diff --git a/backport-README-explicitly-note-that-util-linux-s-mount-swap-.patch b/backport-README-explicitly-note-that-util-linux-s-mount-swap-.patch new file mode 100644 index 0000000000000000000000000000000000000000..fea640d4864cda53506353e6b83c56cd242b4ef5 --- /dev/null +++ b/backport-README-explicitly-note-that-util-linux-s-mount-swap-.patch @@ -0,0 +1,40 @@ +From 59c2b054cf3ea900915902e921f9fe4bdf1c039c Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Fri, 10 Feb 2023 11:58:20 +0000 +Subject: [PATCH] README: explicitly note that util-linux's mount/swap are + required + +These are the most visible and hard requirements, as we use options that +busybox does not provide, so list them explicitly to avoid surprises + +(cherry picked from commit 164070e497f36b6d8055e4338e07188dd975f6f2) +(cherry picked from commit 0dc9f7335d37be2a90f34e20f04573331bf3e4d3) +(cherry picked from commit facb134183d72c31636f09bcae080cf9337a6877) +(cherry picked from commit 3271bc9bec20345edc09c7209852c90bafde874a) + +Reference: https://github.com/systemd/systemd-stable/pull/259/commits/59c2b054cf3ea900915902e921f9fe4bdf1c039c + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + README | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/README b/README +index 0e5c326..a7ecbbd 100644 +--- a/README ++++ b/README +@@ -202,7 +202,9 @@ REQUIREMENTS: + During runtime, you need the following additional + dependencies: + +- util-linux >= v2.27.1 required ++ util-linux >= v2.27.1 required (including but not limited to: mount, ++ umount, swapon, swapoff, sulogin, ++ agetty, fsck) + dbus >= 1.4.0 (strictly speaking optional, but recommended) + NOTE: If using dbus < 1.9.18, you should override the default + policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). +-- +2.33.0 + diff --git a/backport-docs-remove-dev-tty-confusion.patch b/backport-docs-remove-dev-tty-confusion.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b9a30e268b37050a1e860fb2f763a5df72d0446 --- /dev/null +++ b/backport-docs-remove-dev-tty-confusion.patch @@ -0,0 +1,42 @@ +From 1e1a2538219e9db49062ba104b459a8ced33694a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 23 Dec 2022 18:39:54 +0100 +Subject: [PATCH] docs: remove /dev/tty* confusion + +The text said /dev/tty* as a whole was the VT subsystem and that VT is +not supported in containers. + +But that's not accurate as /dev/tty* will match /dev/tty too and that +one device node is special and is not related to VT: it always points to +the current process own controlling tty, regardless what that is. + +hence, rewrite /dev/tty* as /dev/tty[0-9]*. + +Reference: https://github.com/systemd/systemd/pull/25851/commits/7b3a5e26911c675970f045406161f412cee0ab84 + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + docs/CONTAINER_INTERFACE.md | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md +index ff458bd..41632b8 100644 +--- a/docs/CONTAINER_INTERFACE.md ++++ b/docs/CONTAINER_INTERFACE.md +@@ -292,9 +292,9 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular + you cannot link them to each other. + + 4. Do not pretend that the real VTs are available in the container. The VT +- subsystem consists of all the devices `/dev/tty*`, `/dev/vcs*`, `/dev/vcsa*` +- plus their `sysfs` counterparts. They speak specific `ioctl()`s and +- understand specific escape sequences, that other ptys don't understand. ++ subsystem consists of all the devices `/dev/tty[0-9]*`, `/dev/vcs*`, ++ `/dev/vcsa*` plus their `sysfs` counterparts. They speak specific `ioctl()`s ++ and understand specific escape sequences, that other ptys don't understand. + Hence, it is explicitly not OK to mount a pty to `/dev/tty1`, `/dev/tty2`, + `/dev/tty3`. This is explicitly not supported. + +-- +2.33.0 + diff --git a/backport-importd-Always-specify-file-unpacked-by-tar.patch b/backport-importd-Always-specify-file-unpacked-by-tar.patch new file mode 100644 index 0000000000000000000000000000000000000000..1af5e03b2bf4ca942589706b4a9728d1f333779f --- /dev/null +++ b/backport-importd-Always-specify-file-unpacked-by-tar.patch @@ -0,0 +1,42 @@ +From 3a609cf64f74f78697ef1ad05d85f9c0ef07f87c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= +Date: Sat, 28 Jan 2023 22:32:41 +0100 +Subject: [PATCH] importd: Always specify file unpacked by tar + +Despite popular belief, the default file extracted by GNU tar is not stdin. It +is the value of the TAPE environment variable, falling back on a compile-time +constant. On my system, the default value is /dev/full, which causes tar to +just spin forever due to --ignore-zeros. Always specifying this flag is the +safe thing to do. + + ~$ tar --show-defaults + --format=gnu -f/dev/full -b20 --quoting-style=escape + --rmt-command=/usr/sbin/grmt + +See also: ``(tar)defaults'', available via Info viewers, and in HTML form at: +https://www.gnu.org/s/tar/manual/html_node/defaults.html + +Reference: https://github.com/systemd/systemd/pull/26243/commits/f28d94106d6ed01420079f1034e332193c12d6dd + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + src/import/import-common.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/import/import-common.c b/src/import/import-common.c +index f77564c..70a0a73 100644 +--- a/src/import/import-common.c ++++ b/src/import/import-common.c +@@ -97,6 +97,8 @@ int import_fork_tar_x(const char *path, pid_t *ret) { + "--numeric-owner", + "-C", path, + "-px", ++ "-pxf", ++ "-", + "--xattrs", + "--xattrs-include=*", + use_selinux ? "--selinux" : "--no-selinux", +-- +2.33.0 + diff --git a/backport-man-fix-section-number.patch b/backport-man-fix-section-number.patch new file mode 100644 index 0000000000000000000000000000000000000000..65e30a028b444a5e3496f5d98e4850ae9cd25666 --- /dev/null +++ b/backport-man-fix-section-number.patch @@ -0,0 +1,27 @@ +From 4c73ddaddb8d7bee8409148f86c67f09f9b2107b Mon Sep 17 00:00:00 2001 +From: zhaoxiaohu +Date: Tue, 27 Aug 2024 21:10:42 +0800 +Subject: [PATCH] man: fix section number + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + man/tmpfiles.d.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml +index 261de59..8844443 100644 +--- a/man/tmpfiles.d.xml ++++ b/man/tmpfiles.d.xml +@@ -90,7 +90,7 @@ A+ /path-or-glob/to/append/acls/recursively - - - - POSIX + + systemd-tmpfiles uses this configuration to create volatile files and + directories during boot and to do periodic cleanup afterwards. See +- systemd-tmpfiles5 for ++ systemd-tmpfiles8 for + the description of systemd-tmpfiles-setup.service, + systemd-tmpfiles-clean.service, and associated units. + +-- +2.33.0 + diff --git a/backport-repart-fix-invalid-errno-in-log.patch b/backport-repart-fix-invalid-errno-in-log.patch new file mode 100644 index 0000000000000000000000000000000000000000..1c0f218b43e2dd7ed1a1809ccc92bce09ea713bf --- /dev/null +++ b/backport-repart-fix-invalid-errno-in-log.patch @@ -0,0 +1,34 @@ +From 1a1c880e6f5d907a2e8361ca9b3d486450293581 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 6 Feb 2023 10:00:50 +0100 +Subject: [PATCH] repart: fix invalid errno in log + +(cherry picked from commit 375ffdba43f6dac5f4b1222d4e345f7cdf868f8c) +(cherry picked from commit 31b7785814fa9e82a1d48e4b5a6b1f6df1110b03) +(cherry picked from commit 828e73a7bb17cf8ec4a0f90004a878fcc839add5) +(cherry picked from commit 53be27c44b0e5f6a763ac60108325e5a41864857) + +Reference: https://github.com/systemd/systemd-stable/pull/259/commits/1a1c880e6f5d907a2e8361ca9b3d486450293581 + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + src/partition/repart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/partition/repart.c b/src/partition/repart.c +index 9f0fe9e..36865ac 100644 +--- a/src/partition/repart.c ++++ b/src/partition/repart.c +@@ -3901,7 +3901,7 @@ static int resolve_copy_blocks_auto( + continue; + } + if (major(sl) == 0) { +- log_debug_errno(r, "Device backing %s is special, ignoring: %m", q); ++ log_debug("Device backing %s is special, ignoring.", q); + continue; + } + +-- +2.33.0 + diff --git a/backport-sysusers-insist-that-root-group-is-0.patch b/backport-sysusers-insist-that-root-group-is-0.patch new file mode 100644 index 0000000000000000000000000000000000000000..859acd11c4fc9694c409ca8b899dd453d4dc94bc --- /dev/null +++ b/backport-sysusers-insist-that-root-group-is-0.patch @@ -0,0 +1,57 @@ +From 5f9fdbbeeb15fda7b69e3dfd027f556178431202 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 31 Jan 2023 17:04:10 +0100 +Subject: [PATCH] sysusers: insist that root group is 0 + +In https://bugzilla.redhat.com/show_bug.cgi?id=2156900 sysusers was reporting a +conflict between the following lines: + u root 0:0 "Super User" /root /bin/bash + u root 0 "Super User" /root + +The problem is that those configurations are indeed not equivalent. If group 0 +exists with a different name, the first line would just create the user, but the +second line would create a 'root' group with a different GID. The second +behaviour seems definitely wrong. (Or at least more confusing in practice than +the first one. The system is in a strange shape, but the second approach takes +an additional step than is worse than doing nothing.) + +When this line was initially added, we didn't have the uid:gid functionality for +'u', so we didn't think about this too much. But now we do, so we should use it. + +$ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'g foobar 0' +Creating group 'foobar' with GID 0. + +$ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'u root 0 "Zuper zuper"' +src/sysusers/sysusers.c:1365: Creating group 'root' with GID 999. +src/sysusers/sysusers.c:1115: Suggested user ID 0 for root already used. +src/sysusers/sysusers.c:1183: Creating user 'root' (Zuper zuper) with UID 999 and GID 999. + +vs. + +$ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'u root 0:0 "Zuper zuper"' +src/sysusers/sysusers.c:1183: Creating user 'root' (Zuper zuper) with UID 0 and GID 0. + +https://github.com/systemd/systemd/pull/26270/commits/a5cca2983e5bbbe3b0582412f4b3962c585b59a1 + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + sysusers.d/basic.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in +index 8cc1a7c..bf274b6 100644 +--- a/sysusers.d/basic.conf.in ++++ b/sysusers.d/basic.conf.in +@@ -6,7 +6,7 @@ + # (at your option) any later version. + + # The superuser +-u root 0 "Super User" /root ++u root 0:0 "Super User" /root + + # The nobody user for NFS file systems + u {{NOBODY_USER_NAME}} 65534 "Nobody" - +-- +2.33.0 + diff --git a/backport-userdb-Use-json_dispatch_user_group_name-to-parse-Ge.patch b/backport-userdb-Use-json_dispatch_user_group_name-to-parse-Ge.patch new file mode 100644 index 0000000000000000000000000000000000000000..5189809041c7816db47648ed22854191482fb67f --- /dev/null +++ b/backport-userdb-Use-json_dispatch_user_group_name-to-parse-Ge.patch @@ -0,0 +1,37 @@ +From 98ca2c0b2736794408caac1bf3a9dbfedf7da4c7 Mon Sep 17 00:00:00 2001 +From: Samuel Cabrero +Date: Fri, 10 Feb 2023 14:04:27 +0100 +Subject: [PATCH] userdb: Use json_dispatch_user_group_name() to parse + GetMembership fields + +It allows to relax the checks and allow characters like '\', used by +windows to split the domain name and user name. + +For reference, discussion in the systemd-devel mailing list: +https://lists.freedesktop.org/archives/systemd-devel/2023-February/048804.html +https://github.com/systemd/systemd-stable/pull/259/commits/98ca2c0b2736794408caac1bf3a9dbfedf7da4c7 + +Signed-off-by: Samuel Cabrero +Signed-off-by: yuwang +--- + src/shared/userdb.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/userdb.c b/src/shared/userdb.c +index 91ac7c3..738da2b 100644 +--- a/src/shared/userdb.c ++++ b/src/shared/userdb.c +@@ -296,8 +296,8 @@ static int userdb_on_query_reply( + } membership_data = {}; + + static const JsonDispatch dispatch_table[] = { +- { "userName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(struct membership_data, user_name), JSON_SAFE }, +- { "groupName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(struct membership_data, group_name), JSON_SAFE }, ++ { "userName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(struct membership_data, user_name), JSON_RELAX }, ++ { "groupName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(struct membership_data, group_name), JSON_RELAX }, + {} + }; + +-- +2.33.0 + diff --git a/systemd.spec b/systemd.spec index d8565c81521e4a01be7a5d9003ca99fd2044e7af..31fb8ef8575fbe638c6efd072f2c6034ad4f2bec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -25,7 +25,7 @@ Name: systemd Url: https://systemd.io/ Version: 249 -Release: 90 +Release: 91 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -687,6 +687,13 @@ Patch6634: backport-man-fix-directory-for-user-home-bind-mounts.patch Patch6635: backport-nspawn-fix-directory-in-logged-error.patch Patch6636: backport-test-boot-timestamp-Handle-ERANGE-error.patch Patch6637: backport-core-when-isolating-to-a-unit-also-keep-units-runnin.patch +Patch6638: backport-userdb-Use-json_dispatch_user_group_name-to-parse-Ge.patch +Patch6639: backport-README-explicitly-note-that-util-linux-s-mount-swap-.patch +Patch6640: backport-man-fix-section-number.patch +Patch6641: backport-repart-fix-invalid-errno-in-log.patch +Patch6642: backport-sysusers-insist-that-root-group-is-0.patch +Patch6643: backport-importd-Always-specify-file-unpacked-by-tar.patch +Patch6644: backport-docs-remove-dev-tty-confusion.patch Patch9001: update-rtc-with-system-clock-when-shutdown.patch Patch9002: udev-add-actions-while-rename-netif-failed.patch @@ -2201,6 +2208,15 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && /usr/bin/systemd-cryptenroll %changelog +* Wed Dec 04 2024 zhangyao - 249-91 +- add backport-userdb-Use-json_dispatch_user_group_name-to-parse-Ge.patch + backport-README-explicitly-note-that-util-linux-s-mount-swap-.patch + backport-man-fix-section-number.patch + backport-repart-fix-invalid-errno-in-log.patch + backport-sysusers-insist-that-root-group-is-0.patch + backport-importd-Always-specify-file-unpacked-by-tar.patch + backport-docs-remove-dev-tty-confusion.patch + * Wed Dec 04 2024 zhangyao - 249-90 - add backport-core-when-isolating-to-a-unit-also-keep-units-runnin.patch