From bfe5264cbd1e54bbd84b616482bfd8fa907754e7cda71d6cfcd8a3580fcbce73 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 21 May 2019 08:22:34 +0000 Subject: [PATCH] Accepting request 702871 from Base:System OBS-URL: https://build.opensuse.org/request/show/702871 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=295 --- ...ward-compatibility-with-UserTasksMax.patch | 26 ++++--- debug-only-remove-new-policies.patch | 51 +++++++++++++ systemd-mini.changes | 75 +++++++++++++++++++ systemd-mini.spec | 19 +++-- systemd-v241+suse.46.g4e6e66ea9.tar.xz | 3 - systemd-v242+suse.75.g9984a86d0d.tar.xz | 3 + systemd.changes | 75 +++++++++++++++++++ systemd.spec | 19 +++-- 8 files changed, 242 insertions(+), 29 deletions(-) create mode 100644 debug-only-remove-new-policies.patch delete mode 100644 systemd-v241+suse.46.g4e6e66ea9.tar.xz create mode 100644 systemd-v242+suse.75.g9984a86d0d.tar.xz diff --git a/0001-logind-keep-backward-compatibility-with-UserTasksMax.patch b/0001-logind-keep-backward-compatibility-with-UserTasksMax.patch index 04b042c6..553fd89f 100644 --- a/0001-logind-keep-backward-compatibility-with-UserTasksMax.patch +++ b/0001-logind-keep-backward-compatibility-with-UserTasksMax.patch @@ -1,4 +1,4 @@ -From 819616fabe327d4baf587337f427c24588192af5 Mon Sep 17 00:00:00 2001 +From ce59acc7743f1897a335449b718f9ede33add394 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 6 Nov 2018 11:51:26 +0100 Subject: [PATCH] logind: keep backward compatibility with UserTasksMax= in @@ -23,17 +23,17 @@ The main advantages to use a generator are: Expect this generator to be dropped in the future. --- - meson.build | 8 ++++ - src/login/compat-tasks-max-generator.c | 66 ++++++++++++++++++++++++++ - src/login/logind-user.c | 43 +++++++++++++++-- - 3 files changed, 112 insertions(+), 5 deletions(-) + meson.build | 8 +++ + src/login/compat-tasks-max-generator.c | 68 ++++++++++++++++++++++++++ + src/login/logind-user.c | 43 ++++++++++++++-- + 3 files changed, 114 insertions(+), 5 deletions(-) create mode 100644 src/login/compat-tasks-max-generator.c diff --git a/meson.build b/meson.build -index eacadc1505..7c00470fff 100644 +index dc6e970095..d834108f24 100644 --- a/meson.build +++ b/meson.build -@@ -1866,6 +1866,14 @@ if conf.get('ENABLE_LOGIND') == 1 +@@ -1885,6 +1885,14 @@ if conf.get('ENABLE_LOGIND') == 1 endif endif @@ -50,11 +50,13 @@ index eacadc1505..7c00470fff 100644 include_directories : includes, diff --git a/src/login/compat-tasks-max-generator.c b/src/login/compat-tasks-max-generator.c new file mode 100644 -index 0000000000..404ca5f237 +index 0000000000..964d0596fb --- /dev/null +++ b/src/login/compat-tasks-max-generator.c -@@ -0,0 +1,66 @@ +@@ -0,0 +1,68 @@ +#include ++#include ++#include + +#include "alloc-util.h" +#include "dropin.h" @@ -121,10 +123,10 @@ index 0000000000..404ca5f237 + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} diff --git a/src/login/logind-user.c b/src/login/logind-user.c -index ae27bfb662..bbcac62783 100644 +index 045b6f0e17..1c19d6512b 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c -@@ -843,17 +843,50 @@ int config_parse_compat_user_tasks_max( +@@ -847,17 +847,50 @@ int config_parse_compat_user_tasks_max( void *data, void *userdata) { @@ -181,5 +183,5 @@ index ae27bfb662..bbcac62783 100644 return 0; } -- -2.20.1 +2.21.0 diff --git a/debug-only-remove-new-policies.patch b/debug-only-remove-new-policies.patch new file mode 100644 index 00000000..670f8f26 --- /dev/null +++ b/debug-only-remove-new-policies.patch @@ -0,0 +1,51 @@ +diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy +index 6dc79aa32a..398fb7bc21 100644 +--- a/src/login/org.freedesktop.login1.policy ++++ b/src/login/org.freedesktop.login1.policy +@@ -337,17 +337,6 @@ + + + +- +- Set the reboot "reason" in the kernel +- Authentication is required to set the reboot "reason" in the kernel. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.reboot +- +- + + Indicate to the firmware to boot to setup interface + Authentication is required to indicate to the firmware to boot to setup interface. +@@ -359,28 +348,6 @@ + org.freedesktop.login1.reboot + + +- +- Indicate to the boot loader to boot to the boot loader menu +- Authentication is required to indicate to the boot loader to boot to the boot loader menu. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.reboot +- +- +- +- Indicate to the boot loader to boot a specific entry +- Authentication is required to indicate to the boot loader to boot into a specific boot loader entry. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.reboot +- +- + + Set a wall message + Authentication is required to set a wall message diff --git a/systemd-mini.changes b/systemd-mini.changes index 3eb25d2f..51e13e4c 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,78 @@ +------------------------------------------------------------------- +Tue May 14 14:27:12 UTC 2019 - Franck Bui + +- Import commit 9984a86d0d2259d54c7060f9c09f214202b4efa7 + + f2459bf373 random-util: eat up bad RDRAND values seen on AMD CPUs + c90a2e9793 util-lib: fix a typo in rdrand + 4db1cc9d46 random-util: rename "err" to "success" + 981a62a102 random-util: hash AT_RANDOM getauxval() value before using it + 64a9c3d918 random-util: use gcc's bit_RDRND definition if it exists + c5d6ecfdca random-util: rename RANDOM_DONT_DRAIN → RANDOM_MAY_FAIL + 298d13df7e network: remove redunant link name in message + 77cbde31f2 hwdb: Align airplane mode toggle key mapping for all Acer series + 460f03794e Revert "hwdb: Apply Acer mappings to all Gateway and Packard Bell models" + fe9271ad84 test: return a non-zero return code when 'nobody' user doesn't exist + 29d355e755 fstab-generator: Prevent double free of reused FILE* + f30f1adc11 meson: make source files including nspawn-settings.h depend on libseccomp + 84bab914b8 alloc-util: don't use malloc_usable_size() to determine allocated size + 5240972d8d units: drop reference to sushell man page + 0a26de5e33 codespell: fix spelling errors + 582de105c8 nspawn-expose-ports: fix a typo in error message + +------------------------------------------------------------------- +Mon May 13 08:46:38 UTC 2019 - Franck Bui + +- Buildrequire polkit so /usr/share/polkit-1/rules.d has an owner + + Otherwise the "post build checks" would complain and would force + systemd to own this directory. The owner should still be "polkit" + and the perms should be in sync with the perm set by polkit + itself. + +------------------------------------------------------------------- +Thu May 9 07:13:44 UTC 2019 - Franck Bui + +- Add debug-only-remove-new-policies.patch + + A temporary patch to suppress the new DBUS methods introduced by + v242 until they are reviewed and whitelisted by the secteam. + +------------------------------------------------------------------- +Thu May 9 07:11:08 UTC 2019 - Franck Bui + +- Add a comment explaining why static enablement symlinks in /etc are suppressed + + Also remove any /etc/systemd/system/*.requires/ symlinks for the + same reason. + +------------------------------------------------------------------- +Thu May 2 15:24:45 UTC 2019 - Franck Bui + +- preset remote-cryptsetup.target during package installation + + This target is supposed to be part of the targets that should be + enabled (or not depending on the presets) at package installation. + +------------------------------------------------------------------- +Thu May 2 13:12:23 UTC 2019 - Franck Bui + +- Upgrade to v242 (commit 071c380dcc434dca2a0c8b6de0519cc9e816c6d6) + + See https://github.com/openSUSE/systemd/blob/SUSE/v242/NEWS for + details. + +------------------------------------------------------------------- +Wed Apr 24 07:23:44 UTC 2019 - Franck Bui + +- Drop "BuildRequires: -post-build-checks" from the specfile (bsc#1130230) + + The syntax of this directive is obsolete and should be replaced by + "#!BuildIgnore: post-build-checks". + + However there's no good reasons to disable these SUSE extra checks, + so let's re-enable them and fix the few errors it detected. + ------------------------------------------------------------------- Fri Apr 12 14:13:54 UTC 2019 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 168751e7..8ff76041 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.46.g4e6e66ea9 +%define suse_version +suse.75.g9984a86d0d %bcond_with gnuefi %if 0%{?bootstrap} @@ -53,19 +53,19 @@ Name: systemd-mini Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 241 +Version: 242 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later Group: System/Base BuildRoot: %{_tmppath}/%{name}-%{version}-build %if ! 0%{?bootstrap} -BuildRequires: -post-build-checks BuildRequires: docbook-xsl-stylesheets BuildRequires: kbd BuildRequires: libapparmor-devel BuildRequires: libgcrypt-devel BuildRequires: libxslt-tools +BuildRequires: polkit # python is only required for generating systemd.directives.xml BuildRequires: python3 BuildRequires: python3-lxml @@ -167,6 +167,7 @@ Source200: scripts-udev-convert-lib-udev-path.sh # merged by upstream. Patch1: 0001-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch2: 0001-logind-keep-backward-compatibility-with-UserTasksMax.patch +Patch3: debug-only-remove-new-policies.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -544,7 +545,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel -rm -rf %{buildroot}/etc/systemd/system/*.target.wants + +# Make sure we don't ship static enablement symlinks in /etc during +# installation, presets should be honoured instead. +rm -rf %{buildroot}/etc/systemd/system/*.target.{requires,wants} rm -f %{buildroot}/etc/systemd/system/default.target # Replace /etc/pam.d/systemd-user shipped by upstream with the openSUSE one. @@ -606,6 +610,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d # Make sure directories in /var exist mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog + # Create ghost databases touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin @@ -732,6 +737,7 @@ systemctl daemon-reexec || : # Create default config in /etc at first install. # Later package updates should not overwrite these settings. +%systemd_post remote-cryptsetup.target %systemd_post getty@.service %systemd_post machines.target %systemd_post remote-fs.target @@ -942,6 +948,7 @@ fi %{_bindir}/systemd-cat %dir %{_prefix}/lib/kernel %dir %{_prefix}/lib/kernel/install.d +%{_prefix}/lib/kernel/install.d/00-entry-directory.install %{_prefix}/lib/kernel/install.d/50-depmod.install %{_prefix}/lib/kernel/install.d/90-loaderentry.install %dir %{_prefix}/lib/systemd @@ -1090,11 +1097,9 @@ fi %{_datadir}/dbus-1/system.d/org.freedesktop.timedate1.conf %{_datadir}/dbus-1/system.d/org.freedesktop.timesync1.conf %if %{with networkd} -%{_sysconfdir}/systemd/system/dbus-org.freedesktop.network1.service %{_datadir}/dbus-1/system.d/org.freedesktop.network1.conf %endif %if %{with resolved} -%{_sysconfdir}/systemd/system/dbus-org.freedesktop.resolve1.service %{_datadir}/dbus-1/system.d/org.freedesktop.resolve1.conf %endif @@ -1263,7 +1268,7 @@ fi %{_prefix}/lib/udev/scripts/ %dir %{_sysconfdir}/udev/ %dir %{_sysconfdir}/udev/rules.d/ -%ghost %{_sysconfdir}/udev/hwdb.bin +%ghost %attr(444, root, root) %{_sysconfdir}/udev/hwdb.bin %config(noreplace) %{_sysconfdir}/udev/udev.conf %if ! 0%{?bootstrap} %{_mandir}/man5/udev* diff --git a/systemd-v241+suse.46.g4e6e66ea9.tar.xz b/systemd-v241+suse.46.g4e6e66ea9.tar.xz deleted file mode 100644 index 381248ae..00000000 --- a/systemd-v241+suse.46.g4e6e66ea9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5f2a3be6a40ed5994348c6db064051f09470bdfd0f0be6012b01209f26ccf3ee -size 5192692 diff --git a/systemd-v242+suse.75.g9984a86d0d.tar.xz b/systemd-v242+suse.75.g9984a86d0d.tar.xz new file mode 100644 index 00000000..50615f14 --- /dev/null +++ b/systemd-v242+suse.75.g9984a86d0d.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d5ad0c9c95ffa3b089676482ccdf91c72d6e2a01f4f97eece0264a737afc9af5 +size 5323056 diff --git a/systemd.changes b/systemd.changes index 3eb25d2f..51e13e4c 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,78 @@ +------------------------------------------------------------------- +Tue May 14 14:27:12 UTC 2019 - Franck Bui + +- Import commit 9984a86d0d2259d54c7060f9c09f214202b4efa7 + + f2459bf373 random-util: eat up bad RDRAND values seen on AMD CPUs + c90a2e9793 util-lib: fix a typo in rdrand + 4db1cc9d46 random-util: rename "err" to "success" + 981a62a102 random-util: hash AT_RANDOM getauxval() value before using it + 64a9c3d918 random-util: use gcc's bit_RDRND definition if it exists + c5d6ecfdca random-util: rename RANDOM_DONT_DRAIN → RANDOM_MAY_FAIL + 298d13df7e network: remove redunant link name in message + 77cbde31f2 hwdb: Align airplane mode toggle key mapping for all Acer series + 460f03794e Revert "hwdb: Apply Acer mappings to all Gateway and Packard Bell models" + fe9271ad84 test: return a non-zero return code when 'nobody' user doesn't exist + 29d355e755 fstab-generator: Prevent double free of reused FILE* + f30f1adc11 meson: make source files including nspawn-settings.h depend on libseccomp + 84bab914b8 alloc-util: don't use malloc_usable_size() to determine allocated size + 5240972d8d units: drop reference to sushell man page + 0a26de5e33 codespell: fix spelling errors + 582de105c8 nspawn-expose-ports: fix a typo in error message + +------------------------------------------------------------------- +Mon May 13 08:46:38 UTC 2019 - Franck Bui + +- Buildrequire polkit so /usr/share/polkit-1/rules.d has an owner + + Otherwise the "post build checks" would complain and would force + systemd to own this directory. The owner should still be "polkit" + and the perms should be in sync with the perm set by polkit + itself. + +------------------------------------------------------------------- +Thu May 9 07:13:44 UTC 2019 - Franck Bui + +- Add debug-only-remove-new-policies.patch + + A temporary patch to suppress the new DBUS methods introduced by + v242 until they are reviewed and whitelisted by the secteam. + +------------------------------------------------------------------- +Thu May 9 07:11:08 UTC 2019 - Franck Bui + +- Add a comment explaining why static enablement symlinks in /etc are suppressed + + Also remove any /etc/systemd/system/*.requires/ symlinks for the + same reason. + +------------------------------------------------------------------- +Thu May 2 15:24:45 UTC 2019 - Franck Bui + +- preset remote-cryptsetup.target during package installation + + This target is supposed to be part of the targets that should be + enabled (or not depending on the presets) at package installation. + +------------------------------------------------------------------- +Thu May 2 13:12:23 UTC 2019 - Franck Bui + +- Upgrade to v242 (commit 071c380dcc434dca2a0c8b6de0519cc9e816c6d6) + + See https://github.com/openSUSE/systemd/blob/SUSE/v242/NEWS for + details. + +------------------------------------------------------------------- +Wed Apr 24 07:23:44 UTC 2019 - Franck Bui + +- Drop "BuildRequires: -post-build-checks" from the specfile (bsc#1130230) + + The syntax of this directive is obsolete and should be replaced by + "#!BuildIgnore: post-build-checks". + + However there's no good reasons to disable these SUSE extra checks, + so let's re-enable them and fix the few errors it detected. + ------------------------------------------------------------------- Fri Apr 12 14:13:54 UTC 2019 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 03bf9e96..245e57c2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.46.g4e6e66ea9 +%define suse_version +suse.75.g9984a86d0d %bcond_with gnuefi %if 0%{?bootstrap} @@ -51,19 +51,19 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 241 +Version: 242 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later Group: System/Base BuildRoot: %{_tmppath}/%{name}-%{version}-build %if ! 0%{?bootstrap} -BuildRequires: -post-build-checks BuildRequires: docbook-xsl-stylesheets BuildRequires: kbd BuildRequires: libapparmor-devel BuildRequires: libgcrypt-devel BuildRequires: libxslt-tools +BuildRequires: polkit # python is only required for generating systemd.directives.xml BuildRequires: python3 BuildRequires: python3-lxml @@ -165,6 +165,7 @@ Source200: scripts-udev-convert-lib-udev-path.sh # merged by upstream. Patch1: 0001-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch2: 0001-logind-keep-backward-compatibility-with-UserTasksMax.patch +Patch3: debug-only-remove-new-policies.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -542,7 +543,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel -rm -rf %{buildroot}/etc/systemd/system/*.target.wants + +# Make sure we don't ship static enablement symlinks in /etc during +# installation, presets should be honoured instead. +rm -rf %{buildroot}/etc/systemd/system/*.target.{requires,wants} rm -f %{buildroot}/etc/systemd/system/default.target # Replace /etc/pam.d/systemd-user shipped by upstream with the openSUSE one. @@ -604,6 +608,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d # Make sure directories in /var exist mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog + # Create ghost databases touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin @@ -730,6 +735,7 @@ systemctl daemon-reexec || : # Create default config in /etc at first install. # Later package updates should not overwrite these settings. +%systemd_post remote-cryptsetup.target %systemd_post getty@.service %systemd_post machines.target %systemd_post remote-fs.target @@ -940,6 +946,7 @@ fi %{_bindir}/systemd-cat %dir %{_prefix}/lib/kernel %dir %{_prefix}/lib/kernel/install.d +%{_prefix}/lib/kernel/install.d/00-entry-directory.install %{_prefix}/lib/kernel/install.d/50-depmod.install %{_prefix}/lib/kernel/install.d/90-loaderentry.install %dir %{_prefix}/lib/systemd @@ -1088,11 +1095,9 @@ fi %{_datadir}/dbus-1/system.d/org.freedesktop.timedate1.conf %{_datadir}/dbus-1/system.d/org.freedesktop.timesync1.conf %if %{with networkd} -%{_sysconfdir}/systemd/system/dbus-org.freedesktop.network1.service %{_datadir}/dbus-1/system.d/org.freedesktop.network1.conf %endif %if %{with resolved} -%{_sysconfdir}/systemd/system/dbus-org.freedesktop.resolve1.service %{_datadir}/dbus-1/system.d/org.freedesktop.resolve1.conf %endif @@ -1261,7 +1266,7 @@ fi %{_prefix}/lib/udev/scripts/ %dir %{_sysconfdir}/udev/ %dir %{_sysconfdir}/udev/rules.d/ -%ghost %{_sysconfdir}/udev/hwdb.bin +%ghost %attr(444, root, root) %{_sysconfdir}/udev/hwdb.bin %config(noreplace) %{_sysconfdir}/udev/udev.conf %if ! 0%{?bootstrap} %{_mandir}/man5/udev*