Dominique Leuenberger 2023-03-15 17:53:31 +00:00 committed by Git OBS Bridge
parent 3049943332
commit ba02eef87f
11 changed files with 41 additions and 124 deletions

View File

@ -1,7 +1,7 @@
From 77391d9baf86f10daf210ccf5527e0155a33fc73 Mon Sep 17 00:00:00 2001
From 288be40eb94ddc1d549a98556baea71d20df224f Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 22 Jan 2021 14:57:08 +0100
Subject: [PATCH 1/1] conf-parser: introduce 'early' drop-ins
Subject: [PATCH 1/8] conf-parser: introduce 'early' drop-ins
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@ -62,14 +62,14 @@ drop this feature at any time.
Fixes: #2121
---
src/shared/conf-parser.c | 55 ++++++++++--
src/test/test-conf-parser.c | 166 +++++++++++++++++++++++++++++++++++-
2 files changed, 215 insertions(+), 6 deletions(-)
src/test/test-conf-parser.c | 164 ++++++++++++++++++++++++++++++++++++
2 files changed, 214 insertions(+), 5 deletions(-)
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 29051ca0e3..72935030ea 100644
index 5cb41a39da..86dc1c95f6 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -477,6 +477,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s
@@ -478,6 +478,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s
static int config_parse_many_files(
const char* const* conf_files,
@ -77,7 +77,7 @@ index 29051ca0e3..72935030ea 100644
char **files,
const char *sections,
ConfigItemLookup lookup,
@@ -495,6 +496,20 @@ static int config_parse_many_files(
@@ -496,6 +497,20 @@ static int config_parse_many_files(
return -ENOMEM;
}
@ -98,7 +98,7 @@ index 29051ca0e3..72935030ea 100644
/* First read the first found main config file. */
STRV_FOREACH(fn, conf_files) {
r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &st);
@@ -533,6 +548,27 @@ static int config_parse_many_files(
@@ -534,6 +549,27 @@ static int config_parse_many_files(
return 0;
}
@ -126,7 +126,7 @@ index 29051ca0e3..72935030ea 100644
/* Parse each config file in the directories specified as nulstr. */
int config_parse_many_nulstr(
const char *conf_file,
@@ -544,15 +580,19 @@ int config_parse_many_nulstr(
@@ -545,15 +581,19 @@ int config_parse_many_nulstr(
void *userdata,
Hashmap **ret_stats_by_path) {
@ -149,7 +149,7 @@ index 29051ca0e3..72935030ea 100644
ret_stats_by_path);
}
@@ -590,6 +630,7 @@ int config_parse_many(
@@ -591,6 +631,7 @@ int config_parse_many(
Hashmap **ret_stats_by_path,
char ***ret_dropin_files) {
@ -157,7 +157,7 @@ index 29051ca0e3..72935030ea 100644
_cleanup_strv_free_ char **files = NULL;
int r;
@@ -602,12 +643,16 @@ int config_parse_many(
@@ -603,12 +644,16 @@ int config_parse_many(
if (r < 0)
return r;
@ -177,22 +177,20 @@ index 29051ca0e3..72935030ea 100644
return 0;
}
diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c
index 0acb4131b5..96a52e759f 100644
index 8c27dcac3f..745e4a127a 100644
--- a/src/test/test-conf-parser.c
+++ b/src/test/test-conf-parser.c
@@ -5,7 +5,10 @@
@@ -5,6 +5,9 @@
#include "fs-util.h"
#include "log.h"
#include "macro.h"
-#include "string-util.h"
+#include "mkdir.h"
+#include "nulstr-util.h"
+#include "path-util.h"
+#include "rm-rf.h"
#include "string-util.h"
#include "strv.h"
#include "tests.h"
#include "tmpfile-util.h"
@@ -390,4 +393,165 @@ TEST(config_parse) {
@@ -391,4 +394,165 @@ TEST(config_parse) {
test_config_parse_one(i, config_file[i]);
}

View File

@ -1,34 +0,0 @@
From 9d0f728f65e6c3ad586e276c1ed3c2cd8cc944be Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 20 Feb 2023 12:00:30 +0900
Subject: [PATCH 5000/5000] core/manager: run generators directly when we are
in initrd
Some initrd system write files at ourside of /run, /etc, or other
allowed places. This is a kind of workaround, but in most cases, such
sandboxing is not necessary as the filesystem is on ramfs when we are in
initrd.
Fixes #26488.
---
src/core/manager.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 380a4e30d7..6135205761 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
/* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
* we are the user manager, let's just execute the generators directly. We might not have the
* necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
- */
- if (MANAGER_IS_USER(m)) {
+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
+ if (MANAGER_IS_USER(m) || in_initrd()) {
r = manager_execute_generators(m, paths, /* remount_ro= */ false);
goto finish;
}
--
2.35.3

View File

@ -197,8 +197,6 @@
%{_mandir}/man3/sd_bus_emit_properties_changed.3.gz
%{_mandir}/man3/sd_bus_emit_properties_changed_strv.3.gz
%{_mandir}/man3/sd_bus_emit_signal.3.gz
%{_mandir}/man3/sd_bus_emit_signal_to.3.gz
%{_mandir}/man3/sd_bus_emit_signal_tov.3.gz
%{_mandir}/man3/sd_bus_emit_signalv.3.gz
%{_mandir}/man3/sd_bus_enqueue_for_read.3.gz
%{_mandir}/man3/sd_bus_error.3.gz
@ -314,7 +312,6 @@
%{_mandir}/man3/sd_bus_message_new_method_errorf.3.gz
%{_mandir}/man3/sd_bus_message_new_method_return.3.gz
%{_mandir}/man3/sd_bus_message_new_signal.3.gz
%{_mandir}/man3/sd_bus_message_new_signal_to.3.gz
%{_mandir}/man3/sd_bus_message_open_container.3.gz
%{_mandir}/man3/sd_bus_message_peek_type.3.gz
%{_mandir}/man3/sd_bus_message_read.3.gz
@ -666,14 +663,6 @@
%{_mandir}/man3/sd_pid_notify.3.gz
%{_mandir}/man3/sd_pid_notify_with_fds.3.gz
%{_mandir}/man3/sd_pid_notifyf.3.gz
%{_mandir}/man3/sd_pidfd_get_cgroup.3.gz
%{_mandir}/man3/sd_pidfd_get_machine_name.3.gz
%{_mandir}/man3/sd_pidfd_get_owner_uid.3.gz
%{_mandir}/man3/sd_pidfd_get_session.3.gz
%{_mandir}/man3/sd_pidfd_get_slice.3.gz
%{_mandir}/man3/sd_pidfd_get_unit.3.gz
%{_mandir}/man3/sd_pidfd_get_user_slice.3.gz
%{_mandir}/man3/sd_pidfd_get_user_unit.3.gz
%{_mandir}/man3/sd_seat_can_graphical.3.gz
%{_mandir}/man3/sd_seat_can_tty.3.gz
%{_mandir}/man3/sd_seat_get_active.3.gz

View File

@ -27,7 +27,6 @@
%{_mandir}/man1/oomctl.1.gz
%if %{with sd_boot}
%{_mandir}/man1/systemd-measure.1.gz
%{_mandir}/man1/ukify.1.gz
%endif
%{_mandir}/man1/userdbctl.1.gz
%{_mandir}/man5/homed.conf.5.gz
@ -44,9 +43,6 @@
%{_mandir}/man8/systemd-oomd.8.gz
%{_mandir}/man8/systemd-oomd.service.8.gz
%if %{with sd_boot}
%{_mandir}/man8/systemd-pcrfs-root.service.8.gz
%{_mandir}/man8/systemd-pcrfs@.service.8.gz
%{_mandir}/man8/systemd-pcrmachine.service.8.gz
%{_mandir}/man8/systemd-pcrphase-initrd.service.8.gz
%{_mandir}/man8/systemd-pcrphase-sysinit.service.8.gz
%{_mandir}/man8/systemd-pcrphase.8.gz
@ -76,13 +72,9 @@
%{_systemd_util_dir}/systemd-sysupdate
%{_systemd_util_dir}/systemd-userdbd
%{_systemd_util_dir}/systemd-userwork
%if %{with sd_boot}
%{_systemd_util_dir}/ukify
%endif
%{_sysusersdir}/systemd-oom.conf
%if %{with sd_boot}
%{_unitdir}/initrd.target.wants/systemd-pcrphase-initrd.service
%{_unitdir}/sysinit.target.wants/systemd-pcrmachine.service
%{_unitdir}/sysinit.target.wants/systemd-pcrphase-sysinit.service
%{_unitdir}/sysinit.target.wants/systemd-pcrphase.service
%endif
@ -91,9 +83,6 @@
%{_unitdir}/systemd-oomd.service
%{_unitdir}/systemd-oomd.socket
%if %{with sd_boot}
%{_unitdir}/systemd-pcrfs-root.service
%{_unitdir}/systemd-pcrfs@.service
%{_unitdir}/systemd-pcrmachine.service
%{_unitdir}/systemd-pcrphase-initrd.service
%{_unitdir}/systemd-pcrphase-sysinit.service
%{_unitdir}/systemd-pcrphase.service

View File

@ -100,7 +100,6 @@
%{_bindir}/localectl
%{_bindir}/loginctl
%{_bindir}/systemctl
%{_bindir}/systemd-ac-power
%{_bindir}/systemd-analyze
%{_bindir}/systemd-ask-password
%{_bindir}/systemd-cat
@ -233,8 +232,8 @@
%{_libdir}/libnss_myhostname.so.2
%{_libdir}/libnss_systemd.so.2
%endif
%{_libdir}/systemd/libsystemd-core-253.so
%{_libdir}/systemd/libsystemd-shared-253.so
%{_libdir}/systemd/libsystemd-core-252.so
%{_libdir}/systemd/libsystemd-shared-252.so
%if %{without bootstrap}
%{_mandir}/man1/busctl.1.gz
%{_mandir}/man1/hostnamectl.1.gz
@ -243,7 +242,6 @@
%{_mandir}/man1/localectl.1.gz
%{_mandir}/man1/loginctl.1.gz
%{_mandir}/man1/systemctl.1.gz
%{_mandir}/man1/systemd-ac-power.1.gz
%{_mandir}/man1/systemd-analyze.1.gz
%{_mandir}/man1/systemd-ask-password.1.gz
%{_mandir}/man1/systemd-cat.1.gz
@ -447,6 +445,7 @@
%{_systemd_util_dir}/scripts/upgrade-from-pre-210.sh
%{_systemd_util_dir}/system-preset/99-default.preset
%{_systemd_util_dir}/systemd
%{_systemd_util_dir}/systemd-ac-power
%{_systemd_util_dir}/systemd-binfmt
%{_systemd_util_dir}/systemd-boot-check-no-failures
%{_systemd_util_dir}/systemd-cgroups-agent
@ -506,7 +505,6 @@
%{_systemdgeneratordir}/systemd-system-update-generator
%{_sysusersdir}/systemd-journal.conf
%{_sysusersdir}/systemd-timesync.conf
%{_tmpfilesdir}/credstore.conf
%{_tmpfilesdir}/journal-nocow.conf
%{_tmpfilesdir}/provision.conf
%{_tmpfilesdir}/suse.conf
@ -643,7 +641,6 @@
%{_unitdir}/systemd-hybrid-sleep.service
%{_unitdir}/systemd-journal-catalog-update.service
%{_unitdir}/systemd-journal-flush.service
%{_unitdir}/systemd-journald-audit.socket
%{_unitdir}/systemd-journald-dev-log.socket
%{_unitdir}/systemd-journald-varlink@.socket
%{_unitdir}/systemd-journald.service

View File

@ -94,6 +94,7 @@
%endif
%{_prefix}/lib/udev/fido_id
%{_prefix}/lib/udev/mtd_probe
%{_prefix}/lib/udev/path_id_compat
%{_prefix}/lib/udev/scsi_id
%{_prefix}/lib/udev/v4l_id
%{_systemd_util_dir}/network/99-default.link
@ -173,6 +174,7 @@
%{_udevrulesdir}/60-persistent-v4l.rules
%{_udevrulesdir}/60-sensor.rules
%{_udevrulesdir}/60-serial.rules
%{_udevrulesdir}/61-persistent-storage-compat.rules
%{_udevrulesdir}/64-btrfs.rules
%{_udevrulesdir}/70-camera.rules
%{_udevrulesdir}/70-joystick.rules
@ -224,8 +226,6 @@
%{_unitdir}/system-systemd\x2dcryptsetup.slice
%endif
%{_unitdir}/systemd-backlight@.service
%{_unitdir}/systemd-growfs-root.service
%{_unitdir}/systemd-growfs@.service
%{_unitdir}/systemd-hwdb-update.service
%if %{without bootstrap}
%{_unitdir}/systemd-modules-load.service

View File

@ -26,20 +26,19 @@
%{_mandir}/man8/systemd-bless-boot-generator.8.gz
%{_mandir}/man8/systemd-bless-boot.8.gz
%{_mandir}/man8/systemd-bless-boot.service.8.gz
%{_mandir}/man8/systemd-boot-random-seed.service.8.gz
%{_mandir}/man8/systemd-boot-system-token.service.8.gz
%endif
%{_prefix}/lib/kernel/install.conf
%{_prefix}/lib/kernel/install.d/50-depmod.install
%{_prefix}/lib/kernel/install.d/90-loaderentry.install
%{_prefix}/lib/kernel/install.d/90-uki-copy.install
# These are the few exceptions where glob pattern is allowed.
%{_systemd_util_dir}/boot/efi/linux*.efi.stub
%{_systemd_util_dir}/boot/efi/linux*.elf.stub
%{_systemd_util_dir}/boot/efi/systemd-boot*.efi
%{_systemd_util_dir}/systemd-bless-boot
%{_systemdgeneratordir}/systemd-bless-boot-generator
%{_unitdir}/sysinit.target.wants/systemd-boot-random-seed.service
%{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service
%{_unitdir}/systemd-bless-boot.service
%{_unitdir}/systemd-boot-random-seed.service
%{_unitdir}/systemd-boot-system-token.service
%{_unitdir}/systemd-boot-update.service
%endif

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fd9f697fdbb194da090ef87f472c1c6d05d16cfa49b3b668648ea6d3c8f177d2
size 8089304

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84aad84973ab74246f5eff59641a5570c3a0bb6fce66402a4644212d71f38d07
size 8205144

View File

@ -1,26 +1,3 @@
-------------------------------------------------------------------
Thu Mar 9 10:38:10 UTC 2023 - Franck Bui <fbui@suse.com>
- Add 5000-core-manager-run-generators-directly-when-we-are-in-.patch, a
temporary workaround until https://github.com/dracutdevs/dracut/issues/2211 is
fixed in dracut.
-------------------------------------------------------------------
Mon Mar 6 10:08:33 UTC 2023 - Franck Bui <fbui@suse.com>
- Upgrade to v253.1 (commit 6c327d74aa0d350482e82a247d7018559699798d)
See https://github.com/openSUSE/systemd/blob/SUSE/v253/NEWS for details.
* Rebased 0001-conf-parser-introduce-early-drop-ins.patch
* Ship systemd-journald-audit.socket again: it can now be disabled via the
usual "systemctl disable" mechanism to stop collection of audit
messages. Note that it's handled by the preset logic, which turns it off by
default.
* TEST_06_SELINUX needs selinux-policy-devel.
-------------------------------------------------------------------
Mon Mar 6 08:40:35 UTC 2023 - Franck Bui <fbui@suse.com>

View File

@ -19,7 +19,7 @@
%global flavor @BUILD_FLAVOR@%{nil}
%define min_kernel_version 4.5
%define archive_version %nil
%define archive_version +suse.50.gd447802fee
%define _testsuitedir /usr/lib/systemd/tests
%define xinitconfdir %{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}/X11/xinit
@ -72,7 +72,7 @@
Name: systemd%{?mini}
URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 253.1
Version: 252.7
Release: 0
Summary: A System and Session Manager
License: LGPL-2.1-or-later
@ -209,10 +209,9 @@ Patch12: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
# Patches listed below are put in quarantine. Normally all changes must go to
# upstream first and then are cherry-picked in the SUSE git repository. But for
# very few cases, some stuff might be broken in upstream and need to be fixed or
# worked around quickly. In these cases, the patches are added temporarily and
# will be removed as soon as a proper fix will be merged by upstream.
Patch5000: 5000-core-manager-run-generators-directly-when-we-are-in-.patch
# very few cases, some stuff might be broken in upstream and need to be fixed
# quickly. But even in these cases, the patches are temporary and should be
# removed as soon as a fix is merged by upstream.
%description
Systemd is a system and service manager, compatible with SysV and LSB
@ -531,7 +530,6 @@ Requires: netcat
Requires: python3-pexpect
Requires: qemu-kvm
Requires: quota
Requires: selinux-policy-devel
Requires: socat
Requires: squashfs
Requires: systemd-container
@ -887,8 +885,8 @@ rm -f %{buildroot}%{_presetdir}/*.preset
echo 'disable *' >%{buildroot}%{_presetdir}/99-default.preset
echo 'disable *' >%{buildroot}%{_userpresetdir}/99-default.preset
# The current situation with tmpfiles snippets dealing with the generic paths is
# pretty messy currently because:
# The tmpfiles dealing with the generic paths is pretty messy
# currently because:
#
# 1. filesystem package wants to define the generic paths and some of them
# conflict with the definition given by systemd in var.conf, see
@ -932,6 +930,12 @@ fi
# still be used by yast.
cat %{SOURCE14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
# Don't ship systemd-journald-audit.socket as there's no other way for us to
# prevent journald from recording audit messages in the journal by default
# (bsc#1109252).
rm -f %{buildroot}%{_unitdir}/systemd-journald-audit.socket
rm -f %{buildroot}%{_unitdir}/sockets.target.wants/systemd-journald-audit.socket
%if %{with testsuite}
# -Dinstall_test took care of installing the unit tests only (those in
# src/tests) and testdata directory. Here we copy the integration tests
@ -960,7 +964,6 @@ tar -cO \
%systemd_pre remote-fs.target
%systemd_pre getty@.service
%systemd_pre systemd-timesyncd.service
%systemd_pre systemd-journald-audit.socket
%post
# Make /etc/machine-id an empty file during package installation. On the first
@ -1020,7 +1023,6 @@ fi
%systemd_post remote-fs.target
%systemd_post getty@.service
%systemd_post systemd-timesyncd.service
%systemd_post systemd-journald-audit.socket
# v228 wrongly set world writable suid root permissions on timestamp files used
# by permanent timers. Fix the timestamps that might have been created by the
@ -1312,13 +1314,13 @@ fi
%defattr(-,root,root)
%license LICENSE.LGPL2.1
%{_libdir}/libsystemd.so.0
%{_libdir}/libsystemd.so.0.36.0
%{_libdir}/libsystemd.so.0.35.0
%files -n libudev%{?mini}1
%defattr(-,root,root)
%license LICENSE.LGPL2.1
%{_libdir}/libudev.so.1
%{_libdir}/libudev.so.1.7.6
%{_libdir}/libudev.so.1.7.5
%if %{with coredump}
%files coredump