diff --git a/0001-Revert-insserv.conf-generator.patch b/0001-Revert-insserv.conf-generator.patch new file mode 100644 index 00000000..cdcd3409 --- /dev/null +++ b/0001-Revert-insserv.conf-generator.patch @@ -0,0 +1,365 @@ +From e143d8271cd8d8dd862a627754d3daa2d6f9cd48 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Mon, 27 May 2019 10:54:26 +0200 +Subject: [PATCH] Revert "insserv.conf generator" + +This reverts commit dbb7a2e71bec6f6400f2b67cc409b22915fe8c72. + +The only (system) packages which were still relying on the insserv-generator +have been fixed, see bsc#1052837 for the details. + +[fbui: fixes bsc#1052837] +--- + meson.build | 8 - + src/insserv-generator/insserv-generator.c | 320 ---------------------- + 2 files changed, 328 deletions(-) + delete mode 100644 src/insserv-generator/insserv-generator.c + +diff --git a/meson.build b/meson.build +index 54664661b5..4377fe8419 100644 +--- a/meson.build ++++ b/meson.build +@@ -2083,14 +2083,6 @@ if conf.get('HAVE_SYSV_COMPAT') == 1 + install_rpath : rootlibexecdir, + install : true, + install_dir : systemgeneratordir) +- +- executable('systemd-insserv-generator', +- 'src/insserv-generator/insserv-generator.c', +- include_directories : includes, +- link_with : [libshared], +- install_rpath : rootlibexecdir, +- install : true, +- install_dir : systemgeneratordir) + endif + + if conf.get('ENABLE_HOSTNAMED') == 1 +diff --git a/src/insserv-generator/insserv-generator.c b/src/insserv-generator/insserv-generator.c +deleted file mode 100644 +index 23b5a8255a..0000000000 +--- a/src/insserv-generator/insserv-generator.c ++++ /dev/null +@@ -1,320 +0,0 @@ +-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ +- +-/*** +- This file is part of systemd. +- +- Copyright 2012 Lennart Poettering +- +- systemd is free software; you can redistribute it and/or modify it +- under the terms of the GNU Lesser General Public License as published by +- the Free Software Foundation; either version 2.1 of the License, or +- (at your option) any later version. +- +- systemd is distributed in the hope that it will be useful, but +- WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- Lesser General Public License for more details. +- +- You should have received a copy of the GNU Lesser General Public License +- along with systemd; If not, see . +- ***/ +- +-#include +-#include +-#include +-#include +- +-#include "alloc-util.h" +-#include "mkdir.h" +-#include "log.h" +-#include "fileio.h" +-#include "unit-name.h" +-#include "special.h" +-#include "path-util.h" +-#include "util.h" +-#include "fd-util.h" +-#include "string-util.h" +-#include "strv.h" +- +-static const char *arg_dest = "/tmp"; +- +-static char *sysv_translate_name(const char *name) { +- char *r; +- +- r = new(char, strlen(name) + sizeof(".service")); +- if (!r) +- return NULL; +- +- if (endswith(name, ".sh")) +- /* Drop .sh suffix */ +- strcpy(stpcpy(r, name) - 3, ".service"); +- if (startswith(name, "boot.")) +- /* Drop SuSE-style boot. prefix */ +- strcpy(stpcpy(r, name + 5), ".service"); +- else +- /* Normal init script name */ +- strcpy(stpcpy(r, name), ".service"); +- +- return r; +-} +- +-static int sysv_translate_facility(const char *name, const char *filename, char **_r) { +- +- /* We silently ignore the $ prefix here. According to the LSB +- * spec it simply indicates whether something is a +- * standardized name or a distribution-specific one. Since we +- * just follow what already exists and do not introduce new +- * uses or names we don't care who introduced a new name. */ +- +- static const char * const table[] = { +- /* LSB defined facilities */ +- "local_fs", NULL, +- "network", SPECIAL_NETWORK_ONLINE_TARGET, +- "named", SPECIAL_NSS_LOOKUP_TARGET, +- "portmap", SPECIAL_RPCBIND_TARGET, +- "remote_fs", SPECIAL_REMOTE_FS_TARGET, +- "syslog", NULL, +- "time", SPECIAL_TIME_SYNC_TARGET, +- }; +- +- unsigned i; +- int e; +- char *r; +- const char *n; +- +- assert(name); +- assert(_r); +- +- n = *name == '$' ? name + 1 : name; +- +- for (i = 0; i < ELEMENTSOF(table); i += 2) { +- +- if (!streq(table[i], n)) +- continue; +- +- if (!table[i+1]) +- return 0; +- +- r = strdup(table[i+1]); +- if (!r) +- return log_oom(); +- +- goto finish; +- } +- +- /* If we don't know this name, fallback heuristics to figure +- * out whether something is a target or a service alias. */ +- +- if (*name == '$') { +- if (!unit_prefix_is_valid(n)) +- return -EINVAL; +- +- /* Facilities starting with $ are most likely targets */ +- e = unit_name_build(n, NULL, ".target", &r); +- if (e < 0) +- return log_error_errno(e, "Failed to generate unit name: %m"); +- +- } else if (filename && streq(name, filename)) +- /* Names equaling the file name of the services are redundant */ +- return 0; +- else +- /* Everything else we assume to be normal service names */ +- r = sysv_translate_name(n); +- +- if (!r) +- return -ENOMEM; +- +-finish: +- *_r = r; +- +- return 1; +-} +- +- +- +-static int parse_insserv_conf(const char* filename) { +- _cleanup_fclose_ FILE *f = NULL; +- int r; +- +- if (!(f = fopen(filename, "re"))) { +- log_debug("Failed to open file %s", filename); +- r = errno == ENOENT ? 0 : -errno; +- return r; +- } +- +- while (!feof(f)) { +- char l[LINE_MAX], *t; +- _cleanup_strv_free_ char **parsed = NULL; +- +- if (!fgets(l, sizeof(l), f)) { +- if (feof(f)) +- break; +- +- r = -errno; +- log_error("Failed to read configuration file '%s': %s", filename, strerror(-r)); +- return -r; +- } +- +- t = strstrip(l); +- if (*t != '$' && *t != '<') +- continue; +- +- parsed = strv_split(t,WHITESPACE); +- /* we ignore , not used, equivalent to X-Interactive */ +- if (parsed && !startswith_no_case (parsed[0], "")) { +- _cleanup_free_ char *facility = NULL; +- if (sysv_translate_facility(parsed[0], NULL, &facility) < 0 || !facility) +- continue; +- if (streq(facility, SPECIAL_REMOTE_FS_TARGET)) { +- _cleanup_free_ char *unit = NULL; +- /* insert also a Wants dependency from remote-fs-pre on remote-fs */ +- unit = strjoin(arg_dest, "/remote-fs.target.d/50-",basename(filename),".conf", NULL); +- if (!unit) +- return log_oom(); +- +- mkdir_parents_label(unit, 0755); +- +- r = write_string_file(unit, +- "# Automatically generated by systemd-insserv-generator\n\n" +- "[Unit]\n" +- "Wants=remote-fs-pre.target\n", WRITE_STRING_FILE_CREATE); +- if (r) +- return r; +- free (facility); +- facility=strdup(SPECIAL_REMOTE_FS_PRE_TARGET); +- } +- if (facility && endswith(facility, ".target")) { +- char *name, **j; +- FILE *file = NULL; +- +- STRV_FOREACH (j, parsed+1) { +- _cleanup_free_ char *unit = NULL; +- _cleanup_free_ char *dep = NULL; +- +- if (*j[0] == '+') +- name = *j+1; +- else +- name = *j; +- if (streq(name, "boot.localfs") || +- streq(name, "boot.crypto")) +- continue; +- if ((sysv_translate_facility(name, NULL, &dep) < 0) || !dep) +- continue; +- +- unit = strjoin(arg_dest, "/", dep, ".d/50-",basename(filename),"-",parsed[0],".conf", NULL); +- if (!unit) +- return log_oom(); +- +- mkdir_parents_label(unit, 0755); +- +- file = fopen(unit, "wxe"); +- if (!file) { +- if (errno == EEXIST) +- log_error("Failed to create drop-in file %s", unit); +- else +- log_error("Failed to create drop-in file %s: %m", unit); +- return -errno; +- } +- +- fprintf(file, +- "# Automatically generated by systemd-insserv-generator\n\n" +- "[Unit]\n" +- "Wants=%s\n" +- "Before=%s\n", +- facility, facility); +- +- fflush(file); +- if (ferror(file)) { +- log_error("Failed to write unit file %s: %m", unit); +- return -errno; +- } +- fclose(file); +- +- if (*j[0] != '+') { +- free (unit); +- unit = strjoin(arg_dest, "/", facility, ".d/50-hard-dependency-",basename(filename),"-",parsed[0],".conf", NULL); +- if (!unit) +- return log_oom(); +- +- mkdir_parents_label(unit, 0755); +- +- file = fopen(unit, "wxe"); +- if (!file) { +- if (errno == EEXIST) +- log_error("Failed to create drop-in file %s, as it already exists", unit); +- else +- log_error("Failed to create drop-in file %s: %m", unit); +- return -errno; +- } +- +- +- fprintf(file, +- "# Automatically generated by systemd-insserv-generator\n\n" +- "[Unit]\n" +- "SourcePath=%s\n" +- "Requires=%s\n", +- filename, dep); +- fflush(file); +- if (ferror(file)) { +- log_error("Failed to write unit file %s: %m", unit); +- return -errno; +- } +- fclose(file); +- } +- } +- } +- } +- } +- return r; +-} +- +-static int parse_insserv(void) { +- DIR *d = NULL; +- struct dirent *de; +- int r = 0; +- +- if (!(d = opendir("/etc/insserv.conf.d/"))) { +- if (errno != ENOENT) { +- log_debug("opendir() failed on /etc/insserv.conf.d/ %s", strerror(errno)); +- } +- } else { +- +- while ((de = readdir(d))) { +- char *path = NULL; +- if (hidden_or_backup_file(de->d_name)) +- continue; +- +- path = strjoin("/etc/insserv.conf.d/", de->d_name, NULL); +- parse_insserv_conf(path); +- free(path); +- } +- closedir (d); +- } +- +- r = parse_insserv_conf("/etc/insserv.conf"); +- +- return r; +-} +- +-int main(int argc, char *argv[]) { +- int r = 0; +- +- if (argc > 1 && argc != 4) { +- log_error("This program takes three or no arguments."); +- return EXIT_FAILURE; +- } +- +- if (argc > 1) +- arg_dest = argv[1]; +- +- log_set_prohibit_ipc(true); +- log_set_target(LOG_TARGET_AUTO); +- log_parse_environment(); +- log_open(); +- +- umask(0022); +- +- r = parse_insserv(); +- +- return (r < 0) ? EXIT_FAILURE : EXIT_SUCCESS; +-} +-- +2.21.0 + diff --git a/debug-only-remove-new-policies.patch b/debug-only-remove-new-policies.patch deleted file mode 100644 index 670f8f26..00000000 --- a/debug-only-remove-new-policies.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy -index 6dc79aa32a..398fb7bc21 100644 ---- a/src/login/org.freedesktop.login1.policy -+++ b/src/login/org.freedesktop.login1.policy -@@ -337,17 +337,6 @@ - - - -- -- Set the reboot "reason" in the kernel -- Authentication is required to set the reboot "reason" in the kernel. -- -- auth_admin_keep -- auth_admin_keep -- yes -- -- org.freedesktop.login1.reboot -- -- - - Indicate to the firmware to boot to setup interface - Authentication is required to indicate to the firmware to boot to setup interface. -@@ -359,28 +348,6 @@ - org.freedesktop.login1.reboot - - -- -- Indicate to the boot loader to boot to the boot loader menu -- Authentication is required to indicate to the boot loader to boot to the boot loader menu. -- -- auth_admin_keep -- auth_admin_keep -- yes -- -- org.freedesktop.login1.reboot -- -- -- -- Indicate to the boot loader to boot a specific entry -- Authentication is required to indicate to the boot loader to boot into a specific boot loader entry. -- -- auth_admin_keep -- auth_admin_keep -- yes -- -- org.freedesktop.login1.reboot -- -- - - Set a wall message - Authentication is required to set a wall message diff --git a/systemd-mini.changes b/systemd-mini.changes index 51e13e4c..785b05f7 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon May 27 09:33:45 UTC 2019 - Franck Bui + +- Add 0001-Revert-insserv.conf-generator.patch (bsc#1052837) + + All remaining packages have been fixed so they don't rely on the + insser-generator to generate proper deps. So let's drop it as all + services should carry the proper dependencies itself. + +------------------------------------------------------------------- +Mon May 27 09:30:05 UTC 2019 - Franck Bui + +- Drop debug-only-remove-new-policies.patch + + The new DBUS methods have been reviewed by the security team. + ------------------------------------------------------------------- Tue May 14 14:27:12 UTC 2019 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 8ff76041..a2ffbd84 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -167,7 +167,7 @@ Source200: scripts-udev-convert-lib-udev-path.sh # merged by upstream. Patch1: 0001-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch2: 0001-logind-keep-backward-compatibility-with-UserTasksMax.patch -Patch3: debug-only-remove-new-policies.patch +Patch3: 0001-Revert-insserv.conf-generator.patch %description Systemd is a system and service manager, compatible with SysV and LSB diff --git a/systemd.changes b/systemd.changes index 51e13e4c..785b05f7 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon May 27 09:33:45 UTC 2019 - Franck Bui + +- Add 0001-Revert-insserv.conf-generator.patch (bsc#1052837) + + All remaining packages have been fixed so they don't rely on the + insser-generator to generate proper deps. So let's drop it as all + services should carry the proper dependencies itself. + +------------------------------------------------------------------- +Mon May 27 09:30:05 UTC 2019 - Franck Bui + +- Drop debug-only-remove-new-policies.patch + + The new DBUS methods have been reviewed by the security team. + ------------------------------------------------------------------- Tue May 14 14:27:12 UTC 2019 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 245e57c2..583d8bcf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -165,7 +165,7 @@ Source200: scripts-udev-convert-lib-udev-path.sh # merged by upstream. Patch1: 0001-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch2: 0001-logind-keep-backward-compatibility-with-UserTasksMax.patch -Patch3: debug-only-remove-new-policies.patch +Patch3: 0001-Revert-insserv.conf-generator.patch %description Systemd is a system and service manager, compatible with SysV and LSB