From f450a5fd76b5382aaf409ec156e93f84d4b3ffe3593d574ce2024fd25895a98a Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jun 2023 11:04:49 +0000 Subject: [PATCH 1/8] - Temporarily add 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's backported to the next stable release See https://github.com/systemd/systemd/pull/28000 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1396 --- ...ice-when-resetting-PID-also-reset-kn.patch | 41 +++++++++++++++++++ systemd.changes | 9 ++++ systemd.spec | 1 + 3 files changed, 51 insertions(+) create mode 100644 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch diff --git a/5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch b/5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch new file mode 100644 index 00000000..aedd52d9 --- /dev/null +++ b/5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch @@ -0,0 +1,41 @@ +From 996b00ede87d6a870332e63974a7d4def3c2f1b0 Mon Sep 17 00:00:00 2001 +From: msizanoen +Date: Mon, 12 Jun 2023 10:30:12 +0700 +Subject: [PATCH 5002/5002] Revert "core/service: when resetting PID also reset + known flag" + +This reverts commit ff32060f2ed37b68dc26256b05e2e69013b0ecfe. + +This change is incorrect as we don't want to mark the PID as invalid but +only mark it as dead. + +The change in question also breaks user level socket activation for +`podman.service` as the termination of the main `podman system service` +process is not properly handled, causing any application accessing the +socket to hang. + +This is because the user-level `podman.service` unit also hosts two +non-main processes: `rootlessport` and `rootlessport-child` which causes +the `cgroup_good` check to still succeed. + +The original submitter of this commit is recommended to find another +more correct way to fix the cgroupsv1 issue on CentOS 8. +--- + src/core/service.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 171e091dff..cecdd3bf50 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -3752,7 +3752,6 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { + return; + + s->main_pid = 0; +- s->main_pid_known = false; + exec_status_exit(&s->main_exec_status, &s->exec_context, pid, code, status); + + if (s->main_command) { +-- +2.35.3 + diff --git a/systemd.changes b/systemd.changes index 5aa4e43c..d0349f42 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Jun 20 07:05:34 UTC 2023 - Franck Bui + +- Temporarily add + 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's + backported to the next stable release + + See https://github.com/systemd/systemd/pull/28000 + ------------------------------------------------------------------- Fri Jun 16 14:38:33 UTC 2023 - Franck Bui diff --git a/systemd.spec b/systemd.spec index dc1958ec..8d878b4b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -216,6 +216,7 @@ Patch12: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # will be removed as soon as a proper fix will be merged by upstream. Patch5000: 5000-core-manager-run-generators-directly-when-we-are-in-.patch Patch5001: 5001-Revert-core-propagate-stop-too-if-restart-is-issued.patch +Patch5002: 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch %description Systemd is a system and service manager, compatible with SysV and LSB From 6bdc7a067a11f91daeda84ba6d00bcc8e7c55d7397685c8ee4f59991505f2d41 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jun 2023 15:55:18 +0000 Subject: [PATCH 2/8] - file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we ensure that packages that really need the tmpfiles in advance to use the right API which is %tmpfiles_create_package. - file-triggers: to be consistent with what we already does with tmpfiles, we skip the call to systemd-sysusers and delay system user creations until the next reboot. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1397 --- systemd.changes | 19 +++++++++++++++++-- triggers.systemd | 8 ++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/systemd.changes b/systemd.changes index d0349f42..6e86b09a 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Jun 20 15:46:04 UTC 2023 - Franck Bui + +- file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we + ensure that packages that really need the tmpfiles in advance to use the right + API which is %tmpfiles_create_package. + +- file-triggers: to be consistent with what we already does with tmpfiles, we + skip the call to systemd-sysusers and delay system user creations until the + next reboot. + ------------------------------------------------------------------- Tue Jun 20 07:05:34 UTC 2023 - Franck Bui @@ -10,8 +21,12 @@ Tue Jun 20 07:05:34 UTC 2023 - Franck Bui ------------------------------------------------------------------- Fri Jun 16 14:38:33 UTC 2023 - Franck Bui -- Make sure to skip the call to systemd-tmpfile in the file-triggers when - running on transaction systems +- file-triggers: make sure to skip the call to systemd-tmpfile in the + file-triggers when running on transaction systems (bsc#1212449) + + systemd-tmpfiles usually modifies paths that are not supposed to change during + transactional updates (e.g. /var, /run). On transaction systems changes will + happen on the next reboot. ------------------------------------------------------------------- Thu Jun 1 15:58:24 UTC 2023 - Franck Bui diff --git a/triggers.systemd b/triggers.systemd index 7792e8ac..74621f94 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -72,7 +72,10 @@ end -- This script will process files installed in /usr/lib/sysusers.d to create -- specified users automatically. The priority is set such that it -- will run before the tmpfiles file trigger. -assert(rpm.execute("systemd-sysusers")) +-- Note: /run is never mounted during transactional updates. +if posix.access("/run/systemd/system") then + assert(rpm.execute("systemd-sysusers")) +end %if %{without bootstrap} %transfiletriggerin -P 1000700 -n udev -p -- /usr/lib/udev/hwdb.d @@ -102,7 +105,8 @@ end -- This script will process files installed in /usr/lib/tmpfiles.d to create -- tmpfiles automatically. The priority is set such that it will run -- after the sysusers file trigger, but before any other triggers. -if os.getenv("TRANSACTIONAL_UPDATE") == nil then +-- Note: /run is never mounted during transactional updates. +if posix.access("/run/systemd/system") then assert(rpm.execute("systemd-tmpfiles", "--create")) endf From d1bee00c93c5e04d5aee782b135faaefc6eaddb85a3bf8d3d5cedc48d0f68152 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 21 Jun 2023 09:32:38 +0000 Subject: [PATCH 3/8] - file-triggers: fix lua trigger priority for sysusers (bsc#1212376) A single digit in the priority used for sysusers got dropped somehow and upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it in the lua implementation. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1398 --- systemd.changes | 9 +++++++++ triggers.systemd | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/systemd.changes b/systemd.changes index 6e86b09a..546b3bd4 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Jun 21 09:28:29 UTC 2023 - Franck Bui + +- file-triggers: fix lua trigger priority for sysusers (bsc#1212376) + + A single digit in the priority used for sysusers got dropped somehow and + upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it + in the lua implementation. + ------------------------------------------------------------------- Tue Jun 20 15:46:04 UTC 2023 - Franck Bui diff --git a/triggers.systemd b/triggers.systemd index 74621f94..5a0e6c16 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -68,7 +68,7 @@ elseif pid > 0 then posix.wait(pid) end -%transfiletriggerin -P 100700 -p -- /usr/lib/sysusers.d +%transfiletriggerin -P 1000700 -p -- /usr/lib/sysusers.d -- This script will process files installed in /usr/lib/sysusers.d to create -- specified users automatically. The priority is set such that it -- will run before the tmpfiles file trigger. From 9cfbe73b24c9fa8062b4b28656e011c7fa92dbd36e7894164d5b5b02d7020d4b Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 21 Jun 2023 10:33:46 +0000 Subject: [PATCH 4/8] - Make sure to pre-install the groups systemd and udev rely on. This is needed when the tmpfiles are run at package installation time (i.e. when file-triggers are disabled). OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1399 --- systemd.changes | 7 +++++++ systemd.spec | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/systemd.changes b/systemd.changes index 546b3bd4..610c1964 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jun 21 10:30:58 UTC 2023 - Franck Bui + +- Make sure to pre-install the groups systemd and udev rely on. This is needed + when the tmpfiles are run at package installation time (i.e. when + file-triggers are disabled). + ------------------------------------------------------------------- Wed Jun 21 09:28:29 UTC 2023 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 8d878b4b..2a8e6ce4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ %bcond_without testsuite %endif # Kept to ease migrations toward SLE -%bcond_without filetriggers +%bcond_with filetriggers %bcond_with split_usr Name: systemd%{?mini} @@ -137,7 +137,7 @@ Requires: netcfg >= 11.5 Requires: systemd-default-settings-branding Requires: systemd-presets-branding Requires: util-linux >= 2.27.1 -Requires: group(lock) +Requires(pre): group(lock) # This Recommends because some symbols of libpcre2 are dlopen()ed by journalctl Recommends: libpcre2-8-0 Recommends: libbpf0 @@ -323,7 +323,7 @@ Requires: %{name} = %{version}-%{release} Requires: filesystem Requires: kmod Requires: system-group-hardware -Requires: group(kvm) +Requires(pre): group(kvm) Requires(post): sed Requires(post): coreutils Requires(postun):coreutils From 7cf9a2fc29b199aa22e0d2e97f7e67871379dac2a48d165f5d3db4398e386d3c Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 21 Jun 2023 11:30:56 +0000 Subject: [PATCH 5/8] re-enable file-triggers which was mistakenly disabled by the previous commit OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1400 --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2a8e6ce4..51278d5d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ %bcond_without testsuite %endif # Kept to ease migrations toward SLE -%bcond_with filetriggers +%bcond_without filetriggers %bcond_with split_usr Name: systemd%{?mini} From 71b2d07e917ceb593b43058386d20ed6848eb6e95f8e853c1d8508e960f5e6a7 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 21 Jun 2023 11:34:13 +0000 Subject: [PATCH 6/8] fixlet-container-post.sh and systemd-nspawn.conf are only shipped when machined is enabled OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1401 --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 51278d5d..e5e52419 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1097,14 +1097,14 @@ fi %endif %post container +%if %{with machined} %if %{without filetriggers} %tmpfiles_create systemd-nspawn.conf %endif -%if %{with machined} %systemd_post machines.target %ldconfig -%endif %{_systemd_util_dir}/rpm/fixlet-container-post.sh $1 || : +%endif %if %{with coredump} %post coredump From bf15b6e6e6cbe074e3e647cad3f7800947ffa1660e0f7dee79c8316bf856b396 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 21 Jun 2023 12:38:22 +0000 Subject: [PATCH 7/8] when the tmpfiles are run at package installation time. Theoretically with only "Requires(pre): group()", rpm is allowed to drop the group at the end of the package installations hence let's keep "Requires: group()" dep. Note: this is also needed when (post)file-triggers are enabled due to the current limitation of the default libzypp transaction backend. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1402 --- systemd.changes | 8 ++++++-- systemd.spec | 13 +++++++++---- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/systemd.changes b/systemd.changes index 610c1964..23682c86 100644 --- a/systemd.changes +++ b/systemd.changes @@ -2,8 +2,12 @@ Wed Jun 21 10:30:58 UTC 2023 - Franck Bui - Make sure to pre-install the groups systemd and udev rely on. This is needed - when the tmpfiles are run at package installation time (i.e. when - file-triggers are disabled). + when the tmpfiles are run at package installation time. Theoretically with + only "Requires(pre): group()", rpm is allowed to drop the group at the end of + the package installations hence let's keep "Requires: group()" dep. + + Note: this is also needed when (post)file-triggers are enabled due to the + current limitation of the default libzypp transaction backend. ------------------------------------------------------------------- Wed Jun 21 09:28:29 UTC 2023 - Franck Bui diff --git a/systemd.spec b/systemd.spec index e5e52419..7aeb2d5f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -137,15 +137,17 @@ Requires: netcfg >= 11.5 Requires: systemd-default-settings-branding Requires: systemd-presets-branding Requires: util-linux >= 2.27.1 +Requires: group(lock) +# The next dependency is also needed with file-triggers enabled due to the way +# the libzypp default transaction backend works. Requires(pre): group(lock) -# This Recommends because some symbols of libpcre2 are dlopen()ed by journalctl -Recommends: libpcre2-8-0 -Recommends: libbpf0 - Requires(post): coreutils Requires(post): findutils Requires(post): systemd-presets-branding Requires(post): pam-config >= 0.79-5 +# This Recommends because some symbols of libpcre2 are dlopen()ed by journalctl +Recommends: libpcre2-8-0 +Recommends: libbpf0 %endif Conflicts: filesystem < 11.5 Conflicts: mkinitrd < 2.7.0 @@ -323,6 +325,9 @@ Requires: %{name} = %{version}-%{release} Requires: filesystem Requires: kmod Requires: system-group-hardware +Requires: group(kvm) +# The next dependency is also needed with file-triggers enabled due to the way +# the libzypp default transaction backend works. Requires(pre): group(kvm) Requires(post): sed Requires(post): coreutils From 2fd40c132762a9f204bb79d3cd809d1b2496c2e6c5d3679639e3d49378c96d4d Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Wed, 21 Jun 2023 12:57:45 +0000 Subject: [PATCH 8/8] fix a sentence in systemd.changes OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1403 --- systemd.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.changes b/systemd.changes index 23682c86..69e7e057 100644 --- a/systemd.changes +++ b/systemd.changes @@ -22,7 +22,7 @@ Wed Jun 21 09:28:29 UTC 2023 - Franck Bui Tue Jun 20 15:46:04 UTC 2023 - Franck Bui - file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we - ensure that packages that really need the tmpfiles in advance to use the right + ensure that packages that really need the tmpfiles in advance use the right API which is %tmpfiles_create_package. - file-triggers: to be consistent with what we already does with tmpfiles, we