rpm/systemd
SHA256
1
0
Fork 0
forked from pool/systemd
Code Pull Requests Activity

Accepting request 431464 from Base:System

Browse Source 
- Import a better fix from upstream for bsc#1001765
  - Added:
    0001-pid1-more-informative-error-message-for-ignored-noti.patch
    0001-pid1-process-zero-length-notification-messages-again.patch
  - Updated (no code changes, only patch metadata)
    0001-If-the-notification-message-length-is-0-ignore-the-m.patch
    0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch

- Re add back "udev: don't require nsserv and fillup"
  Did this in the wrong project... it was a complicated day today ;)

- Added 2 patches to fix bsc#1001765
  0001-If-the-notification-message-length-is-0-ignore-the-m.patch
  0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch

- Revert "udev: don't require nsserv and fillup"
  It's been judged too late for being part of SLE12 final release.
  Nevertheless it's part of Factory and will be reintroduced after the
  final release is out (ie through an update).

- systemd-sysv-convert: make sure that
  /var/lib/systemd/sysv-convert/database is always initialized (bsc#982211)
  If "--save" command was used and the sysv init script wasn't enabled
  at all the database file wasn't created at all. This makes the
  subsequent call to "--apply" fail even though this should not
  considered as an error.

- Added patches to fix journal with FSS protection enabled (bsc#1000435)
   0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
   0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch

OBS-URL: https://build.opensuse.org/request/show/431464
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=241
This commit is contained in:
Dominique Leuenberger 2016-10-01 21:46:24 +00:00 committed by Git OBS Bridge
parent da7bc120be
commit 2e6aa36589
13 changed files with 644 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
0001-If-the-notification-message-length-is-0-ignore-the-m.patch Normal file
View File

@ -0,0 +1,32 @@
From ddcd0b726adfd78260ec3d6a446800d85980069e Mon Sep 17 00:00:00 2001
From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
Date: Wed, 28 Sep 2016 18:25:50 -0300
Subject: [PATCH 1/1] If the notification message length is 0, ignore the
message (#4237)
Fixes #4234.
Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
(cherry picked from commit 531ac2b2349da02acc9c382849758e07eb92b020)
---
src/core/manager.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/manager.c b/src/core/manager.c
index 229cb31..56ca9cf 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1565,6 +1565,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
return -errno;
}
+ if (n == 0) {
+ log_debug("Got zero-length notification message. Ignoring.");
+ return 0;
+ }
CMSG_FOREACH(cmsg, &msghdr) {
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
--
2.10.0

54
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch Normal file
View File

@ -0,0 +1,54 @@
From 6dac79e09ec1b45f05b3e9a5f1f445859b6eefd2 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 23 Sep 2016 13:33:01 +0200
Subject: [PATCH 1/1] journal: fix HMAC calculation when appending a data
object
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
calculation of the HMAC is broken because the hash for a data object
including a field is done in the wrong order: the field object is
hashed before the data object is.
However during verification, the hash is done in the opposite order as
objects are scanned sequentially.
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
[fbui: fixes bsc#1000435]
---
src/journal/journal-file.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index a9882cf..a24d97d 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -1111,6 +1111,12 @@ static int journal_file_append_data(
if (r < 0)
return r;
+#ifdef HAVE_GCRYPT
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
+ if (r < 0)
+ return r;
+#endif
+
/* The linking might have altered the window, so let's
* refresh our pointer */
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
@@ -1135,12 +1141,6 @@ static int journal_file_append_data(
fo->field.head_data_offset = le64toh(p);
}
-#ifdef HAVE_GCRYPT
- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
- if (r < 0)
- return r;
-#endif
-
if (ret)
*ret = o;
--
2.10.0

93
0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch Normal file
View File

@ -0,0 +1,93 @@
From 0d0bad044f8f19c472acb69d10861a66d3d267b6 Mon Sep 17 00:00:00 2001
From: Vito Caputo <vcaputo@gnugeneration.com>
Date: Tue, 26 Apr 2016 23:29:43 -0700
Subject: [PATCH 1/1] journal: set STATE_ARCHIVED as part of offlining (#2740)
The only code path which makes a journal durable is via
journal_file_set_offline().
When we perform a rotate the journal's header->state is being set to
STATE_ARCHIVED prior to journal_file_set_offline() being called.
In journal_file_set_offline(), we short-circuit the entire offline when
f->header->state != STATE_ONLINE.
This all results in none of the journal_file_set_offline() fsync() calls
being reached when rotate archives a journal, so archived journals are
never explicitly made durable.
What we do now is instead of setting the f->header->state to
STATE_ARCHIVED directly in journal_file_rotate() prior to
journal_file_close(), we set an archive flag in f->archive for the
journal_file_set_offline() machinery to honor by committing
STATE_ARCHIVED instead of STATE_OFFLINE when set.
Prior to this, rotated journals were never getting fsync() explicitly
performed on them, since journal_file_set_offline() short-circuited.
Obviously this is undesirable, and depends entirely on the underlying
filesystem as to how much durability was achieved when simply closing
the file.
Note that this problem existed prior to the recent asynchronous fsync
changes, but those changes do facilitate our performing this durable
offline on rotate without blocking, regardless of the underlying
filesystem sync-on-close semantics.
(cherry picked from commit 8eb851711fd166024297c425e9261200c36f489d)
[fbui: context adjustment: the asynchronous journal_file_set_offline()
thingie doesn't exist in v228]
[fbui: this also fixes the case when we wanted to append a tag (for
FSS verification) when closing the journal. Before this patch,
journal_file_append_tag() failed (silently) because re-opening
the journal to write the tag was not possible since it was
already in "archived" mode.]
---
src/journal/journal-file.c | 10 ++++++++--
src/journal/journal-file.h | 1 +
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index f9ff954..e7eecad 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -130,7 +130,7 @@ int journal_file_set_offline(JournalFile *f) {
if (mmap_cache_got_sigbus(f->mmap, f->fd))
return -EIO;
- f->header->state = STATE_OFFLINE;
+ f->header->state = f->archive ? STATE_ARCHIVED : STATE_OFFLINE;
if (mmap_cache_got_sigbus(f->mmap, f->fd))
return -EIO;
@@ -2813,7 +2813,13 @@ int journal_file_rotate(JournalFile **f, bool compress, bool seal) {
if (r < 0 && errno != ENOENT)
return -errno;
- old_file->header->state = STATE_ARCHIVED;
+ /* Set as archive so offlining commits w/state=STATE_ARCHIVED.
+ * Previously we would set old_file->header->state to STATE_ARCHIVED directly here,
+ * but journal_file_set_offline() short-circuits when state != STATE_ONLINE, which
+ * would result in the rotated journal never getting fsync() called before closing.
+ * Now we simply queue the archive state by setting an archive bit, leaving the state
+ * as STATE_ONLINE so proper offlining occurs. */
+ old_file->archive = true;
/* Currently, btrfs is not very good with out write patterns
* and fragments heavily. Let's defrag our journal files when
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index 898d12d..436e5ff 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -76,6 +76,7 @@ typedef struct JournalFile {
bool compress_lz4:1;
bool seal:1;
bool defrag_on_close:1;
+ bool archive:1;
bool tail_entry_monotonic_valid:1;
--
2.10.0

36
0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch Normal file
View File

@ -0,0 +1,36 @@
From 9f47fe6b6a9aad001e99f1fdea78a0c54ce8ae55 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 23 Sep 2016 12:12:13 +0200
Subject: [PATCH 1/1] journal: warn when we fail to append a tag to a journal
We shouldn't silently fail when appending the tag to a journal file
since FSS protection will simply be disabled in this case.
(cherry picked from commit 43cd8794839548a6f332875e8bee8bed2652bf2c)
---
src/journal/journal-file.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index e7eecad..a9882cf 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -145,8 +145,13 @@ JournalFile* journal_file_close(JournalFile *f) {
#ifdef HAVE_GCRYPT
/* Write the final tag */
- if (f->seal && f->writable)
- journal_file_append_tag(f);
+ if (f->seal && f->writable) {
+ int r;
+
+ r = journal_file_append_tag(f);
+ if (r < 0)
+ log_error_errno(r, "Failed to append tag when closing journal: %m");
+ }
#endif
journal_file_set_offline(f);
--
2.10.0

51
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch Normal file
View File

@ -0,0 +1,51 @@
From c47885438517ac77ee34a30ee3d09e5deb9968f6 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 29 Sep 2016 19:44:34 +0200
Subject: [PATCH 1/1] pid1: don't return any error in
manager_dispatch_notify_fd() (#4240)
If manager_dispatch_notify_fd() fails and returns an error then the handling of
service notifications will be disabled entirely leading to a compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore and
will kill all services supposed to send such messages.
(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
---
src/core/manager.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 56ca9cf..06d78e4 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1560,10 +1560,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) {
- if (errno == EAGAIN || errno == EINTR)
- return 0;
+ if (!IN_SET(errno, EAGAIN, EINTR))
+ log_error("Failed to receive notification message: %m");
- return -errno;
+ /* It's not an option to return an error here since it
+ * would disable the notification handler entirely. Services
+ * wouldn't be able to send the WATCHDOG message for
+ * example... */
+ return 0;
}
if (n == 0) {
log_debug("Got zero-length notification message. Ignoring.");
@@ -1590,7 +1594,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
r = fdset_new_array(&fds, fd_array, n_fds);
if (r < 0) {
close_many(fd_array, n_fds);
- return log_oom();
+ log_oom();
+ return 0;
}
}
--
2.10.0

38
0001-pid1-more-informative-error-message-for-ignored-noti.patch Normal file
View File

@ -0,0 +1,38 @@
From eb54b43fe31392c9f77505d8f9cd86d1f050b49d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 29 Sep 2016 16:07:41 +0200
Subject: [PATCH 1/1] pid1: more informative error message for ignored
notifications
It's probably easier to diagnose a bad notification message if the
contents are printed. But still, do anything only if debugging is on.
(cherry picked from commit a86b76753d7868c2d05f046f601bc7dc89fc2203)
---
src/core/manager.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 58d346e..0d0158a 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1516,8 +1516,14 @@ static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const
if (UNIT_VTABLE(u)->notify_message)
UNIT_VTABLE(u)->notify_message(u, pid, tags, fds);
- else
- log_unit_debug(u, "Got notification message for unit. Ignoring.");
+ else if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
+ _cleanup_free_ char *x = NULL, *y = NULL;
+
+ x = cescape(buf);
+ if (x)
+ y = ellipsize(x, 20, 90);
+ log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y));
+ }
}
static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
--
2.10.0

82
0001-pid1-process-zero-length-notification-messages-again.patch Normal file
View File

@ -0,0 +1,82 @@
From 98c4bab7add94bdfb6cc238376c47a9c73a4fe39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 29 Sep 2016 16:06:02 +0200
Subject: [PATCH 1/1] pid1: process zero-length notification messages again
This undoes 531ac2b234. I acked that patch without looking at the code
carefully enough. There are two problems:
- we want to process the fds anyway
- in principle empty notification messages are valid, and we should
process them as usual, including logging using log_unit_debug().
(cherry picked from commit 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4)
[fbui: adjust context]
---
src/core/manager.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 06d78e4..58d346e 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1501,13 +1501,12 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
return n;
}
-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
+static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
_cleanup_strv_free_ char **tags = NULL;
assert(m);
assert(u);
assert(buf);
- assert(n > 0);
tags = strv_split(buf, "\n\r");
if (!tags) {
@@ -1569,10 +1568,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
* example... */
return 0;
}
- if (n == 0) {
- log_debug("Got zero-length notification message. Ignoring.");
- return 0;
- }
CMSG_FOREACH(cmsg, &msghdr) {
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
@@ -1609,25 +1604,27 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
return 0;
}
+ /* The message should be a string. Here we make sure it's NUL-terminated,
+ * but only the part until first NUL will be used anyway. */
buf[n] = 0;
/* Notify every unit that might be interested, but try
* to avoid notifying the same one multiple times. */
u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
if (u1) {
- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
+ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
found = true;
}
u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
if (u2 && u2 != u1) {
- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
+ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
found = true;
}
u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
if (u3 && u3 != u2 && u3 != u1) {
- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
+ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
found = true;
}
--
2.10.0

51
0001-rules-block-add-support-for-pmem-devices-3683.patch Normal file
View File

@ -0,0 +1,51 @@
From 31ae8c8741ce9595f4053234d6a6b2fb3616fedf Mon Sep 17 00:00:00 2001
From: bgbhpe <brian.boylston@hpe.com>
Date: Fri, 8 Jul 2016 11:43:56 -0400
Subject: [PATCH 1/1] rules: block: add support for pmem devices (#3683)
Persistent memory devices can be exposed as block devices as /dev/pmemN
and /dev/pmemNs. pmemN is the raw device and is byte-addressable from
within the kernel and when mmapped by applications from a DAX-mounted
file system. pmemNs has the block translation table (BTT) layered on top,
offering atomic sector/block access. Both pmemN and pmemNs are expected
to contain file systems.
blkid(8) and lsblk(8) seem to correctly report on pmemN and pmemNs.
systemd v219 will populate /dev/disk/by-uuid/ when, for example, mkfs is
used on pmem, but systemd v228 does not.
Add pmem to the whitelist.
(cherry picked from commit f3bc4ccc2edf5ad2a99d6ba2795b9999fe76c3df)
[tblume: fixes bsc#988119]
---
rules/60-block.rules | 2 +-
rules/60-persistent-storage.rules | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/60-block.rules b/rules/60-block.rules
index c74caca..42c7597 100644
--- a/rules/60-block.rules
+++ b/rules/60-block.rules
@@ -8,4 +8,4 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_
ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", ATTR{block/*/uevent}="change"
# watch metadata changes, caused by tools closing the device node which was opened for writing
-ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*|nvme*|sd*|vd*|xvd*", OPTIONS+="watch"
+ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*|nvme*|sd*|vd*|xvd*|pmem*", OPTIONS+="watch"
diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
index ee1fb08f..ef5d205 100644
--- a/rules/60-persistent-storage.rules
+++ b/rules/60-persistent-storage.rules
@@ -6,7 +6,7 @@
ACTION=="remove", GOTO="persistent_storage_end"
SUBSYSTEM!="block", GOTO="persistent_storage_end"
-KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*", GOTO="persistent_storage_end"
+KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|pmem*", GOTO="persistent_storage_end"
# ignore partitions that span the entire disk
TEST=="whole_disk", GOTO="persistent_storage_end"
--
2.10.0

79
systemd-mini.changes
View File

@ -1,3 +1,82 @@
-------------------------------------------------------------------
Fri Sep 30 06:07:06 UTC 2016 - fbui@suse.com
- Import a better fix from upstream for bsc#1001765
- Added:
0001-pid1-more-informative-error-message-for-ignored-noti.patch
0001-pid1-process-zero-length-notification-messages-again.patch
- Updated (no code changes, only patch metadata)
0001-If-the-notification-message-length-is-0-ignore-the-m.patch
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
-------------------------------------------------------------------
Thu Sep 29 13:05:44 UTC 2016 - fbui@suse.com
- Re add back "udev: don't require nsserv and fillup"
Did this in the wrong project... it was a complicated day today ;)
-------------------------------------------------------------------
Thu Sep 29 12:51:38 UTC 2016 - fbui@suse.com
- Added 2 patches to fix bsc#1001765
0001-If-the-notification-message-length-is-0-ignore-the-m.patch
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
-------------------------------------------------------------------
Thu Sep 29 06:24:01 UTC 2016 - fbui@suse.com
- Revert "udev: don't require nsserv and fillup"
It's been judged too late for being part of SLE12 final release.
Nevertheless it's part of Factory and will be reintroduced after the
final release is out (ie through an update).
-------------------------------------------------------------------
Mon Sep 26 14:23:14 UTC 2016 - fbui@suse.com
- systemd-sysv-convert: make sure that
/var/lib/systemd/sysv-convert/database is always initialized (bsc#982211)
If "--save" command was used and the sysv init script wasn't enabled
at all the database file wasn't created at all. This makes the
subsequent call to "--apply" fail even though this should not
considered as an error.
-------------------------------------------------------------------
Mon Sep 26 09:09:27 UTC 2016 - fbui@suse.com
- Added patches to fix journal with FSS protection enabled (bsc#1000435)
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
-------------------------------------------------------------------
Wed Sep 21 11:54:39 UTC 2016 - fbui@suse.com
- udev: don't require nsserv and fillup (bsc#999841)
udev has no LSB init scripts nor fillup templates anymore.
-------------------------------------------------------------------
Fri Sep 16 12:38:19 UTC 2016 - fbui@suse.com
- Build require python and python-lxml in order to generate
systemd.directives man page (bsc#986952)
-------------------------------------------------------------------
Fri Sep 16 12:27:02 UTC 2016 - fbui@suse.com
- Add rules: block: add support for pmem devices (#3683) (bsc#988119)
0001-rules-block-add-support-for-pmem-devices-3683.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 6 08:14:06 UTC 2016 - tbechtold@suse.com Tue Sep 6 08:14:06 UTC 2016 - tbechtold@suse.com

33
systemd-mini.spec
View File

@ -27,7 +27,6 @@
%bcond_without networkd %bcond_without networkd
%bcond_without sysvcompat %bcond_without sysvcompat
%bcond_with resolved %bcond_with resolved
%bcond_with python
%bcond_with parentpathid %bcond_with parentpathid
%if 0%{?suse_version} > 1315 %if 0%{?suse_version} > 1315
%bcond_without permission %bcond_without permission
@ -93,12 +92,12 @@ BuildRequires: docbook-xsl-stylesheets
BuildRequires: libgcrypt-devel BuildRequires: libgcrypt-devel
BuildRequires: libxslt-tools BuildRequires: libxslt-tools
# curl and bzip2 are required for building importd # curl and bzip2 are required for building importd
BuildRequires: libapparmor-devel
BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libcurl)
%if %{with python} # python is only required for generating systemd.directives.xml
BuildRequires: python BuildRequires: python3
%endif BuildRequires: python3-lxml
BuildRequires: libapparmor-devel
BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0 BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0
BuildRequires: pkgconfig(libmicrohttpd) BuildRequires: pkgconfig(libmicrohttpd)
BuildRequires: pkgconfig(libqrencode) BuildRequires: pkgconfig(libqrencode)
@ -264,6 +263,15 @@ Patch528: 0001-core-re-sync-bus-name-list-after-deserializing-durin.patch
Patch529: 0001-systemctl-pid1-do-not-warn-about-missing-install-inf.patch Patch529: 0001-systemctl-pid1-do-not-warn-about-missing-install-inf.patch
# PATCH-FIX-UPSTREAM -- fixed after 320 # PATCH-FIX-UPSTREAM -- fixed after 320
Patch530: systemd-230-cgroup2-use-new-fstype-for-unified-hierarchy.patch Patch530: systemd-230-cgroup2-use-new-fstype-for-unified-hierarchy.patch
# PATCH-FIX-UPSTREAM -- fixed after 231
Patch531: 0001-rules-block-add-support-for-pmem-devices-3683.patch
Patch532: 0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
Patch533: 0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
Patch534: 0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
Patch535: 0001-If-the-notification-message-length-is-0-ignore-the-m.patch
Patch536: 0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
Patch537: 0001-pid1-process-zero-length-notification-messages-again.patch
Patch538: 0001-pid1-more-informative-error-message-for-ignored-noti.patch
# UDEV PATCHES # UDEV PATCHES
# ============ # ============
@ -394,8 +402,6 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html
PreReq: /bin/rm PreReq: /bin/rm
PreReq: %insserv_prereq
PreReq: %fillup_prereq
# Avoid bootstrap cycle with sg3_utils # Avoid bootstrap cycle with sg3_utils
%if "%{?mini}" == "" %if "%{?mini}" == ""
PreReq: /usr/bin/sg_inq PreReq: /usr/bin/sg_inq
@ -611,6 +617,14 @@ cp %{SOURCE7} m4/
%patch528 -p1 %patch528 -p1
%patch529 -p1 %patch529 -p1
%patch530 -p1 %patch530 -p1
%patch531 -p1
%patch532 -p1
%patch533 -p1
%patch534 -p1
%patch535 -p1
%patch536 -p1
%patch537 -p1
%patch538 -p1
# udev patches # udev patches
%patch1002 -p1 %patch1002 -p1
@ -683,9 +697,6 @@ export CFLAGS="%{optflags}"
--disable-importd \ --disable-importd \
%else %else
--enable-manpages \ --enable-manpages \
%if %{with python}
--with-python \
%endif
--with-nss-my-hostname-warning \ --with-nss-my-hostname-warning \
%endif %endif
--enable-selinux \ --enable-selinux \
@ -1082,7 +1093,7 @@ if [ "${YAST_IS_RUNNING}" != "instsys" ]; then
fi fi
%postun -n udev%{?mini} %postun -n udev%{?mini}
%insserv_cleanup
systemctl daemon-reload || : systemctl daemon-reload || :
if [ "${YAST_IS_RUNNING}" != "instsys" ]; then if [ "${YAST_IS_RUNNING}" != "instsys" ]; then

12
systemd-sysv-convert
View File

@ -118,9 +118,9 @@ case "$1" in
find_service $service $runlevel find_service $service $runlevel
priority=$? priority=$?
if [ $priority -lt 255 ]; then if [ $priority -lt 255 ]; then
echo "$service $runlevel $priority" >> /var/lib/systemd/sysv-convert/database echo "$service $runlevel $priority"
fi fi
done done >>/var/lib/systemd/sysv-convert/database
done done
;; ;;
--show) --show)
@ -158,11 +158,9 @@ case "$1" in
[ -f "/lib/systemd/system/$service.service" ] && service_file="/lib/systemd/system/$service.service" [ -f "/lib/systemd/system/$service.service" ] && service_file="/lib/systemd/system/$service.service"
[ -f "/usr/lib/systemd/system/$service.service" ] && service_file="/usr/lib/systemd/system/$service.service" [ -f "/usr/lib/systemd/system/$service.service" ] && service_file="/usr/lib/systemd/system/$service.service"
if [ -z "${results_runlevel[$service]}" ]; then # If $service is not present in the database,
echo No information found about service $service found. >/dev/stderr # then it simply means that the sysv init
fail=1 # service was not enabled at all.
continue
fi
for runlevel in ${results_runlevel[$service]}; do for runlevel in ${results_runlevel[$service]}; do
echo ln -sf $service_file /etc/systemd/system/runlevel$runlevel.target.wants/$service.service >/dev/stderr echo ln -sf $service_file /etc/systemd/system/runlevel$runlevel.target.wants/$service.service >/dev/stderr
mkdir -p "/etc/systemd/system/runlevel$runlevel.target.wants" mkdir -p "/etc/systemd/system/runlevel$runlevel.target.wants"

79
systemd.changes
View File

@ -1,3 +1,82 @@
-------------------------------------------------------------------
Fri Sep 30 06:07:06 UTC 2016 - fbui@suse.com
- Import a better fix from upstream for bsc#1001765
- Added:
0001-pid1-more-informative-error-message-for-ignored-noti.patch
0001-pid1-process-zero-length-notification-messages-again.patch
- Updated (no code changes, only patch metadata)
0001-If-the-notification-message-length-is-0-ignore-the-m.patch
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
-------------------------------------------------------------------
Thu Sep 29 13:05:44 UTC 2016 - fbui@suse.com
- Re add back "udev: don't require nsserv and fillup"
Did this in the wrong project... it was a complicated day today ;)
-------------------------------------------------------------------
Thu Sep 29 12:51:38 UTC 2016 - fbui@suse.com
- Added 2 patches to fix bsc#1001765
0001-If-the-notification-message-length-is-0-ignore-the-m.patch
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
-------------------------------------------------------------------
Thu Sep 29 06:24:01 UTC 2016 - fbui@suse.com
- Revert "udev: don't require nsserv and fillup"
It's been judged too late for being part of SLE12 final release.
Nevertheless it's part of Factory and will be reintroduced after the
final release is out (ie through an update).
-------------------------------------------------------------------
Mon Sep 26 14:23:14 UTC 2016 - fbui@suse.com
- systemd-sysv-convert: make sure that
/var/lib/systemd/sysv-convert/database is always initialized (bsc#982211)
If "--save" command was used and the sysv init script wasn't enabled
at all the database file wasn't created at all. This makes the
subsequent call to "--apply" fail even though this should not
considered as an error.
-------------------------------------------------------------------
Mon Sep 26 09:09:27 UTC 2016 - fbui@suse.com
- Added patches to fix journal with FSS protection enabled (bsc#1000435)
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
-------------------------------------------------------------------
Wed Sep 21 11:54:39 UTC 2016 - fbui@suse.com
- udev: don't require nsserv and fillup (bsc#999841)
udev has no LSB init scripts nor fillup templates anymore.
-------------------------------------------------------------------
Fri Sep 16 12:38:19 UTC 2016 - fbui@suse.com
- Build require python and python-lxml in order to generate
systemd.directives man page (bsc#986952)
-------------------------------------------------------------------
Fri Sep 16 12:27:02 UTC 2016 - fbui@suse.com
- Add rules: block: add support for pmem devices (#3683) (bsc#988119)
0001-rules-block-add-support-for-pmem-devices-3683.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 6 08:14:06 UTC 2016 - tbechtold@suse.com Tue Sep 6 08:14:06 UTC 2016 - tbechtold@suse.com

33
systemd.spec
View File

@ -25,7 +25,6 @@
%bcond_without networkd %bcond_without networkd
%bcond_without sysvcompat %bcond_without sysvcompat
%bcond_with resolved %bcond_with resolved
%bcond_with python
%bcond_with parentpathid %bcond_with parentpathid
%if 0%{?suse_version} > 1315 %if 0%{?suse_version} > 1315
%bcond_without permission %bcond_without permission
@ -88,12 +87,12 @@ BuildRequires: docbook-xsl-stylesheets
BuildRequires: libgcrypt-devel BuildRequires: libgcrypt-devel
BuildRequires: libxslt-tools BuildRequires: libxslt-tools
# curl and bzip2 are required for building importd # curl and bzip2 are required for building importd
BuildRequires: libapparmor-devel
BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libcurl)
%if %{with python} # python is only required for generating systemd.directives.xml
BuildRequires: python BuildRequires: python3
%endif BuildRequires: python3-lxml
BuildRequires: libapparmor-devel
BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0 BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0
BuildRequires: pkgconfig(libmicrohttpd) BuildRequires: pkgconfig(libmicrohttpd)
BuildRequires: pkgconfig(libqrencode) BuildRequires: pkgconfig(libqrencode)
@ -259,6 +258,15 @@ Patch528: 0001-core-re-sync-bus-name-list-after-deserializing-durin.patch
Patch529: 0001-systemctl-pid1-do-not-warn-about-missing-install-inf.patch Patch529: 0001-systemctl-pid1-do-not-warn-about-missing-install-inf.patch
# PATCH-FIX-UPSTREAM -- fixed after 320 # PATCH-FIX-UPSTREAM -- fixed after 320
Patch530: systemd-230-cgroup2-use-new-fstype-for-unified-hierarchy.patch Patch530: systemd-230-cgroup2-use-new-fstype-for-unified-hierarchy.patch
# PATCH-FIX-UPSTREAM -- fixed after 231
Patch531: 0001-rules-block-add-support-for-pmem-devices-3683.patch
Patch532: 0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
Patch533: 0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
Patch534: 0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
Patch535: 0001-If-the-notification-message-length-is-0-ignore-the-m.patch
Patch536: 0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
Patch537: 0001-pid1-process-zero-length-notification-messages-again.patch
Patch538: 0001-pid1-more-informative-error-message-for-ignored-noti.patch
# UDEV PATCHES # UDEV PATCHES
# ============ # ============
@ -389,8 +397,6 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html
PreReq: /bin/rm PreReq: /bin/rm
PreReq: %insserv_prereq
PreReq: %fillup_prereq
# Avoid bootstrap cycle with sg3_utils # Avoid bootstrap cycle with sg3_utils
%if "%{?mini}" == "" %if "%{?mini}" == ""
PreReq: /usr/bin/sg_inq PreReq: /usr/bin/sg_inq
@ -606,6 +612,14 @@ cp %{SOURCE7} m4/
%patch528 -p1 %patch528 -p1
%patch529 -p1 %patch529 -p1
%patch530 -p1 %patch530 -p1
%patch531 -p1
%patch532 -p1
%patch533 -p1
%patch534 -p1
%patch535 -p1
%patch536 -p1
%patch537 -p1
%patch538 -p1
# udev patches # udev patches
%patch1002 -p1 %patch1002 -p1
@ -678,9 +692,6 @@ export CFLAGS="%{optflags}"
--disable-importd \ --disable-importd \
%else %else
--enable-manpages \ --enable-manpages \
%if %{with python}
--with-python \
%endif
--with-nss-my-hostname-warning \ --with-nss-my-hostname-warning \
%endif %endif
--enable-selinux \ --enable-selinux \
@ -1077,7 +1088,7 @@ if [ "${YAST_IS_RUNNING}" != "instsys" ]; then
fi fi
%postun -n udev%{?mini} %postun -n udev%{?mini}
%insserv_cleanup
systemctl daemon-reload || : systemctl daemon-reload || :
if [ "${YAST_IS_RUNNING}" != "instsys" ]; then if [ "${YAST_IS_RUNNING}" != "instsys" ]; then