From 12066f8a1254c9ab3390ed4f4799329114a07a67 Mon Sep 17 00:00:00 2001 From: hongjinghao Date: Mon, 19 Jun 2023 10:41:53 +0800 Subject: [PATCH] sync patches from systemd community --- ...the-uevent-when-worker-is-terminated.patch | 52 +- ...one-more-test-for-drop-in-precedence.patch | 66 + ...st-for-transient-units-with-drop-ins.patch | 108 + ...est-hierarchical-drop-ins-for-slices.patch | 78 + ...-serialize-deserialize-device-syspat.patch | 65 + ...evice_coldplug-don-t-set-DEVICE_DEAD.patch | 43 + ...ot-downgrade-device-state-if-it-is-a.patch | 36 + ...re-device-drop-unnecessary-condition.patch | 28 + ...re-DEVICE_FOUND_UDEV-bit-on-switchin.patch | 117 + backport-core-device-update-comment.patch | 64 + ...ify-device-syspath-on-switching-root.patch | 42 + ...ANAGER_IS_SWITCHING_ROOT-helper-func.patch | 91 + ...-Type-dbus-service-enqueuing-if-dbus.patch | 91 + ...us-activation-if-dbus-is-not-running.patch | 43 + ...onor_device_enumeration-with-MANAGER.patch | 113 + ...slice_freezer_action-return-0-if-fre.patch | 47 + backport-core-timer-fix-memleak.patch | 61 + ...e-timer-fix-potential-use-after-free.patch | 26 + backport-core-unit-fix-use-after-free.patch | 30 + ...low-transient-units-to-have-drop-ins.patch | 89 + ...-boolean-expression-in-unit_is_prist.patch | 40 + ...t-always-initialize-sd_event.perturb.patch | 59 + backport-sd-event-fix-error-handling.patch | 31 + ...py_safe-as-the-buffer-size-may-be-ze.patch | 27 + ...avoid-crashing-on-config-without-a-v.patch | 31 + ...-memory-leak-on-failed-normalization.patch | 34 + ...pty-release-ID-to-avoid-triggering-a.patch | 31 + ...initrd-sysroot-transition-in-TEST-24.patch | 113 + ...custom-initrd-for-TEST-24-if-INITRD-.patch | 66 + ...t-store-the-key-on-a-separate-device.patch | 44 + backport-timedatectl-fix-a-memory-leak.patch | 46 + ...-udev-cdrom_id-check-last-track-info.patch | 31 + ...-restart-limit-on-the-modprobe-.serv.patch | 36 + ...up-support-default-slice-for-all-uni.patch | 2 +- ...-device-to-dead-in-manager_catchup-d.patch | 31 +- fix-mount-failed-while-daemon-reexec.patch | 23 +- systemd.spec-bak | 2701 +++++++++++++++++ 37 files changed, 4586 insertions(+), 50 deletions(-) create mode 100644 backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch create mode 100644 backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch create mode 100644 backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch create mode 100644 backport-core-device-also-serialize-deserialize-device-syspat.patch create mode 100644 backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch create mode 100644 backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch create mode 100644 backport-core-device-drop-unnecessary-condition.patch create mode 100644 backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch create mode 100644 backport-core-device-update-comment.patch create mode 100644 backport-core-device-verify-device-syspath-on-switching-root.patch create mode 100644 backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch create mode 100644 backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch create mode 100644 backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch create mode 100644 backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch create mode 100644 backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch create mode 100644 backport-core-timer-fix-memleak.patch create mode 100644 backport-core-timer-fix-potential-use-after-free.patch create mode 100644 backport-core-unit-fix-use-after-free.patch create mode 100644 backport-manager-allow-transient-units-to-have-drop-ins.patch create mode 100644 backport-manager-reformat-boolean-expression-in-unit_is_prist.patch create mode 100644 backport-sd-event-always-initialize-sd_event.perturb.patch create mode 100644 backport-sd-event-fix-error-handling.patch create mode 100644 backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch create mode 100644 backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch create mode 100644 backport-shared-json-fix-memory-leak-on-failed-normalization.patch create mode 100644 backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch create mode 100644 backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch create mode 100644 backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch create mode 100644 backport-test-store-the-key-on-a-separate-device.patch create mode 100644 backport-timedatectl-fix-a-memory-leak.patch create mode 100644 backport-udev-cdrom_id-check-last-track-info.patch create mode 100644 backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch create mode 100644 systemd.spec-bak diff --git a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch index 39fa1d2..4d15ad5 100644 --- a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch +++ b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch @@ -5,32 +5,32 @@ Subject: [PATCH] Retry to handle the uevent when worker is terminated abnormal When processing uevent events fails, retry it. --- - src/udev/udevd.c | 35 +++++++++++++++++++++++++++++++++-- - 1 file changed, 33 insertions(+), 2 deletions(-) + src/udev/udevd.c | 41 ++++++++++++++++++++++++++++++++++++----- + 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 75e2086..023fe55 100644 +index eb94ed3..5b743ad 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c -@@ -69,6 +69,7 @@ +@@ -70,6 +70,7 @@ #include "version.h" #define WORKER_NUM_MAX 2048U +#define UEVENT_MAX_RETRY_TIMES 3 - #define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) - #define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) -@@ -123,6 +124,7 @@ typedef struct Event { + static bool arg_debug = false; + static int arg_daemonize = false; +@@ -114,6 +115,7 @@ typedef struct Event { Manager *manager; Worker *worker; EventState state; + int retry; sd_device *dev; - -@@ -166,6 +168,32 @@ typedef enum EventResult { - _EVENT_RESULT_INVALID = -EINVAL, - } EventResult; + sd_device *dev_kernel; /* clone of originally received device */ +@@ -148,6 +150,32 @@ typedef struct Worker { + typedef struct WorkerMessage { + } WorkerMessage; +static bool event_retry(Event *event) { + if (!event) @@ -58,30 +58,36 @@ index 75e2086..023fe55 100644 + return true; +} + - static Event *event_free(Event *event) { + static void event_free(Event *event) { if (!event) - return NULL; -@@ -1118,6 +1146,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { + return; +@@ -638,6 +666,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { + .dev_kernel = TAKE_PTR(clone), .seqnum = seqnum, - .action = action, .state = EVENT_QUEUED, + .retry = UEVENT_MAX_RETRY_TIMES, }; if (LIST_IS_EMPTY(manager->events)) { -@@ -1547,8 +1576,10 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi +@@ -1314,11 +1343,13 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi device_delete_db(worker->event->dev); device_tag_index(worker->event->dev, NULL, false); -- /* Forward kernel event to libudev listeners */ -- device_broadcast(manager->monitor, worker->event->dev); +- if (manager->monitor) { +- /* forward kernel event without amending it */ +- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); +- if (r < 0) +- log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); + if (event_retry(worker->event) == false) { -+ /* Forward kernel event to libudev listeners */ -+ device_broadcast(manager->monitor, worker->event->dev); -+ } ++ if (manager->monitor) { ++ /* forward kernel event without amending it */ ++ r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); ++ if (r < 0) ++ log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); ++ } + } } - worker_free(worker); -- -2.33.0 +2.23.0 diff --git a/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch b/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch new file mode 100644 index 0000000..0196b2e --- /dev/null +++ b/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch @@ -0,0 +1,66 @@ +From c3fa408dcc03bb6dbd11f180540fb9e684893c39 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 16 Oct 2022 21:52:43 +0200 +Subject: [PATCH] TEST-15: add one more test for drop-in precedence + +--- + test/units/testsuite-15.sh | 36 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 36 insertions(+) + +diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh +index ed6d5f838d..079c8b290e 100755 +--- a/test/units/testsuite-15.sh ++++ b/test/units/testsuite-15.sh +@@ -282,6 +282,41 @@ MemoryMax=1000000001 + clear_services a-b-c.slice + } + ++test_transient_service_dropins () { ++ echo "Testing dropins for a transient service..." ++ echo "*** test transient service drop-ins" ++ ++ mkdir -p /etc/systemd/system/service.d ++ mkdir -p /etc/systemd/system/a-.service.d ++ mkdir -p /etc/systemd/system/a-b-.service.d ++ mkdir -p /etc/systemd/system/a-b-c.service.d ++ ++ echo -e '[Service]\nStandardInputText=aaa' >/etc/systemd/system/service.d/drop1.conf ++ echo -e '[Service]\nStandardInputText=bbb' >/etc/systemd/system/a-.service.d/drop2.conf ++ echo -e '[Service]\nStandardInputText=ccc' >/etc/systemd/system/a-b-.service.d/drop3.conf ++ echo -e '[Service]\nStandardInputText=ddd' >/etc/systemd/system/a-b-c.service.d/drop4.conf ++ ++ # There's no fragment yet, so this fails ++ systemctl cat a-b-c.service && exit 1 ++ ++ # xxx → eHh4Cg== ++ systemd-run -u a-b-c.service -p StandardInputData=eHh4Cg== sleep infinity ++ ++ data=$(systemctl show -P StandardInputData a-b-c.service) ++ # xxx\naaa\n\bbb\nccc\nddd\n → eHh4… ++ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo=" ++ ++ # Do a reload and check again ++ systemctl daemon-reload ++ data=$(systemctl show -P StandardInputData a-b-c.service) ++ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo=" ++ ++ clear_services a-b-c.service ++ rm /etc/systemd/system/service.d/drop1.conf \ ++ /etc/systemd/system/a-.service.d/drop2.conf \ ++ /etc/systemd/system/a-b-.service.d/drop3.conf ++} ++ + test_template_dropins () { + echo "Testing template dropins..." + +@@ -621,6 +656,7 @@ test_linked_units + test_template_alias + test_hierarchical_service_dropins + test_hierarchical_slice_dropins ++test_transient_service_dropins + test_template_dropins + test_alias_dropins + test_masked_dropins +-- +2.33.0 + diff --git a/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch b/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch new file mode 100644 index 0000000..e265339 --- /dev/null +++ b/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch @@ -0,0 +1,108 @@ +From 6854434cfb5dda10c07d95835c38b75e5e71c2b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 16 Oct 2022 14:02:45 +0200 +Subject: [PATCH] TEST-15: add test for transient units with drop-ins + +We want to test four things: +- that the transient units are successfully started when drop-ins exist +- that the transient setings override the defaults +- the drop-ins override the transient settings (the same as for a normal unit) +- that things are the same before and after a reload + +To make things more fun, we start and stop units in two different ways: via +systemctl and via a direct busctl invocation. This gives us a bit more coverage +of different code paths. +--- + test/units/testsuite-15.sh | 62 ++++++++++++++++++++++++++++++++++---- + 1 file changed, 56 insertions(+), 6 deletions(-) + +diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh +index 8b44d76982..ed6d5f838d 100755 +--- a/test/units/testsuite-15.sh ++++ b/test/units/testsuite-15.sh +@@ -181,19 +181,40 @@ test_hierarchical_service_dropins () { + echo "Testing hierarchical service dropins..." + echo "*** test service.d/ top level drop-in" + create_services a-b-c +- check_ko a-b-c ExecCondition "/bin/echo service.d" +- check_ko a-b-c ExecCondition "/bin/echo a-.service.d" +- check_ko a-b-c ExecCondition "/bin/echo a-b-.service.d" +- check_ko a-b-c ExecCondition "/bin/echo a-b-c.service.d" ++ check_ko a-b-c ExecCondition "echo service.d" ++ check_ko a-b-c ExecCondition "echo a-.service.d" ++ check_ko a-b-c ExecCondition "echo a-b-.service.d" ++ check_ko a-b-c ExecCondition "echo a-b-c.service.d" + + for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do + mkdir -p /usr/lib/systemd/system/$dropin + echo " + [Service] +-ExecCondition=/bin/echo $dropin ++ExecCondition=echo $dropin + " >/usr/lib/systemd/system/$dropin/override.conf + systemctl daemon-reload +- check_ok a-b-c ExecCondition "/bin/echo $dropin" ++ check_ok a-b-c ExecCondition "echo $dropin" ++ ++ # Check that we can start a transient service in presence of the drop-ins ++ systemd-run -u a-b-c2.service -p Description='sleepy' sleep infinity ++ ++ # The transient setting replaces the default ++ check_ok a-b-c2.service Description "sleepy" ++ ++ # The override takes precedence for ExecCondition ++ # (except the last iteration when it only applies to the other service) ++ if [ "$dropin" != "a-b-c.service.d" ]; then ++ check_ok a-b-c2.service ExecCondition "echo $dropin" ++ fi ++ ++ # Check that things are the same after a reload ++ systemctl daemon-reload ++ check_ok a-b-c2.service Description "sleepy" ++ if [ "$dropin" != "a-b-c.service.d" ]; then ++ check_ok a-b-c2.service ExecCondition "echo $dropin" ++ fi ++ ++ systemctl stop a-b-c2.service + done + for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do + rm -rf /usr/lib/systemd/system/$dropin +@@ -218,6 +239,35 @@ MemoryMax=1000000000 + " >/usr/lib/systemd/system/$dropin/override.conf + systemctl daemon-reload + check_ok a-b-c.slice MemoryMax "1000000000" ++ ++ busctl call \ ++ org.freedesktop.systemd1 \ ++ /org/freedesktop/systemd1 \ ++ org.freedesktop.systemd1.Manager \ ++ StartTransientUnit 'ssa(sv)a(sa(sv))' \ ++ 'a-b-c.slice' 'replace' \ ++ 2 \ ++ 'Description' s 'slice too' \ ++ 'MemoryMax' t 1000000002 \ ++ 0 ++ ++ # The override takes precedence for MemoryMax ++ check_ok a-b-c.slice MemoryMax "1000000000" ++ # The transient setting replaces the default ++ check_ok a-b-c.slice Description "slice too" ++ ++ # Check that things are the same after a reload ++ systemctl daemon-reload ++ check_ok a-b-c.slice MemoryMax "1000000000" ++ check_ok a-b-c.slice Description "slice too" ++ ++ busctl call \ ++ org.freedesktop.systemd1 \ ++ /org/freedesktop/systemd1 \ ++ org.freedesktop.systemd1.Manager \ ++ StopUnit 'ss' \ ++ 'a-b-c.slice' 'replace' ++ + rm /usr/lib/systemd/system/$dropin/override.conf + done + +-- +2.33.0 + diff --git a/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch b/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch new file mode 100644 index 0000000..a4cab79 --- /dev/null +++ b/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch @@ -0,0 +1,78 @@ +From f80c874af376052b6b81f47cbbc43d7fecd98cd6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 16 Oct 2022 12:54:34 +0200 +Subject: [PATCH] TEST-15: also test hierarchical drop-ins for slices + +Slices are worth testing too, because they don't need a fragment path so they +behave slightly differently than service units. I'm making this a separate +patch from the actual tests that I wanted to add later because it's complex +enough on its own. +--- + test/units/testsuite-15.sh | 37 ++++++++++++++++++++++++++++++++++--- + 1 file changed, 34 insertions(+), 3 deletions(-) + +diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh +index c3784e2..8bae64d 100755 +--- a/test/units/testsuite-15.sh ++++ b/test/units/testsuite-15.sh +@@ -174,8 +174,8 @@ test_template_alias() { + clear_services test15-a@ test15-b@ + } + +-test_hierarchical_dropins () { +- echo "Testing hierarchical dropins..." ++test_hierarchical_service_dropins () { ++ echo "Testing hierarchical service dropins..." + echo "*** test service.d/ top level drop-in" + create_services a-b-c + check_ko a-b-c ExecCondition "/bin/echo service.d" +@@ -199,6 +199,36 @@ ExecCondition=/bin/echo $dropin + clear_services a-b-c + } + ++test_hierarchical_slice_dropins () { ++ echo "Testing hierarchical slice dropins..." ++ echo "*** test slice.d/ top level drop-in" ++ # Slice units don't even need a fragment, so we test the defaults here ++ check_ok a-b-c.slice Description "Slice /a/b/c" ++ check_ok a-b-c.slice MemoryMax "infinity" ++ ++ # Test drop-ins ++ for dropin in slice.d a-.slice.d a-b-.slice.d a-b-c.slice.d; do ++ mkdir -p /usr/lib/systemd/system/$dropin ++ echo " ++[Slice] ++MemoryMax=1000000000 ++ " >/usr/lib/systemd/system/$dropin/override.conf ++ systemctl daemon-reload ++ check_ok a-b-c.slice MemoryMax "1000000000" ++ rm /usr/lib/systemd/system/$dropin/override.conf ++ done ++ ++ # Test unit with a fragment ++ echo " ++[Slice] ++MemoryMax=1000000001 ++ " >/usr/lib/systemd/system/a-b-c.slice ++ systemctl daemon-reload ++ check_ok a-b-c.slice MemoryMax "1000000001" ++ ++ clear_services a-b-c.slice ++} ++ + test_template_dropins () { + echo "Testing template dropins..." + +@@ -517,7 +547,8 @@ test_invalid_dropins () { + test_basic_dropins + test_linked_units + test_template_alias +-test_hierarchical_dropins ++test_hierarchical_service_dropins ++test_hierarchical_slice_dropins + test_template_dropins + test_alias_dropins + test_masked_dropins +-- +2.33.0 + diff --git a/backport-core-device-also-serialize-deserialize-device-syspat.patch b/backport-core-device-also-serialize-deserialize-device-syspat.patch new file mode 100644 index 0000000..32b057f --- /dev/null +++ b/backport-core-device-also-serialize-deserialize-device-syspat.patch @@ -0,0 +1,65 @@ +From 1ea74fca3a3c737f3901bc10d879b7830b3528bf Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 25 Oct 2022 21:41:17 +0900 +Subject: [PATCH] core/device: also serialize/deserialize device syspath + +The field will be used in later commits. +--- + src/core/device.c | 13 ++++++++++++- + src/core/device.h | 2 +- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 9d694aa..26a6d1f 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -114,6 +114,7 @@ static void device_done(Unit *u) { + assert(d); + + device_unset_sysfs(d); ++ d->deserialized_sysfs = mfree(d->deserialized_sysfs); + d->wants_property = strv_free(d->wants_property); + } + +@@ -295,6 +296,9 @@ static int device_serialize(Unit *u, FILE *f, FDSet *fds) { + assert(f); + assert(fds); + ++ if (d->sysfs) ++ (void) serialize_item(f, "sysfs", d->sysfs); ++ + (void) serialize_item(f, "state", device_state_to_string(d->state)); + + if (device_found_to_string_many(d->found, &s) >= 0) +@@ -312,7 +316,14 @@ static int device_deserialize_item(Unit *u, const char *key, const char *value, + assert(value); + assert(fds); + +- if (streq(key, "state")) { ++ if (streq(key, "sysfs")) { ++ if (!d->deserialized_sysfs) { ++ d->deserialized_sysfs = strdup(value); ++ if (!d->deserialized_sysfs) ++ log_oom_debug(); ++ } ++ ++ } else if (streq(key, "state")) { + DeviceState state; + + state = device_state_from_string(value); +diff --git a/src/core/device.h b/src/core/device.h +index dfe8a13..99bf134 100644 +--- a/src/core/device.h ++++ b/src/core/device.h +@@ -20,7 +20,7 @@ typedef enum DeviceFound { + struct Device { + Unit meta; + +- char *sysfs; ++ char *sysfs, *deserialized_sysfs; + + /* In order to be able to distinguish dependencies on different device nodes we might end up creating multiple + * devices for the same sysfs path. We chain them up here. */ +-- +2.33.0 + diff --git a/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch b/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch new file mode 100644 index 0000000..2f3964c --- /dev/null +++ b/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch @@ -0,0 +1,43 @@ +From cf1ac0cfe44997747b0f857a1d0b67cea1298272 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Wed, 25 May 2022 12:01:00 +0200 +Subject: [PATCH] core/device: device_coldplug(): don't set DEVICE_DEAD + +dm-crypt device units generated by systemd-cryptsetup-generator +habe BindsTo= dependencies on their backend devices. The dm-crypt +devices have the db_persist flag set, and thus survive the udev db +cleanup while switching root. But backend devices usually don't survive. +These devices are neither mounted nor used for swap, thus they will +seen as DEVICE_NOT_FOUND after switching root. + +The BindsTo dependency will cause systemd to schedule a stop +job for the dm-crypt device, breaking boot: + +[ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device. +[ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace +[ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343 + +Avoid this by not setting the state of the backend devices to +DEVICE_DEAD. + +Fixes the LUKS setup issue reported in #23429. +--- + src/core/device.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 4c261ec554..8728630523 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -205,8 +205,6 @@ static int device_coldplug(Unit *u) { + found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ + if (state == DEVICE_PLUGGED) + state = DEVICE_TENTATIVE; /* downgrade state */ +- if (found == DEVICE_NOT_FOUND) +- state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ + } + + if (d->found == found && d->state == state) +-- +2.33.0 + diff --git a/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch b/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch new file mode 100644 index 0000000..7607580 --- /dev/null +++ b/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch @@ -0,0 +1,36 @@ +From 4fc69e8a0949c2537019466f839d9b7aee5628c9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 20 May 2022 10:25:12 +0200 +Subject: [PATCH] core/device: do not downgrade device state if it is already + enumerated + +On switching root, a device may have a persistent databse. In that case, +Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not +necessary to downgrade the Device.deserialized_found and +Device.deserialized_state. Otherwise, the state of the device unit may +be changed plugged -> dead -> plugged, if the device has not been mounted. + +Fixes #23429. + +[mwilck: cherry-picked from #23437] +--- + src/core/device.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 8728630523..fcde8a420e 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -201,7 +201,8 @@ static int device_coldplug(Unit *u) { + * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by + * device_catchup() or uevents. */ + +- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { ++ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && ++ !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { + found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ + if (state == DEVICE_PLUGGED) + state = DEVICE_TENTATIVE; /* downgrade state */ +-- +2.33.0 + diff --git a/backport-core-device-drop-unnecessary-condition.patch b/backport-core-device-drop-unnecessary-condition.patch new file mode 100644 index 0000000..1e8b7bf --- /dev/null +++ b/backport-core-device-drop-unnecessary-condition.patch @@ -0,0 +1,28 @@ +From f33bc87989a87475ed41bc9cd715c4cbb18ee389 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 1 May 2022 21:42:43 +0900 +Subject: [PATCH] core/device: drop unnecessary condition + +--- + src/core/device.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 44425cda3c..934676287e 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -179,10 +179,7 @@ static void device_catchup(Unit *u) { + + assert(d); + +- /* Second, let's update the state with the enumerated state if it's different */ +- if (d->enumerated_found == d->found) +- return; +- ++ /* Second, let's update the state with the enumerated state */ + device_update_found_one(d, d->enumerated_found, DEVICE_FOUND_MASK); + } + +-- +2.33.0 + diff --git a/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch b/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch new file mode 100644 index 0000000..f2b4096 --- /dev/null +++ b/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch @@ -0,0 +1,117 @@ +From 75d7b5989f99125e52d5c0e5656fa1cd0fae2405 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 29 Apr 2022 20:29:11 +0900 +Subject: [PATCH] core/device: ignore DEVICE_FOUND_UDEV bit on switching root + +The issue #12953 is caused by the following: +On switching root, +- deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT, +- deserialized_state == DEVICE_PLUGGED, +- enumerated_found == DEVICE_FOUND_MOUNT, +On switching root, most devices are not found by the enumeration process. +Hence, the device state is set to plugged by device_coldplug(), and then +changed to the dead state in device_catchup(). So the corresponding +mount point is unmounted. Later when the device is processed by udevd, it +will be changed to plugged state again. + +The issue #23208 is caused by the fact that generated udev database in +initramfs and the main system are often different. + +So, the two issues have the same root; we should not honor +DEVICE_FOUND_UDEV bit in the deserialized_found on switching root. + +This partially reverts c6e892bc0eebe1d42c282bd2d8bae149fbeba85f. + +Fixes #12953 and #23208. +Replaces #23215. + +Co-authored-by: Martin Wilck +--- + src/core/device.c | 59 +++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 49 insertions(+), 10 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 934676287e..1a4563a3d9 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -163,14 +163,57 @@ static int device_coldplug(Unit *u) { + assert(d->state == DEVICE_DEAD); + + /* First, let's put the deserialized state and found mask into effect, if we have it. */ ++ if (d->deserialized_state < 0) ++ return 0; ++ ++ Manager *m = u->manager; ++ DeviceFound found = d->deserialized_found; ++ DeviceState state = d->deserialized_state; ++ ++ /* On initial boot, switch-root, reload, reexecute, the following happen: ++ * 1. MANAGER_IS_RUNNING() == false ++ * 2. enumerate devices: manager_enumerate() -> device_enumerate() ++ * Device.enumerated_found is set. ++ * 3. deserialize devices: manager_deserialize() -> device_deserialize() ++ * Device.deserialize_state and Device.deserialized_found are set. ++ * 4. coldplug devices: manager_coldplug() -> device_coldplug() ++ * deserialized properties are copied to the main properties. ++ * 5. MANAGER_IS_RUNNING() == true: manager_ready() ++ * 6. catchup devices: manager_catchup() -> device_catchup() ++ * Device.enumerated_found is applied to Device.found, and state is updated based on that. ++ * ++ * Notes: ++ * - On initial boot, no udev database exists. Hence, no devices are enumerated in the step 2. ++ * Also, there is no deserialized device. Device units are (a) generated based on dependencies of ++ * other units, or (b) generated when uevents are received. ++ * ++ * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. ++ * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, ++ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be ++ * ignored, as udev rules in initramfs and the main system are often different. If the deserialized ++ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody ++ * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false ++ * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. ++ * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd ++ * will (re-)process all devices, and the Device.found and Device.state will be adjusted. ++ * ++ * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. ++ * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by ++ * device_catchup() or uevents. */ ++ ++ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { ++ found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ ++ if (state == DEVICE_PLUGGED) ++ state = DEVICE_TENTATIVE; /* downgrade state */ ++ if (found == DEVICE_NOT_FOUND) ++ state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ ++ } + +- if (d->deserialized_state < 0 || +- (d->deserialized_state == d->state && +- d->deserialized_found == d->found)) ++ if (d->found == found && d->state == state) + return 0; + +- d->found = d->deserialized_found; +- device_set_state(d, d->deserialized_state); ++ d->found = found; ++ device_set_state(d, state); + return 0; + } + +@@ -644,13 +687,9 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no + } + + static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { +- Manager *m; +- + assert(d); + +- m = UNIT(d)->manager; +- +- if (MANAGER_IS_RUNNING(m) && (m->honor_device_enumeration || MANAGER_IS_USER(m))) { ++ if (MANAGER_IS_RUNNING(UNIT(d)->manager)) { + DeviceFound n, previous; + + /* When we are already running, then apply the new mask right-away, and trigger state changes +-- +2.33.0 + diff --git a/backport-core-device-update-comment.patch b/backport-core-device-update-comment.patch new file mode 100644 index 0000000..c52fbdb --- /dev/null +++ b/backport-core-device-update-comment.patch @@ -0,0 +1,64 @@ +From 54a4d71509c0f3401aa576346754a0781795214a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 25 Oct 2022 21:40:21 +0900 +Subject: [PATCH] core/device: update comment + +--- + src/core/device.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 0bca0ff..9d694aa 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -172,7 +172,7 @@ static int device_coldplug(Unit *u) { + * 1. MANAGER_IS_RUNNING() == false + * 2. enumerate devices: manager_enumerate() -> device_enumerate() + * Device.enumerated_found is set. +- * 3. deserialize devices: manager_deserialize() -> device_deserialize() ++ * 3. deserialize devices: manager_deserialize() -> device_deserialize_item() + * Device.deserialize_state and Device.deserialized_found are set. + * 4. coldplug devices: manager_coldplug() -> device_coldplug() + * deserialized properties are copied to the main properties. +@@ -187,22 +187,27 @@ static int device_coldplug(Unit *u) { + * + * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. + * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, +- * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be +- * ignored, as udev rules in initramfs and the main system are often different. If the deserialized +- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting +- * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called. +- * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd +- * will (re-)process all devices, and the Device.found and Device.state will be adjusted. ++ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the ++ * Device.deserialized_found must be ignored, as udev rules in initrd and the main system are often ++ * different. If the deserialized state is DEVICE_PLUGGED, we need to downgrade it to ++ * DEVICE_TENTATIVE. Unlike the other starting mode, MANAGER_IS_SWITCHING_ROOT() is true when ++ * device_coldplug() and device_catchup() are called. Hence, let's conditionalize the operations by ++ * using the flag. After switch-root, systemd-udevd will (re-)process all devices, and the ++ * Device.found and Device.state will be adjusted. + * +- * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. +- * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by +- * device_catchup() or uevents. */ ++ * - On reload or reexecute, we can trust Device.enumerated_found, Device.deserialized_found, and ++ * Device.deserialized_state. Of course, deserialized parameters may be outdated, but the unit ++ * state can be adjusted later by device_catchup() or uevents. */ + + if (MANAGER_IS_SWITCHING_ROOT(m) && + !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { +- found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ ++ /* The device has not been enumerated. On switching-root, such situation is natural. See the ++ * above comment. To prevent problematic state transition active → dead → active, let's ++ * drop the DEVICE_FOUND_UDEV flag and downgrade state to DEVICE_TENTATIVE(activating). See ++ * issue #12953 and #23208. */ ++ found &= ~DEVICE_FOUND_UDEV; + if (state == DEVICE_PLUGGED) +- state = DEVICE_TENTATIVE; /* downgrade state */ ++ state = DEVICE_TENTATIVE; + } + + if (d->found == found && d->state == state) +-- +2.33.0 + diff --git a/backport-core-device-verify-device-syspath-on-switching-root.patch b/backport-core-device-verify-device-syspath-on-switching-root.patch new file mode 100644 index 0000000..eae111e --- /dev/null +++ b/backport-core-device-verify-device-syspath-on-switching-root.patch @@ -0,0 +1,42 @@ +From b6c86ae28149c4abb2f0bd6acab13153382da9e7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 26 Oct 2022 01:18:05 +0900 +Subject: [PATCH] core/device: verify device syspath on switching root + +Otherwise, if a device is removed while switching root, then the +corresponding .device unit will never go to inactive state. + +This replaces the code dropped by cf1ac0cfe44997747b0f857a1d0b67cea1298272. + +Fixes #25106. +--- + src/core/device.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/core/device.c b/src/core/device.c +index 7e354b2b4a..6e07f2745b 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -305,6 +305,19 @@ static int device_coldplug(Unit *u) { + found &= ~DEVICE_FOUND_UDEV; + if (state == DEVICE_PLUGGED) + state = DEVICE_TENTATIVE; ++ ++ /* Also check the validity of the device syspath. Without this check, if the device was ++ * removed while switching root, it would never go to inactive state, as both Device.found ++ * and Device.enumerated_found do not have the DEVICE_FOUND_UDEV flag, so device_catchup() in ++ * device_update_found_one() does nothing in most cases. See issue #25106. Note that the ++ * syspath field is only serialized when systemd is sufficiently new and the device has been ++ * already processed by udevd. */ ++ if (d->deserialized_sysfs) { ++ _cleanup_(sd_device_unrefp) sd_device *dev = NULL; ++ ++ if (sd_device_new_from_syspath(&dev, d->deserialized_sysfs) < 0) ++ state = DEVICE_DEAD; ++ } + } + + if (d->found == found && d->state == state) +-- +2.33.0 + diff --git a/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch b/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch new file mode 100644 index 0000000..29f5352 --- /dev/null +++ b/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch @@ -0,0 +1,91 @@ +From d35fe8c0afaa55441608cb7bbfa4af908e1ea8e3 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 5 May 2022 08:49:56 +0200 +Subject: [PATCH] core: introduce MANAGER_IS_SWITCHING_ROOT() helper function + +Will be used by the following commit. +--- + src/core/main.c | 3 +++ + src/core/manager.c | 6 ++++++ + src/core/manager.h | 6 ++++++ + 3 files changed, 15 insertions(+) + +diff --git a/src/core/main.c b/src/core/main.c +index 1213ad6..df4fb9d 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1981,6 +1981,8 @@ static int invoke_main_loop( + return 0; + + case MANAGER_SWITCH_ROOT: ++ manager_set_switching_root(m, true); ++ + if (!m->switch_root_init) { + r = prepare_reexecute(m, &arg_serialization, ret_fds, true); + if (r < 0) { +@@ -2899,6 +2901,7 @@ int main(int argc, char *argv[]) { + set_manager_defaults(m); + set_manager_settings(m); + manager_set_first_boot(m, first_boot); ++ manager_set_switching_root(m, arg_switched_root); + + /* Remember whether we should queue the default job */ + queue_default_job = !arg_serialization || arg_switched_root; +diff --git a/src/core/manager.c b/src/core/manager.c +index abc63a7..d3b7fc5 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -756,6 +756,10 @@ static int manager_setup_sigchld_event_source(Manager *m) { + return 0; + } + ++void manager_set_switching_root(Manager *m, bool switching_root) { ++ m->switching_root = MANAGER_IS_SYSTEM(m) && switching_root; ++} ++ + int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **_m) { + _cleanup_(manager_freep) Manager *m = NULL; + const char *e; +@@ -1799,6 +1803,8 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + + manager_ready(m); + ++ manager_set_switching_root(m, false); ++ + return 0; + } + +diff --git a/src/core/manager.h b/src/core/manager.h +index 14a80b3..453706c 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -400,6 +400,9 @@ struct Manager { + char *switch_root; + char *switch_root_init; + ++ /* This is true before and after switching root. */ ++ bool switching_root; ++ + /* This maps all possible path prefixes to the units needing + * them. It's a hashmap with a path string as key and a Set as + * value where Unit objects are contained. */ +@@ -461,6 +464,8 @@ static inline usec_t manager_default_timeout_abort_usec(Manager *m) { + /* The objective is set to OK as soon as we enter the main loop, and set otherwise as soon as we are done with it */ + #define MANAGER_IS_RUNNING(m) ((m)->objective == MANAGER_OK) + ++#define MANAGER_IS_SWITCHING_ROOT(m) ((m)->switching_root) ++ + #define MANAGER_IS_TEST_RUN(m) ((m)->test_run_flags != 0) + + int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **m); +@@ -525,6 +530,7 @@ void manager_set_show_status(Manager *m, ShowStatus mode, const char *reason); + void manager_override_show_status(Manager *m, ShowStatus mode, const char *reason); + + void manager_set_first_boot(Manager *m, bool b); ++void manager_set_switching_root(Manager *m, bool switching_root); + + void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) _printf_(4,5); + +-- +2.33.0 + diff --git a/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch b/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch new file mode 100644 index 0000000..5542dac --- /dev/null +++ b/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch @@ -0,0 +1,91 @@ +From fe432460c2ecbd3dd7f0fa16278b9d4ca57a0de3 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Wed, 10 May 2023 13:54:15 +0800 +Subject: [PATCH] core: only refuse Type=dbus service enqueuing if dbus has + stop job + +Follow-up for #27579 + +In #27579 we refused all StartUnit requests for Type=dbus units +if dbus is not running, which means if dbus is manually stopped, +user can't use systemctl to start Type=dbus units again, which +is incorrect. + +The only culprit that leads to the cancellation of the whole +transaction mentioned in #26799 is job type conflict on dbus. +So let's relax the restriction and only refuse job enqueuing +if dbus has a stop job. + +To summarize, the case we want to avoid is: + +1. dbus has a stop job installed +2. StartUnit/ActivationRequest is received +3. Type=dbus service gets started, which has Requires=dbus.socket +4. dbus is pulled in again, resulting in job type conflict + +What we can support is: + +1. dbus is already stopped +2. StartUnit is received (possibly through systemctl, i.e. on private bus) +3. Type=dbus service gets started, which will wait for dbus to start +4. dbus is started again, thus the job for Type=dbus service + +Replaces #27590 +Fixes #27588 +--- + src/core/dbus-unit.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c +index 295e271..24e4d25 100644 +--- a/src/core/dbus-unit.c ++++ b/src/core/dbus-unit.c +@@ -1849,6 +1849,7 @@ int bus_unit_queue_job( + sd_bus_error *error) { + + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ const char *dbus_unit; + int r; + + assert(message); +@@ -1879,13 +1880,30 @@ int bus_unit_queue_job( + (type == JOB_STOP && u->refuse_manual_stop) || + (IN_SET(type, JOB_RESTART, JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) || + (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start)) +- return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id); +- +- /* dbus-broker issues StartUnit for activation requests, so let's apply the same check +- * used in signal_activation_request(). */ +- if (type == JOB_START && u->type == UNIT_SERVICE && +- SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager)) +- return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running."); ++ return sd_bus_error_setf(error, ++ BUS_ERROR_ONLY_BY_DEPENDENCY, ++ "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", ++ u->id); ++ ++ /* dbus-broker issues StartUnit for activation requests, and Type=dbus services automatically ++ * gain dependency on dbus.socket. Therefore, if dbus has a pending stop job, the new start ++ * job that pulls in dbus again would cause job type conflict. Let's avoid that by rejecting ++ * job enqueuing early. ++ * ++ * Note that unlike signal_activation_request(), we can't use unit_inactive_or_pending() ++ * here. StartUnit is a more generic interface, and thus users are allowed to use e.g. systemctl ++ * to start Type=dbus services even when dbus is inactive. */ ++ if (type == JOB_START && u->type == UNIT_SERVICE && SERVICE(u)->type == SERVICE_DBUS) ++ FOREACH_STRING(dbus_unit, SPECIAL_DBUS_SOCKET, SPECIAL_DBUS_SERVICE) { ++ Unit *dbus; ++ ++ dbus = manager_get_unit(u->manager, dbus_unit); ++ if (dbus && unit_stop_pending(dbus)) ++ return sd_bus_error_setf(error, ++ BUS_ERROR_SHUTTING_DOWN, ++ "Operation for unit %s refused, D-Bus is shutting down.", ++ u->id); ++ } + + r = sd_bus_message_new_method_return(message, &reply); + if (r < 0) +-- +2.33.0 + diff --git a/backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch b/backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch new file mode 100644 index 0000000..a13a210 --- /dev/null +++ b/backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch @@ -0,0 +1,43 @@ +From 53964fd26b4a01191609ffc064aa8ccccd28e377 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Tue, 9 May 2023 00:07:45 +0800 +Subject: [PATCH] core: refuse dbus activation if dbus is not running + +dbus-broker issues StartUnit directly for activation requests, +so let's add a check on bus state in bus_unit_queue_job to refuse +that if dbus is not running. + +Replaces #27570 +Closes #26799 +--- + src/core/dbus-unit.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c +index c42ae5e..295e271 100644 +--- a/src/core/dbus-unit.c ++++ b/src/core/dbus-unit.c +@@ -21,6 +21,7 @@ + #include "path-util.h" + #include "process-util.h" + #include "selinux-access.h" ++#include "service.h" + #include "signal-util.h" + #include "special.h" + #include "string-table.h" +@@ -1880,6 +1881,12 @@ int bus_unit_queue_job( + (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start)) + return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id); + ++ /* dbus-broker issues StartUnit for activation requests, so let's apply the same check ++ * used in signal_activation_request(). */ ++ if (type == JOB_START && u->type == UNIT_SERVICE && ++ SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager)) ++ return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running."); ++ + r = sd_bus_message_new_method_return(message, &reply); + if (r < 0) + return r; +-- +2.33.0 + diff --git a/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch b/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch new file mode 100644 index 0000000..98c27fa --- /dev/null +++ b/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch @@ -0,0 +1,113 @@ +From 7870de03c52982290f9b8ae11eb4d89db66f4be3 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 5 May 2022 11:11:57 +0200 +Subject: [PATCH] core: replace m->honor_device_enumeration with + MANAGER_IS_SWITCHING_ROOT() + +--- + src/core/device.c | 7 +++---- + src/core/manager.c | 21 +-------------------- + src/core/manager.h | 2 -- + 3 files changed, 4 insertions(+), 26 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index d9669e3..0bca0ff 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -189,9 +189,8 @@ static int device_coldplug(Unit *u) { + * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, + * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be + * ignored, as udev rules in initramfs and the main system are often different. If the deserialized +- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody +- * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false +- * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. ++ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting ++ * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called. + * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd + * will (re-)process all devices, and the Device.found and Device.state will be adjusted. + * +@@ -199,7 +198,7 @@ static int device_coldplug(Unit *u) { + * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by + * device_catchup() or uevents. */ + +- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && ++ if (MANAGER_IS_SWITCHING_ROOT(m) && + !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { + found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ + if (state == DEVICE_PLUGGED) +diff --git a/src/core/manager.c b/src/core/manager.c +index 5ed7191..91e9b2a 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1689,8 +1689,6 @@ static void manager_ready(Manager *m) { + + /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ + manager_catchup(m); +- +- m->honor_device_enumeration = true; + } + + static Manager* manager_reloading_start(Manager *m) { +@@ -3259,9 +3257,6 @@ int manager_serialize( + (void) serialize_bool(f, "taint-logged", m->taint_logged); + (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); + +- /* After switching root, udevd has not been started yet. So, enumeration results should not be emitted. */ +- (void) serialize_bool(f, "honor-device-enumeration", !switching_root); +- + if (m->show_status_overridden != _SHOW_STATUS_INVALID) + (void) serialize_item(f, "show-status-overridden", + show_status_to_string(m->show_status_overridden)); +@@ -3635,15 +3630,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + else + m->service_watchdogs = b; + +- } else if ((val = startswith(l, "honor-device-enumeration="))) { +- int b; +- +- b = parse_boolean(val); +- if (b < 0) +- log_notice("Failed to parse honor-device-enumeration flag '%s', ignoring.", val); +- else +- m->honor_device_enumeration = b; +- + } else if ((val = startswith(l, "show-status-overridden="))) { + ShowStatus s; + +@@ -3767,7 +3753,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + + if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ + (void) deserialize_dual_timestamp(val, m->timestamps + q); +- else if (!startswith(l, "kdbus-fd=")) /* ignore kdbus */ ++ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ + log_notice("Unknown serialization item '%s', ignoring.", l); + } + } +@@ -3860,11 +3846,6 @@ int manager_reload(Manager *m) { + assert(m->n_reloading > 0); + m->n_reloading--; + +- /* On manager reloading, device tag data should exists, thus, we should honor the results of device +- * enumeration. The flag should be always set correctly by the serialized data, but it may fail. So, +- * let's always set the flag here for safety. */ +- m->honor_device_enumeration = true; +- + manager_ready(m); + + m->send_reloading_done = true; +diff --git a/src/core/manager.h b/src/core/manager.h +index 453706c..67c204f 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -442,8 +442,6 @@ struct Manager { + unsigned sigchldgen; + unsigned notifygen; + +- bool honor_device_enumeration; +- + VarlinkServer *varlink_server; + /* Only systemd-oomd should be using this to subscribe to changes in ManagedOOM settings */ + Varlink *managed_oom_varlink_request; +-- +2.33.0 + diff --git a/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch b/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch new file mode 100644 index 0000000..08a96a1 --- /dev/null +++ b/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch @@ -0,0 +1,47 @@ +From 4617bad0a3b5d8026243cb4e72a5cae25ca106f0 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 6 May 2022 14:01:22 +0900 +Subject: [PATCH] core/slice: make slice_freezer_action() return 0 if freezing + state is unchanged + +Fixes #23278. + +(cherry picked from commit d171e72e7afa11b238ba20758384d223b0c76e39) +--- + src/core/slice.c | 6 +----- + src/core/unit.c | 2 ++ + 2 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/core/slice.c b/src/core/slice.c +index 2e43c00119..c453aa033e 100644 +--- a/src/core/slice.c ++++ b/src/core/slice.c +@@ -389,11 +389,7 @@ static int slice_freezer_action(Unit *s, FreezerAction action) { + return r; + } + +- r = unit_cgroup_freezer_action(s, action); +- if (r < 0) +- return r; +- +- return 1; ++ return unit_cgroup_freezer_action(s, action); + } + + static int slice_freeze(Unit *s) { +diff --git a/src/core/unit.c b/src/core/unit.c +index b233aca28c..3bceba1317 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -5831,6 +5831,8 @@ static int unit_freezer_action(Unit *u, FreezerAction action) { + if (r <= 0) + return r; + ++ assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING)); ++ + return 1; + } + +-- +2.33.0 + diff --git a/backport-core-timer-fix-memleak.patch b/backport-core-timer-fix-memleak.patch new file mode 100644 index 0000000..2d04881 --- /dev/null +++ b/backport-core-timer-fix-memleak.patch @@ -0,0 +1,61 @@ +From 82362b16ac842fc38340d21ebf39b259c5edaed3 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 10 May 2022 14:09:24 +0900 +Subject: [PATCH] core/timer: fix memleak + +Fixes #23326. + +(cherry picked from commit d3ab7b8078944db28bc621f43dd942a3c878fffb) +--- + src/core/timer.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index a13b864741..0dc49dd46b 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -135,6 +135,7 @@ static int timer_add_trigger_dependencies(Timer *t) { + } + + static int timer_setup_persistent(Timer *t) { ++ _cleanup_free_ char *stamp_path = NULL; + int r; + + assert(t); +@@ -148,13 +149,13 @@ static int timer_setup_persistent(Timer *t) { + if (r < 0) + return r; + +- t->stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); ++ stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); + } else { + const char *e; + + e = getenv("XDG_DATA_HOME"); + if (e) +- t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); ++ stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); + else { + + _cleanup_free_ char *h = NULL; +@@ -163,14 +164,14 @@ static int timer_setup_persistent(Timer *t) { + if (r < 0) + return log_unit_error_errno(UNIT(t), r, "Failed to determine home directory: %m"); + +- t->stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); ++ stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); + } + } + +- if (!t->stamp_path) ++ if (!stamp_path) + return log_oom(); + +- return 0; ++ return free_and_replace(t->stamp_path, stamp_path); + } + + static uint64_t timer_get_fixed_delay_hash(Timer *t) { +-- +2.33.0 + diff --git a/backport-core-timer-fix-potential-use-after-free.patch b/backport-core-timer-fix-potential-use-after-free.patch new file mode 100644 index 0000000..fc0569e --- /dev/null +++ b/backport-core-timer-fix-potential-use-after-free.patch @@ -0,0 +1,26 @@ +From 38410e13ec9b1b67364f2f0af3b27d9e934bcd96 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 10 May 2022 14:10:17 +0900 +Subject: [PATCH] core/timer: fix potential use-after-free + +(cherry picked from commit 756491af392a99c4286d876b0041535e50df80ad) +--- + src/core/timer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index 0dc49dd46b..b439802bc2 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -68,7 +68,7 @@ static void timer_done(Unit *u) { + t->monotonic_event_source = sd_event_source_disable_unref(t->monotonic_event_source); + t->realtime_event_source = sd_event_source_disable_unref(t->realtime_event_source); + +- free(t->stamp_path); ++ t->stamp_path = mfree(t->stamp_path); + } + + static int timer_verify(Timer *t) { +-- +2.33.0 + diff --git a/backport-core-unit-fix-use-after-free.patch b/backport-core-unit-fix-use-after-free.patch new file mode 100644 index 0000000..9998e8f --- /dev/null +++ b/backport-core-unit-fix-use-after-free.patch @@ -0,0 +1,30 @@ +From 3daae8785764304a65892ddcd548b6aae16c9463 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 9 May 2022 00:56:05 +0900 +Subject: [PATCH] core/unit: fix use-after-free + +Fixes #23312. + +(cherry picked from commit 734582830b58e000a26e18807ea277c18778573c) +--- + src/core/unit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index af6cf097fc..b233aca28c 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -671,8 +671,8 @@ Unit* unit_free(Unit *u) { + + unit_dequeue_rewatch_pids(u); + +- sd_bus_slot_unref(u->match_bus_slot); +- sd_bus_track_unref(u->bus_track); ++ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); ++ u->bus_track = sd_bus_track_unref(u->bus_track); + u->deserialized_refs = strv_free(u->deserialized_refs); + u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message); + +-- +2.33.0 + diff --git a/backport-manager-allow-transient-units-to-have-drop-ins.patch b/backport-manager-allow-transient-units-to-have-drop-ins.patch new file mode 100644 index 0000000..32d6250 --- /dev/null +++ b/backport-manager-allow-transient-units-to-have-drop-ins.patch @@ -0,0 +1,89 @@ +From 1a09fb995e0e84c2a5f40945248644b174863c6b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 14 Oct 2022 15:02:20 +0200 +Subject: [PATCH] manager: allow transient units to have drop-ins + +In https://github.com/containers/podman/issues/16107, starting of a transient +slice unit fails because there's a "global" drop-in +/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by +systemd-oomd-defaults package to install some default oomd policy). This means +that the unit_is_pristine() check fails and starting of the unit is forbidden. + +It seems pretty clear to me that dropins at any other level then the unit +should be ignored in this check: we now have multiple layers of drop-ins +(for each level of the cgroup path, and also "global" ones for a specific +unit type). If we install a "global" drop-in, we wouldn't be able to start +any transient units of that type, which seems undesired. + +In principle we could reject dropins at the unit level, but I don't think that +is useful. The whole reason for drop-ins is that they are "add ons", and there +isn't any particular reason to disallow them for transient units. It would also +make things harder to implement and describe: one place for drop-ins is good, +but another is bad. (And as a corner case: for instanciated units, a drop-in +in the template would be acceptable, but a instance-specific drop-in bad?) + +Thus, $subject. + +While at it, adjust the message. All the conditions in unit_is_pristine() +essentially mean that it wasn't loaded (e.g. it might be in an error state), +and that it doesn't have a fragment path (now that drop-ins are acceptable). +If there's a job for it, it necessarilly must have been loaded. If it is +merged into another unit, it also was loaded and found to be an alias. +Based on the discussion in the bugs, it seems that the current message +is far from obvious ;) + +Fixes https://github.com/containers/podman/issues/16107, +https://bugzilla.redhat.com/show_bug.cgi?id=2133792. + +(cherry picked from commit 1f83244641f13a9cb28fdac7e3c17c5446242dfb) +(cherry picked from commit 98a45608c4bf5aa1ba9b603ac2e5730f13659d88) +--- + src/core/dbus-manager.c | 2 +- + src/core/unit.c | 14 ++++++++------ + 2 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 1a3098ceb1..9a2a5531c6 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -901,7 +901,7 @@ static int transient_unit_from_message( + + if (!unit_is_pristine(u)) + return sd_bus_error_setf(error, BUS_ERROR_UNIT_EXISTS, +- "Unit %s already exists.", name); ++ "Unit %s was already loaded or has a fragment file.", name); + + /* OK, the unit failed to load and is unreferenced, now let's + * fill in the transient data instead */ +diff --git a/src/core/unit.c b/src/core/unit.c +index a7b3208432..60e4e42d2f 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4806,16 +4806,18 @@ int unit_fail_if_noncanonical(Unit *u, const char* where) { + bool unit_is_pristine(Unit *u) { + assert(u); + +- /* Check if the unit already exists or is already around, +- * in a number of different ways. Note that to cater for unit +- * types such as slice, we are generally fine with units that +- * are marked UNIT_LOADED even though nothing was actually +- * loaded, as those unit types don't require a file on disk. */ ++ /* Check if the unit already exists or is already around, in a number of different ways. Note that to ++ * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED ++ * even though nothing was actually loaded, as those unit types don't require a file on disk. ++ * ++ * Note that we don't check for drop-ins here, because we allow drop-ins for transient units ++ * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service: ++ * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf. ++ */ + + return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && + !u->fragment_path && + !u->source_path && +- strv_isempty(u->dropin_paths) && + !u->job && + !u->merged_into; + } +-- +2.33.0 + diff --git a/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch b/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch new file mode 100644 index 0000000..7a0d94d --- /dev/null +++ b/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch @@ -0,0 +1,40 @@ +From b146a7345b69de16e88347acadb3783ffeeaad9d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 14 Oct 2022 14:40:24 +0200 +Subject: [PATCH] manager: reformat boolean expression in unit_is_pristine() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Not not IN_SET(…) is just too much for my poor brain. Let's invert +the expression to make it easier to undertand. +--- + src/core/unit.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index d6bea2080f..5016114cb4 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4850,12 +4850,12 @@ bool unit_is_pristine(Unit *u) { + * are marked UNIT_LOADED even though nothing was actually + * loaded, as those unit types don't require a file on disk. */ + +- return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) || +- u->fragment_path || +- u->source_path || +- !strv_isempty(u->dropin_paths) || +- u->job || +- u->merged_into); ++ return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && ++ !u->fragment_path && ++ !u->source_path && ++ strv_isempty(u->dropin_paths) && ++ !u->job && ++ !u->merged_into; + } + + pid_t unit_control_pid(Unit *u) { +-- +2.33.0 + diff --git a/backport-sd-event-always-initialize-sd_event.perturb.patch b/backport-sd-event-always-initialize-sd_event.perturb.patch new file mode 100644 index 0000000..8b28361 --- /dev/null +++ b/backport-sd-event-always-initialize-sd_event.perturb.patch @@ -0,0 +1,59 @@ +From f1a8b69808777aff37c036fd94a0275873d12407 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 23 Feb 2023 07:31:01 +0900 +Subject: [PATCH] sd-event: always initialize sd_event.perturb + +If the boot ID cannot be obtained, let's first fallback to the machine +ID, and if still cannot, then let's use 0. +Otherwise, no timer event source cannot be triggered. + +Fixes #26549. + +(cherry picked from commit 6d2326e036ceed30f9ccdb0266713c10a44dcf6c) +(cherry picked from commit 58c821af607b61738b7b72ad1452e70f648689a6) +(cherry picked from commit 78976199b2e016600c3f7cf8f39747c9ef6c853b) +(cherry picked from commit ac04d804c30f519918866fb4eeb3bc4a9cbadd43) +--- + src/libsystemd/sd-event/sd-event.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 89accdce00..37565b17be 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -1126,22 +1126,21 @@ _public_ int sd_event_add_io( + } + + static void initialize_perturb(sd_event *e) { +- sd_id128_t bootid = {}; ++ sd_id128_t id = {}; + +- /* When we sleep for longer, we try to realign the wakeup to +- the same time within each minute/second/250ms, so that +- events all across the system can be coalesced into a single +- CPU wakeup. However, let's take some system-specific +- randomness for this value, so that in a network of systems +- with synced clocks timer events are distributed a +- bit. Here, we calculate a perturbation usec offset from the +- boot ID. */ ++ /* When we sleep for longer, we try to realign the wakeup to the same time within each ++ * minute/second/250ms, so that events all across the system can be coalesced into a single CPU ++ * wakeup. However, let's take some system-specific randomness for this value, so that in a network ++ * of systems with synced clocks timer events are distributed a bit. Here, we calculate a ++ * perturbation usec offset from the boot ID (or machine ID if failed, e.g. /proc is not mounted). */ + + if (_likely_(e->perturb != USEC_INFINITY)) + return; + +- if (sd_id128_get_boot(&bootid) >= 0) +- e->perturb = (bootid.qwords[0] ^ bootid.qwords[1]) % USEC_PER_MINUTE; ++ if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0) ++ e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE; ++ else ++ e->perturb = 0; /* This is a super early process without /proc and /etc ?? */ + } + + static int event_setup_timer_fd( +-- +2.33.0 + diff --git a/backport-sd-event-fix-error-handling.patch b/backport-sd-event-fix-error-handling.patch new file mode 100644 index 0000000..a0b07c4 --- /dev/null +++ b/backport-sd-event-fix-error-handling.patch @@ -0,0 +1,31 @@ +From 056fbe84ef67168adcaf41baa37de1b712f6fb74 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 23 Feb 2023 07:31:01 +0900 +Subject: [PATCH] sd-event: fix error handling + +Follow-up for 6d2326e036ceed30f9ccdb0266713c10a44dcf6c. + +(cherry picked from commit 1912f790fee9e0182acd77b77496f500094a140d) +(cherry picked from commit a719c2ec2f410f8b979cec04dcdac9af470ee52b) +(cherry picked from commit dd6561ff3e12314d41954b7ea8e3627101931a18) +(cherry picked from commit 8be4af42044969bc268b32ffe9570cee733fecf6) +--- + src/libsystemd/sd-event/sd-event.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 37565b17be..df4d9037ac 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -1137,7 +1137,7 @@ static void initialize_perturb(sd_event *e) { + if (_likely_(e->perturb != USEC_INFINITY)) + return; + +- if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0) ++ if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) >= 0) + e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE; + else + e->perturb = 0; /* This is a super early process without /proc and /etc ?? */ +-- +2.33.0 + diff --git a/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch b/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch new file mode 100644 index 0000000..fbc2b69 --- /dev/null +++ b/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch @@ -0,0 +1,27 @@ +From 5e069e405a73ff5a406598436fe21d6dabbb281c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 4 May 2022 16:05:04 +0900 +Subject: [PATCH] sd-lldp: use memcpy_safe() as the buffer size may be zero + +(cherry picked from commit 87bd4b79e692f384c2190c9b3824df4853333018) +--- + src/libsystemd-network/lldp-neighbor.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c +index 372bc2ef93..bc98235ce1 100644 +--- a/src/libsystemd-network/lldp-neighbor.c ++++ b/src/libsystemd-network/lldp-neighbor.c +@@ -652,7 +652,8 @@ int sd_lldp_neighbor_from_raw(sd_lldp_neighbor **ret, const void *raw, size_t ra + if (!n) + return -ENOMEM; + +- memcpy(LLDP_NEIGHBOR_RAW(n), raw, raw_size); ++ memcpy_safe(LLDP_NEIGHBOR_RAW(n), raw, raw_size); ++ + r = lldp_neighbor_parse(n); + if (r < 0) + return r; +-- +2.33.0 + diff --git a/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch b/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch new file mode 100644 index 0000000..bd18b74 --- /dev/null +++ b/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch @@ -0,0 +1,31 @@ +From 412b89a6e8055f2c8c9db4b6b847f081e00461ff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 6 May 2022 17:36:47 +0200 +Subject: [PATCH] shared/bootspec: avoid crashing on config without a value + +(cherry picked from commit b6bd2562ebb01b48cdb55a970d9daa1799b59876) +--- + src/shared/bootspec.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c +index 0076092c2a..9e2b2899bd 100644 +--- a/src/shared/bootspec.c ++++ b/src/shared/bootspec.c +@@ -124,6 +124,13 @@ static int boot_entry_load( + continue; + } + ++ if (isempty(p)) { ++ /* Some fields can reasonably have an empty value. In other cases warn. */ ++ if (!STR_IN_SET(field, "options", "devicetree-overlay")) ++ log_warning("%s:%u: Field %s without value", tmp.path, line, field); ++ continue; ++ } ++ + if (streq(field, "title")) + r = free_and_strdup(&tmp.title, p); + else if (streq(field, "version")) +-- +2.33.0 + diff --git a/backport-shared-json-fix-memory-leak-on-failed-normalization.patch b/backport-shared-json-fix-memory-leak-on-failed-normalization.patch new file mode 100644 index 0000000..f7fd5ef --- /dev/null +++ b/backport-shared-json-fix-memory-leak-on-failed-normalization.patch @@ -0,0 +1,34 @@ +From c1dbf637d7f5588a19b5d9ea812fee2e68a6dcfa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 9 May 2022 14:28:36 +0200 +Subject: [PATCH] shared/json: fix memory leak on failed normalization + +We need to increase the counter immediately after taking the ref, +otherwise we may not unref it properly if we fail before incrementing. + +(cherry picked from commit 7e4be6a5845f983a299932d4ccb2c4349cf8dd52) +--- + src/shared/json.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/shared/json.c b/src/shared/json.c +index dff95eda26..711aa36c87 100644 +--- a/src/shared/json.c ++++ b/src/shared/json.c +@@ -4680,10 +4680,11 @@ int json_variant_normalize(JsonVariant **v) { + if (!a) + return -ENOMEM; + +- for (i = 0; i < m; i++) { ++ for (i = 0; i < m; ) { + a[i] = json_variant_ref(json_variant_by_index(*v, i)); ++ i++; + +- r = json_variant_normalize(a + i); ++ r = json_variant_normalize(&a[i-1]); + if (r < 0) + goto finish; + } +-- +2.33.0 + diff --git a/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch b/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch new file mode 100644 index 0000000..fa24a29 --- /dev/null +++ b/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch @@ -0,0 +1,31 @@ +From 6100e1dded709f681aca0cf913095e2591a54e33 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 21 May 2022 03:03:21 +0900 +Subject: [PATCH] sysext: refuse empty release ID to avoid triggering assertion + +Otherwise, the assertion in extension_release_validate() will be +triggered. + +(cherry picked from commit 30e29edf4c0bb025aa7dc03c415b727fddf996ac) +--- + src/sysext/sysext.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c +index 60789e0f2c..4245bf1760 100644 +--- a/src/sysext/sysext.c ++++ b/src/sysext/sysext.c +@@ -483,6 +483,10 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { + "SYSEXT_LEVEL", &host_os_release_sysext_level); + if (r < 0) + return log_error_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(arg_root)); ++ if (isempty(host_os_release_id)) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), ++ "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", ++ empty_to_root(arg_root)); + + /* Let's now mount all images */ + HASHMAP_FOREACH(img, images) { +-- +2.33.0 + diff --git a/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch b/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch new file mode 100644 index 0000000..36080c7 --- /dev/null +++ b/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch @@ -0,0 +1,113 @@ +From 1fb7f8e15e19fbe61230b70203b0c35fca54f0a0 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 25 May 2022 17:39:14 +0200 +Subject: [PATCH] test: cover initrd->sysroot transition in TEST-24 + +This should cover cases regarding devices with `OPTIONS+="db_persist"` +during initrd->sysroot transition. + +See: + * https://github.com/systemd/systemd/issues/23429 + * https://github.com/systemd/systemd/pull/23218 + * https://github.com/systemd/systemd/pull/23489 + * https://bugzilla.redhat.com/show_bug.cgi?id=2087225 +--- + test/TEST-24-CRYPTSETUP/test.sh | 61 ++++++++++++++++----------------- + 1 file changed, 29 insertions(+), 32 deletions(-) + +diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh +index 2c13126..a52848b 100755 +--- a/test/TEST-24-CRYPTSETUP/test.sh ++++ b/test/TEST-24-CRYPTSETUP/test.sh +@@ -9,6 +9,13 @@ TEST_FORCE_NEWIMAGE=1 + # shellcheck source=test/test-functions + . "${TEST_BASE_DIR:?}/test-functions" + ++PART_UUID="deadbeef-dead-dead-beef-000000000000" ++DM_NAME="test24_varcrypt" ++# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on ++# the rootfs and we would get a (harmless) error when trying to mount it after ++# switching root (since rootfs is already mounted) ++KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" ++ + check_result_qemu() { + local ret=1 + +@@ -16,12 +23,12 @@ check_result_qemu() { + [[ -e "${initdir:?}/testok" ]] && ret=0 + [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" + +- cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" +- mount /dev/mapper/varcrypt "$initdir/var" ++ cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" ++ mount "/dev/mapper/$DM_NAME" "$initdir/var" + save_journal "$initdir/var/log/journal" + _umount_dir "$initdir/var" + _umount_dir "$initdir" +- cryptsetup luksClose /dev/mapper/varcrypt ++ cryptsetup luksClose "/dev/mapper/$DM_NAME" + + [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" + echo "${JOURNAL_LIST:-No journals were saved}" +@@ -34,39 +41,29 @@ test_create_image() { + create_empty_image_rootdir + + echo -n test >"${TESTDIR:?}/keyfile" +- cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" +- cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" +- mkfs.ext4 -L var /dev/mapper/varcrypt ++ cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" ++ cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" ++ mkfs.ext4 -L var "/dev/mapper/$DM_NAME" + mkdir -p "${initdir:?}/var" +- mount /dev/mapper/varcrypt "$initdir/var" +- +- # Create what will eventually be our root filesystem onto an overlay +- ( +- LOG_LEVEL=5 +- # shellcheck source=/dev/null +- source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) +- # shellcheck source=/dev/null +- source <(udevadm info --export --query=env --name="${LOOPDEV}p2") +- +- setup_basic_environment +- mask_supporting_services +- +- install_dmevent +- generate_module_dependencies +- cat >"$initdir/etc/crypttab" <"$initdir/etc/varkey" +- ddebug <"$initdir/etc/crypttab" ++ mount "/dev/mapper/$DM_NAME" "$initdir/var" ++ ++ LOG_LEVEL=5 ++ ++ setup_basic_environment ++ mask_supporting_services ++ ++ install_dmevent ++ generate_module_dependencies ++ ++ echo -n test >"$initdir/etc/varkey" + +- cat >>"$initdir/etc/fstab" <>"$initdir/etc/fstab" <> "$initdir/etc/systemd/journald.conf" +- ) ++ # Forward journal messages to the console, so we have something ++ # to investigate even if we fail to mount the encrypted /var ++ echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" + } + + cleanup_root_var() { +-- +2.33.0 + diff --git a/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch b/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch new file mode 100644 index 0000000..82412cc --- /dev/null +++ b/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch @@ -0,0 +1,66 @@ +From b22d90e59438481b421b1eb2449e6efdfb7f2118 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 26 May 2022 13:19:11 +0200 +Subject: [PATCH] test: generate a custom initrd for TEST-24 if $INITRD is + unset + +Co-Authored-By: Yu Watanabe +--- + test/TEST-24-CRYPTSETUP/test.sh | 24 ++++++++++++++++++++++++ + test/test-functions | 5 +++++ + 2 files changed, 29 insertions(+) + +diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh +index a52848b..c18f4aa 100755 +--- a/test/TEST-24-CRYPTSETUP/test.sh ++++ b/test/TEST-24-CRYPTSETUP/test.sh +@@ -64,6 +64,30 @@ EOF + # Forward journal messages to the console, so we have something + # to investigate even if we fail to mount the encrypted /var + echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" ++ ++ # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt ++ # support ++ if [[ -z "$INITRD" ]]; then ++ INITRD="${TESTDIR:?}/initrd.img" ++ dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'" ++ ++ if command -v dracut >/dev/null; then ++ dracut --force --verbose --add crypt "$INITRD" ++ elif command -v mkinitcpio >/dev/null; then ++ mkinitcpio --addhooks sd-encrypt --generate "$INITRD" ++ elif command -v mkinitramfs >/dev/null; then ++ # The cryptroot hook is provided by the cryptsetup-initramfs package ++ if ! dpkg-query -s cryptsetup-initramfs; then ++ derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd" ++ return 1 ++ fi ++ ++ mkinitramfs -o "$INITRD" ++ else ++ dfatal "Unrecognized initrd generator, can't continue" ++ return 1 ++ fi ++ fi + } + + cleanup_root_var() { +diff --git a/test/test-functions b/test/test-functions +index bef87ca..0239bbc 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -325,6 +325,11 @@ qemu_min_version() { + # Return 0 if QEMU did run (then you must check the result state/logs for actual + # success), or 1 if QEMU is not available. + run_qemu() { ++ # If the test provided its own initrd, use it (e.g. TEST-24) ++ if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then ++ INITRD="$TESTDIR/initrd.img" ++ fi ++ + if [ -f /etc/machine-id ]; then + read -r MACHINE_ID +Date: Thu, 26 May 2022 14:52:52 +0200 +Subject: [PATCH] test: store the key on a separate device + +--- + test/TEST-24-CRYPTSETUP/test.sh | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh +index bdf630d912..b81b811654 100755 +--- a/test/TEST-24-CRYPTSETUP/test.sh ++++ b/test/TEST-24-CRYPTSETUP/test.sh +@@ -12,10 +12,8 @@ TEST_FORCE_NEWIMAGE=1 + + PART_UUID="deadbeef-dead-dead-beef-000000000000" + DM_NAME="test24_varcrypt" +-# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on +-# the rootfs and we would get a (harmless) error when trying to mount it after +-# switching root (since rootfs is already mounted) +-KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" ++KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev" ++QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img" + + check_result_qemu() { + local ret=1 +@@ -57,7 +55,13 @@ test_create_image() { + install_dmevent + generate_module_dependencies + +- echo -n test >"$initdir/etc/varkey" ++ # Create a keydev ++ dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16 ++ mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img" ++ mkdir -p "$STATEDIR/keydev" ++ mount "$STATEDIR/keydev.img" "$STATEDIR/keydev" ++ echo -n test >"$STATEDIR/keydev/keyfile" ++ umount "$STATEDIR/keydev" + + cat >>"$initdir/etc/fstab" < +Date: Wed, 4 May 2022 11:35:19 +0000 +Subject: [PATCH] timedatectl: fix a memory leak + +``` +timedatectl list-timezones --no-pager +... +==164329==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 8192 byte(s) in 1 object(s) allocated from: + #0 0x7fe8a74b6f8c in reallocarray (/lib64/libasan.so.6+0xaef8c) + #1 0x7fe8a63485dc in strv_push ../src/basic/strv.c:419 + #2 0x7fe8a6349419 in strv_consume ../src/basic/strv.c:490 + #3 0x7fe8a634958d in strv_extend ../src/basic/strv.c:542 + #4 0x7fe8a643d787 in bus_message_read_strv_extend ../src/libsystemd/sd-bus/bus-message.c:5606 + #5 0x7fe8a643db9d in sd_bus_message_read_strv ../src/libsystemd/sd-bus/bus-message.c:5628 + #6 0x4085fb in list_timezones ../src/timedate/timedatectl.c:314 + #7 0x7fe8a61ef3e1 in dispatch_verb ../src/shared/verbs.c:103 + #8 0x410f91 in timedatectl_main ../src/timedate/timedatectl.c:1025 + #9 0x41111c in run ../src/timedate/timedatectl.c:1043 + #10 0x411242 in main ../src/timedate/timedatectl.c:1046 + #11 0x7fe8a489df1f in __libc_start_call_main (/lib64/libc.so.6+0x40f1f) +``` + +(cherry picked from commit a2e37d52312806b1847800df2358e61276cda052) +--- + src/timedate/timedatectl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c +index 75ca6195da..31909064cf 100644 +--- a/src/timedate/timedatectl.c ++++ b/src/timedate/timedatectl.c +@@ -304,7 +304,7 @@ static int list_timezones(int argc, char **argv, void *userdata) { + sd_bus *bus = userdata; + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + int r; +- char** zones; ++ _cleanup_strv_free_ char **zones = NULL; + + r = bus_call_method(bus, bus_timedate, "ListTimezones", &error, &reply, NULL); + if (r < 0) +-- +2.33.0 + diff --git a/backport-udev-cdrom_id-check-last-track-info.patch b/backport-udev-cdrom_id-check-last-track-info.patch new file mode 100644 index 0000000..04ced42 --- /dev/null +++ b/backport-udev-cdrom_id-check-last-track-info.patch @@ -0,0 +1,31 @@ +From c3fcff52912b0323e11f535fce151dc758f111e6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 14 Aug 2022 06:00:10 +0900 +Subject: [PATCH] udev/cdrom_id: check last track info + +Fixes off-by-one issue. + +Fixes #24306. + +(cherry picked from commit 628998ecfa0d39b38874e1aecdb28022f80f3269) +(cherry picked from commit c67a388aeffcdc27ff280f01b7939005f7a9c8e9) +--- + src/udev/cdrom_id/cdrom_id.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c +index cdb66bb3b7..964eb6988e 100644 +--- a/src/udev/cdrom_id/cdrom_id.c ++++ b/src/udev/cdrom_id/cdrom_id.c +@@ -704,7 +704,7 @@ static int cd_media_toc(Context *c) { + /* Take care to not iterate beyond the last valid track as specified in + * the TOC, but also avoid going beyond the TOC length, just in case + * the last track number is invalidly large */ +- for (size_t i = 4; i + 8 < len && num_tracks > 0; i += 8, --num_tracks) { ++ for (size_t i = 4; i + 8 <= len && num_tracks > 0; i += 8, --num_tracks) { + bool is_data_track; + uint32_t block; + +-- +2.33.0 + diff --git a/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch b/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch new file mode 100644 index 0000000..2de832e --- /dev/null +++ b/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch @@ -0,0 +1,36 @@ +From 639423416c18c3a41a8f326618e340c25585a40a Mon Sep 17 00:00:00 2001 +From: Alban Bedel +Date: Wed, 15 Jun 2022 13:12:46 +0200 +Subject: [PATCH] units: remove the restart limit on the modprobe@.service + +They are various cases where the same module might be repeatedly +loaded in a short time frame, for example if a service depending on a +module keep restarting, or if many instances of such service get +started at the same time. If this happend the modprobe@.service +instance will be marked as failed because it hit the restart limit. + +Overall it doesn't seems to make much sense to have a restart limit on +the modprobe service so just disable it. + +Fixes: #23742 +(cherry picked from commit 9625350e5381a68c1179ae4581e7586c206663e1) +(cherry picked from commit 8539a62207c9d0cc1656458eb53ffc9177b2c7c8) +--- + units/modprobe@.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/modprobe@.service b/units/modprobe@.service +index cf8baf6084..85a2c08dee 100644 +--- a/units/modprobe@.service ++++ b/units/modprobe@.service +@@ -13,6 +13,7 @@ DefaultDependencies=no + Before=sysinit.target + Documentation=man:modprobe(8) + ConditionCapability=CAP_SYS_MODULE ++StartLimitIntervalSec=0 + + [Service] + Type=oneshot +-- +2.33.0 + diff --git a/core-cgroup-support-default-slice-for-all-uni.patch b/core-cgroup-support-default-slice-for-all-uni.patch index 158e9a9..361286c 100644 --- a/core-cgroup-support-default-slice-for-all-uni.patch +++ b/core-cgroup-support-default-slice-for-all-uni.patch @@ -71,9 +71,9 @@ index 25d058f..ddddc8e 100644 typedef struct Manager Manager; @@ -445,6 +446,7 @@ struct Manager { + unsigned sigchldgen; unsigned notifygen; - bool honor_device_enumeration; + char *default_unit_slice; bool in_manager_catchup; diff --git a/core-skip-change-device-to-dead-in-manager_catchup-d.patch b/core-skip-change-device-to-dead-in-manager_catchup-d.patch index 578134b..3c8bdbd 100644 --- a/core-skip-change-device-to-dead-in-manager_catchup-d.patch +++ b/core-skip-change-device-to-dead-in-manager_catchup-d.patch @@ -15,16 +15,16 @@ This patch just fix that fs will not unmounted during booting when calling daemon-reload, if boot time is more than 10min, just ensure fs will not unmounted during 10min after booting. --- - src/core/device.c | 16 ++++++++++++++++- + src/core/device.c | 16 +++++++++++++++- src/core/manager.c | 5 +++++ - src/core/manager.h | 1 + - 3 files changed, 21 insertions(+), 1 deletion(-) + src/core/manager.h | 2 ++ + 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/core/device.c b/src/core/device.c -index 8f30c4e..71cb2a1 100644 +index 58007cc..7be59bd 100644 --- a/src/core/device.c +++ b/src/core/device.c -@@ -646,7 +647,10 @@ static int device_process_new(Manager *m, sd_device *dev) { +@@ -728,7 +728,10 @@ static void device_process_new(Manager *m, sd_device *dev) { } static void device_found_changed(Device *d, DeviceFound previous, DeviceFound now) { @@ -35,7 +35,7 @@ index 8f30c4e..71cb2a1 100644 /* Didn't exist before, but does now? if so, generate a new invocation ID for it */ if (previous == DEVICE_NOT_FOUND && now != DEVICE_NOT_FOUND) -@@ -659,10 +663,21 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no +@@ -741,10 +744,21 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no /* If the device has not been seen by udev yet, but is now referenced by the kernel, then we assume the * kernel knows it now, and udev might soon too. */ device_set_state(d, DEVICE_TENTATIVE); @@ -59,10 +59,10 @@ index 8f30c4e..71cb2a1 100644 static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { diff --git a/src/core/manager.c b/src/core/manager.c -index 41b7cf7..b948ac6 100644 +index 5becd30..c5dd041 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -788,6 +788,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager +@@ -811,6 +811,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager .test_run_flags = test_run_flags, .default_oom_policy = OOM_STOP, @@ -70,7 +70,7 @@ index 41b7cf7..b948ac6 100644 }; #if ENABLE_EFI -@@ -1475,6 +1476,8 @@ static void manager_catchup(Manager *m) { +@@ -1579,6 +1580,8 @@ static void manager_catchup(Manager *m) { log_debug("Invoking unit catchup() handlers…"); @@ -79,7 +79,7 @@ index 41b7cf7..b948ac6 100644 /* Let's catch up on any state changes that happened while we were reloading/reexecing */ HASHMAP_FOREACH_KEY(u, k, m->units) { -@@ -1484,6 +1487,8 @@ static void manager_catchup(Manager *m) { +@@ -1588,6 +1591,8 @@ static void manager_catchup(Manager *m) { unit_catchup(u); } @@ -89,17 +89,18 @@ index 41b7cf7..b948ac6 100644 static void manager_distribute_fds(Manager *m, FDSet *fds) { diff --git a/src/core/manager.h b/src/core/manager.h -index d1e540a..73c149f 100644 +index 67c204f..d298dce 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -423,6 +423,7 @@ struct Manager { +@@ -442,6 +442,8 @@ struct Manager { + unsigned sigchldgen; unsigned notifygen; - bool honor_device_enumeration; + bool in_manager_catchup; - ++ VarlinkServer *varlink_server; /* Only systemd-oomd should be using this to subscribe to changes in ManagedOOM settings */ + Varlink *managed_oom_varlink_request; -- -2.23.0 +2.33.0 diff --git a/fix-mount-failed-while-daemon-reexec.patch b/fix-mount-failed-while-daemon-reexec.patch index 906483f..ea7e69b 100644 --- a/fix-mount-failed-while-daemon-reexec.patch +++ b/fix-mount-failed-while-daemon-reexec.patch @@ -2,30 +2,30 @@ From e485f8a182f8a141676f7ffe0311a1a4724c3c1a Mon Sep 17 00:00:00 2001 From: licunlong Date: Tue, 28 Jun 2022 21:56:26 +0800 Subject: [PATCH] fix mount failed while daemon-reexec - + --- src/core/manager.c | 1 + src/core/manager.h | 1 + src/core/mount.c | 5 ++++- 3 files changed, 6 insertions(+), 1 deletion(-) - + diff --git a/src/core/manager.c b/src/core/manager.c -index 5dff366..45c4ae0 100644 +index 55adcd1..74f8304 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -1762,6 +1762,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { +@@ -1808,6 +1808,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { } manager_ready(m); + m->mountinfo_uptodate = false; - return 0; - } + manager_set_switching_root(m, false); + diff --git a/src/core/manager.h b/src/core/manager.h -index cf6cd64..663fe8d 100644 +index 31b4670..df74200 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -238,6 +238,7 @@ struct Manager { +@@ -259,6 +259,7 @@ struct Manager { /* Data specific to the mount subsystem */ struct libmnt_monitor *mount_monitor; sd_event_source *mount_event_source; @@ -34,10 +34,10 @@ index cf6cd64..663fe8d 100644 /* Data specific to the swap filesystem */ FILE *proc_swaps; diff --git a/src/core/mount.c b/src/core/mount.c -index 6e514d5..25b0460 100644 +index 8fed04c..00482e9 100644 --- a/src/core/mount.c +++ b/src/core/mount.c -@@ -1684,6 +1684,7 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { +@@ -1785,6 +1785,7 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { (void) mount_setup_unit(m, device, path, options, fstype, set_flags); } @@ -45,7 +45,7 @@ index 6e514d5..25b0460 100644 return 0; } -@@ -1842,8 +1843,10 @@ static int mount_process_proc_self_mountinfo(Manager *m) { +@@ -1948,8 +1949,10 @@ static int mount_process_proc_self_mountinfo(Manager *m) { assert(m); r = drain_libmount(m); @@ -59,3 +59,4 @@ index 6e514d5..25b0460 100644 if (r < 0) { -- 2.33.0 + diff --git a/systemd.spec-bak b/systemd.spec-bak new file mode 100644 index 0000000..1dcb121 --- /dev/null +++ b/systemd.spec-bak @@ -0,0 +1,2701 @@ +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} +%global __requires_exclude pkg-config +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user +%global _docdir_fmt %{name} +%global _systemddir /usr/lib/systemd + +%ifarch aarch64 +%global efi_arch aa64 +%endif + +%ifarch x86_64 +%global efi_arch x64 +%endif + +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 +%endif + +Name: systemd +Url: https://www.freedesktop.org/wiki/Software/systemd +Version: 249 +Release: 51 +License: MIT and LGPLv2+ and GPLv2+ +Summary: System and Service Manager + + +Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz +Source3: purge-nobody-user +Source4: yum-protect-systemd.conf +Source5: inittab +Source6: sysctl.conf.README +Source7: systemd-journal-remote.xml +Source8: systemd-journal-gatewayd.xml +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: rc.local + +Source100: udev-40-generic.rules +Source101: udev-55-persistent-net-generator.rules +Source102: udev-56-net-sriov-names.rules +Source104: net-set-sriov-names +Source105: rule_generator.functions +Source106: write_net_rules +Source107: detect_virt + +Patch6000: backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch +Patch6001: backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch +Patch6002: backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch +Patch6003: backport-shared-format-table-allocate-buffer-of-sufficient-si.patch +Patch6004: backport-fix-CVE-2021-33910.patch +Patch6005: backport-sd-bus-fix-missing-initializer-in-SD_BUS_VTABLE_END-.patch +Patch6006: backport-pid1-propagate-the-original-command-line-when-reexec.patch +Patch6007: backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch +Patch6008: backport-machined-varlink-fix-double-free.patch +Patch6009: backport-malloc-uses-getrandom-now.patch +Patch6010: backport-discover-image-mount-as-read-only-when-extracting-me.patch +Patch6011: backport-networkd-Include-linux-netdevice.h-header.patch +Patch6012: backport-seccomp-drop-getrandom-from-system-service.patch +Patch6013: backport-seccomp-move-sched_getaffinity-from-system-service-t.patch +Patch6014: backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch +Patch6015: backport-Use-correct-fcntl.h-include.patch +Patch6016: backport-Use-correct-poll.h-include.patch +Patch6017: backport-veritysetup-print-help-for-help-h-help.patch +Patch6018: backport-network-use-address_equal-route_equal-to-compare-add.patch +Patch6019: backport-mkosi-openSUSE-update-bootable-no-dependencies.patch +Patch6020: backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch +Patch6021: backport-sd-netlink-always-append-new-bridge-FDB-entries.patch +Patch6022: backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch +Patch6023: backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch +Patch6024: backport-network-add-comments.patch +Patch6025: backport-network-ignore-errors-on-setting-bridge-config.patch +Patch6026: backport-network-ignore-errors-on-unsetting-master-ifindex.patch +Patch6027: backport-network-also-check-addresses-when-determine-a-gatewa.patch +Patch6028: backport-network-check-the-received-interface-name-is-actuall.patch +Patch6029: backport-network-configure-address-with-requested-lifetime.patch +Patch6030: backport-network-use-monotonic-instead-of-boot-time-to-handle.patch +Patch6031: backport-udev-when-setting-up-lo-do-not-return-an-error.patch +Patch6032: backport-network-fix-configuring-of-CAN-devices.patch +Patch6033: backport-network-fix-logic-for-checking-gateway-address-is-re.patch +Patch6034: backport-Fix-the-Failed-to-open-random-seed-.-message.patch +Patch6035: backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch +Patch6036: backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch +Patch6037: backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch +Patch6038: backport-Get-rid-of-dangling-setutxent.patch +Patch6039: backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch +Patch6040: backport-hostname-fix-off-by-one-issue-in-gethostname.patch +Patch6041: backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch +Patch6042: backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch +Patch6043: backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch +Patch6044: backport-sd-boot-Fix-possible-null-pointer-dereference.patch +Patch6045: backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch +Patch6046: backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch +Patch6047: backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch +Patch6048: backport-unit-coldplug-both-job-and-nop_job-if-possible.patch +Patch6049: backport-network-do-not-assume-the-highest-priority-when-Prio.patch +Patch6050: backport-fstab-generator-Respect-nofail-when-ordering.patch +Patch6051: backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch +Patch6052: backport-src-boot-efi-linux-fix-linux_exec-prototype.patch +Patch6053: backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch +Patch6054: backport-import-turn-off-weird-protocols-in-curl.patch +Patch6055: backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch +Patch6056: backport-icmp6-drop-unnecessary-assertion.patch +Patch6057: backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch +Patch6058: backport-timesync-check-cmsg-length.patch +Patch6059: backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch +Patch6060: backport-tpm-util-fix-TPM-parameter-handling.patch +Patch6061: backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch +Patch6062: backport-Drop-bundled-copy-of-linux-if_arp.h.patch +Patch6063: backport-explicitly-close-FIDO2-devices.patch +Patch6064: backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch +Patch6065: backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch +Patch6066: backport-core-Remove-circular-include.patch +Patch6067: backport-path-util-make-find_executable-work-without-proc-mou.patch +Patch6068: backport-Fix-another-crash-due-to-missing-NHDR.patch +Patch6069: backport-hwdb-remove-double-empty-line-in-help-text.patch +Patch6070: backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch +Patch6071: backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch +Patch6072: backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch +Patch6073: backport-homed-add-missing-SYNTHETIC_ERRNO.patch +Patch6074: backport-homed-remove-misplaced-assert.patch +Patch6075: backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch +Patch6076: backport-udev-fix-potential-memleak.patch +Patch6077: backport-nspawn-fix-type-to-pass-to-connect.patch +Patch6078: backport-home-secret-argument-of-handle_generic_user_record_e.patch +Patch6079: backport-docs-portablectl-is-in-bin.patch +Patch6080: backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch +Patch6081: backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch +Patch6082: backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch +Patch6083: backport-nss-systemd-ensure-returned-strings-point-into-provi.patch +Patch6084: backport-core-Parse-log-environment-settings-again-after-appl.patch +Patch6085: backport-network-fix-handling-of-network-interface-renaming.patch +Patch6086: backport-virt-Improve-detection-of-EC2-metal-instances.patch +Patch6087: backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch +Patch6088: backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch +Patch6089: backport-test-use-a-less-restrictive-portable-profile-when-ru.patch +Patch6090: backport-Respect-install_sysconfdir.patch +Patch6091: backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch +Patch6092: backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch +Patch6093: backport-watchdog-pass-right-error-code-to-log-function-so-th.patch +Patch6094: backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch +Patch6095: backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch +Patch6096: backport-fileio-start-with-4k-buffer-for-procfs.patch +Patch6097: backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch +Patch6098: backport-test-fileio-test-read_virtual_file-with-more-files-f.patch +Patch6099: backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch +Patch6100: backport-network-disable-event-sources-before-unref-them.patch +Patch6101: backport-libsystemd-network-disable-event-sources-before-unre.patch +Patch6102: backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch +Patch6103: backport-resolvconf-compat-make-u-operation-a-NOP.patch +Patch6104: backport-basic-unit-file-don-t-filter-out-names-starting-with.patch +Patch6105: backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch +Patch6106: backport-seccomp-Always-install-filters-for-native-architectu.patch +Patch6107: backport-test-Check-that-native-architecture-is-always-filter.patch +Patch6108: backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch +Patch6109: backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch +Patch6110: backport-repart-use-right-error-variable.patch +Patch6111: backport-basic-env-util-correctly-parse-extended-vars-after-n.patch +Patch6112: backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch +Patch6113: backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch +Patch6114: backport-core-service-also-check-path-in-exec-commands.patch +Patch6115: backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch +Patch6116: backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch +Patch6117: backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch +Patch6118: backport-coredumpctl-stop-truncating-information-about-coredu.patch +Patch6119: backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch +Patch6120: backport-sd-boot-Unify-error-handling.patch +Patch6121: backport-sd-boot-Rework-console-input-handling.patch +Patch6122: backport-coredump-fix-filename-in-journal-when-not-compressed.patch +Patch6123: backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch +Patch6124: backport-homework-fix-incorrect-error-variable-use.patch +Patch6125: backport-sd-device-monitor-update-log-message-to-clarify-the-.patch +Patch6126: backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch +Patch6127: backport-userdb-fix-type-to-pass-to-connect.patch +Patch6128: backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch +Patch6129: backport-utmp-remove-dev-from-line.patch +Patch6130: backport-network-route-fix-possible-overflow-in-conversion-us.patch +Patch6131: backport-varlink-disconnect-varlink-link-in-one-more-case.patch +Patch6132: backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch +Patch6133: backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch +Patch6134: backport-json-do-something-remotely-reasonable-when-we-see-Na.patch +Patch6135: backport-change-indicator-used-for-later-versions-of-VirtualB.patch +Patch6136: backport-hwdb-Allow-console-users-access-to-media-nodes.patch +Patch6137: backport-test-do-not-use-alloca-in-function-call.patch +Patch6138: backport-systemctl-pretty-print-ExtensionImages-property.patch +Patch6139: backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch +Patch6140: backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch +Patch6141: backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch +Patch6142: backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch +Patch6143: backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch +Patch6144: backport-execute-respect-selinux_context_ignore.patch +Patch6145: backport-core-ignore-failure-on-setting-smack-process-label-w.patch +Patch6146: backport-process-util-wait-for-processes-we-killed-even-if-ki.patch +Patch6147: backport-scope-count-successful-cgroup-additions-when-delegat.patch +Patch6148: backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch +Patch6149: backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch +Patch6150: backport-ci-fix-indentation.patch +Patch6151: backport-ci-cancel-previous-jobs-on-ref-update.patch +Patch6152: backport-ci-take-CIFuzz-s-matrix-into-consideration.patch +Patch6153: backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch +Patch6154: backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch +Patch6155: backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch +Patch6156: backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch +Patch6157: backport-user-record-fix-display-of-access-mode.patch +Patch6158: backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch +Patch6159: backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch +Patch6160: backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch +Patch6161: backport-Change-gendered-terms-to-be-gender-neutral-21325.patch +Patch6162: backport-binfmt-fix-exit-value.patch +Patch6163: backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch +Patch6164: backport-umask-util-add-helper-that-resets-umask-until-end-of.patch +Patch6165: backport-namespace-rebreak-a-few-comments.patch +Patch6166: backport-namespace-make-whole-namespace_setup-work-regardless.patch +Patch6167: backport-namespace-make-tmp-dir-handling-code-independent-of-.patch +Patch6168: backport-tests-add-test-case-for-UMask-BindPaths-combination.patch +Patch6169: backport-sd-dhcp6-client-constify-one-argument.patch +Patch6170: backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch +Patch6171: backport-test-add-tests-for-reading-unaligned-data.patch +Patch6172: backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch +Patch6173: backport-sd-dhcp6-client-constify-several-arguments.patch +Patch6174: backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch +Patch6175: backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch +Patch6176: backport-dhcp-fix-assertion-failure.patch +Patch6177: backport-network-address-read-flags-from-message-header-when-.patch +Patch6178: backport-seccomp-move-mprotect-to-default.patch +Patch6179: backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch +Patch6180: backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch +Patch6181: backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch +Patch6182: backport-analyze-fix-printing-config-when-there-is-no-main-co.patch +Patch6183: backport-resolved-fix-ResolveService-hostname-handling.patch +Patch6184: backport-resolved-properly-signal-transient-errors-back-to-NS.patch +Patch6185: backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch +Patch6186: backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch +Patch6187: backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch +Patch6188: backport-homework-fix-a-bad-error-propagation.patch +Patch6189: backport-journal-Remove-entry-seqnum-revert-logic.patch +Patch6190: backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch +Patch6191: backport-journal-Deduplicate-entry-items-before-they-are-stor.patch +Patch6192: backport-test-journal-flush-allow-testing-against-specific-fi.patch +Patch6193: backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch +Patch6194: backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch +Patch6195: backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch +Patch6196: backport-sd-dhcp6-client-fix-error-handling.patch +Patch6197: backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch +Patch6198: backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch +Patch6199: backport-cryptenroll-fix-wrong-error-messages.patch +Patch6200: backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch +Patch6201: backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch +Patch6202: backport-core-use-correct-level-for-CPU-time-log-message.patch +Patch6203: backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch +Patch6204: backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch +Patch6205: backport-resolve-remove-server-large-level.patch +Patch6206: backport-mkosi-Build-Fedora-35-images.patch +Patch6207: backport-home-fix-heap-use-after-free.patch +Patch6208: backport-journactl-show-info-about-journal-range-only-at-debu.patch +Patch6209: backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch +Patch6210: backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch +Patch6211: backport-repart-use-real-disk-start-end-for-bar-production.patch +Patch6212: backport-machined-set-TTYPath-for-container-shell.patch +Patch6213: backport-sd-journal-free-incomplete-match-on-failure.patch +Patch6214: backport-sd-journal-fix-segfault-when-match_new-fails.patch +Patch6215: backport-random-util-use-ssize_t-for-getrandom-return-value.patch +Patch6216: backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch +Patch6217: backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch +Patch6218: backport-sysusers-use-filename-if-proc-is-not-mounted.patch +Patch6219: backport-nss-systemd-fix-required-buffer-size-calculation.patch +Patch6220: backport-nss-systemd-fix-alignment-of-gr_mem.patch +Patch6221: backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch +Patch6222: backport-syscalls-update-syscall-definitions.patch +Patch6223: backport-missing-syscall-add-__NR_openat2.patch +Patch6224: backport-basic-log-allow-errno-values-higher-than-255.patch +Patch6225: backport-backlight-ignore-error-if-the-backlight-device-is-al.patch +Patch6226: backport-logind-do-not-propagate-error-in-delayed-action.patch +Patch6227: backport-test-watchdog-mark-as-unsafe.patch +Patch6228: backport-fstab-generator-skip-root-directory-handling-when-nf.patch +Patch6229: backport-seccomp-move-arch_prctl-to-default.patch +Patch6230: backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch +Patch6231: backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch +Patch6232: backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch +Patch6233: backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch +Patch6234: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch +Patch6235: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch +Patch6236: backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch +Patch6237: backport-nss-drop-dummy-setup_logging-helpers.patch +Patch6238: backport-nss-only-read-logging-config-from-environment-variab.patch +Patch6239: backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch +Patch6240: backport-policy-files-adjust-landing-page-link.patch +Patch6241: backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch +Patch6242: backport-journal-Skip-data-objects-with-invalid-offsets.patch +Patch6243: backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch +Patch6244: backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch +Patch6245: backport-dissect-image-validate-extension-release-even-if-the.patch +Patch6246: backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch +Patch6247: backport-resolve-fix-assertion-triggered-when-r-0.patch +Patch6248: backport-oomd-fix-race-with-path-unavailability-when-killing-.patch +Patch6249: backport-oomd-handle-situations-when-no-cgroups-are-killed.patch +Patch6250: backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch +Patch6251: backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch +Patch6252: backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch +Patch6253: backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch +Patch6254: backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch +Patch6255: backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch +Patch6256: backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch +Patch6257: backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch +Patch6258: backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch +Patch6259: backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch +Patch6260: backport-bus-util-retrieve-bus-error-from-message.patch +Patch6261: backport-core-unit-use-bus_error_message-at-one-more-place.patch +Patch6262: backport-login-use-bus_error_message-at-one-more-place.patch +Patch6263: backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch +Patch6264: backport-execute-use-_cleanup_-logic-where-appropriate.patch +Patch6265: backport-execute-line-break-comments-a-bit-less-aggressively.patch +Patch6266: backport-execute-document-that-the-env-param-is-input-and-out.patch +Patch6267: backport-sd-dhcp-lease-fix-memleak.patch +Patch6269: backport-util-another-set-of-CVE-2021-4034-assert-s.patch +Patch6270: backport-resolve-fix-potential-memleak-and-use-after-free.patch +Patch6271: backport-resolve-fix-possible-memleak.patch +Patch6272: backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch +Patch6273: backport-network-bridge-fix-endian-of-vlan-protocol.patch +Patch6274: backport-basic-escape-add-helper-for-quoting-command-lines.patch +Patch6275: backport-core-use-the-new-quoting-helper.patch +Patch6276: backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch +Patch6277: backport-sd-bus-print-debugging-information-if-bus_container_.patch +Patch6278: backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch +Patch6279: backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch +Patch6280: backport-sd-device-silence-gcc-warning-with-newest-gcc.patch +Patch6281: backport-packit-build-on-and-use-Fedora-35-spec-file.patch +Patch6282: backport-ci-use-the-system-llvm-11-package-on-Focal.patch +Patch6283: backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch +Patch6284: backport-resolve-add-reference-of-the-original-bus-message-to.patch +Patch6285: backport-ci-replace-apt-key-with-signed-by.patch +Patch6286: backport-ci-fix-clang-13-installation.patch +Patch6287: backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch +Patch6288: backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch +Patch6289: backport-packit-drop-unnumbered-patches-as-well.patch +Patch6290: backport-dns-domain-re-introduce-dns_name_is_empty.patch +Patch6291: backport-resolve-synthesize-empty-name.patch +Patch6292: backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch +Patch6293: backport-resolve-drop-never-matched-condition.patch +Patch6294: backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch +Patch6295: backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch +Patch6296: backport-pid1-watch-bus-name-always-when-we-have-it.patch +Patch6297: backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch +Patch6298: backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch +Patch6299: backport-pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-db.patch +Patch6300: backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch +Patch6301: backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch +Patch6302: backport-test-oomd-util-style-fixlets.patch +Patch6303: backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch +Patch6304: backport-test-fix-file-descriptor-leak-in-test-catalog.patch +Patch6305: backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch +Patch6306: backport-test-fix-file-descriptor-leak-in-test-fs-util.patch +Patch6307: backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch +Patch6308: backport-test-fix-file-descriptor-leak-in-test-psi-util.patch +Patch6309: backport-clang-format-we-actually-typically-use-16ch-continua.patch +Patch6310: backport-test-journal-send-close-fd-opend-by-syslog.patch +Patch6311: backport-journal-send-close-fd-on-exit-when-running-with-valg.patch +Patch6312: backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch +Patch6313: backport-mkosi-Remove-Arch-nspawn-workaround.patch +Patch6314: backport-core-check-size-before-mmap.patch +Patch6315: backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch +Patch6316: backport-dissect-image-add-extension-specific-validation-flag.patch +Patch6317: backport-portabled-error-out-if-there-are-no-units-only-after.patch +Patch6318: backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch +Patch6319: backport-portabled-refactor-extraction-validation-into-a-comm.patch +Patch6320: backport-portable-move-profile-search-helper-to-path-lookup.patch +Patch6321: backport-portable-add-flag-to-return-extension-releases-in-Ge.patch +Patch6322: backport-portablectl-reorder-if-branches-to-match-previous-co.patch +Patch6323: backport-portable-inline-one-variable-declaration.patch +Patch6324: backport-portable-add-return-parameter-to-GetImageMetadataWit.patch +Patch6325: backport-wait-online-rename-Manager-elements.patch +Patch6326: backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch +Patch6327: backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch +Patch6328: backport-kernel-install-also-remove-modules.builtin.alias.bin.patch +Patch6329: backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch +Patch6330: backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch +Patch6331: backport-unit-escape.patch +Patch6332: backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch +Patch6333: backport-udev-run-the-main-process-workers-and-spawned-comman.patch +Patch6334: backport-Add-meson-option-to-disable-urlify.patch +Patch6335: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +Patch6336: backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch +Patch6337: backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch +Patch6338: backport-virt-detect-OpenStack-Nova-instance.patch +Patch6339: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch6340: backport-revert-delete-initrd-usr-fs-target.patch +Patch6341: backport-journal-Only-move-to-objects-when-necessary.patch +Patch6342: backport-sd-device-introduce-device_has_devlink.patch +Patch6343: backport-udev-node-split-out-permission-handling-from-udev_no.patch +Patch6344: backport-udev-node-stack-directory-must-exist-when-adding-dev.patch +Patch6345: backport-udev-node-save-information-about-device-node-and-pri.patch +Patch6346: backport-udev-node-always-update-timestamp-of-stack-directory.patch +Patch6347: backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch +Patch6348: backport-udev-node-always-atomically-create-symlink-to-device.patch +Patch6349: backport-udev-node-check-stack-directory-change-even-if-devli.patch +Patch6350: backport-udev-node-shorten-code-a-bit-and-update-log-message.patch +Patch6351: backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch +Patch6352: backport-udev-node-drop-redundant-trial-of-devlink-creation.patch +Patch6353: backport-udev-node-simplify-the-example-of-race.patch +Patch6354: backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch +Patch6355: backport-calendarspec-fix-possibly-skips-next-elapse.patch +Patch6356: backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch +Patch6357: backport-core-command-argument-can-be-longer-than-PATH_MAX.patch +Patch6358: backport-hwdb-fix-parsing-options.patch +Patch6359: backport-sd-bus-fix-buffer-overflow.patch +Patch6360: backport-temporarily-disable-test-seccomp.patch +Patch6362: backport-meson.build-change-operator-combining-bools-from-to-.patch +Patch6363: backport-core-replace-slice-dependencies-as-they-get-added.patch +Patch6364: backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch +Patch6365: backport-revert-units-add-ProtectClock-yes.patch +Patch6366: backport-fix-CVE-2022-3821.patch +Patch6367: backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch +Patch6368: backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch +Patch6369: backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch +Patch6370: backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch +Patch6371: backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch +Patch6372: backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch +Patch6373: backport-coredump-Fix-format-string-type-mismatch.patch +Patch6374: backport-coredump-drop-an-unused-variable.patch +Patch6375: backport-CVE-2022-4415-coredump-adjust-whitespace.patch +Patch6376: backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch +Patch6377: backport-dns-domain-make-each-label-nul-terminated.patch +Patch6378: backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch +Patch6379: backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch +Patch6380: backport-growfs-don-t-actually-resize-on-dry-run.patch +Patch6381: backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch +Patch6382: backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch +Patch6383: backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch +Patch6384: backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch +Patch6385: backport-unit-file-avoid-null-in-debugging-logs.patch +Patch6386: backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch +Patch6387: backport-dhcp-fix-potential-buffer-overflow.patch +Patch6388: backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch +Patch6389: backport-sysusers-add-fsync-for-passwd-24324.patch +Patch6390: backport-condition-fix-device-tree-firmware-path.patch +Patch6391: backport-log-don-t-attempt-to-duplicate-closed-fd.patch +Patch6392: backport-mount-util-fix-error-code.patch +Patch6393: backport-analyze-add-forgotten-return-statement.patch +Patch6394: backport-shared-condition-avoid-nss-lookup-in-PID1.patch +Patch6395: backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch +Patch6396: backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch +Patch6397: backport-argv-util-also-update-program_invocation_short_name.patch +Patch6398: backport-pid1-fix-segv-triggered-by-status-query.patch +Patch6399: backport-main-log-which-process-send-SIGNAL-to-PID1.patch +Patch6400: backport-main-drop-get_process_cmdline-from-crash-handler.patch +Patch6401: backport-core-unit-drop-dependency-to-the-unit-being-merged.patch +Patch6402: backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch +Patch6403: backport-core-unit-merge-two-loops-into-one.patch +Patch6404: backport-core-unit-merge-unit-names-after-merging-deps.patch +Patch6405: backport-core-unit-fix-log-message.patch +Patch6406: backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch +Patch6407: backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch +Patch6408: backport-udev-move-several-functions.patch +Patch6409: backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch +Patch6410: backport-udev-make-event_free-return-NULL.patch +Patch6411: backport-udev-make-event_queue_start-return-negative-errno-on-error.patch +Patch6412: backport-udev-add-usec_add-at-one-more-place.patch +Patch6413: backport-udev-propagate-error-on-spawning-a-worker.patch +Patch6414: backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch +Patch6415: backport-udev-rename-is_device_busy-event_is_blocked.patch +Patch6416: backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch +Patch6417: backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch +Patch6418: backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch +Patch6419: backport-event-util-introduce-event_reset_time_relative.patch +Patch6420: backport-udev-update-comment-and-log-messages.patch +Patch6421: backport-udev-remove-run-udev-queue-in-on_post.patch +Patch6422: backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch +Patch6423: backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch +Patch6424: backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch +Patch6425: backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch +Patch6426: backport-udev-introduce-device_broadcast_helper_function.patch +Patch6427: backport-udev-store-action-in-struct-Event.patch +Patch6428: backport-udev-requeue-event-when-the-corresponding-block-device-is.patch +Patch6429: backport-udev-split-worker_lock_block_device-into-two.patch +Patch6430: backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch +Patch6431: backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch +Patch6432: backport-udev-certainly-restart-event-for-previously-locked-device.patch +Patch6433: backport-udev-drop-unnecessary-calls-of-event_queue_start.patch + +Patch9001: update-rtc-with-system-clock-when-shutdown.patch +Patch9002: udev-add-actions-while-rename-netif-failed.patch +Patch9003: fix-two-VF-virtual-machines-have-same-mac-address.patch +Patch9004: logind-set-RemoveIPC-to-false-by-default.patch +Patch9005: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +Patch9006: unit-don-t-add-Requires-for-tmp.mount.patch +Patch9007: rules-add-elevator-kernel-command-line-parameter.patch +Patch9008: rules-add-the-rule-that-adds-elevator-kernel-command.patch +Patch9009: units-add-Install-section-to-tmp.mount.patch +Patch9010: Make-systemd-udevd.service-start-after-systemd-remou.patch +Patch9011: udev-virsh-shutdown-vm.patch +Patch9012: sd-bus-properly-initialize-containers.patch +Patch9013: Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch9014: journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch9015: systemd-change-time-log-level.patch +Patch9016: fix-capsh-drop-but-ping-success.patch +Patch9017: resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch9018: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch9019: fix-journal-file-descriptors-leak-problems.patch +Patch9020: activation-service-must-be-restarted-when-reactivated.patch +Patch9021: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +Patch9022: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +Patch9023: disable-initialize_clock.patch +Patch9024: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch +Patch9025: check-whether-command_prev-is-null-before-assigning-.patch +Patch9027: core-skip-change-device-to-dead-in-manager_catchup-d.patch +Patch9028: revert-rpm-restart-services-in-posttrans.patch +Patch9029: Don-t-set-AlternativeNamesPolicy-by-default.patch +Patch9030: change-NTP-server-to-x.pool.ntp.org.patch +Patch9031: keep-weight-consistent-with-the-set-value.patch +Patch9032: Systemd-Add-sw64-architecture.patch +%ifarch loongarch64 +Patch9033: 0029-Add-support-for-the-LoongArch-architecture.patch +Patch9034: 0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch +Patch9035: add-loongarch-for-missing_syscall_def.patch +%endif +Patch9036: core-update-arg_default_rlimit-in-bump_rlimit.patch +Patch9037: set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch +Patch9038: core-cgroup-support-cpuset.patch +Patch9039: core-cgroup-support-freezer.patch +Patch9040: core-cgroup-support-memorysw.patch +Patch9041: systemd-core-Add-new-rules-for-lower-priority-events.patch +Patch9042: bugfix-also-stop-machine-when-a-machine-un.patch +Patch9043: print-the-process-status-to-console-when-shutdown.patch +Patch9044: Retry-to-handle-the-uevent-when-worker-is-terminated.patch +Patch9045: treat-hyphen-as-valid-hostname-char.patch +Patch9046: process-util-log-more-information-when-runnin.patch +Patch9047: fuser-print-umount-message-to-reboot-umount-msg.patch +Patch9048: shutdown-reboot-when-recieve-crash-signal.patch +Patch9049: core-add-OptionalLog-to-allow-users-change-log-level.patch +Patch9050: core-cgroup-support-default-slice-for-all-uni.patch +Patch9051: core-add-invalidate-cgroup-config.patch +Patch9052: let-the-child-of-one-unit-don-t-affect-each-other.patch +Patch9053: support-disable-cgroup-controllers-we-don-t-want.patch +Patch9054: fix-mount-failed-while-daemon-reexec.patch +Patch9055: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch +Patch9056: delete-journal-files-except-system.journal-when-jour.patch +Patch9057: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch + +BuildRequires: gcc, gcc-c++ +BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel +BuildRequires: audit-libs-devel, dbus-devel, libacl-devel +BuildRequires: gobject-introspection-devel, libblkid-devel, xz-devel, xz +BuildRequires: lz4-devel, lz4, bzip2-devel, libidn2-devel +BuildRequires: kmod-devel, libgcrypt-devel, libgpg-error-devel +BuildRequires: gnutls-devel, libxkbcommon-devel +BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf +BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18 +BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel +BuildRequires: python3-jinja2 + +%ifarch %{valgrind_arches} +%ifnarch loongarch64 +BuildRequires: valgrind-devel +%endif +%endif +BuildRequires: util-linux +BuildRequires: chrpath + +Requires: %{name}-libs = %{version}-%{release} +Requires(post): coreutils +Requires(post): sed +Requires(post): acl +Requires(post): grep +Requires(post): openssl-libs +Requires(pre): coreutils +Requires(pre): /usr/bin/getent +Requires(pre): /usr/sbin/groupadd +Recommends: diffutils +Recommends: libxkbcommon%{?_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +Obsoletes: systemd-sysv < 206 +Obsoletes: %{name} < 229-5 +Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 + +Provides: %{name}-rpm-config +Obsoletes: %{name}-rpm-config < 243 + +%description +systemd is a system and service manager that runs as PID 1 and starts +the rest of the system. + +%package devel +Summary: Development headers for systemd +License: LGPLv2+ and MIT +Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-pam = %{version}-%{release} +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package libs +Summary: systemd libraries +License: LGPLv2+ and MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 +Requires(post): coreutils +Requires(post): sed +Requires(post): grep +Requires(post): /usr/bin/getent + +%description libs +Libraries for systemd and udev. + +%package udev +Summary: Rule-based device node and kernel event manager +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Recommends: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Recommends: kbd +License: LGPLv2+ + +%description udev +This package contains systemd-udev and the rules and hardware database +needed to manage device nodes. This package is necessary on physical +machines and in virtual machines, but not in containers. + +%package container +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name} < 229-5 +License: LGPLv2+ + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains machinectl, systemd-machined. + +%package resolved +Summary: Network Name Resolution manager +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description resolved +systemd-resolve is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package nspawn +Summary: Spawn a command or OS in a light-weight container +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description nspawn +systemd-nspawn may be used to run a command or OS in a light-weight namespace +container. In many ways it is similar to chroot, but more powerful since it +fully virtualizes the file system hierarchy, as well as the process tree, the +various IPC subsystems and the host and domain name. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd + +%description networkd +systemd-networkd is a system service that manages networks. It detects +and configures network devices as they appear, as well as creating virtual +network devices. + +%package timesyncd +Summary: Network Time Synchronization +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description timesyncd +systemd-timesyncd is a system service that may be used to synchronize +the local system clock with a remote Network Time Protocol (NTP) server. +It also saves the local time to disk every time the clock has been +synchronized and uses this to possibly advance the system realtime clock +on subsequent reboots to ensure it (roughly) monotonically advances even +if the system lacks a battery-buffered RTC chip. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 -Sgit +%ifnarch sw_64 +%patch9032 -R -p1 +%endif + +%build + +CONFIGURE_OPTS=( + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Ddev-kvm-mode=0666 + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dseccomp=true + -Dima=true + -Dselinux=true + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dpam=true + -Dacl=true + -Dsmack=false + -Dgcrypt=true + -Daudit=true + -Delfutils=false + -Dlibcryptsetup=false + -Dqrencode=false + -Dgnutls=true + -Dmicrohttpd=false + -Dlibidn2=true + -Dlibidn=false + -Dlibiptc=false + -Dlibcurl=false + -Defi=true + -Dtpm=false + -Dhwdb=true + -Dsysusers=true + -Ddefault-kill-user-processes=false + -Dtests=true + -Dinstall-tests=false + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dsplit-usr=false + -Dsplit-bin=true + -Db_lto=true + -Db_ndebug=false + -Dman=true + -Dversion-tag=v%{version}-%{release} + -Ddefault-hierarchy=legacy + -Ddefault-dnssec=allow-downgrade + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=yes + -Ddefault-llmnr=yes + -Dhtml=false + -Dlibfido2=false + -Dopenssl=false + -Dpwquality=false + -Dtpm2=false + -Dzstd=false + -Dbpf-framework=false + -Drepart=false + -Dcompat-mutable-uid-boundaries=false + -Dvalgrind=false + -Dfexecve=false + -Dstandalone-binaries=false + -Dstatic-libsystemd=false + -Dstatic-libudev=false + -Dfirstboot=false + -Dsysext=false + -Dhomed=false + -Dgnu-efi=false + -Dquotacheck=false + -Dxdg-autostart=false + -Dimportd=false + -Dbacklight=false + -Drfkill=false + -Dpstore=false + -Dportabled=false + -Doomd=false + -Duserdb=false + -Dtime-epoch=0 + -Dmode=release + -Durlify=false +) + +%meson "${CONFIGURE_OPTS[@]}" +%meson_build + +%install +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} + +# /etc/sysctl.conf compat +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}%{_localstatedir}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf <" | awk -F ':' '{print $1}') +do + if [ ! -u "$file" ]; then + if [ -w "$file" ]; then + chrpath -d $file + fi + fi +done +# add rpath path /usr/lib/systemd in ld.so.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d +echo "/usr/lib/systemd" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf + +%check +%ifnarch loongarch64 +%ninja_test -C %{_vpath_builddir} +%endif + +############################################################################################# +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# Copyright 2015 Zbigniew Jędrzejewski-Szmek +# Copyright 2018 Neal Gompa +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see . + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.13.0 + +%transfiletriggerin -P 900900 -- %{_systemddir}/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +if test -d /run/systemd/system; then + %{_bindir}/systemctl daemon-reload +fi + +%transfiletriggerun -- %{_systemddir}/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. %transfiletriggerpostun would be ideal, but it does not get +# executed for some reason. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. %transfiletriggerun gets the right list of files +# but it is invoked too early (before changes happen). +# %filetriggerpostun happens at the right time, but it fires for +# every package. +# To execute the reload at the right time, we create a state +# file in %transfiletriggerun and execute the daemon-reload in +# the first %filetriggerpostun. + +if test -d "/run/systemd/system"; then + mkdir -p "%{_localstatedir}/lib/rpm-state/systemd" + touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload" +fi + +%filetriggerpostun -P 1000100 -- %{_systemddir}/system /etc/systemd/system +if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then + rm -rf "%{_localstatedir}/lib/rpm-state/systemd" + %{_bindir}/systemctl daemon-reload +fi + +%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d /run/systemd/system; then + %{_bindir}/systemd-sysusers || : +fi + +%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d /run/systemd/system; then + %{_bindir}/systemd-tmpfiles --create || : +fi + +%transfiletriggerin udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d /run/systemd/system; then + %{_bindir}/systemd-hwdb update || : +fi + +%transfiletriggerin -- %{_systemddir}/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in %{_systemddir}/catalog. +if test -d /run/systemd/system; then + %{_bindir}/journalctl --update-catalog || : +fi + +%transfiletriggerin udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + %{_bindir}/udevadm control --reload || : +fi + +%transfiletriggerin -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d /run/systemd/system; then + %{_systemddir}/systemd-sysctl || : +fi + +%transfiletriggerin -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d /run/systemd/system; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + %{_systemddir}/systemd-binfmt || : +fi + +%pre +getent group cdrom &>/dev/null || groupadd -r -g 11 cdrom &>/dev/null || : +getent group utmp &>/dev/null || groupadd -r -g 22 utmp &>/dev/null || : +getent group tape &>/dev/null || groupadd -r -g 33 tape &>/dev/null || : +getent group dialout &>/dev/null || groupadd -r -g 18 dialout &>/dev/null || : +getent group input &>/dev/null || groupadd -r input &>/dev/null || : +getent group kvm &>/dev/null || groupadd -r -g 36 kvm &>/dev/null || : +getent group render &>/dev/null || groupadd -r render &>/dev/null || : +getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2>&1 || : + +getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || : +getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || : + +%pre networkd +getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || : +getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || : + +%pre resolved +getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || : +getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || : + +%post +/sbin/ldconfig +systemd-machine-id-setup &>/dev/null || : +systemctl daemon-reexec &>/dev/null || : +journalctl --update-catalog &>/dev/null || : +systemd-tmpfiles --create &>/dev/null || : + + +# Make sure new journal files will be owned by the "systemd-journal" group +machine_id=$(cat /etc/machine-id 2>/dev/null) +chgrp systemd-journal /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : +chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : + +# Apply ACL to the journal directory +setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || : + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172 +if [ $1 -eq 1 ] ; then + systemctl preset-all &>/dev/null || : +fi + +%postun +/sbin/ldconfig + +%post libs +%{?ldconfig} + +function mod_nss() { + if [ -f "$1" ] ; then + # sed-fu to add myhostname to hosts line + grep -E -q '^hosts:.* myhostname' "$1" || + sed -i.bak -e ' + /^hosts:/ !b + /\/ b + s/[[:blank:]]*$/ myhostname/ + ' "$1" &>/dev/null || : + + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1: \2 systemd/ + ' "$1" &>/dev/null || : + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + +# check if nobody or nfsnobody is defined +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 +if getent passwd nfsnobody &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +fi + +%{?ldconfig:%postun -p %ldconfig} + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket + +%preun +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + remote-fs.target \ + getty@.service \ + serial-getty@.service \ + console-getty.service \ + debug-shell.service \ + >/dev/null || : +fi + + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : +fi + +%preun networkd +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-networkd.service \ + systemd-networkd-wait-online.service \ + >/dev/null || : +fi + +%pre timesyncd +getent group systemd-timesync &>/dev/null || groupadd -r systemd-timesync 2>&1 || : +getent passwd systemd-timesync &>/dev/null || useradd -r -l -g systemd-timesync -d / -s /sbin/nologin -c "systemd Time Synchronization" systemd-timesync &>/dev/null || : + +%post timesyncd +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +if [ -L %{_localstatedir}/lib/systemd/timesync ]; then + rm %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync +fi +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then + mkdir -p %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. +fi +# devided from post and preun stage of udev that included in macro udev_services +%systemd_post systemd-timesyncd.service + +%post udev +udevadm hwdb --update &>/dev/null +%systemd_post %udev_services +%{_systemddir}/systemd-random-seed save 2>&1 + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +if [ -f "/usr/lib/udev/rules.d/50-udev-default.rules" ]; then + sed -i 's/KERNEL=="kvm", GROUP="kvm", MODE="0666"/KERNEL=="kvm", GROUP="kvm", MODE="0660"/g' /usr/lib/udev/rules.d/50-udev-default.rules +fi +%{_bindir}/systemctl daemon-reload &>/dev/null || : + +%preun timesyncd +%systemd_preun systemd-timesyncd.service + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Only restart systemd-udev, to run the upgraded dameon. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service + +%files -f %{name}.lang +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE.* +%exclude %{_systemddir}/systemd-bless-boot +%exclude %{_unitdir}/systemd-bless-boot.service +%exclude %{_systemddir}/system-generators/systemd-bless-boot-generator +%exclude %{_unitdir}/systemd-boot-system-token.service +%exclude %{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%ghost %dir /var/log/journal +%ghost %attr(0664,root,utmp) /var/log/wtmp +/var/log/README +%ghost %attr(0600,root,utmp) /var/log/btmp +%ghost %attr(0700,root,root) %dir /var/log/private +%ghost %attr(0664,root,utmp) /var/run/utmp +%ghost %attr(0700,root,root) %dir /var/cache/private +%ghost %attr(0700,root,root) %dir /var/lib/private +%dir /var/lib/systemd +%dir /var/lib/systemd/catalog +%ghost %dir /var/lib/systemd/coredump +%ghost %dir /var/lib/systemd/linger +%ghost /var/lib/systemd/catalog/database +%ghost %dir /var/lib/private/systemd +/usr/sbin/reboot +/usr/sbin/halt +/usr/sbin/telinit +/usr/sbin/init +/usr/sbin/runlevel +/usr/sbin/poweroff +/usr/sbin/shutdown +%dir /usr/share/systemd +%dir /usr/share/factory +%dir /usr/share/factory/etc +/usr/share/factory/etc/issue +/usr/share/factory/etc/nsswitch.conf +%dir /usr/share/factory/etc/pam.d +/usr/share/factory/etc/pam.d/other +/usr/share/factory/etc/pam.d/system-auth +/usr/share/systemd/language-fallback-map +/usr/share/systemd/kbd-model-map +/usr/share/bash-completion/completions/localectl +/usr/share/bash-completion/completions/systemd-path +/usr/share/bash-completion/completions/systemd-run +/usr/share/bash-completion/completions/systemd-cat +/usr/share/bash-completion/completions/coredumpctl +/usr/share/bash-completion/completions/systemd-delta +/usr/share/bash-completion/completions/systemd-cgls +/usr/share/bash-completion/completions/systemd-detect-virt +/usr/share/bash-completion/completions/hostnamectl +/usr/share/bash-completion/completions/systemd-cgtop +/usr/share/bash-completion/completions/systemctl +/usr/share/bash-completion/completions/journalctl +/usr/share/bash-completion/completions/systemd-analyze +/usr/share/bash-completion/completions/loginctl +/usr/share/bash-completion/completions/timedatectl +/usr/share/bash-completion/completions/busctl +/usr/share/zsh/site-functions/_loginctl +/usr/share/zsh/site-functions/_systemd-inhibit +/usr/share/zsh/site-functions/_journalctl +/usr/share/zsh/site-functions/_systemd-delta +/usr/share/zsh/site-functions/_systemd-tmpfiles +/usr/share/zsh/site-functions/_systemctl +/usr/share/zsh/site-functions/_systemd-run +/usr/share/zsh/site-functions/_sd_outputmodes +/usr/share/zsh/site-functions/_sd_unit_files +/usr/share/zsh/site-functions/_sd_machines +/usr/share/zsh/site-functions/_coredumpctl +/usr/share/zsh/site-functions/_timedatectl +/usr/share/zsh/site-functions/_busctl +/usr/share/zsh/site-functions/_systemd +/usr/share/zsh/site-functions/_systemd-analyze +/usr/share/zsh/site-functions/_hostnamectl +/usr/share/zsh/site-functions/_sd_hosts_or_user_at_host +/usr/share/zsh/site-functions/_localectl +/usr/share/dbus-1/system-services/org.freedesktop.login1.service +/usr/share/dbus-1/system-services/org.freedesktop.locale1.service +/usr/share/dbus-1/system-services/org.freedesktop.hostname1.service +/usr/share/dbus-1/system-services/org.freedesktop.timedate1.service +/usr/share/dbus-1/system.d/org.freedesktop.timedate1.conf +/usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf +/usr/share/dbus-1/system.d/org.freedesktop.login1.conf +/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf +/usr/share/dbus-1/system.d/org.freedesktop.locale1.conf +/usr/share/pkgconfig/systemd.pc +/usr/share/pkgconfig/udev.pc +/usr/share/polkit-1/actions/org.freedesktop.hostname1.policy +/usr/share/polkit-1/actions/org.freedesktop.timedate1.policy +/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy +/usr/share/polkit-1/actions/org.freedesktop.login1.policy +/usr/share/polkit-1/actions/org.freedesktop.locale1.policy +/usr/bin/systemd-machine-id-setup +/usr/bin/localectl +/usr/bin/systemd-path +/usr/bin/systemd-run +/usr/bin/systemd-escape +/usr/bin/systemd-tmpfiles +/usr/bin/systemd-cat +/usr/bin/systemd-inhibit +/usr/bin/systemd-ask-password +/usr/bin/systemd-notify +/usr/bin/systemd-delta +/usr/bin/systemd-cgls +/usr/bin/systemd-stdio-bridge +/usr/bin/systemd-detect-virt +/usr/bin/systemd-socket-activate +/usr/bin/hostnamectl +/usr/bin/systemd-mount +/usr/bin/systemd-umount +/usr/bin/systemd-cgtop +/usr/bin/systemd-id128 +/usr/bin/systemctl +/usr/bin/journalctl +/usr/bin/systemd-analyze +/usr/bin/systemd-dissect +/usr/bin/loginctl +/usr/bin/timedatectl +/usr/bin/systemd-sysusers +/usr/bin/systemd-tty-ask-password-agent +/usr/bin/busctl +/usr/bin/coredumpctl +%dir /usr/lib/environment.d +%dir /usr/lib/binfmt.d +%dir /usr/lib/tmpfiles.d +%dir /usr/lib/sysctl.d +%dir /usr/lib/systemd +%dir /usr/lib/sysusers.d +/usr/lib/sysusers.d/systemd.conf +/usr/lib/sysusers.d/basic.conf +/usr/lib/systemd/system/hwclock-save.service +/usr/lib/systemd/system/sysinit.target.wants/hwclock-save.service +%{_systemddir}/systemd-update-done +%{_systemddir}/systemd-update-utmp +%{_systemddir}/systemd-initctl +%{_systemddir}/purge-nobody-user +%dir %{_systemddir}/system-shutdown +%dir %{_systemddir}/catalog +%dir %{_systemddir}/network +%{_systemddir}/systemd-cgroups-agent +%{_systemddir}/systemd-sulogin-shell +%{_systemddir}/systemd-boot-check-no-failures +%{_systemddir}/systemd-user-sessions +%{_systemddir}/systemd-sysctl +%{_systemddir}/systemd-socket-proxyd +%{_systemddir}/systemd-ac-power +%{_systemddir}/systemd-hostnamed +%{_systemddir}/systemd-localed +%dir %{_systemddir}/user +%{_systemddir}/systemd-volatile-root +%{_systemddir}/systemd-journald +%{_systemddir}/systemd-user-runtime-dir +%{_systemddir}/systemd-logind +%dir %{_systemddir}/system-preset +%dir %{_systemddir}/user-environment-generators +%{_systemddir}/systemd-shutdown +%{_systemddir}/libsystemd-shared*.so +%{_systemddir}/systemd-reply-password +%dir %{_systemddir}/system-generators +%dir %{_systemddir}/system +%{_systemddir}/systemd-fsck +%{_systemddir}/systemd-timedated +%dir %{_systemddir}/user-generators +%{_systemddir}/systemd +%dir %{_systemddir}/user-preset +%{_systemddir}/systemd-coredump +%{_systemddir}/systemd-network-generator +%{_systemddir}/systemd-binfmt +%{_systemddir}/user-preset/90-systemd.preset +%{_unitdir}/systemd-binfmt.service +%{_unitdir}/systemd-machine-id-commit.service +%dir %{_unitdir}/basic.target.wants +%{_unitdir}/systemd-coredump.socket +%{_unitdir}/systemd-coredump@.service +%{_unitdir}/ctrl-alt-del.target +%{_unitdir}/systemd-tmpfiles-setup.service +%{_unitdir}/rpcbind.target +%{_unitdir}/systemd-update-done.service +%{_unitdir}/dev-hugepages.mount +%dir %{_unitdir}/sockets.target.wants +%dir %{_unitdir}/dbus.target.wants +%{_unitdir}/network.target +%{_unitdir}/system-update-pre.target +%{_unitdir}/shutdown.target +%{_unitdir}/proc-sys-fs-binfmt_misc.automount +%{_unitdir}/syslog.socket +%{_unitdir}/systemd-localed.service +%{_unitdir}/systemd-ask-password-console.service +%{_unitdir}/exit.target +%{_unitdir}/systemd-ask-password-console.path +%{_unitdir}/systemd-logind.service +%{_unitdir}/graphical.target +%{_unitdir}/systemd-initctl.service +%{_unitdir}/multi-user.target +%{_unitdir}/swap.target +%{_unitdir}/sys-kernel-debug.mount +%{_unitdir}/systemd-tmpfiles-clean.service +%{_unitdir}/basic.target +%{_unitdir}/remote-fs-pre.target +%{_unitdir}/systemd-journald-audit.socket +%{_unitdir}/getty@.service +%{_unitdir}/sigpwr.target +%dir %{_unitdir}/runlevel3.target.wants +%{_unitdir}/reboot.target +%{_unitdir}/systemd-user-sessions.service +%{_unitdir}/systemd-journald-dev-log.socket +%{_unitdir}/systemd-journald.socket +%{_unitdir}/time-set.target +%{_unitdir}/getty.target +%{_unitdir}/systemd-kexec.service +%{_unitdir}/remote-fs.target +%{_unitdir}/systemd-ask-password-wall.service +%{_unitdir}/poweroff.target +%{_unitdir}/runlevel2.target +%dir %{_unitdir}/runlevel5.target.wants +%{_unitdir}/initrd-fs.target +%{_unitdir}/runlevel6.target +%{_unitdir}/systemd-journal-flush.service +%{_unitdir}/initrd-cleanup.service +%{_unitdir}/systemd-timedated.service +%{_unitdir}/user-runtime-dir@.service +%{_unitdir}/nss-lookup.target +%{_unitdir}/tmp.mount +%dir %{_unitdir}/systemd-hostnamed.service.d +%{_unitdir}/timers.target +%{_unitdir}/systemd-fsck@.service +%{_unitdir}/printer.target +%{_unitdir}/systemd-reboot.service +%{_unitdir}/systemd-volatile-root.service +%dir %{_unitdir}/multi-user.target.wants +%{_unitdir}/sound.target +%{_unitdir}/kexec.target +%{_unitdir}/initrd-root-fs.target +%{_unitdir}/systemd-update-utmp.service +%dir %{_unitdir}/rescue.target.wants +%{_unitdir}/bluetooth.target +%{_unitdir}/systemd-ask-password-wall.path +%{_unitdir}/emergency.service +%{_unitdir}/network-pre.target +%{_unitdir}/rescue.service +%{_unitdir}/sys-kernel-config.mount +%{_unitdir}/systemd-journald.service +%dir %{_unitdir}/runlevel2.target.wants +%dir %{_unitdir}/syslog.target.wants +%{_unitdir}/console-getty.service +%dir %{_unitdir}/timers.target.wants +%{_unitdir}/systemd-sysusers.service +%dir %{_unitdir}/runlevel4.target.wants +%dir %{_unitdir}/graphical.target.wants +%{_unitdir}/systemd-fsck-root.service +%{_unitdir}/dbus-org.freedesktop.login1.service +%{_unitdir}/systemd-update-utmp-runlevel.service +%{_unitdir}/network-online.target +%{_unitdir}/systemd-initctl.socket +%{_unitdir}/time-sync.target +%{_unitdir}/runlevel5.target +%{_unitdir}/paths.target +%dir %{_unitdir}/runlevel1.target.wants +%{_unitdir}/systemd-exit.service +%{_unitdir}/rescue.target +%{_unitdir}/umount.target +%{_unitdir}/initrd-switch-root.service +%{_unitdir}/initrd.target +%{_unitdir}/ldconfig.service +%{_unitdir}/initrd-root-device.target +%{_unitdir}/default.target +%{_unitdir}/boot-complete.target +%dir %{_unitdir}/sysinit.target.wants +%{_unitdir}/systemd-tmpfiles-clean.timer +%{_unitdir}/user@.service +%{_unitdir}/final.target +%{_unitdir}/sys-fs-fuse-connections.mount +%{_unitdir}/getty-pre.target +%{_unitdir}/runlevel4.target +%{_unitdir}/serial-getty@.service +%{_unitdir}/sysinit.target +%{_unitdir}/rc-local.service +%{_unitdir}/debug-shell.service +%{_unitdir}/dev-mqueue.mount +%{_unitdir}/emergency.target +%{_unitdir}/dbus-org.freedesktop.timedate1.service +%{_unitdir}/runlevel1.target +%dir %{_unitdir}/remote-fs.target.wants +%{_unitdir}/dbus-org.freedesktop.hostname1.service +%{_unitdir}/runlevel0.target +%{_unitdir}/user.slice +%{_unitdir}/systemd-journal-catalog-update.service +%{_unitdir}/local-fs-pre.target +%{_unitdir}/systemd-halt.service +%{_unitdir}/container-getty@.service +%{_unitdir}/slices.target +%{_unitdir}/systemd-network-generator.service +%{_unitdir}/autovt@.service +%dir %{_unitdir}/user-.slice.d +%{_unitdir}/systemd-boot-check-no-failures.service +%{_unitdir}/halt.target +%{_unitdir}/system-update-cleanup.service +%dir %{_unitdir}/local-fs.target.wants +%{_unitdir}/proc-sys-fs-binfmt_misc.mount +%{_unitdir}/dbus-org.freedesktop.locale1.service +%{_unitdir}/initrd-switch-root.target +%{_unitdir}/initrd-parse-etc.service +%{_unitdir}/nss-user-lookup.target +%{_unitdir}/sockets.target +%dir %{_unitdir}/default.target.wants +%{_unitdir}/systemd-poweroff.service +%{_unitdir}/systemd-sysctl.service +%{_unitdir}/runlevel3.target +%{_unitdir}/local-fs.target +%{_unitdir}/smartcard.target +%{_unitdir}/systemd-hostnamed.service +%{_unitdir}/system-update.target +%{_unitdir}/local-fs.target.wants/tmp.mount +%{_unitdir}/user-.slice.d/10-defaults.conf +%{_unitdir}/sysinit.target.wants/systemd-binfmt.service +%{_unitdir}/sysinit.target.wants/systemd-machine-id-commit.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup.service +%{_unitdir}/sysinit.target.wants/systemd-update-done.service +%{_unitdir}/sysinit.target.wants/dev-hugepages.mount +%{_unitdir}/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount +%{_unitdir}/sysinit.target.wants/systemd-ask-password-console.path +%{_unitdir}/sysinit.target.wants/sys-kernel-debug.mount +%{_unitdir}/sysinit.target.wants/systemd-journal-flush.service +%{_unitdir}/sysinit.target.wants/systemd-update-utmp.service +%{_unitdir}/sysinit.target.wants/sys-kernel-config.mount +%{_unitdir}/sysinit.target.wants/systemd-journald.service +%{_unitdir}/sysinit.target.wants/systemd-sysusers.service +%{_unitdir}/sysinit.target.wants/ldconfig.service +%{_unitdir}/sysinit.target.wants/sys-fs-fuse-connections.mount +%{_unitdir}/sysinit.target.wants/dev-mqueue.mount +%{_unitdir}/sysinit.target.wants/systemd-journal-catalog-update.service +%{_unitdir}/sysinit.target.wants/systemd-sysctl.service +%{_unitdir}/graphical.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/timers.target.wants/systemd-tmpfiles-clean.timer +%{_unitdir}/rescue.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/multi-user.target.wants/systemd-logind.service +%{_unitdir}/multi-user.target.wants/systemd-user-sessions.service +%{_unitdir}/multi-user.target.wants/getty.target +%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path +%{_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/systemd-hostnamed.service.d/disable-privatedevices.conf +%{_unitdir}/sockets.target.wants/systemd-coredump.socket +%{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket +%{_unitdir}/sockets.target.wants/systemd-journald.socket +%{_unitdir}/sockets.target.wants/systemd-initctl.socket +%{_unitdir}/sockets.target.wants/systemd-coredump.socket +%{_unitdir}/blockdev@.target +%{_unitdir}/sys-kernel-tracing.mount +%{_unitdir}/sysinit.target.wants/sys-kernel-tracing.mount +%{_unitdir}/systemd-journald-varlink@.socket +%{_unitdir}/systemd-journald@.service +%{_unitdir}/systemd-journald@.socket +%{_unitdir}/modprobe@.service +%{_systemddir}/system-generators/systemd-fstab-generator +%{_systemddir}/system-generators/systemd-sysv-generator +%{_systemddir}/system-generators/systemd-rc-local-generator +%{_systemddir}/system-generators/systemd-debug-generator +%{_systemddir}/system-generators/systemd-run-generator +%{_systemddir}/system-generators/systemd-system-update-generator +%{_systemddir}/system-generators/systemd-getty-generator +%{_systemddir}/user-environment-generators/30-systemd-environment-d-generator +%{_systemddir}/system-preset/90-systemd.preset +%{_userunitdir}/systemd-tmpfiles-setup.service +%{_userunitdir}/graphical-session.target +%{_userunitdir}/shutdown.target +%{_userunitdir}/exit.target +%{_userunitdir}/systemd-tmpfiles-clean.service +%{_userunitdir}/basic.target +%{_userunitdir}/timers.target +%{_userunitdir}/printer.target +%{_userunitdir}/sound.target +%{_userunitdir}/bluetooth.target +%{_userunitdir}/graphical-session-pre.target +%{_userunitdir}/paths.target +%{_userunitdir}/systemd-exit.service +%{_userunitdir}/default.target +%{_userunitdir}/systemd-tmpfiles-clean.timer +%{_userunitdir}/sockets.target +%{_userunitdir}/smartcard.target +%{_systemddir}/catalog/systemd.fr.catalog +%{_systemddir}/catalog/systemd.be.catalog +%{_systemddir}/catalog/systemd.bg.catalog +%{_systemddir}/catalog/systemd.de.catalog +%{_systemddir}/catalog/systemd.pt_BR.catalog +%{_systemddir}/catalog/systemd.it.catalog +%{_systemddir}/catalog/systemd.be@latin.catalog +%{_systemddir}/catalog/systemd.pl.catalog +%{_systemddir}/catalog/systemd.zh_CN.catalog +%{_systemddir}/catalog/systemd.zh_TW.catalog +%{_systemddir}/catalog/systemd.ru.catalog +%{_systemddir}/catalog/systemd.catalog +/usr/lib/sysctl.d/50-default.conf +/usr/lib/sysctl.d/50-pid-max.conf +/usr/lib/sysctl.d/50-coredump.conf +/usr/lib/tmpfiles.d/systemd-tmp.conf +/usr/lib/tmpfiles.d/systemd-nologin.conf +/usr/lib/tmpfiles.d/systemd.conf +/usr/lib/tmpfiles.d/journal-nocow.conf +/usr/lib/tmpfiles.d/x11.conf +/usr/lib/tmpfiles.d/tmp.conf +/usr/lib/tmpfiles.d/home.conf +/usr/lib/tmpfiles.d/etc.conf +/usr/lib/tmpfiles.d/legacy.conf +/usr/lib/tmpfiles.d/static-nodes-permissions.conf +/usr/lib/tmpfiles.d/var.conf +/usr/lib/environment.d/99-environment.conf +%ghost %config(noreplace) /etc/localtime +%dir /etc/rc.d +%dir /etc/binfmt.d +%dir /etc/tmpfiles.d +%dir /etc/sysctl.d +%ghost %config(noreplace) /etc/locale.conf +%config(noreplace) /etc/sysctl.conf +%ghost %config(noreplace) /etc/crypttab +%dir /etc/systemd +/etc/inittab +%ghost %config(noreplace) /etc/machine-info +%ghost %config(noreplace) /etc/machine-id +%ghost %config(noreplace) /etc/hostname +%config(noreplace) /etc/systemd/user.conf +%dir /etc/systemd/user +%config(noreplace) /etc/systemd/logind.conf +%config(noreplace) /etc/systemd/journald.conf +%config(noreplace) /etc/systemd/coredump.conf +%dir /etc/systemd/system +%config(noreplace) /etc/systemd/system.conf +%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf +%config(noreplace) /etc/X11/xinit/xinitrc.d/50-systemd-user.sh +%config(noreplace) /etc/pam.d/systemd-user +/usr/lib/pam.d/systemd-user +%config(noreplace) /etc/sysctl.d/99-sysctl.conf +%config(noreplace) /etc/dnf/protected.d/systemd.conf +%dir /etc/rc.d/init.d +%config(noreplace) /etc/rc.d/rc.local +%config(noreplace) /etc/rc.local +%config(noreplace) /etc/rc.d/init.d/README +%dir /etc/xdg/systemd +%config(noreplace) /etc/xdg/systemd/user +%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf +/usr/lib/rpm/macros.d/macros.systemd +/usr/lib/modprobe.d/README +/usr/lib/sysctl.d/README +/usr/lib/systemd/system/first-boot-complete.target +/usr/lib/systemd/user/app.slice +/usr/lib/systemd/user/background.slice +/usr/lib/systemd/user/session.slice +/usr/lib/sysusers.d/README +/usr/lib/tmpfiles.d/README +/usr/share/bash-completion/completions/systemd-id128 +/usr/share/zsh/site-functions/_systemd-path + +%files libs +%{_libdir}/libnss_systemd.so.2 +%{_libdir}/libnss_myhostname.so.2 +%{_libdir}/libsystemd.so.* +%{_libdir}/libudev.so.* + +%files devel +/usr/share/man/man3/* +%dir /usr/include/systemd +/usr/include/libudev.h +/usr/include/systemd/sd-event.h +/usr/include/systemd/_sd-common.h +/usr/include/systemd/sd-bus-vtable.h +/usr/include/systemd/sd-daemon.h +/usr/include/systemd/sd-hwdb.h +/usr/include/systemd/sd-device.h +/usr/include/systemd/sd-messages.h +/usr/include/systemd/sd-journal.h +/usr/include/systemd/sd-bus-protocol.h +/usr/include/systemd/sd-id128.h +/usr/include/systemd/sd-bus.h +/usr/include/systemd/sd-login.h +/usr/include/systemd/sd-path.h +%{_libdir}/libudev.so +%{_libdir}/libsystemd.so +%{_libdir}/pkgconfig/libsystemd.pc +%{_libdir}/pkgconfig/libudev.pc + +%files udev +%exclude /usr/share/bash-completion/completions/kernel-install +%exclude /usr/share/zsh/site-functions/_kernel-install +%exclude /usr/bin/kernel-install +%exclude /usr/lib/kernel/install.d/00-entry-directory.install +%exclude /usr/lib/kernel/install.d/90-loaderentry.install +%exclude /usr/lib/kernel/install.d/50-depmod.install +%exclude /usr/lib/kernel/install.d/20-grubby.install +%exclude %dir /etc/kernel/install.d +%exclude %dir /etc/kernel +%exclude %dir /usr/lib/kernel +%exclude %dir /usr/lib/kernel/install.d +%exclude /usr/bin/bootctl +%exclude /usr/share/zsh/site-functions/_bootctl +%exclude /usr/share/bash-completion/completions/bootctl +%exclude %{_unitdir}/usb-gadget.target +%ghost /var/lib/systemd/random-seed +/etc/modules-load.d +/usr/sbin/udevadm +/usr/share/bash-completion/completions/udevadm +/usr/share/zsh/site-functions/_udevadm +/usr/bin/systemd-hwdb +/usr/bin/udevadm +%dir /usr/lib/modprobe.d +%dir /usr/lib/udev +%dir /usr/lib/modules-load.d +%{_systemddir}/systemd-growfs +%{_systemddir}/systemd-modules-load +%dir %{_systemddir}/system-sleep +%{_systemddir}/systemd-makefs +%{_systemddir}/systemd-remount-fs +%{_systemddir}/systemd-hibernate-resume +%{_systemddir}/systemd-random-seed +%{_systemddir}/systemd-sleep +%{_systemddir}/systemd-udevd +%{_systemddir}/systemd-vconsole-setup +%{_unitdir}/systemd-udevd.service +%{_unitdir}/initrd-udevadm-cleanup-db.service +%{_unitdir}/systemd-suspend.service +%{_unitdir}/suspend-then-hibernate.target +%{_unitdir}/systemd-modules-load.service +%{_unitdir}/systemd-tmpfiles-setup-dev.service +%{_unitdir}/systemd-vconsole-setup.service +%{_unitdir}/systemd-hibernate.service +%dir %{_unitdir}/systemd-udev-trigger.service.d +%{_unitdir}/systemd-random-seed.service +%{_unitdir}/systemd-udevd-control.socket +%{_unitdir}/hibernate.target +%{_unitdir}/systemd-remount-fs.service +%{_unitdir}/suspend.target +%{_unitdir}/systemd-hybrid-sleep.service +%{_unitdir}/systemd-suspend-then-hibernate.service +%{_unitdir}/hybrid-sleep.target +%{_unitdir}/systemd-hwdb-update.service +%{_unitdir}/systemd-hibernate-resume@.service +%{_unitdir}/systemd-udev-settle.service +%{_unitdir}/sleep.target +%{_unitdir}/kmod-static-nodes.service +%{_unitdir}/systemd-udevd-kernel.socket +%{_unitdir}/systemd-udev-trigger.service +%{_unitdir}/sysinit.target.wants/systemd-udevd.service +%{_unitdir}/sysinit.target.wants/systemd-modules-load.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev.service +%{_unitdir}/sysinit.target.wants/systemd-random-seed.service +%{_unitdir}/sysinit.target.wants/systemd-hwdb-update.service +%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service +%{_unitdir}/sysinit.target.wants/systemd-udev-trigger.service +%{_unitdir}/systemd-udev-trigger.service.d/systemd-udev-trigger-no-reload.conf +%{_unitdir}/sockets.target.wants/systemd-udevd-control.socket +%{_unitdir}/sockets.target.wants/systemd-udevd-kernel.socket +%{_systemddir}/system-generators/systemd-hibernate-resume-generator +%{_systemddir}/system-generators/systemd-gpt-auto-generator +%{_systemddir}/network/99-default.link +/usr/lib/udev/v4l_id +/usr/lib/udev/ata_id +/usr/lib/udev/cdrom_id +/usr/lib/udev/mtd_probe +/usr/lib/udev/scsi_id +/usr/lib/udev/fido_id +%ifnarch sw_64 riscv64 +/usr/lib/udev/dmi_memory_id +%endif + +%dir /usr/lib/udev/hwdb.d +%{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb +%{_udevhwdbdir}/70-touchpad.hwdb +%{_udevhwdbdir}/60-evdev.hwdb +%{_udevhwdbdir}/20-net-ifname.hwdb +%{_udevhwdbdir}/20-acpi-vendor.hwdb +%{_udevhwdbdir}/20-usb-classes.hwdb +%{_udevhwdbdir}/20-sdio-vendor-model.hwdb +%{_udevhwdbdir}/60-keyboard.hwdb +%{_udevhwdbdir}/20-pci-vendor-model.hwdb +%{_udevhwdbdir}/20-pci-classes.hwdb +%{_udevhwdbdir}/20-OUI.hwdb +%{_udevhwdbdir}/20-sdio-classes.hwdb +%{_udevhwdbdir}/20-usb-vendor-model.hwdb +%{_udevhwdbdir}/70-pointingstick.hwdb +%{_udevhwdbdir}/20-vmbus-class.hwdb +%{_udevhwdbdir}/70-joystick.hwdb +%{_udevhwdbdir}/60-sensor.hwdb +%{_udevhwdbdir}/70-mouse.hwdb +%{_udevhwdbdir}/60-input-id.hwdb +%{_udevhwdbdir}/60-autosuspend-chromiumos.hwdb +%{_udevhwdbdir}/60-autosuspend.hwdb +%{_udevhwdbdir}/20-dmi-id.hwdb +%{_udevhwdbdir}/60-autosuspend-fingerprint-reader.hwdb +%{_udevhwdbdir}/60-seat.hwdb +%{_udevhwdbdir}/80-ieee1394-unit-function.hwdb +%{_udevhwdbdir}/README + +%dir /usr/lib/udev/rules.d +%{_udevrulesdir}/60-autosuspend.rules +%{_udevrulesdir}/40-%{vendor}.rules +%{_udevrulesdir}/40-elevator.rules +%{_udevrulesdir}/73-idrac.rules +%{_udevrulesdir}/60-block.rules +%{_udevrulesdir}/60-input-id.rules +%{_udevrulesdir}/71-seat.rules +%{_udevrulesdir}/73-seat-late.rules +%{_udevrulesdir}/80-drivers.rules +%{_udevrulesdir}/60-cdrom_id.rules +%{_udevrulesdir}/64-btrfs.rules +%{_udevrulesdir}/60-drm.rules +%{_udevrulesdir}/70-mouse.rules +%{_udevrulesdir}/70-touchpad.rules +%{_udevrulesdir}/60-persistent-alsa.rules +%{_udevrulesdir}/75-net-description.rules +%{_udevrulesdir}/60-persistent-v4l.rules +%{_udevrulesdir}/70-joystick.rules +%{_udevrulesdir}/70-power-switch.rules +%{_udevrulesdir}/60-persistent-storage.rules +%{_udevrulesdir}/80-net-setup-link.rules +%{_udevrulesdir}/60-evdev.rules +%{_udevrulesdir}/60-sensor.rules +%{_udevrulesdir}/60-serial.rules +%{_udevrulesdir}/90-vconsole.rules +%{_udevrulesdir}/78-sound-card.rules +%{_udevrulesdir}/70-uaccess.rules +%{_udevrulesdir}/60-persistent-input.rules +%{_udevrulesdir}/75-probe_mtd.rules +%{_udevrulesdir}/99-systemd.rules +%{_udevrulesdir}/60-persistent-storage-tape.rules +%{_udevrulesdir}/50-udev-default.rules +%{_udevrulesdir}/60-fido-id.rules +%{_udevrulesdir}/81-net-dhcp.rules +%ifnarch sw_64 riscv64 +%{_udevrulesdir}/70-memory.rules +%endif +%{_udevrulesdir}/README + +/usr/lib/modprobe.d/systemd.conf +%ghost %config(noreplace) /etc/vconsole.conf +%dir /etc/udev +%dir /etc/kernel +%config(noreplace) /etc/systemd/sleep.conf +%ghost /etc/udev/hwdb.bin +%dir /etc/udev/rules.d +%config(noreplace) /etc/udev/udev.conf +%dir /etc/udev/hwdb.d + +%files container +/usr/share/bash-completion/completions/machinectl +/usr/share/zsh/site-functions/_machinectl +/usr/share/dbus-1/system-services/org.freedesktop.machine1.service +/usr/share/dbus-1/services/org.freedesktop.systemd1.service +/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service +/usr/share/dbus-1/system.d/org.freedesktop.machine1.conf +/usr/share/polkit-1/actions/org.freedesktop.machine1.policy +%{_libdir}/libnss_mymachines.so.2 +/usr/bin/machinectl +%{_systemddir}/systemd-machined +%{_unitdir}/systemd-machined.service +%{_unitdir}/var-lib-machines.mount +%{_unitdir}/dbus-org.freedesktop.machine1.service +%{_unitdir}/machine.slice +%{_unitdir}/machines.target +%dir %{_unitdir}/machines.target.wants +%{_unitdir}/machines.target.wants/var-lib-machines.mount +%{_unitdir}/remote-fs.target.wants/var-lib-machines.mount +%{_systemddir}/network/80-vm-vt.network + +%files help +/usr/share/man/*/* +%exclude /usr/share/man/man3/* + +%files resolved +/usr/sbin/resolvconf +/usr/bin/resolvectl +/usr/share/bash-completion/completions/resolvectl +/usr/share/zsh/site-functions/_resolvectl +/usr/share/bash-completion/completions/systemd-resolve +/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service +/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf +/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/bin/systemd-resolve +%{_systemddir}/resolv.conf +%{_systemddir}/systemd-resolved +%config(noreplace) /etc/systemd/resolved.conf +%{_libdir}/libnss_resolve.so.2 +%{_unitdir}/systemd-resolved.service + +%files nspawn +/usr/share/bash-completion/completions/systemd-nspawn +/usr/share/zsh/site-functions/_systemd-nspawn +/usr/bin/systemd-nspawn +%{_unitdir}/systemd-nspawn@.service +/usr/lib/tmpfiles.d/systemd-nspawn.conf + +%files networkd +/usr/share/bash-completion/completions/networkctl +/usr/share/zsh/site-functions/_networkctl +/usr/share/dbus-1/system-services/org.freedesktop.network1.service +/usr/share/dbus-1/system.d/org.freedesktop.network1.conf +/usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/polkit-1/rules.d/systemd-networkd.rules +/usr/bin/networkctl +%{_systemddir}/systemd-networkd-wait-online +%{_systemddir}/systemd-networkd +%{_unitdir}/systemd-networkd.socket +%{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-networkd.service +%{_systemddir}/network/80-container-host0.network +%dir /etc/systemd/network +%config(noreplace) /etc/systemd/networkd.conf +%{_systemddir}/network/80-container-vz.network +%{_systemddir}/network/80-container-ve.network +%{_systemddir}/network/80-wifi-adhoc.network +%{_systemddir}/network/80-wifi-ap.network.example +%{_systemddir}/network/80-wifi-station.network.example + +%files timesyncd +%dir %{_systemddir}/ntp-units.d +%{_systemddir}/systemd-time-wait-sync +%{_unitdir}/systemd-time-wait-sync.service +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service +/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +%{_systemddir}/systemd-timesyncd +%{_unitdir}/systemd-timesyncd.service +%{_systemddir}/ntp-units.d/80-systemd-timesync.list +%config(noreplace) /etc/systemd/timesyncd.conf + +%files pam +%{_libdir}/security/pam_systemd.so + +%changelog +* Mon Jun 12 2023 chenjiayi - 249-51 +- backport upstream patches to fix event loss when the whole disk is locked + +* Thu Jun 8 2023 licunlong - 249-50 +- set the cpuset.cpus/mems of machine.slice to all by default + +* Wed Mar 22 2023 hongjinghao - 249-49 +- backport: sync patches from systemd community + +* Tue Mar 7 2023 wangyuhang -249-48 +- fix symlinks to NVMe drives are missing in /dev/disk/by-path + +* Tue Feb 28 2023 misaka00251 -249-47 +- Exclude riscv64 unsupported files for now, might add them back later + +* Thu Jan 19 2023 yangmingtai -249-46 +- delete unused patch files + +* Fri Jan 13 2023 yangmingtai -249-45 +- backport patches from upstream and add patchs to enhance compatibility + and features + +* Wed Dec 28 2022 huyubiao - 249-44 +- fix CVE-2022-4415 + +* Mon Dec 12 2022 huajingyun - 249-43 +- Add loongarch for missing_syscall_def.h + +* Wed Nov 23 2022 yangmingtai -249-42 +- 1.change /etc/systemd/journald.conf ForwardToWall to no + 2.change DefaultLimitMEMLOCK to 64M + 3.replace openEuler to vendor + 4.delete useless file udev-61-openeuler-persistent-storage.rules + +* Tue Nov 15 2022 huajingyun - 249-41 +- Add loongarch64 architecture + +* Mon Nov 7 2022 yangmingtai -249-40 +- fix CVE-2022-3821 + +* Thu Oct 27 2022 wuzx - 249-39 +- Add sw64 architecture + +* Mon Oct 10 2022 wangyuhang -249-38 +- backport: sync systemd-stable-249 patches from systemd community + +* Thu Sep 29 2022 yangmingtai -249-37 +- 1.change default ntp server + 2.correct the default value of RuntimeDirectoryInodesMax + +* Fri Sep 16 2022 yangmingtai -249-36 +- revert:delete the initrd-usr-fs.target + +* Wed Sep 14 2022 xujing -249-35 +- revert add ProtectClock=yes + +* Fri Sep 2 2022 Wenchao Hao -249-34 +- scsi_id: retry inquiry ioctl if host_byte is DID_TRANSPORT_DISRUPTED + +* Thu Sep 1 2022 hongjinghao - 249-33 +- 1. Don't set AlternativeNamesPolicy by default + 2. fix systemd-journald coredump + +* Tue Aug 02 2022 zhukeqian -249-32 +- core: replace slice dependencies as they get added + +* Wed Jun 22 2022 zhangyao -249-31 +- fix don't preset systemd-timesyncd when install systemd-udev + +* Tue Jun 21 2022 zhangyao -249-30 +- fix Avoid /tmp being mounted as tmpfs without the user's will + +* Tue Jun 21 2022 wangyuhang -249-29 +- fix build fail on meson-0.6 + 1. delete invalid meson build option + 2. meson.build: change operator combining bools from + to and + +* Fri Jun 17 2022 wangyuhang -249-28 +- revert rpm: restart services in %posttrans + fix spelling errors in systemd.spec, fdev -> udev + +* Wed Jun 01 2022 licunlong -249-27 +- move udev{rules, hwdb, program} to systemd-udev. + +* Mon Apr 18 2022 xujing - 249-26 +- rename patches name and use patch from upstream + +* Tue Apr 12 2022 xujing - 249-25 +- core: skip change device to dead in manager_catchup during booting + +* Tue Apr 12 2022 xujing - 249-24 +- print the real reason for link update + +* Tue Apr 12 2022 xujing - 249-23 +- check whether command_prev is null before assigning value + +* Mon Apr 11 2022 xujing - 249-22 +- solve that rsyslog reads journal's object of size 0 + +* Mon Apr 11 2022 xujing - 249-21 +- disable initialize_clock + +* Fri Apr 8 2022 xujing - 249-20 +- fix name of option: RuntimeDirectoryInodes + +* Fri Apr 8 2022 wangyuhang - 249-19 +- set dnssec to be allow-downgrade by default + set mdns to be yes by default + set llmnr to be yes by default + +* Sat Apr 2 2022 xujing - 249-18 +- set urlify to be disabled by default + +* Thu Mar 31 2022 xujing - 249-17 +- set DEFAULT_TASKS_MAX to 80% and set mode to release + +* Wed Mar 23 2022 xujing - 249-16 +- systemd-journald: Fix journal file descriptors leak problems. + systemd: Activation service must be restarted when it is already started and re-actived by dbus + systemd-core: fix problem of dbus service can not be started + systemd-core: Delay to restart when a service can not be auto-restarted when there is one STOP_JOB for the service + core: fix SIGABRT on empty exec command argv + journalctl: never fail at flushing when the flushed flag is set + timesync: fix wrong type for receiving timestamp in nanoseconds + udev: fix potential memleak + +* Fri Mar 18 2022 yangmingtai - 249-15 +- fix systemctl reload systemd-udevd failed + +* Thu Mar 17 2022 xujing - 249-14 +- pid1 bump DefaultTasksMax to 80% of the kernel pid.max value + +* Thu Mar 17 2022 xujing - 249-13 +- allow more inodes in /dev an /tmp + +* Fri Mar 11 2022 yangmingtai - 249-12 +- disable some features + +* Thu Mar 10 2022 xujing - 249-11 +- core: use empty_to_root for cgroup path in log messages + +* Tue Mar 1 2022 yangmingtai - 249-10 +- revert :core map io.bfq.weight to 1..1000 + +* Tue Mar 1 2022 duyiwei - 249-9 +- change %systemd_requires to %{?systemd_requires} + +* Tue Feb 22 2022 xujing - 249-8 +- temporarily disable test-seccomp and ensure some features disabled + +* Tue Feb 15 2022 yangmingtai - 249-7 +- disable rename function of net interface + +* Tue Feb 15 2022 yangmingtai - 249-6 +- nop_job of a unit must also be coldpluged after deserization + +* Tue Feb 15 2022 yangmingtai - 249-5 +- fix CVE-2021-3997 and CVE-2021-33910 + +* Tue Feb 8 2022 yangmingtai - 249-4 +- fix ConditionDirectoryNotEmpty,ConditionPathIsReadWrite and DirectoryNotEmpty + +* Tue Feb 8 2022 yangmingtai - 249-3 +- do not make systemd-cpredump sub packages + +* Mon Dec 27 2021 yangmingtai - 249-2 +- delete useless Provides and Obsoletes + +* Wed Dec 8 2021 yangmingtai - 249-1 +- systemd update to v249 + +* Tue Dec 28 2021 licunlong - 248-15 +- fix typo: disable not denable. + +* Wed Dec 01 2021 licunlong - 248-14 +- disable systemd-{timesyncd, networkd, resolved} by default + +* Thu Sep 16 2021 ExtinctFire - 248-13 +- core: fix free undefined pointer when strdup failed in the first loop + +* Mon Sep 6 2021 yangmingtai - 248-12 +- move postun to correct position + +* Sat Sep 4 2021 yangmingtai - 248-11 +- systemd delete rpath + +* Mon Aug 30 2021 yangmingtai - 248-10 +- enable some patches and delete unused patches + +* Thu Aug 26 2021 xujing - 248-9 +- enable some patches to fix bugs + +* Mon Aug 16 2021 yangmingtai - 248-8 +- udev: exec daemon-reload after installation + +* Thu Jul 22 2021 yangmingtai - 248-7 +- fix CVE-2021-33910 + +* Thu Jun 03 2021 shenyangyang - 248-6 +- change requires to openssl-libs as post scripts systemctl requires libssl.so.1.1 + +* Mon May 31 2021 hexiaowen - 248-5 +- fix typo + +* Wed May 19 2021 fangxiuning - 248-4 +- journald: enforce longer line length limit during "setup" phase of stream protocol + +* Fri Apr 30 2021 hexiaowen - 248-3 +- delete unused rebase-patch + +* Fri Apr 30 2021 hexiaowen - 248-2 +- delete unused patches + +* Fri Apr 30 2021 hexiaowen - 248-1 +- Rebase to version 248 + +* Wed Mar 31 2021 fangxiuning - 246-15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix userdata double free + +* Wed Mar 3 2021 shenyangyang - 246-14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix Failed to migrate controller cgroups from *: Permission denied + +* Sat Feb 27 2021 shenyangyang - 246-13 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:xdg autostart Lower most info messages to debug level + +* Sat Feb 27 2021 gaoyi - 246-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:just configure DefaultTasksMax when install + +* Tue Jan 26 2021 extinctfire - 246-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix login timeout 2 minutes + +* Fri Dec 18 2020 overweight - 246-10 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix 40-openEuler.rules for memory offline + +* Wed Dec 16 2020 shenyangyang - 246-9 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:do not create /var/log/journal on initial installation + +* Wed Nov 25 2020 shenyangyang - 246-8 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:don't enable systemd-journald-audit.socket by default + +* Thu Sep 17 2020 openEuler Buildteam - 246-7 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete unneed patches and rebase to bded6f + +* Fri Sep 11 2020 openEuler Buildteam - 246-6 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete unneed patches + +* Wed Sep 9 2020 openEuler Buildteam - 246-5 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:set default tasks max to 85% + +* Wed Sep 9 2020 openEuler Buildteam - 246-4 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix error handling on readv + +* Sat Aug 01 2020 openEuler Buildteam - 246-3 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to real release 246 + +* Tue Jul 7 2020 openEuler Buildteam - 246-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix buffer overrun when urlifying. + +* Fri Jun 12 2020 openEuler Buildteam - 246-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to release 246 + +* Thu May 28 2020 openEuler Buildteam - 243-23 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add requirement of systemd to libs + +* Mon May 11 2020 openEuler Buildteam - 243-22 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:solve the build failure caused by the upgrade of libseccomp + +* Mon Apr 27 2020 openEuler Buildteam - 243-21 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:resolve memleak of pid1 and add some patches + +* Thu Apr 9 2020 openEuler Buildteam - 243-20 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete redundant info in spec + +* Wed Mar 25 2020 openEuler Buildteam - 243-19 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add patch of CVE-2020-1714-5 + +* Fri Mar 13 2020 openEuler Buildteam - 243-18 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix two vf visual machines have the same mac address + +* Tue Mar 10 2020 openEuler Buildteam - 243-17 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix CVE-2020-1712 and close journal files that were deleted by journald + before we've setup inotify watch and bump pim_max to 80% + +* Thu Mar 5 2020 openEuler Buildteam - 243-16 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add 1603-udev-add-actions-while-rename-netif-failed.patch + +* Sat Feb 29 2020 openEuler Buildteam - 243-15 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update rtc with system clock when shutdown + +* Mon Feb 17 2020 openEuler Buildteam - 243-14 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:enable tests + +* Mon Feb 3 2020 openEuler Buildteam - 243-13 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:modify kvm authority 0660 and fix dbus daemon restart need 90s after killed + +* Tue Jan 21 2020 openEuler Buildteam - 243-12 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add systemd-libs + +* Sun Jan 19 2020 openEuler Buildteam - 243-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix resolv.conf has symlink default + +* Fri Jan 17 2020 openEuler Buildteam - 243-10 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix capsh drop but ping success and udev ignore error caused by device disconnection + +* Wed Jan 15 2020 openEuler Buildteam - 243-9 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded obsoletes + +* Wed Jan 08 2020 openEuler Buildteam - 243-8 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded patchs + +* Tue Dec 31 2019 openEuler Buildteam - 243-7 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded source + +* Mon Dec 23 2019 openEuler Buildteam - 243-6 +- Type:NA +- ID:NA +- SUG:NA +- DESC:modify name of persistent-storage.rules + +* Fri Dec 20 2019 jiangchuangang - 243-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:change time log level + +* Fri Nov 22 2019 shenyangyang - 243-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add efi_arch to solve build problem of x86 + +* Sat Sep 28 2019 guoxiaoqi - 243-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify default-hierarchy + +* Tue Sep 24 2019 shenyangyang - 243-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:revise requires + +* Thu Sep 12 2019 hexiaowen - 243-1 +- Update to release 243 + +* Tue Sep 10 2019 fangxiuning - 239-3.h43 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert fix two vf visual machines have the same mac address + +* Wed Sep 04 2019 fangxiuning - 239-3.h42 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix two vf visual machines have the same mac address + +* Sat Aug 31 2019 fangxiuning - 239-3.h41 +- Type:NA +- ID:NA +- SUG:NA +- DESC:timeout waiting for scaning on device 8:3 + +* Mon Aug 26 2019 shenyangyang - 239-3.h40 +- Type:NA +- ID:NA +- SUG:NA +- DESC:remove sensetive info + +* Wed Aug 21 2019 yangbin - 239-3.h39 +- Type:NA +- ID:NA +- SUG:NA +- DESC:merge from branch next to openeuler + +* Mon Aug 19 2019 fangxiuning - 239-3.h38 +- Type:NA +- ID:NA +- SUG:NA +- DESC:merge from branch next to openeuler + +* Thu Jul 25 2019 yangbin - 239-3.h37 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:change CPUSetMemMigrate type to bool + +* Tue Jul 23 2019 yangbin - 239-3.h36 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add systemd cgroup config for cpuset and freezon + +* Thu Jul 18 2019 fangxiuning - 239-3.h35 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: change support URL shown in the catalog entries + +* Tue Jul 09 2019 fangxiuning - 239-3.h34 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: add systemd dependency requires openssl-libs + +* Tue Jul 09 2019 fangxiuning - 239-3.h33 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: login: use parse_uid() when unmounting user runtime directory + +* Tue Jul 9 2019 fangxiuning - 239-3.h32 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix timedatectl set-timezone, UTC time wrong + +* Wed Jun 19 2019 cangyi - 239-3.h31 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix memleak on invalid message + +* Tue Jun 18 2019 cangyi - 239-3.h30 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: revert fix memleak on invalid message + +* Mon Jun 17 2019 wenjun - 239-3.h29 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert h26 + +* Mon Jun 17 2019 cangyi - 239-3.h28 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix memleak on invalid message + +* Wed Jun 12 2019 cangyi - 239-3.h27 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix warnings + +* Tue Jun 11 2019 wenjun - 239-3.h26 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix race between daemon-reload and other commands,remove useless patch + +* Mon Jun 10 2019 gaoyi - 239-3.h25 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:repair the test test-journal-syslog + https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 + +* Tue Jun 04 2019 gaoyi - 239-3.h24 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:backport CVE-2019-3844 CVE-2019-3843 + +* Mon Jun 3 2019 hexiaowen - 239-3.h23 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix CVE + +* Wed May 22 2019 hexiaowen - 239-3.h22 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix button_open sd_event_source leak + +* Mon May 20 2019 hexiaowen - 239-3.h21 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Fri May 17 2019 hexiaowen - 239-3.h20 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Thu May 16 2019 hexiaowen - 239-3.h19 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Mon May 13 2019 hexiaowen - 239-3.h17 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Mon May 13 2019 liuzhiqiang - 239-3.h16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:remove 86-network.rules and its ifup-hotplug script + +* Sun May 12 2019 hexiaowen - 239-3.h15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Set-DynamicUser-no-for-networkd-resolved-timesyncd + +* Wed May 8 2019 hexiaowen - 239-3.h14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Set-DynamicUser-no-for-networkd-resolved-timesyncd + +* Wed May 8 2019 hexiaowen - 239-3.h13 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:rename patches + +* Thu Apr 4 2019 luochunsheng - 239-3.h11 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:remove sensitive information + +* Wed Mar 27 2019 wangjia - 239-3.h10 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: rollback patch 1610-add-new-rules-for-lower-priority-events-to-preempt.patch, + this patch caused mount failed + +* Fri Mar 22 2019 hexiaowen - 239-3.h9 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: Open source fragment reference rectification + +* Thu Mar 21 2019 wangxiao - 239-3.h8 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: systemctl-fix-assert-for-failed-mktime-conversion.patch + network-link-Fix-logic-error-in-matching-devices-by-.patch + bus-socket-Fix-line_begins-to-accept-word-matching-f.patch + networkd-fix-overflow-check.patch + resolve-fix-memleak.patch + syslog-fix-segfault-in-syslog_parse_priority.patch + journald-free-the-allocated-memory-before-returning-.patch + resolvectl-free-the-block-of-memory-hashed-points-to.patch + util-do-not-use-stack-frame-for-parsing-arbitrary-in.patch + dynamic-user-fix-potential-segfault.patch + journald-fixed-assertion-failure-when-system-journal.patch + core-socket-fix-memleak-in-the-error-paths-in-usbffs.patch + systemd-do-not-pass-.wants-fragment-path-to-manager_.patch + verbs-reset-optind-10116.patch + network-fix-memleak-about-routing-policy.patch + network-fix-memleak-around-Network.dhcp_vendor_class.patch + sd-dhcp-lease-fix-memleaks.patch + meson-use-the-host-architecture-compiler-linker-for-.patch + dhcp6-fix-an-off-by-one-error-in-dhcp6_option_parse_.patch + bus-message-use-structured-initialization-to-avoid-u.patch + bus-message-do-not-crash-on-message-with-a-string-of.patch + bus-message-fix-skipping-of-array-fields-in-gvariant.patch + basic-hexdecoct-check-for-overflow.patch + journal-upload-add-asserts-that-snprintf-does-not-re.patch + bus-unit-util-fix-parsing-of-IPAddress-Allow-Deny.patch + terminal-util-extra-safety-checks-when-parsing-COLUM.patch + core-handle-OOM-during-deserialization-always-the-sa.patch + systemd-nspawn-do-not-crash-on-var-log-journal-creat.patch + core-don-t-create-Requires-for-workdir-if-missing-ok.patch + chown-recursive-let-s-rework-the-recursive-logic-to-.patch + network-fix-segfault-in-manager_free.patch + network-fix-possible-memleak-caused-by-multiple-sett.patch + network-fix-memleak-in-config_parse_hwaddr.patch + network-fix-memleak-abot-Address.label.patch + tmpfiles-fix-minor-memory-leak-on-error-path.patch + udevd-explicitly-set-default-value-of-global-variabl.patch + udev-handle-sd_is_socket-failure.patch + basic-remove-an-assertion-from-cunescape_one.patch + debug-generator-fix-minor-memory-leak.patch + journald-check-whether-sscanf-has-changed-the-value-.patch + coredumpctl-fix-leak-of-bus-connection.patch + vconsole-Don-t-skip-udev-call-for-dummy-device.patch + mount-don-t-propagate-errors-from-mount_setup_unit-f.patch + sd-device-fix-segfault-when-error-occurs-in-device_n.patch + boot-efi-use-a-wildcard-section-copy-for-final-EFI-g.patch + basic-hexdecoct-be-more-careful-in-overflow-check.patch + +* Fri Mar 15 2019 wangjia - 239-3.h7 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: modify RemoveIPC to false by default value + +* Wed Mar 13 2019 hexiaowen - 239-3.h6 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: add rc.local + +* Fri Mar 8 2019 hexiaowen - 239-3.h5 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: disable-initialize_clock + +* Sat Feb 09 2019 xuchunmei - 239-3.h4 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:do not create /var/log/journal on initial installation + +* Sat Feb 02 2019 Yi Cang - 239-3.h3 +- Type:enhance +- ID:NA +- SUG:restart +- DESC:sync patch + +* Tue Jan 29 2019 Yining Shen - 239-3.h2 +- Type:enhance +- ID:NA +- SUG:restart +- DESC:sync patch + journald-fix-allocate-failed-journal-file.patch + 1602-activation-service-must-be-restarted-when-reactivated.patch + 1509-fix-journal-file-descriptors-leak-problems.patch + 2016-set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch + 1612-serialize-pids-for-scope-when-not-started.patch + 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch + 1617-bus-cookie-must-wrap-around-to-1.patch + 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch + 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch + 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch + 1611-systemd-core-fix-problem-on-forking-service.patch + uvp-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch + uvp-bugfix-also-stop-machine-when-unit-in-active-but-leader-exited.patch + +* Mon Dec 10 2018 Zhipeng Xie - 239-3.h1 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:fix obs build fail + +* Mon Dec 10 2018 hexiaowen - 239-1 +- Package init -- Gitee