SHA256
1
0
forked from pool/systemd

Accepting request 341375 from Base:System

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/341375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=224
This commit is contained in:
Dominique Leuenberger 2015-11-02 11:54:15 +00:00 committed by Git OBS Bridge
parent a4023d0c37
commit 7474d62c55
8 changed files with 626 additions and 190 deletions

View File

@ -0,0 +1,49 @@
From 6a102f90a2ee50e43998d64819e8bd4ee241c22b Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 8 Oct 2015 19:06:06 +0200
Subject: [PATCH 1/2] Make sure the mount units pulled by 'RequiresMountsFor='
are loaded (if they exist)
We should make sure that mount units involved by 'RequiresMountsFor='
directives are really loaded if not required by any others units so
that Requires= dependencies on the mount units are applied and thus
the mount unit dependencies are started.
(cherry picked from commit 9b3757e9c8c8d6e161481193c4ef60e425a9ae41)
---
src/core/unit.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index dd5e801..dc7bc5a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1141,13 +1141,23 @@ static int unit_add_mount_dependencies(Unit *u) {
char prefix[strlen(*i) + 1];
PATH_FOREACH_PREFIX_MORE(prefix, *i) {
+ _cleanup_free_ char *p = NULL;
Unit *m;
- r = manager_get_unit_by_path(u->manager, prefix, ".mount", &m);
+ r = unit_name_from_path(prefix, ".mount", &p);
if (r < 0)
return r;
- if (r == 0)
+
+ m = manager_get_unit(u->manager, p);
+ if (!m) {
+ /* Make sure to load the mount unit if
+ * it exists. If so the dependencies
+ * on this unit will be added later
+ * during the loading of the mount
+ * unit. */
+ (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
continue;
+ }
if (m == u)
continue;
--
2.6.0

View File

@ -0,0 +1,140 @@
From d7f920bfcb0296fed214d4d3a21d64de09a68521 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 1 Sep 2015 17:25:59 +0200
Subject: [PATCH 2/2] units: enable waiting for unit termination in certain
cases
The legacy cgroup hierarchy does not support reliable empty
notifications in containers and if there are left-over subgroups in a
cgroup. This makes it hard to correctly wait for them running empty, and
thus we previously disabled this logic entirely.
With this change we explicitly check for the container case, and whether
the unit is a "delegation" unit (i.e. one where programs may create
their own subgroups). If we are neither in a container, nor operating on
a delegation unit cgroup empty notifications become reliable and thus we
start waiting for the empty notifications again.
This doesn't really fix the general problem around cgroup notifications
but reduces the effect around it.
(This also reorders #include lines by their focus, as suggsted in
CODING_STYLE. We have to add "virt.h", so let's do that at the right
place.)
Also see #317.
(cherry picked from commit e9db43d5910717a1084924c512bf85e2b8265375)
---
src/core/cgroup.c | 12 ++++++++++++
src/core/cgroup.h | 2 ++
src/core/unit.c | 40 +++++++++++++++++++++++-----------------
3 files changed, 37 insertions(+), 17 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 6474e08..65af351 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1127,6 +1127,18 @@ int unit_reset_cpu_usage(Unit *u) {
return 0;
}
+bool unit_cgroup_delegate(Unit *u) {
+ CGroupContext *c;
+
+ assert(u);
+
+ c = unit_get_cgroup_context(u);
+ if (!c)
+ return false;
+
+ return c->delegate;
+}
+
static const char* const cgroup_device_policy_table[_CGROUP_DEVICE_POLICY_MAX] = {
[CGROUP_AUTO] = "auto",
[CGROUP_CLOSED] = "closed",
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 869ddae..7b38d21 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -130,5 +130,7 @@ int unit_get_memory_current(Unit *u, uint64_t *ret);
int unit_get_cpu_usage(Unit *u, nsec_t *ret);
int unit_reset_cpu_usage(Unit *u);
+bool unit_cgroup_delegate(Unit *u);
+
const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_;
CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_;
diff --git a/src/core/unit.c b/src/core/unit.c
index dc7bc5a..275f567 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -28,26 +28,28 @@
#include "sd-id128.h"
#include "sd-messages.h"
#include "set.h"
-#include "unit.h"
#include "macro.h"
#include "strv.h"
#include "path-util.h"
-#include "load-fragment.h"
-#include "load-dropin.h"
#include "log.h"
-#include "unit-name.h"
-#include "dbus-unit.h"
-#include "special.h"
#include "cgroup-util.h"
#include "missing.h"
#include "mkdir.h"
#include "fileio-label.h"
+#include "formats-util.h"
+#include "process-util.h"
+#include "virt.h"
#include "bus-common-errors.h"
+#include "bus-util.h"
+#include "dropin.h"
+#include "unit-name.h"
+#include "special.h"
+#include "unit.h"
+#include "load-fragment.h"
+#include "load-dropin.h"
#include "dbus.h"
+#include "dbus-unit.h"
#include "execute.h"
-#include "dropin.h"
-#include "formats-util.h"
-#include "process-util.h"
const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
[UNIT_SERVICE] = &service_vtable,
@@ -3535,14 +3537,18 @@ int unit_kill_context(
} else if (r > 0) {
/* FIXME: For now, we will not wait for the
- * cgroup members to die, simply because
- * cgroup notification is unreliable. It
- * doesn't work at all in containers, and
- * outside of containers it can be confused
- * easily by leaving directories in the
- * cgroup. */
-
- /* wait_for_exit = true; */
+ * cgroup members to die if we are running in
+ * a container or if this is a delegation
+ * unit, simply because cgroup notification is
+ * unreliable in these cases. It doesn't work
+ * at all in containers, and outside of
+ * containers it can be confused easily by
+ * left-over directories in the cgroup --
+ * which however should not exist in
+ * non-delegated units. */
+
+ if (detect_container(NULL) == 0 && !unit_cgroup_delegate(u))
+ wait_for_exit = true;
if (c->send_sighup && k != KILL_KILL) {
set_free(pid_set);
--
2.6.0

View File

@ -1,3 +1,60 @@
-------------------------------------------------------------------
Wed Oct 21 20:18:58 UTC 2015 - dmueller@suse.com
- enable seccomp for aarch64 (fate#318444)
-------------------------------------------------------------------
Thu Oct 15 14:12:44 UTC 2015 - fbui@suse.com
- Fix again UEFI for mini package
-------------------------------------------------------------------
Thu Oct 15 09:07:51 UTC 2015 - jengelh@inai.de
- Drop one more undesirable Obsoletes/Provides. This should have
been a Conflicts. (There was already a Conflicts, and since
Conflicts go both ways, we won't need a second one.)
-------------------------------------------------------------------
Thu Oct 15 08:19:00 UTC 2015 - werner@suse.de
- No UEFI for systemd-mini
-------------------------------------------------------------------
Mon Oct 12 11:34:13 UTC 2015 - fbui@suse.com
- Add 2 upstream patches to fix boo#949574 and bsc#932284
0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch
0002-units-enable-waiting-for-unit-termination-in-certain.patch
-------------------------------------------------------------------
Fri Oct 9 18:03:02 UTC 2015 - fbui@suse.com
- Disable systemd-boot on aarch64 since it fails to build.
Error while compiling src/boot/efi/util.o is:
usr/include/efi/aarch64/efibind.h:2:20: fatal error: stdint.h: No such file or directory
-------------------------------------------------------------------
Fri Oct 9 07:16:45 UTC 2015 - fbui@suse.com
- Fix UEFI detection logic: basically we let configure.ac figure out
if UEFI is supported by the current build environment. No need to
clutter the spec file with a new conditionnal %has_efi.
- Provide systemd-bootx64.efi (aka gummiboot)
-------------------------------------------------------------------
Tue Oct 6 15:13:04 UTC 2015 - werner@suse.de
- Modify patch tty-ask-password-agent-on-console.patch to reflect
the changes done for pull request 1432
-------------------------------------------------------------------
Thu Oct 1 15:58:32 UTC 2015 - jengelh@inai.de
- Undo Obsoletes/Provides (from Aug 11), creates too big a cycle.
- Provide systemd-sysv-install program/link [bnc#948353]
-------------------------------------------------------------------
Fri Sep 25 14:20:41 UTC 2015 - werner@suse.de

View File

@ -29,11 +29,6 @@
%bcond_with resolved
%bcond_with python
%bcond_with parentpathid
%ifarch %{ix86} x86_64 aarch64
%define has_efi 1
%else
%define has_efi 0
%endif
%if 0%{?suse_version} > 1315
%bcond_without permission
%bcond_without blkrrpart
@ -77,16 +72,21 @@ BuildRequires: pkgconfig(libkmod) >= 15
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(libpci) >= 3
BuildRequires: pkgconfig(mount) >= 2.26
%ifarch %ix86 x86_64 x32 %arm ppc64le s390x
%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x
BuildRequires: pkgconfig(libseccomp)
%endif
%ifarch %{ix86} x86_64
BuildRequires: gnu-efi
%endif
BuildRequires: pkgconfig(libselinux) >= 2.1.9
BuildRequires: pkgconfig(libsepol)
Conflicts: sysvinit
Conflicts: otherproviders(systemd)
%if 0%{?bootstrap}
#!BuildIgnore: dbus-1
Requires: this-is-only-for-build-envs
Provides: systemd = %version-%release
Conflicts: otherproviders(systemd)
Conflicts: kiwi
%else
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libgcrypt-devel
@ -143,6 +143,7 @@ Source7: libgcrypt.m4
Source9: nss-myhostname-config
Source10: macros.systemd.upstream
Source11: after-local.service
Source12: systemd-sysv-install
Source1065: systemd-remount-tmpfs
@ -181,6 +182,10 @@ Patch38: rules-add-lid-switch-of-ARM-based-Chromebook-as-a-power-sw.patch
Patch84: make-emergency.service-conflict-with-syslog.socket.patch
# PATCH-FIX-SUSE 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch
Patch86: 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch
# PATCH-FIX-UPSTREAM (boo#949574)
Patch87: 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch
# PATCH-FIX-UPSTREAM (bsc#932284)
Patch88: 0002-units-enable-waiting-for-unit-termination-in-certain.patch
# PATCH-FIX-SUSE 0001-On_s390_con3270_disable_ANSI_colour_esc.patch
Patch90: 0001-On_s390_con3270_disable_ANSI_colour_esc.patch
# PATCH-FIX-SUSE plymouth-quit-and-wait-for-emergency-service.patch -- Make sure that no plymouthd is locking the tty
@ -324,11 +329,8 @@ Requires: libsystemd0%{?mini} = %version
Requires: systemd-rpm-macros
%if 0%{?bootstrap}
Provides: systemd-devel = %version-%release
Conflicts: otherproviders(systemd-devel)
%else
Obsoletes: systemd-mini-devel
Provides: systemd-mini-devel
%endif
Conflicts: otherproviders(systemd-devel)
%description devel
Development headers and auxiliary files for developing applications for systemd.
@ -351,9 +353,7 @@ License: LGPL-2.1+
Group: System/Libraries
%if 0%{?bootstrap}
Conflicts: libsystemd0
%else
Obsoletes: libsystemd0-mini
Provides: libsystemd0-mini
Requires: this-is-only-for-build-envs
%endif
%description -n libsystemd0%{?mini}
@ -411,11 +411,9 @@ Conflicts: ConsoleKit < 0.4.1
Requires: filesystem
%if 0%{?bootstrap}
Provides: udev = %version-%release
Conflicts: otherproviders(udev)
%else
Obsoletes: udev-mini
Provides: udev-mini
Conflicts: kiwi
%endif
Conflicts: otherproviders(udev)
%description -n udev%{?mini}
Udev creates and removes device nodes in /dev for devices discovered or
@ -433,9 +431,6 @@ License: LGPL-2.1+
Group: System/Libraries
%if 0%{?bootstrap}
Conflicts: libudev1
%else
Obsoletes: libudev1-mini
Provides: libudev1-mini
%endif
%description -n libudev%{?mini}1
@ -449,11 +444,8 @@ Group: Development/Libraries/C and C++
Requires: libudev%{?mini}1 = %version-%release
%if 0%{?bootstrap}
Provides: libudev-devel = %version-%release
Conflicts: otherproviders(libudev-devel)
%else
Obsoletes: libudev-mini-devel
Provides: libudev-mini-devel
%endif
Conflicts: otherproviders(libudev-devel)
%description -n libudev%{?mini}-devel
This package contains the development files for the library libudev, a
@ -565,6 +557,8 @@ cp %{SOURCE7} m4/
%patch42 -p1
%patch84 -p1
%patch86 -p1
%patch87 -p1
%patch88 -p1
%patch90 -p1
%patch91 -p1
%patch120 -p1
@ -700,9 +694,6 @@ cflags -Wl,--hash-size=8599 LDFLAGS
--enable-selinux \
--enable-split-usr \
--disable-static \
%if ! 0%{?has_efi}
--disable-efi \
%endif
--with-rc-local-script-path-start=/etc/init.d/boot.local \
--with-rc-local-script-path-stop=/etc/init.d/halt.local \
--with-debug-shell=/bin/bash \
@ -726,6 +717,7 @@ make %{?_smp_mflags} update-man-list man
%install
make install DESTDIR="%buildroot"
install -pm0755 "%_sourcedir/systemd-sysv-install" "%buildroot/%_prefix/lib/systemd/"
# move to %{_lib}
%if ! 0%{?bootstrap}
@ -1147,6 +1139,7 @@ exit 0
%{_bindir}/networkctl
%endif
%{_bindir}/busctl
%{_bindir}/bootctl
%{_bindir}/kernel-install
%{_bindir}/hostnamectl
%{_bindir}/localectl
@ -1187,6 +1180,7 @@ exit 0
%dir %{_prefix}/lib/systemd
%dir %{_prefix}/lib/systemd/user
%dir %{_prefix}/lib/systemd/system
%exclude %{_prefix}/lib/systemd/systemd-sysv*
%exclude %{_prefix}/lib/systemd/system/systemd-udev*.*
%exclude %{_prefix}/lib/systemd/system/udev.service
%exclude %{_prefix}/lib/systemd/system/initrd-udevadm-cleanup-db.service
@ -1236,9 +1230,6 @@ exit 0
%{_prefix}/lib/systemd/system-generators/systemd-cryptsetup-generator
%endif
%{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator
%if 0%{has_efi}
%{_bindir}/bootctl
%endif
%{_prefix}/lib/systemd/system-generators/systemd-debug-generator
%{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator
%if %{with sysvcompat}
@ -1255,6 +1246,13 @@ exit 0
/%{_lib}/security/pam_systemd.so
%config /etc/pam.d/systemd-user
%ifarch %{ix86} x86_64
%dir %{_prefix}/lib/systemd/boot
%dir %{_prefix}/lib/systemd/boot/efi
%{_prefix}/lib/systemd/boot/efi/*.efi
%{_prefix}/lib/systemd/boot/efi/*.stub
%endif
%dir %{_libexecdir}/modules-load.d
%dir %{_sysconfdir}/modules-load.d
%{_libexecdir}/modules-load.d/sg.conf
@ -1443,6 +1441,8 @@ exit 0
%{_mandir}/man8/telinit.8*
%{_mandir}/man8/runlevel.8*
%endif
%dir %_prefix/lib/systemd
%_prefix/lib/systemd/systemd-sysv-install
%files -n udev%{?mini}
%defattr(-,root,root)

26
systemd-sysv-install Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
set -e
usage() {
echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2
exit 1
}
eval set -- "$(getopt -o r: --long root: -- "$@")"
while true; do
case "$1" in
-r|--root)
ROOT="$2"
shift 2 ;;
--) shift ; break ;;
*) usage ;;
esac
done
NAME="$2"
ROOT="${ROOT:+--root=$ROOT}"
[ -n "$NAME" ] || usage
case "$1" in
enable) chkconfig $ROOT -a "$NAME" ;;
disable) chkconfig $ROOT -r "$NAME" ;;
is-enabled) chkconfig $ROOT -t "$NAME" ;;
*) usage ;;
esac

View File

@ -1,3 +1,60 @@
-------------------------------------------------------------------
Wed Oct 21 20:18:58 UTC 2015 - dmueller@suse.com
- enable seccomp for aarch64 (fate#318444)
-------------------------------------------------------------------
Thu Oct 15 14:12:44 UTC 2015 - fbui@suse.com
- Fix again UEFI for mini package
-------------------------------------------------------------------
Thu Oct 15 09:07:51 UTC 2015 - jengelh@inai.de
- Drop one more undesirable Obsoletes/Provides. This should have
been a Conflicts. (There was already a Conflicts, and since
Conflicts go both ways, we won't need a second one.)
-------------------------------------------------------------------
Thu Oct 15 08:19:00 UTC 2015 - werner@suse.de
- No UEFI for systemd-mini
-------------------------------------------------------------------
Mon Oct 12 11:34:13 UTC 2015 - fbui@suse.com
- Add 2 upstream patches to fix boo#949574 and bsc#932284
0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch
0002-units-enable-waiting-for-unit-termination-in-certain.patch
-------------------------------------------------------------------
Fri Oct 9 18:03:02 UTC 2015 - fbui@suse.com
- Disable systemd-boot on aarch64 since it fails to build.
Error while compiling src/boot/efi/util.o is:
usr/include/efi/aarch64/efibind.h:2:20: fatal error: stdint.h: No such file or directory
-------------------------------------------------------------------
Fri Oct 9 07:16:45 UTC 2015 - fbui@suse.com
- Fix UEFI detection logic: basically we let configure.ac figure out
if UEFI is supported by the current build environment. No need to
clutter the spec file with a new conditionnal %has_efi.
- Provide systemd-bootx64.efi (aka gummiboot)
-------------------------------------------------------------------
Tue Oct 6 15:13:04 UTC 2015 - werner@suse.de
- Modify patch tty-ask-password-agent-on-console.patch to reflect
the changes done for pull request 1432
-------------------------------------------------------------------
Thu Oct 1 15:58:32 UTC 2015 - jengelh@inai.de
- Undo Obsoletes/Provides (from Aug 11), creates too big a cycle.
- Provide systemd-sysv-install program/link [bnc#948353]
-------------------------------------------------------------------
Fri Sep 25 14:20:41 UTC 2015 - werner@suse.de

View File

@ -27,11 +27,6 @@
%bcond_with resolved
%bcond_with python
%bcond_with parentpathid
%ifarch %{ix86} x86_64 aarch64
%define has_efi 1
%else
%define has_efi 0
%endif
%if 0%{?suse_version} > 1315
%bcond_without permission
%bcond_without blkrrpart
@ -72,16 +67,21 @@ BuildRequires: pkgconfig(libkmod) >= 15
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(libpci) >= 3
BuildRequires: pkgconfig(mount) >= 2.26
%ifarch %ix86 x86_64 x32 %arm ppc64le s390x
%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x
BuildRequires: pkgconfig(libseccomp)
%endif
%ifarch %{ix86} x86_64
BuildRequires: gnu-efi
%endif
BuildRequires: pkgconfig(libselinux) >= 2.1.9
BuildRequires: pkgconfig(libsepol)
Conflicts: sysvinit
Conflicts: otherproviders(systemd)
%if 0%{?bootstrap}
#!BuildIgnore: dbus-1
Requires: this-is-only-for-build-envs
Provides: systemd = %version-%release
Conflicts: otherproviders(systemd)
Conflicts: kiwi
%else
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libgcrypt-devel
@ -138,6 +138,7 @@ Source7: libgcrypt.m4
Source9: nss-myhostname-config
Source10: macros.systemd.upstream
Source11: after-local.service
Source12: systemd-sysv-install
Source1065: systemd-remount-tmpfs
@ -176,6 +177,10 @@ Patch38: rules-add-lid-switch-of-ARM-based-Chromebook-as-a-power-sw.patch
Patch84: make-emergency.service-conflict-with-syslog.socket.patch
# PATCH-FIX-SUSE 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch
Patch86: 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch
# PATCH-FIX-UPSTREAM (boo#949574)
Patch87: 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch
# PATCH-FIX-UPSTREAM (bsc#932284)
Patch88: 0002-units-enable-waiting-for-unit-termination-in-certain.patch
# PATCH-FIX-SUSE 0001-On_s390_con3270_disable_ANSI_colour_esc.patch
Patch90: 0001-On_s390_con3270_disable_ANSI_colour_esc.patch
# PATCH-FIX-SUSE plymouth-quit-and-wait-for-emergency-service.patch -- Make sure that no plymouthd is locking the tty
@ -319,11 +324,8 @@ Requires: libsystemd0%{?mini} = %version
Requires: systemd-rpm-macros
%if 0%{?bootstrap}
Provides: systemd-devel = %version-%release
Conflicts: otherproviders(systemd-devel)
%else
Obsoletes: systemd-mini-devel
Provides: systemd-mini-devel
%endif
Conflicts: otherproviders(systemd-devel)
%description devel
Development headers and auxiliary files for developing applications for systemd.
@ -346,9 +348,7 @@ License: LGPL-2.1+
Group: System/Libraries
%if 0%{?bootstrap}
Conflicts: libsystemd0
%else
Obsoletes: libsystemd0-mini
Provides: libsystemd0-mini
Requires: this-is-only-for-build-envs
%endif
%description -n libsystemd0%{?mini}
@ -406,11 +406,9 @@ Conflicts: ConsoleKit < 0.4.1
Requires: filesystem
%if 0%{?bootstrap}
Provides: udev = %version-%release
Conflicts: otherproviders(udev)
%else
Obsoletes: udev-mini
Provides: udev-mini
Conflicts: kiwi
%endif
Conflicts: otherproviders(udev)
%description -n udev%{?mini}
Udev creates and removes device nodes in /dev for devices discovered or
@ -428,9 +426,6 @@ License: LGPL-2.1+
Group: System/Libraries
%if 0%{?bootstrap}
Conflicts: libudev1
%else
Obsoletes: libudev1-mini
Provides: libudev1-mini
%endif
%description -n libudev%{?mini}1
@ -444,11 +439,8 @@ Group: Development/Libraries/C and C++
Requires: libudev%{?mini}1 = %version-%release
%if 0%{?bootstrap}
Provides: libudev-devel = %version-%release
Conflicts: otherproviders(libudev-devel)
%else
Obsoletes: libudev-mini-devel
Provides: libudev-mini-devel
%endif
Conflicts: otherproviders(libudev-devel)
%description -n libudev%{?mini}-devel
This package contains the development files for the library libudev, a
@ -560,6 +552,8 @@ cp %{SOURCE7} m4/
%patch42 -p1
%patch84 -p1
%patch86 -p1
%patch87 -p1
%patch88 -p1
%patch90 -p1
%patch91 -p1
%patch120 -p1
@ -695,9 +689,6 @@ cflags -Wl,--hash-size=8599 LDFLAGS
--enable-selinux \
--enable-split-usr \
--disable-static \
%if ! 0%{?has_efi}
--disable-efi \
%endif
--with-rc-local-script-path-start=/etc/init.d/boot.local \
--with-rc-local-script-path-stop=/etc/init.d/halt.local \
--with-debug-shell=/bin/bash \
@ -721,6 +712,7 @@ make %{?_smp_mflags} update-man-list man
%install
make install DESTDIR="%buildroot"
install -pm0755 "%_sourcedir/systemd-sysv-install" "%buildroot/%_prefix/lib/systemd/"
# move to %{_lib}
%if ! 0%{?bootstrap}
@ -1142,6 +1134,7 @@ exit 0
%{_bindir}/networkctl
%endif
%{_bindir}/busctl
%{_bindir}/bootctl
%{_bindir}/kernel-install
%{_bindir}/hostnamectl
%{_bindir}/localectl
@ -1182,6 +1175,7 @@ exit 0
%dir %{_prefix}/lib/systemd
%dir %{_prefix}/lib/systemd/user
%dir %{_prefix}/lib/systemd/system
%exclude %{_prefix}/lib/systemd/systemd-sysv*
%exclude %{_prefix}/lib/systemd/system/systemd-udev*.*
%exclude %{_prefix}/lib/systemd/system/udev.service
%exclude %{_prefix}/lib/systemd/system/initrd-udevadm-cleanup-db.service
@ -1231,9 +1225,6 @@ exit 0
%{_prefix}/lib/systemd/system-generators/systemd-cryptsetup-generator
%endif
%{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator
%if 0%{has_efi}
%{_bindir}/bootctl
%endif
%{_prefix}/lib/systemd/system-generators/systemd-debug-generator
%{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator
%if %{with sysvcompat}
@ -1250,6 +1241,13 @@ exit 0
/%{_lib}/security/pam_systemd.so
%config /etc/pam.d/systemd-user
%ifarch %{ix86} x86_64
%dir %{_prefix}/lib/systemd/boot
%dir %{_prefix}/lib/systemd/boot/efi
%{_prefix}/lib/systemd/boot/efi/*.efi
%{_prefix}/lib/systemd/boot/efi/*.stub
%endif
%dir %{_libexecdir}/modules-load.d
%dir %{_sysconfdir}/modules-load.d
%{_libexecdir}/modules-load.d/sg.conf
@ -1438,6 +1436,8 @@ exit 0
%{_mandir}/man8/telinit.8*
%{_mandir}/man8/runlevel.8*
%endif
%dir %_prefix/lib/systemd
%_prefix/lib/systemd/systemd-sysv-install
%files -n udev%{?mini}
%defattr(-,root,root)

View File

@ -1,6 +1,6 @@
From 633a5904c1c4e363a7147f47e2d9fdb1925f7b9f Mon Sep 17 00:00:00 2001
From 907bc2aa36f58c6050cd4b7b290e0992a4373e49 Mon Sep 17 00:00:00 2001
From: Werner Fink <werner@suse.de>
Date: Fri, 25 Sep 2015 14:28:58 +0200
Date: Wed, 30 Sep 2015 15:00:41 +0200
Subject: [PATCH] Ask for passphrases not only on the first console of
/dev/console
@ -9,22 +9,45 @@ where often a serial console together with other consoles are
used. Even rack based servers attachted to both a serial console
as well as having a virtual console do sometimes miss a connected
monitor.
To be able to ask on all terminal devices of /dev/console the devices
are collected. If more than one device are found, then on each of the
terminals a inquiring task for passphrase is forked and do not return
to the caller.
Every task has its own session and its own controlling terminal.
If one of the tasks does handle a password, the remaining tasks
will be terminated.
Also let contradictory options on the command of
systemd-tty-ask-password-agent fail.
Spwan for each device of the system console /dev/console a own process.
Replace the system call wait() with with system call waitid().
---
src/tty-ask-password-agent/tty-ask-password-agent.c | 191 ++++++++++++++++++++-
1 file changed, 186 insertions(+), 5 deletions(-)
src/tty-ask-password-agent.c | 264 ++++++++++++++++++++-
1 file changed, 255 insertions(+), 9 deletions(-)
diff --git src/tty-ask-password-agent/tty-ask-password-agent.c src/tty-ask-password-agent/tty-ask-password-agent.c
index 82cbf95..928a5e8 100644
index 4630eb9..df4bada 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -31,6 +31,10 @@
@@ -4,6 +4,7 @@
This file is part of systemd.
Copyright 2010 Lennart Poettering
+ Copyright 2015 Werner Fink
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
@@ -31,6 +32,9 @@
#include <getopt.h>
#include <sys/signalfd.h>
#include <fcntl.h>
+#include <sys/prctl.h>
+#include <signal.h>
+#include <sys/wait.h>
+#include <sys/mman.h>
#include "util.h"
#include "mkdir.h"
@ -37,7 +60,7 @@ index 82cbf95..928a5e8 100644
static enum {
ACTION_LIST,
@@ -53,6 +59,19 @@ static enum {
@@ -53,8 +59,21 @@ static enum {
ACTION_WALL
} arg_action = ACTION_QUERY;
@ -46,88 +69,101 @@ index 82cbf95..928a5e8 100644
+ char *tty;
+};
+
+static volatile unsigned long *usemask;
+static volatile sig_atomic_t sigchild;
+static void chld_handler(int sig)
+{
+ (void)sig;
+
+static void chld_handler(int sig) {
+ ++sigchild;
+}
+
static bool arg_plymouth = false;
static bool arg_console = false;
+static bool arg_device = false;
+static const char *current_dev = "/dev/console";
@@ -210,6 +229,69 @@ static int ask_password_plymouth(
static int ask_password_plymouth(
const char *message,
@@ -211,6 +230,80 @@ static int ask_password_plymouth(
return 0;
}
+static void free_consoles(struct console *con, const unsigned int num) {
+static void free_consoles(struct console *con, unsigned int num) {
+ unsigned int n;
+ if (!con || !num)
+
+ if (!con || num == 0)
+ return;
+
+ for (n = 0; n < num; n++)
+ free(con[n].tty);
+
+ free(con);
+}
+
+static const char *current_dev = "/dev/console";
+static struct console* collect_consoles(unsigned int * num) {
+static int collect_consoles(struct console **consoles, unsigned int *num) {
+ _cleanup_free_ char *active = NULL;
+ const char *word, *state;
+ struct console *con = NULL;
+ size_t con_len = 0, len;
+ unsigned int count = 0;
+ int ret;
+
+ assert(num);
+ assert(*num == 0);
+ assert(consoles);
+
+ ret = read_one_line_file("/sys/class/tty/console/active", &active);
+ if (ret < 0)
+ return con;
+ return log_error_errno(ret, "Failed to read /sys/class/tty/console/active: %m");
+
+ FOREACH_WORD(word, len, active, state) {
+ _cleanup_free_ char *tty = NULL;
+
+ if (strneq(word, "tty0", len) &&
+ read_one_line_file("/sys/class/tty/tty0/active", &tty) >= 0) {
+ if (len == 4 && strneq(word, "tty0", 4)) {
+
+ ret = read_one_line_file("/sys/class/tty/tty0/active", &tty);
+ if (ret < 0)
+ return log_error_errno(ret, "Failed to read /sys/class/tty/tty0/active: %m");
+
+ word = tty;
+ len = strlen(tty);
+ }
+ con = greedy_realloc((void**)&con, &con_len, 1+(*num), sizeof(struct console));
+ if (con == NULL) {
+ log_oom();
+ return NULL;
+
+ con = GREEDY_REALLOC(con, con_len, 1+count);
+ if (!con)
+ return log_oom();
+
+ if (asprintf(&con[count].tty, "/dev/%.*s", (int)len, word) < 0) {
+ free_consoles(con, count);
+ return log_oom();
+ }
+ if (asprintf(&con[*num].tty, "/dev/%.*s", (int)len, word) < 0) {
+ free_consoles(con, *num);
+ log_oom();
+ *num = 0;
+ return NULL;
+ }
+ con[*num].pid = 0;
+ (*num)++;
+ }
+ if (con == NULL) {
+ con = greedy_realloc((void**)&con, &con_len, 1, sizeof(struct console));
+ if (con == NULL) {
+ log_oom();
+ return NULL;
+
+ con[count].pid = 0;
+ count++;
+ }
+
+ if (!con) {
+ con = GREEDY_REALLOC(con, con_len, 1);
+ if (!con)
+ return log_oom();
+
+ con[0].tty = strdup(current_dev);
+ if (con[0].tty == NULL) {
+ if (!con[0].tty) {
+ free_consoles(con, 1);
+ log_oom();
+ return NULL;
+ return log_oom();
+ }
+
+ con[0].pid = 0;
+ (*num)++;
+ count++;
+ }
+ return con;
+
+ *num = count;
+ *consoles = con;
+
+ return 0;
+}
+
static int parse_password(const char *filename, char **wall) {
_cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL;
uint64_t not_after = 0;
@@ -310,7 +392,7 @@ static int parse_password(const char *filename, char **wall) {
@@ -311,7 +404,7 @@ static int parse_password(const char *fi
_cleanup_free_ char *password = NULL;
if (arg_console) {
@ -136,137 +172,208 @@ index 82cbf95..928a5e8 100644
if (tty_fd < 0)
return tty_fd;
}
@@ -614,8 +696,90 @@ static int parse_argv(int argc, char *argv[]) {
@@ -554,7 +647,7 @@ static int parse_argv(int argc, char *ar
{ "watch", no_argument, NULL, ARG_WATCH },
{ "wall", no_argument, NULL, ARG_WALL },
{ "plymouth", no_argument, NULL, ARG_PLYMOUTH },
- { "console", no_argument, NULL, ARG_CONSOLE },
+ { "console", optional_argument, NULL, ARG_CONSOLE },
{}
};
@@ -598,6 +691,10 @@ static int parse_argv(int argc, char *ar
case ARG_CONSOLE:
arg_console = true;
+ if (optarg && *optarg) {
+ current_dev = optarg;
+ arg_device = true;
+ }
break;
case '?':
@@ -612,9 +709,143 @@ static int parse_argv(int argc, char *ar
return -EINVAL;
}
+ if (arg_plymouth || arg_console) {
+
+ if (!IN_SET(arg_action, ACTION_QUERY, ACTION_WATCH)) {
+ log_error("%s conflicting options --query and --watch.", program_invocation_short_name);
+ return -EINVAL;
+ }
+
+ if (arg_plymouth && arg_console) {
+ log_error("%s conflicting options --plymouth and --console.", program_invocation_short_name);
+ return -EINVAL;
+ }
+ }
+
return 1;
}
+static unsigned int wfa_child(const struct console * con, const unsigned int id)
+{
+ setsid();
+ release_terminal();
+ *usemask |= 1 << id; /* shared memory area */
+ current_dev = con[id].tty;
+ return id;
+}
+
+static unsigned int wait_for_answer(void)
+{
+ struct console *consoles;
+/*
+ * To be able to ask on all terminal devices of /dev/console
+ * the devices are collected. If more than one device are found,
+ * then on each of the terminals a inquiring task is forked.
+ * Every task has its own session and its own controlling terminal.
+ * If one of the tasks does handle a password, the remaining tasks
+ * will be terminated.
+ */
+static int ask_on_consoles(int argc, char *argv[]) {
+ struct console *consoles = NULL;
+ struct sigaction sig = {
+ .sa_handler = chld_handler,
+ .sa_flags = SA_NOCLDSTOP | SA_RESTART,
+ };
+ struct sigaction oldsig;
+ sigset_t set, oldset;
+ sigset_t oldset;
+ unsigned int num = 0, id;
+ int status = 0, ret;
+ pid_t job;
+ siginfo_t status = {};
+ int ret;
+
+ consoles = collect_consoles(&num);
+ if (!consoles) {
+ log_error("Failed to query password: %m");
+ exit(EXIT_FAILURE);
+ }
+ if (num < 2)
+ return wfa_child(consoles, 0);
+ ret = collect_consoles(&consoles, &num);
+ if (ret < 0)
+ return log_error_errno(ret, "Failed to query password: %m");
+
+ assert_se(sigprocmask_many(SIG_UNBLOCK, &oldset, SIGHUP, SIGCHLD, -1) >= 0);
+
+ assert_se(sigemptyset(&sig.sa_mask) >= 0);
+ assert_se(sigaction(SIGCHLD, &sig, &oldsig) >= 0);
+
+ assert_se(sigemptyset(&set) == 0);
+ assert_se(sigaddset(&set, SIGHUP) == 0);
+ assert_se(sigaddset(&set, SIGCHLD) == 0);
+ assert_se(sigemptyset(&sig.sa_mask) == 0);
+ assert_se(sigprocmask(SIG_UNBLOCK, &set, &oldset) == 0);
+ assert_se(sigaction(SIGCHLD, &sig, &oldsig) == 0);
+ sig.sa_handler = SIG_DFL;
+ assert_se(sigaction(SIGHUP, &sig, NULL) == 0);
+ assert_se(sigaction(SIGHUP, &sig, NULL) >= 0);
+
+ for (id = 0; id < num; id++) {
+ consoles[id].pid = fork();
+
+ if (consoles[id].pid < 0) {
+ log_error("Failed to query password: %m");
+ exit(EXIT_FAILURE);
+ }
+ if (consoles[id].pid < 0)
+ return log_error_errno(errno, "Failed to query password: %m");
+
+ if (consoles[id].pid == 0) {
+ if (prctl(PR_SET_PDEATHSIG, SIGHUP) < 0)
+ _exit(EXIT_FAILURE);
+ char *conarg;
+ int ac;
+
+ conarg = strjoina("--console=", consoles[id].tty);
+ if (!conarg)
+ return log_oom();
+
+ free_consoles(consoles, num); /* not used anymore */
+
+ assert_se(prctl(PR_SET_PDEATHSIG, SIGHUP) >= 0);
+
+ zero(sig);
+ assert_se(sigprocmask(SIG_UNBLOCK, &oldset, NULL) == 0);
+ assert_se(sigaction(SIGCHLD, &oldsig, NULL) == 0);
+ return wfa_child(consoles, id);
+ assert_se(sigprocmask(SIG_UNBLOCK, &oldset, NULL) >= 0);
+ assert_se(sigaction(SIGCHLD, &oldsig, NULL) >= 0);
+
+ for (ac = 0; ac < argc; ac++) {
+ if (streq(argv[ac], "--console")) {
+ argv[ac] = conarg;
+ break;
+ }
+ }
+
+ execv(SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH, argv);
+
+ return log_error_errno(errno, "Failed to execute %s: %m", program_invocation_name);
+ }
+ }
+
+ ret = 0;
+ while ((job = wait(&status)) != 0) {
+ if (job < 0) {
+ if (errno != EINTR)
+ while (true) {
+
+ if ((ret = waitid(P_ALL, 0, &status, WEXITED)) < 0) {
+
+ if (errno != EINTR) {
+ ret = -errno;
+ if (errno == ECHILD)
+ ret = EXIT_SUCCESS;
+ break;
+ }
+ continue;
+ }
+
+ for (id = 0; id < num; id++) {
+ if (consoles[id].pid == job || kill(consoles[id].pid, 0) < 0) {
+ *usemask &= ~(1 << id); /* shared memory area */
+ continue;
+ }
+ if (*usemask & (1 << id)) /* shared memory area */
+ struct timespec timeout;
+ sigset_t set;
+ int signum;
+
+ if (consoles[id].pid == status.si_pid || kill(consoles[id].pid, 0) < 0)
+ consoles[id].pid = -1;
+
+ if (consoles[id].pid < 0)
+ continue;
+
+ kill(consoles[id].pid, SIGHUP);
+ usleep(50000);
+
+ assert_se(sigemptyset(&set) >= 0);
+ assert_se(sigaddset(&set, SIGCHLD) >= 0);
+
+ timespec_store(&timeout, 50 * USEC_PER_MSEC);
+ signum = sigtimedwait(&set, NULL, &timeout);
+
+ if (signum != SIGCHLD) {
+
+ if (signum < 0 && errno != EAGAIN)
+ return log_error_errno(errno, "sigtimedwait() failed: %m");
+
+ if (signum >= 0)
+ log_warning("sigtimedwait() returned unexpected signal.");
+ }
+
+ kill(consoles[id].pid, SIGKILL);
+ }
+ if (WIFEXITED(status) && ret == 0)
+ ret = WEXITSTATUS(status);
+
+ if (WIFEXITED(status.si_status) && ret == 0)
+ ret = WEXITSTATUS(status.si_status);
+ }
+
+ free_consoles(consoles, num);
+ exit(ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS); /* parent */
+
+ return ret;
+}
+
int main(int argc, char *argv[]) {
- int r;
+ int r, id = 0;
int r;
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
@@ -627,11 +791,27 @@ int main(int argc, char *argv[]) {
@@ -628,15 +859,28 @@ int main(int argc, char *argv[]) {
if (r <= 0)
goto finish;
+ /*
+ * Use this shared memory area to be able to synchronize the
+ * workers asking for password with the main process.
+ * This allows to continue if one of the consoles had been
+ * used as afterwards the remaining asking processes will
+ * be terminated. The wait_for_terminate() does not help
+ * for this use case.
+ */
+ usemask = mmap(NULL, sizeof(*usemask), PROT_READ | PROT_WRITE,
+ MAP_ANONYMOUS | MAP_SHARED, -1, 0);
+ assert_se(usemask != NULL);
+
if (arg_console) {
- if (arg_console) {
- setsid();
- release_terminal();
+ if (!arg_plymouth &&
+ !IN_SET(arg_action, ACTION_WALL, ACTION_LIST)) {
+ id = wait_for_answer();
+ } else {
+ setsid();
+ release_terminal();
+ if (arg_console && !arg_device)
+ /*
+ * Spwan for each console device a own process
+ */
+ r = ask_on_consoles(argc, argv);
+ else {
+
+ if (arg_device) {
+ /*
+ * Later on a controlling terminal will be will be acquired,
+ * therefore the current process has to become a session
+ * leader and should not have a controlling terminal already.
+ */
+ (void) setsid();
+ (void) release_terminal();
+ }
+
+ if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL))
+ r = watch_passwords();
+ else
+ r = show_passwords();
}
-
if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL))
r = watch_passwords();
else
@@ -640,6 +820,7 @@ int main(int argc, char *argv[]) {
- if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL))
- r = watch_passwords();
- else
- r = show_passwords();
if (r < 0)
log_error_errno(r, "Error: %m");
+ *usemask &= ~(1 << id); /* shared memory area */
finish:
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
--
2.2.0