diff --git a/0001-basic-update-CIFS-magic.patch b/0001-basic-update-CIFS-magic.patch new file mode 100644 index 0000000000000000000000000000000000000000..098a4ed18a3c0fe0447009c21843b1a27075636f --- /dev/null +++ b/0001-basic-update-CIFS-magic.patch @@ -0,0 +1,68 @@ +From bbe53713455be38c0a587626439fd171f28c77fc Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sun, 30 Jan 2022 23:40:05 +0100 +Subject: [PATCH] basic: update CIFS magic + +Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and +renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with +SMB2_SUPER_MAGIC. + +This fixes the following build fail on current Fedora Rawhide: +``` +../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: + +Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC +Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC +``` +--- + src/basic/filesystems-gperf.gperf | 4 ++-- + src/basic/missing_magic.h | 11 ++++++++--- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf +index 08c8c44510..e8c5357f91 100644 +--- a/src/basic/filesystems-gperf.gperf ++++ b/src/basic/filesystems-gperf.gperf +@@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} + cgroup2, {CGROUP2_SUPER_MAGIC} + # note that the cgroupfs magic got reassigned from cpuset + cgroup, {CGROUP_SUPER_MAGIC} +-cifs, {CIFS_MAGIC_NUMBER} ++cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} + coda, {CODA_SUPER_MAGIC} + configfs, {CONFIGFS_MAGIC} + cramfs, {CRAMFS_MAGIC} +@@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} + shiftfs, {SHIFTFS_MAGIC} + smackfs, {SMACK_MAGIC} + # smb3 is an alias for cifs +-smb3, {CIFS_MAGIC_NUMBER} ++smb3, {CIFS_SUPER_MAGIC} + # smbfs was removed from the kernel in 2010, the magic remains + smbfs, {SMB_SUPER_MAGIC} + sockfs, {SOCKFS_MAGIC} +diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h +index 7d9320bb6d..c104fcfba3 100644 +--- a/src/basic/missing_magic.h ++++ b/src/basic/missing_magic.h +@@ -38,9 +38,14 @@ + #define XFS_SB_MAGIC 0x58465342 + #endif + +-/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ +-#ifndef CIFS_MAGIC_NUMBER +-#define CIFS_MAGIC_NUMBER 0xFF534D42 ++/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ ++#ifndef CIFS_SUPER_MAGIC ++#define CIFS_SUPER_MAGIC 0xFF534D42 ++#endif ++ ++/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ ++#ifndef SMB2_SUPER_MAGIC ++#define SMB2_SUPER_MAGIC 0xFE534D42 + #endif + + /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ +-- +2.19.1.6.gb485710b + diff --git a/10-oomd-defaults.conf b/10-oomd-defaults.conf new file mode 100644 index 0000000000000000000000000000000000000000..025465712cf742b93d130f858b72d6842ab50c69 --- /dev/null +++ b/10-oomd-defaults.conf @@ -0,0 +1,2 @@ +[OOM] +DefaultMemoryPressureDurationSec=20s diff --git a/10-oomd-root-slice-defaults.conf b/10-oomd-root-slice-defaults.conf new file mode 100644 index 0000000000000000000000000000000000000000..49958e8e0d101487d18ad8575e4b4a575e9b0aac --- /dev/null +++ b/10-oomd-root-slice-defaults.conf @@ -0,0 +1,2 @@ +[Slice] +ManagedOOMSwap=kill diff --git a/10-oomd-user-service-defaults.conf b/10-oomd-user-service-defaults.conf new file mode 100644 index 0000000000000000000000000000000000000000..94d5c87fe052c7860d6d4a065737f1aa8fdcad5a --- /dev/null +++ b/10-oomd-user-service-defaults.conf @@ -0,0 +1,3 @@ +[Service] +ManagedOOMMemoryPressure=kill +ManagedOOMMemoryPressureLimit=50% diff --git a/20-grubby.install b/20-grubby.install new file mode 100755 index 0000000000000000000000000000000000000000..e059125be5a1fa1ffd5b289c417deda099af1d16 --- /dev/null +++ b/20-grubby.install @@ -0,0 +1,51 @@ +#!/bin/bash + +if [[ ! -x /sbin/new-kernel-pkg ]]; then + exit 0 +fi + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" +[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" +case "$COMMAND" in + add) + if [[ "${KERNEL_DIR}" != "/boot" ]]; then + for i in \ + "$KERNEL_IMAGE" \ + "$KERNEL_DIR"/System.map \ + "$KERNEL_DIR"/config \ + "$KERNEL_DIR"/zImage.stub \ + "$KERNEL_DIR"/dtb \ + ; do + [[ -e "$i" ]] || continue + cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" + command -v restorecon &>/dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + ;; + remove) + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + ;; + *) + ;; +esac + +# skip other installation plugins, if we can't find a boot loader spec conforming setup +if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then + exit 77 +fi diff --git a/20-yama-ptrace.conf b/20-yama-ptrace.conf new file mode 100644 index 0000000000000000000000000000000000000000..4fbaf97ca6993db067c8cc114e1ba16bfd77421b --- /dev/null +++ b/20-yama-ptrace.conf @@ -0,0 +1,42 @@ +# The ptrace system call is used for interprocess services, +# communication and introspection (like synchronisation, signaling, +# debugging, tracing and profiling) of processes. +# +# Usage of ptrace is restricted by normal user permissions. Normal +# unprivileged processes cannot use ptrace on processes that they +# cannot send signals to or processes that are running set-uid or +# set-gid. Nevertheless, processes running under the same uid will +# usually be able to ptrace one another. +# +# Fedora enables the Yama security mechanism which restricts ptrace +# even further. Sysctl setting kernel.yama.ptrace_scope can have one +# of the following values: +# +# 0 - Normal ptrace security permissions. +# 1 - Restricted ptrace. Only child processes plus normal permissions. +# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. +# 3 - No attach. No process may call ptrace at all. Irrevocable. +# +# For more information see Documentation/security/Yama.txt in the +# kernel sources. +# +# The default is 1., which allows tracing of child processes, but +# forbids tracing of arbitrary processes. This allows programs like +# gdb or strace to work when the most common way of having the +# debugger start the debuggee is used: +# gdb /path/to/program ... +# Attaching to already running programs is NOT allowed: +# gdb -p ... +# This default setting is suitable for the common case, because it +# reduces the risk that one hacked process can be used to attack other +# processes. (For example, a hacked firefox process in a user session +# will not be able to ptrace the keyring process and extract passwords +# stored only in memory.) +# +# Developers and administrators might want to disable those protections +# to be able to attach debuggers to existing processes. Use +# sysctl kernel.yama.ptrace_scope=0 +# for change the setting temporarily, or copy this file to +# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. + +kernel.yama.ptrace_scope = 0 diff --git a/inittab b/inittab new file mode 100644 index 0000000000000000000000000000000000000000..3f5e83c349d65aaa82128e220b95d331d745791b --- /dev/null +++ b/inittab @@ -0,0 +1,16 @@ +# inittab is no longer used. +# +# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. +# +# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target +# +# systemd uses 'targets' instead of runlevels. By default, there are two main targets: +# +# multi-user.target: analogous to runlevel 3 +# graphical.target: analogous to runlevel 5 +# +# To view current default target, run: +# systemctl get-default +# +# To set a default target, run: +# systemctl set-default TARGET.target diff --git a/libsystemd-shared.abignore b/libsystemd-shared.abignore new file mode 100644 index 0000000000000000000000000000000000000000..e412d8ba99790be7505d224b6f1edbe40ccf93d0 --- /dev/null +++ b/libsystemd-shared.abignore @@ -0,0 +1,3 @@ +[suppress_file] +# This shared object is private to systemd +file_name_regexp=libsystemd-shared-.*.so diff --git a/macros.sysusers b/macros.sysusers new file mode 100644 index 0000000000000000000000000000000000000000..d8d8c1d58d70c7a8250091fe0980ada807863963 --- /dev/null +++ b/macros.sysusers @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/purge-nobody-user b/purge-nobody-user new file mode 100755 index 0000000000000000000000000000000000000000..66404fea9550f2bdf5bca3f76fd7d6327f93d2d8 --- /dev/null +++ b/purge-nobody-user @@ -0,0 +1,101 @@ +#!/bin/bash -eu + +if [ $UID -ne 0 ]; then + echo "WARNING: This script needs to run as root to be effective" + exit 1 +fi + +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 + +if [ "${1:-}" = "--ignore-journal" ]; then + shift + ignore_journal=1 +else + ignore_journal=0 +fi + +echo "Checking processes..." +if ps h -u 99 | grep .; then + echo "ERROR: ps reports processes with UID 99!" + exit 2 +fi +echo "... not found" + +echo "Checking UTMP..." +if w -h 199 | grep . ; then + echo "ERROR: w reports UID 99 as active!" + exit 2 +fi +if w -h nobody | grep . ; then + echo "ERROR: w reports user nobody as active!" + exit 2 +fi +echo "... not found" + +echo "Checking the journal..." +if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then + echo "ERROR: journalctl reports messages from UID 99 in current boot!" + exit 2 +fi +echo "... not found" + +echo "Looking for files in /etc, /run, /tmp, and /var..." +if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then + echo "ERROR: found files belonging to UID 99" + exit 2 +fi +echo "... not found" + +echo "Checking if nobody is defined correctly..." +if getent passwd nobody | + grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; +then + echo "OK, nothing to do." + exit 0 +else + echo "NOTICE: User nobody is not defined correctly" +fi + +echo "Checking if nfsnobody or something else is using the uid..." +if getent passwd 65534 | grep . ; then + echo "NOTICE: will have to remove this user" +else + echo "... not found" +fi + +if [ "${1:-}" = "-x" ]; then + if getent passwd nobody >/dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/split-files.py b/split-files.py new file mode 100644 index 0000000000000000000000000000000000000000..9614c074e24136054fd69b9258356be4ad0f6b65 --- /dev/null +++ b/split-files.py @@ -0,0 +1,172 @@ +import re, sys, os, collections + +buildroot = sys.argv[1] +known_files = sys.stdin.read().splitlines() +known_files = {line.split()[-1]:line for line in known_files} + +def files(root): + os.chdir(root) + todo = collections.deque(['.']) + while todo: + n = todo.pop() + files = os.scandir(n) + for file in files: + yield file + if file.is_dir() and not file.is_symlink(): + todo.append(file) + +o_libs = open('.file-list-libs', 'w') +o_udev = open('.file-list-udev', 'w') +o_pam = open('.file-list-pam', 'w') +o_rpm_macros = open('.file-list-rpm-macros', 'w') +o_devel = open('.file-list-devel', 'w') +o_container = open('.file-list-container', 'w') +o_networkd = open('.file-list-networkd', 'w') +o_oomd_defaults = open('.file-list-oomd-defaults', 'w') +o_remote = open('.file-list-remote', 'w') +o_resolve = open('.file-list-resolve', 'w') +o_tests = open('.file-list-tests', 'w') +o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') +o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') +o_rest = open('.file-list-rest', 'w') +for file in files(buildroot): + n = file.path[1:] + if re.match(r'''/usr/(share|include)$| + /usr/share/man(/man.|)$| + /usr/share/zsh(/site-functions|)$| + /usr/share/dbus-1$| + /usr/share/dbus-1/system.d$| + /usr/share/dbus-1/(system-|)services$| + /usr/share/polkit-1(/actions|/rules.d|)$| + /usr/share/pkgconfig$| + /usr/share/bash-completion(/completions|)$| + /usr(/lib|/lib64|/bin|/sbin|)$| + /usr/lib.*/(security|pkgconfig)$| + /usr/lib/rpm(/macros.d|)$| + /usr/lib/firewalld(/services|)$| + /usr/share/(locale|licenses|doc)| # no $ + /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| + /etc/(dnf|dnf/protected.d)$| + /usr/(src|lib/debug)| # no $ + /run$| + /var(/cache|/log|/lib|/run|)$ + ''', n, re.X): + continue + if '/security/pam_' in n or '/man8/pam_' in n: + o = o_pam + elif '/rpm/' in n: + o = o_rpm_macros + elif '/usr/lib/systemd/tests' in n: + o = o_tests + elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? + + systemd-journal-gatewayd + Journal Gateway Service + + diff --git a/systemd-journal-remote.xml b/systemd-journal-remote.xml new file mode 100644 index 0000000000000000000000000000000000000000..e115a12a2affd5a6f6d09ae3a3294db9020ea140 --- /dev/null +++ b/systemd-journal-remote.xml @@ -0,0 +1,6 @@ + + + systemd-journal-remote + Journal Remote Sink + + diff --git a/systemd-udev-trigger-no-reload.conf b/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000000000000000000000000000000000000..c8794272585269bcfc002e6d3dfd1ae30e99ed19 --- /dev/null +++ b/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000000000000000000000000000000000000..c4c427f2c31ece0193400d05b4c152bd7a794bed --- /dev/null +++ b/systemd-user @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session required pam_namespace.so +session include system-auth diff --git a/systemd.spec b/systemd.spec new file mode 100644 index 0000000000000000000000000000000000000000..b81e8c9bc0d0663736e0bb48840912c6e60d04d2 --- /dev/null +++ b/systemd.spec @@ -0,0 +1,866 @@ +%define anolis_release 1 +%global __requires_exclude pkg-config + +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user + +%global elf_bits (64bit) +%global elf_suffix ()%{elf_bits} + +# Bootstrap may be needed to break circular dependencies with cryptsetup, +# e.g. when re-building cryptsetup on a json-c SONAME-bump. +%bcond_with bootstrap +%bcond_without tests +%bcond_without lto + +# Support for quick builds with rpmbuild --build-in-place. +# See README.build-in-place. +%bcond_with inplace + +Name: systemd +Url: https://www.freedesktop.org/wiki/Software/systemd +Version: 250 +Release: %{anolis_release}%{?dist} +License: LGPLv2+ and MIT and GPLv2+ +Summary: System and Service Manager +Source0: https://github.com/systemd/systemd/archive/refs/tags/%{name}-%{version}.tar.gz + +# This file must be available before %%prep. +# It is generated during systemd build and can be found in build/src/core/. +Source1: triggers.systemd +Source2: split-files.py +Source3: purge-nobody-user + +# Prevent accidental removal of the systemd package +Source4: yum-protect-systemd.conf + +Source5: inittab +Source6: sysctl.conf.README +Source7: systemd-journal-remote.xml +Source8: systemd-journal-gatewayd.xml +Source9: 20-yama-ptrace.conf +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: libsystemd-shared.abignore + +Source14: 10-oomd-defaults.conf +Source15: 10-oomd-root-slice-defaults.conf +Source16: 10-oomd-user-service-defaults.conf + +Source21: macros.sysusers +Source22: sysusers.attr +Source23: sysusers.prov +Source24: sysusers.generate-pre.sh + +Patch1: 0001-basic-update-CIFS-magic.patch + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: clang +BuildRequires: coreutils +BuildRequires: libcap-devel +BuildRequires: libmount-devel +BuildRequires: libfdisk-devel +BuildRequires: libpwquality-devel +BuildRequires: pam-devel +BuildRequires: libselinux-devel +BuildRequires: audit-libs-devel +%if %{without bootstrap} +BuildRequires: cryptsetup-devel +%endif +BuildRequires: dbus-devel +BuildRequires: /usr/sbin/sfdisk +BuildRequires: /usr/bin/getfacl +BuildRequires: libacl-devel +BuildRequires: gobject-introspection-devel +BuildRequires: libblkid-devel +BuildRequires: xz-devel +BuildRequires: xz +BuildRequires: lz4-devel +BuildRequires: lz4 +BuildRequires: bzip2-devel +BuildRequires: libzstd-devel +BuildRequires: libidn2-devel +BuildRequires: libcurl-devel +BuildRequires: kmod-devel +BuildRequires: elfutils-devel +BuildRequires: openssl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libgpg-error-devel +BuildRequires: gnutls-devel +BuildRequires: qrencode-devel +BuildRequires: libmicrohttpd-devel +BuildRequires: libxkbcommon-devel +BuildRequires: iptables-devel +BuildRequires: pkgconfig(libfido2) +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(tss2-rc) +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: pkgconfig(libbpf) +BuildRequires: bpftool +BuildRequires: systemtap-sdt-devel +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +BuildRequires: pkgconfig +BuildRequires: gperf +BuildRequires: gawk +BuildRequires: tree +BuildRequires: hostname +BuildRequires: python3dist(lxml) +BuildRequires: python3dist(jinja2) +BuildRequires: firewalld-filesystem +BuildRequires: gnu-efi gnu-efi-devel +BuildRequires: libseccomp-devel +BuildRequires: meson >= 0.43 +BuildRequires: gettext +# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +BuildRequires: valgrind-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: perl +BuildRequires: perl(IPC::SysV) + +Requires(post): coreutils +Requires(post): grep +# systemd-machine-id-setup requires libssl +Requires(post): openssl-libs +Requires: dbus >= 1.9.18 +Requires: %{name}-pam = %{version}-%{release} +Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: %{name}-libs = %{version}-%{release} +Recommends: %{name}-networkd = %{version}-%{release} +Recommends: %{name}-resolved = %{version}-%{release} +Recommends: diffutils +Requires: (util-linux-core or util-linux) +Recommends: libxkbcommon%{?_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +Obsoletes: systemd-sysv < 206 +Obsoletes: %{name} < 249~~ +Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 +Obsoletes: timedatex < 0.6-3 +Provides: timedatex = 0.6-3 +Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ +Obsoletes: %{name}-standalone-sysusers < %{version}-%{release}^ + +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +Recommends: libidn2.so.0%{?elf_suffix} +Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Recommends: libpcre2-8.so.0%{?elf_suffix} +Recommends: libpwquality.so.1%{?elf_suffix} +Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} +Recommends: libqrencode.so.4%{?elf_suffix} +Recommends: libbpf.so.0%{?elf_suffix} +Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} + +# used by systemd-coredump and systemd-analyze +Recommends: libdw.so.1%{?elf_suffix} +Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} +Recommends: libelf.so.1%{?elf_suffix} +Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} + +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} + +%description +systemd is a system and service manager that runs as PID 1 and starts the rest +of the system. It provides aggressive parallelization capabilities, uses socket +and D-Bus activation for starting services, offers on-demand starting of +daemons, keeps track of processes using Linux control groups, maintains mount +and automount points, and implements an elaborate transactional dependency-based +service control logic. systemd supports SysV and LSB init scripts and works as a +replacement for sysvinit. Other parts of this package are a logging daemon, +utilities to control basic system configuration like the hostname, date, locale, +maintain a list of logged-in users, system accounts, runtime directories and +settings, and a logging daemons. + +%package libs +Summary: systemd libraries +License: LGPLv2+ and MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 + +%description libs +Libraries for systemd and udev. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package rpm-macros +Summary: Macros that define paths and scriptlets related to systemd +BuildArch: noarch + +%description rpm-macros +Just the definitions of rpm macros. + +%package devel +Summary: Development headers for systemd +License: LGPLv2+ and MIT +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 +Requires: %{name}-pam = %{version}-%{release} + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package udev +Summary: Rule-based device node and kernel event manager +License: LGPLv2+ + +Requires: systemd%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +Obsoletes: systemd < 245.6-1 +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 + +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} + +# used by systemd-coredump and systemd-analyze +Recommends: libdw.so.1%{?elf_suffix} +Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} +Recommends: libelf.so.1%{?elf_suffix} +Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} + +# used by home, cryptsetup, cryptenroll +Recommends: libfido2.so.1%{?elf_suffix} +Recommends: libtss2-esys.so.0%{?elf_suffix} +Recommends: libtss2-mu.so.0%{?elf_suffix} +Recommends: libtss2-rc.so.0%{?elf_suffix} + +Suggests: systemd-bootchart +Requires: kbd + +Provides: u2f-hidraw-policy = 1.0.2-40 +Obsoletes: u2f-hidraw-policy < 1.0.2-40 + +%description udev +This package contains systemd-udev and the rules and hardware database needed to +manage device nodes. This package is necessary on physical machines and in +virtual machines, but not in containers. + +This package also provides systemd-timesyncd, a network time protocol daemon. + +It also contains tools to manage encrypted home areas and secrets bound to the +machine, and to create or grow partitions and make file systems automatically. + +%package container +# Name is the same as in Debian +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Obsoletes: %{name} < 229-5 +License: LGPLv2+ + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains systemd-nspawn, machinectl, systemd-machined, and +systemd-importd. + +%package journal-remote +# Name is the same as in Debian +Summary: Tools to send journal events over the network +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires: firewalld-filesystem +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 + +%description journal-remote +Programs to forward journal entries over the network, using encrypted HTTP, and +to write journal files from serialized journal contents. + +This package contains systemd-journal-gatewayd, systemd-journal-remote, and +systemd-journal-upload. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Obsoletes: systemd < 246.6-2 + +%description networkd +systemd-networkd is a system service that manages networks. It detects and +configures network devices as they appear, as well as creating virtual network +devices. + +%package resolved +Summary: Network Name Resolution manager +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name} < 249~~ +Requires: libidn2.so.0%{?elf_suffix} +Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Requires(posttrans): grep + +%description resolved +systemd-resolved is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package oomd-defaults +Summary: Configuration files for systemd-oomd +Requires: %{name} = %{version}-%{release} +License: LGPLv2+ +BuildArch: noarch + +%description oomd-defaults +A set of drop-in files for systemd units to enable action from systemd-oomd, +a userspace out-of-memory (OOM) killer. + +%package tests +Summary: Internal unit tests for systemd +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ + +%description tests +"Installed tests" that are usually run as part of the build system. They can be +useful to test systemd internals. + +%package standalone-tmpfiles +Summary: Standalone tmpfiles binary for use in non-systemd systems +RemovePathPostfixes: .standalone + +%description standalone-tmpfiles +Standalone tmpfiles binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. + +%package standalone-sysusers +Summary: Standalone sysusers binary for use in non-systemd systems +RemovePathPostfixes: .standalone + +%description standalone-sysusers +Standalone sysusers binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. + +%prep +%autosetup -n %{name}-%{version} -p1 + +test -f src/login/systemd-user.in +cp %{SOURCE12} src/login/systemd-user.in + +%build +%define ntpvendor %(source /etc/os-release; echo ${ID}) +%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} + +CONFIGURE_OPTS=( + -Dmode=release + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' + -Ddns-servers= + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin + -Dservice-watchdog= + -Ddev-kvm-mode=0666 + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dfdisk=true + -Dseccomp=true + -Dima=true + -Dselinux=true + -Dbpf-framework=true + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dzstd=true + -Dpam=true + -Dacl=true + -Dsmack=true + -Dopenssl=true + -Dcryptolib=openssl + -Dp11kit=true + -Dgcrypt=true + -Daudit=true + -Delfutils=true + -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] + -Delfutils=true + -Dpwquality=true + -Dqrencode=true + -Dgnutls=true + -Dmicrohttpd=true + -Dlibidn2=true + -Dlibiptc=false + -Dlibcurl=true + -Dlibfido2=true + -Defi=true + -Dgnu-efi="true" + -Dtpm=true + -Dtpm2=true + -Dhwdb=true + -Dsysusers=true + -Dstandalone-binaries=true + -Ddefault-kill-user-processes=false + -Dtests=unsafe + -Dinstall-tests=true + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dcompat-mutable-uid-boundaries=true + -Dsplit-usr=false + -Dsplit-bin=true + -Db_lto=%[%{with lto}?"true":"false"] + -Db_ndebug=false + -Dman=true + -Dversion-tag=v%{version}-%{release} + -Dfallback-hostname=%[0%{?anolis}?"anolis":"localhost"] + -Ddefault-dnssec=no + -Ddefault-dns-over-tls=opportunistic + -Ddefault-mdns=no + -Ddefault-llmnr=resolve + -Dstatus-unit-format-default=combined + -Doomd=true + -Dadm-gid=4 + -Daudio-gid=63 + -Dcdrom-gid=11 + -Ddialout-gid=18 + -Ddisk-gid=6 + -Dinput-gid=104 + -Dkmem-gid=9 + -Dkvm-gid=36 + -Dlp-gid=7 + -Drender-gid=105 + -Dsgx-gid=106 + -Dtape-gid=33 + -Dtty-gid=5 + -Dusers-gid=100 + -Dutmp-gid=22 + -Dvideo-gid=39 + -Dwheel-gid=10 + -Dsystemd-journal-gid=190 + -Dsystemd-network-uid=192 + -Dsystemd-resolve-uid=193 +) + +%if %{without lto} +%global _lto_cflags %nil +%endif + +# Do configuration. If doing an inplace build, try to do +# reconfiguration to pick up new options. +%if %{with inplace} + command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } + + [ -e %{_vpath_builddir}/build.ninja ] && + %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || +%endif +{ %meson "${CONFIGURE_OPTS[@]}"; } + +%meson_build + +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi + +%install +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} + +# /etc/sysctl.conf compat +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/log/lastlog +chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog +touch %{buildroot}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync +ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock +touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} + +# Install additional docs +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} + +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || : + +oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) + +if [ "$oomd_state" == "active" ]; then + systemctl stop -q systemd-oomd 2>/dev/null || : +fi + +systemctl daemon-reexec &>/dev/null || { + if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then + kill -TERM 1 &>/dev/null || : + fi +} + +if [ "$oomd_state" == "active" ]; then + systemctl start -q systemd-oomd 2>/dev/null || : +fi + +[ $1 -eq 1 ] || exit 0 + +# create /var/log/journal only on initial installation, +# and only if it's writable (it won't be in rpm-ostree). +[ -w %{_localstatedir} ] && mkdir -p %{_localstatedir}/log/journal + +[ -w %{_localstatedir} ] && journalctl --update-catalog || : +systemd-sysusers || : +systemd-tmpfiles --create &>/dev/null || : + +systemctl preset-all &>/dev/null || : +systemctl --global preset-all &>/dev/null || : + +%postun +if [ $1 -eq 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + systemd-tmpfiles --create &>/dev/null || : +fi + +%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service + +%triggerun resolved -- systemd < 246.1-1 +systemctl --no-reload preset systemd-resolved.service &>/dev/null || : + +if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then + systemctl -q is-enabled NetworkManager.service 2>/dev/null && \ + ! test -L /etc/resolv.conf 2>/dev/null && \ + ! mountpoint /etc/resolv.conf &>/dev/null && \ + grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \ + echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \ + mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \ + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || : + + systemctl start systemd-resolved.service &>/dev/null || : +fi + +%triggerpostun -- systemd < 247.3-2 +systemctl --no-reload preset systemd-oomd.service &>/dev/null || : + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service systemd-boot-update.service + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null +if [ -L %{_localstatedir}/lib/systemd/timesync ]; then + rm %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync +fi +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then + mkdir -p %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. +fi + +udevadm hwdb --update &>/dev/null + +%systemd_post %udev_services + +# Try to save the random seed, but don't complain if /dev/urandom is unavailable +/usr/lib/systemd/systemd-random-seed save 2>&1 | \ + grep -v 'Failed to open /dev/urandom' || : + +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +%preun udev +%systemd_preun %udev_services + +%postun udev +%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service + + +%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service +%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket +%post journal-remote +%systemd_post %journal_remote_units_restart %journal_remote_units_norestart +%firewalld_reload + +%preun journal-remote +%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart +if [ $1 -eq 1 ] ; then + if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then + mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload + mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. + rmdir %{_localstatedir}/lib/systemd/journal-upload || : + fi +fi + +%postun journal-remote +%systemd_postun_with_restart %journal_remote_units_restart +%firewalld_reload + +%post networkd +if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then + echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." +else + %systemd_post systemd-networkd.service systemd-networkd-wait-online.service +fi + +%preun networkd +%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : + if [ -L /etc/resolv.conf ] && \ + realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f /etc/resolv.conf # no longer useful + # if network manager is enabled, move to it instead + [ -f /run/NetworkManager/resolv.conf ] && \ + systemctl -q is-enabled NetworkManager.service &>/dev/null && \ + ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf + fi +fi + +%post resolved +[ $1 -gt 1 ] && exit 0 + +if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then + echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." + exit 0 +fi + +%systemd_post systemd-resolved.service + +%posttrans resolved +# Create /etc/resolv.conf symlink. +if systemctl -q is-enabled systemd-resolved.service &>/dev/null && + ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | + grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then + + if ! test -e /etc/resolv.conf && ! test -L /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + elif test -d /run/systemd/system/ && + ! mountpoint /etc/resolv.conf &>/dev/null; then + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + fi +fi + +%global _docdir_fmt %{name} + +%files -f %{name}.lang -f .file-list-rest +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE* +# Only the licenses texts for the licenses in License line are included. +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%license LICENSES/MIT.txt +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0700,-,-) /var/lib/portables +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%files libs -f .file-list-libs +%license LICENSE.LGPL2.1 + +%files pam -f .file-list-pam + +%files rpm-macros -f .file-list-rpm-macros + +%files resolved -f .file-list-resolve + +%files devel -f .file-list-devel + +%files udev -f .file-list-udev + +%files container -f .file-list-container +%ghost %dir %attr(0700,-,-) /var/lib/machines + +%files journal-remote -f .file-list-remote + +%files networkd -f .file-list-networkd + +%files oomd-defaults -f .file-list-oomd-defaults + +%files tests -f .file-list-tests + +%files standalone-tmpfiles -f .file-list-standalone-tmpfiles + +%files standalone-sysusers -f .file-list-standalone-sysusers + +%changelog +* Thu Mar 03 2022 Chunmei Xu - 250-1 +- init from upstream v250 +- fix build failed with "found unknown filesystem(s) defined in kernel headers" diff --git a/sysusers.attr b/sysusers.attr new file mode 100644 index 0000000000000000000000000000000000000000..367c1378eda4c439246c3338afbd1db1b2615f59 --- /dev/null +++ b/sysusers.attr @@ -0,0 +1,2 @@ +%__sysusers_provides %{_rpmconfigdir}/sysusers.prov +%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh new file mode 100755 index 0000000000000000000000000000000000000000..fd9938d72d89f142cb876a50318a9a9a5c0a2052 --- /dev/null +++ b/sysusers.generate-pre.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# This script turns sysuser.d files into scriptlets mandated by Fedora +# packaging guidelines. The general idea is to define users using the +# declarative syntax but to turn this into traditional scriptlets. + +user() { + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" + + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin + + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat </dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' +EOF + else + cat </dev/null ; then + if ! getent passwd '$uid' >/dev/null ; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + else + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + fi +fi + +EOF + fi +} + +group() { + group="$1" + gid="$2" + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group '$group' >/dev/null || groupadd -r '$group' + EOF + else + cat <<-EOF + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' + EOF + fi +} + +parse() { + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + # TODO: user:group support + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[2]}" + ;; + esac + done +} + +for fn in "$@"; do + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" +done diff --git a/sysusers.prov b/sysusers.prov new file mode 100755 index 0000000000000000000000000000000000000000..f12e9292e0933ad7b0106714554ab6f36f9a1731 --- /dev/null +++ b/sysusers.prov @@ -0,0 +1,61 @@ +#!/bin/bash + +process_u() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Single shared static ID. + echo "user($1) = $2" + echo "group($1) = $2" + elif [[ $2 == *:* ]]; then + # UID:. + uid=$(echo $2 | cut -d':' -f1 -) + group=$(echo $2 | cut -d':' -f2 -) + if [ ! -z "${group##*[!0-9]*}" ]; then + # UID:GID. + echo "user($1) = ${uid}" + echo "group($1) = ${group}" + else + # UID:. + echo "user($1) = ${uid}" + echo "group(${group})" + fi + else + # Dynamic (or something else uninteresting). + echo "user($1)" + echo "group($1)" + fi +} + +process_g() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Static GID. + echo "group($1) = $2" + else + # Dynamic (or something else uninteresting). + echo "group($1)" + fi +} + +parse() { + while read line; do + [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue + line="${line## *}" + [ -z "$line" ] && continue + set -- $line + case "$1" in + ('u') + process_u "$2" "$3" + ;; + ('g') + process_g "$2" "$3" + ;; + ('m') + echo "user($2)" + echo "group($3)" + ;; + esac + done +} + +while read fn; do + parse < "$fn" +done diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000000000000000000000000000000000000..592903523ed926deb10a08209cd58fc82ea26cbf --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,105 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload-restart || : +fi + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload || : +fi + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-restart || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d "/run/systemd/system"; then + systemd-sysusers || : +fi + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d "/run/systemd/system"; then + systemd-hwdb update || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +if test -d "/run/systemd/system"; then + journalctl --update-catalog || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000000000000000000000000000000000000..39426d77900fc74cd78856e4b8f66245efe905a6 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev