H, +- determines the file attributes to set. Ignored for all other lines. ++ determines the file attributes to set. For x and X a comma separated list ++ of usernames. If given, only paths belonging to these users will be excluded during directory cleanup. Ignored ++ for all other lines. + + This field can contain specifiers, see below. + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 2404e36bf2..349653c786 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -14,6 +14,8 @@ + #include + #include + #include ++#include ++#include + + #include "sd-path.h" + +@@ -505,6 +507,7 @@ static int dir_cleanup( + struct stat s; + usec_t age; + _cleanup_free_ char *sub_path = NULL; ++ Item *found; + + if (dot_or_dot_dot(dent->d_name)) + continue; +@@ -546,15 +549,41 @@ static int dir_cleanup( + goto finish; + } + +- /* Is there an item configured for this path? */ +- if (ordered_hashmap_get(items, sub_path)) { +- log_debug("Ignoring \"%s\": a separate entry exists.", sub_path); +- continue; +- } ++ /* evaluate username arguments in ignore statements */ ++ found = find_glob(globs, sub_path); + +- if (find_glob(globs, sub_path)) { +- log_debug("Ignoring \"%s\": a separate glob exists.", sub_path); +- continue; ++ if (i->type == CREATE_DIRECTORY && found && found->argument) { ++ struct passwd *pw; ++ char *userfound = NULL, *args = strdup(found->argument); ++ bool match = false; ++ ++ while ((userfound = strsep(&args, ","))) { ++ pw = getpwnam(userfound); ++ ++ if (pw) { ++ if (s.st_uid == pw->pw_uid) { ++ match = true; ++ break; ++ } ++ } ++ } ++ ++ if (match) { ++ log_debug("Ignoring \"%s\" of user \"%s\".", sub_path, pw->pw_name); ++ match=false; ++ continue; ++ } ++ } else { ++ /* Is there an item configured for this path? */ ++ if (ordered_hashmap_get(items, sub_path)) { ++ log_debug("Ignoring \"%s\": a separate entry exists.", sub_path); ++ continue; ++ } ++ ++ if (found) { ++ log_debug("Ignoring \"%s\": a separate glob exists.", sub_path); ++ continue; ++ } + } + + if (S_ISDIR(s.st_mode)) { +@@ -2637,8 +2666,6 @@ static int parse_line( + case EMPTY_DIRECTORY: + case TRUNCATE_DIRECTORY: + case CREATE_FIFO: +- case IGNORE_PATH: +- case IGNORE_DIRECTORY_PATH: + case REMOVE_PATH: + case RECURSIVE_REMOVE_PATH: + case ADJUST_MODE: +@@ -2649,6 +2676,8 @@ static int parse_line( + + break; + ++ case IGNORE_PATH: ++ case IGNORE_DIRECTORY_PATH: + case CREATE_FILE: + case TRUNCATE_FILE: + break; +-- +2.26.2 + diff --git a/0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch b/0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch new file mode 100644 index 0000000..b37a8ac --- /dev/null +++ b/0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch @@ -0,0 +1,29 @@ +From 8e95d5534e9a577529ac49aaec610e6ceefec0b9 Mon Sep 17 00:00:00 2001 +From: Robert Milasan +Date: Sat, 12 Jul 2014 14:20:36 +0200 +Subject: [PATCH 05/12] udev: create default symlinks for primary cd_dvd drive + +Imported from SLE12-SP1, commit 4f8bacfbffd7049608b5076. + +[rmilasan: fixes bnc#783054] +--- + rules.d/60-cdrom_id.rules | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/rules.d/60-cdrom_id.rules b/rules.d/60-cdrom_id.rules +index 288f8ce2f9..578c77441c 100644 +--- a/rules.d/60-cdrom_id.rules ++++ b/rules.d/60-cdrom_id.rules +@@ -25,5 +25,9 @@ IMPORT{program}="cdrom_id --lock-media $devnode" + ENV{DISK_MEDIA_CHANGE}=="?*", ENV{ID_CDROM_MEDIA}!="?*", ENV{SYSTEMD_READY}="0" + + KERNEL=="sr0", SYMLINK+="cdrom", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM}=="1", SYMLINK+="cdrom", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM_CD_RW}=="1", SYMLINK+="cdrw", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM_DVD}=="1", SYMLINK+="dvd", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM_DVD_RW}=="1", SYMLINK+="dvdrw", OPTIONS+="link_priority=-100" + + LABEL="cdrom_end" +-- +2.26.2 + diff --git a/0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch b/0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch new file mode 100644 index 0000000..53c44dd --- /dev/null +++ b/0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch @@ -0,0 +1,123 @@ +From f9521480d5dc5af747fecc9adc4c617e473e5494 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 26 May 2016 08:59:41 +0200 +Subject: [PATCH 06/12] sysv-generator: add (back) support for SysV scripts for + the early boot + +For the record, the upstream support was removed by commit +3cdebc217c42c8529086f2965319b6a48eaaeabe. + +The sysv-generator has some weirdos: for example a service at the rc0 +runlevel won't be started during shutdown since it will get both +"WantedBy=poweroff.target" and "Conflicts=shutdown.target". + +Anyways what's the current patch implements the following: + + - a symlink /etc/init.d/boot.d/S??boot.foo will add + "WantedBy/Before=sysinit.target" constraints and make sure that the + default dependencies added by systemd are turned off. + + - a symlink /etc/init.d/boot.d/K??boot.foo will add + "Conflicts/Before=shutdown.target" so "foo" service will be stopped + like any other regular services. If this symlink is not installed + however, "foo" will be stopped lately during the systemd killing + spree. + +This is a forward-port of commit 29db8537e1ca10796797d9854d1 in SP1. + +[Since v232] + +Support for S* symlinks in runlevel 0 or 6 has been completely and silently +removed by 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f. Since it was already +broken as pointed out above, this probably wasn't really used and therefore +no one will really care. So let's drop it too. + +However this has the side effect to make the support of early sysv scripts more +difficult. To make things easy, the support of K* symlinks in boot.d/ has been +removed too: this is probably not used (anymore) (at least intentionally). + +The consequence is that early sysv services are stopped during shutdown at +the same time as 'normal' services. +--- + src/sysv-generator/sysv-generator.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index a2c72d1009..1c01008967 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -31,6 +31,9 @@ static const struct { + const char *path; + const char *target; + } rcnd_table[] = { ++ /* SUSE style boot.d */ ++ { "boot.d", SPECIAL_SYSINIT_TARGET }, ++ + /* Standard SysV runlevels for start-up */ + { "rc1.d", SPECIAL_RESCUE_TARGET }, + { "rc2.d", SPECIAL_MULTI_USER_TARGET }, +@@ -57,6 +60,7 @@ typedef struct SysvStub { + bool has_lsb; + bool reload; + bool loaded; ++ bool early; + } SysvStub; + + static void free_sysvstub(SysvStub *s) { +@@ -147,6 +151,12 @@ static int generate_unit_file(SysvStub *s) { + fprintf(f, "Description=%s\n", t); + } + ++ if (s->early) { ++ fprintf(f, "DefaultDependencies=no\n"); ++ fprintf(f, "Conflicts=%s\n", SPECIAL_SHUTDOWN_TARGET); ++ fprintf(f, "Before=%s\n", SPECIAL_SHUTDOWN_TARGET); ++ } ++ + STRV_FOREACH(p, s->before) + fprintf(f, "Before=%s\n", *p); + STRV_FOREACH(p, s->after) +@@ -213,6 +223,10 @@ static char *sysv_translate_name(const char *name) { + _cleanup_free_ char *c = NULL; + char *res; + ++ if (startswith(name, "boot.")) ++ /* Drop SuSE-style boot. prefix */ ++ name += 5; ++ + c = strdup(name); + if (!c) + return NULL; +@@ -289,6 +303,11 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + return 1; + } + ++ /* Strip "boot." prefix from file name for comparison (Suse specific) */ ++ e = startswith(filename, "boot."); ++ if (e) ++ filename += 5; ++ + /* Strip ".sh" suffix from file name for comparison */ + filename_no_sh = strdupa(filename); + e = endswith(filename_no_sh, ".sh"); +@@ -676,6 +695,9 @@ static int fix_order(SysvStub *s, Hashmap *all_services) { + if (other->sysv_start_priority < 0) + continue; + ++ if (s->early != other->early) ++ continue; ++ + /* If both units have modern headers we don't care + * about the priorities */ + if (s->has_lsb && other->has_lsb) +@@ -800,6 +822,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { + .sysv_start_priority = -1, + .name = TAKE_PTR(name), + .path = TAKE_PTR(fpath), ++ .early = !!startswith(de->d_name, "boot."), + }; + + r = hashmap_put(all_services, service->name, service); +-- +2.26.2 + diff --git a/0007-networkd-make-network.service-an-alias-of-systemd-ne.patch b/0007-networkd-make-network.service-an-alias-of-systemd-ne.patch new file mode 100644 index 0000000..c4fd62e --- /dev/null +++ b/0007-networkd-make-network.service-an-alias-of-systemd-ne.patch @@ -0,0 +1,29 @@ +From 0adc3f402aeeadd73a0977ca6a1bc65d3d4201c1 Mon Sep 17 00:00:00 2001 +From: Pawel Wieczorkiewicz +Date: Tue, 2 Jun 2015 13:33:24 +0000 +Subject: [PATCH 07/12] networkd: make network.service an alias of + systemd-networkd.service + +NetworkManager and wicked does this already. This is needed by yast2 +and other parts of the system. + +[fixes boo#933092] +--- + units/systemd-networkd.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in +index 2673146841..083a35b912 100644 +--- a/units/systemd-networkd.service.in ++++ b/units/systemd-networkd.service.in +@@ -50,6 +50,7 @@ User=systemd-network + + [Install] + WantedBy=multi-user.target ++Alias=network.service + Also=systemd-networkd.socket + Alias=dbus-org.freedesktop.network1.service + +-- +2.26.2 + diff --git a/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch b/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch new file mode 100644 index 0000000..d21fea5 --- /dev/null +++ b/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch @@ -0,0 +1,73 @@ +From a32292849ca2837f99d6801da26b8d8e401831c4 Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Wed, 4 May 2016 17:40:04 +0200 +Subject: [PATCH 08/12] sysv-generator: translate "Required-Start" into a + "Wants" dependency + +[tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch] + +[fbui: this is needed probably because insserv's behavior has been + sadly changed since SLE11: it now doesn't failed if a + dependency listed by Required-Start is missing.] + +[fbui: according to Werner "This should fix bnc#858864 and + bnc#857204." (see Base:System changelog)] +--- + src/sysv-generator/sysv-generator.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index 1c01008967..7a58be9287 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -258,6 +258,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + "remote_fs", SPECIAL_REMOTE_FS_TARGET, + "syslog", NULL, + "time", SPECIAL_TIME_SYNC_TARGET, ++ "all", SPECIAL_DEFAULT_TARGET, + }; + + const char *filename; +@@ -272,6 +273,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + + filename = basename(s->path); + ++ n = *name == '+' ? ++name : name; + n = *name == '$' ? name + 1 : name; + + for (i = 0; i < ELEMENTSOF(table); i += 2) { +@@ -408,7 +410,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text + + for (;;) { + _cleanup_free_ char *word = NULL, *m = NULL; +- bool is_before; ++ bool is_before, is_wanted; + + r = extract_first_word(&text, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RELAX); + if (r < 0) +@@ -421,6 +423,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text + continue; + + is_before = startswith_no_case(full_text, "X-Start-Before:"); ++ is_wanted = startswith_no_case(full_text, "Required-Start:"); + + if (streq(m, SPECIAL_NETWORK_ONLINE_TARGET) && !is_before) { + /* the network-online target is special, as it needs to be actively pulled in */ +@@ -429,8 +432,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text + return log_oom(); + + r = strv_extend(&s->wants, m); +- } else ++ } else { + r = strv_extend(is_before ? &s->before : &s->after, m); ++ ++ if (is_wanted) ++ r = strv_extend(&s->wants, m); ++ } ++ + if (r < 0) + return log_oom(); + } +-- +2.26.2 + diff --git a/0009-pid1-handle-console-specificities-weirdness-for-s390.patch b/0009-pid1-handle-console-specificities-weirdness-for-s390.patch new file mode 100644 index 0000000..e498447 --- /dev/null +++ b/0009-pid1-handle-console-specificities-weirdness-for-s390.patch @@ -0,0 +1,60 @@ +From 7fc80ccccaa6f7b98af8bcd899a97d561777ff94 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Fri, 10 Jun 2016 15:19:57 +0200 +Subject: [PATCH 09/12] pid1: handle console specificities/weirdness for s390 + arch + +The 3270 console on S/390 can do color but not the 3215 console. + +Partial forward port of +0001-On_s390_con3270_disable_ANSI_colour_esc.patch from SLE12-SP1. A +bunch of the previous code has been dropped since some changes +imported from upsteam made them uneeded. + +The remaining bits are probably hackish but at least they are now +minimal. + +It was an attempt to address bnc#860937. And yes turning the console +color mode off by passing $TERM=dumb via the kernel command line would +have been much more easier and enough. + +This is actually implemented by recent systemd. There's also another +command line option: systemd.log_color=off. + +See also a short discussion which happened on @systemd-maintainers +whose $subject is "[PATCH] support conmode setting on command line". + +[ fbui: fixes bsc#860937 ] +--- + src/basic/terminal-util.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c +index 6cacde90ba..1a03902acc 100644 +--- a/src/basic/terminal-util.c ++++ b/src/basic/terminal-util.c +@@ -780,7 +780,20 @@ bool tty_is_vc_resolve(const char *tty) { + } + + const char *default_term_for_tty(const char *tty) { +- return tty && tty_is_vc_resolve(tty) ? "linux" : "vt220"; ++ if (tty && tty_is_vc_resolve(tty)) ++ return "linux"; ++ ++#if defined (__s390__) || defined (__s390x__) ++ if (tty && tty_is_console(tty)) { ++ _cleanup_free_ char *mode = NULL; ++ ++ /* Simply return "dumb" in case of OOM. */ ++ (void) proc_cmdline_get_key("conmode", 0, &mode); ++ (void) proc_cmdline_value_missing("conmode", mode); ++ return streq_ptr(mode, "3270") ? "ibm327x" : "dumb"; ++ } ++#endif ++ return "vt220"; + } + + int fd_columns(int fd) { +-- +2.26.2 + diff --git a/0010-journald-disable-audit-support-completely-from-the-j.patch b/0010-journald-disable-audit-support-completely-from-the-j.patch new file mode 100644 index 0000000..a9d3bb6 --- /dev/null +++ b/0010-journald-disable-audit-support-completely-from-the-j.patch @@ -0,0 +1,80 @@ +From aeb4ca8cf65ee8f22cf7635fea2c501c015fc906 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Wed, 29 Jun 2016 17:55:35 +0200 +Subject: [PATCH 10/12] journald: disable audit support completely from the + journal + +This patch not only prevents journald to enable audit system +unconditionally very early at boot but also prevents it to receive +audit messages for the audit netlink and to push them into the +journal. + +The first reason is that when journald enables kernel audit, it does +not disable syscall audit (it doesn't load the audit rules), which +introduced a global performance hit. This can be minimized if audit +service is started but that's not the case for all systems. + +The second reason is that for systems where audit was disabled by +default they will suddenly have audit enabled (unless audit=0 was +already passed to the kernel command line). This means tons of audit +messages will be sent to dmesg, syslog, journal files, etc... + +Note also that audit messages are duplicated in the journal since they +are received both from kmsg and from the audit netlink. A related bug +report can be found here: +https://bugzilla.redhat.com/show_bug.cgi?id=1160046. + +This basically reverts the following upstream commits: + + - 875c2e220e2611165e09051c4747971811f1de58 + - 4d9ced9956755901238fede6fc5a3d7e4e816aa6 + +Upstream issue: +https://github.com/systemd/systemd/issues/959 + +So disable all of this for now until a better option is found or +someone comes up with a real use case. + +Also drop systemd-journald-audit.socket, indeed audit-logs-in-journal 'feature' +has been removed but the socket was still shipped and was statically +enabled. Therefore if auditd service was enabled, incoming messages could be +queued up to 128M and were never read (hence freed) by journald. + +[fbui: fixes bsc#984034] +[fbui: fixes bsc#1109252] +--- + src/journal/journald-server.c | 4 ++-- + units/meson.build | 2 -- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 5865bf9809..14934080cd 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2384,8 +2384,8 @@ int server_init(Server *s, const char *namespace) { + if (r < 0) + return r; + +- /* Unless we got *some* sockets and not audit, open audit socket */ +- if (s->audit_fd >= 0 || no_sockets) { ++ /* Suse: disable audit messages in journal entirely. */ ++ if (false && no_sockets) { + r = server_open_audit(s); + if (r < 0) + return r; +diff --git a/units/meson.build b/units/meson.build +index dadc9432ef..a31acd3b05 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -110,8 +110,6 @@ units = [ + 'sysinit.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], +- ['systemd-journald-audit.socket', '', +- 'sockets.target.wants/'], + ['systemd-journald-dev-log.socket', '', + 'sockets.target.wants/'], + ['systemd-journald.socket', '', +-- +2.26.2 + diff --git a/0011-core-disable-session-keyring-per-system-sevice-entir.patch b/0011-core-disable-session-keyring-per-system-sevice-entir.patch new file mode 100644 index 0000000..a3e1fac --- /dev/null +++ b/0011-core-disable-session-keyring-per-system-sevice-entir.patch @@ -0,0 +1,45 @@ +From e5b3d1d00bbdbcb168889699c462bf01b58062a5 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 6 Jul 2017 15:48:10 +0200 +Subject: [PATCH 11/12] core: disable session keyring per system sevice + entirely for now + +Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this +feature has to be disabled. + +openSUSE is still not ready for enabling the keyring stuff (see +bsc#1081947). Some services got fixed (sshd, getty@.service) but some still +haven't (xdm, login, ...) + +So leave it disabled again otherwise different users might end up using the +same session keyring - the one created for the service used for logging in +(sshd, getty@.service, xdm, etc...) + +The integration of pam_keyinit is tracked here: +https://bugzilla.opensuse.org/show_bug.cgi?id=1081947 + +See also: +https://github.com/systemd/systemd/pull/6286 + +[fbui: fixes boo#1045886] +--- + src/core/execute.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 2a4840a3a9..aefd4eaff1 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2779,6 +2779,9 @@ static int setup_keyring( + assert(context); + assert(p); + ++ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */ ++ return 0; ++ + /* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that + * each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond + * that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be +-- +2.26.2 + diff --git a/0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch new file mode 100644 index 0000000..a687aaa --- /dev/null +++ b/0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -0,0 +1,53 @@ +From 90d84a96aca84b39f6aabda048703dc7c0e79ef4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 11 Mar 2016 17:06:17 -0500 +Subject: [PATCH 12/12] resolved: create /etc/resolv.conf symlink at runtime + +If the symlink doesn't exists, and we are being started, let's +create it to provie name resolution. + +If it exists, do nothing. In particular, if it is a broken symlink, +we cannot really know if the administator configured it to point to +a location used by some service that hasn't started yet, so we +don't touch it in that case either. + +https://bugzilla.redhat.com/show_bug.cgi?id=1313085 +--- + src/resolve/resolved.c | 6 ++++++ + tmpfiles.d/etc.conf.m4 | 3 --- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c +index 16477f28d6..3922804039 100644 +--- a/src/resolve/resolved.c ++++ b/src/resolve/resolved.c +@@ -53,6 +53,12 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Cannot resolve user name %s: %m", user); + ++ /* As we're root, we can create /etc/resolv.conf symlink if it doesn't exist already */ ++ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); ++ if (r < 0 && errno != EEXIST) ++ log_warning_errno(errno, ++ "Could not create /etc/resolv.conf symlink: %m"); ++ + /* As we're root, we can create the directory where resolv.conf will live */ + r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE); + if (r < 0) +diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 +index f82e0b82ce..66a777bdb2 100644 +--- a/tmpfiles.d/etc.conf.m4 ++++ b/tmpfiles.d/etc.conf.m4 +@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts + m4_ifdef(`HAVE_SMACK_RUN_LABEL', + t /etc/mtab - - - - security.SMACK64=_ + )m4_dnl +-m4_ifdef(`ENABLE_RESOLVE', +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf +-)m4_dnl + C! /etc/nsswitch.conf - - - - + m4_ifdef(`HAVE_PAM', + C! /etc/pam.d - - - - +-- +2.26.2 + diff --git a/systemd-mini.changes b/systemd-mini.changes index 5ac5e11..371a059 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Sep 2 10:14:10 UTC 2020 - Franck Bui + +- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446) + + See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for + details. + + Now that the number of SUSE specific patches has been shrinked and + is pretty low (12 at the time of this writing), they are no more + tracked by the git repo and are now handled at the package + level. Hence It is easier to maintain and identify them. This + effectively means that SUSE/v246 will contain upstream commits only. + ------------------------------------------------------------------- Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt diff --git a/systemd-mini.spec b/systemd-mini.spec index 0d07841..1ba306f 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.51.ga4e393eecb +%define suse_version +suse.20.gf1344d5b7f %bcond_with gnuefi %if 0%{?bootstrap} @@ -55,7 +55,7 @@ Name: systemd-mini URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 245.7 +Version: 246.4 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -159,12 +159,29 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh Source101: scripts-systemd-upgrade-from-pre-210.sh Source102: scripts-systemd-migrate-sysconfig-i18n.sh -# Patches listed in here are put in quarantine. Normally all -# changes must go to upstream first and then are cherry-picked in the -# SUSE git repository. But in very few cases, some stuff might be -# broken in upstream and need an urgent fix. Even in this case, the -# patches are temporary and should be removed as soon as a fix is -# merged by upstream. +# Patches listed below are SUSE specific and should be kept at its +# minimum. We try hard to push our changes to upstream but sometimes +# they are only relevant for SUSE distros. Special rewards for those +# who will manage to get rid of one of them ! +Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch +Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch +Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch +Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch +Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch +Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch +Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch +Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch +Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch +Patch10: 0010-journald-disable-audit-support-completely-from-the-j.patch +Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch +Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch + +# Patches listed below are put in quarantine. Normally all changes +# must go to upstream first and then are cherry-picked in the SUSE git +# repository. But in very few cases, some stuff might be broken in +# upstream and need an urgent fix. Even in this case, the patches are +# temporary and should be removed as soon as a fix is merged by +# upstream. %description Systemd is a system and service manager, compatible with SysV and LSB @@ -604,8 +621,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff +%if %{with sysvcompat} ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel +%endif # Make sure we don't ship static enablement symlinks in /etc during # installation, presets should be honoured instead. @@ -1282,7 +1301,7 @@ fi %{_mandir}/man7/[bdfks]* %{_mandir}/man8/kern* %{_mandir}/man8/pam_* -%{_mandir}/man8/systemd-[a-gik-tv]* +%{_mandir}/man8/systemd-[a-gik-tvx]* %{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-u[ps]* @@ -1359,15 +1378,19 @@ fi /sbin/halt /sbin/shutdown /sbin/poweroff +%if %{with sysvcompat} /sbin/telinit /sbin/runlevel +%endif %{_sbindir}/init %{_sbindir}/reboot %{_sbindir}/halt %{_sbindir}/shutdown %{_sbindir}/poweroff +%if %{with sysvcompat} %{_sbindir}/telinit %{_sbindir}/runlevel +%endif %if ! 0%{?bootstrap} %{_mandir}/man1/init.1* %{_mandir}/man8/halt.8* diff --git a/systemd-v245.7+suse.51.ga4e393eecb.tar.xz b/systemd-v245.7+suse.51.ga4e393eecb.tar.xz deleted file mode 100644 index 815e59f..0000000 --- a/systemd-v245.7+suse.51.ga4e393eecb.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e0cce0a5990f8ddc03e1dcdb1af7f20331e3e885596710f8a68563882c50d31e -size 6301856 diff --git a/systemd-v246.4+suse.20.gf1344d5b7f.tar.xz b/systemd-v246.4+suse.20.gf1344d5b7f.tar.xz new file mode 100644 index 0000000..5665774 --- /dev/null +++ b/systemd-v246.4+suse.20.gf1344d5b7f.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:707b0dca1d9dd0fa8c8858090b5e14d9741bacda2c4d0a1745707b57b395b254 +size 6548244 diff --git a/systemd.changes b/systemd.changes index 5ac5e11..371a059 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Sep 2 10:14:10 UTC 2020 - Franck Bui + +- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446) + + See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for + details. + + Now that the number of SUSE specific patches has been shrinked and + is pretty low (12 at the time of this writing), they are no more + tracked by the git repo and are now handled at the package + level. Hence It is easier to maintain and identify them. This + effectively means that SUSE/v246 will contain upstream commits only. + ------------------------------------------------------------------- Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt diff --git a/systemd.spec b/systemd.spec index d39a85e..2959619 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.51.ga4e393eecb +%define suse_version +suse.20.gf1344d5b7f %bcond_with gnuefi %if 0%{?bootstrap} @@ -53,7 +53,7 @@ Name: systemd URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 245.7 +Version: 246.4 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -157,12 +157,29 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh Source101: scripts-systemd-upgrade-from-pre-210.sh Source102: scripts-systemd-migrate-sysconfig-i18n.sh -# Patches listed in here are put in quarantine. Normally all -# changes must go to upstream first and then are cherry-picked in the -# SUSE git repository. But in very few cases, some stuff might be -# broken in upstream and need an urgent fix. Even in this case, the -# patches are temporary and should be removed as soon as a fix is -# merged by upstream. +# Patches listed below are SUSE specific and should be kept at its +# minimum. We try hard to push our changes to upstream but sometimes +# they are only relevant for SUSE distros. Special rewards for those +# who will manage to get rid of one of them ! +Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch +Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch +Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch +Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch +Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch +Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch +Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch +Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch +Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch +Patch10: 0010-journald-disable-audit-support-completely-from-the-j.patch +Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch +Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch + +# Patches listed below are put in quarantine. Normally all changes +# must go to upstream first and then are cherry-picked in the SUSE git +# repository. But in very few cases, some stuff might be broken in +# upstream and need an urgent fix. Even in this case, the patches are +# temporary and should be removed as soon as a fix is merged by +# upstream. %description Systemd is a system and service manager, compatible with SysV and LSB @@ -602,8 +619,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff +%if %{with sysvcompat} ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel +%endif # Make sure we don't ship static enablement symlinks in /etc during # installation, presets should be honoured instead. @@ -1280,7 +1299,7 @@ fi %{_mandir}/man7/[bdfks]* %{_mandir}/man8/kern* %{_mandir}/man8/pam_* -%{_mandir}/man8/systemd-[a-gik-tv]* +%{_mandir}/man8/systemd-[a-gik-tvx]* %{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-u[ps]* @@ -1357,15 +1376,19 @@ fi /sbin/halt /sbin/shutdown /sbin/poweroff +%if %{with sysvcompat} /sbin/telinit /sbin/runlevel +%endif %{_sbindir}/init %{_sbindir}/reboot %{_sbindir}/halt %{_sbindir}/shutdown %{_sbindir}/poweroff +%if %{with sysvcompat} %{_sbindir}/telinit %{_sbindir}/runlevel +%endif %if ! 0%{?bootstrap} %{_mandir}/man1/init.1* %{_mandir}/man8/halt.8*