From 7474d62c55eb4d9a48832f8c3c9701f9e02c3958dc80dafe83ec244f58815554 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 2 Nov 2015 11:54:15 +0000 Subject: [PATCH] Accepting request 341375 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/341375 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=224 --- ...unt-units-pulled-by-RequiresMountsFo.patch | 49 +++ ...ting-for-unit-termination-in-certain.patch | 140 +++++++ systemd-mini.changes | 57 +++ systemd-mini.spec | 62 +-- systemd-sysv-install | 26 ++ systemd.changes | 57 +++ systemd.spec | 62 +-- tty-ask-password-agent-on-console.patch | 363 ++++++++++++------ 8 files changed, 626 insertions(+), 190 deletions(-) create mode 100644 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch create mode 100644 0002-units-enable-waiting-for-unit-termination-in-certain.patch create mode 100644 systemd-sysv-install diff --git a/0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch b/0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch new file mode 100644 index 00000000..5161b8ca --- /dev/null +++ b/0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch @@ -0,0 +1,49 @@ +From 6a102f90a2ee50e43998d64819e8bd4ee241c22b Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 8 Oct 2015 19:06:06 +0200 +Subject: [PATCH 1/2] Make sure the mount units pulled by 'RequiresMountsFor=' + are loaded (if they exist) + +We should make sure that mount units involved by 'RequiresMountsFor=' +directives are really loaded if not required by any others units so +that Requires= dependencies on the mount units are applied and thus +the mount unit dependencies are started. + +(cherry picked from commit 9b3757e9c8c8d6e161481193c4ef60e425a9ae41) +--- + src/core/unit.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index dd5e801..dc7bc5a 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1141,13 +1141,23 @@ static int unit_add_mount_dependencies(Unit *u) { + char prefix[strlen(*i) + 1]; + + PATH_FOREACH_PREFIX_MORE(prefix, *i) { ++ _cleanup_free_ char *p = NULL; + Unit *m; + +- r = manager_get_unit_by_path(u->manager, prefix, ".mount", &m); ++ r = unit_name_from_path(prefix, ".mount", &p); + if (r < 0) + return r; +- if (r == 0) ++ ++ m = manager_get_unit(u->manager, p); ++ if (!m) { ++ /* Make sure to load the mount unit if ++ * it exists. If so the dependencies ++ * on this unit will be added later ++ * during the loading of the mount ++ * unit. */ ++ (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m); + continue; ++ } + if (m == u) + continue; + +-- +2.6.0 + diff --git a/0002-units-enable-waiting-for-unit-termination-in-certain.patch b/0002-units-enable-waiting-for-unit-termination-in-certain.patch new file mode 100644 index 00000000..4cad2861 --- /dev/null +++ b/0002-units-enable-waiting-for-unit-termination-in-certain.patch @@ -0,0 +1,140 @@ +From d7f920bfcb0296fed214d4d3a21d64de09a68521 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 1 Sep 2015 17:25:59 +0200 +Subject: [PATCH 2/2] units: enable waiting for unit termination in certain + cases + +The legacy cgroup hierarchy does not support reliable empty +notifications in containers and if there are left-over subgroups in a +cgroup. This makes it hard to correctly wait for them running empty, and +thus we previously disabled this logic entirely. + +With this change we explicitly check for the container case, and whether +the unit is a "delegation" unit (i.e. one where programs may create +their own subgroups). If we are neither in a container, nor operating on +a delegation unit cgroup empty notifications become reliable and thus we +start waiting for the empty notifications again. + +This doesn't really fix the general problem around cgroup notifications +but reduces the effect around it. + +(This also reorders #include lines by their focus, as suggsted in +CODING_STYLE. We have to add "virt.h", so let's do that at the right +place.) + +Also see #317. + +(cherry picked from commit e9db43d5910717a1084924c512bf85e2b8265375) +--- + src/core/cgroup.c | 12 ++++++++++++ + src/core/cgroup.h | 2 ++ + src/core/unit.c | 40 +++++++++++++++++++++++----------------- + 3 files changed, 37 insertions(+), 17 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 6474e08..65af351 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1127,6 +1127,18 @@ int unit_reset_cpu_usage(Unit *u) { + return 0; + } + ++bool unit_cgroup_delegate(Unit *u) { ++ CGroupContext *c; ++ ++ assert(u); ++ ++ c = unit_get_cgroup_context(u); ++ if (!c) ++ return false; ++ ++ return c->delegate; ++} ++ + static const char* const cgroup_device_policy_table[_CGROUP_DEVICE_POLICY_MAX] = { + [CGROUP_AUTO] = "auto", + [CGROUP_CLOSED] = "closed", +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 869ddae..7b38d21 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -130,5 +130,7 @@ int unit_get_memory_current(Unit *u, uint64_t *ret); + int unit_get_cpu_usage(Unit *u, nsec_t *ret); + int unit_reset_cpu_usage(Unit *u); + ++bool unit_cgroup_delegate(Unit *u); ++ + const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_; + CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_; +diff --git a/src/core/unit.c b/src/core/unit.c +index dc7bc5a..275f567 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -28,26 +28,28 @@ + #include "sd-id128.h" + #include "sd-messages.h" + #include "set.h" +-#include "unit.h" + #include "macro.h" + #include "strv.h" + #include "path-util.h" +-#include "load-fragment.h" +-#include "load-dropin.h" + #include "log.h" +-#include "unit-name.h" +-#include "dbus-unit.h" +-#include "special.h" + #include "cgroup-util.h" + #include "missing.h" + #include "mkdir.h" + #include "fileio-label.h" ++#include "formats-util.h" ++#include "process-util.h" ++#include "virt.h" + #include "bus-common-errors.h" ++#include "bus-util.h" ++#include "dropin.h" ++#include "unit-name.h" ++#include "special.h" ++#include "unit.h" ++#include "load-fragment.h" ++#include "load-dropin.h" + #include "dbus.h" ++#include "dbus-unit.h" + #include "execute.h" +-#include "dropin.h" +-#include "formats-util.h" +-#include "process-util.h" + + const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = { + [UNIT_SERVICE] = &service_vtable, +@@ -3535,14 +3537,18 @@ int unit_kill_context( + } else if (r > 0) { + + /* FIXME: For now, we will not wait for the +- * cgroup members to die, simply because +- * cgroup notification is unreliable. It +- * doesn't work at all in containers, and +- * outside of containers it can be confused +- * easily by leaving directories in the +- * cgroup. */ +- +- /* wait_for_exit = true; */ ++ * cgroup members to die if we are running in ++ * a container or if this is a delegation ++ * unit, simply because cgroup notification is ++ * unreliable in these cases. It doesn't work ++ * at all in containers, and outside of ++ * containers it can be confused easily by ++ * left-over directories in the cgroup -- ++ * which however should not exist in ++ * non-delegated units. */ ++ ++ if (detect_container(NULL) == 0 && !unit_cgroup_delegate(u)) ++ wait_for_exit = true; + + if (c->send_sighup && k != KILL_KILL) { + set_free(pid_set); +-- +2.6.0 + diff --git a/systemd-mini.changes b/systemd-mini.changes index fcf4a2ad..ce46d87e 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Wed Oct 21 20:18:58 UTC 2015 - dmueller@suse.com + +- enable seccomp for aarch64 (fate#318444) + +------------------------------------------------------------------- +Thu Oct 15 14:12:44 UTC 2015 - fbui@suse.com + +- Fix again UEFI for mini package + +------------------------------------------------------------------- +Thu Oct 15 09:07:51 UTC 2015 - jengelh@inai.de + +- Drop one more undesirable Obsoletes/Provides. This should have + been a Conflicts. (There was already a Conflicts, and since + Conflicts go both ways, we won't need a second one.) + +------------------------------------------------------------------- +Thu Oct 15 08:19:00 UTC 2015 - werner@suse.de + +- No UEFI for systemd-mini + +------------------------------------------------------------------- +Mon Oct 12 11:34:13 UTC 2015 - fbui@suse.com + +- Add 2 upstream patches to fix boo#949574 and bsc#932284 + 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch + 0002-units-enable-waiting-for-unit-termination-in-certain.patch + +------------------------------------------------------------------- +Fri Oct 9 18:03:02 UTC 2015 - fbui@suse.com + +- Disable systemd-boot on aarch64 since it fails to build. + Error while compiling src/boot/efi/util.o is: + usr/include/efi/aarch64/efibind.h:2:20: fatal error: stdint.h: No such file or directory + +------------------------------------------------------------------- +Fri Oct 9 07:16:45 UTC 2015 - fbui@suse.com + +- Fix UEFI detection logic: basically we let configure.ac figure out + if UEFI is supported by the current build environment. No need to + clutter the spec file with a new conditionnal %has_efi. + +- Provide systemd-bootx64.efi (aka gummiboot) + +------------------------------------------------------------------- +Tue Oct 6 15:13:04 UTC 2015 - werner@suse.de + +- Modify patch tty-ask-password-agent-on-console.patch to reflect + the changes done for pull request 1432 + +------------------------------------------------------------------- +Thu Oct 1 15:58:32 UTC 2015 - jengelh@inai.de + +- Undo Obsoletes/Provides (from Aug 11), creates too big a cycle. +- Provide systemd-sysv-install program/link [bnc#948353] + ------------------------------------------------------------------- Fri Sep 25 14:20:41 UTC 2015 - werner@suse.de diff --git a/systemd-mini.spec b/systemd-mini.spec index 10026de9..e4c8d278 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -29,11 +29,6 @@ %bcond_with resolved %bcond_with python %bcond_with parentpathid -%ifarch %{ix86} x86_64 aarch64 -%define has_efi 1 -%else -%define has_efi 0 -%endif %if 0%{?suse_version} > 1315 %bcond_without permission %bcond_without blkrrpart @@ -77,16 +72,21 @@ BuildRequires: pkgconfig(libkmod) >= 15 BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(mount) >= 2.26 -%ifarch %ix86 x86_64 x32 %arm ppc64le s390x +%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x BuildRequires: pkgconfig(libseccomp) %endif +%ifarch %{ix86} x86_64 +BuildRequires: gnu-efi +%endif BuildRequires: pkgconfig(libselinux) >= 2.1.9 BuildRequires: pkgconfig(libsepol) Conflicts: sysvinit +Conflicts: otherproviders(systemd) %if 0%{?bootstrap} #!BuildIgnore: dbus-1 +Requires: this-is-only-for-build-envs Provides: systemd = %version-%release -Conflicts: otherproviders(systemd) +Conflicts: kiwi %else BuildRequires: docbook-xsl-stylesheets BuildRequires: libgcrypt-devel @@ -143,6 +143,7 @@ Source7: libgcrypt.m4 Source9: nss-myhostname-config Source10: macros.systemd.upstream Source11: after-local.service +Source12: systemd-sysv-install Source1065: systemd-remount-tmpfs @@ -181,6 +182,10 @@ Patch38: rules-add-lid-switch-of-ARM-based-Chromebook-as-a-power-sw.patch Patch84: make-emergency.service-conflict-with-syslog.socket.patch # PATCH-FIX-SUSE 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch Patch86: 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch +# PATCH-FIX-UPSTREAM (boo#949574) +Patch87: 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch +# PATCH-FIX-UPSTREAM (bsc#932284) +Patch88: 0002-units-enable-waiting-for-unit-termination-in-certain.patch # PATCH-FIX-SUSE 0001-On_s390_con3270_disable_ANSI_colour_esc.patch Patch90: 0001-On_s390_con3270_disable_ANSI_colour_esc.patch # PATCH-FIX-SUSE plymouth-quit-and-wait-for-emergency-service.patch -- Make sure that no plymouthd is locking the tty @@ -324,11 +329,8 @@ Requires: libsystemd0%{?mini} = %version Requires: systemd-rpm-macros %if 0%{?bootstrap} Provides: systemd-devel = %version-%release -Conflicts: otherproviders(systemd-devel) -%else -Obsoletes: systemd-mini-devel -Provides: systemd-mini-devel %endif +Conflicts: otherproviders(systemd-devel) %description devel Development headers and auxiliary files for developing applications for systemd. @@ -351,9 +353,7 @@ License: LGPL-2.1+ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libsystemd0 -%else -Obsoletes: libsystemd0-mini -Provides: libsystemd0-mini +Requires: this-is-only-for-build-envs %endif %description -n libsystemd0%{?mini} @@ -411,11 +411,9 @@ Conflicts: ConsoleKit < 0.4.1 Requires: filesystem %if 0%{?bootstrap} Provides: udev = %version-%release -Conflicts: otherproviders(udev) -%else -Obsoletes: udev-mini -Provides: udev-mini +Conflicts: kiwi %endif +Conflicts: otherproviders(udev) %description -n udev%{?mini} Udev creates and removes device nodes in /dev for devices discovered or @@ -433,9 +431,6 @@ License: LGPL-2.1+ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libudev1 -%else -Obsoletes: libudev1-mini -Provides: libudev1-mini %endif %description -n libudev%{?mini}1 @@ -449,11 +444,8 @@ Group: Development/Libraries/C and C++ Requires: libudev%{?mini}1 = %version-%release %if 0%{?bootstrap} Provides: libudev-devel = %version-%release -Conflicts: otherproviders(libudev-devel) -%else -Obsoletes: libudev-mini-devel -Provides: libudev-mini-devel %endif +Conflicts: otherproviders(libudev-devel) %description -n libudev%{?mini}-devel This package contains the development files for the library libudev, a @@ -565,6 +557,8 @@ cp %{SOURCE7} m4/ %patch42 -p1 %patch84 -p1 %patch86 -p1 +%patch87 -p1 +%patch88 -p1 %patch90 -p1 %patch91 -p1 %patch120 -p1 @@ -700,9 +694,6 @@ cflags -Wl,--hash-size=8599 LDFLAGS --enable-selinux \ --enable-split-usr \ --disable-static \ -%if ! 0%{?has_efi} - --disable-efi \ -%endif --with-rc-local-script-path-start=/etc/init.d/boot.local \ --with-rc-local-script-path-stop=/etc/init.d/halt.local \ --with-debug-shell=/bin/bash \ @@ -726,6 +717,7 @@ make %{?_smp_mflags} update-man-list man %install make install DESTDIR="%buildroot" +install -pm0755 "%_sourcedir/systemd-sysv-install" "%buildroot/%_prefix/lib/systemd/" # move to %{_lib} %if ! 0%{?bootstrap} @@ -1147,6 +1139,7 @@ exit 0 %{_bindir}/networkctl %endif %{_bindir}/busctl +%{_bindir}/bootctl %{_bindir}/kernel-install %{_bindir}/hostnamectl %{_bindir}/localectl @@ -1187,6 +1180,7 @@ exit 0 %dir %{_prefix}/lib/systemd %dir %{_prefix}/lib/systemd/user %dir %{_prefix}/lib/systemd/system +%exclude %{_prefix}/lib/systemd/systemd-sysv* %exclude %{_prefix}/lib/systemd/system/systemd-udev*.* %exclude %{_prefix}/lib/systemd/system/udev.service %exclude %{_prefix}/lib/systemd/system/initrd-udevadm-cleanup-db.service @@ -1236,9 +1230,6 @@ exit 0 %{_prefix}/lib/systemd/system-generators/systemd-cryptsetup-generator %endif %{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator -%if 0%{has_efi} -%{_bindir}/bootctl -%endif %{_prefix}/lib/systemd/system-generators/systemd-debug-generator %{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator %if %{with sysvcompat} @@ -1255,6 +1246,13 @@ exit 0 /%{_lib}/security/pam_systemd.so %config /etc/pam.d/systemd-user +%ifarch %{ix86} x86_64 +%dir %{_prefix}/lib/systemd/boot +%dir %{_prefix}/lib/systemd/boot/efi +%{_prefix}/lib/systemd/boot/efi/*.efi +%{_prefix}/lib/systemd/boot/efi/*.stub +%endif + %dir %{_libexecdir}/modules-load.d %dir %{_sysconfdir}/modules-load.d %{_libexecdir}/modules-load.d/sg.conf @@ -1443,6 +1441,8 @@ exit 0 %{_mandir}/man8/telinit.8* %{_mandir}/man8/runlevel.8* %endif +%dir %_prefix/lib/systemd +%_prefix/lib/systemd/systemd-sysv-install %files -n udev%{?mini} %defattr(-,root,root) diff --git a/systemd-sysv-install b/systemd-sysv-install new file mode 100644 index 00000000..d116728e --- /dev/null +++ b/systemd-sysv-install @@ -0,0 +1,26 @@ +#!/bin/sh +set -e + +usage() { + echo "Usage: $0 [--root=path] enable|disable|is-enabled " >&2 + exit 1 +} +eval set -- "$(getopt -o r: --long root: -- "$@")" +while true; do + case "$1" in + -r|--root) + ROOT="$2" + shift 2 ;; + --) shift ; break ;; + *) usage ;; + esac +done +NAME="$2" +ROOT="${ROOT:+--root=$ROOT}" +[ -n "$NAME" ] || usage +case "$1" in + enable) chkconfig $ROOT -a "$NAME" ;; + disable) chkconfig $ROOT -r "$NAME" ;; + is-enabled) chkconfig $ROOT -t "$NAME" ;; + *) usage ;; +esac diff --git a/systemd.changes b/systemd.changes index fcf4a2ad..ce46d87e 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Wed Oct 21 20:18:58 UTC 2015 - dmueller@suse.com + +- enable seccomp for aarch64 (fate#318444) + +------------------------------------------------------------------- +Thu Oct 15 14:12:44 UTC 2015 - fbui@suse.com + +- Fix again UEFI for mini package + +------------------------------------------------------------------- +Thu Oct 15 09:07:51 UTC 2015 - jengelh@inai.de + +- Drop one more undesirable Obsoletes/Provides. This should have + been a Conflicts. (There was already a Conflicts, and since + Conflicts go both ways, we won't need a second one.) + +------------------------------------------------------------------- +Thu Oct 15 08:19:00 UTC 2015 - werner@suse.de + +- No UEFI for systemd-mini + +------------------------------------------------------------------- +Mon Oct 12 11:34:13 UTC 2015 - fbui@suse.com + +- Add 2 upstream patches to fix boo#949574 and bsc#932284 + 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch + 0002-units-enable-waiting-for-unit-termination-in-certain.patch + +------------------------------------------------------------------- +Fri Oct 9 18:03:02 UTC 2015 - fbui@suse.com + +- Disable systemd-boot on aarch64 since it fails to build. + Error while compiling src/boot/efi/util.o is: + usr/include/efi/aarch64/efibind.h:2:20: fatal error: stdint.h: No such file or directory + +------------------------------------------------------------------- +Fri Oct 9 07:16:45 UTC 2015 - fbui@suse.com + +- Fix UEFI detection logic: basically we let configure.ac figure out + if UEFI is supported by the current build environment. No need to + clutter the spec file with a new conditionnal %has_efi. + +- Provide systemd-bootx64.efi (aka gummiboot) + +------------------------------------------------------------------- +Tue Oct 6 15:13:04 UTC 2015 - werner@suse.de + +- Modify patch tty-ask-password-agent-on-console.patch to reflect + the changes done for pull request 1432 + +------------------------------------------------------------------- +Thu Oct 1 15:58:32 UTC 2015 - jengelh@inai.de + +- Undo Obsoletes/Provides (from Aug 11), creates too big a cycle. +- Provide systemd-sysv-install program/link [bnc#948353] + ------------------------------------------------------------------- Fri Sep 25 14:20:41 UTC 2015 - werner@suse.de diff --git a/systemd.spec b/systemd.spec index 609bab8f..6c43ffee 100644 --- a/systemd.spec +++ b/systemd.spec @@ -27,11 +27,6 @@ %bcond_with resolved %bcond_with python %bcond_with parentpathid -%ifarch %{ix86} x86_64 aarch64 -%define has_efi 1 -%else -%define has_efi 0 -%endif %if 0%{?suse_version} > 1315 %bcond_without permission %bcond_without blkrrpart @@ -72,16 +67,21 @@ BuildRequires: pkgconfig(libkmod) >= 15 BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(mount) >= 2.26 -%ifarch %ix86 x86_64 x32 %arm ppc64le s390x +%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x BuildRequires: pkgconfig(libseccomp) %endif +%ifarch %{ix86} x86_64 +BuildRequires: gnu-efi +%endif BuildRequires: pkgconfig(libselinux) >= 2.1.9 BuildRequires: pkgconfig(libsepol) Conflicts: sysvinit +Conflicts: otherproviders(systemd) %if 0%{?bootstrap} #!BuildIgnore: dbus-1 +Requires: this-is-only-for-build-envs Provides: systemd = %version-%release -Conflicts: otherproviders(systemd) +Conflicts: kiwi %else BuildRequires: docbook-xsl-stylesheets BuildRequires: libgcrypt-devel @@ -138,6 +138,7 @@ Source7: libgcrypt.m4 Source9: nss-myhostname-config Source10: macros.systemd.upstream Source11: after-local.service +Source12: systemd-sysv-install Source1065: systemd-remount-tmpfs @@ -176,6 +177,10 @@ Patch38: rules-add-lid-switch-of-ARM-based-Chromebook-as-a-power-sw.patch Patch84: make-emergency.service-conflict-with-syslog.socket.patch # PATCH-FIX-SUSE 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch Patch86: 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch +# PATCH-FIX-UPSTREAM (boo#949574) +Patch87: 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch +# PATCH-FIX-UPSTREAM (bsc#932284) +Patch88: 0002-units-enable-waiting-for-unit-termination-in-certain.patch # PATCH-FIX-SUSE 0001-On_s390_con3270_disable_ANSI_colour_esc.patch Patch90: 0001-On_s390_con3270_disable_ANSI_colour_esc.patch # PATCH-FIX-SUSE plymouth-quit-and-wait-for-emergency-service.patch -- Make sure that no plymouthd is locking the tty @@ -319,11 +324,8 @@ Requires: libsystemd0%{?mini} = %version Requires: systemd-rpm-macros %if 0%{?bootstrap} Provides: systemd-devel = %version-%release -Conflicts: otherproviders(systemd-devel) -%else -Obsoletes: systemd-mini-devel -Provides: systemd-mini-devel %endif +Conflicts: otherproviders(systemd-devel) %description devel Development headers and auxiliary files for developing applications for systemd. @@ -346,9 +348,7 @@ License: LGPL-2.1+ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libsystemd0 -%else -Obsoletes: libsystemd0-mini -Provides: libsystemd0-mini +Requires: this-is-only-for-build-envs %endif %description -n libsystemd0%{?mini} @@ -406,11 +406,9 @@ Conflicts: ConsoleKit < 0.4.1 Requires: filesystem %if 0%{?bootstrap} Provides: udev = %version-%release -Conflicts: otherproviders(udev) -%else -Obsoletes: udev-mini -Provides: udev-mini +Conflicts: kiwi %endif +Conflicts: otherproviders(udev) %description -n udev%{?mini} Udev creates and removes device nodes in /dev for devices discovered or @@ -428,9 +426,6 @@ License: LGPL-2.1+ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libudev1 -%else -Obsoletes: libudev1-mini -Provides: libudev1-mini %endif %description -n libudev%{?mini}1 @@ -444,11 +439,8 @@ Group: Development/Libraries/C and C++ Requires: libudev%{?mini}1 = %version-%release %if 0%{?bootstrap} Provides: libudev-devel = %version-%release -Conflicts: otherproviders(libudev-devel) -%else -Obsoletes: libudev-mini-devel -Provides: libudev-mini-devel %endif +Conflicts: otherproviders(libudev-devel) %description -n libudev%{?mini}-devel This package contains the development files for the library libudev, a @@ -560,6 +552,8 @@ cp %{SOURCE7} m4/ %patch42 -p1 %patch84 -p1 %patch86 -p1 +%patch87 -p1 +%patch88 -p1 %patch90 -p1 %patch91 -p1 %patch120 -p1 @@ -695,9 +689,6 @@ cflags -Wl,--hash-size=8599 LDFLAGS --enable-selinux \ --enable-split-usr \ --disable-static \ -%if ! 0%{?has_efi} - --disable-efi \ -%endif --with-rc-local-script-path-start=/etc/init.d/boot.local \ --with-rc-local-script-path-stop=/etc/init.d/halt.local \ --with-debug-shell=/bin/bash \ @@ -721,6 +712,7 @@ make %{?_smp_mflags} update-man-list man %install make install DESTDIR="%buildroot" +install -pm0755 "%_sourcedir/systemd-sysv-install" "%buildroot/%_prefix/lib/systemd/" # move to %{_lib} %if ! 0%{?bootstrap} @@ -1142,6 +1134,7 @@ exit 0 %{_bindir}/networkctl %endif %{_bindir}/busctl +%{_bindir}/bootctl %{_bindir}/kernel-install %{_bindir}/hostnamectl %{_bindir}/localectl @@ -1182,6 +1175,7 @@ exit 0 %dir %{_prefix}/lib/systemd %dir %{_prefix}/lib/systemd/user %dir %{_prefix}/lib/systemd/system +%exclude %{_prefix}/lib/systemd/systemd-sysv* %exclude %{_prefix}/lib/systemd/system/systemd-udev*.* %exclude %{_prefix}/lib/systemd/system/udev.service %exclude %{_prefix}/lib/systemd/system/initrd-udevadm-cleanup-db.service @@ -1231,9 +1225,6 @@ exit 0 %{_prefix}/lib/systemd/system-generators/systemd-cryptsetup-generator %endif %{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator -%if 0%{has_efi} -%{_bindir}/bootctl -%endif %{_prefix}/lib/systemd/system-generators/systemd-debug-generator %{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator %if %{with sysvcompat} @@ -1250,6 +1241,13 @@ exit 0 /%{_lib}/security/pam_systemd.so %config /etc/pam.d/systemd-user +%ifarch %{ix86} x86_64 +%dir %{_prefix}/lib/systemd/boot +%dir %{_prefix}/lib/systemd/boot/efi +%{_prefix}/lib/systemd/boot/efi/*.efi +%{_prefix}/lib/systemd/boot/efi/*.stub +%endif + %dir %{_libexecdir}/modules-load.d %dir %{_sysconfdir}/modules-load.d %{_libexecdir}/modules-load.d/sg.conf @@ -1438,6 +1436,8 @@ exit 0 %{_mandir}/man8/telinit.8* %{_mandir}/man8/runlevel.8* %endif +%dir %_prefix/lib/systemd +%_prefix/lib/systemd/systemd-sysv-install %files -n udev%{?mini} %defattr(-,root,root) diff --git a/tty-ask-password-agent-on-console.patch b/tty-ask-password-agent-on-console.patch index ae962403..9490adc2 100644 --- a/tty-ask-password-agent-on-console.patch +++ b/tty-ask-password-agent-on-console.patch @@ -1,6 +1,6 @@ -From 633a5904c1c4e363a7147f47e2d9fdb1925f7b9f Mon Sep 17 00:00:00 2001 +From 907bc2aa36f58c6050cd4b7b290e0992a4373e49 Mon Sep 17 00:00:00 2001 From: Werner Fink -Date: Fri, 25 Sep 2015 14:28:58 +0200 +Date: Wed, 30 Sep 2015 15:00:41 +0200 Subject: [PATCH] Ask for passphrases not only on the first console of /dev/console @@ -9,22 +9,45 @@ where often a serial console together with other consoles are used. Even rack based servers attachted to both a serial console as well as having a virtual console do sometimes miss a connected monitor. + +To be able to ask on all terminal devices of /dev/console the devices +are collected. If more than one device are found, then on each of the +terminals a inquiring task for passphrase is forked and do not return +to the caller. + +Every task has its own session and its own controlling terminal. +If one of the tasks does handle a password, the remaining tasks +will be terminated. + +Also let contradictory options on the command of +systemd-tty-ask-password-agent fail. + +Spwan for each device of the system console /dev/console a own process. + +Replace the system call wait() with with system call waitid(). --- - src/tty-ask-password-agent/tty-ask-password-agent.c | 191 ++++++++++++++++++++- - 1 file changed, 186 insertions(+), 5 deletions(-) + src/tty-ask-password-agent.c | 264 ++++++++++++++++++++- + 1 file changed, 255 insertions(+), 9 deletions(-) diff --git src/tty-ask-password-agent/tty-ask-password-agent.c src/tty-ask-password-agent/tty-ask-password-agent.c -index 82cbf95..928a5e8 100644 +index 4630eb9..df4bada 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c -@@ -31,6 +31,10 @@ +@@ -4,6 +4,7 @@ + This file is part of systemd. + + Copyright 2010 Lennart Poettering ++ Copyright 2015 Werner Fink + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by +@@ -31,6 +32,9 @@ #include #include #include +#include +#include +#include -+#include #include "util.h" #include "mkdir.h" @@ -37,7 +60,7 @@ index 82cbf95..928a5e8 100644 static enum { ACTION_LIST, -@@ -53,6 +59,19 @@ static enum { +@@ -53,8 +59,21 @@ static enum { ACTION_WALL } arg_action = ACTION_QUERY; @@ -46,88 +69,101 @@ index 82cbf95..928a5e8 100644 + char *tty; +}; + -+static volatile unsigned long *usemask; +static volatile sig_atomic_t sigchild; -+static void chld_handler(int sig) -+{ -+ (void)sig; ++ ++static void chld_handler(int sig) { + ++sigchild; +} + static bool arg_plymouth = false; static bool arg_console = false; ++static bool arg_device = false; ++static const char *current_dev = "/dev/console"; -@@ -210,6 +229,69 @@ static int ask_password_plymouth( + static int ask_password_plymouth( + const char *message, +@@ -211,6 +230,80 @@ static int ask_password_plymouth( return 0; } -+static void free_consoles(struct console *con, const unsigned int num) { ++static void free_consoles(struct console *con, unsigned int num) { + unsigned int n; -+ if (!con || !num) ++ ++ if (!con || num == 0) + return; ++ + for (n = 0; n < num; n++) + free(con[n].tty); ++ + free(con); +} + -+static const char *current_dev = "/dev/console"; -+static struct console* collect_consoles(unsigned int * num) { ++static int collect_consoles(struct console **consoles, unsigned int *num) { + _cleanup_free_ char *active = NULL; + const char *word, *state; + struct console *con = NULL; + size_t con_len = 0, len; ++ unsigned int count = 0; + int ret; + + assert(num); -+ assert(*num == 0); ++ assert(consoles); + + ret = read_one_line_file("/sys/class/tty/console/active", &active); + if (ret < 0) -+ return con; ++ return log_error_errno(ret, "Failed to read /sys/class/tty/console/active: %m"); ++ + FOREACH_WORD(word, len, active, state) { + _cleanup_free_ char *tty = NULL; + -+ if (strneq(word, "tty0", len) && -+ read_one_line_file("/sys/class/tty/tty0/active", &tty) >= 0) { ++ if (len == 4 && strneq(word, "tty0", 4)) { ++ ++ ret = read_one_line_file("/sys/class/tty/tty0/active", &tty); ++ if (ret < 0) ++ return log_error_errno(ret, "Failed to read /sys/class/tty/tty0/active: %m"); ++ + word = tty; + len = strlen(tty); + } -+ con = greedy_realloc((void**)&con, &con_len, 1+(*num), sizeof(struct console)); -+ if (con == NULL) { -+ log_oom(); -+ return NULL; ++ ++ con = GREEDY_REALLOC(con, con_len, 1+count); ++ if (!con) ++ return log_oom(); ++ ++ if (asprintf(&con[count].tty, "/dev/%.*s", (int)len, word) < 0) { ++ free_consoles(con, count); ++ return log_oom(); + } -+ if (asprintf(&con[*num].tty, "/dev/%.*s", (int)len, word) < 0) { -+ free_consoles(con, *num); -+ log_oom(); -+ *num = 0; -+ return NULL; -+ } -+ con[*num].pid = 0; -+ (*num)++; ++ ++ con[count].pid = 0; ++ count++; + } -+ if (con == NULL) { -+ con = greedy_realloc((void**)&con, &con_len, 1, sizeof(struct console)); -+ if (con == NULL) { -+ log_oom(); -+ return NULL; -+ } ++ ++ if (!con) { ++ con = GREEDY_REALLOC(con, con_len, 1); ++ if (!con) ++ return log_oom(); ++ + con[0].tty = strdup(current_dev); -+ if (con[0].tty == NULL) { ++ if (!con[0].tty) { + free_consoles(con, 1); -+ log_oom(); -+ return NULL; ++ return log_oom(); + } ++ + con[0].pid = 0; -+ (*num)++; ++ count++; + } -+ return con; ++ ++ *num = count; ++ *consoles = con; ++ ++ return 0; +} + static int parse_password(const char *filename, char **wall) { _cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL; uint64_t not_after = 0; -@@ -310,7 +392,7 @@ static int parse_password(const char *filename, char **wall) { +@@ -311,7 +404,7 @@ static int parse_password(const char *fi _cleanup_free_ char *password = NULL; if (arg_console) { @@ -136,137 +172,208 @@ index 82cbf95..928a5e8 100644 if (tty_fd < 0) return tty_fd; } -@@ -614,8 +696,90 @@ static int parse_argv(int argc, char *argv[]) { +@@ -554,7 +647,7 @@ static int parse_argv(int argc, char *ar + { "watch", no_argument, NULL, ARG_WATCH }, + { "wall", no_argument, NULL, ARG_WALL }, + { "plymouth", no_argument, NULL, ARG_PLYMOUTH }, +- { "console", no_argument, NULL, ARG_CONSOLE }, ++ { "console", optional_argument, NULL, ARG_CONSOLE }, + {} + }; + +@@ -598,6 +691,10 @@ static int parse_argv(int argc, char *ar + + case ARG_CONSOLE: + arg_console = true; ++ if (optarg && *optarg) { ++ current_dev = optarg; ++ arg_device = true; ++ } + break; + + case '?': +@@ -612,9 +709,143 @@ static int parse_argv(int argc, char *ar + return -EINVAL; + } + ++ if (arg_plymouth || arg_console) { ++ ++ if (!IN_SET(arg_action, ACTION_QUERY, ACTION_WATCH)) { ++ log_error("%s conflicting options --query and --watch.", program_invocation_short_name); ++ return -EINVAL; ++ } ++ ++ if (arg_plymouth && arg_console) { ++ log_error("%s conflicting options --plymouth and --console.", program_invocation_short_name); ++ return -EINVAL; ++ } ++ } ++ return 1; } -+static unsigned int wfa_child(const struct console * con, const unsigned int id) -+{ -+ setsid(); -+ release_terminal(); -+ *usemask |= 1 << id; /* shared memory area */ -+ current_dev = con[id].tty; -+ return id; -+} -+ -+static unsigned int wait_for_answer(void) -+{ -+ struct console *consoles; ++/* ++ * To be able to ask on all terminal devices of /dev/console ++ * the devices are collected. If more than one device are found, ++ * then on each of the terminals a inquiring task is forked. ++ * Every task has its own session and its own controlling terminal. ++ * If one of the tasks does handle a password, the remaining tasks ++ * will be terminated. ++ */ ++static int ask_on_consoles(int argc, char *argv[]) { ++ struct console *consoles = NULL; + struct sigaction sig = { + .sa_handler = chld_handler, + .sa_flags = SA_NOCLDSTOP | SA_RESTART, + }; + struct sigaction oldsig; -+ sigset_t set, oldset; ++ sigset_t oldset; + unsigned int num = 0, id; -+ int status = 0, ret; -+ pid_t job; ++ siginfo_t status = {}; ++ int ret; + -+ consoles = collect_consoles(&num); -+ if (!consoles) { -+ log_error("Failed to query password: %m"); -+ exit(EXIT_FAILURE); -+ } -+ if (num < 2) -+ return wfa_child(consoles, 0); ++ ret = collect_consoles(&consoles, &num); ++ if (ret < 0) ++ return log_error_errno(ret, "Failed to query password: %m"); ++ ++ assert_se(sigprocmask_many(SIG_UNBLOCK, &oldset, SIGHUP, SIGCHLD, -1) >= 0); ++ ++ assert_se(sigemptyset(&sig.sa_mask) >= 0); ++ assert_se(sigaction(SIGCHLD, &sig, &oldsig) >= 0); + -+ assert_se(sigemptyset(&set) == 0); -+ assert_se(sigaddset(&set, SIGHUP) == 0); -+ assert_se(sigaddset(&set, SIGCHLD) == 0); -+ assert_se(sigemptyset(&sig.sa_mask) == 0); -+ assert_se(sigprocmask(SIG_UNBLOCK, &set, &oldset) == 0); -+ assert_se(sigaction(SIGCHLD, &sig, &oldsig) == 0); + sig.sa_handler = SIG_DFL; -+ assert_se(sigaction(SIGHUP, &sig, NULL) == 0); ++ assert_se(sigaction(SIGHUP, &sig, NULL) >= 0); + + for (id = 0; id < num; id++) { + consoles[id].pid = fork(); + -+ if (consoles[id].pid < 0) { -+ log_error("Failed to query password: %m"); -+ exit(EXIT_FAILURE); -+ } ++ if (consoles[id].pid < 0) ++ return log_error_errno(errno, "Failed to query password: %m"); + + if (consoles[id].pid == 0) { -+ if (prctl(PR_SET_PDEATHSIG, SIGHUP) < 0) -+ _exit(EXIT_FAILURE); ++ char *conarg; ++ int ac; ++ ++ conarg = strjoina("--console=", consoles[id].tty); ++ if (!conarg) ++ return log_oom(); ++ ++ free_consoles(consoles, num); /* not used anymore */ ++ ++ assert_se(prctl(PR_SET_PDEATHSIG, SIGHUP) >= 0); ++ + zero(sig); -+ assert_se(sigprocmask(SIG_UNBLOCK, &oldset, NULL) == 0); -+ assert_se(sigaction(SIGCHLD, &oldsig, NULL) == 0); -+ return wfa_child(consoles, id); ++ assert_se(sigprocmask(SIG_UNBLOCK, &oldset, NULL) >= 0); ++ assert_se(sigaction(SIGCHLD, &oldsig, NULL) >= 0); ++ ++ for (ac = 0; ac < argc; ac++) { ++ if (streq(argv[ac], "--console")) { ++ argv[ac] = conarg; ++ break; ++ } ++ } ++ ++ execv(SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH, argv); ++ ++ return log_error_errno(errno, "Failed to execute %s: %m", program_invocation_name); + } + } + + ret = 0; -+ while ((job = wait(&status)) != 0) { -+ if (job < 0) { -+ if (errno != EINTR) ++ while (true) { ++ ++ if ((ret = waitid(P_ALL, 0, &status, WEXITED)) < 0) { ++ ++ if (errno != EINTR) { ++ ret = -errno; ++ if (errno == ECHILD) ++ ret = EXIT_SUCCESS; + break; ++ } + continue; + } ++ + for (id = 0; id < num; id++) { -+ if (consoles[id].pid == job || kill(consoles[id].pid, 0) < 0) { -+ *usemask &= ~(1 << id); /* shared memory area */ -+ continue; -+ } -+ if (*usemask & (1 << id)) /* shared memory area */ ++ struct timespec timeout; ++ sigset_t set; ++ int signum; ++ ++ if (consoles[id].pid == status.si_pid || kill(consoles[id].pid, 0) < 0) ++ consoles[id].pid = -1; ++ ++ if (consoles[id].pid < 0) + continue; ++ + kill(consoles[id].pid, SIGHUP); -+ usleep(50000); ++ ++ assert_se(sigemptyset(&set) >= 0); ++ assert_se(sigaddset(&set, SIGCHLD) >= 0); ++ ++ timespec_store(&timeout, 50 * USEC_PER_MSEC); ++ signum = sigtimedwait(&set, NULL, &timeout); ++ ++ if (signum != SIGCHLD) { ++ ++ if (signum < 0 && errno != EAGAIN) ++ return log_error_errno(errno, "sigtimedwait() failed: %m"); ++ ++ if (signum >= 0) ++ log_warning("sigtimedwait() returned unexpected signal."); ++ } ++ + kill(consoles[id].pid, SIGKILL); + } -+ if (WIFEXITED(status) && ret == 0) -+ ret = WEXITSTATUS(status); ++ ++ if (WIFEXITED(status.si_status) && ret == 0) ++ ret = WEXITSTATUS(status.si_status); + } ++ + free_consoles(consoles, num); -+ exit(ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS); /* parent */ ++ ++ return ret; +} + int main(int argc, char *argv[]) { -- int r; -+ int r, id = 0; + int r; - log_set_target(LOG_TARGET_AUTO); - log_parse_environment(); -@@ -627,11 +791,27 @@ int main(int argc, char *argv[]) { +@@ -628,15 +859,28 @@ int main(int argc, char *argv[]) { if (r <= 0) goto finish; -+ /* -+ * Use this shared memory area to be able to synchronize the -+ * workers asking for password with the main process. -+ * This allows to continue if one of the consoles had been -+ * used as afterwards the remaining asking processes will -+ * be terminated. The wait_for_terminate() does not help -+ * for this use case. -+ */ -+ usemask = mmap(NULL, sizeof(*usemask), PROT_READ | PROT_WRITE, -+ MAP_ANONYMOUS | MAP_SHARED, -1, 0); -+ assert_se(usemask != NULL); -+ - if (arg_console) { +- if (arg_console) { - setsid(); - release_terminal(); -+ if (!arg_plymouth && -+ !IN_SET(arg_action, ACTION_WALL, ACTION_LIST)) { -+ id = wait_for_answer(); -+ } else { -+ setsid(); -+ release_terminal(); ++ if (arg_console && !arg_device) ++ /* ++ * Spwan for each console device a own process ++ */ ++ r = ask_on_consoles(argc, argv); ++ else { ++ ++ if (arg_device) { ++ /* ++ * Later on a controlling terminal will be will be acquired, ++ * therefore the current process has to become a session ++ * leader and should not have a controlling terminal already. ++ */ ++ (void) setsid(); ++ (void) release_terminal(); + } ++ ++ if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL)) ++ r = watch_passwords(); ++ else ++ r = show_passwords(); } - - if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL)) - r = watch_passwords(); - else -@@ -640,6 +820,7 @@ int main(int argc, char *argv[]) { +- if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL)) +- r = watch_passwords(); +- else +- r = show_passwords(); + if (r < 0) log_error_errno(r, "Error: %m"); -+ *usemask &= ~(1 << id); /* shared memory area */ - finish: - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; - } -- 2.2.0