From 71e59a286b41aa19bda909c24f9b4462b3dbcb8e6f8a56ead2cdba6da93992b3 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Fri, 23 Jun 2017 11:30:07 +0000 Subject: [PATCH 1/4] Accepting request 505715 from home:fbui:systemd:Factory - Don't try to restart networkd/resolved if they're disabled (boo#1045521) - Stop shipping /usr/lib/sysusers.d/basic.conf (bsc#1006978) OBS-URL: https://build.opensuse.org/request/show/505715 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=979 --- systemd-mini.changes | 27 ++++++++++++++++++++++++++- systemd-mini.spec | 25 +++++++++++++++---------- systemd.changes | 27 ++++++++++++++++++++++++++- systemd.spec | 25 +++++++++++++++---------- 4 files changed, 82 insertions(+), 22 deletions(-) diff --git a/systemd-mini.changes b/systemd-mini.changes index ffafade9..09daca09 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Jun 22 15:24:22 UTC 2017 - fbui@suse.com + +- Don't try to restart networkd/resolved if they're disabled (boo#1045521) + + "systemctl try-restart/preset" wants the unit files exist. + +------------------------------------------------------------------- +Thu Jun 22 13:50:46 UTC 2017 - fbui@suse.com + +- Stop shipping /usr/lib/sysusers.d/basic.conf (bsc#1006978) + + Ok looks like the previous change was the right thing to do and we + continue to follow this path by relying on the new user/group scheme + + Therefore the basic system user/group are now managed and created by + system-sysusers and udev also relies on this for the groups it uses + in its rule files. + + Ideally we should have listed all of the groups in the deps (with + "Requires: group(disk)" but the list of the groups is rather long + and the risk for those groups to be re-organized is probably low, so + currently we simply use "Requires: system-group-hardware" as a + shortcut. + ------------------------------------------------------------------- Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com @@ -11,7 +36,7 @@ Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com package isn't pulled in anymore when building the rescue system. For now make systemd creates the group by adding - "Requires: group(post)". + "Requires: group(lock)". I'm currently not sure why we don't use sysusers.d stuff for that purpose and if the "lock" group on /run/lock is still diff --git a/systemd-mini.spec b/systemd-mini.spec index a40555f2..a33d0889 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -225,9 +225,8 @@ Summary: A rule-based device node and kernel event manager License: GPL-2.0 Group: System/Kernel Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html +Requires: system-group-hardware Requires(pre): /usr/bin/stat -Requires(pre): /usr/sbin/groupadd -Requires(pre): /usr/bin/getent Requires(post): sed Requires(post): /usr/bin/systemctl @@ -530,6 +529,10 @@ rm %{buildroot}%{_libexecdir}/systemd/libsystemd-shared.so # aaa_base (in procps for now) rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf +# The definition of the basic users/groups are defined by system-user +# on SUSE (bsc#1006978). +rm -f %{buildroot}%{_prefix}/lib/sysusers.d/basic.conf + # Remove README file in init.d as (SUSE) rpm requires executable files # in this directory... oh well. rm -f %{buildroot}/etc/init.d/README @@ -682,10 +685,14 @@ if [ $1 -eq 1 ]; then # unit. systemctl preset remote-fs.target || : systemctl preset getty@.service || : + systemctl preset systemd-timesyncd.service || : +%if %{with networkd} systemctl preset systemd-networkd.service || : systemctl preset systemd-networkd-wait-online.service || : - systemctl preset systemd-timesyncd.service || : +%endif +%if %{with resolved} systemctl preset systemd-resolved.service || : +%endif fi >/dev/null # since v207 /etc/sysctl.conf is no longer parsed, however @@ -745,9 +752,13 @@ fi %systemd_postun # Avoid restarting logind until fixed upstream (issue #1163) %systemd_postun_with_restart systemd-journald.service -%systemd_postun_with_restart systemd-networkd.service %systemd_postun_with_restart systemd-timesyncd.service +%if %{with networkd} +%systemd_postun_with_restart systemd-networkd.service +%endif +%if %{with resolved} %systemd_postun_with_restart systemd-resolved.service +%endif %pretrans -n udev%{?mini} -p if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then @@ -773,12 +784,6 @@ if [ $1 -eq 1 ]; then echo "COMPAT_SYMLINK_GENERATION=2">/usr/lib/udev/compat-symlink-generation fi -# Create "tape"/"input" group which is referenced by some udev rules -# that we're shipping. FIXME: maybe we should consider using -# "sysusers_create basic.conf" instead ? -getent group tape >/dev/null || groupadd -r tape || : -getent group input >/dev/null || groupadd -r input || : - %post -n udev%{?mini} %udev_hwdb_update diff --git a/systemd.changes b/systemd.changes index ffafade9..09daca09 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Jun 22 15:24:22 UTC 2017 - fbui@suse.com + +- Don't try to restart networkd/resolved if they're disabled (boo#1045521) + + "systemctl try-restart/preset" wants the unit files exist. + +------------------------------------------------------------------- +Thu Jun 22 13:50:46 UTC 2017 - fbui@suse.com + +- Stop shipping /usr/lib/sysusers.d/basic.conf (bsc#1006978) + + Ok looks like the previous change was the right thing to do and we + continue to follow this path by relying on the new user/group scheme + + Therefore the basic system user/group are now managed and created by + system-sysusers and udev also relies on this for the groups it uses + in its rule files. + + Ideally we should have listed all of the groups in the deps (with + "Requires: group(disk)" but the list of the groups is rather long + and the risk for those groups to be re-organized is probably low, so + currently we simply use "Requires: system-group-hardware" as a + shortcut. + ------------------------------------------------------------------- Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com @@ -11,7 +36,7 @@ Fri Jun 16 09:14:43 UTC 2017 - fbui@suse.com package isn't pulled in anymore when building the rescue system. For now make systemd creates the group by adding - "Requires: group(post)". + "Requires: group(lock)". I'm currently not sure why we don't use sysusers.d stuff for that purpose and if the "lock" group on /run/lock is still diff --git a/systemd.spec b/systemd.spec index 55318178..512bce3d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -223,9 +223,8 @@ Summary: A rule-based device node and kernel event manager License: GPL-2.0 Group: System/Kernel Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html +Requires: system-group-hardware Requires(pre): /usr/bin/stat -Requires(pre): /usr/sbin/groupadd -Requires(pre): /usr/bin/getent Requires(post): sed Requires(post): /usr/bin/systemctl @@ -528,6 +527,10 @@ rm %{buildroot}%{_libexecdir}/systemd/libsystemd-shared.so # aaa_base (in procps for now) rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf +# The definition of the basic users/groups are defined by system-user +# on SUSE (bsc#1006978). +rm -f %{buildroot}%{_prefix}/lib/sysusers.d/basic.conf + # Remove README file in init.d as (SUSE) rpm requires executable files # in this directory... oh well. rm -f %{buildroot}/etc/init.d/README @@ -680,10 +683,14 @@ if [ $1 -eq 1 ]; then # unit. systemctl preset remote-fs.target || : systemctl preset getty@.service || : + systemctl preset systemd-timesyncd.service || : +%if %{with networkd} systemctl preset systemd-networkd.service || : systemctl preset systemd-networkd-wait-online.service || : - systemctl preset systemd-timesyncd.service || : +%endif +%if %{with resolved} systemctl preset systemd-resolved.service || : +%endif fi >/dev/null # since v207 /etc/sysctl.conf is no longer parsed, however @@ -743,9 +750,13 @@ fi %systemd_postun # Avoid restarting logind until fixed upstream (issue #1163) %systemd_postun_with_restart systemd-journald.service -%systemd_postun_with_restart systemd-networkd.service %systemd_postun_with_restart systemd-timesyncd.service +%if %{with networkd} +%systemd_postun_with_restart systemd-networkd.service +%endif +%if %{with resolved} %systemd_postun_with_restart systemd-resolved.service +%endif %pretrans -n udev%{?mini} -p if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then @@ -771,12 +782,6 @@ if [ $1 -eq 1 ]; then echo "COMPAT_SYMLINK_GENERATION=2">/usr/lib/udev/compat-symlink-generation fi -# Create "tape"/"input" group which is referenced by some udev rules -# that we're shipping. FIXME: maybe we should consider using -# "sysusers_create basic.conf" instead ? -getent group tape >/dev/null || groupadd -r tape || : -getent group input >/dev/null || groupadd -r input || : - %post -n udev%{?mini} %udev_hwdb_update From 8699de76e48aafab5069ab5e405ac2c2e91dc4f34cd7f9b54359a739d77406d4 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Thu, 6 Jul 2017 13:07:38 +0000 Subject: [PATCH 2/4] Accepting request 508561 from home:fbui:systemd:Factory - Import commit 21827ea0875ff197e16e72003b2bfaa1c6e8daad 1ad06735f core: fail when syntactically invalid values for User=/Group= fields are detected (bsc#1047023) d563972e2 timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly f4e0c16f5 gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) e1345aac5 fix add_esp() in the gpt-auto-generator.c (#6251) c591ece9a automount: don't lstat(2) upon umount request (#6086) (bsc#1040968) 643ab2eea gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab f07d2022f fstab-util: introduce fstab_has_fstype() helper bf735bb35 fstab-util: don't eat up errors in fstab_is_mount_point() a4b40fbed resolved: simplify alloc size calculation (bsc#1045290 CVE-2017-9445) 8b960bec0 only check signature job error if signature job exists (#6118) (boo#1043758) 1418bfb5b job: Ensure JobRunningTimeoutSec= survives serialization (#6128) (bsc#1004995) 19b6d5f08 udev: turn off -Wformat-nonliteral for one safe case 717ace439 udev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933) a3bf2e6b5 core/mount: pass "-c" flag to /bin/umount (#6093) - Add minimal support for boot.d/* scripts in systemd-sysv-convert (boo#1046750) While at it, the handling of the symlink priorities is also removed since it doesn't appear to be used at all. OBS-URL: https://build.opensuse.org/request/show/508561 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=980 --- systemd-233.tar.xz | 4 +- systemd-mini.changes | 28 +++++++++++ systemd-sysv-convert | 113 +++++++++++++------------------------------ systemd.changes | 28 +++++++++++ 4 files changed, 91 insertions(+), 82 deletions(-) diff --git a/systemd-233.tar.xz b/systemd-233.tar.xz index 15902cbf..a77e6941 100644 --- a/systemd-233.tar.xz +++ b/systemd-233.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:68abe8a1ad8d19c64f4e10fdee7b8aceebc7d49fc2bb2711408171bdc841e67a -size 3255548 +oid sha256:31fe0c3bea971e0dd40b9bec3f08080859ab3710f3882e0009582dd0bf16086d +size 3257376 diff --git a/systemd-mini.changes b/systemd-mini.changes index 09daca09..ec11b71d 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com + +- Import commit 21827ea0875ff197e16e72003b2bfaa1c6e8daad + + 1ad06735f core: fail when syntactically invalid values for User=/Group= fields are detected (bsc#1047023) + d563972e2 timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly + f4e0c16f5 gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) + e1345aac5 fix add_esp() in the gpt-auto-generator.c (#6251) + c591ece9a automount: don't lstat(2) upon umount request (#6086) (bsc#1040968) + 643ab2eea gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab + f07d2022f fstab-util: introduce fstab_has_fstype() helper + bf735bb35 fstab-util: don't eat up errors in fstab_is_mount_point() + a4b40fbed resolved: simplify alloc size calculation (bsc#1045290 CVE-2017-9445) + 8b960bec0 only check signature job error if signature job exists (#6118) (boo#1043758) + 1418bfb5b job: Ensure JobRunningTimeoutSec= survives serialization (#6128) (bsc#1004995) + 19b6d5f08 udev: turn off -Wformat-nonliteral for one safe case + 717ace439 udev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933) + a3bf2e6b5 core/mount: pass "-c" flag to /bin/umount (#6093) + +------------------------------------------------------------------- +Wed Jul 5 07:15:17 UTC 2017 - fbui@suse.com + +- Add minimal support for boot.d/* scripts in systemd-sysv-convert (boo#1046750) + + While at it, the handling of the symlink priorities is also removed + since it doesn't appear to be used at all. + ------------------------------------------------------------------- Thu Jun 22 15:24:22 UTC 2017 - fbui@suse.com diff --git a/systemd-sysv-convert b/systemd-sysv-convert index 479c8ba3..5d07c48d 100644 --- a/systemd-sysv-convert +++ b/systemd-sysv-convert @@ -5,8 +5,7 @@ if [ "$UID" != "0" ]; then exit 1 fi -declare -A results_runlevel -declare -A results_priority +declare -A results_target usage() { cat << EOF @@ -33,75 +32,30 @@ EOF } find_service() { - local service - local runlevel - declare -i priority + local service=$1 + local rcnd=$2 - service=$1 - runlevel=$2 - priority=-1 - - for l in $(ls /etc/rc.d/rc$runlevel.d/) ; do - initscript=$(basename $l) - if [ ${initscript:0:1} != "S" -o ${initscript:3} != "$service" ]; then - continue - fi - if [ ${initscript:1:2} -ge 0 -a ${initscript:1:2} -le 99 -a ${initscript:1:2} -ge $priority ]; then - if [ ${initscript:1:1} == 0 ]; then - priority=${initscript:2:1} - else - priority=${initscript:1:2} - fi - fi - done - if [ $priority -ge 0 ]; then - return $priority - fi - return 255 + case $rcnd in + boot.d) [ -L /etc/rc.d/$rcnd/S??boot.$service ] ;; + *) [ -L /etc/rc.d/$rcnd/S??$service ] + esac } lookup_database() { - local services + local services=$@ local service - local service_file local runlevel local priority - local -i k - declare -a parsed - services=$@ - k=0 - results_runlevel=() - results_priority=() - - while read line ; do - k+=1 - parsed=($line) - service=${parsed[0]} - runlevel=${parsed[1]} - priority=${parsed[2]} - if [ $runlevel -lt 2 -o $runlevel -gt 5 ]; then - echo "Runlevel out of bounds in database line $k. Ignoring" >/dev/stderr - continue - fi - if [ $priority -lt 0 -o $priority -gt 99 ]; then - echo "Priority out of bounds in database line $k. Ignoring" >/dev/stderr - continue - fi - - declare -i found - found=0 + # 'priority' field is not used but is kept for backward compat + # reason. + while read service runlevel priority; do for s in $services ; do if [ $s == $service ]; then - found=1 - continue + results_target[$service]+=" runlevel$runlevel.target" + break fi done - if [ $found -eq 0 ]; then - continue - fi - results_runlevel[$service]+=" $runlevel" - results_priority[$service]+=" $priority" done < /var/lib/systemd/sysv-convert/database } @@ -114,16 +68,19 @@ case "$1" in --save) shift for service in $@ ; do - if [ ! -r "/etc/init.d/$service" ]; then + if [ ! -r /etc/init.d/$service ] && [ ! -r /etc/init.d/boot.$service ]; then echo "SysV service $service does not exist, skipping" continue fi - for runlevel in 2 3 4 5; do - find_service $service $runlevel - priority=$? - if [ $priority -lt 255 ]; then - echo "$service $runlevel $priority" >>/var/lib/systemd/sysv-convert/database - fi + for rcnd in rc2.d rc3.d rc4.d rc5.d boot.d; do + case $rcnd in + rc*.d) runlevel=${rcnd:2:1} ;; + boot.d) runlevel=3 ;; + esac + + # Write a dumb priority as it is not used. + find_service $service $rcnd && + echo "$service $runlevel 50" >>/var/lib/systemd/sysv-convert/database done done ;; @@ -132,17 +89,13 @@ case "$1" in services=$@ lookup_database $services for service in $services; do - if [ -z "${results_runlevel[$service]}" ]; then - echo No information found about service $service found. >/dev/stderr + if [ -z "${results_target[$service]}" ]; then + echo "No information about service $service found." >/dev/stderr let fail++ continue fi - declare -i count - count=0 - priority=(${results_priority[$service]}) - for runlevel in ${results_runlevel[$service]}; do - echo SysV service $service enabled in runlevel $runlevel at priority ${priority[$count]} - count+=1 + for target in ${results_target[$service]}; do + echo "SysV service '$service' is pulled by $target" done done ;; @@ -170,16 +123,16 @@ case "$1" in if [ -e /var/lib/systemd/sysv-convert/database ]; then lookup_database $services for service in $services; do - [ -f "/lib/systemd/system/$service.service" ] && service_file="/lib/systemd/system/$service.service" - [ -f "/usr/lib/systemd/system/$service.service" ] && service_file="/usr/lib/systemd/system/$service.service" + [ -f "/lib/systemd/system/$service.service" ] && unit="/lib/systemd/system/$service.service" + [ -f "/usr/lib/systemd/system/$service.service" ] && unit="/usr/lib/systemd/system/$service.service" # If $service is not present in the database, # then it simply means that the sysv init # service was not enabled at all. - for runlevel in ${results_runlevel[$service]}; do - echo ln -sf $service_file /etc/systemd/system/runlevel$runlevel.target.wants/$service.service >/dev/stderr - mkdir -p "/etc/systemd/system/runlevel$runlevel.target.wants" - /bin/ln -sf $service_file /etc/systemd/system/runlevel$runlevel.target.wants/$service.service + for target in ${results_target[$service]}; do + echo ln -sf $unit /etc/systemd/system/$target.wants/$service.service >/dev/stderr + mkdir -p "/etc/systemd/system/$target.wants" + /bin/ln -sf $unit /etc/systemd/system/$target.wants/$service.service done done fi diff --git a/systemd.changes b/systemd.changes index 09daca09..ec11b71d 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com + +- Import commit 21827ea0875ff197e16e72003b2bfaa1c6e8daad + + 1ad06735f core: fail when syntactically invalid values for User=/Group= fields are detected (bsc#1047023) + d563972e2 timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly + f4e0c16f5 gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) + e1345aac5 fix add_esp() in the gpt-auto-generator.c (#6251) + c591ece9a automount: don't lstat(2) upon umount request (#6086) (bsc#1040968) + 643ab2eea gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab + f07d2022f fstab-util: introduce fstab_has_fstype() helper + bf735bb35 fstab-util: don't eat up errors in fstab_is_mount_point() + a4b40fbed resolved: simplify alloc size calculation (bsc#1045290 CVE-2017-9445) + 8b960bec0 only check signature job error if signature job exists (#6118) (boo#1043758) + 1418bfb5b job: Ensure JobRunningTimeoutSec= survives serialization (#6128) (bsc#1004995) + 19b6d5f08 udev: turn off -Wformat-nonliteral for one safe case + 717ace439 udev: net_id add support for platform bus (ACPI, mostly arm64) devices (#5933) + a3bf2e6b5 core/mount: pass "-c" flag to /bin/umount (#6093) + +------------------------------------------------------------------- +Wed Jul 5 07:15:17 UTC 2017 - fbui@suse.com + +- Add minimal support for boot.d/* scripts in systemd-sysv-convert (boo#1046750) + + While at it, the handling of the symlink priorities is also removed + since it doesn't appear to be used at all. + ------------------------------------------------------------------- Thu Jun 22 15:24:22 UTC 2017 - fbui@suse.com From 19921c07ada7b378b545396f7f6f0be183b5e5c0c86813817371f02862dbd7c5 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Thu, 6 Jul 2017 14:18:03 +0000 Subject: [PATCH 3/4] Accepting request 508587 from home:fbui:systemd:Factory - Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886) Temporary patch to disable the session keyring stuff as it's currently broken and may introduce some security holes. OBS-URL: https://build.opensuse.org/request/show/508587 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=981 --- ...sion-keyring-per-system-sevice-entir.patch | 31 +++++++++++++++++++ systemd-mini.changes | 8 +++++ systemd-mini.spec | 9 ++++++ systemd.changes | 8 +++++ systemd.spec | 9 ++++++ 5 files changed, 65 insertions(+) create mode 100644 0001-core-disable-session-keyring-per-system-sevice-entir.patch diff --git a/0001-core-disable-session-keyring-per-system-sevice-entir.patch b/0001-core-disable-session-keyring-per-system-sevice-entir.patch new file mode 100644 index 00000000..62580997 --- /dev/null +++ b/0001-core-disable-session-keyring-per-system-sevice-entir.patch @@ -0,0 +1,31 @@ +From 30cceac444bcc67896611154b051669225abaa93 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 6 Jul 2017 15:48:10 +0200 +Subject: [PATCH] core: disable session keyring per system sevice entirely + for now + +It seems that this stuff needs more thoughts... + +See also: +https://github.com/systemd/systemd/pull/6286 + +[fbui: fixes bnc#1045886] +--- + src/core/service.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 74054887b..874f2be93 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -1341,7 +1341,6 @@ static int service_spawn( + } else + path = UNIT(s)->cgroup_path; + +- exec_params.flags |= MANAGER_IS_SYSTEM(UNIT(s)->manager) ? EXEC_NEW_KEYRING : 0; + exec_params.argv = c->argv; + exec_params.environment = final_env; + exec_params.fds = fds; +-- +2.13.1 + diff --git a/systemd-mini.changes b/systemd-mini.changes index ec11b71d..d2288481 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com + +- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886) + + Temporary patch to disable the session keyring stuff as it's + currently broken and may introduce some security holes. + ------------------------------------------------------------------- Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com diff --git a/systemd-mini.spec b/systemd-mini.spec index a33d0889..87fc1e21 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -155,6 +155,14 @@ Source14: kbd-model-map.legacy Source1065: udev-remount-tmpfs +# Patches listed in here are really special cases. Normally all +# changes must go to upstream first and then are cherry-picked in the +# SUSE git repository. But in very few cases, some stuff might be +# broken in upstream and need an urgent fix. Even in this case, the +# patches are temporary and should be removed as soon as a fix is +# merged by upstream. +Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch + %description Systemd is a system and service manager, compatible with SysV and LSB init scripts for Linux. systemd provides aggressive parallelization @@ -398,6 +406,7 @@ Some systemd commands offer bash completion, but it is an optional dependency. %prep %setup -q -n systemd-%{version} +%autopatch -p1 # only needed for bootstrap %if 0%{?bootstrap} diff --git a/systemd.changes b/systemd.changes index ec11b71d..d2288481 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com + +- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886) + + Temporary patch to disable the session keyring stuff as it's + currently broken and may introduce some security holes. + ------------------------------------------------------------------- Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com diff --git a/systemd.spec b/systemd.spec index 512bce3d..4de82616 100644 --- a/systemd.spec +++ b/systemd.spec @@ -153,6 +153,14 @@ Source14: kbd-model-map.legacy Source1065: udev-remount-tmpfs +# Patches listed in here are really special cases. Normally all +# changes must go to upstream first and then are cherry-picked in the +# SUSE git repository. But in very few cases, some stuff might be +# broken in upstream and need an urgent fix. Even in this case, the +# patches are temporary and should be removed as soon as a fix is +# merged by upstream. +Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch + %description Systemd is a system and service manager, compatible with SysV and LSB init scripts for Linux. systemd provides aggressive parallelization @@ -396,6 +404,7 @@ Some systemd commands offer bash completion, but it is an optional dependency. %prep %setup -q -n systemd-%{version} +%autopatch -p1 # only needed for bootstrap %if 0%{?bootstrap} From 6a096ce3159a5b549a47d39e01d2615faf69363d68e072af294086a52cebd677 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Fri, 7 Jul 2017 09:06:42 +0000 Subject: [PATCH 4/4] Accepting request 508707 from home:jengelh:branches:Base:System - Edit pkgconfig(liblz4) dependency: liblz4 now uses 1.x *again* OBS-URL: https://build.opensuse.org/request/show/508707 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=982 --- systemd-mini.changes | 5 +++++ systemd-mini.spec | 2 +- systemd.changes | 5 +++++ systemd.spec | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/systemd-mini.changes b/systemd-mini.changes index d2288481..cf442750 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jul 7 08:19:41 UTC 2017 - jengelh@inai.de + +- Edit pkgconfig(liblz4) dependency: liblz4 now uses 1.x *again* + ------------------------------------------------------------------- Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com diff --git a/systemd-mini.spec b/systemd-mini.spec index 87fc1e21..dbb34853 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -83,7 +83,7 @@ BuildRequires: suse-module-tools >= 12.4 BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(blkid) >= 2.26 BuildRequires: pkgconfig(libkmod) >= 15 -BuildRequires: pkgconfig(liblz4) >= 125 +BuildRequires: pkgconfig(liblz4) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(libpcre) diff --git a/systemd.changes b/systemd.changes index d2288481..cf442750 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jul 7 08:19:41 UTC 2017 - jengelh@inai.de + +- Edit pkgconfig(liblz4) dependency: liblz4 now uses 1.x *again* + ------------------------------------------------------------------- Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com diff --git a/systemd.spec b/systemd.spec index 4de82616..680dcecb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -81,7 +81,7 @@ BuildRequires: suse-module-tools >= 12.4 BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(blkid) >= 2.26 BuildRequires: pkgconfig(libkmod) >= 15 -BuildRequires: pkgconfig(liblz4) >= 125 +BuildRequires: pkgconfig(liblz4) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(libpcre)