From ba4d101190920859a702c6e1f1a27be5d8964cc3cf1c2f1fddd2e8258deda25e Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 28 Jan 2017 10:00:32 +0000 Subject: [PATCH] Accepting request 452455 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/452455 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=246 --- baselibs.conf | 4 + systemd-228.tar.xz | 3 - systemd-232.tar.xz | 3 + systemd-mini-rpmlintrc | 1 + systemd-mini.changes | 145 ++++++++++++++++++++++++++ systemd-mini.spec | 228 ++++++++++++++++++++++++----------------- systemd-rpmlintrc | 1 + systemd.changes | 145 ++++++++++++++++++++++++++ systemd.spec | 228 ++++++++++++++++++++++++----------------- 9 files changed, 565 insertions(+), 193 deletions(-) delete mode 100644 systemd-228.tar.xz create mode 100644 systemd-232.tar.xz diff --git a/baselibs.conf b/baselibs.conf index 9c73aa00..073ad0e1 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,6 +1,10 @@ +# +# https://en.opensuse.org/openSUSE:Build_Service_baselibs.conf#Quickstart +# systemd supplements "packageand(systemd:pam-)" -/lib/systemd/system/ + -/usr/lib/systemd/libsystemd-shared.*\.so post "%{_sbindir}/pam-config -a --systemd || :" libsystemd0 libudev1 diff --git a/systemd-228.tar.xz b/systemd-228.tar.xz deleted file mode 100644 index c8f3fdcf..00000000 --- a/systemd-228.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:141d1609469579adeaf62d76e3527149c5a0140a54c8538f706b4eb97a447f8a -size 2866192 diff --git a/systemd-232.tar.xz b/systemd-232.tar.xz new file mode 100644 index 00000000..04c9ac5d --- /dev/null +++ b/systemd-232.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cc6ee1dab9013b879e3ae500b79875651c4462e23a9b9fbeab06597828ee00a3 +size 3211676 diff --git a/systemd-mini-rpmlintrc b/systemd-mini-rpmlintrc index a9e12af8..5b7980e5 100644 --- a/systemd-mini-rpmlintrc +++ b/systemd-mini-rpmlintrc @@ -16,6 +16,7 @@ addFilter(".*devel-file-in-non-devel-package.*udev.pc.*") addFilter(".*libgudev-.*shlib-fixed-dependency.*") addFilter(".*suse-filelist-forbidden-systemd-userdirs.*") addFilter("libudev-mini.*shlib-policy-name-error.*") +addFilter("nss-systemd.*shlib-policy-name-error.*") addFilter("nss-myhostname.*shlib-policy-name-error.*") addFilter("nss-mymachines.*shlib-policy-name-error.*") addFilter("systemd-logger.*useless-provides sysvinit(syslog).*") diff --git a/systemd-mini.changes b/systemd-mini.changes index ddcda174..b7ed294e 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,148 @@ +------------------------------------------------------------------- +Wed Jan 25 15:37:23 UTC 2017 - fbui@suse.com + +- Don't ship ldconfig.service anymore + + This service was introduced to support stateless systems that + support offline /usr updates properly. + + AFAIK we don't support any such system for now, so disable it. If + it's wrong it's easy enough to restore it back. + + Related to bsc#1019470. + +------------------------------------------------------------------- +Wed Jan 25 15:17:06 UTC 2017 - fbui@suse.com + +- Be more consistent with indentation (*no* functional changes) + + Indentation should use 8 spaces now (no tabs). + +------------------------------------------------------------------- +Wed Jan 25 14:38:59 UTC 2017 - fbui@suse.com + +- Import commit 2559bc0c076b58f0a649056e79ca90fe5f1d556c + + 9c4a759ab systemctl: 'show' don't exit with a failure status if the requested property does not exist [SUSE] (bsc#1021062) + f9194193b systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266) + 2a6653335 rule: don't automatically online standby memory on s390x (bsc#997682) + +------------------------------------------------------------------- +Wed Jan 25 14:36:34 UTC 2017 - fbui@suse.com + +- Fix permission set on /var/lib/systemd/linger/* + + Those files are created by logind which run with umask(0022), so + they are not world writable and shouldn't be affected by + bsc#1020601. But it's cleaner to not let files forever with their + setuid bit set for no good reason. + +------------------------------------------------------------------- +Wed Jan 25 14:33:04 UTC 2017 - fbui@suse.com + +- Fix permissions set on permanent timer timestamp files (bsc#1020601) (CVE-2016-10156) + + This change makes sure to fix the permissions of the timestamp files + which could have been created by an affected version of systemd. + + Local unprivileged users could have run arbitrary code as root if + systemd previously created world writable suid root files such as + permanent timer stamp files. + +------------------------------------------------------------------- +Tue Jan 10 10:54:20 UTC 2017 - fbui@suse.com + +- Import commit 3edb876e3b80437a95502aa5d31d454606ea94bd + + 27b544224 core: make sure to not call device_is_bound_by_mounts() when dev is null (#5033) (bsc#1018399) + +------------------------------------------------------------------- +Fri Jan 6 08:27:03 UTC 2017 - fbui@suse.com + +- Use the %{resolved} build conditional for the nss-resolve subpackage + +------------------------------------------------------------------- +Thu Jan 5 17:46:44 UTC 2017 - fbui@suse.com + +- /usr/bin/systemd-resolve was missing from the filelist + +------------------------------------------------------------------- +Thu Jan 5 17:09:01 UTC 2017 - fbui@suse.com + +- Silent warnings emitted when udev socket units are restarted during package upgrade (bsc#1018214) + +------------------------------------------------------------------- +Mon Dec 19 13:49:48 UTC 2016 - fbui@suse.com + +- Upgrade to v232, commit de62e96da6a62ac61a7dea45cc558f5fa4342032 + + - a4dff165d nspawn: resolv.conf might not be created initially (#4799) + - b543fe907 nspawn: fix condition for mounting resolv.conf (#4622) + - 1aed89e55 core: make mount units from /proc/self/mountinfo possibly bind to a device (#4515) (boo#909418 bsc#912715 bsc#945340) + - bfb54ecdc coredumpctl: let gdb handle the SIGINT signal (#4901) (bsc#1012591) + +------------------------------------------------------------------- +Wed Dec 14 14:51:41 UTC 2016 - fbui@suse.com + +- Really include legacy kbd maps in kbd-model-map (bsc#1015515) + + Instead of fix-machines-subvol-for-rollbacks.sh... + +------------------------------------------------------------------- +Thu Dec 8 12:55:51 UTC 2016 - fbui@suse.com + +- Enable lz4 (which becomes the default) + + It's much faster than xz and thus should be more appropriate to + compress journals and coredumps. + + The LZ4 logic is now officially supported and no longer considered + experimental. + + The new frame api was released in v125. + +------------------------------------------------------------------- +Tue Dec 6 16:46:52 UTC 2016 - fbui@suse.com + +- Good by compatlibs support + + There's no longer need for enabling/disabling the support for the + compatlibs as it's been dropped from the source code. + +------------------------------------------------------------------- +Tue Nov 29 16:38:41 UTC 2016 - fbui@suse.com + +- Drop /usr/lib/systemd/libsystemd-shared-%{version}.so from the 32bit package + + This shared library is not for public use, and is neither API nor + ABI stable, but is likely to change with every new released + update. Only systemd binaries are supposed to link against it. + + This also prevents from the 32bit package to conflit with the 64bit + one if this lib was installed by both packages. + +------------------------------------------------------------------- +Tue Nov 22 15:02:08 UTC 2016 - fbui@suse.com + +- Upgrade to v232, commit c5c3445825981e2a5c3ed71214127d5b1b9de802: + + - Dropped backported commits which has been merged + - Forward-port Suse specific patches + - Added --disable-lto option to ./configure + - Added systemd-mount + - Removed in %file /usr/lib/systemd/user/*.socket: since + 798c486fbcdce3346cd86 units/systemd-bus-proxyd.socket has been + removed. + - Removed in %file %{_sysconfdir}/systemd/bootchart.conf + since commit 232c84b2d22f2d96982b3c bootchart is not part of systemd + anymore. + - Backward compat libs have been disabled since it's been dropped from + the source code. + - Added /usr/bin/systemd-socket-activate in %file + - Added --without-kill-user-processes ./configure option + - Bump libseccomp build require (>= 2.3.1) as described in README + - Specifiy version of libmount as required in the README + ------------------------------------------------------------------- Fri Nov 18 21:07:11 UTC 2016 - meissner@suse.com diff --git a/systemd-mini.spec b/systemd-mini.spec index 800b5864..a0b92de5 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -1,7 +1,7 @@ # # spec file for package systemd-mini # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,13 +44,12 @@ %bcond_without gnuefi %endif %endif -%bcond_without compatlibs %bcond_with resolved %bcond_with parentpathid Name: systemd-mini Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 228 +Version: 232 Release: 0 Summary: A System and Session Manager License: LGPL-2.1+ @@ -74,7 +73,7 @@ BuildRequires: gperf BuildRequires: intltool BuildRequires: libacl-devel BuildRequires: libcap-devel -BuildRequires: libmount-devel +BuildRequires: libmount-devel >= 2.27.1 BuildRequires: libsepol-devel BuildRequires: libtool BuildRequires: pam-config >= 0.79-5 @@ -83,9 +82,9 @@ BuildRequires: pam-devel # BR. Also this macro was introduced since version 12.4. BuildRequires: suse-module-tools >= 12.4 BuildRequires: systemd-rpm-macros -BuildRequires: xz BuildRequires: pkgconfig(blkid) >= 2.26 BuildRequires: pkgconfig(libkmod) >= 15 +BuildRequires: pkgconfig(liblz4) >= 125 BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(libpcre) @@ -101,7 +100,7 @@ BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33 %endif %ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x -BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libseccomp) >= 2.3.1 %endif %if %{with gnuefi} BuildRequires: gnu-efi @@ -302,20 +301,18 @@ Conflicts: otherproviders(syslog) %description logger This package marks the installation to not use syslog but only the journal. -%package -n nss-resolve -Summary: Plugin for local hostname resolution via systemd-resolved +%package -n nss-systemd +Summary: Plugin for local virtual host name resolution License: LGPL-2.1+ Group: System/Libraries -Requires: %{name} = %{version}-%{release} -%description -n nss-resolve -This package contains a plug-in module for the Name Service Switch -(NSS), which enables host name resolutions via the systemd-resolved(8) -local network name resolution service. It replaces the nss-dns plug-in -module that traditionally resolves hostnames via DNS. +%description -n nss-systemd +This package contains a plugin for the Name Service Switch (NSS), +which enables resolution of all dynamically allocated service +users. (See the DynamicUser= setting in unit files.) To activate this NSS module, you will need to include it in -/etc/nsswitch.conf, see nss-resolve(8) manpage for more details. +/etc/nsswitch.conf, see nss-systemd(8) manpage for more details. %package -n nss-myhostname Summary: Plugin for local system host name resolution @@ -333,6 +330,23 @@ To activate this NSS module, you will need to include it in /etc/nsswitch.conf, see nss-hostname(8) manpage for more details. %endif +%if %{with resolved} +%package -n nss-resolve +Summary: Plugin for local hostname resolution via systemd-resolved +License: LGPL-2.1+ +Group: System/Libraries +Requires: %{name} = %{version}-%{release} + +%description -n nss-resolve +This package contains a plug-in module for the Name Service Switch +(NSS), which enables host name resolutions via the systemd-resolved(8) +local network name resolution service. It replaces the nss-dns plug-in +module that traditionally resolves hostnames via DNS. + +To activate this NSS module, you will need to include it in +/etc/nsswitch.conf, see nss-resolve(8) manpage for more details. +%endif + %if %{with machined} %package -n nss-mymachines Summary: Plugin for local virtual host name resolution @@ -409,53 +423,56 @@ systemd_cryptsetup_LDFLAGS =\\\ # keep split-usr until all packages have moved their systemd rules to /usr %configure \ - --docdir=%{_docdir}/systemd \ - --with-pamlibdir=/%{_lib}/security \ - --with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \ - --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ - --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ - --with-certificate-root=%{_sysconfdir}/pki/systemd \ + --docdir=%{_docdir}/systemd \ + --with-pamlibdir=/%{_lib}/security \ + --with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \ + --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ + --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ + --with-certificate-root=%{_sysconfdir}/pki/systemd \ %if 0%{?bootstrap} - --disable-myhostname \ - --disable-manpages \ + --disable-myhostname \ + --disable-manpages \ %endif -%if %{with compatlibs} - --enable-compat-libs \ -%endif - --enable-selinux \ - --enable-split-usr \ - --disable-static \ - --disable-tests \ - --with-rc-local-script-path-start=/etc/init.d/boot.local \ - --with-rc-local-script-path-stop=/etc/init.d/halt.local \ - --with-debug-shell=/bin/bash \ - --disable-smack \ - --disable-ima \ - --disable-adm-group \ - --disable-wheel-group \ + --enable-selinux \ + --enable-split-usr \ + --disable-static \ + --disable-lto \ + --disable-tests \ + --without-kill-user-processes \ + --with-rc-local-script-path-start=/etc/init.d/boot.local \ + --with-rc-local-script-path-stop=/etc/init.d/halt.local \ + --with-debug-shell=/bin/bash \ + --disable-smack \ + --disable-ima \ + --disable-adm-group \ + --disable-wheel-group \ + --disable-ldconfig \ %if %{without networkd} - --disable-networkd \ + --disable-networkd \ %endif %if %{without machined} - --disable-machined \ + --disable-machined \ %endif %if %{without sysvcompat} - --with-sysvinit-path= \ - --with-sysvrcnd-path= \ + --with-sysvinit-path= \ + --with-sysvrcnd-path= \ %endif %if %{without resolved} - --disable-resolved \ + --disable-resolved \ %endif - --disable-kdbus + --disable-kdbus make %{?_smp_mflags} V=e %install %make_install +find %{buildroot} -type f -name '*.la' -delete # move to %{_lib} %if ! 0%{?bootstrap} mv %{buildroot}%{_libdir}/libnss_myhostname.so.2 %{buildroot}/%{_lib} +%else +rm %{buildroot}%{_libdir}/libnss_systemd.so* %endif # FIXME: these symlinks should die. @@ -467,7 +484,6 @@ ln -sf %{_prefix}/lib/systemd/systemd-udevd %{buildroot}/sbin/udevd install -m755 -D %{S:1065} %{buildroot}/%{_prefix}/lib/udev/remount-tmpfs rm -rf %{buildroot}%{_sysconfdir}/rpm -find %{buildroot} -type f -name '*.la' -delete mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated @@ -503,6 +519,10 @@ cat << EOF > %{buildroot}%{_libexecdir}/modules-load.d/sg.conf sg EOF +# Remove .so file for the shared library, it's not supposed to be +# used. +rm %{buildroot}%{_libexecdir}/systemd/libsystemd-shared.so + # do not ship sysctl defaults in systemd package, will be part of # aaa_base (in procps for now) rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf @@ -618,7 +638,7 @@ fi # kbd-model-map.legacy is used to provide mapping for legacy keymaps, # which may still be used by yast. -cat %{S:13} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map +cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map %find_lang systemd @@ -644,24 +664,24 @@ systemctl daemon-reexec || : # Try to read default runlevel from the old inittab if it exists if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then - runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab) - if [ -n "$runlevel" ] ; then - ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || : - fi + runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab) + if [ -n "$runlevel" ] ; then + ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || : + fi fi # Create default config in /etc at first install. # Later package updates should not overwrite these settings. if [ $1 -eq 1 ]; then - # Enable systemd services according to the distro defaults. - # Note: systemctl might abort prematurely if it fails on one - # unit. - systemctl preset remote-fs.target || : - systemctl preset getty@.service || : - systemctl preset systemd-networkd.service || : - systemctl preset systemd-networkd-wait-online.service || : - systemctl preset systemd-timesyncd.service || : - systemctl preset systemd-resolved.service || : + # Enable systemd services according to the distro defaults. + # Note: systemctl might abort prematurely if it fails on one + # unit. + systemctl preset remote-fs.target || : + systemctl preset getty@.service || : + systemctl preset systemd-networkd.service || : + systemctl preset systemd-networkd-wait-online.service || : + systemctl preset systemd-timesyncd.service || : + systemctl preset systemd-resolved.service || : fi >/dev/null # since v207 /etc/sysctl.conf is no longer parsed, however @@ -672,8 +692,8 @@ fi # migrate any symlink which may refer to the old path for f in $(find /etc/systemd/system -type l -xtype l); do - new_target="/usr$(readlink $f)" - [ -f "$new_target" ] && ln -s -f $new_target $f || : + new_target="/usr$(readlink $f)" + [ -f "$new_target" ] && ln -s -f $new_target $f || : done # Keep tmp.mount if it's been enabled explicitly by the user otherwise @@ -686,6 +706,18 @@ enabled) ;; *) rm -f %{_prefix}/lib/systemd/system/tmp.mount esac +# Same for user lingering created by logind. +for username in $(ls /var/lib/systemd/linger/* 2>/dev/null); do + chmod 0644 $username +done + +# v228 wrongly set world writable suid root permissions on timestamp +# files used by permanent timers. Fix the timestamps that might have +# been created by the affected versions of systemd (bsc#1020601). +for stamp in $(ls /var/lib/systemd/timers/stamp-*.timer 2>/dev/null); do + chmod 0644 $stamp +done + # Convert /var/lib/machines subvolume to make it suitable for # rollbacks, if needed. See bsc#992573. The installer has been fixed # to create it at installation time. @@ -714,35 +746,36 @@ if [ $1 -ge 1 ]; then fi %if ! 0%{?bootstrap} if [ $1 -eq 0 ]; then - pam-config -d --systemd || : + pam-config -d --systemd || : fi %endif %preun if [ $1 -eq 0 ]; then - systemctl disable remote-fs.target || : - systemctl disable getty@.service || : - systemctl disable systemd-networkd.service || : - systemctl disable systemd-networkd-wait-online.service || : - systemctl disable systemd-timesyncd.service || : - systemctl disable systemd-resolved.service || : + systemctl disable remote-fs.target || : + systemctl disable getty@.service || : + systemctl disable systemd-networkd.service || : + systemctl disable systemd-networkd-wait-online.service || : + systemctl disable systemd-timesyncd.service || : + systemctl disable systemd-resolved.service || : - rm -f /etc/systemd/system/default.target + rm -f /etc/systemd/system/default.target fi >/dev/null %pretrans -n udev%{?mini} -p if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then - posix.symlink("/lib/udev", "/usr/lib/udev") + posix.symlink("/lib/udev", "/usr/lib/udev") end %pre -n udev%{?mini} - %regenerate_initrd_post +%regenerate_initrd_post + if test -L /usr/lib/udev -a /lib/udev -ef /usr/lib/udev ; then - rm /usr/lib/udev - mv /lib/udev /usr/lib - ln -s /usr/lib/udev /lib/udev + rm /usr/lib/udev + mv /lib/udev /usr/lib + ln -s /usr/lib/udev /lib/udev elif [ ! -e /lib/udev ]; then - ln -s /usr/lib/udev /lib/udev + ln -s /usr/lib/udev /lib/udev fi # Create "tape"/"input" group which is referenced by some udev rules @@ -766,7 +799,13 @@ rm -f /etc/udev/rules.d/{20,55,65}-cdrom.rules %regenerate_initrd_post %insserv_cleanup systemctl daemon-reload || : -%systemd_postun_with_restart systemd-udevd-{control,kernel}.socket systemd-udevd.service +# On package update: the restart of the socket units will probably +# fail as the daemon is most likely running. It's not really an issue +# since we restart systemd-udevd right after and that will pull in the +# socket units again. We should be informed at that time if something +# really went wrong the first time we started the socket units. +%systemd_postun_with_restart systemd-udevd-{control,kernel}.socket 2>/dev/null +%systemd_postun_with_restart systemd-udevd.service %posttrans -n udev%{?mini} %regenerate_initrd_posttrans @@ -781,12 +820,15 @@ systemctl daemon-reload || : %post logger systemd-tmpfiles --create --prefix=%{_localstatedir}/log/journal/ || : if [ "$1" -eq 1 ]; then -# tell journal to start logging on disk if directory didn't exist before - systemctl --no-block restart systemd-journal-flush.service >/dev/null || : + # tell journal to start logging on disk if directory didn't exist before + systemctl --no-block restart systemd-journal-flush.service >/dev/null || : fi %post -n nss-myhostname -p /sbin/ldconfig %postun -n nss-myhostname -p /sbin/ldconfig + +%post -n nss-systemd -p /sbin/ldconfig +%postun -n nss-systemd -p /sbin/ldconfig %endif %if %{with resolved} @@ -849,6 +891,7 @@ fi %{_bindir}/systemd-firstboot %{_bindir}/systemd-path %{_bindir}/systemd-sysusers +%{_bindir}/systemd-mount %{_bindir}/systemd-notify %{_bindir}/systemd-run %{_bindir}/systemd-journalctl @@ -861,6 +904,10 @@ fi %{_bindir}/systemd-tmpfiles %{_bindir}/systemd-machine-id-setup %{_bindir}/systemd-nspawn +%if %{with resolved} +%{_bindir}/systemd-resolve +%endif +%{_bindir}/systemd-socket-activate %{_bindir}/systemd-stdio-bridge %{_bindir}/systemd-detect-virt %{_bindir}/timedatectl @@ -897,9 +944,10 @@ fi %{_prefix}/lib/systemd/system/*.path %{_prefix}/lib/systemd/user/*.target %{_prefix}/lib/systemd/user/*.service -%{_prefix}/lib/systemd/user/*.socket %{_prefix}/lib/systemd/systemd-* %{_prefix}/lib/systemd/systemd +%{_prefix}/lib/systemd/libsystemd-shared-%{version}.so +%{_prefix}/lib/systemd/resolv.conf %{_prefix}/lib/systemd/fix-machines-subvol-for-rollbacks.sh %dir %{_prefix}/lib/systemd/catalog %{_prefix}/lib/systemd/catalog/systemd.catalog @@ -954,11 +1002,11 @@ fi %dir %{_sysconfdir}/systemd/system %dir %{_sysconfdir}/systemd/user %dir %{_sysconfdir}/xdg/systemd +%{_sysconfdir}/systemd/system/ctrl-alt-del.target %{_sysconfdir}/xdg/systemd/user %{_sysconfdir}/X11/xinit/xinitrc.d/50-systemd-user.sh %config(noreplace) %{_sysconfdir}/pam.d/systemd-user -%config(noreplace) %{_sysconfdir}/systemd/bootchart.conf %config(noreplace) %{_sysconfdir}/systemd/coredump.conf %config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf %config(noreplace) %{_sysconfdir}/systemd/system.conf @@ -1092,16 +1140,6 @@ fi %{_libdir}/libsystemd.so %{_libdir}/pkgconfig/libsystemd.pc %{_includedir}/systemd/ -%if %{with compatlibs} -%{_libdir}/libsystemd-daemon.so -%{_libdir}/libsystemd-login.so -%{_libdir}/libsystemd-id128.so -%{_libdir}/libsystemd-journal.so -%{_libdir}/pkgconfig/libsystemd-daemon.pc -%{_libdir}/pkgconfig/libsystemd-login.pc -%{_libdir}/pkgconfig/libsystemd-id128.pc -%{_libdir}/pkgconfig/libsystemd-journal.pc -%endif %if ! 0%{?bootstrap} %{_mandir}/man3/SD*.3* %{_mandir}/man3/sd*.3* @@ -1181,12 +1219,6 @@ fi %files -n libsystemd0%{?mini} %defattr(-,root,root) %{_libdir}/libsystemd.so.* -%if %{with compatlibs} -%{_libdir}/libsystemd-daemon.so.* -%{_libdir}/libsystemd-login.so.* -%{_libdir}/libsystemd-id128.so.* -%{_libdir}/libsystemd-journal.so.* -%endif %files -n libudev%{?mini}1 %defattr(-,root,root) @@ -1214,6 +1246,12 @@ fi /%{_lib}/*nss_myhostname* %{_mandir}/man8/libnss_myhostname.* %{_mandir}/man8/nss-myhostname.* + +%files -n nss-systemd +%defattr(-, root, root) +%{_libdir}/libnss_systemd.so* +%{_mandir}/man8/libnss_systemd.so.* +%{_mandir}/man8/nss-systemd.* %endif %if %{with resolved} diff --git a/systemd-rpmlintrc b/systemd-rpmlintrc index a9e12af8..5b7980e5 100644 --- a/systemd-rpmlintrc +++ b/systemd-rpmlintrc @@ -16,6 +16,7 @@ addFilter(".*devel-file-in-non-devel-package.*udev.pc.*") addFilter(".*libgudev-.*shlib-fixed-dependency.*") addFilter(".*suse-filelist-forbidden-systemd-userdirs.*") addFilter("libudev-mini.*shlib-policy-name-error.*") +addFilter("nss-systemd.*shlib-policy-name-error.*") addFilter("nss-myhostname.*shlib-policy-name-error.*") addFilter("nss-mymachines.*shlib-policy-name-error.*") addFilter("systemd-logger.*useless-provides sysvinit(syslog).*") diff --git a/systemd.changes b/systemd.changes index ddcda174..b7ed294e 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,148 @@ +------------------------------------------------------------------- +Wed Jan 25 15:37:23 UTC 2017 - fbui@suse.com + +- Don't ship ldconfig.service anymore + + This service was introduced to support stateless systems that + support offline /usr updates properly. + + AFAIK we don't support any such system for now, so disable it. If + it's wrong it's easy enough to restore it back. + + Related to bsc#1019470. + +------------------------------------------------------------------- +Wed Jan 25 15:17:06 UTC 2017 - fbui@suse.com + +- Be more consistent with indentation (*no* functional changes) + + Indentation should use 8 spaces now (no tabs). + +------------------------------------------------------------------- +Wed Jan 25 14:38:59 UTC 2017 - fbui@suse.com + +- Import commit 2559bc0c076b58f0a649056e79ca90fe5f1d556c + + 9c4a759ab systemctl: 'show' don't exit with a failure status if the requested property does not exist [SUSE] (bsc#1021062) + f9194193b systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266) + 2a6653335 rule: don't automatically online standby memory on s390x (bsc#997682) + +------------------------------------------------------------------- +Wed Jan 25 14:36:34 UTC 2017 - fbui@suse.com + +- Fix permission set on /var/lib/systemd/linger/* + + Those files are created by logind which run with umask(0022), so + they are not world writable and shouldn't be affected by + bsc#1020601. But it's cleaner to not let files forever with their + setuid bit set for no good reason. + +------------------------------------------------------------------- +Wed Jan 25 14:33:04 UTC 2017 - fbui@suse.com + +- Fix permissions set on permanent timer timestamp files (bsc#1020601) (CVE-2016-10156) + + This change makes sure to fix the permissions of the timestamp files + which could have been created by an affected version of systemd. + + Local unprivileged users could have run arbitrary code as root if + systemd previously created world writable suid root files such as + permanent timer stamp files. + +------------------------------------------------------------------- +Tue Jan 10 10:54:20 UTC 2017 - fbui@suse.com + +- Import commit 3edb876e3b80437a95502aa5d31d454606ea94bd + + 27b544224 core: make sure to not call device_is_bound_by_mounts() when dev is null (#5033) (bsc#1018399) + +------------------------------------------------------------------- +Fri Jan 6 08:27:03 UTC 2017 - fbui@suse.com + +- Use the %{resolved} build conditional for the nss-resolve subpackage + +------------------------------------------------------------------- +Thu Jan 5 17:46:44 UTC 2017 - fbui@suse.com + +- /usr/bin/systemd-resolve was missing from the filelist + +------------------------------------------------------------------- +Thu Jan 5 17:09:01 UTC 2017 - fbui@suse.com + +- Silent warnings emitted when udev socket units are restarted during package upgrade (bsc#1018214) + +------------------------------------------------------------------- +Mon Dec 19 13:49:48 UTC 2016 - fbui@suse.com + +- Upgrade to v232, commit de62e96da6a62ac61a7dea45cc558f5fa4342032 + + - a4dff165d nspawn: resolv.conf might not be created initially (#4799) + - b543fe907 nspawn: fix condition for mounting resolv.conf (#4622) + - 1aed89e55 core: make mount units from /proc/self/mountinfo possibly bind to a device (#4515) (boo#909418 bsc#912715 bsc#945340) + - bfb54ecdc coredumpctl: let gdb handle the SIGINT signal (#4901) (bsc#1012591) + +------------------------------------------------------------------- +Wed Dec 14 14:51:41 UTC 2016 - fbui@suse.com + +- Really include legacy kbd maps in kbd-model-map (bsc#1015515) + + Instead of fix-machines-subvol-for-rollbacks.sh... + +------------------------------------------------------------------- +Thu Dec 8 12:55:51 UTC 2016 - fbui@suse.com + +- Enable lz4 (which becomes the default) + + It's much faster than xz and thus should be more appropriate to + compress journals and coredumps. + + The LZ4 logic is now officially supported and no longer considered + experimental. + + The new frame api was released in v125. + +------------------------------------------------------------------- +Tue Dec 6 16:46:52 UTC 2016 - fbui@suse.com + +- Good by compatlibs support + + There's no longer need for enabling/disabling the support for the + compatlibs as it's been dropped from the source code. + +------------------------------------------------------------------- +Tue Nov 29 16:38:41 UTC 2016 - fbui@suse.com + +- Drop /usr/lib/systemd/libsystemd-shared-%{version}.so from the 32bit package + + This shared library is not for public use, and is neither API nor + ABI stable, but is likely to change with every new released + update. Only systemd binaries are supposed to link against it. + + This also prevents from the 32bit package to conflit with the 64bit + one if this lib was installed by both packages. + +------------------------------------------------------------------- +Tue Nov 22 15:02:08 UTC 2016 - fbui@suse.com + +- Upgrade to v232, commit c5c3445825981e2a5c3ed71214127d5b1b9de802: + + - Dropped backported commits which has been merged + - Forward-port Suse specific patches + - Added --disable-lto option to ./configure + - Added systemd-mount + - Removed in %file /usr/lib/systemd/user/*.socket: since + 798c486fbcdce3346cd86 units/systemd-bus-proxyd.socket has been + removed. + - Removed in %file %{_sysconfdir}/systemd/bootchart.conf + since commit 232c84b2d22f2d96982b3c bootchart is not part of systemd + anymore. + - Backward compat libs have been disabled since it's been dropped from + the source code. + - Added /usr/bin/systemd-socket-activate in %file + - Added --without-kill-user-processes ./configure option + - Bump libseccomp build require (>= 2.3.1) as described in README + - Specifiy version of libmount as required in the README + ------------------------------------------------------------------- Fri Nov 18 21:07:11 UTC 2016 - meissner@suse.com diff --git a/systemd.spec b/systemd.spec index 2ad1f88d..c1a405c6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ # # spec file for package systemd # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,13 +42,12 @@ %bcond_without gnuefi %endif %endif -%bcond_without compatlibs %bcond_with resolved %bcond_with parentpathid Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 228 +Version: 232 Release: 0 Summary: A System and Session Manager License: LGPL-2.1+ @@ -72,7 +71,7 @@ BuildRequires: gperf BuildRequires: intltool BuildRequires: libacl-devel BuildRequires: libcap-devel -BuildRequires: libmount-devel +BuildRequires: libmount-devel >= 2.27.1 BuildRequires: libsepol-devel BuildRequires: libtool BuildRequires: pam-config >= 0.79-5 @@ -81,9 +80,9 @@ BuildRequires: pam-devel # BR. Also this macro was introduced since version 12.4. BuildRequires: suse-module-tools >= 12.4 BuildRequires: systemd-rpm-macros -BuildRequires: xz BuildRequires: pkgconfig(blkid) >= 2.26 BuildRequires: pkgconfig(libkmod) >= 15 +BuildRequires: pkgconfig(liblz4) >= 125 BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(libpcre) @@ -99,7 +98,7 @@ BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33 %endif %ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x -BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libseccomp) >= 2.3.1 %endif %if %{with gnuefi} BuildRequires: gnu-efi @@ -300,20 +299,18 @@ Conflicts: otherproviders(syslog) %description logger This package marks the installation to not use syslog but only the journal. -%package -n nss-resolve -Summary: Plugin for local hostname resolution via systemd-resolved +%package -n nss-systemd +Summary: Plugin for local virtual host name resolution License: LGPL-2.1+ Group: System/Libraries -Requires: %{name} = %{version}-%{release} -%description -n nss-resolve -This package contains a plug-in module for the Name Service Switch -(NSS), which enables host name resolutions via the systemd-resolved(8) -local network name resolution service. It replaces the nss-dns plug-in -module that traditionally resolves hostnames via DNS. +%description -n nss-systemd +This package contains a plugin for the Name Service Switch (NSS), +which enables resolution of all dynamically allocated service +users. (See the DynamicUser= setting in unit files.) To activate this NSS module, you will need to include it in -/etc/nsswitch.conf, see nss-resolve(8) manpage for more details. +/etc/nsswitch.conf, see nss-systemd(8) manpage for more details. %package -n nss-myhostname Summary: Plugin for local system host name resolution @@ -331,6 +328,23 @@ To activate this NSS module, you will need to include it in /etc/nsswitch.conf, see nss-hostname(8) manpage for more details. %endif +%if %{with resolved} +%package -n nss-resolve +Summary: Plugin for local hostname resolution via systemd-resolved +License: LGPL-2.1+ +Group: System/Libraries +Requires: %{name} = %{version}-%{release} + +%description -n nss-resolve +This package contains a plug-in module for the Name Service Switch +(NSS), which enables host name resolutions via the systemd-resolved(8) +local network name resolution service. It replaces the nss-dns plug-in +module that traditionally resolves hostnames via DNS. + +To activate this NSS module, you will need to include it in +/etc/nsswitch.conf, see nss-resolve(8) manpage for more details. +%endif + %if %{with machined} %package -n nss-mymachines Summary: Plugin for local virtual host name resolution @@ -407,53 +421,56 @@ systemd_cryptsetup_LDFLAGS =\\\ # keep split-usr until all packages have moved their systemd rules to /usr %configure \ - --docdir=%{_docdir}/systemd \ - --with-pamlibdir=/%{_lib}/security \ - --with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \ - --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ - --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ - --with-certificate-root=%{_sysconfdir}/pki/systemd \ + --docdir=%{_docdir}/systemd \ + --with-pamlibdir=/%{_lib}/security \ + --with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \ + --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ + --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ + --with-certificate-root=%{_sysconfdir}/pki/systemd \ %if 0%{?bootstrap} - --disable-myhostname \ - --disable-manpages \ + --disable-myhostname \ + --disable-manpages \ %endif -%if %{with compatlibs} - --enable-compat-libs \ -%endif - --enable-selinux \ - --enable-split-usr \ - --disable-static \ - --disable-tests \ - --with-rc-local-script-path-start=/etc/init.d/boot.local \ - --with-rc-local-script-path-stop=/etc/init.d/halt.local \ - --with-debug-shell=/bin/bash \ - --disable-smack \ - --disable-ima \ - --disable-adm-group \ - --disable-wheel-group \ + --enable-selinux \ + --enable-split-usr \ + --disable-static \ + --disable-lto \ + --disable-tests \ + --without-kill-user-processes \ + --with-rc-local-script-path-start=/etc/init.d/boot.local \ + --with-rc-local-script-path-stop=/etc/init.d/halt.local \ + --with-debug-shell=/bin/bash \ + --disable-smack \ + --disable-ima \ + --disable-adm-group \ + --disable-wheel-group \ + --disable-ldconfig \ %if %{without networkd} - --disable-networkd \ + --disable-networkd \ %endif %if %{without machined} - --disable-machined \ + --disable-machined \ %endif %if %{without sysvcompat} - --with-sysvinit-path= \ - --with-sysvrcnd-path= \ + --with-sysvinit-path= \ + --with-sysvrcnd-path= \ %endif %if %{without resolved} - --disable-resolved \ + --disable-resolved \ %endif - --disable-kdbus + --disable-kdbus make %{?_smp_mflags} V=e %install %make_install +find %{buildroot} -type f -name '*.la' -delete # move to %{_lib} %if ! 0%{?bootstrap} mv %{buildroot}%{_libdir}/libnss_myhostname.so.2 %{buildroot}/%{_lib} +%else +rm %{buildroot}%{_libdir}/libnss_systemd.so* %endif # FIXME: these symlinks should die. @@ -465,7 +482,6 @@ ln -sf %{_prefix}/lib/systemd/systemd-udevd %{buildroot}/sbin/udevd install -m755 -D %{S:1065} %{buildroot}/%{_prefix}/lib/udev/remount-tmpfs rm -rf %{buildroot}%{_sysconfdir}/rpm -find %{buildroot} -type f -name '*.la' -delete mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated @@ -501,6 +517,10 @@ cat << EOF > %{buildroot}%{_libexecdir}/modules-load.d/sg.conf sg EOF +# Remove .so file for the shared library, it's not supposed to be +# used. +rm %{buildroot}%{_libexecdir}/systemd/libsystemd-shared.so + # do not ship sysctl defaults in systemd package, will be part of # aaa_base (in procps for now) rm -f %{buildroot}%{_prefix}/lib/sysctl.d/50-default.conf @@ -616,7 +636,7 @@ fi # kbd-model-map.legacy is used to provide mapping for legacy keymaps, # which may still be used by yast. -cat %{S:13} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map +cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map %find_lang systemd @@ -642,24 +662,24 @@ systemctl daemon-reexec || : # Try to read default runlevel from the old inittab if it exists if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then - runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab) - if [ -n "$runlevel" ] ; then - ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || : - fi + runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab) + if [ -n "$runlevel" ] ; then + ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || : + fi fi # Create default config in /etc at first install. # Later package updates should not overwrite these settings. if [ $1 -eq 1 ]; then - # Enable systemd services according to the distro defaults. - # Note: systemctl might abort prematurely if it fails on one - # unit. - systemctl preset remote-fs.target || : - systemctl preset getty@.service || : - systemctl preset systemd-networkd.service || : - systemctl preset systemd-networkd-wait-online.service || : - systemctl preset systemd-timesyncd.service || : - systemctl preset systemd-resolved.service || : + # Enable systemd services according to the distro defaults. + # Note: systemctl might abort prematurely if it fails on one + # unit. + systemctl preset remote-fs.target || : + systemctl preset getty@.service || : + systemctl preset systemd-networkd.service || : + systemctl preset systemd-networkd-wait-online.service || : + systemctl preset systemd-timesyncd.service || : + systemctl preset systemd-resolved.service || : fi >/dev/null # since v207 /etc/sysctl.conf is no longer parsed, however @@ -670,8 +690,8 @@ fi # migrate any symlink which may refer to the old path for f in $(find /etc/systemd/system -type l -xtype l); do - new_target="/usr$(readlink $f)" - [ -f "$new_target" ] && ln -s -f $new_target $f || : + new_target="/usr$(readlink $f)" + [ -f "$new_target" ] && ln -s -f $new_target $f || : done # Keep tmp.mount if it's been enabled explicitly by the user otherwise @@ -684,6 +704,18 @@ enabled) ;; *) rm -f %{_prefix}/lib/systemd/system/tmp.mount esac +# Same for user lingering created by logind. +for username in $(ls /var/lib/systemd/linger/* 2>/dev/null); do + chmod 0644 $username +done + +# v228 wrongly set world writable suid root permissions on timestamp +# files used by permanent timers. Fix the timestamps that might have +# been created by the affected versions of systemd (bsc#1020601). +for stamp in $(ls /var/lib/systemd/timers/stamp-*.timer 2>/dev/null); do + chmod 0644 $stamp +done + # Convert /var/lib/machines subvolume to make it suitable for # rollbacks, if needed. See bsc#992573. The installer has been fixed # to create it at installation time. @@ -712,35 +744,36 @@ if [ $1 -ge 1 ]; then fi %if ! 0%{?bootstrap} if [ $1 -eq 0 ]; then - pam-config -d --systemd || : + pam-config -d --systemd || : fi %endif %preun if [ $1 -eq 0 ]; then - systemctl disable remote-fs.target || : - systemctl disable getty@.service || : - systemctl disable systemd-networkd.service || : - systemctl disable systemd-networkd-wait-online.service || : - systemctl disable systemd-timesyncd.service || : - systemctl disable systemd-resolved.service || : + systemctl disable remote-fs.target || : + systemctl disable getty@.service || : + systemctl disable systemd-networkd.service || : + systemctl disable systemd-networkd-wait-online.service || : + systemctl disable systemd-timesyncd.service || : + systemctl disable systemd-resolved.service || : - rm -f /etc/systemd/system/default.target + rm -f /etc/systemd/system/default.target fi >/dev/null %pretrans -n udev%{?mini} -p if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then - posix.symlink("/lib/udev", "/usr/lib/udev") + posix.symlink("/lib/udev", "/usr/lib/udev") end %pre -n udev%{?mini} - %regenerate_initrd_post +%regenerate_initrd_post + if test -L /usr/lib/udev -a /lib/udev -ef /usr/lib/udev ; then - rm /usr/lib/udev - mv /lib/udev /usr/lib - ln -s /usr/lib/udev /lib/udev + rm /usr/lib/udev + mv /lib/udev /usr/lib + ln -s /usr/lib/udev /lib/udev elif [ ! -e /lib/udev ]; then - ln -s /usr/lib/udev /lib/udev + ln -s /usr/lib/udev /lib/udev fi # Create "tape"/"input" group which is referenced by some udev rules @@ -764,7 +797,13 @@ rm -f /etc/udev/rules.d/{20,55,65}-cdrom.rules %regenerate_initrd_post %insserv_cleanup systemctl daemon-reload || : -%systemd_postun_with_restart systemd-udevd-{control,kernel}.socket systemd-udevd.service +# On package update: the restart of the socket units will probably +# fail as the daemon is most likely running. It's not really an issue +# since we restart systemd-udevd right after and that will pull in the +# socket units again. We should be informed at that time if something +# really went wrong the first time we started the socket units. +%systemd_postun_with_restart systemd-udevd-{control,kernel}.socket 2>/dev/null +%systemd_postun_with_restart systemd-udevd.service %posttrans -n udev%{?mini} %regenerate_initrd_posttrans @@ -779,12 +818,15 @@ systemctl daemon-reload || : %post logger systemd-tmpfiles --create --prefix=%{_localstatedir}/log/journal/ || : if [ "$1" -eq 1 ]; then -# tell journal to start logging on disk if directory didn't exist before - systemctl --no-block restart systemd-journal-flush.service >/dev/null || : + # tell journal to start logging on disk if directory didn't exist before + systemctl --no-block restart systemd-journal-flush.service >/dev/null || : fi %post -n nss-myhostname -p /sbin/ldconfig %postun -n nss-myhostname -p /sbin/ldconfig + +%post -n nss-systemd -p /sbin/ldconfig +%postun -n nss-systemd -p /sbin/ldconfig %endif %if %{with resolved} @@ -847,6 +889,7 @@ fi %{_bindir}/systemd-firstboot %{_bindir}/systemd-path %{_bindir}/systemd-sysusers +%{_bindir}/systemd-mount %{_bindir}/systemd-notify %{_bindir}/systemd-run %{_bindir}/systemd-journalctl @@ -859,6 +902,10 @@ fi %{_bindir}/systemd-tmpfiles %{_bindir}/systemd-machine-id-setup %{_bindir}/systemd-nspawn +%if %{with resolved} +%{_bindir}/systemd-resolve +%endif +%{_bindir}/systemd-socket-activate %{_bindir}/systemd-stdio-bridge %{_bindir}/systemd-detect-virt %{_bindir}/timedatectl @@ -895,9 +942,10 @@ fi %{_prefix}/lib/systemd/system/*.path %{_prefix}/lib/systemd/user/*.target %{_prefix}/lib/systemd/user/*.service -%{_prefix}/lib/systemd/user/*.socket %{_prefix}/lib/systemd/systemd-* %{_prefix}/lib/systemd/systemd +%{_prefix}/lib/systemd/libsystemd-shared-%{version}.so +%{_prefix}/lib/systemd/resolv.conf %{_prefix}/lib/systemd/fix-machines-subvol-for-rollbacks.sh %dir %{_prefix}/lib/systemd/catalog %{_prefix}/lib/systemd/catalog/systemd.catalog @@ -952,11 +1000,11 @@ fi %dir %{_sysconfdir}/systemd/system %dir %{_sysconfdir}/systemd/user %dir %{_sysconfdir}/xdg/systemd +%{_sysconfdir}/systemd/system/ctrl-alt-del.target %{_sysconfdir}/xdg/systemd/user %{_sysconfdir}/X11/xinit/xinitrc.d/50-systemd-user.sh %config(noreplace) %{_sysconfdir}/pam.d/systemd-user -%config(noreplace) %{_sysconfdir}/systemd/bootchart.conf %config(noreplace) %{_sysconfdir}/systemd/coredump.conf %config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf %config(noreplace) %{_sysconfdir}/systemd/system.conf @@ -1090,16 +1138,6 @@ fi %{_libdir}/libsystemd.so %{_libdir}/pkgconfig/libsystemd.pc %{_includedir}/systemd/ -%if %{with compatlibs} -%{_libdir}/libsystemd-daemon.so -%{_libdir}/libsystemd-login.so -%{_libdir}/libsystemd-id128.so -%{_libdir}/libsystemd-journal.so -%{_libdir}/pkgconfig/libsystemd-daemon.pc -%{_libdir}/pkgconfig/libsystemd-login.pc -%{_libdir}/pkgconfig/libsystemd-id128.pc -%{_libdir}/pkgconfig/libsystemd-journal.pc -%endif %if ! 0%{?bootstrap} %{_mandir}/man3/SD*.3* %{_mandir}/man3/sd*.3* @@ -1179,12 +1217,6 @@ fi %files -n libsystemd0%{?mini} %defattr(-,root,root) %{_libdir}/libsystemd.so.* -%if %{with compatlibs} -%{_libdir}/libsystemd-daemon.so.* -%{_libdir}/libsystemd-login.so.* -%{_libdir}/libsystemd-id128.so.* -%{_libdir}/libsystemd-journal.so.* -%endif %files -n libudev%{?mini}1 %defattr(-,root,root) @@ -1212,6 +1244,12 @@ fi /%{_lib}/*nss_myhostname* %{_mandir}/man8/libnss_myhostname.* %{_mandir}/man8/nss-myhostname.* + +%files -n nss-systemd +%defattr(-, root, root) +%{_libdir}/libnss_systemd.so* +%{_mandir}/man8/libnss_systemd.so.* +%{_mandir}/man8/nss-systemd.* %endif %if %{with resolved}