diff --git a/0001-conf-parser-introduce-early-drop-ins.patch b/0001-conf-parser-introduce-early-drop-ins.patch index 0d06f860..47f4da7c 100644 --- a/0001-conf-parser-introduce-early-drop-ins.patch +++ b/0001-conf-parser-introduce-early-drop-ins.patch @@ -1,7 +1,7 @@ -From 288be40eb94ddc1d549a98556baea71d20df224f Mon Sep 17 00:00:00 2001 +From 77391d9baf86f10daf210ccf5527e0155a33fc73 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Fri, 22 Jan 2021 14:57:08 +0100 -Subject: [PATCH 1/8] conf-parser: introduce 'early' drop-ins +Subject: [PATCH 1/1] conf-parser: introduce 'early' drop-ins MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -62,14 +62,14 @@ drop this feature at any time. Fixes: #2121 --- src/shared/conf-parser.c | 55 ++++++++++-- - src/test/test-conf-parser.c | 164 ++++++++++++++++++++++++++++++++++++ - 2 files changed, 214 insertions(+), 5 deletions(-) + src/test/test-conf-parser.c | 166 +++++++++++++++++++++++++++++++++++- + 2 files changed, 215 insertions(+), 6 deletions(-) diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c -index 5cb41a39da..86dc1c95f6 100644 +index 29051ca0e3..72935030ea 100644 --- a/src/shared/conf-parser.c +++ b/src/shared/conf-parser.c -@@ -478,6 +478,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s +@@ -477,6 +477,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s static int config_parse_many_files( const char* const* conf_files, @@ -77,7 +77,7 @@ index 5cb41a39da..86dc1c95f6 100644 char **files, const char *sections, ConfigItemLookup lookup, -@@ -496,6 +497,20 @@ static int config_parse_many_files( +@@ -495,6 +496,20 @@ static int config_parse_many_files( return -ENOMEM; } @@ -98,7 +98,7 @@ index 5cb41a39da..86dc1c95f6 100644 /* First read the first found main config file. */ STRV_FOREACH(fn, conf_files) { r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &st); -@@ -534,6 +549,27 @@ static int config_parse_many_files( +@@ -533,6 +548,27 @@ static int config_parse_many_files( return 0; } @@ -126,7 +126,7 @@ index 5cb41a39da..86dc1c95f6 100644 /* Parse each config file in the directories specified as nulstr. */ int config_parse_many_nulstr( const char *conf_file, -@@ -545,15 +581,19 @@ int config_parse_many_nulstr( +@@ -544,15 +580,19 @@ int config_parse_many_nulstr( void *userdata, Hashmap **ret_stats_by_path) { @@ -149,7 +149,7 @@ index 5cb41a39da..86dc1c95f6 100644 ret_stats_by_path); } -@@ -591,6 +631,7 @@ int config_parse_many( +@@ -590,6 +630,7 @@ int config_parse_many( Hashmap **ret_stats_by_path, char ***ret_dropin_files) { @@ -157,7 +157,7 @@ index 5cb41a39da..86dc1c95f6 100644 _cleanup_strv_free_ char **files = NULL; int r; -@@ -603,12 +644,16 @@ int config_parse_many( +@@ -602,12 +643,16 @@ int config_parse_many( if (r < 0) return r; @@ -177,20 +177,22 @@ index 5cb41a39da..86dc1c95f6 100644 return 0; } diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c -index 8c27dcac3f..745e4a127a 100644 +index 0acb4131b5..96a52e759f 100644 --- a/src/test/test-conf-parser.c +++ b/src/test/test-conf-parser.c -@@ -5,6 +5,9 @@ +@@ -5,7 +5,10 @@ #include "fs-util.h" #include "log.h" #include "macro.h" +-#include "string-util.h" +#include "mkdir.h" ++#include "nulstr-util.h" +#include "path-util.h" +#include "rm-rf.h" - #include "string-util.h" #include "strv.h" #include "tests.h" -@@ -391,4 +394,165 @@ TEST(config_parse) { + #include "tmpfile-util.h" +@@ -390,4 +393,165 @@ TEST(config_parse) { test_config_parse_one(i, config_file[i]); } diff --git a/5000-core-manager-run-generators-directly-when-we-are-in-.patch b/5000-core-manager-run-generators-directly-when-we-are-in-.patch new file mode 100644 index 00000000..20c0b682 --- /dev/null +++ b/5000-core-manager-run-generators-directly-when-we-are-in-.patch @@ -0,0 +1,34 @@ +From 9d0f728f65e6c3ad586e276c1ed3c2cd8cc944be Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH 5000/5000] core/manager: run generators directly when we are + in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 380a4e30d7..6135205761 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } +-- +2.35.3 + diff --git a/files.devel b/files.devel index 2bd1c670..f9248ea5 100644 --- a/files.devel +++ b/files.devel @@ -197,6 +197,8 @@ %{_mandir}/man3/sd_bus_emit_properties_changed.3.gz %{_mandir}/man3/sd_bus_emit_properties_changed_strv.3.gz %{_mandir}/man3/sd_bus_emit_signal.3.gz +%{_mandir}/man3/sd_bus_emit_signal_to.3.gz +%{_mandir}/man3/sd_bus_emit_signal_tov.3.gz %{_mandir}/man3/sd_bus_emit_signalv.3.gz %{_mandir}/man3/sd_bus_enqueue_for_read.3.gz %{_mandir}/man3/sd_bus_error.3.gz @@ -312,6 +314,7 @@ %{_mandir}/man3/sd_bus_message_new_method_errorf.3.gz %{_mandir}/man3/sd_bus_message_new_method_return.3.gz %{_mandir}/man3/sd_bus_message_new_signal.3.gz +%{_mandir}/man3/sd_bus_message_new_signal_to.3.gz %{_mandir}/man3/sd_bus_message_open_container.3.gz %{_mandir}/man3/sd_bus_message_peek_type.3.gz %{_mandir}/man3/sd_bus_message_read.3.gz @@ -663,6 +666,14 @@ %{_mandir}/man3/sd_pid_notify.3.gz %{_mandir}/man3/sd_pid_notify_with_fds.3.gz %{_mandir}/man3/sd_pid_notifyf.3.gz +%{_mandir}/man3/sd_pidfd_get_cgroup.3.gz +%{_mandir}/man3/sd_pidfd_get_machine_name.3.gz +%{_mandir}/man3/sd_pidfd_get_owner_uid.3.gz +%{_mandir}/man3/sd_pidfd_get_session.3.gz +%{_mandir}/man3/sd_pidfd_get_slice.3.gz +%{_mandir}/man3/sd_pidfd_get_unit.3.gz +%{_mandir}/man3/sd_pidfd_get_user_slice.3.gz +%{_mandir}/man3/sd_pidfd_get_user_unit.3.gz %{_mandir}/man3/sd_seat_can_graphical.3.gz %{_mandir}/man3/sd_seat_can_tty.3.gz %{_mandir}/man3/sd_seat_get_active.3.gz diff --git a/files.experimental b/files.experimental index 6bc23ede..0cea03ba 100644 --- a/files.experimental +++ b/files.experimental @@ -27,6 +27,7 @@ %{_mandir}/man1/oomctl.1.gz %if %{with sd_boot} %{_mandir}/man1/systemd-measure.1.gz +%{_mandir}/man1/ukify.1.gz %endif %{_mandir}/man1/userdbctl.1.gz %{_mandir}/man5/homed.conf.5.gz @@ -43,6 +44,9 @@ %{_mandir}/man8/systemd-oomd.8.gz %{_mandir}/man8/systemd-oomd.service.8.gz %if %{with sd_boot} +%{_mandir}/man8/systemd-pcrfs-root.service.8.gz +%{_mandir}/man8/systemd-pcrfs@.service.8.gz +%{_mandir}/man8/systemd-pcrmachine.service.8.gz %{_mandir}/man8/systemd-pcrphase-initrd.service.8.gz %{_mandir}/man8/systemd-pcrphase-sysinit.service.8.gz %{_mandir}/man8/systemd-pcrphase.8.gz @@ -72,9 +76,13 @@ %{_systemd_util_dir}/systemd-sysupdate %{_systemd_util_dir}/systemd-userdbd %{_systemd_util_dir}/systemd-userwork +%if %{with sd_boot} +%{_systemd_util_dir}/ukify +%endif %{_sysusersdir}/systemd-oom.conf %if %{with sd_boot} %{_unitdir}/initrd.target.wants/systemd-pcrphase-initrd.service +%{_unitdir}/sysinit.target.wants/systemd-pcrmachine.service %{_unitdir}/sysinit.target.wants/systemd-pcrphase-sysinit.service %{_unitdir}/sysinit.target.wants/systemd-pcrphase.service %endif @@ -83,6 +91,9 @@ %{_unitdir}/systemd-oomd.service %{_unitdir}/systemd-oomd.socket %if %{with sd_boot} +%{_unitdir}/systemd-pcrfs-root.service +%{_unitdir}/systemd-pcrfs@.service +%{_unitdir}/systemd-pcrmachine.service %{_unitdir}/systemd-pcrphase-initrd.service %{_unitdir}/systemd-pcrphase-sysinit.service %{_unitdir}/systemd-pcrphase.service diff --git a/files.systemd b/files.systemd index b7b53f15..6d2276f1 100644 --- a/files.systemd +++ b/files.systemd @@ -100,6 +100,7 @@ %{_bindir}/localectl %{_bindir}/loginctl %{_bindir}/systemctl +%{_bindir}/systemd-ac-power %{_bindir}/systemd-analyze %{_bindir}/systemd-ask-password %{_bindir}/systemd-cat @@ -232,8 +233,8 @@ %{_libdir}/libnss_myhostname.so.2 %{_libdir}/libnss_systemd.so.2 %endif -%{_libdir}/systemd/libsystemd-core-252.so -%{_libdir}/systemd/libsystemd-shared-252.so +%{_libdir}/systemd/libsystemd-core-253.so +%{_libdir}/systemd/libsystemd-shared-253.so %if %{without bootstrap} %{_mandir}/man1/busctl.1.gz %{_mandir}/man1/hostnamectl.1.gz @@ -242,6 +243,7 @@ %{_mandir}/man1/localectl.1.gz %{_mandir}/man1/loginctl.1.gz %{_mandir}/man1/systemctl.1.gz +%{_mandir}/man1/systemd-ac-power.1.gz %{_mandir}/man1/systemd-analyze.1.gz %{_mandir}/man1/systemd-ask-password.1.gz %{_mandir}/man1/systemd-cat.1.gz @@ -445,7 +447,6 @@ %{_systemd_util_dir}/scripts/upgrade-from-pre-210.sh %{_systemd_util_dir}/system-preset/99-default.preset %{_systemd_util_dir}/systemd -%{_systemd_util_dir}/systemd-ac-power %{_systemd_util_dir}/systemd-binfmt %{_systemd_util_dir}/systemd-boot-check-no-failures %{_systemd_util_dir}/systemd-cgroups-agent @@ -505,6 +506,7 @@ %{_systemdgeneratordir}/systemd-system-update-generator %{_sysusersdir}/systemd-journal.conf %{_sysusersdir}/systemd-timesync.conf +%{_tmpfilesdir}/credstore.conf %{_tmpfilesdir}/journal-nocow.conf %{_tmpfilesdir}/provision.conf %{_tmpfilesdir}/suse.conf @@ -641,6 +643,7 @@ %{_unitdir}/systemd-hybrid-sleep.service %{_unitdir}/systemd-journal-catalog-update.service %{_unitdir}/systemd-journal-flush.service +%{_unitdir}/systemd-journald-audit.socket %{_unitdir}/systemd-journald-dev-log.socket %{_unitdir}/systemd-journald-varlink@.socket %{_unitdir}/systemd-journald.service diff --git a/files.udev b/files.udev index 1ea1a437..a793d096 100644 --- a/files.udev +++ b/files.udev @@ -94,7 +94,6 @@ %endif %{_prefix}/lib/udev/fido_id %{_prefix}/lib/udev/mtd_probe -%{_prefix}/lib/udev/path_id_compat %{_prefix}/lib/udev/scsi_id %{_prefix}/lib/udev/v4l_id %{_systemd_util_dir}/network/99-default.link @@ -174,7 +173,6 @@ %{_udevrulesdir}/60-persistent-v4l.rules %{_udevrulesdir}/60-sensor.rules %{_udevrulesdir}/60-serial.rules -%{_udevrulesdir}/61-persistent-storage-compat.rules %{_udevrulesdir}/64-btrfs.rules %{_udevrulesdir}/70-camera.rules %{_udevrulesdir}/70-joystick.rules @@ -226,6 +224,8 @@ %{_unitdir}/system-systemd\x2dcryptsetup.slice %endif %{_unitdir}/systemd-backlight@.service +%{_unitdir}/systemd-growfs-root.service +%{_unitdir}/systemd-growfs@.service %{_unitdir}/systemd-hwdb-update.service %if %{without bootstrap} %{_unitdir}/systemd-modules-load.service diff --git a/files.uefi-boot b/files.uefi-boot index 75c3d0c4..7c50c27a 100644 --- a/files.uefi-boot +++ b/files.uefi-boot @@ -26,19 +26,20 @@ %{_mandir}/man8/systemd-bless-boot-generator.8.gz %{_mandir}/man8/systemd-bless-boot.8.gz %{_mandir}/man8/systemd-bless-boot.service.8.gz -%{_mandir}/man8/systemd-boot-system-token.service.8.gz +%{_mandir}/man8/systemd-boot-random-seed.service.8.gz %endif %{_prefix}/lib/kernel/install.conf %{_prefix}/lib/kernel/install.d/50-depmod.install %{_prefix}/lib/kernel/install.d/90-loaderentry.install +%{_prefix}/lib/kernel/install.d/90-uki-copy.install # These are the few exceptions where glob pattern is allowed. %{_systemd_util_dir}/boot/efi/linux*.efi.stub %{_systemd_util_dir}/boot/efi/linux*.elf.stub %{_systemd_util_dir}/boot/efi/systemd-boot*.efi %{_systemd_util_dir}/systemd-bless-boot %{_systemdgeneratordir}/systemd-bless-boot-generator -%{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service +%{_unitdir}/sysinit.target.wants/systemd-boot-random-seed.service %{_unitdir}/systemd-bless-boot.service -%{_unitdir}/systemd-boot-system-token.service +%{_unitdir}/systemd-boot-random-seed.service %{_unitdir}/systemd-boot-update.service %endif diff --git a/systemd-v252.7+suse.50.gd447802fee.tar.xz b/systemd-v252.7+suse.50.gd447802fee.tar.xz deleted file mode 100644 index 0a07938e..00000000 --- a/systemd-v252.7+suse.50.gd447802fee.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd9f697fdbb194da090ef87f472c1c6d05d16cfa49b3b668648ea6d3c8f177d2 -size 8089304 diff --git a/systemd-v253.1.tar.xz b/systemd-v253.1.tar.xz new file mode 100644 index 00000000..18ac8b19 --- /dev/null +++ b/systemd-v253.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:84aad84973ab74246f5eff59641a5570c3a0bb6fce66402a4644212d71f38d07 +size 8205144 diff --git a/systemd.changes b/systemd.changes index 897181a9..c87c37ca 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Thu Mar 9 10:38:10 UTC 2023 - Franck Bui + +- Add 5000-core-manager-run-generators-directly-when-we-are-in-.patch, a + temporary workaround until https://github.com/dracutdevs/dracut/issues/2211 is + fixed in dracut. + +------------------------------------------------------------------- +Mon Mar 6 10:08:33 UTC 2023 - Franck Bui + +- Upgrade to v253.1 (commit 6c327d74aa0d350482e82a247d7018559699798d) + + See https://github.com/openSUSE/systemd/blob/SUSE/v253/NEWS for details. + + * Rebased 0001-conf-parser-introduce-early-drop-ins.patch + + * Ship systemd-journald-audit.socket again: it can now be disabled via the + usual "systemctl disable" mechanism to stop collection of audit + messages. Note that it's handled by the preset logic, which turns it off by + default. + + * TEST_06_SELINUX needs selinux-policy-devel. + ------------------------------------------------------------------- Mon Mar 6 08:40:35 UTC 2023 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 75d654a5..a4b18fcc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -19,7 +19,7 @@ %global flavor @BUILD_FLAVOR@%{nil} %define min_kernel_version 4.5 -%define archive_version +suse.50.gd447802fee +%define archive_version %nil %define _testsuitedir /usr/lib/systemd/tests %define xinitconfdir %{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}/X11/xinit @@ -72,7 +72,7 @@ Name: systemd%{?mini} URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 252.7 +Version: 253.1 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -209,9 +209,10 @@ Patch12: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # Patches listed below are put in quarantine. Normally all changes must go to # upstream first and then are cherry-picked in the SUSE git repository. But for -# very few cases, some stuff might be broken in upstream and need to be fixed -# quickly. But even in these cases, the patches are temporary and should be -# removed as soon as a fix is merged by upstream. +# very few cases, some stuff might be broken in upstream and need to be fixed or +# worked around quickly. In these cases, the patches are added temporarily and +# will be removed as soon as a proper fix will be merged by upstream. +Patch5000: 5000-core-manager-run-generators-directly-when-we-are-in-.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -530,6 +531,7 @@ Requires: netcat Requires: python3-pexpect Requires: qemu-kvm Requires: quota +Requires: selinux-policy-devel Requires: socat Requires: squashfs Requires: systemd-container @@ -885,8 +887,8 @@ rm -f %{buildroot}%{_presetdir}/*.preset echo 'disable *' >%{buildroot}%{_presetdir}/99-default.preset echo 'disable *' >%{buildroot}%{_userpresetdir}/99-default.preset -# The tmpfiles dealing with the generic paths is pretty messy -# currently because: +# The current situation with tmpfiles snippets dealing with the generic paths is +# pretty messy currently because: # # 1. filesystem package wants to define the generic paths and some of them # conflict with the definition given by systemd in var.conf, see @@ -930,12 +932,6 @@ fi # still be used by yast. cat %{SOURCE14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map -# Don't ship systemd-journald-audit.socket as there's no other way for us to -# prevent journald from recording audit messages in the journal by default -# (bsc#1109252). -rm -f %{buildroot}%{_unitdir}/systemd-journald-audit.socket -rm -f %{buildroot}%{_unitdir}/sockets.target.wants/systemd-journald-audit.socket - %if %{with testsuite} # -Dinstall_test took care of installing the unit tests only (those in # src/tests) and testdata directory. Here we copy the integration tests @@ -964,6 +960,7 @@ tar -cO \ %systemd_pre remote-fs.target %systemd_pre getty@.service %systemd_pre systemd-timesyncd.service +%systemd_pre systemd-journald-audit.socket %post # Make /etc/machine-id an empty file during package installation. On the first @@ -1023,6 +1020,7 @@ fi %systemd_post remote-fs.target %systemd_post getty@.service %systemd_post systemd-timesyncd.service +%systemd_post systemd-journald-audit.socket # v228 wrongly set world writable suid root permissions on timestamp files used # by permanent timers. Fix the timestamps that might have been created by the @@ -1314,13 +1312,13 @@ fi %defattr(-,root,root) %license LICENSE.LGPL2.1 %{_libdir}/libsystemd.so.0 -%{_libdir}/libsystemd.so.0.35.0 +%{_libdir}/libsystemd.so.0.36.0 %files -n libudev%{?mini}1 %defattr(-,root,root) %license LICENSE.LGPL2.1 %{_libdir}/libudev.so.1 -%{_libdir}/libudev.so.1.7.5 +%{_libdir}/libudev.so.1.7.6 %if %{with coredump} %files coredump