diff --git a/5003-core-when-switching-root-remove-run-systemd-before-e.patch b/5003-core-when-switching-root-remove-run-systemd-before-e.patch new file mode 100644 index 00000000..acb39cdd --- /dev/null +++ b/5003-core-when-switching-root-remove-run-systemd-before-e.patch @@ -0,0 +1,51 @@ +From 437ea859ca6fa13e1b4b5075c85f6a5ebe93cd01 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Wed, 17 Jul 2024 11:02:03 +0200 +Subject: [PATCH 5003/5003] core: when switching root remove /run/systemd + before executing the binary specified by init= + +It's important if the binary specified by the init= boot option is not systemd +otherwise it confuses systemctl that incorrectly assumes that systemd is still +the init system due to the presence of /run/systemd/system. + +Also some tools might also check the presence of /run/systemd/private to test +if systemd is running as pid1. + +(cherry picked from commit 8c28dd24427598214d4464565192ec3f3b1a74a4) +--- + src/core/main.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/core/main.c b/src/core/main.c +index 4b8a315d86..ae8272d7e7 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -80,6 +80,7 @@ + #include "psi-util.h" + #include "random-util.h" + #include "rlimit-util.h" ++#include "rm-rf.h" + #include "seccomp-util.h" + #include "selinux-setup.h" + #include "selinux-util.h" +@@ -2037,6 +2038,17 @@ static int do_reexecute( + arg_serialization = safe_fclose(arg_serialization); + fds = fdset_free(fds); + ++ /* Drop /run/systemd directory. Some of its content can be used as a flag indicating that systemd is ++ * the init system but we might be replacing it with something different. If systemd is used again it ++ * will recreate the directory and its content anyway. */ ++ r = rm_rf("/run/systemd.pre-switch-root", REMOVE_ROOT|REMOVE_MISSING_OK); ++ if (r < 0) ++ log_warning_errno(r, "Failed to prepare /run/systemd.pre-switch-root/, ignoring: %m"); ++ ++ r = RET_NERRNO(rename("/run/systemd", "/run/systemd.pre-switch-root")); ++ if (r < 0) ++ log_warning_errno(r, "Failed to move /run/systemd/ to /run/systemd.pre-switch-root/, ignoring: %m"); ++ + /* Reopen the console */ + (void) make_console_stdio(); + +-- +2.35.3 + diff --git a/5004-disable-session-freeze.patch b/5004-disable-session-freeze.patch new file mode 100644 index 00000000..bb78bddc --- /dev/null +++ b/5004-disable-session-freeze.patch @@ -0,0 +1,53 @@ +From: Michal Koutný +Date: Wed, 24 Jul 2024 14:20:17 +0200 +Subject: Disable session freeze + +Freezing of user.slice is not reliable and it breaks regular suspend/resume +operations for users [1]. +Disable the partial (user.slice) freezing (rely on kernel freezing of every +task upon suspend) since the benefit of user.slice freezing does not outweight +the breakage caused by cgroup freezing implementation. + +[1] https://github.com/systemd/systemd/issues/33083 +--- + src/home/homework.c | 7 ++++--- + src/sleep/sleep.c | 8 +++++--- + 2 files changed, 9 insertions(+), 6 deletions(-) + +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -603,12 +603,14 @@ static int run(int argc, char *argv[]) { + r = getenv_bool("SYSTEMD_SLEEP_FREEZE_USER_SESSIONS"); + if (r < 0 && r != -ENXIO) + log_warning_errno(r, "Cannot parse value of $SYSTEMD_SLEEP_FREEZE_USER_SESSIONS, ignoring."); ++ if (r == -ENXIO) ++ r = 0; /* Do not freeze by default unless requested */ + if (r != 0) + (void) unit_freezer_new_freeze(SPECIAL_USER_SLICE, &user_slice_freezer); + else +- log_notice("User sessions remain unfrozen on explicit request ($SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=0).\n" +- "This is not recommended, and might result in unexpected behavior, particularly\n" +- "in suspend-then-hibernate operations or setups with encrypted home directories."); ++ log_notice("User sessions remain unfrozen (add $SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=1 to override),\n" ++ "relying on kernel to perform the freeze.\n" ++ "This is a temporary downstream workaround for https://github.com/systemd/systemd/issues/33083."); + + switch (arg_operation) { + +--- a/src/home/homework.c ++++ b/src/home/homework.c +@@ -1879,10 +1879,11 @@ static int user_session_freezer(uid_t ui + r = getenv_bool("SYSTEMD_HOME_LOCK_FREEZE_SESSION"); + if (r < 0 && r != -ENXIO) + log_warning_errno(r, "Cannot parse value of $SYSTEMD_HOME_LOCK_FREEZE_SESSION, ignoring: %m"); +- else if (r == 0) { ++ else if (r == 0 || r == -ENXIO) { /* Do not freeze by default unless requested */ + if (freeze_now) +- log_notice("Session remains unfrozen on explicit request ($SYSTEMD_HOME_LOCK_FREEZE_SESSION=0).\n" +- "This is not recommended, and might result in unexpected behavior including data loss!"); ++ log_notice("Session remains unfrozen (add $SYSTEMD_HOME_LOCK_FREEZE_SESSION=1 to override).\n" ++ "This is a temporary downstream workaround for https://github.com/systemd/systemd/issues/33083.\n" ++ "Home locking is thus experimental and might result in unexpected behavior including data loss!"); + + *ret = NULL; + return 0; diff --git a/files.container b/files.container index 8692b83b..7dc9233e 100644 --- a/files.container +++ b/files.container @@ -5,13 +5,41 @@ %{_bindir}/systemd-nspawn %if %{without bootstrap} %{_datadir}/bash-completion/completions/systemd-nspawn +%endif +%{_datadir}/polkit-1/actions/io.systemd.mount-file-system.policy +%if %{without bootstrap} %{_datadir}/zsh/site-functions/_systemd-nspawn %{_mandir}/man1/systemd-nspawn.1.gz %{_mandir}/man5/systemd.nspawn.5.gz %{_mandir}/man8/libnss_mymachines.so.2.8.gz %{_mandir}/man8/nss-mymachines.8.gz +%{_mandir}/man8/systemd-mountfsd.8.gz +%{_mandir}/man8/systemd-mountfsd.service.8.gz +%{_mandir}/man8/systemd-nsresourced.8.gz +%{_mandir}/man8/systemd-nsresourced.service.8.gz %endif +%if %{with networkd} +%{_systemd_util_dir}/network/80-container-host0.network +%{_systemd_util_dir}/network/80-container-vb.link +%{_systemd_util_dir}/network/80-container-vb.network +%{_systemd_util_dir}/network/80-container-ve.link +%{_systemd_util_dir}/network/80-container-ve.network +%{_systemd_util_dir}/network/80-container-vz.link +%{_systemd_util_dir}/network/80-container-vz.network +%{_systemd_util_dir}/network/80-namespace-ns.link +%{_systemd_util_dir}/network/80-namespace-ns.network +%endif +%if %{without bootstrap} +%{_systemd_util_dir}/systemd-mountfsd +%{_systemd_util_dir}/systemd-mountwork +%{_systemd_util_dir}/systemd-nsresourced +%{_systemd_util_dir}/systemd-nsresourcework +%{_unitdir}/systemd-mountfsd.service +%{_unitdir}/systemd-mountfsd.socket %{_unitdir}/systemd-nspawn@.service +%{_unitdir}/systemd-nsresourced.service +%{_unitdir}/systemd-nsresourced.socket +%endif %if %{with machined} %dir %{_unitdir}/machines.target.wants @@ -43,12 +71,14 @@ %endif %if %{with importd} +%{_bindir}/importctl %{_datadir}/bash-completion/completions/importctl %{_datadir}/dbus-1/interfaces/org.freedesktop.import1.Manager.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.import1.Transfer.xml %{_datadir}/dbus-1/system-services/org.freedesktop.import1.service %{_datadir}/dbus-1/system.d/org.freedesktop.import1.conf %{_datadir}/polkit-1/actions/org.freedesktop.import1.policy +%{_mandir}/man1/importctl.1.gz %{_mandir}/man5/org.freedesktop.import1.5.gz %{_mandir}/man8/systemd-importd.8.gz %{_mandir}/man8/systemd-importd.service.8.gz diff --git a/files.devel-doc b/files.devel-doc index 35b059a3..50c29175 100644 --- a/files.devel-doc +++ b/files.devel-doc @@ -158,6 +158,7 @@ %{_mandir}/man3/sd_bus_creds_get_mask.3.gz %{_mandir}/man3/sd_bus_creds_get_owner_uid.3.gz %{_mandir}/man3/sd_bus_creds_get_pid.3.gz +%{_mandir}/man3/sd_bus_creds_get_pidfd_dup.3.gz %{_mandir}/man3/sd_bus_creds_get_ppid.3.gz %{_mandir}/man3/sd_bus_creds_get_selinux_context.3.gz %{_mandir}/man3/sd_bus_creds_get_session.3.gz @@ -179,6 +180,7 @@ %{_mandir}/man3/sd_bus_creds_has_inheritable_cap.3.gz %{_mandir}/man3/sd_bus_creds_has_permitted_cap.3.gz %{_mandir}/man3/sd_bus_creds_new_from_pid.3.gz +%{_mandir}/man3/sd_bus_creds_new_from_pidfd.3.gz %{_mandir}/man3/sd_bus_creds_ref.3.gz %{_mandir}/man3/sd_bus_creds_unref.3.gz %{_mandir}/man3/sd_bus_creds_unrefp.3.gz @@ -496,6 +498,7 @@ %{_mandir}/man3/sd_event_source_get_exit_on_failure.3.gz %{_mandir}/man3/sd_event_source_get_floating.3.gz %{_mandir}/man3/sd_event_source_get_inotify_mask.3.gz +%{_mandir}/man3/sd_event_source_get_inotify_path.3.gz %{_mandir}/man3/sd_event_source_get_io_events.3.gz %{_mandir}/man3/sd_event_source_get_io_fd.3.gz %{_mandir}/man3/sd_event_source_get_io_fd_own.3.gz @@ -636,6 +639,7 @@ %{_mandir}/man3/sd_journal_set_data_threshold.3.gz %{_mandir}/man3/sd_journal_step_one.3.gz %{_mandir}/man3/sd_journal_stream_fd.3.gz +%{_mandir}/man3/sd_journal_stream_fd_with_namespace.3.gz %{_mandir}/man3/sd_journal_test_cursor.3.gz %{_mandir}/man3/sd_journal_wait.3.gz %{_mandir}/man3/sd_listen_fds.3.gz diff --git a/files.experimental b/files.experimental index ee0675ca..4519ee60 100644 --- a/files.experimental +++ b/files.experimental @@ -12,25 +12,28 @@ # Main config files have been replaced in favor of drop-ins. %ghost %{_sysconfdir}/systemd/oomd.conf %{_bindir}/oomctl +%{_bindir}/run0 %{_bindir}/systemd-vmspawn %if %{with sd_boot} %{_bindir}/ukify %endif -%{_bindir}/varlinkctl %{_datadir}/bash-completion/completions/oomctl +%{_datadir}/bash-completion/completions/run0 +%{_datadir}/bash-completion/completions/systemd-vmspawn %{_datadir}/dbus-1/interfaces/org.freedesktop.oom1.Manager.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.portable1.Image.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.portable1.Manager.xml %{_datadir}/dbus-1/system-services/org.freedesktop.oom1.service %{_datadir}/dbus-1/system.d/org.freedesktop.oom1.conf %{_datadir}/zsh/site-functions/_oomctl +%{_datadir}/zsh/site-functions/_run0 %{_mandir}/man1/oomctl.1.gz +%{_mandir}/man1/run0.1.gz %{_mandir}/man1/systemd-measure.1.gz %{_mandir}/man1/systemd-vmspawn.1.gz %if %{with sd_boot} %{_mandir}/man1/ukify.1.gz %endif -%{_mandir}/man1/varlinkctl.1.gz %{_mandir}/man5/oomd.conf.5.gz %{_mandir}/man5/oomd.conf.d.5.gz %{_mandir}/man5/org.freedesktop.oom1.5.gz @@ -45,7 +48,6 @@ %{_mandir}/man8/systemd-pcrextend.8.gz %{_mandir}/man8/systemd-pcrfs-root.service.8.gz %{_mandir}/man8/systemd-pcrfs@.service.8.gz -%endif %{_mandir}/man8/systemd-pcrlock-file-system.service.8.gz %{_mandir}/man8/systemd-pcrlock-firmware-code.service.8.gz %{_mandir}/man8/systemd-pcrlock-firmware-config.service.8.gz @@ -54,7 +56,6 @@ %{_mandir}/man8/systemd-pcrlock-secureboot-authority.service.8.gz %{_mandir}/man8/systemd-pcrlock-secureboot-policy.service.8.gz %{_mandir}/man8/systemd-pcrlock.8.gz -%if %{with sd_boot} %{_mandir}/man8/systemd-pcrmachine.service.8.gz %{_mandir}/man8/systemd-pcrphase-initrd.service.8.gz %{_mandir}/man8/systemd-pcrphase-sysinit.service.8.gz @@ -67,12 +68,14 @@ %{_mandir}/man8/systemd-sysupdate.8.gz %{_mandir}/man8/systemd-sysupdate.service.8.gz %{_mandir}/man8/systemd-sysupdate.timer.8.gz +%{_mandir}/man8/systemd-tpm2-generator.8.gz %if %{with sd_boot} %{_mandir}/man8/systemd-tpm2-setup-early.service.8.gz %{_mandir}/man8/systemd-tpm2-setup.8.gz %{_mandir}/man8/systemd-tpm2-setup.service.8.gz %{_prefix}/lib/kernel/install.d/60-ukify.install %endif +%{_pam_vendordir}/systemd-run0 %{_prefix}/lib/pcrlock.d/350-action-efi-application.pcrlock %{_prefix}/lib/pcrlock.d/400-secureboot-separator.pcrlock.d/300-0x00000000.pcrlock %{_prefix}/lib/pcrlock.d/400-secureboot-separator.pcrlock.d/600-0xffffffff.pcrlock @@ -103,11 +106,13 @@ %if %{with sd_boot} %{_systemd_util_dir}/ukify %endif +%{_systemdgeneratordir}/systemd-tpm2-generator %{_sysusersdir}/systemd-oom.conf %{_unitdir}/initrd.target.wants/systemd-bsod.service %if %{with sd_boot} %{_unitdir}/initrd.target.wants/systemd-pcrphase-initrd.service %{_unitdir}/sockets.target.wants/systemd-pcrextend.socket +%{_unitdir}/sockets.target.wants/systemd-pcrlock.socket %endif %{_unitdir}/storage-target-mode.target %if %{with sd_boot} @@ -132,6 +137,8 @@ %{_unitdir}/systemd-pcrlock-make-policy.service %{_unitdir}/systemd-pcrlock-secureboot-authority.service %{_unitdir}/systemd-pcrlock-secureboot-policy.service +%{_unitdir}/systemd-pcrlock.socket +%{_unitdir}/systemd-pcrlock@.service %{_unitdir}/systemd-pcrmachine.service %{_unitdir}/systemd-pcrphase-initrd.service %{_unitdir}/systemd-pcrphase-sysinit.service @@ -146,3 +153,18 @@ %{_unitdir}/systemd-tpm2-setup-early.service %{_unitdir}/systemd-tpm2-setup.service %endif +%{_unitdir}/systemd-vmspawn@.service + +# ssh-generator: in the futur to be moved to the main package +%{_systemdgeneratordir}/systemd-ssh-generator +%if %{without bootstrap} +%{_mandir}/man8/systemd-ssh-generator.8.gz +%endif +# the ssh proxy will likely be promoted to systemd-container +%dir %{_distconfdir}/ssh +%dir %{_distconfdir}/ssh/ssh_config.d +%{_distconfdir}/ssh/ssh_config.d/20-systemd-ssh-proxy.conf +%{_systemd_util_dir}/systemd-ssh-proxy +%if %{without bootstrap} +%{_mandir}/man1/systemd-ssh-proxy.1.gz +%endif diff --git a/files.homed b/files.homed index 04605934..065a5e7d 100644 --- a/files.homed +++ b/files.homed @@ -1,14 +1,19 @@ # # Please keep the list sorted (with `LC_ALL=C sort`). # +%dir %{_distconfdir}/ssh +%dir %{_distconfdir}/ssh/sshd_config.d %{_bindir}/homectl +%{_bindir}/systemd-home-fallback-shell %{_datadir}/bash-completion/completions/homectl %{_datadir}/dbus-1/interfaces/org.freedesktop.home1.Home.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.home1.Manager.xml %{_datadir}/dbus-1/system-services/org.freedesktop.home1.service %{_datadir}/dbus-1/system.d/org.freedesktop.home1.conf %{_datadir}/polkit-1/actions/org.freedesktop.home1.policy +%{_distconfdir}/ssh/sshd_config.d/20-systemd-userdb.conf %{_mandir}/man1/homectl.1.gz +%{_mandir}/man1/systemd-homed-firstboot.service.1.gz %{_mandir}/man5/homed.conf.5.gz %{_mandir}/man5/homed.conf.d.5.gz %{_mandir}/man5/org.freedesktop.home1.5.gz @@ -20,4 +25,5 @@ %{_systemd_util_dir}/systemd-homed %{_systemd_util_dir}/systemd-homework %{_unitdir}/systemd-homed-activate.service +%{_unitdir}/systemd-homed-firstboot.service %{_unitdir}/systemd-homed.service diff --git a/files.network b/files.network index 2dd59e9a..a338b240 100644 --- a/files.network +++ b/files.network @@ -30,12 +30,11 @@ %{_mandir}/man8/systemd-networkd-wait-online@.service.8.gz %{_mandir}/man8/systemd-networkd.8.gz %{_mandir}/man8/systemd-networkd.service.8.gz +%{_systemd_util_dir}/network/80-6rd-tunnel.link %{_systemd_util_dir}/network/80-6rd-tunnel.network %{_systemd_util_dir}/network/80-auto-link-local.network.example -%{_systemd_util_dir}/network/80-container-host0.network -%{_systemd_util_dir}/network/80-container-vb.network -%{_systemd_util_dir}/network/80-container-ve.network -%{_systemd_util_dir}/network/80-container-vz.network +%{_systemd_util_dir}/network/80-container-host0-tun.network +%{_systemd_util_dir}/network/80-vm-vt.link %{_systemd_util_dir}/network/80-vm-vt.network %{_systemd_util_dir}/network/80-wifi-adhoc.network %{_systemd_util_dir}/network/80-wifi-ap.network.example @@ -46,6 +45,7 @@ %{_systemd_util_dir}/systemd-networkd-wait-online %{_sysusersdir}/systemd-network.conf %{_tmpfilesdir}/systemd-network.conf +%{_unitdir}/systemd-networkd-persistent-storage.service %{_unitdir}/systemd-networkd-wait-online.service %{_unitdir}/systemd-networkd-wait-online@.service %{_unitdir}/systemd-networkd.service diff --git a/files.systemd b/files.systemd index 477251f6..ea5011f3 100644 --- a/files.systemd +++ b/files.systemd @@ -134,9 +134,13 @@ %{_bindir}/systemd-tmpfiles %{_bindir}/systemd-tty-ask-password-agent %{_bindir}/systemd-umount +%{_bindir}/systemd-vpick %{_bindir}/timedatectl %if %{without bootstrap} %{_bindir}/userdbctl +%endif +%{_bindir}/varlinkctl +%if %{without bootstrap} %{_datadir}/bash-completion/completions/busctl %{_datadir}/bash-completion/completions/coredumpctl %{_datadir}/bash-completion/completions/hostnamectl @@ -157,6 +161,7 @@ %{_datadir}/bash-completion/completions/systemd-path %{_datadir}/bash-completion/completions/systemd-run %{_datadir}/bash-completion/completions/systemd-sysext +%{_datadir}/bash-completion/completions/systemd-vpick %{_datadir}/bash-completion/completions/timedatectl %endif # dbus introspection data for code generators: https://github.com/systemd/systemd/pull/20294 @@ -193,7 +198,9 @@ %{_datadir}/dbus-1/system.d/org.freedesktop.login1.conf %{_datadir}/dbus-1/system.d/org.freedesktop.systemd1.conf %{_datadir}/dbus-1/system.d/org.freedesktop.timedate1.conf +%{_datadir}/mime/packages/io.systemd.xml %{_datadir}/pkgconfig/systemd.pc +%{_datadir}/polkit-1/actions/io.systemd.credentials.policy %{_datadir}/polkit-1/actions/org.freedesktop.hostname1.policy %{_datadir}/polkit-1/actions/org.freedesktop.locale1.policy %{_datadir}/polkit-1/actions/org.freedesktop.login1.policy @@ -220,6 +227,7 @@ %{_datadir}/zsh/site-functions/_systemd-run %{_datadir}/zsh/site-functions/_systemd-tmpfiles %{_datadir}/zsh/site-functions/_timedatectl +%{_datadir}/zsh/site-functions/_varlinkctl %{_journalcatalogdir}/systemd.catalog %{_libdir}/libnss_myhostname.so.2 %{_libdir}/libnss_systemd.so.2 @@ -260,10 +268,13 @@ %{_mandir}/man1/systemd-stdio-bridge.1.gz %{_mandir}/man1/systemd-tty-ask-password-agent.1.gz %{_mandir}/man1/systemd-umount.1.gz +%{_mandir}/man1/systemd-vpick.1.gz %{_mandir}/man1/systemd.1.gz %{_mandir}/man1/timedatectl.1.gz %{_mandir}/man1/userdbctl.1.gz +%{_mandir}/man1/varlinkctl.1.gz %{_mandir}/man5/binfmt.d.5.gz +%{_mandir}/man5/capsule@.service.5.gz %{_mandir}/man5/coredump.conf.5.gz %{_mandir}/man5/coredump.conf.d.5.gz %{_mandir}/man5/dnssec-trust-anchors.d.5.gz @@ -334,6 +345,7 @@ %{_mandir}/man7/systemd.syntax.7.gz %{_mandir}/man7/systemd.system-credentials.7.gz %{_mandir}/man7/systemd.time.7.gz +%{_mandir}/man7/systemd.v.7.gz %{_mandir}/man8/30-systemd-environment-d-generator.8.gz %{_mandir}/man8/halt.8.gz %{_mandir}/man8/libnss_myhostname.so.2.8.gz @@ -517,6 +529,8 @@ %{_unitdir}/blockdev@.target %{_unitdir}/bluetooth.target %{_unitdir}/boot-complete.target +%{_unitdir}/capsule.slice +%{_unitdir}/capsule@.service %{_unitdir}/console-getty.service %{_unitdir}/container-getty@.service %{_unitdir}/ctrl-alt-del.target @@ -567,15 +581,6 @@ %{_unitdir}/printer.target %{_unitdir}/proc-sys-fs-binfmt_misc.automount %{_unitdir}/proc-sys-fs-binfmt_misc.mount -%if %{with upstream} -%{_unitdir}/quotaon-root.service -%endif -%if %{without upstream} -%{_unitdir}/quotaon.service -%endif -%if %{with upstream} -%{_unitdir}/quotaon@.service -%endif %{_unitdir}/reboot.target %{_unitdir}/remote-fs-pre.target %{_unitdir}/remote-fs.target @@ -591,11 +596,14 @@ %if %{without bootstrap} %{_unitdir}/sockets.target.wants/systemd-coredump.socket %endif +%{_unitdir}/sockets.target.wants/systemd-creds.socket +%{_unitdir}/sockets.target.wants/systemd-hostnamed.socket %{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket %{_unitdir}/sockets.target.wants/systemd-journald.socket %{_unitdir}/sockets.target.wants/systemd-sysext.socket %{_unitdir}/soft-reboot.target %{_unitdir}/sound.target +%{_unitdir}/ssh-access.target %{_unitdir}/swap.target %{_unitdir}/sys-fs-fuse-connections.mount %{_unitdir}/sys-kernel-config.mount @@ -638,13 +646,17 @@ %{_unitdir}/systemd-coredump.socket %{_unitdir}/systemd-coredump@.service %endif +%{_unitdir}/systemd-creds.socket +%{_unitdir}/systemd-creds@.service %{_unitdir}/systemd-exit.service %{_unitdir}/systemd-halt.service %{_unitdir}/systemd-hostnamed.service +%{_unitdir}/systemd-hostnamed.socket %{_unitdir}/systemd-journal-catalog-update.service %{_unitdir}/systemd-journal-flush.service %{_unitdir}/systemd-journald-audit.socket %{_unitdir}/systemd-journald-dev-log.socket +%{_unitdir}/systemd-journald-sync@.service %{_unitdir}/systemd-journald-varlink@.socket %{_unitdir}/systemd-journald.service %{_unitdir}/systemd-journald.socket @@ -689,4 +701,5 @@ %{_unitdir}/user@.service %{_unitdir}/user@.service.d/10-login-barrier.conf %{_unitdir}/user@0.service.d/10-login-barrier.conf +%{_userunitdir}/capsule@.target %{xinitconfdir}/xinitrc.d/50-systemd-user.sh diff --git a/files.udev b/files.udev index 09ba6c98..3ab30201 100644 --- a/files.udev +++ b/files.udev @@ -1,7 +1,6 @@ # # Please keep the list sorted (with `LC_ALL=C sort`). # -%config(noreplace) %{_sysconfdir}/udev/udev.conf %if %{without bootstrap} %dir %{_libdir}/cryptsetup %endif @@ -21,6 +20,7 @@ %dir %{_sysconfdir}/udev %dir %{_sysconfdir}/udev/iocost.conf.d %dir %{_sysconfdir}/udev/rules.d +%dir %{_sysconfdir}/udev/udev.conf.d %dir %{_systemd_util_dir}/network %if %{without bootstrap} %dir %{_systemd_util_dir}/repart @@ -87,6 +87,7 @@ %{_mandir}/man5/timesyncd.conf.5.gz %{_mandir}/man5/timesyncd.conf.d.5.gz %{_mandir}/man5/udev.conf.5.gz +%{_mandir}/man5/udev.conf.d.5.gz %{_mandir}/man5/vconsole.conf.5.gz %{_mandir}/man5/veritytab.5.gz %{_mandir}/man7/hwdb.7.gz @@ -110,6 +111,7 @@ %{_mandir}/man8/systemd-growfs-root.service.8.gz %{_mandir}/man8/systemd-growfs.8.gz %{_mandir}/man8/systemd-growfs@.service.8.gz +%{_mandir}/man8/systemd-hibernate-clear.service.8.gz %{_mandir}/man8/systemd-hibernate-resume-generator.8.gz %{_mandir}/man8/systemd-hibernate-resume.8.gz %{_mandir}/man8/systemd-hibernate.service.8.gz @@ -174,6 +176,7 @@ %{_prefix}/lib/udev/iocost.conf %{_prefix}/lib/udev/mtd_probe %{_prefix}/lib/udev/scsi_id +%{_prefix}/lib/udev/udev.conf %{_prefix}/lib/udev/v4l_id %{_systemd_util_dir}/network/99-default.link %{_systemd_util_dir}/ntp-units.d/80-systemd-timesync.list @@ -260,6 +263,7 @@ %{_udevhwdbdir}/70-analyzers.hwdb %{_udevhwdbdir}/70-av-production.hwdb %{_udevhwdbdir}/70-cameras.hwdb +%{_udevhwdbdir}/70-hardware-wallets.hwdb %{_udevhwdbdir}/70-joystick.hwdb %{_udevhwdbdir}/70-mouse.hwdb %{_udevhwdbdir}/70-pda.hwdb @@ -320,10 +324,17 @@ %{_unitdir}/integritysetup-pre.target %{_unitdir}/integritysetup.target %{_unitdir}/kmod-static-nodes.service +%endif +%{_unitdir}/quotaon-root.service +%{_unitdir}/quotaon@.service +%if %{without bootstrap} %{_unitdir}/remote-cryptsetup.target %{_unitdir}/remote-veritysetup.target %endif %{_unitdir}/sleep.target +%if %{with sd_boot} +%{_unitdir}/sockets.target.wants/systemd-bootctl.socket +%endif %{_unitdir}/sockets.target.wants/systemd-udevd-control.socket %{_unitdir}/sockets.target.wants/systemd-udevd-kernel.socket %{_unitdir}/suspend-then-hibernate.target @@ -332,6 +343,7 @@ %{_unitdir}/sysinit.target.wants/cryptsetup.target %{_unitdir}/sysinit.target.wants/integritysetup.target %{_unitdir}/sysinit.target.wants/kmod-static-nodes.service +%{_unitdir}/sysinit.target.wants/systemd-hibernate-clear.service %endif %{_unitdir}/sysinit.target.wants/systemd-hwdb-update.service %if %{without bootstrap} @@ -349,11 +361,18 @@ %endif %{_unitdir}/systemd-backlight@.service %{_unitdir}/systemd-battery-check.service +%if %{with sd_boot} +%{_unitdir}/systemd-bootctl.socket +%{_unitdir}/systemd-bootctl@.service +%endif %{_unitdir}/systemd-firstboot.service %{_unitdir}/systemd-fsck-root.service %{_unitdir}/systemd-fsck@.service %{_unitdir}/systemd-growfs-root.service %{_unitdir}/systemd-growfs@.service +%if %{without bootstrap} +%{_unitdir}/systemd-hibernate-clear.service +%endif %{_unitdir}/systemd-hibernate-resume.service %{_unitdir}/systemd-hibernate.service %{_unitdir}/systemd-hwdb-update.service @@ -363,15 +382,8 @@ %endif %{_unitdir}/systemd-network-generator.service %{_unitdir}/systemd-pstore.service -%if %{with upstream} %{_unitdir}/systemd-quotacheck-root.service -%endif -%if %{without upstream} -%{_unitdir}/systemd-quotacheck.service -%endif -%if %{with upstream} %{_unitdir}/systemd-quotacheck@.service -%endif %{_unitdir}/systemd-random-seed.service %{_unitdir}/systemd-remount-fs.service %if %{without bootstrap} @@ -384,6 +396,7 @@ %{_unitdir}/systemd-timesyncd.service %{_unitdir}/systemd-tmpfiles-setup-dev-early.service %{_unitdir}/systemd-tmpfiles-setup-dev.service +%{_unitdir}/systemd-udev-load-credentials.service %{_unitdir}/systemd-udev-settle.service %{_unitdir}/systemd-udev-trigger.service %{_unitdir}/systemd-udevd-control.socket @@ -391,6 +404,7 @@ %{_unitdir}/systemd-udevd.service %{_unitdir}/systemd-vconsole-setup.service %{_unitdir}/systemd-volatile-root.service +%{_unitdir}/tpm2.target %if %{without bootstrap} %{_unitdir}/veritysetup-pre.target %{_unitdir}/veritysetup.target diff --git a/fixlet-systemd-post.sh b/fixlet-systemd-post.sh index e32bf8fe..b631ae0a 100644 --- a/fixlet-systemd-post.sh +++ b/fixlet-systemd-post.sh @@ -288,14 +288,14 @@ check_config_files () { config_files=(systemd/journald.conf systemd/logind.conf systemd/system.conf systemd/user.conf systemd/pstore.conf systemd/sleep.conf systemd/timesyncd.conf systemd/coredump.conf systemd/journal-remote.conf systemd/journal-upload.conf systemd/networkd.conf - systemd/resolved.conf systemd/oomd.conf udev/iocost.conf) + systemd/resolved.conf systemd/oomd.conf udev/iocost.conf udev/udev.conf) for f in ${config_files[*]}; do [ -e /etc/$f ] || continue cat >&2 < + +- Import commit 5bba1ebe17564b606cc5d1c07b14123c305019a7 (merge of v256.4) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/bd8b5ee3cf0466b6b78e167967468cf6f93ec807...5bba1ebe17564b606cc5d1c07b14123c305019a7 + +------------------------------------------------------------------- +Wed Jul 24 12:34:13 UTC 2024 - Michal Koutný + +- Add 5004-disable-session-freeze.patch as a temporary workaround for + https://github.com/systemd/systemd/issues/33083 + +------------------------------------------------------------------- +Mon Jul 22 12:06:23 UTC 2024 - Franck Bui + +- Add temporarily 5003-core-when-switching-root-remove-run-systemd-before-e.patch (bsc#1227580) + +------------------------------------------------------------------- +Mon Jul 22 11:53:27 UTC 2024 - Franck Bui + +- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) + + Otherwise pesign-obs-integration ends up re-packaging systemd with all macros + inside comments unescaped leading to unpredictable behavior. Now why rpm + expands rpm macros inside comments is the question... + +------------------------------------------------------------------- +Tue Jul 16 14:29:24 UTC 2024 - Franck Bui + +- Skip running the test units in %check for now. + + Some tests don't appreciate to run inside the build environment of OBS + currently and some of them take an unexpected long time to execute on both + risc and s390x architectures. + +------------------------------------------------------------------- +Thu Jul 11 10:17:06 UTC 2024 - Franck Bui + +- Make sure systemd-sysvcompat replaces systemd-sysvinit on upgrades (bsc#1218110) + +------------------------------------------------------------------- +Mon Jul 8 07:56:15 UTC 2024 - Franck Bui + +- Import commit bd8b5ee3cf0466b6b78e167967468cf6f93ec807 (merge of v256.2) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/dd15bf4f6430d8646e546ee0b980448c7d0c9699...bd8b5ee3cf0466b6b78e167967468cf6f93ec807 + +------------------------------------------------------------------- +Thu Jul 4 13:04:04 UTC 2024 - Franck Bui + +- varlinkctl is no more considered as experimental and has been moved to the + main package. + +------------------------------------------------------------------- +Thu Jul 4 09:07:28 UTC 2024 - Franck Bui + +- Upgrade to v256.1 (commit dd15bf4f6430d8646e546ee0b980448c7d0c9699) + + See https://github.com/openSUSE/systemd/blob/SUSE/v256/NEWS for details. + + - Added pam.systemd-run0 + ------------------------------------------------------------------- Mon Jul 1 08:35:26 UTC 2024 - Franck Bui @@ -1359,6 +1424,7 @@ Mon Nov 14 11:15:06 UTC 2022 - Franck Bui - upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723) - upstream commit 9102c625a673a3246d7e73d8737f3494446bad4e (bsc#1204968 CVE-2022-3821) - upstream commit efbd4b3ca84c0426b6ff98d6352f82f3b7c090b2 (bsc#1213873) + - upstream commit f562abe2963bad241d34e0b308e48cf114672c84 (bsc#1226414) * Rebased 0001-conf-parser-introduce-early-drop-ins.patch 1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch diff --git a/systemd.spec b/systemd.spec index a7b093f0..f8a9885a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -26,9 +26,9 @@ %define systemd_release %{?release_override}%{!?release_override:0} %define archive_version %{nil} %else -%define systemd_version 255.8 +%define systemd_version 256.4 %define systemd_release 0 -%define archive_version +suse.34.g5a8eadd0c0 +%define archive_version +suse.6.g5bba1ebe17 %endif %define systemd_major %{sub %systemd_version 1 3} @@ -36,7 +36,7 @@ %define _testsuitedir %{_systemd_util_dir}/tests %define xinitconfdir %{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}/X11/xinit -# Similar to %%with but return true/false. The value when the condition is +# Similar to 'with' macro but return true/false. The value when the condition is # verified can be redefined when a second parameter is passed. %define __when_1() %{expand:%%{?with_%{1}:true}%%{!?with_%{1}:false}} %define __when_2() %{expand:%%{?with_%{1}:%{2}}%%{!?with_%{1}:false}} @@ -124,7 +124,8 @@ BuildRequires: pam-devel BuildRequires: python3-Jinja2 BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(blkid) >= 2.26 -# The following packages are only required by the execution of the unit tests during %%check +# The following packages are only required by the execution of the unit tests +# during the 'check' section. BuildRequires: acl BuildRequires: distribution-release BuildRequires: python3-pefile @@ -174,8 +175,6 @@ Provides: systemd-coredump = %{version}-%{release} Obsoletes: systemd-coredump < %{version}-%{release} Provides: systemd-logger = %{version}-%{release} Obsoletes: systemd-logger < %{version}-%{release} -Provides: systemd-sysvinit = %{version}-%{release} -Obsoletes: systemd-sysvinit < %{version}-%{release} Provides: systemd-analyze = %{version}-%{release} Obsoletes: pm-utils <= 1.4.1 Obsoletes: suspend <= 1.0 @@ -190,6 +189,7 @@ Source5: tmpfiles-suse.conf Source6: baselibs.conf Source7: triggers.systemd Source8: pam.systemd-user +Source9: pam.systemd-run0 Source14: kbd-model-map.legacy Source100: fixlet-container-post.sh @@ -219,13 +219,13 @@ Source213: files.devel-doc # get rid of one of them ! # Patch: 0001-Drop-support-for-efivar-SystemdOptions.patch -Patch: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch %if %{with sysvcompat} Patch: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch Patch: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch %endif %if %{without upstream} +Patch: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # Patches listed below are put in quarantine. Normally all changes must go to # upstream first and then are cherry-picked in the SUSE git repository. But for # very few cases, some stuff might be broken in upstream and need to be fixed or @@ -233,7 +233,9 @@ Patch: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch # will be removed as soon as a proper fix will be merged by upstream. Patch: 5001-Revert-udev-update-devlink-with-the-newer-device-nod.patch Patch: 5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch +Patch: 5004-disable-session-freeze.patch %endif +Patch: 5003-core-when-switching-root-remove-run-systemd-before-e.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -269,8 +271,8 @@ developing and building applications linking to these libraries. Summary: SySV and LSB init script support for systemd (deprecated) License: LGPL-2.1-or-later Requires: %{name} = %{version}-%{release} -Provides: systemd-sysvinit:%{_sbindir}/runlevel -Provides: systemd-sysvinit:%{_sbindir}/telinit +Provides: systemd-sysvinit = %{version}-%{release} +Obsoletes: systemd-sysvinit < %{version}-%{release} %description sysvcompat This package ships the necessary files that enable minimal SysV and LSB init @@ -347,10 +349,12 @@ BuildRequires: pkgconfig(libkmod) >= 15 # these tools are not linked against the libs directly but instead are # dlopen()ed at runtime to avoid hard dependencies. Hence the use of soft # dependencies. +BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(tss2-rc) +Recommends: libarchive13 Recommends: libfido2 Recommends: libtss2-esys0 Recommends: libtss2-mu0 @@ -367,10 +371,8 @@ Provides: udev = %{version}-%{release} %if %{with upstream} BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(xencontrol) BuildRequires: pkgconfig(xkbcommon) -Recommends: libarchive13 Recommends: libxkbcommon0 %endif @@ -616,6 +618,7 @@ Requires: qemu Requires: quota Requires: socat Requires: squashfs +Requires: stress-ng Requires: systemd-container # System users/groups that some tests rely on. Requires: group(bin) @@ -629,8 +632,10 @@ Requires: user(nobody) # The following deps on libs are for test-dlopen-so whereas the pkgconfig ones # are used by test-funtions to find the libs on the host and install them in the # image, see install_missing_libraries() for details. +Requires: pkgconfig(libarchive) Requires: pkgconfig(libfido2) Requires: pkgconfig(libidn2) +Requires: pkgconfig(libkmod) %if %{with experimental} Requires: pkgconfig(libqrencode) Requires: pkgconfig(pwquality) @@ -692,15 +697,16 @@ and are provided so users can do early experiments with the new features or technologies without waiting for them to be fully supported by both upstream and openSUSE. -Please note that all services should be considered in development phase and as -such their behaviors details, unit files, option names, etc... are subject to -change without the usual backwards-compatibility promises. +Please note that the material shipped by this package should be considered in +development phase and as such their behaviors, unit files, option names, +etc... are subject to change without the usual backwards-compatibility promises. Components that turn out to be stable and considered as fully supported will be merged into the main package or moved into a dedicated package. -Currently this package contains: bsod, oomd, measure, pcrextend, pcrlock, -storagetm, sysupdate, tpm2-setup, userwork and ukify. +Currently this package contains the following features : bsod, oomd, measure, +pcrextend, pcrlock, run0, ssh-generator, storagetm, systemd-vmspawn, sysupdate, +tpm2-setup, userwork and ukify. Have fun (at your own risk). %endif @@ -757,12 +763,14 @@ for the C APIs. \ -Dbump-proc-sys-fs-nr-open=false \ -Ddbus=disabled \ + -Ddefault-mountfsd-trusted-directories=false \ -Ddefault-network=false \ -Dglib=disabled \ -Dgshadow=false \ -Dldconfig=false \ -Dlibidn=disabled \ -Dsmack=false \ + -Dvmlinux-h=disabled \ -Dxenctrl=disabled \ -Dxkbcommon=disabled \ \ @@ -779,6 +787,7 @@ for the C APIs. -Dhtml=%{disabled_with bootstrap} \ -Dima=%{when_not bootstrap} \ -Dkernel-install=%{when_not bootstrap} \ + -Dlibarchive=%{disabled_with bootstrap} \ -Dlibfido2=%{disabled_with bootstrap} \ -Dlibidn2=%{enabled_with resolved} \ -Dlibiptc=%{disabled_with bootstrap} \ @@ -789,6 +798,8 @@ for the C APIs. -Dlibcryptsetup-plugins=%{disabled_with bootstrap} \ -Dlibcurl=%{disabled_with bootstrap} \ -Dman=%{disabled_with bootstrap} \ + -Dmountfsd=%{when_not bootstrap} \ + -Dnsresourced=%{when_not bootstrap} \ -Dmicrohttpd=%{enabled_with journal_remote} \ -Dnss-myhostname=%{when_not bootstrap} \ -Dnss-mymachines=%{enabled_with machined} \ @@ -835,12 +846,17 @@ for the C APIs. -Dresolve=%{when resolved} \ \ -Doomd=%{when experimental} \ - -Dsysupdate=%{enabled_with experimental} \ -%if %{with sd_boot} - -Dukify=%{enabled_with experimental} \ +%if %{with experimental} + -Dsshdconfdir=%{_distconfdir}/ssh/sshd_config.d \ + -Dsshconfdir=%{_distconfdir}/ssh/ssh_config.d \ + -Dukify=%{enabled_with sd_boot} \ %else + -Dsshdconfdir=no \ + -Dsshconfdir=no \ -Dukify=disabled \ %endif + -Dsshdprivsepdir=no \ + -Dsysupdate=%{enabled_with experimental} \ -Dvmspawn=%{enabled_with experimental} \ \ -Dtests=%{when testsuite unsafe} \ @@ -871,9 +887,6 @@ install -m0755 -D %{SOURCE3} %{buildroot}/%{_systemd_util_dir}/systemd-update-he install -m0755 -D %{SOURCE4} %{buildroot}/%{_systemd_util_dir}/systemd-sysv-install %endif -# Drop-ins are currently not supported by udev. -mv %{buildroot}%{_prefix}/lib/udev/udev.conf %{buildroot}%{_sysconfdir}/udev/ - # Install the fixlets mkdir -p %{buildroot}%{_systemd_util_dir}/rpm %if %{with machined} @@ -892,6 +905,9 @@ rm -f %{buildroot}%{_sysconfdir}/systemd/system/default.target # Replace upstream PAM configuration files with openSUSE ones. install -m0644 -D %{SOURCE8} %{buildroot}%{_pam_vendordir}/systemd-user +%if %{with experimental} +install -m0644 -D %{SOURCE9} %{buildroot}%{_pam_vendordir}/systemd-run0 +%endif # Don't enable wall ask password service, it spams every console (bnc#747783). rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path @@ -942,6 +958,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/systemd/system.conf.d mkdir -p %{buildroot}%{_sysconfdir}/systemd/timesyncd.conf.d mkdir -p %{buildroot}%{_sysconfdir}/systemd/user.conf.d mkdir -p %{buildroot}%{_sysconfdir}/udev/iocost.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/udev/udev.conf.d mkdir -p %{buildroot}%{_sysconfdir}/systemd/network mkdir -p %{buildroot}%{_sysconfdir}/systemd/nspawn @@ -1012,6 +1029,11 @@ echo 'disable *' >%{buildroot}%{_userpresetdir}/99-default.preset rm -f %{buildroot}%{_tmpfilesdir}/{etc,home,legacy,tmp,var}.conf install -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/systemd-suse.conf +# These 2 following file are useless because on SUSE distros ssh can parse +# drop-ins in /usr. +rm -f %{buildroot}%{_tmpfilesdir}/20-systemd-ssh-generator.conf +rm -f %{buildroot}%{_tmpfilesdir}/20-systemd-userdb.conf + # The content of the files shipped by systemd doesn't match the # defaults used by SUSE. Don't ship those files but leave the decision # to use the mechanism to the individual packages that actually @@ -1040,14 +1062,19 @@ tar -cO \ %if %{without bootstrap} %find_lang systemd %else -rm -f %{buildroot}%{_bindir}/varlinkctl rm -f %{buildroot}%{_journalcatalogdir}/* rm -fr %{buildroot}%{_docdir}/systemd +rm -f %{buildroot}%{_bindir}/run0 +rm -f %{buildroot}%{_systemdgeneratordir}/systemd-ssh-generator +rm -f %{buildroot}%{_systemdgeneratordir}/systemd-tpm2-generator +rm -f %{buildroot}%{_unitdir}/systemd-nspawn@.service +rm -f %{buildroot}%{_systemd_util_dir}/systemd-ssh-proxy %endif -# Don't drop %%pre section even if it becomes empty: the build process of -# installation images uses a hardcoded list of packages with a %%pre that needs -# to be run during the build and complains if it can't find one. +# Don't drop the following 'pre' section even if it becomes empty: the build +# process of installation images uses a hardcoded list of packages with a 'pre' +# section that needs to be run during the build and complains if it can't find +# one. %pre # We don't really need to enable these units explicitely since during # installation `systemctl preset-all` is executed at the end of the install @@ -1060,8 +1087,10 @@ rm -fr %{buildroot}%{_docdir}/systemd %systemd_pre systemd-userdbd.service %check +%if %{with upstream} # Run the unit tests. %meson_test +%endif %post if [ $1 -eq 1 ]; then @@ -1098,7 +1127,8 @@ systemd-tmpfiles --create || : journalctl --update-catalog || : %endif -# See the comment in %%pre about why we need to call %%systemd_pre. +# See the comment in the 'pre' section about why we need to call 'systemd_pre' +# macro. %systemd_post remote-fs.target %systemd_post getty@.service %systemd_post systemd-journald-audit.socket @@ -1174,14 +1204,24 @@ fi %ldconfig_scriptlets -n libsystemd0%{?mini} %ldconfig_scriptlets -n libudev%{?mini}1 -%if %{with machined} %pre container +%systemd_pre systemd-mountfsd.socket +%systemd_pre systemd-nsresourced.socket +%if %{with machined} %systemd_pre machines.target +%endif %preun container +%systemd_preun systemd-mountfsd.socket +%systemd_preun systemd-nsresourced.socket +%if %{with machined} %systemd_preun machines.target +%endif %postun container +%systemd_postun systemd-mountfsd.socket +%systemd_postun systemd-nsresourced.socket +%if %{with machined} %ldconfig %systemd_postun machines.target %endif @@ -1192,6 +1232,8 @@ fi %if %{without filetriggers} %tmpfiles_create systemd-nspawn.conf %endif +%systemd_post systemd-mountfsd.socket +%systemd_post systemd-nsresourced.socket %systemd_post machines.target %{_systemd_util_dir}/rpm/fixlet-container-post.sh $1 || : %endif