diff --git a/0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch b/0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch new file mode 100644 index 00000000..dfc696e1 --- /dev/null +++ b/0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch @@ -0,0 +1,80 @@ +From f98af900e625b15862f9173a5c55662d4cee7356 Mon Sep 17 00:00:00 2001 +From: Frederic Crozat +Date: Mon, 29 Oct 2012 13:01:20 +0000 +Subject: [PATCH 01/12] restore /var/run and /var/lock bind mount if they + aren't symlink + +--- + units/meson.build | 2 ++ + units/var-lock.mount | 19 +++++++++++++++++++ + units/var-run.mount | 19 +++++++++++++++++++ + 3 files changed, 40 insertions(+) + create mode 100644 units/var-lock.mount + create mode 100644 units/var-run.mount + +diff --git a/units/meson.build b/units/meson.build +index 275daad3f4..dadc9432ef 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -150,6 +150,8 @@ units = [ + ['umount.target', ''], + ['usb-gadget.target', ''], + ['user.slice', ''], ++ ['var-run.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'], ++ ['var-lock.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'], + ['var-lib-machines.mount', 'ENABLE_MACHINED', + 'remote-fs.target.wants/ machines.target.wants/'], + ] +diff --git a/units/var-lock.mount b/units/var-lock.mount +new file mode 100644 +index 0000000000..07277adac3 +--- /dev/null ++++ b/units/var-lock.mount +@@ -0,0 +1,19 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Lock Directory ++Before=local-fs.target ++# skip mounting if the directory does not exist or is a symlink ++ConditionPathIsDirectory=/var/lock ++ConditionPathIsSymbolicLink=!/var/lock ++ ++[Mount] ++What=/run/lock ++Where=/var/lock ++Type=bind ++Options=bind +diff --git a/units/var-run.mount b/units/var-run.mount +new file mode 100644 +index 0000000000..ab4da424c9 +--- /dev/null ++++ b/units/var-run.mount +@@ -0,0 +1,19 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Runtime Directory ++Before=local-fs.target ++# skip mounting if the directory does not exist or is a symlink ++ConditionPathIsDirectory=/var/run ++ConditionPathIsSymbolicLink=!/var/run ++ ++[Mount] ++What=/run ++Where=/var/run ++Type=bind ++Options=bind +-- +2.26.2 + diff --git a/0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch b/0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch new file mode 100644 index 00000000..352b252c --- /dev/null +++ b/0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch @@ -0,0 +1,27 @@ +From 59f2eadb29ac38803fd32fe52f1403343a7d74ac Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Tue, 25 Mar 2014 13:08:56 +0000 +Subject: [PATCH 02/12] rc-local: fix ordering startup for + /etc/init.d/boot.local + +[tblume: fixes bnc#869142] +--- + units/rc-local.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/rc-local.service.in b/units/rc-local.service.in +index 78ce69e0ae..0bcea82bed 100644 +--- a/units/rc-local.service.in ++++ b/units/rc-local.service.in +@@ -13,7 +13,7 @@ + Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility + Documentation=man:systemd-rc-local-generator(8) + ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@ +-After=network.target ++After=basic.target + + [Service] + Type=forking +-- +2.26.2 + diff --git a/0003-strip-the-domain-part-from-etc-hostname-when-setting.patch b/0003-strip-the-domain-part-from-etc-hostname-when-setting.patch new file mode 100644 index 00000000..5e9a1dfd --- /dev/null +++ b/0003-strip-the-domain-part-from-etc-hostname-when-setting.patch @@ -0,0 +1,43 @@ +From f299a8180f1db0680b454c0e37696891361e3067 Mon Sep 17 00:00:00 2001 +From: Frederic Crozat +Date: Tue, 28 May 2013 15:17:35 +0200 +Subject: [PATCH 03/12] strip the domain part from /etc/hostname when setting + system host name + +[fbui: fixes bnc#820213] +[fbui: forwardported from bfd2462b8ddec591d953841ab22bb30bdc6f9085] +[fbui: adjust context and make sure that strip of the domain name is + only done when setting the system host name. Therefore it's + still possible to pass an FQDN to hostnamectl] +[fbui: I'm still not sure that it was the right thing to do. Other + possibility was to fix the installer to create a correct + /etc/hostname file. Need to investigate...] +--- + src/core/hostname-setup.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/core/hostname-setup.c b/src/core/hostname-setup.c +index 6d047db838..1acc0c998b 100644 +--- a/src/core/hostname-setup.c ++++ b/src/core/hostname-setup.c +@@ -39,8 +39,16 @@ int hostname_setup(void) { + enoent = true; + else + log_warning_errno(r, "Failed to read configured hostname: %m"); +- } else ++ } else { ++ char *domain; ++ ++ /* SUSE: strip the domain name */ ++ domain = strchr(b, '.'); ++ if (domain) ++ *domain = '\0'; ++ + hn = b; ++ } + } + + if (isempty(hn)) { +-- +2.26.2 + diff --git a/0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch b/0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch new file mode 100644 index 00000000..570f2c91 --- /dev/null +++ b/0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch @@ -0,0 +1,124 @@ +From b46d43bf980afe13cfff39fc2876aed10f33db1d Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Thu, 14 Apr 2016 15:42:02 +0200 +Subject: [PATCH 04/12] tmpfiles: support exclude statements based on file + ownership + +SUSE supported tmpfile cleanups based on file ownership before systemd. +So this feature needs to be available in systemd. +This was part of fate#314974 + +[tblume: suse-only patch ported from SLES12-SP1 commit e769a63907ae4b] +[tblume: part of fate#314974] +--- + man/tmpfiles.d.xml | 4 +++- + src/tmpfiles/tmpfiles.c | 49 ++++++++++++++++++++++++++++++++--------- + 2 files changed, 42 insertions(+), 11 deletions(-) + +diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml +index b9e9eee96c..b90ae01345 100644 +--- a/man/tmpfiles.d.xml ++++ b/man/tmpfiles.d.xml +@@ -605,7 +605,9 @@ w- /proc/sys/vm/swappiness - - - - 10 + suffixed by a newline. For C, specifies the source file or directory. For t + and T, determines extended attributes to be set. For a and + A, determines ACL attributes to be set. For h and H, +- determines the file attributes to set. Ignored for all other lines. ++ determines the file attributes to set. For x and X a comma separated list ++ of usernames. If given, only paths belonging to these users will be excluded during directory cleanup. Ignored ++ for all other lines. + + This field can contain specifiers, see below. + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 2404e36bf2..349653c786 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -14,6 +14,8 @@ + #include + #include + #include ++#include ++#include + + #include "sd-path.h" + +@@ -505,6 +507,7 @@ static int dir_cleanup( + struct stat s; + usec_t age; + _cleanup_free_ char *sub_path = NULL; ++ Item *found; + + if (dot_or_dot_dot(dent->d_name)) + continue; +@@ -546,15 +549,41 @@ static int dir_cleanup( + goto finish; + } + +- /* Is there an item configured for this path? */ +- if (ordered_hashmap_get(items, sub_path)) { +- log_debug("Ignoring \"%s\": a separate entry exists.", sub_path); +- continue; +- } ++ /* evaluate username arguments in ignore statements */ ++ found = find_glob(globs, sub_path); + +- if (find_glob(globs, sub_path)) { +- log_debug("Ignoring \"%s\": a separate glob exists.", sub_path); +- continue; ++ if (i->type == CREATE_DIRECTORY && found && found->argument) { ++ struct passwd *pw; ++ char *userfound = NULL, *args = strdup(found->argument); ++ bool match = false; ++ ++ while ((userfound = strsep(&args, ","))) { ++ pw = getpwnam(userfound); ++ ++ if (pw) { ++ if (s.st_uid == pw->pw_uid) { ++ match = true; ++ break; ++ } ++ } ++ } ++ ++ if (match) { ++ log_debug("Ignoring \"%s\" of user \"%s\".", sub_path, pw->pw_name); ++ match=false; ++ continue; ++ } ++ } else { ++ /* Is there an item configured for this path? */ ++ if (ordered_hashmap_get(items, sub_path)) { ++ log_debug("Ignoring \"%s\": a separate entry exists.", sub_path); ++ continue; ++ } ++ ++ if (found) { ++ log_debug("Ignoring \"%s\": a separate glob exists.", sub_path); ++ continue; ++ } + } + + if (S_ISDIR(s.st_mode)) { +@@ -2637,8 +2666,6 @@ static int parse_line( + case EMPTY_DIRECTORY: + case TRUNCATE_DIRECTORY: + case CREATE_FIFO: +- case IGNORE_PATH: +- case IGNORE_DIRECTORY_PATH: + case REMOVE_PATH: + case RECURSIVE_REMOVE_PATH: + case ADJUST_MODE: +@@ -2649,6 +2676,8 @@ static int parse_line( + + break; + ++ case IGNORE_PATH: ++ case IGNORE_DIRECTORY_PATH: + case CREATE_FILE: + case TRUNCATE_FILE: + break; +-- +2.26.2 + diff --git a/0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch b/0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch new file mode 100644 index 00000000..b37a8acc --- /dev/null +++ b/0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch @@ -0,0 +1,29 @@ +From 8e95d5534e9a577529ac49aaec610e6ceefec0b9 Mon Sep 17 00:00:00 2001 +From: Robert Milasan +Date: Sat, 12 Jul 2014 14:20:36 +0200 +Subject: [PATCH 05/12] udev: create default symlinks for primary cd_dvd drive + +Imported from SLE12-SP1, commit 4f8bacfbffd7049608b5076. + +[rmilasan: fixes bnc#783054] +--- + rules.d/60-cdrom_id.rules | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/rules.d/60-cdrom_id.rules b/rules.d/60-cdrom_id.rules +index 288f8ce2f9..578c77441c 100644 +--- a/rules.d/60-cdrom_id.rules ++++ b/rules.d/60-cdrom_id.rules +@@ -25,5 +25,9 @@ IMPORT{program}="cdrom_id --lock-media $devnode" + ENV{DISK_MEDIA_CHANGE}=="?*", ENV{ID_CDROM_MEDIA}!="?*", ENV{SYSTEMD_READY}="0" + + KERNEL=="sr0", SYMLINK+="cdrom", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM}=="1", SYMLINK+="cdrom", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM_CD_RW}=="1", SYMLINK+="cdrw", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM_DVD}=="1", SYMLINK+="dvd", OPTIONS+="link_priority=-100" ++KERNEL=="sr0", ENV{ID_CDROM_DVD_RW}=="1", SYMLINK+="dvdrw", OPTIONS+="link_priority=-100" + + LABEL="cdrom_end" +-- +2.26.2 + diff --git a/0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch b/0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch new file mode 100644 index 00000000..53c44ddd --- /dev/null +++ b/0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch @@ -0,0 +1,123 @@ +From f9521480d5dc5af747fecc9adc4c617e473e5494 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 26 May 2016 08:59:41 +0200 +Subject: [PATCH 06/12] sysv-generator: add (back) support for SysV scripts for + the early boot + +For the record, the upstream support was removed by commit +3cdebc217c42c8529086f2965319b6a48eaaeabe. + +The sysv-generator has some weirdos: for example a service at the rc0 +runlevel won't be started during shutdown since it will get both +"WantedBy=poweroff.target" and "Conflicts=shutdown.target". + +Anyways what's the current patch implements the following: + + - a symlink /etc/init.d/boot.d/S??boot.foo will add + "WantedBy/Before=sysinit.target" constraints and make sure that the + default dependencies added by systemd are turned off. + + - a symlink /etc/init.d/boot.d/K??boot.foo will add + "Conflicts/Before=shutdown.target" so "foo" service will be stopped + like any other regular services. If this symlink is not installed + however, "foo" will be stopped lately during the systemd killing + spree. + +This is a forward-port of commit 29db8537e1ca10796797d9854d1 in SP1. + +[Since v232] + +Support for S* symlinks in runlevel 0 or 6 has been completely and silently +removed by 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f. Since it was already +broken as pointed out above, this probably wasn't really used and therefore +no one will really care. So let's drop it too. + +However this has the side effect to make the support of early sysv scripts more +difficult. To make things easy, the support of K* symlinks in boot.d/ has been +removed too: this is probably not used (anymore) (at least intentionally). + +The consequence is that early sysv services are stopped during shutdown at +the same time as 'normal' services. +--- + src/sysv-generator/sysv-generator.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index a2c72d1009..1c01008967 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -31,6 +31,9 @@ static const struct { + const char *path; + const char *target; + } rcnd_table[] = { ++ /* SUSE style boot.d */ ++ { "boot.d", SPECIAL_SYSINIT_TARGET }, ++ + /* Standard SysV runlevels for start-up */ + { "rc1.d", SPECIAL_RESCUE_TARGET }, + { "rc2.d", SPECIAL_MULTI_USER_TARGET }, +@@ -57,6 +60,7 @@ typedef struct SysvStub { + bool has_lsb; + bool reload; + bool loaded; ++ bool early; + } SysvStub; + + static void free_sysvstub(SysvStub *s) { +@@ -147,6 +151,12 @@ static int generate_unit_file(SysvStub *s) { + fprintf(f, "Description=%s\n", t); + } + ++ if (s->early) { ++ fprintf(f, "DefaultDependencies=no\n"); ++ fprintf(f, "Conflicts=%s\n", SPECIAL_SHUTDOWN_TARGET); ++ fprintf(f, "Before=%s\n", SPECIAL_SHUTDOWN_TARGET); ++ } ++ + STRV_FOREACH(p, s->before) + fprintf(f, "Before=%s\n", *p); + STRV_FOREACH(p, s->after) +@@ -213,6 +223,10 @@ static char *sysv_translate_name(const char *name) { + _cleanup_free_ char *c = NULL; + char *res; + ++ if (startswith(name, "boot.")) ++ /* Drop SuSE-style boot. prefix */ ++ name += 5; ++ + c = strdup(name); + if (!c) + return NULL; +@@ -289,6 +303,11 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + return 1; + } + ++ /* Strip "boot." prefix from file name for comparison (Suse specific) */ ++ e = startswith(filename, "boot."); ++ if (e) ++ filename += 5; ++ + /* Strip ".sh" suffix from file name for comparison */ + filename_no_sh = strdupa(filename); + e = endswith(filename_no_sh, ".sh"); +@@ -676,6 +695,9 @@ static int fix_order(SysvStub *s, Hashmap *all_services) { + if (other->sysv_start_priority < 0) + continue; + ++ if (s->early != other->early) ++ continue; ++ + /* If both units have modern headers we don't care + * about the priorities */ + if (s->has_lsb && other->has_lsb) +@@ -800,6 +822,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { + .sysv_start_priority = -1, + .name = TAKE_PTR(name), + .path = TAKE_PTR(fpath), ++ .early = !!startswith(de->d_name, "boot."), + }; + + r = hashmap_put(all_services, service->name, service); +-- +2.26.2 + diff --git a/0007-networkd-make-network.service-an-alias-of-systemd-ne.patch b/0007-networkd-make-network.service-an-alias-of-systemd-ne.patch new file mode 100644 index 00000000..c4fd62e1 --- /dev/null +++ b/0007-networkd-make-network.service-an-alias-of-systemd-ne.patch @@ -0,0 +1,29 @@ +From 0adc3f402aeeadd73a0977ca6a1bc65d3d4201c1 Mon Sep 17 00:00:00 2001 +From: Pawel Wieczorkiewicz +Date: Tue, 2 Jun 2015 13:33:24 +0000 +Subject: [PATCH 07/12] networkd: make network.service an alias of + systemd-networkd.service + +NetworkManager and wicked does this already. This is needed by yast2 +and other parts of the system. + +[fixes boo#933092] +--- + units/systemd-networkd.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in +index 2673146841..083a35b912 100644 +--- a/units/systemd-networkd.service.in ++++ b/units/systemd-networkd.service.in +@@ -50,6 +50,7 @@ User=systemd-network + + [Install] + WantedBy=multi-user.target ++Alias=network.service + Also=systemd-networkd.socket + Alias=dbus-org.freedesktop.network1.service + +-- +2.26.2 + diff --git a/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch b/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch new file mode 100644 index 00000000..d21fea50 --- /dev/null +++ b/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch @@ -0,0 +1,73 @@ +From a32292849ca2837f99d6801da26b8d8e401831c4 Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Wed, 4 May 2016 17:40:04 +0200 +Subject: [PATCH 08/12] sysv-generator: translate "Required-Start" into a + "Wants" dependency + +[tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch] + +[fbui: this is needed probably because insserv's behavior has been + sadly changed since SLE11: it now doesn't failed if a + dependency listed by Required-Start is missing.] + +[fbui: according to Werner "This should fix bnc#858864 and + bnc#857204." (see Base:System changelog)] +--- + src/sysv-generator/sysv-generator.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index 1c01008967..7a58be9287 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -258,6 +258,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + "remote_fs", SPECIAL_REMOTE_FS_TARGET, + "syslog", NULL, + "time", SPECIAL_TIME_SYNC_TARGET, ++ "all", SPECIAL_DEFAULT_TARGET, + }; + + const char *filename; +@@ -272,6 +273,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + + filename = basename(s->path); + ++ n = *name == '+' ? ++name : name; + n = *name == '$' ? name + 1 : name; + + for (i = 0; i < ELEMENTSOF(table); i += 2) { +@@ -408,7 +410,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text + + for (;;) { + _cleanup_free_ char *word = NULL, *m = NULL; +- bool is_before; ++ bool is_before, is_wanted; + + r = extract_first_word(&text, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RELAX); + if (r < 0) +@@ -421,6 +423,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text + continue; + + is_before = startswith_no_case(full_text, "X-Start-Before:"); ++ is_wanted = startswith_no_case(full_text, "Required-Start:"); + + if (streq(m, SPECIAL_NETWORK_ONLINE_TARGET) && !is_before) { + /* the network-online target is special, as it needs to be actively pulled in */ +@@ -429,8 +432,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text + return log_oom(); + + r = strv_extend(&s->wants, m); +- } else ++ } else { + r = strv_extend(is_before ? &s->before : &s->after, m); ++ ++ if (is_wanted) ++ r = strv_extend(&s->wants, m); ++ } ++ + if (r < 0) + return log_oom(); + } +-- +2.26.2 + diff --git a/0009-pid1-handle-console-specificities-weirdness-for-s390.patch b/0009-pid1-handle-console-specificities-weirdness-for-s390.patch new file mode 100644 index 00000000..e4984478 --- /dev/null +++ b/0009-pid1-handle-console-specificities-weirdness-for-s390.patch @@ -0,0 +1,60 @@ +From 7fc80ccccaa6f7b98af8bcd899a97d561777ff94 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Fri, 10 Jun 2016 15:19:57 +0200 +Subject: [PATCH 09/12] pid1: handle console specificities/weirdness for s390 + arch + +The 3270 console on S/390 can do color but not the 3215 console. + +Partial forward port of +0001-On_s390_con3270_disable_ANSI_colour_esc.patch from SLE12-SP1. A +bunch of the previous code has been dropped since some changes +imported from upsteam made them uneeded. + +The remaining bits are probably hackish but at least they are now +minimal. + +It was an attempt to address bnc#860937. And yes turning the console +color mode off by passing $TERM=dumb via the kernel command line would +have been much more easier and enough. + +This is actually implemented by recent systemd. There's also another +command line option: systemd.log_color=off. + +See also a short discussion which happened on @systemd-maintainers +whose $subject is "[PATCH] support conmode setting on command line". + +[ fbui: fixes bsc#860937 ] +--- + src/basic/terminal-util.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c +index 6cacde90ba..1a03902acc 100644 +--- a/src/basic/terminal-util.c ++++ b/src/basic/terminal-util.c +@@ -780,7 +780,20 @@ bool tty_is_vc_resolve(const char *tty) { + } + + const char *default_term_for_tty(const char *tty) { +- return tty && tty_is_vc_resolve(tty) ? "linux" : "vt220"; ++ if (tty && tty_is_vc_resolve(tty)) ++ return "linux"; ++ ++#if defined (__s390__) || defined (__s390x__) ++ if (tty && tty_is_console(tty)) { ++ _cleanup_free_ char *mode = NULL; ++ ++ /* Simply return "dumb" in case of OOM. */ ++ (void) proc_cmdline_get_key("conmode", 0, &mode); ++ (void) proc_cmdline_value_missing("conmode", mode); ++ return streq_ptr(mode, "3270") ? "ibm327x" : "dumb"; ++ } ++#endif ++ return "vt220"; + } + + int fd_columns(int fd) { +-- +2.26.2 + diff --git a/0010-journald-disable-audit-support-completely-from-the-j.patch b/0010-journald-disable-audit-support-completely-from-the-j.patch new file mode 100644 index 00000000..a9d3bb66 --- /dev/null +++ b/0010-journald-disable-audit-support-completely-from-the-j.patch @@ -0,0 +1,80 @@ +From aeb4ca8cf65ee8f22cf7635fea2c501c015fc906 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Wed, 29 Jun 2016 17:55:35 +0200 +Subject: [PATCH 10/12] journald: disable audit support completely from the + journal + +This patch not only prevents journald to enable audit system +unconditionally very early at boot but also prevents it to receive +audit messages for the audit netlink and to push them into the +journal. + +The first reason is that when journald enables kernel audit, it does +not disable syscall audit (it doesn't load the audit rules), which +introduced a global performance hit. This can be minimized if audit +service is started but that's not the case for all systems. + +The second reason is that for systems where audit was disabled by +default they will suddenly have audit enabled (unless audit=0 was +already passed to the kernel command line). This means tons of audit +messages will be sent to dmesg, syslog, journal files, etc... + +Note also that audit messages are duplicated in the journal since they +are received both from kmsg and from the audit netlink. A related bug +report can be found here: +https://bugzilla.redhat.com/show_bug.cgi?id=1160046. + +This basically reverts the following upstream commits: + + - 875c2e220e2611165e09051c4747971811f1de58 + - 4d9ced9956755901238fede6fc5a3d7e4e816aa6 + +Upstream issue: +https://github.com/systemd/systemd/issues/959 + +So disable all of this for now until a better option is found or +someone comes up with a real use case. + +Also drop systemd-journald-audit.socket, indeed audit-logs-in-journal 'feature' +has been removed but the socket was still shipped and was statically +enabled. Therefore if auditd service was enabled, incoming messages could be +queued up to 128M and were never read (hence freed) by journald. + +[fbui: fixes bsc#984034] +[fbui: fixes bsc#1109252] +--- + src/journal/journald-server.c | 4 ++-- + units/meson.build | 2 -- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 5865bf9809..14934080cd 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2384,8 +2384,8 @@ int server_init(Server *s, const char *namespace) { + if (r < 0) + return r; + +- /* Unless we got *some* sockets and not audit, open audit socket */ +- if (s->audit_fd >= 0 || no_sockets) { ++ /* Suse: disable audit messages in journal entirely. */ ++ if (false && no_sockets) { + r = server_open_audit(s); + if (r < 0) + return r; +diff --git a/units/meson.build b/units/meson.build +index dadc9432ef..a31acd3b05 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -110,8 +110,6 @@ units = [ + 'sysinit.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], +- ['systemd-journald-audit.socket', '', +- 'sockets.target.wants/'], + ['systemd-journald-dev-log.socket', '', + 'sockets.target.wants/'], + ['systemd-journald.socket', '', +-- +2.26.2 + diff --git a/0011-core-disable-session-keyring-per-system-sevice-entir.patch b/0011-core-disable-session-keyring-per-system-sevice-entir.patch new file mode 100644 index 00000000..a3e1fac1 --- /dev/null +++ b/0011-core-disable-session-keyring-per-system-sevice-entir.patch @@ -0,0 +1,45 @@ +From e5b3d1d00bbdbcb168889699c462bf01b58062a5 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 6 Jul 2017 15:48:10 +0200 +Subject: [PATCH 11/12] core: disable session keyring per system sevice + entirely for now + +Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this +feature has to be disabled. + +openSUSE is still not ready for enabling the keyring stuff (see +bsc#1081947). Some services got fixed (sshd, getty@.service) but some still +haven't (xdm, login, ...) + +So leave it disabled again otherwise different users might end up using the +same session keyring - the one created for the service used for logging in +(sshd, getty@.service, xdm, etc...) + +The integration of pam_keyinit is tracked here: +https://bugzilla.opensuse.org/show_bug.cgi?id=1081947 + +See also: +https://github.com/systemd/systemd/pull/6286 + +[fbui: fixes boo#1045886] +--- + src/core/execute.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 2a4840a3a9..aefd4eaff1 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2779,6 +2779,9 @@ static int setup_keyring( + assert(context); + assert(p); + ++ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */ ++ return 0; ++ + /* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that + * each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond + * that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be +-- +2.26.2 + diff --git a/0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch new file mode 100644 index 00000000..a687aaa0 --- /dev/null +++ b/0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -0,0 +1,53 @@ +From 90d84a96aca84b39f6aabda048703dc7c0e79ef4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 11 Mar 2016 17:06:17 -0500 +Subject: [PATCH 12/12] resolved: create /etc/resolv.conf symlink at runtime + +If the symlink doesn't exists, and we are being started, let's +create it to provie name resolution. + +If it exists, do nothing. In particular, if it is a broken symlink, +we cannot really know if the administator configured it to point to +a location used by some service that hasn't started yet, so we +don't touch it in that case either. + +https://bugzilla.redhat.com/show_bug.cgi?id=1313085 +--- + src/resolve/resolved.c | 6 ++++++ + tmpfiles.d/etc.conf.m4 | 3 --- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c +index 16477f28d6..3922804039 100644 +--- a/src/resolve/resolved.c ++++ b/src/resolve/resolved.c +@@ -53,6 +53,12 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Cannot resolve user name %s: %m", user); + ++ /* As we're root, we can create /etc/resolv.conf symlink if it doesn't exist already */ ++ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); ++ if (r < 0 && errno != EEXIST) ++ log_warning_errno(errno, ++ "Could not create /etc/resolv.conf symlink: %m"); ++ + /* As we're root, we can create the directory where resolv.conf will live */ + r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE); + if (r < 0) +diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 +index f82e0b82ce..66a777bdb2 100644 +--- a/tmpfiles.d/etc.conf.m4 ++++ b/tmpfiles.d/etc.conf.m4 +@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts + m4_ifdef(`HAVE_SMACK_RUN_LABEL', + t /etc/mtab - - - - security.SMACK64=_ + )m4_dnl +-m4_ifdef(`ENABLE_RESOLVE', +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf +-)m4_dnl + C! /etc/nsswitch.conf - - - - + m4_ifdef(`HAVE_PAM', + C! /etc/pam.d - - - - +-- +2.26.2 + diff --git a/systemd-mini.changes b/systemd-mini.changes index 5ac5e11c..371a0590 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Sep 2 10:14:10 UTC 2020 - Franck Bui + +- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446) + + See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for + details. + + Now that the number of SUSE specific patches has been shrinked and + is pretty low (12 at the time of this writing), they are no more + tracked by the git repo and are now handled at the package + level. Hence It is easier to maintain and identify them. This + effectively means that SUSE/v246 will contain upstream commits only. + ------------------------------------------------------------------- Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt diff --git a/systemd-mini.spec b/systemd-mini.spec index 0d078415..1ba306fa 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.51.ga4e393eecb +%define suse_version +suse.20.gf1344d5b7f %bcond_with gnuefi %if 0%{?bootstrap} @@ -55,7 +55,7 @@ Name: systemd-mini URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 245.7 +Version: 246.4 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -159,12 +159,29 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh Source101: scripts-systemd-upgrade-from-pre-210.sh Source102: scripts-systemd-migrate-sysconfig-i18n.sh -# Patches listed in here are put in quarantine. Normally all -# changes must go to upstream first and then are cherry-picked in the -# SUSE git repository. But in very few cases, some stuff might be -# broken in upstream and need an urgent fix. Even in this case, the -# patches are temporary and should be removed as soon as a fix is -# merged by upstream. +# Patches listed below are SUSE specific and should be kept at its +# minimum. We try hard to push our changes to upstream but sometimes +# they are only relevant for SUSE distros. Special rewards for those +# who will manage to get rid of one of them ! +Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch +Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch +Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch +Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch +Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch +Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch +Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch +Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch +Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch +Patch10: 0010-journald-disable-audit-support-completely-from-the-j.patch +Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch +Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch + +# Patches listed below are put in quarantine. Normally all changes +# must go to upstream first and then are cherry-picked in the SUSE git +# repository. But in very few cases, some stuff might be broken in +# upstream and need an urgent fix. Even in this case, the patches are +# temporary and should be removed as soon as a fix is merged by +# upstream. %description Systemd is a system and service manager, compatible with SysV and LSB @@ -604,8 +621,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff +%if %{with sysvcompat} ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel +%endif # Make sure we don't ship static enablement symlinks in /etc during # installation, presets should be honoured instead. @@ -1282,7 +1301,7 @@ fi %{_mandir}/man7/[bdfks]* %{_mandir}/man8/kern* %{_mandir}/man8/pam_* -%{_mandir}/man8/systemd-[a-gik-tv]* +%{_mandir}/man8/systemd-[a-gik-tvx]* %{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-u[ps]* @@ -1359,15 +1378,19 @@ fi /sbin/halt /sbin/shutdown /sbin/poweroff +%if %{with sysvcompat} /sbin/telinit /sbin/runlevel +%endif %{_sbindir}/init %{_sbindir}/reboot %{_sbindir}/halt %{_sbindir}/shutdown %{_sbindir}/poweroff +%if %{with sysvcompat} %{_sbindir}/telinit %{_sbindir}/runlevel +%endif %if ! 0%{?bootstrap} %{_mandir}/man1/init.1* %{_mandir}/man8/halt.8* diff --git a/systemd-v245.7+suse.51.ga4e393eecb.tar.xz b/systemd-v245.7+suse.51.ga4e393eecb.tar.xz deleted file mode 100644 index 815e59f1..00000000 --- a/systemd-v245.7+suse.51.ga4e393eecb.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e0cce0a5990f8ddc03e1dcdb1af7f20331e3e885596710f8a68563882c50d31e -size 6301856 diff --git a/systemd-v246.4+suse.20.gf1344d5b7f.tar.xz b/systemd-v246.4+suse.20.gf1344d5b7f.tar.xz new file mode 100644 index 00000000..56657747 --- /dev/null +++ b/systemd-v246.4+suse.20.gf1344d5b7f.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:707b0dca1d9dd0fa8c8858090b5e14d9741bacda2c4d0a1745707b57b395b254 +size 6548244 diff --git a/systemd.changes b/systemd.changes index 5ac5e11c..371a0590 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Sep 2 10:14:10 UTC 2020 - Franck Bui + +- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446) + + See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for + details. + + Now that the number of SUSE specific patches has been shrinked and + is pretty low (12 at the time of this writing), they are no more + tracked by the git repo and are now handled at the package + level. Hence It is easier to maintain and identify them. This + effectively means that SUSE/v246 will contain upstream commits only. + ------------------------------------------------------------------- Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt diff --git a/systemd.spec b/systemd.spec index d39a85e1..2959619b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.51.ga4e393eecb +%define suse_version +suse.20.gf1344d5b7f %bcond_with gnuefi %if 0%{?bootstrap} @@ -53,7 +53,7 @@ Name: systemd URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 245.7 +Version: 246.4 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -157,12 +157,29 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh Source101: scripts-systemd-upgrade-from-pre-210.sh Source102: scripts-systemd-migrate-sysconfig-i18n.sh -# Patches listed in here are put in quarantine. Normally all -# changes must go to upstream first and then are cherry-picked in the -# SUSE git repository. But in very few cases, some stuff might be -# broken in upstream and need an urgent fix. Even in this case, the -# patches are temporary and should be removed as soon as a fix is -# merged by upstream. +# Patches listed below are SUSE specific and should be kept at its +# minimum. We try hard to push our changes to upstream but sometimes +# they are only relevant for SUSE distros. Special rewards for those +# who will manage to get rid of one of them ! +Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch +Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch +Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch +Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch +Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch +Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch +Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch +Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch +Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch +Patch10: 0010-journald-disable-audit-support-completely-from-the-j.patch +Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch +Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch + +# Patches listed below are put in quarantine. Normally all changes +# must go to upstream first and then are cherry-picked in the SUSE git +# repository. But in very few cases, some stuff might be broken in +# upstream and need an urgent fix. Even in this case, the patches are +# temporary and should be removed as soon as a fix is merged by +# upstream. %description Systemd is a system and service manager, compatible with SysV and LSB @@ -602,8 +619,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff +%if %{with sysvcompat} ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel +%endif # Make sure we don't ship static enablement symlinks in /etc during # installation, presets should be honoured instead. @@ -1280,7 +1299,7 @@ fi %{_mandir}/man7/[bdfks]* %{_mandir}/man8/kern* %{_mandir}/man8/pam_* -%{_mandir}/man8/systemd-[a-gik-tv]* +%{_mandir}/man8/systemd-[a-gik-tvx]* %{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-u[ps]* @@ -1357,15 +1376,19 @@ fi /sbin/halt /sbin/shutdown /sbin/poweroff +%if %{with sysvcompat} /sbin/telinit /sbin/runlevel +%endif %{_sbindir}/init %{_sbindir}/reboot %{_sbindir}/halt %{_sbindir}/shutdown %{_sbindir}/poweroff +%if %{with sysvcompat} %{_sbindir}/telinit %{_sbindir}/runlevel +%endif %if ! 0%{?bootstrap} %{_mandir}/man1/init.1* %{_mandir}/man8/halt.8*