From 0336a857aec8e9d1b674412c4b13e05667af402de85b86fc2bb5ed7b17ad3205 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 11 Mar 2016 10:46:33 +0000 Subject: [PATCH] Accepting request 365799 from home:lnussel:branches:Base:System - require curl and bzip2 to build importd - curl also causes building of journal-upload. That one has rather unusal certificate usage, set it's ca root to /etc/pki/systemd instead of the built-in default /etc/ssl as journal-remote and journal-upload think they kan put stuff in /etc/ssl/certs then but that directory is managed by p11-kit and doesn't serve the purpose those programs think. - /var/lib/systemd/random-seed is a file - own /var/lib/machines OBS-URL: https://build.opensuse.org/request/show/365799 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=931 --- ...-.slice-units-from-systemctl-isolate.patch | 8 +- ...et-properties-only-once-to-copy-them.patch | 4 +- ...nal-linking-non-fatal-in-try-and-auto.diff | 116 ++++++++++++++++++ systemd-mini.changes | 13 ++ systemd-mini.spec | 32 ++++- systemd.changes | 13 ++ systemd.spec | 32 ++++- 7 files changed, 206 insertions(+), 12 deletions(-) create mode 100644 systemd-228-nspawn-make-journal-linking-non-fatal-in-try-and-auto.diff diff --git a/0001-core-exclude-.slice-units-from-systemctl-isolate.patch b/0001-core-exclude-.slice-units-from-systemctl-isolate.patch index 62717048..c954427f 100644 --- a/0001-core-exclude-.slice-units-from-systemctl-isolate.patch +++ b/0001-core-exclude-.slice-units-from-systemctl-isolate.patch @@ -11,8 +11,8 @@ Fixes: #1969 diff --git src/core/scope.c src/core/scope.c index c5d0ece..361695c 100644 ---- src/core/scope.c -+++ src/core/scope.c +--- a/src/core/scope.c ++++ b/src/core/scope.c @@ -50,8 +50,7 @@ static void scope_init(Unit *u) { assert(u->load_state == UNIT_STUB); @@ -25,8 +25,8 @@ index c5d0ece..361695c 100644 static void scope_done(Unit *u) { diff --git src/core/slice.c src/core/slice.c index d65364c..667f61b 100644 ---- src/core/slice.c -+++ src/core/slice.c +--- a/src/core/slice.c ++++ b/src/core/slice.c @@ -34,6 +34,13 @@ static const UnitActiveState state_translation_table[_SLICE_STATE_MAX] = { [SLICE_ACTIVE] = UNIT_ACTIVE }; diff --git a/let-vconsole-setup-get-properties-only-once-to-copy-them.patch b/let-vconsole-setup-get-properties-only-once-to-copy-them.patch index b106fc22..22c45e4d 100644 --- a/let-vconsole-setup-get-properties-only-once-to-copy-them.patch +++ b/let-vconsole-setup-get-properties-only-once-to-copy-them.patch @@ -9,8 +9,8 @@ for the virtual consoles (boo#904214) src/vconsole/vconsole-setup.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) ---- src/vconsole/vconsole-setup.c -+++ src/vconsole/vconsole-setup.c 2015-09-23 12:34:33.854018750 +0000 +--- a/src/vconsole/vconsole-setup.c ++++ b/src/vconsole/vconsole-setup.c 2015-09-23 12:34:33.854018750 +0000 @@ -202,8 +202,13 @@ static void font_copy_to_all_vcs(int fd) unsigned short map16[E_TABSZ]; struct unimapdesc unimapd; diff --git a/systemd-228-nspawn-make-journal-linking-non-fatal-in-try-and-auto.diff b/systemd-228-nspawn-make-journal-linking-non-fatal-in-try-and-auto.diff new file mode 100644 index 00000000..17a09a8a --- /dev/null +++ b/systemd-228-nspawn-make-journal-linking-non-fatal-in-try-and-auto.diff @@ -0,0 +1,116 @@ +From 84d816c48b57b43e833e2917bbd278c116816fcf Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 28 Jan 2016 20:15:49 +0100 +Subject: [PATCH] nspawn: make journal linking non-fatal in try and auto modes + +Fixes #2091 +--- + src/nspawn/nspawn.c | 39 ++++++++++++++++++++------------------- + 1 file changed, 20 insertions(+), 19 deletions(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index f6a2c03..97ea51a 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1338,6 +1338,7 @@ static int setup_journal(const char *directory) { + sd_id128_t machine_id, this_id; + _cleanup_free_ char *b = NULL, *d = NULL; + const char *etc_machine_id, *p, *q; ++ bool try; + char *id; + int r; + +@@ -1345,16 +1346,21 @@ static int setup_journal(const char *directory) { + if (arg_ephemeral) + return 0; + ++ if (arg_link_journal == LINK_NO) ++ return 0; ++ ++ try = arg_link_journal_try || arg_link_journal == LINK_AUTO; ++ + etc_machine_id = prefix_roota(directory, "/etc/machine-id"); + + r = read_one_line_file(etc_machine_id, &b); +- if (r == -ENOENT && arg_link_journal == LINK_AUTO) ++ if (r == -ENOENT && try) + return 0; + else if (r < 0) + return log_error_errno(r, "Failed to read machine ID from %s: %m", etc_machine_id); + + id = strstrip(b); +- if (isempty(id) && arg_link_journal == LINK_AUTO) ++ if (isempty(id) && try) + return 0; + + /* Verify validity */ +@@ -1367,16 +1373,13 @@ static int setup_journal(const char *directory) { + return log_error_errno(r, "Failed to retrieve machine ID: %m"); + + if (sd_id128_equal(machine_id, this_id)) { +- log_full(arg_link_journal == LINK_AUTO ? LOG_WARNING : LOG_ERR, ++ log_full(try ? LOG_WARNING : LOG_ERR, + "Host and machine ids are equal (%s): refusing to link journals", id); +- if (arg_link_journal == LINK_AUTO) ++ if (try) + return 0; + return -EEXIST; + } + +- if (arg_link_journal == LINK_NO) +- return 0; +- + r = userns_mkdir(directory, "/var", 0755, 0, 0); + if (r < 0) + return log_error_errno(r, "Failed to create /var: %m"); +@@ -1393,21 +1396,19 @@ static int setup_journal(const char *directory) { + q = prefix_roota(directory, p); + + if (path_is_mount_point(p, 0) > 0) { +- if (arg_link_journal != LINK_AUTO) { +- log_error("%s: already a mount point, refusing to use for journal", p); +- return -EEXIST; +- } ++ if (try) ++ return 0; + +- return 0; ++ log_error("%s: already a mount point, refusing to use for journal", p); ++ return -EEXIST; + } + + if (path_is_mount_point(q, 0) > 0) { +- if (arg_link_journal != LINK_AUTO) { +- log_error("%s: already a mount point, refusing to use for journal", q); +- return -EEXIST; +- } ++ if (try) ++ return 0; + +- return 0; ++ log_error("%s: already a mount point, refusing to use for journal", q); ++ return -EEXIST; + } + + r = readlink_and_make_absolute(p, &d); +@@ -1441,7 +1442,7 @@ static int setup_journal(const char *directory) { + if (arg_link_journal == LINK_GUEST) { + + if (symlink(q, p) < 0) { +- if (arg_link_journal_try) { ++ if (try) { + log_debug_errno(errno, "Failed to symlink %s to %s, skipping journal setup: %m", q, p); + return 0; + } else +@@ -1459,7 +1460,7 @@ static int setup_journal(const char *directory) { + * permanent journal set up, don't force it here */ + r = mkdir(p, 0755); + if (r < 0) { +- if (arg_link_journal_try) { ++ if (try) { + log_debug_errno(errno, "Failed to create %s, skipping journal setup: %m", p); + return 0; + } else +-- +2.7.0 + diff --git a/systemd-mini.changes b/systemd-mini.changes index 1de53cc5..efa43868 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -13,6 +13,19 @@ Tue Mar 1 09:16:08 UTC 2016 - werner@suse.de this fixes forced logouts on isolate target aka changing runlevel (boo#966535) +------------------------------------------------------------------- +Thu Feb 4 11:05:37 UTC 2016 - lnussel@suse.de + +- require curl and bzip2 to build importd +- curl also causes building of journal-upload. That one has rather + unusal certificate usage, set it's ca root to /etc/pki/systemd + instead of the built-in default /etc/ssl as journal-remote and + journal-upload think they kan put stuff in /etc/ssl/certs then but + that directory is managed by p11-kit and doesn't serve the purpose + those programs think. +- /var/lib/systemd/random-seed is a file +- own /var/lib/machines + ------------------------------------------------------------------- Sat Jan 9 22:46:21 UTC 2016 - afaerber@suse.de diff --git a/systemd-mini.spec b/systemd-mini.spec index 04091633..83f380d1 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -92,6 +92,9 @@ Conflicts: kiwi BuildRequires: docbook-xsl-stylesheets BuildRequires: libgcrypt-devel BuildRequires: libxslt-tools +# curl and bzip2 are required for building importd +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(libcurl) %if %{with python} BuildRequires: python %endif @@ -250,6 +253,8 @@ Patch523: let-vconsole-setup-get-properties-only-once-to-copy-them.patch Patch524: 0001-nss-mymachines-do-not-allow-overlong-machine-names.patch # PATCH-FIX-UPSTREAM (bsc#966535) Patch525: 0001-core-exclude-.slice-units-from-systemctl-isolate.patch +# PATCH-FIX-UPSTREAM -- fixed after 228 +Patch526: systemd-228-nspawn-make-journal-linking-non-fatal-in-try-and-auto.diff # UDEV PATCHES # ============ @@ -588,9 +593,10 @@ cp %{SOURCE7} m4/ %patch520 -p1 %patch521 -p1 %patch522 -p1 -%patch523 -p0 +%patch523 -p1 %patch524 -p1 -%patch525 -p0 +%patch525 -p1 +%patch526 -p1 # udev patches %patch1002 -p1 @@ -677,6 +683,12 @@ export LDFLAGS cflags -pipe CFLAGS cflags -Wl,-O2 LDFLAGS cflags -Wl,--hash-size=8599 LDFLAGS +# certificate-root is set to /etc/pki/systemd instead of the +# built-in default /etc/ssl as journal-remote and journal-upload +# think they kan put stuff in /etc/ssl/certs then but that +# directory is managed by p11-kit and doesn't serve the purpose +# those programs think +# # keep split-usr until all packages have moved their systemd rules to /usr %configure \ --with-ntp-servers="0.opensuse.pool.ntp.org 1.opensuse.pool.ntp.org 2.opensuse.pool.ntp.org 3.opensuse.pool.ntp.org" \ @@ -686,10 +698,12 @@ cflags -Wl,--hash-size=8599 LDFLAGS --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ --with-dbusinterfacedir=%{_datadir}/dbus-1/interfaces \ + --with-certificate-root=/etc/pki/systemd \ %if 0%{?bootstrap} --disable-myhostname \ --disable-manpages \ --disable-machined \ + --disable-importd \ %else --enable-manpages \ %if %{with python} @@ -847,7 +861,10 @@ install -m 644 %{S:11} %{buildroot}/%{_prefix}/lib/systemd/system/ ln -s ../after-local.service %{buildroot}/%{_prefix}/lib/systemd/system/multi-user.target.wants/ mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/random-seed +> %{buildroot}%{_localstatedir}/lib/systemd/random-seed + +# machined +mkdir -p %{buildroot}%{_localstatedir}/lib/machines %fdupes -s %{buildroot}%{_mandir} @@ -1309,6 +1326,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/systemd/coredump.conf %if !0%{?bootstrap} %config(noreplace) %{_sysconfdir}/systemd/journal-remote.conf +%config(noreplace) %{_sysconfdir}/systemd/journal-upload.conf %endif %config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf %config(noreplace) %{_sysconfdir}/systemd/system.conf @@ -1415,6 +1433,7 @@ exit 0 %{_datadir}/zsh/site-functions/* %ghost %{_localstatedir}/lib/systemd/backlight %ghost %{_localstatedir}/lib/systemd/random-seed +%dir %{_localstatedir}/lib/machines %if %{with resolved} %{_sysconfdir}/dbus-1/system.d/org.freedesktop.resolve1.conf %{_sysconfdir}/systemd/resolved.conf @@ -1422,6 +1441,13 @@ exit 0 %{_datadir}/dbus-1/system-services/org.freedesktop.resolve1.service %{_prefix}/lib/systemd/system/org.freedesktop.resolve1.busname %endif +%if ! 0%{?bootstrap} +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.import1.conf +%{_prefix}/lib/systemd/import-pubring.gpg +%{_prefix}/lib/systemd/system/org.freedesktop.import1.busname +%{_datadir}/dbus-1/system-services/org.freedesktop.import1.service +%{_datadir}/polkit-1/actions/org.freedesktop.import1.policy +%endif %if ! 0%{?bootstrap} %files bash-completion -f files.completion diff --git a/systemd.changes b/systemd.changes index 1de53cc5..efa43868 100644 --- a/systemd.changes +++ b/systemd.changes @@ -13,6 +13,19 @@ Tue Mar 1 09:16:08 UTC 2016 - werner@suse.de this fixes forced logouts on isolate target aka changing runlevel (boo#966535) +------------------------------------------------------------------- +Thu Feb 4 11:05:37 UTC 2016 - lnussel@suse.de + +- require curl and bzip2 to build importd +- curl also causes building of journal-upload. That one has rather + unusal certificate usage, set it's ca root to /etc/pki/systemd + instead of the built-in default /etc/ssl as journal-remote and + journal-upload think they kan put stuff in /etc/ssl/certs then but + that directory is managed by p11-kit and doesn't serve the purpose + those programs think. +- /var/lib/systemd/random-seed is a file +- own /var/lib/machines + ------------------------------------------------------------------- Sat Jan 9 22:46:21 UTC 2016 - afaerber@suse.de diff --git a/systemd.spec b/systemd.spec index 37cb1be1..72041fcf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -87,6 +87,9 @@ Conflicts: kiwi BuildRequires: docbook-xsl-stylesheets BuildRequires: libgcrypt-devel BuildRequires: libxslt-tools +# curl and bzip2 are required for building importd +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(libcurl) %if %{with python} BuildRequires: python %endif @@ -245,6 +248,8 @@ Patch523: let-vconsole-setup-get-properties-only-once-to-copy-them.patch Patch524: 0001-nss-mymachines-do-not-allow-overlong-machine-names.patch # PATCH-FIX-UPSTREAM (bsc#966535) Patch525: 0001-core-exclude-.slice-units-from-systemctl-isolate.patch +# PATCH-FIX-UPSTREAM -- fixed after 228 +Patch526: systemd-228-nspawn-make-journal-linking-non-fatal-in-try-and-auto.diff # UDEV PATCHES # ============ @@ -583,9 +588,10 @@ cp %{SOURCE7} m4/ %patch520 -p1 %patch521 -p1 %patch522 -p1 -%patch523 -p0 +%patch523 -p1 %patch524 -p1 -%patch525 -p0 +%patch525 -p1 +%patch526 -p1 # udev patches %patch1002 -p1 @@ -672,6 +678,12 @@ export LDFLAGS cflags -pipe CFLAGS cflags -Wl,-O2 LDFLAGS cflags -Wl,--hash-size=8599 LDFLAGS +# certificate-root is set to /etc/pki/systemd instead of the +# built-in default /etc/ssl as journal-remote and journal-upload +# think they kan put stuff in /etc/ssl/certs then but that +# directory is managed by p11-kit and doesn't serve the purpose +# those programs think +# # keep split-usr until all packages have moved their systemd rules to /usr %configure \ --with-ntp-servers="0.opensuse.pool.ntp.org 1.opensuse.pool.ntp.org 2.opensuse.pool.ntp.org 3.opensuse.pool.ntp.org" \ @@ -681,10 +693,12 @@ cflags -Wl,--hash-size=8599 LDFLAGS --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ --with-dbusinterfacedir=%{_datadir}/dbus-1/interfaces \ + --with-certificate-root=/etc/pki/systemd \ %if 0%{?bootstrap} --disable-myhostname \ --disable-manpages \ --disable-machined \ + --disable-importd \ %else --enable-manpages \ %if %{with python} @@ -842,7 +856,10 @@ install -m 644 %{S:11} %{buildroot}/%{_prefix}/lib/systemd/system/ ln -s ../after-local.service %{buildroot}/%{_prefix}/lib/systemd/system/multi-user.target.wants/ mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/random-seed +> %{buildroot}%{_localstatedir}/lib/systemd/random-seed + +# machined +mkdir -p %{buildroot}%{_localstatedir}/lib/machines %fdupes -s %{buildroot}%{_mandir} @@ -1304,6 +1321,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/systemd/coredump.conf %if !0%{?bootstrap} %config(noreplace) %{_sysconfdir}/systemd/journal-remote.conf +%config(noreplace) %{_sysconfdir}/systemd/journal-upload.conf %endif %config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf %config(noreplace) %{_sysconfdir}/systemd/system.conf @@ -1410,6 +1428,7 @@ exit 0 %{_datadir}/zsh/site-functions/* %ghost %{_localstatedir}/lib/systemd/backlight %ghost %{_localstatedir}/lib/systemd/random-seed +%dir %{_localstatedir}/lib/machines %if %{with resolved} %{_sysconfdir}/dbus-1/system.d/org.freedesktop.resolve1.conf %{_sysconfdir}/systemd/resolved.conf @@ -1417,6 +1436,13 @@ exit 0 %{_datadir}/dbus-1/system-services/org.freedesktop.resolve1.service %{_prefix}/lib/systemd/system/org.freedesktop.resolve1.busname %endif +%if ! 0%{?bootstrap} +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.import1.conf +%{_prefix}/lib/systemd/import-pubring.gpg +%{_prefix}/lib/systemd/system/org.freedesktop.import1.busname +%{_datadir}/dbus-1/system-services/org.freedesktop.import1.service +%{_datadir}/polkit-1/actions/org.freedesktop.import1.policy +%endif %if ! 0%{?bootstrap} %files bash-completion -f files.completion