SHA256
1
0
forked from pool/systemd

Accepting request 834932 from Base:System

OBS-URL: https://build.opensuse.org/request/show/834932
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=316
This commit is contained in:
Dominique Leuenberger 2020-09-17 12:35:38 +00:00 committed by Git OBS Bridge
commit 7dc8fd5477
17 changed files with 953 additions and 29 deletions

View File

@ -0,0 +1,80 @@
From f98af900e625b15862f9173a5c55662d4cee7356 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Mon, 29 Oct 2012 13:01:20 +0000
Subject: [PATCH 01/12] restore /var/run and /var/lock bind mount if they
aren't symlink
---
units/meson.build | 2 ++
units/var-lock.mount | 19 +++++++++++++++++++
units/var-run.mount | 19 +++++++++++++++++++
3 files changed, 40 insertions(+)
create mode 100644 units/var-lock.mount
create mode 100644 units/var-run.mount
diff --git a/units/meson.build b/units/meson.build
index 275daad3f4..dadc9432ef 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -150,6 +150,8 @@ units = [
['umount.target', ''],
['usb-gadget.target', ''],
['user.slice', ''],
+ ['var-run.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'],
+ ['var-lock.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'],
['var-lib-machines.mount', 'ENABLE_MACHINED',
'remote-fs.target.wants/ machines.target.wants/'],
]
diff --git a/units/var-lock.mount b/units/var-lock.mount
new file mode 100644
index 0000000000..07277adac3
--- /dev/null
+++ b/units/var-lock.mount
@@ -0,0 +1,19 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Lock Directory
+Before=local-fs.target
+# skip mounting if the directory does not exist or is a symlink
+ConditionPathIsDirectory=/var/lock
+ConditionPathIsSymbolicLink=!/var/lock
+
+[Mount]
+What=/run/lock
+Where=/var/lock
+Type=bind
+Options=bind
diff --git a/units/var-run.mount b/units/var-run.mount
new file mode 100644
index 0000000000..ab4da424c9
--- /dev/null
+++ b/units/var-run.mount
@@ -0,0 +1,19 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Runtime Directory
+Before=local-fs.target
+# skip mounting if the directory does not exist or is a symlink
+ConditionPathIsDirectory=/var/run
+ConditionPathIsSymbolicLink=!/var/run
+
+[Mount]
+What=/run
+Where=/var/run
+Type=bind
+Options=bind
--
2.26.2

View File

@ -0,0 +1,27 @@
From 59f2eadb29ac38803fd32fe52f1403343a7d74ac Mon Sep 17 00:00:00 2001
From: Thomas Blume <thomas.blume@suse.com>
Date: Tue, 25 Mar 2014 13:08:56 +0000
Subject: [PATCH 02/12] rc-local: fix ordering startup for
/etc/init.d/boot.local
[tblume: fixes bnc#869142]
---
units/rc-local.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
index 78ce69e0ae..0bcea82bed 100644
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@@ -13,7 +13,7 @@
Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@
-After=network.target
+After=basic.target
[Service]
Type=forking
--
2.26.2

View File

@ -0,0 +1,43 @@
From f299a8180f1db0680b454c0e37696891361e3067 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Tue, 28 May 2013 15:17:35 +0200
Subject: [PATCH 03/12] strip the domain part from /etc/hostname when setting
system host name
[fbui: fixes bnc#820213]
[fbui: forwardported from bfd2462b8ddec591d953841ab22bb30bdc6f9085]
[fbui: adjust context and make sure that strip of the domain name is
only done when setting the system host name. Therefore it's
still possible to pass an FQDN to hostnamectl]
[fbui: I'm still not sure that it was the right thing to do. Other
possibility was to fix the installer to create a correct
/etc/hostname file. Need to investigate...]
---
src/core/hostname-setup.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/hostname-setup.c b/src/core/hostname-setup.c
index 6d047db838..1acc0c998b 100644
--- a/src/core/hostname-setup.c
+++ b/src/core/hostname-setup.c
@@ -39,8 +39,16 @@ int hostname_setup(void) {
enoent = true;
else
log_warning_errno(r, "Failed to read configured hostname: %m");
- } else
+ } else {
+ char *domain;
+
+ /* SUSE: strip the domain name */
+ domain = strchr(b, '.');
+ if (domain)
+ *domain = '\0';
+
hn = b;
+ }
}
if (isempty(hn)) {
--
2.26.2

View File

@ -0,0 +1,124 @@
From b46d43bf980afe13cfff39fc2876aed10f33db1d Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Thu, 14 Apr 2016 15:42:02 +0200
Subject: [PATCH 04/12] tmpfiles: support exclude statements based on file
ownership
SUSE supported tmpfile cleanups based on file ownership before systemd.
So this feature needs to be available in systemd.
This was part of fate#314974
[tblume: suse-only patch ported from SLES12-SP1 commit e769a63907ae4b]
[tblume: part of fate#314974]
---
man/tmpfiles.d.xml | 4 +++-
src/tmpfiles/tmpfiles.c | 49 ++++++++++++++++++++++++++++++++---------
2 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index b9e9eee96c..b90ae01345 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -605,7 +605,9 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
suffixed by a newline. For <varname>C</varname>, specifies the source file or directory. For <varname>t</varname>
and <varname>T</varname>, determines extended attributes to be set. For <varname>a</varname> and
<varname>A</varname>, determines ACL attributes to be set. For <varname>h</varname> and <varname>H</varname>,
- determines the file attributes to set. Ignored for all other lines.</para>
+ determines the file attributes to set. For <varname>x</varname> and <varname>X</varname> a comma separated list
+ of usernames. If given, only paths belonging to these users will be excluded during directory cleanup. Ignored
+ for all other lines.</para>
<para>This field can contain specifiers, see below.</para>
</refsect2>
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 2404e36bf2..349653c786 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -14,6 +14,8 @@
#include <sysexits.h>
#include <time.h>
#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
#include "sd-path.h"
@@ -505,6 +507,7 @@ static int dir_cleanup(
struct stat s;
usec_t age;
_cleanup_free_ char *sub_path = NULL;
+ Item *found;
if (dot_or_dot_dot(dent->d_name))
continue;
@@ -546,15 +549,41 @@ static int dir_cleanup(
goto finish;
}
- /* Is there an item configured for this path? */
- if (ordered_hashmap_get(items, sub_path)) {
- log_debug("Ignoring \"%s\": a separate entry exists.", sub_path);
- continue;
- }
+ /* evaluate username arguments in ignore statements */
+ found = find_glob(globs, sub_path);
- if (find_glob(globs, sub_path)) {
- log_debug("Ignoring \"%s\": a separate glob exists.", sub_path);
- continue;
+ if (i->type == CREATE_DIRECTORY && found && found->argument) {
+ struct passwd *pw;
+ char *userfound = NULL, *args = strdup(found->argument);
+ bool match = false;
+
+ while ((userfound = strsep(&args, ","))) {
+ pw = getpwnam(userfound);
+
+ if (pw) {
+ if (s.st_uid == pw->pw_uid) {
+ match = true;
+ break;
+ }
+ }
+ }
+
+ if (match) {
+ log_debug("Ignoring \"%s\" of user \"%s\".", sub_path, pw->pw_name);
+ match=false;
+ continue;
+ }
+ } else {
+ /* Is there an item configured for this path? */
+ if (ordered_hashmap_get(items, sub_path)) {
+ log_debug("Ignoring \"%s\": a separate entry exists.", sub_path);
+ continue;
+ }
+
+ if (found) {
+ log_debug("Ignoring \"%s\": a separate glob exists.", sub_path);
+ continue;
+ }
}
if (S_ISDIR(s.st_mode)) {
@@ -2637,8 +2666,6 @@ static int parse_line(
case EMPTY_DIRECTORY:
case TRUNCATE_DIRECTORY:
case CREATE_FIFO:
- case IGNORE_PATH:
- case IGNORE_DIRECTORY_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
case ADJUST_MODE:
@@ -2649,6 +2676,8 @@ static int parse_line(
break;
+ case IGNORE_PATH:
+ case IGNORE_DIRECTORY_PATH:
case CREATE_FILE:
case TRUNCATE_FILE:
break;
--
2.26.2

View File

@ -0,0 +1,29 @@
From 8e95d5534e9a577529ac49aaec610e6ceefec0b9 Mon Sep 17 00:00:00 2001
From: Robert Milasan <rmilasan@suse.com>
Date: Sat, 12 Jul 2014 14:20:36 +0200
Subject: [PATCH 05/12] udev: create default symlinks for primary cd_dvd drive
Imported from SLE12-SP1, commit 4f8bacfbffd7049608b5076.
[rmilasan: fixes bnc#783054]
---
rules.d/60-cdrom_id.rules | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/rules.d/60-cdrom_id.rules b/rules.d/60-cdrom_id.rules
index 288f8ce2f9..578c77441c 100644
--- a/rules.d/60-cdrom_id.rules
+++ b/rules.d/60-cdrom_id.rules
@@ -25,5 +25,9 @@ IMPORT{program}="cdrom_id --lock-media $devnode"
ENV{DISK_MEDIA_CHANGE}=="?*", ENV{ID_CDROM_MEDIA}!="?*", ENV{SYSTEMD_READY}="0"
KERNEL=="sr0", SYMLINK+="cdrom", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM}=="1", SYMLINK+="cdrom", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM_CD_RW}=="1", SYMLINK+="cdrw", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM_DVD}=="1", SYMLINK+="dvd", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM_DVD_RW}=="1", SYMLINK+="dvdrw", OPTIONS+="link_priority=-100"
LABEL="cdrom_end"
--
2.26.2

View File

@ -0,0 +1,123 @@
From f9521480d5dc5af747fecc9adc4c617e473e5494 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 26 May 2016 08:59:41 +0200
Subject: [PATCH 06/12] sysv-generator: add (back) support for SysV scripts for
the early boot
For the record, the upstream support was removed by commit
3cdebc217c42c8529086f2965319b6a48eaaeabe.
The sysv-generator has some weirdos: for example a service at the rc0
runlevel won't be started during shutdown since it will get both
"WantedBy=poweroff.target" and "Conflicts=shutdown.target".
Anyways what's the current patch implements the following:
- a symlink /etc/init.d/boot.d/S??boot.foo will add
"WantedBy/Before=sysinit.target" constraints and make sure that the
default dependencies added by systemd are turned off.
- a symlink /etc/init.d/boot.d/K??boot.foo will add
"Conflicts/Before=shutdown.target" so "foo" service will be stopped
like any other regular services. If this symlink is not installed
however, "foo" will be stopped lately during the systemd killing
spree.
This is a forward-port of commit 29db8537e1ca10796797d9854d1 in SP1.
[Since v232]
Support for S* symlinks in runlevel 0 or 6 has been completely and silently
removed by 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f. Since it was already
broken as pointed out above, this probably wasn't really used and therefore
no one will really care. So let's drop it too.
However this has the side effect to make the support of early sysv scripts more
difficult. To make things easy, the support of K* symlinks in boot.d/ has been
removed too: this is probably not used (anymore) (at least intentionally).
The consequence is that early sysv services are stopped during shutdown at
the same time as 'normal' services.
---
src/sysv-generator/sysv-generator.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index a2c72d1009..1c01008967 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c
@@ -31,6 +31,9 @@ static const struct {
const char *path;
const char *target;
} rcnd_table[] = {
+ /* SUSE style boot.d */
+ { "boot.d", SPECIAL_SYSINIT_TARGET },
+
/* Standard SysV runlevels for start-up */
{ "rc1.d", SPECIAL_RESCUE_TARGET },
{ "rc2.d", SPECIAL_MULTI_USER_TARGET },
@@ -57,6 +60,7 @@ typedef struct SysvStub {
bool has_lsb;
bool reload;
bool loaded;
+ bool early;
} SysvStub;
static void free_sysvstub(SysvStub *s) {
@@ -147,6 +151,12 @@ static int generate_unit_file(SysvStub *s) {
fprintf(f, "Description=%s\n", t);
}
+ if (s->early) {
+ fprintf(f, "DefaultDependencies=no\n");
+ fprintf(f, "Conflicts=%s\n", SPECIAL_SHUTDOWN_TARGET);
+ fprintf(f, "Before=%s\n", SPECIAL_SHUTDOWN_TARGET);
+ }
+
STRV_FOREACH(p, s->before)
fprintf(f, "Before=%s\n", *p);
STRV_FOREACH(p, s->after)
@@ -213,6 +223,10 @@ static char *sysv_translate_name(const char *name) {
_cleanup_free_ char *c = NULL;
char *res;
+ if (startswith(name, "boot."))
+ /* Drop SuSE-style boot. prefix */
+ name += 5;
+
c = strdup(name);
if (!c)
return NULL;
@@ -289,6 +303,11 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
return 1;
}
+ /* Strip "boot." prefix from file name for comparison (Suse specific) */
+ e = startswith(filename, "boot.");
+ if (e)
+ filename += 5;
+
/* Strip ".sh" suffix from file name for comparison */
filename_no_sh = strdupa(filename);
e = endswith(filename_no_sh, ".sh");
@@ -676,6 +695,9 @@ static int fix_order(SysvStub *s, Hashmap *all_services) {
if (other->sysv_start_priority < 0)
continue;
+ if (s->early != other->early)
+ continue;
+
/* If both units have modern headers we don't care
* about the priorities */
if (s->has_lsb && other->has_lsb)
@@ -800,6 +822,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) {
.sysv_start_priority = -1,
.name = TAKE_PTR(name),
.path = TAKE_PTR(fpath),
+ .early = !!startswith(de->d_name, "boot."),
};
r = hashmap_put(all_services, service->name, service);
--
2.26.2

View File

@ -0,0 +1,29 @@
From 0adc3f402aeeadd73a0977ca6a1bc65d3d4201c1 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
Date: Tue, 2 Jun 2015 13:33:24 +0000
Subject: [PATCH 07/12] networkd: make network.service an alias of
systemd-networkd.service
NetworkManager and wicked does this already. This is needed by yast2
and other parts of the system.
[fixes boo#933092]
---
units/systemd-networkd.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 2673146841..083a35b912 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -50,6 +50,7 @@ User=systemd-network
[Install]
WantedBy=multi-user.target
+Alias=network.service
Also=systemd-networkd.socket
Alias=dbus-org.freedesktop.network1.service
--
2.26.2

View File

@ -0,0 +1,73 @@
From a32292849ca2837f99d6801da26b8d8e401831c4 Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Wed, 4 May 2016 17:40:04 +0200
Subject: [PATCH 08/12] sysv-generator: translate "Required-Start" into a
"Wants" dependency
[tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch]
[fbui: this is needed probably because insserv's behavior has been
sadly changed since SLE11: it now doesn't failed if a
dependency listed by Required-Start is missing.]
[fbui: according to Werner "This should fix bnc#858864 and
bnc#857204." (see Base:System changelog)]
---
src/sysv-generator/sysv-generator.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index 1c01008967..7a58be9287 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c
@@ -258,6 +258,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
"remote_fs", SPECIAL_REMOTE_FS_TARGET,
"syslog", NULL,
"time", SPECIAL_TIME_SYNC_TARGET,
+ "all", SPECIAL_DEFAULT_TARGET,
};
const char *filename;
@@ -272,6 +273,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
filename = basename(s->path);
+ n = *name == '+' ? ++name : name;
n = *name == '$' ? name + 1 : name;
for (i = 0; i < ELEMENTSOF(table); i += 2) {
@@ -408,7 +410,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
for (;;) {
_cleanup_free_ char *word = NULL, *m = NULL;
- bool is_before;
+ bool is_before, is_wanted;
r = extract_first_word(&text, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RELAX);
if (r < 0)
@@ -421,6 +423,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
continue;
is_before = startswith_no_case(full_text, "X-Start-Before:");
+ is_wanted = startswith_no_case(full_text, "Required-Start:");
if (streq(m, SPECIAL_NETWORK_ONLINE_TARGET) && !is_before) {
/* the network-online target is special, as it needs to be actively pulled in */
@@ -429,8 +432,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
return log_oom();
r = strv_extend(&s->wants, m);
- } else
+ } else {
r = strv_extend(is_before ? &s->before : &s->after, m);
+
+ if (is_wanted)
+ r = strv_extend(&s->wants, m);
+ }
+
if (r < 0)
return log_oom();
}
--
2.26.2

View File

@ -0,0 +1,60 @@
From 7fc80ccccaa6f7b98af8bcd899a97d561777ff94 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 10 Jun 2016 15:19:57 +0200
Subject: [PATCH 09/12] pid1: handle console specificities/weirdness for s390
arch
The 3270 console on S/390 can do color but not the 3215 console.
Partial forward port of
0001-On_s390_con3270_disable_ANSI_colour_esc.patch from SLE12-SP1. A
bunch of the previous code has been dropped since some changes
imported from upsteam made them uneeded.
The remaining bits are probably hackish but at least they are now
minimal.
It was an attempt to address bnc#860937. And yes turning the console
color mode off by passing $TERM=dumb via the kernel command line would
have been much more easier and enough.
This is actually implemented by recent systemd. There's also another
command line option: systemd.log_color=off.
See also a short discussion which happened on @systemd-maintainers
whose $subject is "[PATCH] support conmode setting on command line".
[ fbui: fixes bsc#860937 ]
---
src/basic/terminal-util.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index 6cacde90ba..1a03902acc 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -780,7 +780,20 @@ bool tty_is_vc_resolve(const char *tty) {
}
const char *default_term_for_tty(const char *tty) {
- return tty && tty_is_vc_resolve(tty) ? "linux" : "vt220";
+ if (tty && tty_is_vc_resolve(tty))
+ return "linux";
+
+#if defined (__s390__) || defined (__s390x__)
+ if (tty && tty_is_console(tty)) {
+ _cleanup_free_ char *mode = NULL;
+
+ /* Simply return "dumb" in case of OOM. */
+ (void) proc_cmdline_get_key("conmode", 0, &mode);
+ (void) proc_cmdline_value_missing("conmode", mode);
+ return streq_ptr(mode, "3270") ? "ibm327x" : "dumb";
+ }
+#endif
+ return "vt220";
}
int fd_columns(int fd) {
--
2.26.2

View File

@ -0,0 +1,45 @@
From e5b3d1d00bbdbcb168889699c462bf01b58062a5 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 6 Jul 2017 15:48:10 +0200
Subject: [PATCH 11/12] core: disable session keyring per system sevice
entirely for now
Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this
feature has to be disabled.
openSUSE is still not ready for enabling the keyring stuff (see
bsc#1081947). Some services got fixed (sshd, getty@.service) but some still
haven't (xdm, login, ...)
So leave it disabled again otherwise different users might end up using the
same session keyring - the one created for the service used for logging in
(sshd, getty@.service, xdm, etc...)
The integration of pam_keyinit is tracked here:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081947
See also:
https://github.com/systemd/systemd/pull/6286
[fbui: fixes boo#1045886]
---
src/core/execute.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index 2a4840a3a9..aefd4eaff1 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2779,6 +2779,9 @@ static int setup_keyring(
assert(context);
assert(p);
+ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */
+ return 0;
+
/* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that
* each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond
* that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be
--
2.26.2

View File

@ -0,0 +1,53 @@
From 90d84a96aca84b39f6aabda048703dc7c0e79ef4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 11 Mar 2016 17:06:17 -0500
Subject: [PATCH 12/12] resolved: create /etc/resolv.conf symlink at runtime
If the symlink doesn't exists, and we are being started, let's
create it to provie name resolution.
If it exists, do nothing. In particular, if it is a broken symlink,
we cannot really know if the administator configured it to point to
a location used by some service that hasn't started yet, so we
don't touch it in that case either.
https://bugzilla.redhat.com/show_bug.cgi?id=1313085
---
src/resolve/resolved.c | 6 ++++++
tmpfiles.d/etc.conf.m4 | 3 ---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index 16477f28d6..3922804039 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -53,6 +53,12 @@ static int run(int argc, char *argv[]) {
if (r < 0)
return log_error_errno(r, "Cannot resolve user name %s: %m", user);
+ /* As we're root, we can create /etc/resolv.conf symlink if it doesn't exist already */
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
+ if (r < 0 && errno != EEXIST)
+ log_warning_errno(errno,
+ "Could not create /etc/resolv.conf symlink: %m");
+
/* As we're root, we can create the directory where resolv.conf will live */
r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0)
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index f82e0b82ce..66a777bdb2 100644
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
m4_ifdef(`HAVE_SMACK_RUN_LABEL',
t /etc/mtab - - - - security.SMACK64=_
)m4_dnl
-m4_ifdef(`ENABLE_RESOLVE',
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
-)m4_dnl
C! /etc/nsswitch.conf - - - -
m4_ifdef(`HAVE_PAM',
C! /etc/pam.d - - - -
--
2.26.2

View File

@ -1,3 +1,75 @@
-------------------------------------------------------------------
Wed Sep 16 14:07:56 UTC 2020 - Franck Bui <fbui@suse.com>
- Drop 0001-udev-temporarly-restore-the-creation-a-few-symlinks-.patch
linuxrc has already been fixed.
-------------------------------------------------------------------
Wed Sep 16 13:42:04 UTC 2020 - Franck Bui <fbui@suse.com>
- Add 0001-udev-temporarly-restore-the-creation-a-few-symlinks-.patch
A temporary patch until the installer environment is updated to
create some of the symlinks that udevd used to create during its
startup but now udevd relies on the init system to do so.
-------------------------------------------------------------------
Thu Sep 10 12:59:54 UTC 2020 - Franck Bui <fbui@suse.com>
- Rework how we prevent journald from both enabling auditd and
recording audit messages
journald.conf gained a new setting Audit= to control whether
journald enables audit during the boot process. So let's use it and
make sure it's disabled by default by shipping a drop-in that
overrides upstream default.
Also we used to patch systemd to prevent journald from reading the
audit messages. There's still no way for downstream to configure
that properly (we would need to mask systemd-journald-audit.socket
meaning shipping a symlink in /etc) but I think dropping
systemd-journald-audit.socket from the package is a nicer way to do
that as some users might choose to reenable this setting (by
reintroducing the socket unit in /etc).
-------------------------------------------------------------------
Thu Sep 10 09:02:13 UTC 2020 - Franck Bui <fbui@suse.com>
- Enable audit support (bsc#1175883)
Enabling audit support in systemd will only make PID1 (and some of
its services) to generate some audit records for certain events. But
it doesn't affect journald, which has been prevented from recording
audit messages in the journal (SUSE specific behavior).
-------------------------------------------------------------------
Wed Sep 2 10:14:10 UTC 2020 - Franck Bui <fbui@suse.com>
- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446)
See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for
details.
Now that the number of SUSE specific patches has been shrinked and
is pretty low (12 at the time of this writing), they are no more
tracked by the git repo and are now handled at the package
level. Hence It is easier to maintain and identify them. This
effectively means that SUSE/v246 will contain upstream commits only.
Added 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Added 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Added 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
Added 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
Added 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Added 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Added 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Added 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Added 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
Added 0010-journald-disable-audit-support-completely-from-the-j.patch
Added 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Added 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
-------------------------------------------------------------------
Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>

View File

@ -26,7 +26,7 @@
##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! #####
%define mini -mini
%define min_kernel_version 4.5
%define suse_version +suse.51.ga4e393eecb
%define suse_version +suse.20.gf1344d5b7f
%bcond_with gnuefi
%if 0%{?bootstrap}
@ -55,7 +55,7 @@
Name: systemd-mini
URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 245.7
Version: 246.4
Release: 0
Summary: A System and Session Manager
License: LGPL-2.1-or-later
@ -71,6 +71,7 @@ BuildRequires: polkit
# python is only required for generating systemd.directives.xml
BuildRequires: python3-base
BuildRequires: python3-lxml
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0
BuildRequires: pkgconfig(libdw)
BuildRequires: pkgconfig(liblz4)
@ -159,12 +160,28 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh
Source102: scripts-systemd-migrate-sysconfig-i18n.sh
# Patches listed in here are put in quarantine. Normally all
# changes must go to upstream first and then are cherry-picked in the
# SUSE git repository. But in very few cases, some stuff might be
# broken in upstream and need an urgent fix. Even in this case, the
# patches are temporary and should be removed as soon as a fix is
# merged by upstream.
# Patches listed below are SUSE specific and should be kept at its
# minimum. We try hard to push our changes to upstream but sometimes
# they are only relevant for SUSE distros. Special rewards for those
# who will manage to get rid of one of them !
Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# Patches listed below are put in quarantine. Normally all changes
# must go to upstream first and then are cherry-picked in the SUSE git
# repository. But in very few cases, some stuff might be broken in
# upstream and need an urgent fix. Even in this case, the patches are
# temporary and should be removed as soon as a fix is merged by
# upstream.
%description
Systemd is a system and service manager, compatible with SysV and LSB
@ -604,8 +621,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot
ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt
ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown
ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff
%if %{with sysvcompat}
ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit
ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel
%endif
# Make sure we don't ship static enablement symlinks in /etc during
# installation, presets should be honoured instead.
@ -778,6 +797,19 @@ fi
# which may still be used by yast.
cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
# Create a drop-in to prevent journald from starting auditd during
# boot (bsc#984034).
mkdir -p %{buildroot}%{_prefix}/lib/systemd/journald.conf.d
cat >%{buildroot}%{_prefix}/lib/systemd/journald.conf.d/20-suse-defaults.conf <<EOF
[Journal]
Audit=no
EOF
# Don't ship systemd-journald-audit.socket as there's no other way for
# us to prevent journald from recording audit messages in the journal
# by default (bsc#1109252).
rm -f %{buildroot}%{_unitdir}/systemd-journald-audit.socket
%if ! 0%{?bootstrap}
%find_lang systemd
%endif
@ -864,9 +896,18 @@ fi
# It's run only once.
%{_prefix}/lib/systemd/scripts/migrate-sysconfig-i18n.sh || :
# Previous versions had tmp.mount moved to /usr/share/systemd/tmp.mount.
# It could be symlinked into /etc to make /tmp a tmpfs. The file does not exist anymore,
# so migrate the link to the new location.
# During the migration to tmpfs for /tmp, a bug was introduced that
# affected users using tmpfs for /tmp and happened during the _second_
# update following the one that introduced tmpfs on /tmp. It consisted
# in creating a dangling symlink /etc/systemd/system/tmp.mount
# pointing to the old copy that previous versions shipped in
# /usr/share/systemd, which doesn't exist anymore. So we migrate the
# link to the new location.
#
# Users have been exposed to this bug during a short period of time as
# it was present only in one release and was fixed shortly after by
# the next update. So we can assume that it's safe to drop it in 6
# months (ie March 2021).
if [ "$(readlink -f %{_sysconfdir}/systemd/system/tmp.mount)" = "%{_datadir}/systemd/tmp.mount" ] ; then
ln -sf %{_unitdir}/tmp.mount %{_sysconfdir}/systemd/system/tmp.mount
fi
@ -1218,6 +1259,8 @@ fi
%config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf
%config(noreplace) %{_sysconfdir}/systemd/user.conf
%{_prefix}/lib/systemd/journald.conf.d/
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/services
%dir %{_datadir}/dbus-1/system.d
@ -1273,7 +1316,7 @@ fi
%{_mandir}/man7/[bdfks]*
%{_mandir}/man8/kern*
%{_mandir}/man8/pam_*
%{_mandir}/man8/systemd-[a-gik-tv]*
%{_mandir}/man8/systemd-[a-gik-tvx]*
%{_mandir}/man8/systemd-h[aioy]*
%{_mandir}/man8/systemd-journald*
%{_mandir}/man8/systemd-u[ps]*
@ -1350,15 +1393,19 @@ fi
/sbin/halt
/sbin/shutdown
/sbin/poweroff
%if %{with sysvcompat}
/sbin/telinit
/sbin/runlevel
%endif
%{_sbindir}/init
%{_sbindir}/reboot
%{_sbindir}/halt
%{_sbindir}/shutdown
%{_sbindir}/poweroff
%if %{with sysvcompat}
%{_sbindir}/telinit
%{_sbindir}/runlevel
%endif
%if ! 0%{?bootstrap}
%{_mandir}/man1/init.1*
%{_mandir}/man8/halt.8*

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e0cce0a5990f8ddc03e1dcdb1af7f20331e3e885596710f8a68563882c50d31e
size 6301856

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:707b0dca1d9dd0fa8c8858090b5e14d9741bacda2c4d0a1745707b57b395b254
size 6548244

View File

@ -1,3 +1,75 @@
-------------------------------------------------------------------
Wed Sep 16 14:07:56 UTC 2020 - Franck Bui <fbui@suse.com>
- Drop 0001-udev-temporarly-restore-the-creation-a-few-symlinks-.patch
linuxrc has already been fixed.
-------------------------------------------------------------------
Wed Sep 16 13:42:04 UTC 2020 - Franck Bui <fbui@suse.com>
- Add 0001-udev-temporarly-restore-the-creation-a-few-symlinks-.patch
A temporary patch until the installer environment is updated to
create some of the symlinks that udevd used to create during its
startup but now udevd relies on the init system to do so.
-------------------------------------------------------------------
Thu Sep 10 12:59:54 UTC 2020 - Franck Bui <fbui@suse.com>
- Rework how we prevent journald from both enabling auditd and
recording audit messages
journald.conf gained a new setting Audit= to control whether
journald enables audit during the boot process. So let's use it and
make sure it's disabled by default by shipping a drop-in that
overrides upstream default.
Also we used to patch systemd to prevent journald from reading the
audit messages. There's still no way for downstream to configure
that properly (we would need to mask systemd-journald-audit.socket
meaning shipping a symlink in /etc) but I think dropping
systemd-journald-audit.socket from the package is a nicer way to do
that as some users might choose to reenable this setting (by
reintroducing the socket unit in /etc).
-------------------------------------------------------------------
Thu Sep 10 09:02:13 UTC 2020 - Franck Bui <fbui@suse.com>
- Enable audit support (bsc#1175883)
Enabling audit support in systemd will only make PID1 (and some of
its services) to generate some audit records for certain events. But
it doesn't affect journald, which has been prevented from recording
audit messages in the journal (SUSE specific behavior).
-------------------------------------------------------------------
Wed Sep 2 10:14:10 UTC 2020 - Franck Bui <fbui@suse.com>
- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446)
See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for
details.
Now that the number of SUSE specific patches has been shrinked and
is pretty low (12 at the time of this writing), they are no more
tracked by the git repo and are now handled at the package
level. Hence It is easier to maintain and identify them. This
effectively means that SUSE/v246 will contain upstream commits only.
Added 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Added 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Added 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
Added 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
Added 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Added 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Added 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Added 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Added 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
Added 0010-journald-disable-audit-support-completely-from-the-j.patch
Added 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Added 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
-------------------------------------------------------------------
Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>

View File

@ -24,7 +24,7 @@
%define bootstrap 0
%define mini %nil
%define min_kernel_version 4.5
%define suse_version +suse.51.ga4e393eecb
%define suse_version +suse.20.gf1344d5b7f
%bcond_with gnuefi
%if 0%{?bootstrap}
@ -53,7 +53,7 @@
Name: systemd
URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 245.7
Version: 246.4
Release: 0
Summary: A System and Session Manager
License: LGPL-2.1-or-later
@ -69,6 +69,7 @@ BuildRequires: polkit
# python is only required for generating systemd.directives.xml
BuildRequires: python3-base
BuildRequires: python3-lxml
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0
BuildRequires: pkgconfig(libdw)
BuildRequires: pkgconfig(liblz4)
@ -157,12 +158,28 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh
Source102: scripts-systemd-migrate-sysconfig-i18n.sh
# Patches listed in here are put in quarantine. Normally all
# changes must go to upstream first and then are cherry-picked in the
# SUSE git repository. But in very few cases, some stuff might be
# broken in upstream and need an urgent fix. Even in this case, the
# patches are temporary and should be removed as soon as a fix is
# merged by upstream.
# Patches listed below are SUSE specific and should be kept at its
# minimum. We try hard to push our changes to upstream but sometimes
# they are only relevant for SUSE distros. Special rewards for those
# who will manage to get rid of one of them !
Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# Patches listed below are put in quarantine. Normally all changes
# must go to upstream first and then are cherry-picked in the SUSE git
# repository. But in very few cases, some stuff might be broken in
# upstream and need an urgent fix. Even in this case, the patches are
# temporary and should be removed as soon as a fix is merged by
# upstream.
%description
Systemd is a system and service manager, compatible with SysV and LSB
@ -602,8 +619,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot
ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt
ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown
ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff
%if %{with sysvcompat}
ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit
ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel
%endif
# Make sure we don't ship static enablement symlinks in /etc during
# installation, presets should be honoured instead.
@ -776,6 +795,19 @@ fi
# which may still be used by yast.
cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
# Create a drop-in to prevent journald from starting auditd during
# boot (bsc#984034).
mkdir -p %{buildroot}%{_prefix}/lib/systemd/journald.conf.d
cat >%{buildroot}%{_prefix}/lib/systemd/journald.conf.d/20-suse-defaults.conf <<EOF
[Journal]
Audit=no
EOF
# Don't ship systemd-journald-audit.socket as there's no other way for
# us to prevent journald from recording audit messages in the journal
# by default (bsc#1109252).
rm -f %{buildroot}%{_unitdir}/systemd-journald-audit.socket
%if ! 0%{?bootstrap}
%find_lang systemd
%endif
@ -862,9 +894,18 @@ fi
# It's run only once.
%{_prefix}/lib/systemd/scripts/migrate-sysconfig-i18n.sh || :
# Previous versions had tmp.mount moved to /usr/share/systemd/tmp.mount.
# It could be symlinked into /etc to make /tmp a tmpfs. The file does not exist anymore,
# so migrate the link to the new location.
# During the migration to tmpfs for /tmp, a bug was introduced that
# affected users using tmpfs for /tmp and happened during the _second_
# update following the one that introduced tmpfs on /tmp. It consisted
# in creating a dangling symlink /etc/systemd/system/tmp.mount
# pointing to the old copy that previous versions shipped in
# /usr/share/systemd, which doesn't exist anymore. So we migrate the
# link to the new location.
#
# Users have been exposed to this bug during a short period of time as
# it was present only in one release and was fixed shortly after by
# the next update. So we can assume that it's safe to drop it in 6
# months (ie March 2021).
if [ "$(readlink -f %{_sysconfdir}/systemd/system/tmp.mount)" = "%{_datadir}/systemd/tmp.mount" ] ; then
ln -sf %{_unitdir}/tmp.mount %{_sysconfdir}/systemd/system/tmp.mount
fi
@ -1216,6 +1257,8 @@ fi
%config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf
%config(noreplace) %{_sysconfdir}/systemd/user.conf
%{_prefix}/lib/systemd/journald.conf.d/
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/services
%dir %{_datadir}/dbus-1/system.d
@ -1271,7 +1314,7 @@ fi
%{_mandir}/man7/[bdfks]*
%{_mandir}/man8/kern*
%{_mandir}/man8/pam_*
%{_mandir}/man8/systemd-[a-gik-tv]*
%{_mandir}/man8/systemd-[a-gik-tvx]*
%{_mandir}/man8/systemd-h[aioy]*
%{_mandir}/man8/systemd-journald*
%{_mandir}/man8/systemd-u[ps]*
@ -1348,15 +1391,19 @@ fi
/sbin/halt
/sbin/shutdown
/sbin/poweroff
%if %{with sysvcompat}
/sbin/telinit
/sbin/runlevel
%endif
%{_sbindir}/init
%{_sbindir}/reboot
%{_sbindir}/halt
%{_sbindir}/shutdown
%{_sbindir}/poweroff
%if %{with sysvcompat}
%{_sbindir}/telinit
%{_sbindir}/runlevel
%endif
%if ! 0%{?bootstrap}
%{_mandir}/man1/init.1*
%{_mandir}/man8/halt.8*