From 770c459ef32717b3770adff613845463bbe05d2e8202dbbd004a2045a19212f5 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Thu, 7 Apr 2022 19:33:15 +0000 Subject: [PATCH 1/5] - Move coredumpctl completion files into systemd-coredump sub-package. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1275 --- files.systemd | 2 -- systemd.changes | 5 +++++ systemd.spec | 2 ++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/files.systemd b/files.systemd index c9531766..8e3481a9 100644 --- a/files.systemd +++ b/files.systemd @@ -124,7 +124,6 @@ %{_bindir}/timedatectl %if %{without bootstrap} %{_datadir}/bash-completion/completions/busctl -%{_datadir}/bash-completion/completions/coredumpctl %{_datadir}/bash-completion/completions/hostnamectl %{_datadir}/bash-completion/completions/journalctl %{_datadir}/bash-completion/completions/localectl @@ -188,7 +187,6 @@ %{_datadir}/systemd/language-fallback-map %if %{without bootstrap} %{_datadir}/zsh/site-functions/_busctl -%{_datadir}/zsh/site-functions/_coredumpctl %{_datadir}/zsh/site-functions/_hostnamectl %{_datadir}/zsh/site-functions/_journalctl %{_datadir}/zsh/site-functions/_localectl diff --git a/systemd.changes b/systemd.changes index 870cfb44..9c27984a 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Apr 7 19:27:11 UTC 2022 - Franck Bui + +- Move coredumpctl completion files into systemd-coredump sub-package. + ------------------------------------------------------------------- Wed Apr 6 09:55:10 UTC 2022 - Franck Bui diff --git a/systemd.spec b/systemd.spec index de7564f1..745280cc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1317,6 +1317,8 @@ fi %config(noreplace) %{_sysconfdir}/systemd/coredump.conf %dir %{_localstatedir}/lib/systemd/coredump %if %{without bootstrap} +%{_datadir}/bash-completion/completions/coredumpctl +%{_datadir}/zsh/site-functions/_coredumpctl %{_mandir}/man1/coredumpctl* %{_mandir}/man5/coredump.conf* %{_mandir}/man8/systemd-coredump* From 65352a537b88de76cae14500a19dcd86dc1b1d4d0da812c179ce32d01712386a Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Mon, 11 Apr 2022 07:55:36 +0000 Subject: [PATCH 2/5] Accepting request 968042 from home:Andreas_Schwab:Factory - libseccomp is needed everywhere OBS-URL: https://build.opensuse.org/request/show/968042 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1276 --- systemd.changes | 5 +++++ systemd.spec | 4 +--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/systemd.changes b/systemd.changes index 9c27984a..c0e088c1 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Apr 9 12:54:30 UTC 2022 - Andreas Schwab + +- libseccomp is needed everywhere + ------------------------------------------------------------------- Thu Apr 7 19:27:11 UTC 2022 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 745280cc..b4d79803 100644 --- a/systemd.spec +++ b/systemd.spec @@ -93,11 +93,9 @@ BuildRequires: pkgconfig(liblz4) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpcre2-8) BuildRequires: pkgconfig(libqrencode) +BuildRequires: pkgconfig(libseccomp) >= 2.3.1 BuildRequires: pkgconfig(libselinux) >= 2.1.9 BuildRequires: pkgconfig(libzstd) -%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x -BuildRequires: pkgconfig(libseccomp) >= 2.3.1 -%endif %endif BuildRequires: fdupes BuildRequires: gperf From 35f5ab4e2b5a85b4f4016a649c0bb1736febbab7db0975b632cb01726a0d000b Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 19 Apr 2022 09:09:31 +0000 Subject: [PATCH 3/5] - Import commit 736db5a59f1ab1317ef64ec6e7dc394250178146 98bc28d824 tmpfiles: constify item_compatible() parameters 3faf1a2648 test: adapt install_pam() for openSUSE b7ca34fa28 test: add test checking tmpfiles conf file precedence 2713693d93 test tmpfiles: add a test for 'w+' ce2cbefe38 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) 769f5a0cbe Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1277 --- systemd-v250.4+suse.47.ge43a1b0188.tar.xz | 3 --- systemd-v250.4+suse.54.g736db5a59f.tar.xz | 3 +++ systemd.changes | 12 ++++++++++++ systemd.spec | 2 +- 4 files changed, 16 insertions(+), 4 deletions(-) delete mode 100644 systemd-v250.4+suse.47.ge43a1b0188.tar.xz create mode 100644 systemd-v250.4+suse.54.g736db5a59f.tar.xz diff --git a/systemd-v250.4+suse.47.ge43a1b0188.tar.xz b/systemd-v250.4+suse.47.ge43a1b0188.tar.xz deleted file mode 100644 index 982a5ee2..00000000 --- a/systemd-v250.4+suse.47.ge43a1b0188.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6633132c53177f605c5744b6cc412c823e32249545ffd0520ac56ef33c270d9c -size 7626800 diff --git a/systemd-v250.4+suse.54.g736db5a59f.tar.xz b/systemd-v250.4+suse.54.g736db5a59f.tar.xz new file mode 100644 index 00000000..37bc7a4f --- /dev/null +++ b/systemd-v250.4+suse.54.g736db5a59f.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:61dfe5c41409547e9e358593b0187e63955ec6229dd04f78e7e7398289a40350 +size 7626844 diff --git a/systemd.changes b/systemd.changes index c0e088c1..fa5c3ae0 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Apr 19 07:30:31 UTC 2022 - Franck Bui + +- Import commit 736db5a59f1ab1317ef64ec6e7dc394250178146 + + 98bc28d824 tmpfiles: constify item_compatible() parameters + 3faf1a2648 test: adapt install_pam() for openSUSE + b7ca34fa28 test: add test checking tmpfiles conf file precedence + 2713693d93 test tmpfiles: add a test for 'w+' + ce2cbefe38 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) + 769f5a0cbe Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size. + ------------------------------------------------------------------- Sat Apr 9 12:54:30 UTC 2022 - Andreas Schwab diff --git a/systemd.spec b/systemd.spec index b4d79803..dd3ed7a4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -19,7 +19,7 @@ %global flavor @BUILD_FLAVOR@%{nil} %define min_kernel_version 4.5 -%define suse_version +suse.47.ge43a1b0188 +%define suse_version +suse.54.g736db5a59f %define _testsuitedir /usr/lib/systemd/tests %define xinitconfdir %{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}/X11/xinit From 6d7a87b727311c2e1264b2678a524509974bd984cad8af61c03b305c4637f9b9 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 19 Apr 2022 11:26:19 +0000 Subject: [PATCH 4/5] - Drop 0011-core-disable-session-keyring-per-system-sevice-entir.patch Since bsc#1081947 has been addressed, we can attempt to re-enable private session kernel keyring for each system service hence each service gets a session keyring that is specific to the service. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1278 --- ...sion-keyring-per-system-sevice-entir.patch | 45 ------------------- systemd.changes | 9 ++++ systemd.spec | 1 - 3 files changed, 9 insertions(+), 46 deletions(-) delete mode 100644 0011-core-disable-session-keyring-per-system-sevice-entir.patch diff --git a/0011-core-disable-session-keyring-per-system-sevice-entir.patch b/0011-core-disable-session-keyring-per-system-sevice-entir.patch deleted file mode 100644 index 9d5bad80..00000000 --- a/0011-core-disable-session-keyring-per-system-sevice-entir.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 67f3fa5aa2781d42c809da9303f81b28544824d8 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 6 Jul 2017 15:48:10 +0200 -Subject: [PATCH 10/11] core: disable session keyring per system sevice - entirely for now - -Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this -feature has to be disabled. - -openSUSE is still not ready for enabling the keyring stuff (see -bsc#1081947). Some services got fixed (sshd, getty@.service) but some still -haven't (xdm, login, ...) - -So leave it disabled again otherwise different users might end up using the -same session keyring - the one created for the service used for logging in -(sshd, getty@.service, xdm, etc...) - -The integration of pam_keyinit is tracked here: -https://bugzilla.opensuse.org/show_bug.cgi?id=1081947 - -See also: -https://github.com/systemd/systemd/pull/6286 - -[fbui: fixes boo#1045886] ---- - src/core/execute.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 2a337b55a2..b5a1a3b6e5 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -3356,6 +3356,9 @@ static int setup_keyring( - assert(context); - assert(p); - -+ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */ -+ return 0; -+ - /* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that - * each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond - * that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be --- -2.26.2 - diff --git a/systemd.changes b/systemd.changes index fa5c3ae0..95301ad7 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Apr 19 11:17:03 UTC 2022 - Franck Bui + +- Drop 0011-core-disable-session-keyring-per-system-sevice-entir.patch + + Since bsc#1081947 has been addressed, we can attempt to re-enable private + session kernel keyring for each system service hence each service gets a + session keyring that is specific to the service. + ------------------------------------------------------------------- Tue Apr 19 07:30:31 UTC 2022 - Franck Bui diff --git a/systemd.spec b/systemd.spec index dd3ed7a4..4bcf3412 100644 --- a/systemd.spec +++ b/systemd.spec @@ -195,7 +195,6 @@ Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch %endif Patch10: 0001-conf-parser-introduce-early-drop-ins.patch -Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch Patch12: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # Temporary workaround until bsc#1197178 is addressed. From 3a71e5f4e37870a6b666ada69a610452007e255f028389cb73ab67e1a28c4e90 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 20 Apr 2022 08:23:46 +0000 Subject: [PATCH 5/5] Accepting request 971002 from home:lnussel:branches:Base:System - spec: sign the systemd-boot efi binary (boo#1198586) OBS-URL: https://build.opensuse.org/request/show/971002 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1279 --- systemd.changes | 5 +++++ systemd.spec | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/systemd.changes b/systemd.changes index 95301ad7..bd67d985 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Apr 20 07:59:23 UTC 2022 - Ludwig Nussel + +- spec: sign the systemd-boot efi binary (boo#1198586) + ------------------------------------------------------------------- Tue Apr 19 11:17:03 UTC 2022 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 4bcf3412..f9ed16fa 100644 --- a/systemd.spec +++ b/systemd.spec @@ -305,6 +305,7 @@ License: GPL-2.0-only URL: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html %if %{with sd_boot} BuildRequires: gnu-efi +BuildRequires: pesign-obs-integration %endif Requires: %{name} = %{version}-%{release} %systemd_requires @@ -720,6 +721,12 @@ Have fun with these services at your own risk. %install %meson_install +%if %{with sd_boot} +%ifarch x86_64 +export BRP_PESIGN_FILES="/usr/lib/systemd/boot/efi/systemd-bootx64.efi" +%endif +%endif + # Don't ship resolvconf symlink for now as it conflicts with the # binary shipped by openresolv and provides limited compatibility # only