diff --git a/0012-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/0012-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch deleted file mode 100644 index 5bbf0546fcf6536589e09bbd2e1c80427037cf9b..0000000000000000000000000000000000000000 --- a/0012-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From f58c5ced373c2532b5cc44ba2e0c3a28b41472f2 Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Tue, 15 May 2018 09:24:20 +0200 -Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's - will - -Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather -adds an After relationship. - -Resolves: #1578772 ---- - src/core/unit.c | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 2b86fdedfd..2c804c8486 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1090,13 +1090,14 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { - } - - if (c->private_tmp) { -- const char *p; - -- FOREACH_STRING(p, "/tmp", "/var/tmp") { -- r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE); -- if (r < 0) -- return r; -- } -+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return r; -+ -+ r = unit_require_mounts_for(u, "/var/tmp", UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return r; - - r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE); - if (r < 0) --- -2.23.0 - diff --git a/0013-sd-bus-properly-initialize-containers.patch b/0012-sd-bus-properly-initialize-containers.patch similarity index 100% rename from 0013-sd-bus-properly-initialize-containers.patch rename to 0012-sd-bus-properly-initialize-containers.patch diff --git a/0014-Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/0013-Revert-core-one-step-back-again-for-nspawn-we-actual.patch similarity index 100% rename from 0014-Revert-core-one-step-back-again-for-nspawn-we-actual.patch rename to 0013-Revert-core-one-step-back-again-for-nspawn-we-actual.patch diff --git a/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/0014-journal-don-t-enable-systemd-journald-audit.socket-b.patch similarity index 100% rename from 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch rename to 0014-journal-don-t-enable-systemd-journald-audit.socket-b.patch diff --git a/0016-systemd-change-time-log-level.patch b/0015-systemd-change-time-log-level.patch similarity index 100% rename from 0016-systemd-change-time-log-level.patch rename to 0015-systemd-change-time-log-level.patch diff --git a/0017-fix-capsh-drop-but-ping-success.patch b/0016-fix-capsh-drop-but-ping-success.patch similarity index 100% rename from 0017-fix-capsh-drop-but-ping-success.patch rename to 0016-fix-capsh-drop-but-ping-success.patch diff --git a/0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0017-resolved-create-etc-resolv.conf-symlink-at-runtime.patch similarity index 88% rename from 0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch rename to 0017-resolved-create-etc-resolv.conf-symlink-at-runtime.patch index 1ab3033eb492ee4fcc4bbce4eb640f103be7a120..21ba7904cc4904cd665b22a552339607e2037f5e 100644 --- a/0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ b/0017-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -14,7 +14,7 @@ don't touch it in that case either. https://bugzilla.redhat.com/show_bug.cgi?id=1313085 --- src/resolve/resolved.c | 5 +++++ - tmpfiles.d/etc.conf.m4 | 3 --- + tmpfiles.d/etc.conf.in | 3 --- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c @@ -33,19 +33,19 @@ index 50989a6b0a..95a51a574a 100644 /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */ r = drop_privileges(uid, gid, (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ -diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 +diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in index f82e0b82ce..66a777bdb2 100644 ---- a/tmpfiles.d/etc.conf.m4 -+++ b/tmpfiles.d/etc.conf.m4 +--- a/tmpfiles.d/etc.conf.in ++++ b/tmpfiles.d/etc.conf.in @@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts - m4_ifdef(`HAVE_SMACK_RUN_LABEL', + {% if HAVE_SMACK_RUN_LABEL %} t /etc/mtab - - - - security.SMACK64=_ - )m4_dnl --m4_ifdef(`ENABLE_RESOLVE', + {% endif %} +-{% if ENABLE_RESOLVE %} -L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf --)m4_dnl +-{% endif %} C! /etc/nsswitch.conf - - - - - m4_ifdef(`HAVE_PAM', + {% if HAVE_PAM %} C! /etc/pam.d - - - - -- 2.23.0 diff --git a/0019-core-serialize-u-pids-until-the-processes-have-been-.patch b/0019-core-serialize-u-pids-until-the-processes-have-been-.patch deleted file mode 100644 index c71b9aecb40292d3942b9d3e726cde3238310e0a..0000000000000000000000000000000000000000 --- a/0019-core-serialize-u-pids-until-the-processes-have-been-.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 428a9f6f1d0396b9eacde2b38d667cbe3f15eb55 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Mon, 16 Nov 2020 15:12:21 +0100 -Subject: [PATCH] core: serialize u->pids until the processes have been moved - to the scope cgroup - -Otherwise if a daemon-reload happens somewhere between the enqueue of the job -start for the scope unit and scope_start() then u->pids might be lost and none -of the processes specified by "PIDs=" will be moved into the scope cgroup. ---- - src/core/scope.c | 37 +++++++++++++++++++++++++++++++++++-- - 1 file changed, 35 insertions(+), 2 deletions(-) - -diff --git a/src/core/scope.c b/src/core/scope.c -index a4db272f93..a372f8d726 100644 ---- a/src/core/scope.c -+++ b/src/core/scope.c -@@ -8,6 +8,7 @@ - #include "dbus-unit.h" - #include "load-dropin.h" - #include "log.h" -+#include "process-util.h" - #include "scope.h" - #include "serialize.h" - #include "special.h" -@@ -235,8 +236,18 @@ static int scope_coldplug(Unit *u) { - if (r < 0) - return r; - -- if (!IN_SET(s->deserialized_state, SCOPE_DEAD, SCOPE_FAILED)) -- (void) unit_enqueue_rewatch_pids(u); -+ if (!IN_SET(s->deserialized_state, SCOPE_DEAD, SCOPE_FAILED)) { -+ if (u->pids) { -+ void *pidp; -+ -+ SET_FOREACH(pidp, u->pids) { -+ r = unit_watch_pid(u, PTR_TO_PID(pidp), false); -+ if (r < 0 && r != -EEXIST) -+ return r; -+ } -+ } else -+ (void) unit_enqueue_rewatch_pids(u); -+ } - - bus_scope_track_controller(s); - -@@ -366,6 +377,10 @@ static int scope_start(Unit *u) { - return r; - } - -+ /* Now u->pids have been moved into the scope cgroup, it's not needed -+ * anymore. */ -+ u->pids = set_free(u->pids); -+ - s->result = SCOPE_SUCCESS; - - scope_set_state(s, SCOPE_RUNNING); -@@ -427,6 +442,7 @@ static int scope_get_timeout(Unit *u, usec_t *timeout) { - - static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { - Scope *s = SCOPE(u); -+ void *pidp; - - assert(s); - assert(f); -@@ -438,6 +454,9 @@ static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { - if (s->controller) - (void) serialize_item(f, "controller", s->controller); - -+ SET_FOREACH(pidp, u->pids) -+ serialize_item_format(f, "pids", PID_FMT, PTR_TO_PID(pidp)); -+ - return 0; - } - -@@ -473,6 +492,20 @@ static int scope_deserialize_item(Unit *u, const char *key, const char *value, F - if (r < 0) - return log_oom(); - -+ } else if (streq(key, "pids")) { -+ pid_t pid; -+ -+ if (parse_pid(value, &pid) < 0) -+ log_unit_debug(u, "Failed to parse pids value: %s", value); -+ else { -+ r = set_ensure_allocated(&u->pids, NULL); -+ if (r < 0) -+ return r; -+ -+ r = set_put(u->pids, PID_TO_PTR(pid)); -+ if (r < 0) -+ return r; -+ } - } else - log_unit_debug(u, "Unknown serialization key: %s", key); - --- -2.23.0 - diff --git a/0019-journald-enforce-longer-line-length-limit-during-set.patch b/0019-journald-enforce-longer-line-length-limit-during-set.patch deleted file mode 100644 index bb907887e243f0905148416213638891a0588f53..0000000000000000000000000000000000000000 --- a/0019-journald-enforce-longer-line-length-limit-during-set.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 80e9720616df0eeaba75874fd86fbfbe8b7a03a7 Mon Sep 17 00:00:00 2001 -From: Yangyang Shen -Date: Wed, 24 Mar 2021 21:23:01 +0800 -Subject: [PATCH] journald: enforce longer line length limit during "setup" - phase of stream protocol - -This PR made modification on Lennart Poettering's basis. Fix the LineMax's function failure problem. - -Signed-off-by: Yangyang Shen ---- - src/journal/journald-stream.c | 35 ++++++++++++++++++++++++++++------- - 1 file changed, 28 insertions(+), 7 deletions(-) - -diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c -index 385dc4b..85723f5 100644 ---- a/src/journal/journald-stream.c -+++ b/src/journal/journald-stream.c -@@ -39,6 +39,12 @@ - - #define STDOUT_STREAMS_MAX 4096 - -+/* During the "setup" protocol phase of the stream logic let's define a different maximum line length than -+ * during the actual operational phase. We want to allow users to specify very short line lengths after all, -+ * but the unit name we embed in the setup protocol might be longer than that. Hence, during the setup phase -+ * let's enforce a line length matching the maximum unit name length (255) */ -+#define STDOUT_STREAM_SETUP_PROTOCOL_LINE_MAX (UNIT_NAME_MAX-1U) -+ - typedef enum StdoutStreamState { - STDOUT_STREAM_IDENTIFIER, - STDOUT_STREAM_UNIT_ID, -@@ -47,7 +53,7 @@ typedef enum StdoutStreamState { - STDOUT_STREAM_FORWARD_TO_SYSLOG, - STDOUT_STREAM_FORWARD_TO_KMSG, - STDOUT_STREAM_FORWARD_TO_CONSOLE, -- STDOUT_STREAM_RUNNING -+ STDOUT_STREAM_RUNNING, - } StdoutStreamState; - - /* The different types of log record terminators: a real \n was read, a NUL character was read, the maximum line length -@@ -468,6 +474,18 @@ static int stdout_stream_found( - return r; - } - -+static size_t stdout_stream_line_max(StdoutStream *s) { -+ assert(s); -+ -+ /* During the "setup" phase of our protocol, let's ensure we use a line length where a full unit name -+ * can fit in */ -+ if (s->state != STDOUT_STREAM_RUNNING) -+ return STDOUT_STREAM_SETUP_PROTOCOL_LINE_MAX; -+ -+ /* After the protocol's "setup" phase is complete, let's use whatever the user configured */ -+ return s->server->line_max; -+} -+ - static int stdout_stream_scan( - StdoutStream *s, - char *p, -@@ -475,19 +493,22 @@ static int stdout_stream_scan( - LineBreak force_flush, - size_t *ret_consumed) { - -- size_t consumed = 0; -+ size_t consumed = 0, line_max; - int r; - - assert(s); - assert(p); - -+ line_max = stdout_stream_line_max(s); -+ - for (;;) { - LineBreak line_break; - size_t skip, found; - char *end1, *end2; -+ size_t tmp_remaining = MIN(remaining, line_max); - -- end1 = memchr(p, '\n', remaining); -- end2 = memchr(p, 0, end1 ? (size_t) (end1 - p) : remaining); -+ end1 = memchr(p, '\n', tmp_remaining); -+ end2 = memchr(p, 0, end1 ? (size_t) (end1 - p) : tmp_remaining); - - if (end2) { - /* We found a NUL terminator */ -@@ -499,9 +520,9 @@ static int stdout_stream_scan( - found = end1 - p; - skip = found + 1; - line_break = LINE_BREAK_NEWLINE; -- } else if (remaining >= s->server->line_max) { -+ } else if (remaining >= line_max) { - /* Force a line break after the maximum line length */ -- found = skip = s->server->line_max; -+ found = skip = line_max; - line_break = LINE_BREAK_LINE_MAX; - } else - break; -@@ -563,7 +584,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, - - /* Try to make use of the allocated buffer in full, but never read more than the configured line size. Also, - * always leave room for a terminating NUL we might need to add. */ -- limit = MIN(s->allocated - 1, s->server->line_max); -+ limit = MIN(s->allocated - 1, MAX(s->server->line_max, STDOUT_STREAM_SETUP_PROTOCOL_LINE_MAX)); - assert(s->length <= limit); - iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length); - --- -1.8.3.1 - diff --git a/0020-fix-CVE-2021-33910.patch b/0020-fix-CVE-2021-33910.patch deleted file mode 100644 index e0a971f82047673fe76838ea762515806fda80f8..0000000000000000000000000000000000000000 --- a/0020-fix-CVE-2021-33910.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 441e0115646d54f080e5c3bb0ba477c892861ab9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9 ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 532f8fa..024b8a5 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; --- -2.23.0 - diff --git a/0020-scope-on-unified-make-sure-to-unwatch-all-PIDs-once-.patch b/0020-scope-on-unified-make-sure-to-unwatch-all-PIDs-once-.patch deleted file mode 100644 index 405dcb96a594d138df13c0adc62bd773e1d9d01e..0000000000000000000000000000000000000000 --- a/0020-scope-on-unified-make-sure-to-unwatch-all-PIDs-once-.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e9eec8b5d2c106c5dd51382a155e6045c7c17c1a Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Mon, 30 Nov 2020 15:26:15 +0100 -Subject: [PATCH] scope: on unified, make sure to unwatch all PIDs once they've - been moved to the cgroup scope - -Commit 428a9f6f1d0396b9eacde2b38d667cbe3f15eb55 freed u->pids which is -problematic since the references to this unit in m->watch_pids were no more -removed when the unit was freed. - -This patch makes sure to clean all this refs up before freeing u->pids by -calling unit_unwatch_all_pids(). ---- - src/core/scope.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/src/core/scope.c b/src/core/scope.c -index 654702ca3b..a247da206f 100644 ---- a/src/core/scope.c -+++ b/src/core/scope.c -@@ -375,10 +375,6 @@ static int scope_start(Unit *u) { - return r; - } - -- /* Now u->pids have been moved into the scope cgroup, it's not needed -- * anymore. */ -- u->pids = set_free(u->pids); -- - s->result = SCOPE_SUCCESS; - - scope_set_state(s, SCOPE_RUNNING); -@@ -386,7 +382,13 @@ static int scope_start(Unit *u) { - /* Set the maximum runtime timeout. */ - scope_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec)); - -- /* Start watching the PIDs currently in the scope */ -+ /* On unified we use proper notifications hence we can unwatch the PIDs -+ * we just attached to the scope. This can also be done on legacy as -+ * we're going to update the list of the processes we watch with the -+ * PIDs currently in the scope anyway. */ -+ unit_unwatch_all_pids(u); -+ -+ /* Start watching the PIDs currently in the scope (legacy hierarchy only) */ - (void) unit_enqueue_rewatch_pids(u); - return 1; - } --- -2.23.0 - diff --git a/systemd-248.tar.gz b/systemd-249.tar.gz similarity index 55% rename from systemd-248.tar.gz rename to systemd-249.tar.gz index 625247acb0ead0fa72859c4f76997d955919eb04..7d0d938cbff08c53ec81b1068eff3afb5d76da0d 100644 Binary files a/systemd-248.tar.gz and b/systemd-249.tar.gz differ diff --git a/systemd.spec b/systemd.spec index f250eafc078424d943e79fc2e2133f20487a8d73..e45e8112c819c12aebfc7079cde750a805d90085 100644 --- a/systemd.spec +++ b/systemd.spec @@ -19,8 +19,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 248 -Release: 13 +Version: 249 +Release: 1 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -57,16 +57,12 @@ Patch0008: 0008-rules-add-the-rule-that-adds-elevator-kernel-command.patch Patch0009: 0009-units-add-Install-section-to-tmp.mount.patch Patch0010: 0010-Make-systemd-udevd.service-start-after-systemd-remou.patch Patch0011: 0011-udev-virsh-shutdown-vm.patch -Patch0012: 0012-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0013: 0013-sd-bus-properly-initialize-containers.patch -Patch0014: 0014-Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch0016: 0016-systemd-change-time-log-level.patch -Patch0017: 0017-fix-capsh-drop-but-ping-success.patch -Patch0018: 0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch -Patch0019: 0019-journald-enforce-longer-line-length-limit-during-set.patch -Patch0020: 0020-fix-CVE-2021-33910.patch -Patch0021: backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch +Patch0012: 0012-sd-bus-properly-initialize-containers.patch +Patch0013: 0013-Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch0014: 0014-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0015: 0015-systemd-change-time-log-level.patch +Patch0016: 0016-fix-capsh-drop-but-ping-success.patch +Patch0017: 0017-resolved-create-etc-resolv.conf-symlink-at-runtime.patch BuildRequires: gcc, gcc-c++ BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel @@ -78,6 +74,7 @@ BuildRequires: gnutls-devel, qrencode-devel, libmicrohttpd-devel, libxkbcommon- BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18 BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel +BuildRequires: python3-jinja2 %if 0%{?have_gnu_efi} BuildRequires: gnu-efi gnu-efi-devel %endif @@ -228,6 +225,69 @@ Requires(postun): systemd %description oomd Systemd-oomd.service, systemd-oomd - A userspace out-of-memory (OOM) killer +%package resolved +Summary: Network Name Resolution manager +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description resolved +systemd-resolve is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package nspawn +Summary: Spawn a command or OS in a light-weight container +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description nspawn +systemd-nspawn may be used to run a command or OS in a light-weight namespace +container. In many ways it is similar to chroot, but more powerful since it +fully virtualizes the file system hierarchy, as well as the process tree, the +various IPC subsystems and the host and domain name. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd + +%description networkd +systemd-networkd is a system service that manages networks. It detects +and configures network devices as they appear, as well as creating virtual +network devices. + +%package timesyncd +Summary: Network Time Synchronization +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description timesyncd +systemd-timesyncd is a system service that may be used to synchronize +the local system clock with a remote Network Time Protocol (NTP) server. +It also saves the local time to disk every time the clock has been +synchronized and uses this to possibly advance the system realtime clock +on subsequent reboots to ensure it (roughly) monotonically advances even +if the system lacks a battery-buffered RTC chip. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + %package_help %prep @@ -544,9 +604,11 @@ getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2 getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || : getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || : +%pre networkd getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || : getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || : +%pre resolved getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || : getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || : @@ -639,20 +701,32 @@ if [ $1 -eq 0 ] ; then serial-getty@.service \ console-getty.service \ debug-shell.service \ + >/dev/null || : +fi + + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : +fi + +%preun networkd +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ systemd-networkd.service \ systemd-networkd-wait-online.service \ - systemd-resolved.service \ >/dev/null || : fi -%pre udev +%pre timesyncd getent group systemd-timesync &>/dev/null || groupadd -r systemd-timesync 2>&1 || : getent passwd systemd-timesync &>/dev/null || useradd -r -l -g systemd-timesync -d / -s /sbin/nologin -c "systemd Time Synchronization" systemd-timesync &>/dev/null || : -%post udev +%post timesyncd # Move old stuff around in /var/lib mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null -mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null if [ -L %{_localstatedir}/lib/systemd/timesync ]; then rm %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync @@ -661,6 +735,12 @@ if [ -f %{_localstatedir}/lib/systemd/clock ] ; then mkdir -p %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi +# devided from post and preun stage of udev that included in macro udev_services +%systemd_post systemd-timesyncd.service + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null udevadm hwdb --update &>/dev/null %systemd_post %udev_services @@ -676,6 +756,9 @@ if [ -f "/usr/lib/udev/rules.d/50-udev-default.rules" ]; then fi %{_bindir}/systemctl daemon-reload &>/dev/null || : +%preun timesyncd +%systemd_preun systemd-timesyncd.service + %preun udev %systemd_preun %udev_services @@ -715,6 +798,12 @@ fi %files -f %{name}.lang %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE.* +%exclude /usr/lib/systemd/boot/efi/linuxaa64.elf.stub +%exclude /usr/lib/systemd/system/dbus-org.freedesktop.oom1.service +%exclude /usr/lib/systemd/system/initrd-usr-fs.target +%exclude /usr/lib/udev/hwdb.d/60-seat.hwdb +%exclude /usr/lib/udev/hwdb.d/80-ieee1394-unit-function.hwdb +%exclude /usr/lib/udev/rules.d/81-net-dhcp.rules %license LICENSE.GPL2 LICENSE.LGPL2.1 %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants @@ -750,7 +839,6 @@ fi /usr/sbin/reboot /usr/sbin/halt /usr/sbin/telinit -/usr/sbin/resolvconf /usr/sbin/init /usr/sbin/runlevel /usr/sbin/poweroff @@ -770,12 +858,9 @@ fi /usr/share/bash-completion/completions/portablectl /usr/share/bash-completion/completions/systemd-run /usr/share/bash-completion/completions/systemd-cat -/usr/share/bash-completion/completions/resolvectl /usr/share/bash-completion/completions/coredumpctl /usr/share/bash-completion/completions/systemd-delta /usr/share/bash-completion/completions/systemd-cgls -/usr/share/bash-completion/completions/systemd-resolve -/usr/share/bash-completion/completions/networkctl /usr/share/bash-completion/completions/systemd-detect-virt /usr/share/bash-completion/completions/hostnamectl /usr/share/bash-completion/completions/systemd-cgtop @@ -790,14 +875,12 @@ fi /usr/share/zsh/site-functions/_journalctl /usr/share/zsh/site-functions/_systemd-delta /usr/share/zsh/site-functions/_systemd-tmpfiles -/usr/share/zsh/site-functions/_resolvectl /usr/share/zsh/site-functions/_systemctl /usr/share/zsh/site-functions/_systemd-run /usr/share/zsh/site-functions/_sd_outputmodes /usr/share/zsh/site-functions/_sd_unit_files /usr/share/zsh/site-functions/_sd_machines /usr/share/zsh/site-functions/_coredumpctl -/usr/share/zsh/site-functions/_networkctl /usr/share/zsh/site-functions/_timedatectl /usr/share/zsh/site-functions/_busctl /usr/share/zsh/site-functions/_systemd @@ -808,29 +891,22 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.portable1.service /usr/share/dbus-1/system-services/org.freedesktop.login1.service /usr/share/dbus-1/system-services/org.freedesktop.locale1.service -/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service /usr/share/dbus-1/system-services/org.freedesktop.hostname1.service -/usr/share/dbus-1/system-services/org.freedesktop.network1.service /usr/share/dbus-1/system-services/org.freedesktop.timedate1.service -/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf /usr/share/dbus-1/system.d/org.freedesktop.timedate1.conf /usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf /usr/share/dbus-1/system.d/org.freedesktop.login1.conf /usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf /usr/share/dbus-1/system.d/org.freedesktop.locale1.conf /usr/share/dbus-1/system.d/org.freedesktop.portable1.conf -/usr/share/dbus-1/system.d/org.freedesktop.network1.conf /usr/share/pkgconfig/systemd.pc /usr/share/pkgconfig/udev.pc /usr/share/polkit-1/actions/org.freedesktop.hostname1.policy /usr/share/polkit-1/actions/org.freedesktop.portable1.policy /usr/share/polkit-1/actions/org.freedesktop.timedate1.policy -/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy /usr/share/polkit-1/actions/org.freedesktop.login1.policy -/usr/share/polkit-1/actions/org.freedesktop.network1.policy /usr/share/polkit-1/actions/org.freedesktop.locale1.policy -/usr/share/polkit-1/rules.d/systemd-networkd.rules /usr/bin/systemd-machine-id-setup /usr/bin/localectl /usr/bin/systemd-path @@ -842,13 +918,10 @@ fi /usr/bin/systemd-cat /usr/bin/systemd-inhibit /usr/bin/systemd-ask-password -/usr/bin/resolvectl /usr/bin/systemd-notify /usr/bin/coredumpctl /usr/bin/systemd-delta /usr/bin/systemd-cgls -/usr/bin/systemd-resolve -/usr/bin/networkctl /usr/bin/systemd-stdio-bridge /usr/bin/systemd-detect-virt /usr/bin/systemd-socket-activate @@ -888,10 +961,8 @@ fi %{_systemddir}/systemd-cgroups-agent %{_systemddir}/systemd-sulogin-shell %{_systemddir}/systemd-boot-check-no-failures -%dir %{_systemddir}/ntp-units.d %{_systemddir}/systemd-user-sessions %{_systemddir}/systemd-sysctl -%{_systemddir}/systemd-networkd-wait-online %{_systemddir}/systemd-socket-proxyd %{_systemddir}/systemd-ac-power %{_systemddir}/systemd-hostnamed @@ -902,7 +973,6 @@ fi %{_systemddir}/systemd-journald %{_systemddir}/systemd-user-runtime-dir %{_systemddir}/systemd-logind -%{_systemddir}/systemd-networkd %dir %{_systemddir}/system-preset %dir %{_systemddir}/user-environment-generators %{_systemddir}/systemd-shutdown @@ -919,12 +989,9 @@ fi %{_systemddir}/systemd %dir %{_systemddir}/user-preset %{_systemddir}/systemd-coredump -%{_systemddir}/resolv.conf %{_systemddir}/systemd-veritysetup %{_systemddir}/systemd-network-generator -%{_systemddir}/systemd-time-wait-sync %{_systemddir}/systemd-pstore -%{_systemddir}/systemd-resolved %{_systemddir}/systemd-binfmt %{_systemddir}/user-preset/90-systemd.preset %dir %{_systemddir}/portable/profile @@ -943,7 +1010,6 @@ fi %{_unitdir}/systemd-coredump.socket %{_unitdir}/ctrl-alt-del.target %{_unitdir}/systemd-tmpfiles-setup.service -%{_unitdir}/systemd-time-wait-sync.service %{_unitdir}/rpcbind.target %{_unitdir}/systemd-update-done.service %{_unitdir}/dev-hugepages.mount @@ -1007,7 +1073,6 @@ fi %{_unitdir}/systemd-update-utmp.service %dir %{_unitdir}/rescue.target.wants %{_unitdir}/bluetooth.target -%{_unitdir}/systemd-networkd-wait-online.service %{_unitdir}/systemd-ask-password-wall.path %{_unitdir}/emergency.service %{_unitdir}/network-pre.target @@ -1060,13 +1125,11 @@ fi %{_unitdir}/runlevel1.target %dir %{_unitdir}/remote-fs.target.wants %{_unitdir}/dbus-org.freedesktop.hostname1.service -%{_unitdir}/systemd-networkd.service %{_unitdir}/runlevel0.target %{_unitdir}/user.slice %{_unitdir}/systemd-journal-catalog-update.service %{_unitdir}/local-fs-pre.target %{_unitdir}/systemd-halt.service -%{_unitdir}/systemd-resolved.service %{_unitdir}/container-getty@.service %{_unitdir}/slices.target %{_unitdir}/systemd-network-generator.service @@ -1166,7 +1229,6 @@ fi %{_userunitdir}/smartcard.target %{_systemddir}/systemd-userdbd %{_systemddir}/systemd-userwork -%{_systemddir}/network/80-container-host0.network %{_systemddir}/network/80-wifi-adhoc.network %{_systemddir}/network/80-wifi-ap.network.example %{_systemddir}/network/80-wifi-station.network.example @@ -1215,13 +1277,10 @@ fi %ghost %config(noreplace) /etc/machine-info %ghost %config(noreplace) /etc/machine-id %ghost %config(noreplace) /etc/hostname -%dir /etc/systemd/network %config(noreplace) /etc/systemd/user.conf %config(noreplace) /etc/systemd/coredump.conf %dir /etc/systemd/user %config(noreplace) /etc/systemd/logind.conf -%config(noreplace) /etc/systemd/networkd.conf -%config(noreplace) /etc/systemd/resolved.conf %config(noreplace) /etc/systemd/journald.conf %config(noreplace) /etc/systemd/pstore.conf %dir /etc/systemd/system @@ -1239,7 +1298,6 @@ fi %config(noreplace) /etc/xdg/systemd/user %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf -%{_libdir}/security/pam_systemd.so /usr/lib/rpm/macros.d/macros.systemd /usr/bin/systemd-cryptenroll @@ -1270,7 +1328,6 @@ fi %files libs %{_libdir}/libnss_systemd.so.2 -%{_libdir}/libnss_resolve.so.2 %{_libdir}/libnss_myhostname.so.2 %{_libdir}/libsystemd.so.* %{_libdir}/libudev.so.* @@ -1299,10 +1356,8 @@ fi %files udev %ghost %dir /var/lib/systemd/backlight -%ghost %dir /var/lib/systemd/timesync %ghost %dir /var/lib/systemd/rfkill %ghost /var/lib/systemd/random-seed -%ghost /var/lib/systemd/timesync/clock /usr/sbin/udevadm /usr/share/bash-completion/completions/udevadm /usr/share/bash-completion/completions/bootctl @@ -1310,8 +1365,6 @@ fi /usr/share/zsh/site-functions/_bootctl /usr/share/zsh/site-functions/_udevadm /usr/share/zsh/site-functions/_kernel-install -/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service -/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf /usr/bin/systemd-hwdb /usr/bin/udevadm /usr/bin/bootctl @@ -1320,7 +1373,6 @@ fi %dir /usr/lib/udev %dir /usr/lib/kernel %dir /usr/lib/modules-load.d -%{_systemddir}/systemd-timesyncd %{_systemddir}/systemd-growfs %{_systemddir}/systemd-modules-load %dir %{_systemddir}/system-sleep @@ -1348,7 +1400,6 @@ fi %dir %{_unitdir}/systemd-udev-trigger.service.d %{_unitdir}/systemd-random-seed.service %{_unitdir}/systemd-quotacheck.service -%{_unitdir}/systemd-timesyncd.service %{_unitdir}/systemd-udevd-control.socket %{_unitdir}/hibernate.target %{_unitdir}/systemd-remount-fs.service @@ -1382,7 +1433,6 @@ fi %{_systemddir}/system-generators/systemd-cryptsetup-generator %{_systemddir}/system-generators/systemd-hibernate-resume-generator %{_systemddir}/system-generators/systemd-gpt-auto-generator -%{_systemddir}/ntp-units.d/80-systemd-timesync.list %if 0%{?have_gnu_efi} %dir %{_systemddir}/boot %dir %{_systemddir}/boot/efi @@ -1462,7 +1512,6 @@ fi %dir /etc/udev %dir /etc/kernel %dir /etc/modules-load.d -%config(noreplace) /etc/systemd/timesyncd.conf %config(noreplace) /etc/systemd/sleep.conf %dir /etc/kernel/install.d %ghost /etc/udev/hwdb.bin @@ -1472,9 +1521,7 @@ fi %files container /usr/share/bash-completion/completions/machinectl -/usr/share/bash-completion/completions/systemd-nspawn /usr/share/zsh/site-functions/_machinectl -/usr/share/zsh/site-functions/_systemd-nspawn /usr/share/dbus-1/system-services/org.freedesktop.import1.service /usr/share/dbus-1/system-services/org.freedesktop.machine1.service /usr/share/dbus-1/services/org.freedesktop.systemd1.service @@ -1485,7 +1532,6 @@ fi /usr/share/polkit-1/actions/org.freedesktop.machine1.policy %{_libdir}/libnss_mymachines.so.2 /usr/bin/machinectl -/usr/bin/systemd-nspawn %{_systemddir}/systemd-import %{_systemddir}/systemd-machined %{_systemddir}/systemd-importd @@ -1500,13 +1546,9 @@ fi %{_unitdir}/machine.slice %{_unitdir}/machines.target %dir %{_unitdir}/machines.target.wants -%{_unitdir}/systemd-nspawn@.service %{_unitdir}/machines.target.wants/var-lib-machines.mount %{_unitdir}/remote-fs.target.wants/var-lib-machines.mount -%{_systemddir}/network/80-container-vz.network -%{_systemddir}/network/80-container-ve.network %{_systemddir}/network/80-vm-vt.network -/usr/lib/tmpfiles.d/systemd-nspawn.conf %files journal-remote %ghost %dir /var/log/journal/remote @@ -1550,6 +1592,64 @@ fi /usr/share/man/*/* %exclude /usr/share/man/man3/* +%files resolved +/usr/sbin/resolvconf +/usr/bin/resolvectl +/usr/share/bash-completion/completions/resolvectl +/usr/share/zsh/site-functions/_resolvectl +/usr/share/bash-completion/completions/systemd-resolve +/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service +/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf +/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/bin/systemd-resolve +%{_systemddir}/resolv.conf +%{_systemddir}/systemd-resolved +%config(noreplace) /etc/systemd/resolved.conf +%{_libdir}/libnss_resolve.so.2 +%{_unitdir}/systemd-resolved.service + +%files nspawn +/usr/share/bash-completion/completions/systemd-nspawn +/usr/share/zsh/site-functions/_systemd-nspawn +/usr/bin/systemd-nspawn +%{_unitdir}/systemd-nspawn@.service +/usr/lib/tmpfiles.d/systemd-nspawn.conf + +%files networkd +/usr/share/bash-completion/completions/networkctl +/usr/share/zsh/site-functions/_networkctl +/usr/share/dbus-1/system-services/org.freedesktop.network1.service +/usr/share/dbus-1/system.d/org.freedesktop.network1.conf +/usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/polkit-1/rules.d/systemd-networkd.rules +/usr/bin/networkctl +%{_systemddir}/systemd-networkd-wait-online +%{_systemddir}/systemd-networkd +%{_unitdir}/systemd-networkd.socket +%{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-networkd.service +%{_systemddir}/network/80-container-host0.network +%dir /etc/systemd/network +%config(noreplace) /etc/systemd/networkd.conf +%{_systemddir}/network/80-container-vz.network +%{_systemddir}/network/80-container-ve.network + +%files timesyncd +%dir %{_systemddir}/ntp-units.d +%{_systemddir}/systemd-time-wait-sync +%{_unitdir}/systemd-time-wait-sync.service +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service +/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +%{_systemddir}/systemd-timesyncd +%{_unitdir}/systemd-timesyncd.service +%{_systemddir}/ntp-units.d/80-systemd-timesync.list +%config(noreplace) /etc/systemd/timesyncd.conf + +%files pam +%{_libdir}/security/pam_systemd.so + %changelog * Thu Sep 16 2021 ExtinctFire - 248-13 - core: fix free undefined pointer when strdup failed in the first loop