From e0b3b4954443147ea36901959d769cea56f8b701 Mon Sep 17 00:00:00 2001 From: Arnaldo Garcia Rincon Date: Mon, 24 Jul 2023 20:22:34 +0000 Subject: [PATCH 1/2] systemd: use unnumbered patches Signed-off-by: Arnaldo Garcia Rincon --- ...se-absolute-path-for-var-run-symlink.patch | 6 +-- ...separate-timeout-for-system-shutdown.patch | 29 +++++++------- ...-generate-stable-ID-under-Xen-and-VM.patch | 20 +++++----- .../9004-units-mount-tmp-with-noexec.patch | 6 +-- ...nt-setup-apply-noexec-to-more-mounts.patch | 8 ++-- ...-setup-mount-etc-with-specific-label.patch | 10 ++--- ...sable-keyed-hashes-for-compatibility.patch | 38 ------------------- ...onfig-stop-hardcoding-prefix-to-usr.patch} | 8 ++-- ...l-do-not-set-rp_filter-via-wildcard.patch} | 6 +-- ...sers-set-root-shell-to-sbin-nologin.patch} | 8 ++-- ...keep-modprobe-service-units-running.patch} | 10 ++--- ...tworkd-entries-into-a-separate-file.patch} | 10 ++--- ...Conditionalize-hostnamed-timezoned-.patch} | 8 ++-- packages/systemd/systemd.spec | 17 +++------ 14 files changed, 71 insertions(+), 113 deletions(-) delete mode 100644 packages/systemd/9007-journal-disable-keyed-hashes-for-compatibility.patch rename packages/systemd/{9008-pkg-config-stop-hardcoding-prefix-to-usr.patch => 9007-pkg-config-stop-hardcoding-prefix-to-usr.patch} (80%) rename packages/systemd/{9009-sysctl-do-not-set-rp_filter-via-wildcard.patch => 9008-sysctl-do-not-set-rp_filter-via-wildcard.patch} (87%) rename packages/systemd/{9010-sysusers-set-root-shell-to-sbin-nologin.patch => 9009-sysusers-set-root-shell-to-sbin-nologin.patch} (77%) rename packages/systemd/{9011-units-keep-modprobe-service-units-running.patch => 9010-units-keep-modprobe-service-units-running.patch} (68%) rename packages/systemd/{9012-tmpfiles-Split-networkd-entries-into-a-separate-file.patch => 9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch} (93%) rename packages/systemd/{9013-systemd-networkd-Conditionalize-hostnamed-timezoned-DBUS.patch => 9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch} (96%) diff --git a/packages/systemd/9001-use-absolute-path-for-var-run-symlink.patch b/packages/systemd/9001-use-absolute-path-for-var-run-symlink.patch index cfff79430c3..8a72deed1ff 100644 --- a/packages/systemd/9001-use-absolute-path-for-var-run-symlink.patch +++ b/packages/systemd/9001-use-absolute-path-for-var-run-symlink.patch @@ -1,7 +1,7 @@ -From 4582d854afd5b42fdc952fafd89d762dcb279da9 Mon Sep 17 00:00:00 2001 +From 2e4d5ecb4c47a9d2d20cb4de42484eda032a5262 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Mon, 3 Jan 2022 20:22:17 +0000 -Subject: [PATCH 9001/9011] use absolute path for /var/run symlink +Subject: [PATCH] use absolute path for /var/run symlink Otherwise the symlink may be broken if /var is a bind mount from somewhere else. @@ -25,5 +25,5 @@ index 557dd20..bf84f5a 100644 d /var/log 0755 - - - {% if ENABLE_UTMP %} -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9002-core-add-separate-timeout-for-system-shutdown.patch b/packages/systemd/9002-core-add-separate-timeout-for-system-shutdown.patch index 404118d30de..68c6726e65c 100644 --- a/packages/systemd/9002-core-add-separate-timeout-for-system-shutdown.patch +++ b/packages/systemd/9002-core-add-separate-timeout-for-system-shutdown.patch @@ -1,7 +1,7 @@ -From 71a774ad3c3dfd5f9ddb96f7b08a957144e93323 Mon Sep 17 00:00:00 2001 +From e66920d0a95a3e53b24a2f270420a85d0f2395ea Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Tue, 10 Mar 2020 20:30:10 +0000 -Subject: [PATCH 9002/9011] core: add separate timeout for system shutdown +Subject: [PATCH] core: add separate timeout for system shutdown There is an existing setting for this (DefaultTimeoutStopUSec), but changing it has no effect because `reset_arguments()` is called just @@ -13,16 +13,17 @@ services, and for cleaning up stray processes after most of userspace has gone away. Signed-off-by: Ben Cressey +Signed-off-by: Arnaldo Garcia Rincon --- src/basic/def.h | 3 +++ src/core/main.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/basic/def.h b/src/basic/def.h -index eccee3d..3f5bef5 100644 +index 2b4de29..22034c7 100644 --- a/src/basic/def.h +++ b/src/basic/def.h -@@ -13,6 +13,9 @@ +@@ -18,6 +18,9 @@ * the watchdog pings will keep the loop busy. */ #define DEFAULT_EXIT_USEC (30*USEC_PER_SEC) @@ -33,34 +34,34 @@ index eccee3d..3f5bef5 100644 #define DEFAULT_UNIX_MAX_DGRAM_QLEN 512UL diff --git a/src/core/main.c b/src/core/main.c -index 57aedb9..45fc78c 100644 +index a84fafa..0981742 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -131,6 +131,7 @@ static ExecOutput arg_default_std_error; +@@ -133,6 +133,7 @@ static ExecOutput arg_default_std_error; static usec_t arg_default_restart_usec; static usec_t arg_default_timeout_start_usec; static usec_t arg_default_timeout_stop_usec; +static usec_t arg_default_timeout_shutdown_usec; static usec_t arg_default_timeout_abort_usec; + static usec_t arg_default_device_timeout_usec; static bool arg_default_timeout_abort_set; - static usec_t arg_default_start_limit_interval; -@@ -1552,7 +1553,7 @@ static int become_shutdown( +@@ -1492,7 +1493,7 @@ static int become_shutdown( env_block = strv_copy(environ); - xsprintf(log_level, "%d", log_get_max_level()); -- xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec); -+ xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_shutdown_usec); + xsprintf(log_level, "--log-level=%d", log_get_max_level()); +- xsprintf(timeout, "--timeout=%" PRI_USEC "us", arg_default_timeout_stop_usec); ++ xsprintf(timeout, "--timeout=%" PRI_USEC "us", arg_default_timeout_shutdown_usec); switch (log_get_target()) { -@@ -2443,6 +2444,7 @@ static void reset_arguments(void) { +@@ -2410,6 +2411,7 @@ static void reset_arguments(void) { arg_default_restart_usec = DEFAULT_RESTART_USEC; arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC; arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC; + arg_default_timeout_shutdown_usec = DEFAULT_TIMEOUT_SHUTDOWN_USEC; arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC; arg_default_timeout_abort_set = false; - arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL; + arg_default_device_timeout_usec = DEFAULT_TIMEOUT_USEC; -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9003-machine-id-setup-generate-stable-ID-under-Xen-and-VM.patch b/packages/systemd/9003-machine-id-setup-generate-stable-ID-under-Xen-and-VM.patch index df05505e250..8400c8ebae1 100644 --- a/packages/systemd/9003-machine-id-setup-generate-stable-ID-under-Xen-and-VM.patch +++ b/packages/systemd/9003-machine-id-setup-generate-stable-ID-under-Xen-and-VM.patch @@ -1,30 +1,30 @@ -From 95824ee80743b604e4b1757818f1ea7bf2971462 Mon Sep 17 00:00:00 2001 +From dd1d0221bb0ff143277faa4a7341e290a3941587 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Mon, 3 Jan 2022 21:57:11 +0000 -Subject: [PATCH 9003/9011] machine-id-setup: generate stable ID under Xen and - VMware +Subject: [PATCH] machine-id-setup: generate stable ID under Xen and VMware Signed-off-by: Ben Cressey +Signed-off-by: Arnaldo Garcia Rincon --- src/libsystemd/sd-id128/id128-util.c | 2 ++ src/shared/machine-id-setup.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-id128/id128-util.c b/src/libsystemd/sd-id128/id128-util.c -index 7c66d1c..edfebcb 100644 +index 2cf8848..fd011a1 100644 --- a/src/libsystemd/sd-id128/id128-util.c +++ b/src/libsystemd/sd-id128/id128-util.c -@@ -220,6 +220,8 @@ int id128_get_product(sd_id128_t *ret) { - r = id128_read("/sys/class/dmi/id/product_uuid", ID128_UUID, &uuid); +@@ -184,6 +184,8 @@ int id128_get_product(sd_id128_t *ret) { + r = id128_read("/sys/class/dmi/id/product_uuid", ID128_FORMAT_UUID, &uuid); if (r == -ENOENT) - r = id128_read("/proc/device-tree/vm,uuid", ID128_UUID, &uuid); + r = id128_read("/proc/device-tree/vm,uuid", ID128_FORMAT_UUID, &uuid); + if (r == -ENOENT) -+ r = id128_read("/sys/hypervisor/uuid", ID128_UUID, &uuid); ++ r = id128_read("/sys/hypervisor/uuid", ID128_FORMAT_UUID, &uuid); if (r < 0) return r; diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c -index e483675..809f1bc 100644 +index 787c076..eccb332 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -60,7 +60,8 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) { @@ -38,5 +38,5 @@ index e483675..809f1bc 100644 /* If we are not running in a container, see if we are running in a VM that provides * a system UUID via the SMBIOS/DMI interfaces. Such environments include QEMU/KVM -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9004-units-mount-tmp-with-noexec.patch b/packages/systemd/9004-units-mount-tmp-with-noexec.patch index f0d41d809fc..ff3e3597f88 100644 --- a/packages/systemd/9004-units-mount-tmp-with-noexec.patch +++ b/packages/systemd/9004-units-mount-tmp-with-noexec.patch @@ -1,7 +1,7 @@ -From e02f2a077e97a4f73697ef9a6769e41401b1ca97 Mon Sep 17 00:00:00 2001 +From d9eb89767267d43f13c30ce74f6e9c34c4000274 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Sat, 28 May 2022 03:52:28 +0000 -Subject: [PATCH 9004/9011] units: mount /tmp with noexec +Subject: [PATCH] units: mount /tmp with noexec Signed-off-by: Ben Cressey --- @@ -19,5 +19,5 @@ index 734acea..e4990b7 100644 -Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m +Options=mode=1777,strictatime,nosuid,nodev,noexec,size=50%%,nr_inodes=1m -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9005-mount-setup-apply-noexec-to-more-mounts.patch b/packages/systemd/9005-mount-setup-apply-noexec-to-more-mounts.patch index 00ef435d21d..904aa07a743 100644 --- a/packages/systemd/9005-mount-setup-apply-noexec-to-more-mounts.patch +++ b/packages/systemd/9005-mount-setup-apply-noexec-to-more-mounts.patch @@ -1,7 +1,7 @@ -From 5a822486905915396d27da85b336f0877e612532 Mon Sep 17 00:00:00 2001 +From e6565e7f288f84b9e5f723c55ca9e5619b0db846 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Sat, 28 May 2022 03:49:46 +0000 -Subject: [PATCH 9005/9011] mount-setup: apply noexec to more mounts +Subject: [PATCH] mount-setup: apply noexec to more mounts Signed-off-by: Ben Cressey --- @@ -9,7 +9,7 @@ Signed-off-by: Ben Cressey 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c -index 7917968..debc043 100644 +index 7ba579e..03fc774 100644 --- a/src/shared/mount-setup.c +++ b/src/shared/mount-setup.c @@ -73,18 +73,18 @@ static const MountPoint mount_table[] = { @@ -36,5 +36,5 @@ index 7917968..debc043 100644 { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate,memory_recursiveprot", MS_NOSUID|MS_NOEXEC|MS_NODEV, cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9006-mount-setup-mount-etc-with-specific-label.patch b/packages/systemd/9006-mount-setup-mount-etc-with-specific-label.patch index 27e3ef2533d..664301813d9 100644 --- a/packages/systemd/9006-mount-setup-mount-etc-with-specific-label.patch +++ b/packages/systemd/9006-mount-setup-mount-etc-with-specific-label.patch @@ -1,7 +1,7 @@ -From 2e871585a26b1f107db88a0ec0d9951735a6ec49 Mon Sep 17 00:00:00 2001 +From d45be2a1f7a2d58efff7921c350fffe8f26901a4 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Thu, 9 Jul 2020 20:00:36 +0000 -Subject: [PATCH 9006/9011] mount-setup: mount /etc with specific label +Subject: [PATCH] mount-setup: mount /etc with specific label The filesystem is mounted after we load the SELinux policy, so we can apply the label we need to restrict access. @@ -12,7 +12,7 @@ Signed-off-by: Ben Cressey 1 file changed, 4 insertions(+) diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c -index debc043..a9c00b3 100644 +index 03fc774..8a25823 100644 --- a/src/shared/mount-setup.c +++ b/src/shared/mount-setup.c @@ -61,6 +61,8 @@ typedef struct MountPoint { @@ -24,7 +24,7 @@ index debc043..a9c00b3 100644 static const MountPoint mount_table[] = { { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_FATAL|MNT_IN_CONTAINER|MNT_FOLLOW_SYMLINK }, -@@ -110,6 +112,8 @@ static const MountPoint mount_table[] = { +@@ -112,6 +114,8 @@ static const MountPoint mount_table[] = { #endif { "bpf", "/sys/fs/bpf", "bpf", "mode=700", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_NONE, }, @@ -34,5 +34,5 @@ index debc043..a9c00b3 100644 bool mount_point_is_api(const char *path) { -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9007-journal-disable-keyed-hashes-for-compatibility.patch b/packages/systemd/9007-journal-disable-keyed-hashes-for-compatibility.patch deleted file mode 100644 index 6e829d23e7e..00000000000 --- a/packages/systemd/9007-journal-disable-keyed-hashes-for-compatibility.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 81808b8ed1259d4d05052b6825d9b560f93098e5 Mon Sep 17 00:00:00 2001 -From: Ben Cressey -Date: Thu, 12 Nov 2020 16:18:15 +0000 -Subject: [PATCH 9007/9011] journal: disable keyed hashes for compatibility - -Otherwise the journal is not readable by older versions of systemd. - -This is applied as a patch so it will fail to apply when upstream -removes the environment variable override. - -Signed-off-by: Ben Cressey ---- - src/libsystemd/sd-journal/journal-file.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 369b328..0d0a005 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -3325,13 +3325,12 @@ int journal_file_open( - #endif - }; - -- /* We turn on keyed hashes by default, but provide an environment variable to turn them off, if -- * people really want that */ -+ /* Turn off keyed hashes by default. */ - r = getenv_bool("SYSTEMD_JOURNAL_KEYED_HASH"); - if (r < 0) { - if (r != -ENXIO) - log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_KEYED_HASH environment variable, ignoring."); -- f->keyed_hash = true; -+ f->keyed_hash = false; - } else - f->keyed_hash = r; - --- -2.36.1 - diff --git a/packages/systemd/9008-pkg-config-stop-hardcoding-prefix-to-usr.patch b/packages/systemd/9007-pkg-config-stop-hardcoding-prefix-to-usr.patch similarity index 80% rename from packages/systemd/9008-pkg-config-stop-hardcoding-prefix-to-usr.patch rename to packages/systemd/9007-pkg-config-stop-hardcoding-prefix-to-usr.patch index b85c443257d..d27612f7323 100644 --- a/packages/systemd/9008-pkg-config-stop-hardcoding-prefix-to-usr.patch +++ b/packages/systemd/9007-pkg-config-stop-hardcoding-prefix-to-usr.patch @@ -1,7 +1,7 @@ -From dc6abce8797a6a2e63c4ae58218588327e73d4cb Mon Sep 17 00:00:00 2001 +From 692205df10b9a803d5324c5284605481722b27a1 Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Mon, 3 Jan 2022 22:07:25 +0000 -Subject: [PATCH 9008/9011] pkg-config: stop hardcoding prefix to /usr +Subject: [PATCH] pkg-config: stop hardcoding prefix to /usr While we ensure /usr points to the sys-root at runtime, for Bottlerocket's packaging we need to be careful to avoid dependencies on the host OS so @@ -11,7 +11,7 @@ the prefix needs to be configurable. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index fc0f8c3..afe7b02 100644 +index 693433b..c5ba688 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in @@ -11,7 +11,7 @@ @@ -24,5 +24,5 @@ index fc0f8c3..afe7b02 100644 rootprefix=${root_prefix} sysconf_dir={{SYSCONF_DIR}} -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9009-sysctl-do-not-set-rp_filter-via-wildcard.patch b/packages/systemd/9008-sysctl-do-not-set-rp_filter-via-wildcard.patch similarity index 87% rename from packages/systemd/9009-sysctl-do-not-set-rp_filter-via-wildcard.patch rename to packages/systemd/9008-sysctl-do-not-set-rp_filter-via-wildcard.patch index edd5e784d9c..3c836678f54 100644 --- a/packages/systemd/9009-sysctl-do-not-set-rp_filter-via-wildcard.patch +++ b/packages/systemd/9008-sysctl-do-not-set-rp_filter-via-wildcard.patch @@ -1,7 +1,7 @@ -From 0aee69ee8b337ff50d4f7723e3c93f222bf239b1 Mon Sep 17 00:00:00 2001 +From e100d5345ad9104697ece66a4d638807df74e6b8 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Mon, 21 Jun 2021 20:53:47 +0000 -Subject: [PATCH 9009/9011] sysctl: do not set rp_filter via wildcard +Subject: [PATCH] sysctl: do not set rp_filter via wildcard The wildcard matches existing interfaces when `systemd-sysctl` runs at startup, but also applies to new interfaces when it is invoked by @@ -32,5 +32,5 @@ index f41e24b..9a6ae96 100644 # Do not accept source routing -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9010-sysusers-set-root-shell-to-sbin-nologin.patch b/packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch similarity index 77% rename from packages/systemd/9010-sysusers-set-root-shell-to-sbin-nologin.patch rename to packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch index 6a21f274582..7a96aeeafd5 100644 --- a/packages/systemd/9010-sysusers-set-root-shell-to-sbin-nologin.patch +++ b/packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch @@ -1,7 +1,7 @@ -From 569fd4752f891f07643658b5d3478200346a12cb Mon Sep 17 00:00:00 2001 +From 4280d48485805d16481f63834c355e2e0c42c761 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Sat, 28 May 2022 04:12:07 +0000 -Subject: [PATCH 9010/9011] sysusers: set root shell to /sbin/nologin +Subject: [PATCH] sysusers: set root shell to /sbin/nologin Signed-off-by: Ben Cressey --- @@ -9,7 +9,7 @@ Signed-off-by: Ben Cressey 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in -index a1af8be098..b9955c55c6 100644 +index a1af8be..b9955c5 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -7,7 +7,7 @@ @@ -22,5 +22,5 @@ index a1af8be098..b9955c55c6 100644 # The nobody user/group for NFS file systems g {{NOBODY_GROUP_NAME}} 65534 - - -- -2.25.1 +2.40.1 diff --git a/packages/systemd/9011-units-keep-modprobe-service-units-running.patch b/packages/systemd/9010-units-keep-modprobe-service-units-running.patch similarity index 68% rename from packages/systemd/9011-units-keep-modprobe-service-units-running.patch rename to packages/systemd/9010-units-keep-modprobe-service-units-running.patch index 616088906cc..b9dee2da8a7 100644 --- a/packages/systemd/9011-units-keep-modprobe-service-units-running.patch +++ b/packages/systemd/9010-units-keep-modprobe-service-units-running.patch @@ -1,7 +1,7 @@ -From 13bf60bf11edf407246176262865c8e93f66c1e8 Mon Sep 17 00:00:00 2001 +From 4444604feb71d9b31896fbf0a5bf02e8270a3411 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Sun, 17 Jul 2022 16:21:16 +0000 -Subject: [PATCH 9011/9011] units: keep modprobe service units running +Subject: [PATCH] units: keep modprobe service units running Otherwise, the units are restarted when the default target changes. @@ -11,14 +11,14 @@ Signed-off-by: Ben Cressey 1 file changed, 1 insertion(+) diff --git a/units/modprobe@.service b/units/modprobe@.service -index cf8baf6..a029ab0 100644 +index 85a2c08..2994082 100644 --- a/units/modprobe@.service +++ b/units/modprobe@.service -@@ -17,3 +17,4 @@ ConditionCapability=CAP_SYS_MODULE +@@ -18,3 +18,4 @@ StartLimitIntervalSec=0 [Service] Type=oneshot ExecStart=-/sbin/modprobe -abq %I +RemainAfterExit=true -- -2.36.1 +2.40.1 diff --git a/packages/systemd/9012-tmpfiles-Split-networkd-entries-into-a-separate-file.patch b/packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch similarity index 93% rename from packages/systemd/9012-tmpfiles-Split-networkd-entries-into-a-separate-file.patch rename to packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch index 091d3ea47ce..a447b6d4f77 100644 --- a/packages/systemd/9012-tmpfiles-Split-networkd-entries-into-a-separate-file.patch +++ b/packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch @@ -1,4 +1,4 @@ -From abdd268ab3c16c606a1578e5d40d5847a1d99523 Mon Sep 17 00:00:00 2001 +From 036e90b85cc26200b1887ca764f703f2a9f4fb74 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 27 Apr 2022 10:25:22 +0100 Subject: [PATCH] tmpfiles: Split networkd entries into a separate file @@ -15,7 +15,7 @@ into a separate file to make that possible. create mode 100644 tmpfiles.d/systemd-network.conf diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build -index b8d3919025..7c2604cfe1 100644 +index b8d3919..7c2604c 100644 --- a/tmpfiles.d/meson.build +++ b/tmpfiles.d/meson.build @@ -13,6 +13,7 @@ files = [['README', ''], @@ -28,7 +28,7 @@ index b8d3919025..7c2604cfe1 100644 foreach pair : files diff --git a/tmpfiles.d/systemd-network.conf b/tmpfiles.d/systemd-network.conf new file mode 100644 -index 0000000000..b30bc914a5 +index 0000000..b30bc91 --- /dev/null +++ b/tmpfiles.d/systemd-network.conf @@ -0,0 +1,13 @@ @@ -46,7 +46,7 @@ index 0000000000..b30bc914a5 +d /run/systemd/netif/leases 0755 systemd-network systemd-network - +d /run/systemd/netif/lldp 0755 systemd-network systemd-network - diff --git a/tmpfiles.d/systemd.conf.in b/tmpfiles.d/systemd.conf.in -index 9b2357cd31..e23e102782 100644 +index 9b2357c..e23e102 100644 --- a/tmpfiles.d/systemd.conf.in +++ b/tmpfiles.d/systemd.conf.in @@ -18,12 +18,6 @@ d /run/systemd/sessions 0755 root root - @@ -63,5 +63,5 @@ index 9b2357cd31..e23e102782 100644 d /run/log 0755 root root - -- -2.38.1 +2.40.1 diff --git a/packages/systemd/9013-systemd-networkd-Conditionalize-hostnamed-timezoned-DBUS.patch b/packages/systemd/9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch similarity index 96% rename from packages/systemd/9013-systemd-networkd-Conditionalize-hostnamed-timezoned-DBUS.patch rename to packages/systemd/9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch index 22df4230e7a..6798700b4db 100644 --- a/packages/systemd/9013-systemd-networkd-Conditionalize-hostnamed-timezoned-DBUS.patch +++ b/packages/systemd/9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch @@ -1,4 +1,4 @@ -From a30b5e19083d88a9e26027488e42cc3105ad4689 Mon Sep 17 00:00:00 2001 +From 3ba1f48b28c5d510222066e5a9b211828ac8f426 Mon Sep 17 00:00:00 2001 From: Zac Mrowicki Date: Thu, 6 Jul 2023 17:50:28 +0000 Subject: [PATCH] systemd-networkd: Conditionalize hostnamed/timezoned DBUS @@ -59,7 +59,7 @@ index c19bc10..9d13cde 100644 bool address_is_filtered(int family, const union in_addr_union *address, uint8_t prefixlen, Set *allow_list, Set *deny_list); static inline bool in4_address_is_filtered(const struct in_addr *address, Set *allow_list, Set *deny_list) { diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c -index ff2770f..a225526 100644 +index ff2770f..5aede2d 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -845,6 +845,7 @@ static int set_hostname_handler(sd_bus_message *m, void *userdata, sd_bus_error @@ -92,7 +92,7 @@ index ff2770f..a225526 100644 } +#endif diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h -index 86de529..b80c6c5 100644 +index 86de529..0fef259 100644 --- a/src/network/networkd-manager.h +++ b/src/network/networkd-manager.h @@ -110,7 +110,20 @@ bool manager_should_reload(Manager *m); @@ -117,5 +117,5 @@ index 86de529..b80c6c5 100644 DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); -- -2.38.1 +2.40.1 diff --git a/packages/systemd/systemd.spec b/packages/systemd/systemd.spec index 31c0f232fc3..405b80802ec 100644 --- a/packages/systemd/systemd.spec +++ b/packages/systemd/systemd.spec @@ -56,31 +56,26 @@ Patch9005: 9005-mount-setup-apply-noexec-to-more-mounts.patch # Local patch to handle mounting /etc with our SELinux label. Patch9006: 9006-mount-setup-mount-etc-with-specific-label.patch -# Local patch to disable the keyed hashes feature in the journal, which -# makes it unreadable by older versions of systemd. Can be dropped once -# there's sufficiently broad adoption of systemd >= 246. -Patch9007: 9007-journal-disable-keyed-hashes-for-compatibility.patch - # We need `prefix` to be configurable for our own packaging so we can avoid # dependencies on the host OS. -Patch9008: 9008-pkg-config-stop-hardcoding-prefix-to-usr.patch +Patch9007: 9007-pkg-config-stop-hardcoding-prefix-to-usr.patch # Local patch to stop overriding rp_filter defaults with wildcard values. -Patch9009: 9009-sysctl-do-not-set-rp_filter-via-wildcard.patch +Patch9008: 9008-sysctl-do-not-set-rp_filter-via-wildcard.patch # Local patch to set root's shell to /sbin/nologin rather than /bin/sh. -Patch9010: 9010-sysusers-set-root-shell-to-sbin-nologin.patch +Patch9009: 9009-sysusers-set-root-shell-to-sbin-nologin.patch # Local patch to keep modprobe units running to avoid repeated log entries. -Patch9011: 9011-units-keep-modprobe-service-units-running.patch +Patch9010: 9010-units-keep-modprobe-service-units-running.patch # Local patch to split the systemd-networkd tmpfiles into a separate file which # allows us to exclude them when not using networkd. -Patch9012: 9012-tmpfiles-Split-networkd-entries-into-a-separate-file.patch +Patch9011: 9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch # Local patch to conditionalize systemd-networkd calls to hostname and timezone # DBUS services not used in Bottlerocket -Patch9013: 9013-systemd-networkd-Conditionalize-hostnamed-timezoned-DBUS.patch +Patch9012: 9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch BuildRequires: gperf BuildRequires: intltool From ecc8bd8c2b910092d3455eb1c9e9e5eb605ddeae Mon Sep 17 00:00:00 2001 From: Arnaldo Garcia Rincon Date: Mon, 24 Jul 2023 20:46:20 +0000 Subject: [PATCH 2/2] systemd: update to 252 Patches 9002, 9003, and 9009 were reworked for this update. Systemd added a new feature for the journal that changes its format by default to save space. This feature isn't backwards-compatible with older versions of systemd, thus it was disabled through environment variables as the documentation suggested. Signed-off-by: Arnaldo Garcia Rincon --- ...til-add-ERRNO_IS_DEVICE_ABSENT-macro.patch | 96 ------ ...ssary-clone-of-received-sd-device-ob.patch | 85 ------ ...uce-device_broadcast-helper-function.patch | 65 ---- ...e-is-no-blocker-when-failed-to-check.patch | 52 ---- ...05-udev-store-action-in-struct-Event.patch | 70 ----- ...nt-when-the-corresponding-block-devi.patch | 286 ------------------ ...-ENOENT-or-friends-which-suggest-the.patch | 34 --- ...it-worker_lock_block_device-into-two.patch | 121 -------- ...k-device-is-not-locked-when-a-new-ev.patch | 84 ----- ...d-inequality-for-timeout-of-retrying.patch | 27 -- ...estart-event-for-previously-locked-d.patch | 85 ------ ...ad-selinux-label-database-less-frequ.patch | 43 --- ...users-set-root-shell-to-sbin-nologin.patch | 5 +- ...Conditionalize-hostnamed-timezoned-.patch} | 22 +- ...etworkd-entries-into-a-separate-file.patch | 67 ---- packages/systemd/Cargo.toml | 4 +- packages/systemd/systemd-journald.conf | 3 + packages/systemd/systemd.spec | 37 +-- 18 files changed, 28 insertions(+), 1158 deletions(-) delete mode 100644 packages/systemd/0001-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch delete mode 100644 packages/systemd/0002-udev-drop-unnecessary-clone-of-received-sd-device-ob.patch delete mode 100644 packages/systemd/0003-udev-introduce-device_broadcast-helper-function.patch delete mode 100644 packages/systemd/0004-udev-assume-there-is-no-blocker-when-failed-to-check.patch delete mode 100644 packages/systemd/0005-udev-store-action-in-struct-Event.patch delete mode 100644 packages/systemd/0006-udev-requeue-event-when-the-corresponding-block-devi.patch delete mode 100644 packages/systemd/0007-udev-only-ignore-ENOENT-or-friends-which-suggest-the.patch delete mode 100644 packages/systemd/0008-udev-split-worker_lock_block_device-into-two.patch delete mode 100644 packages/systemd/0009-udev-assume-block-device-is-not-locked-when-a-new-ev.patch delete mode 100644 packages/systemd/0010-udev-fix-inversed-inequality-for-timeout-of-retrying.patch delete mode 100644 packages/systemd/0011-udev-certainly-restart-event-for-previously-locked-d.patch delete mode 100644 packages/systemd/0012-udev-try-to-reload-selinux-label-database-less-frequ.patch rename packages/systemd/{9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch => 9011-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch} (83%) delete mode 100644 packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch create mode 100644 packages/systemd/systemd-journald.conf diff --git a/packages/systemd/0001-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch b/packages/systemd/0001-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch deleted file mode 100644 index 520987e66b4..00000000000 --- a/packages/systemd/0001-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 52cc55a9297e85866a237c09585cda47b2207746 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 13:50:50 +0100 -Subject: [PATCH 01/12] errno-util: add ERRNO_IS_DEVICE_ABSENT() macro - -Inspired by: https://github.com/systemd/systemd/pull/22717#discussion_r834254495 ---- - src/basic/errno-util.h | 10 +++++++++- - src/home/homework-luks.c | 4 ++-- - src/rfkill/rfkill.c | 2 +- - src/udev/udev-builtin-btrfs.c | 3 ++- - 4 files changed, 14 insertions(+), 5 deletions(-) - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index 09abf0b751..648de50eb4 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -138,10 +138,18 @@ static inline bool ERRNO_IS_PRIVILEGE(int r) { - EPERM); - } - --/* Three difference errors for "not enough disk space" */ -+/* Three different errors for "not enough disk space" */ - static inline bool ERRNO_IS_DISK_SPACE(int r) { - return IN_SET(abs(r), - ENOSPC, - EDQUOT, - EFBIG); - } -+ -+/* Three different errors for "this device does not quite exist" */ -+static inline bool ERRNO_IS_DEVICE_ABSENT(int r) { -+ return IN_SET(abs(r), -+ ENODEV, -+ ENXIO, -+ ENOENT); -+} -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 1122e32575..cfe91d87c5 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -494,7 +494,7 @@ static int acquire_open_luks_device( - return r; - - r = sym_crypt_init_by_name(&cd, setup->dm_name); -- if (IN_SET(r, -ENODEV, -EINVAL, -ENOENT) && graceful) -+ if ((ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL) && graceful) - return 0; - if (r < 0) - return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", setup->dm_name); -@@ -1634,7 +1634,7 @@ int home_deactivate_luks(UserRecord *h, HomeSetup *setup) { - cryptsetup_enable_logging(setup->crypt_device); - - r = sym_crypt_deactivate_by_name(setup->crypt_device, setup->dm_name, 0); -- if (IN_SET(r, -ENODEV, -EINVAL, -ENOENT)) { -+ if (ERRNO_IS_DEVICE_ABSENT(r) || r == -EINVAL) { - log_debug_errno(r, "LUKS device %s is already detached.", setup->dm_node); - we_detached = false; - } else if (r < 0) -diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c -index bca2f3b812..79fad78723 100644 ---- a/src/rfkill/rfkill.c -+++ b/src/rfkill/rfkill.c -@@ -80,7 +80,7 @@ static int find_device( - - r = sd_device_new_from_subsystem_sysname(&device, "rfkill", sysname); - if (r < 0) -- return log_full_errno(IN_SET(r, -ENOENT, -ENXIO, -ENODEV) ? LOG_DEBUG : LOG_ERR, r, -+ return log_full_errno(ERRNO_IS_DEVICE_ABSENT(r) ? LOG_DEBUG : LOG_ERR, r, - "Failed to open device '%s': %m", sysname); - - r = sd_device_get_sysattr_value(device, "name", &name); -diff --git a/src/udev/udev-builtin-btrfs.c b/src/udev/udev-builtin-btrfs.c -index a0093cb423..f9d4f1dd4e 100644 ---- a/src/udev/udev-builtin-btrfs.c -+++ b/src/udev/udev-builtin-btrfs.c -@@ -6,6 +6,7 @@ - #include - - #include "device-util.h" -+#include "errno-util.h" - #include "fd-util.h" - #include "string-util.h" - #include "strxcpyx.h" -@@ -22,7 +23,7 @@ static int builtin_btrfs(sd_device *dev, sd_netlink **rtnl, int argc, char *argv - - fd = open("/dev/btrfs-control", O_RDWR|O_CLOEXEC); - if (fd < 0) { -- if (IN_SET(errno, ENOENT, ENXIO, ENODEV)) { -+ if (ERRNO_IS_DEVICE_ABSENT(errno)) { - /* Driver not installed? Then we aren't ready. This is useful in initrds that lack - * btrfs.ko. After the host transition (where btrfs.ko will hopefully become - * available) the device can be retriggered and will then be considered ready. */ --- -2.25.1 - diff --git a/packages/systemd/0002-udev-drop-unnecessary-clone-of-received-sd-device-ob.patch b/packages/systemd/0002-udev-drop-unnecessary-clone-of-received-sd-device-ob.patch deleted file mode 100644 index 962a7c38716..00000000000 --- a/packages/systemd/0002-udev-drop-unnecessary-clone-of-received-sd-device-ob.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 99c3273b0d6b7cb94914db4a4df877f5328577be Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 01:13:39 +0900 -Subject: [PATCH 02/12] udev: drop unnecessary clone of received sd-device - object - -As the sd-device object received through sd-device-monitor is sealed, -so the corresponding udev database or uevent file will not be read. ---- - src/udev/udevd.c | 22 +++++----------------- - 1 file changed, 5 insertions(+), 17 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 9320284be6..fbe0be8556 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -122,7 +122,6 @@ typedef struct Event { - EventState state; - - sd_device *dev; -- sd_device *dev_kernel; /* clone of originally received device */ - - uint64_t seqnum; - uint64_t blocker_seqnum; -@@ -161,7 +160,6 @@ static Event *event_free(Event *event) { - - LIST_REMOVE(event, event->manager->events, event); - sd_device_unref(event->dev); -- sd_device_unref(event->dev_kernel); - - sd_event_source_unref(event->timeout_warning_event); - sd_event_source_unref(event->timeout_event); -@@ -976,9 +974,8 @@ static int event_queue_start(Manager *manager) { - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { -- _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- Event *event; - uint64_t seqnum; -+ Event *event; - int r; - - assert(manager); -@@ -992,15 +989,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -- /* Save original device to restore the state on failures. */ -- r = device_shallow_clone(dev, &clone); -- if (r < 0) -- return r; -- -- r = device_copy_properties(clone, dev); -- if (r < 0) -- return r; -- - event = new(Event, 1); - if (!event) - return -ENOMEM; -@@ -1008,7 +996,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - *event = (Event) { - .manager = manager, - .dev = sd_device_ref(dev), -- .dev_kernel = TAKE_PTR(clone), - .seqnum = seqnum, - .state = EVENT_QUEUED, - }; -@@ -1444,10 +1431,11 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_tag_index(worker->event->dev, NULL, false); - - if (manager->monitor) { -- /* forward kernel event without amending it */ -- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); -+ /* Forward kernel event to libudev listeners */ -+ r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev); - if (r < 0) -- log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); -+ log_device_warning_errno(worker->event->dev, r, -+ "Failed to broadcast failed event to libudev listeners, ignoring: %m"); - } - } - --- -2.25.1 - diff --git a/packages/systemd/0003-udev-introduce-device_broadcast-helper-function.patch b/packages/systemd/0003-udev-introduce-device_broadcast-helper-function.patch deleted file mode 100644 index 07537a25a1a..00000000000 --- a/packages/systemd/0003-udev-introduce-device_broadcast-helper-function.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b28f1747f75aa238ab7c84ecf55dc51b848f1746 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:33:55 +0900 -Subject: [PATCH 03/12] udev: introduce device_broadcast() helper function - ---- - src/udev/udevd.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index fbe0be8556..40e78b25cd 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -349,6 +349,21 @@ static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userda - return 1; - } - -+static void device_broadcast(sd_device_monitor *monitor, sd_device *dev) { -+ int r; -+ -+ assert(dev); -+ -+ /* On exit, manager->monitor is already NULL. */ -+ if (!monitor) -+ return; -+ -+ r = device_monitor_send_device(monitor, NULL, dev); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to broadcast event to libudev listeners, ignoring: %m"); -+} -+ - static int worker_send_message(int fd) { - WorkerMessage message = {}; - -@@ -561,9 +576,7 @@ static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device * - log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); - - /* send processed event back to libudev listeners */ -- r = device_monitor_send_device(monitor, NULL, dev); -- if (r < 0) -- log_device_warning_errno(dev, r, "Failed to send device, ignoring: %m"); -+ device_broadcast(monitor, dev); - } - - /* send udevd the result of the event execution */ -@@ -1430,13 +1443,8 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_delete_db(worker->event->dev); - device_tag_index(worker->event->dev, NULL, false); - -- if (manager->monitor) { -- /* Forward kernel event to libudev listeners */ -- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev); -- if (r < 0) -- log_device_warning_errno(worker->event->dev, r, -- "Failed to broadcast failed event to libudev listeners, ignoring: %m"); -- } -+ /* Forward kernel event to libudev listeners */ -+ device_broadcast(manager->monitor, worker->event->dev); - } - - worker_free(worker); --- -2.25.1 - diff --git a/packages/systemd/0004-udev-assume-there-is-no-blocker-when-failed-to-check.patch b/packages/systemd/0004-udev-assume-there-is-no-blocker-when-failed-to-check.patch deleted file mode 100644 index 9bbd6228921..00000000000 --- a/packages/systemd/0004-udev-assume-there-is-no-blocker-when-failed-to-check.patch +++ /dev/null @@ -1,52 +0,0 @@ -From a95aba56e5b31f221eb9133e70ddb1044315e532 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:57:15 +0900 -Subject: [PATCH 04/12] udev: assume there is no blocker when failed to check - event dependencies - -Previously, if udevd failed to resolve event dependency, the event is -ignored and libudev listeners did not receive the event. This is -inconsistent with the case when a worker failed to process a event, -in that case, the original uevent sent by the kernel is broadcasted to -listeners. ---- - src/udev/udevd.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 40e78b25cd..ed53470848 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -962,24 +962,21 @@ static int event_queue_start(Manager *manager) { - - /* do not start event if parent or child event is still running or queued */ - r = event_is_blocked(event); -+ if (r > 0) -+ continue; - if (r < 0) { - sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; - - (void) sd_device_get_action(event->dev, &a); - log_device_warning_errno(event->dev, r, -- "Failed to check event dependency, " -- "skipping event (SEQNUM=%"PRIu64", ACTION=%s)", -+ "Failed to check dependencies for event (SEQNUM=%"PRIu64", ACTION=%s), " -+ "assuming there is no blocking event, ignoring: %m", - event->seqnum, - strna(device_action_to_string(a))); -- -- event_free(event); -- return r; - } -- if (r > 0) -- continue; - - r = event_run(event); -- if (r <= 0) -+ if (r <= 0) /* 0 means there are no idle workers. Let's escape from the loop. */ - return r; - } - --- -2.25.1 - diff --git a/packages/systemd/0005-udev-store-action-in-struct-Event.patch b/packages/systemd/0005-udev-store-action-in-struct-Event.patch deleted file mode 100644 index 706150ad6a2..00000000000 --- a/packages/systemd/0005-udev-store-action-in-struct-Event.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2be3e27017de18f5d973ca9b83cc170c784fb8db Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:39:55 +0900 -Subject: [PATCH 05/12] udev: store action in struct Event - ---- - src/udev/udevd.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index ed53470848..abf50b6a71 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -123,6 +123,7 @@ typedef struct Event { - - sd_device *dev; - -+ sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; - -@@ -964,16 +965,12 @@ static int event_queue_start(Manager *manager) { - r = event_is_blocked(event); - if (r > 0) - continue; -- if (r < 0) { -- sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; -- -- (void) sd_device_get_action(event->dev, &a); -+ if (r < 0) - log_device_warning_errno(event->dev, r, - "Failed to check dependencies for event (SEQNUM=%"PRIu64", ACTION=%s), " - "assuming there is no blocking event, ignoring: %m", - event->seqnum, -- strna(device_action_to_string(a))); -- } -+ strna(device_action_to_string(event->action))); - - r = event_run(event); - if (r <= 0) /* 0 means there are no idle workers. Let's escape from the loop. */ -@@ -984,6 +981,7 @@ static int event_queue_start(Manager *manager) { - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { -+ sd_device_action_t action; - uint64_t seqnum; - Event *event; - int r; -@@ -999,6 +997,10 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -+ r = sd_device_get_action(dev, &action); -+ if (r < 0) -+ return r; -+ - event = new(Event, 1); - if (!event) - return -ENOMEM; -@@ -1007,6 +1009,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - .manager = manager, - .dev = sd_device_ref(dev), - .seqnum = seqnum, -+ .action = action, - .state = EVENT_QUEUED, - }; - --- -2.25.1 - diff --git a/packages/systemd/0006-udev-requeue-event-when-the-corresponding-block-devi.patch b/packages/systemd/0006-udev-requeue-event-when-the-corresponding-block-devi.patch deleted file mode 100644 index 2bb858c5f63..00000000000 --- a/packages/systemd/0006-udev-requeue-event-when-the-corresponding-block-devi.patch +++ /dev/null @@ -1,286 +0,0 @@ -From 95a447cf47a1a03b50f2dab1f4e5e05aa58aec19 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Mar 2022 13:50:06 +0900 -Subject: [PATCH 06/12] udev: requeue event when the corresponding block device - is locked by another process - -Previously, if a block device is locked by another process, then the -corresponding worker skip to process the corresponding event, and does -not broadcast the uevent to libudev listners. This causes several issues: - -- During a period of a device being locked by a process, if a user trigger - an event with `udevadm trigger --settle`, then it never returned. - -- When there is a delay between close and unlock in a process, then the - synthesized events triggered by inotify may not be processed. This can - happens easily by wrapping mkfs with flock. This causes severe issues - e.g. new devlinks are not created, or old devlinks are not removed. - -This commit makes events are requeued with a tiny delay when the corresponding -block devices are locked by other processes. With this way, the triggered -uevent may be delayed but is always processed by udevd. Hence, the above -issues can be solved. Also, it is not necessary to watch a block device -unconditionally when it is already locked. Hence, the logic is dropped. ---- - src/udev/udevd.c | 154 +++++++++++++++++++++++++++++------------------ - 1 file changed, 97 insertions(+), 57 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index abf50b6a71..01d782421e 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -68,6 +68,8 @@ - #include "version.h" - - #define WORKER_NUM_MAX 2048U -+#define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) -+#define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) - - static bool arg_debug = false; - static int arg_daemonize = false; -@@ -126,6 +128,8 @@ typedef struct Event { - sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; -+ usec_t retry_again_next_usec; -+ usec_t retry_again_timeout_usec; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -150,8 +154,13 @@ typedef struct Worker { - } Worker; - - /* passed from worker to main process */ --typedef struct WorkerMessage { --} WorkerMessage; -+typedef enum EventResult { -+ EVENT_RESULT_SUCCESS, -+ EVENT_RESULT_FAILED, -+ EVENT_RESULT_TRY_AGAIN, /* when the block device is locked by another process. */ -+ _EVENT_RESULT_MAX, -+ _EVENT_RESULT_INVALID = -EINVAL, -+} EventResult; - - static Event *event_free(Event *event) { - if (!event) -@@ -365,10 +374,11 @@ static void device_broadcast(sd_device_monitor *monitor, sd_device *dev) { - "Failed to broadcast event to libudev listeners, ignoring: %m"); - } - --static int worker_send_message(int fd) { -- WorkerMessage message = {}; -+static int worker_send_result(Manager *manager, EventResult result) { -+ assert(manager); -+ assert(manager->worker_watch[WRITE_END] >= 0); - -- return loop_write(fd, &message, sizeof(message), false); -+ return loop_write(manager->worker_watch[WRITE_END], &result, sizeof(result), false); - } - - static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -@@ -493,44 +503,12 @@ static int worker_process_device(Manager *manager, sd_device *dev) { - if (!udev_event) - return -ENOMEM; - -+ /* If this is a block device and the device is locked currently via the BSD advisory locks, -+ * someone else is using it exclusively. We don't run our udev rules now to not interfere. -+ * Instead of processing the event, we requeue the event and will try again after a delay. -+ * -+ * The user-facing side of this: https://systemd.io/BLOCK_DEVICE_LOCKING */ - r = worker_lock_block_device(dev, &fd_lock); -- if (r == -EAGAIN) { -- /* So this is a block device and the device is locked currently via the BSD advisory locks — -- * someone else is exclusively using it. This means we don't run our udev rules now, to not -- * interfere. However we want to know when the device is unlocked again, and retrigger the -- * device again then, so that the rules are run eventually. For that we use IN_CLOSE_WRITE -- * inotify watches (which isn't exactly the same as waiting for the BSD locks to release, but -- * not totally off, as long as unlock+close() is done together, as it usually is). -- * -- * (The user-facing side of this: https://systemd.io/BLOCK_DEVICE_LOCKING) -- * -- * There's a bit of a chicken and egg problem here for this however: inotify watching is -- * supposed to be enabled via an option set via udev rules (OPTIONS+="watch"). If we skip the -- * udev rules here however (as we just said we do), we would thus never see that specific -- * udev rule, and thus never turn on inotify watching. But in order to catch up eventually -- * and run them we we need the inotify watching: hence a classic chicken and egg problem. -- * -- * Our way out here: if we see the block device locked, unconditionally watch the device via -- * inotify, regardless of any explicit request via OPTIONS+="watch". Thus, a device that is -- * currently locked via the BSD file locks will be treated as if we ran a single udev rule -- * only for it: the one that turns on inotify watching for it. If we eventually see the -- * inotify IN_CLOSE_WRITE event, and then run the rules after all and we then realize that -- * this wasn't actually requested (i.e. no OPTIONS+="watch" set) we'll simply turn off the -- * watching again (see below). Effectively this means: inotify watching is now enabled either -- * a) when the udev rules say so, or b) while the device is locked. -- * -- * Worst case scenario hence: in the (unlikely) case someone locked the device and we clash -- * with that we might do inotify watching for a brief moment for a device where we actually -- * weren't supposed to. But that shouldn't be too bad, in particular as BSD locks being taken -- * on a block device is kinda an indication that the inotify logic is desired too, to some -- * degree — they go hand-in-hand after all. */ -- -- log_device_debug(dev, "Block device is currently locked, installing watch to wait until the lock is released."); -- (void) udev_watch_begin(manager->inotify_fd, dev); -- -- /* Now the watch is installed, let's lock the device again, maybe in the meantime things changed */ -- r = worker_lock_block_device(dev, &fd_lock); -- } - if (r < 0) - return r; - -@@ -563,25 +541,29 @@ static int worker_process_device(Manager *manager, sd_device *dev) { - - static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device *dev, void *userdata) { - Manager *manager = userdata; -+ EventResult result; - int r; - - assert(dev); - assert(manager); - - r = worker_process_device(manager, dev); -- if (r == -EAGAIN) -- /* if we couldn't acquire the flock(), then proceed quietly */ -- log_device_debug_errno(dev, r, "Device currently locked, not processing."); -- else { -- if (r < 0) -- log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); -+ if (r == -EAGAIN) { -+ /* if we couldn't acquire the flock(), then requeue the event */ -+ result = EVENT_RESULT_TRY_AGAIN; -+ log_device_debug_errno(dev, r, "Block device is currently locked, requeueing the event."); -+ } else if (r < 0) { -+ result = EVENT_RESULT_FAILED; -+ log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); -+ } else -+ result = EVENT_RESULT_SUCCESS; - -+ if (result != EVENT_RESULT_TRY_AGAIN) - /* send processed event back to libudev listeners */ - device_broadcast(monitor, dev); -- } - - /* send udevd the result of the event execution */ -- r = worker_send_message(manager->worker_watch[WRITE_END]); -+ r = worker_send_result(manager, result); - if (r < 0) - log_device_warning_errno(dev, r, "Failed to send signal to main daemon, ignoring: %m"); - -@@ -801,6 +783,17 @@ static int event_is_blocked(Event *event) { - assert(event->manager); - assert(event->blocker_seqnum <= event->seqnum); - -+ if (event->retry_again_next_usec > 0) { -+ usec_t now_usec; -+ -+ r = sd_event_now(event->manager->event, clock_boottime_or_monotonic(), &now_usec); -+ if (r < 0) -+ return r; -+ -+ if (event->retry_again_next_usec <= now_usec) -+ return true; -+ } -+ - if (event->blocker_seqnum == event->seqnum) - /* we have checked previously and no blocker found */ - return false; -@@ -980,6 +973,44 @@ static int event_queue_start(Manager *manager) { - return 0; - } - -+static int event_requeue(Event *event) { -+ usec_t now_usec; -+ int r; -+ -+ assert(event); -+ assert(event->manager); -+ assert(event->manager->event); -+ -+ event->timeout_warning_event = sd_event_source_disable_unref(event->timeout_warning_event); -+ event->timeout_event = sd_event_source_disable_unref(event->timeout_event); -+ -+ /* add a short delay to suppress busy loop */ -+ r = sd_event_now(event->manager->event, clock_boottime_or_monotonic(), &now_usec); -+ if (r < 0) -+ return log_device_warning_errno(event->dev, r, -+ "Failed to get current time, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m", -+ event->seqnum, strna(device_action_to_string(event->action))); -+ -+ if (event->retry_again_timeout_usec > 0 && event->retry_again_timeout_usec <= now_usec) -+ return log_device_warning_errno(event->dev, SYNTHETIC_ERRNO(ETIMEDOUT), -+ "The underlying block device is locked by a process more than %s, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s).", -+ FORMAT_TIMESPAN(EVENT_RETRY_TIMEOUT_USEC, USEC_PER_MINUTE), -+ event->seqnum, strna(device_action_to_string(event->action))); -+ -+ event->retry_again_next_usec = usec_add(now_usec, EVENT_RETRY_INTERVAL_USEC); -+ if (event->retry_again_timeout_usec == 0) -+ event->retry_again_timeout_usec = usec_add(now_usec, EVENT_RETRY_TIMEOUT_USEC); -+ -+ if (event->worker && event->worker->event == event) -+ event->worker->event = NULL; -+ event->worker = NULL; -+ -+ event->state = EVENT_QUEUED; -+ return 0; -+} -+ - static int event_queue_insert(Manager *manager, sd_device *dev) { - sd_device_action_t action; - uint64_t seqnum; -@@ -1054,11 +1085,8 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - assert(manager); - - for (;;) { -- WorkerMessage msg; -- struct iovec iovec = { -- .iov_base = &msg, -- .iov_len = sizeof(msg), -- }; -+ EventResult result; -+ struct iovec iovec = IOVEC_MAKE(&result, sizeof(result)); - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control; - struct msghdr msghdr = { - .msg_iov = &iovec, -@@ -1081,7 +1109,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - - cmsg_close_all(&msghdr); - -- if (size != sizeof(WorkerMessage)) { -+ if (size != sizeof(EventResult)) { - log_warning("Ignoring worker message with invalid size %zi bytes", size); - continue; - } -@@ -1106,6 +1134,11 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - worker->state = WORKER_IDLE; - - /* worker returned */ -+ if (result == EVENT_RESULT_TRY_AGAIN && -+ event_requeue(worker->event) < 0) -+ device_broadcast(manager->monitor, worker->event->dev); -+ -+ /* When event_requeue() succeeds, worker->event is NULL, and event_free() handles NULL gracefully. */ - event_free(worker->event); - } - -@@ -1468,8 +1501,15 @@ static int on_post(sd_event_source *s, void *userdata) { - - assert(manager); - -- if (!LIST_IS_EMPTY(manager->events)) -+ if (!LIST_IS_EMPTY(manager->events)) { -+ /* Try to process pending events if idle workers exist. Why is this necessary? -+ * When a worker finished an event and became idle, even if there was a pending event, -+ * the corresponding device might have been locked and the processing of the event -+ * delayed for a while, preventing the worker from processing the event immediately. -+ * Now, the device may be unlocked. Let's try again! */ -+ event_queue_start(manager); - return 1; -+ } - - /* There are no pending events. Let's cleanup idle process. */ - --- -2.25.1 - diff --git a/packages/systemd/0007-udev-only-ignore-ENOENT-or-friends-which-suggest-the.patch b/packages/systemd/0007-udev-only-ignore-ENOENT-or-friends-which-suggest-the.patch deleted file mode 100644 index 91d37071f9f..00000000000 --- a/packages/systemd/0007-udev-only-ignore-ENOENT-or-friends-which-suggest-the.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8c8c3f5d7683a9d45823037fe30ba491b167b305 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:40:58 +0900 -Subject: [PATCH 07/12] udev: only ignore ENOENT or friends which suggest the - block device is not exist - -The ENOENT, ENXIO, and ENODEV error can happen easily when a block -device appears and soon removed. So, it is reasonable to ignore the -error. But other errors should not occur here, and hence let's handle -them as critical. ---- - src/udev/udevd.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 01d782421e..2b34bbf991 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -428,8 +428,10 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - fd = open(val, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK); - if (fd < 0) { -- log_device_debug_errno(dev, errno, "Failed to open '%s', ignoring: %m", val); -- return 0; -+ bool ignore = ERRNO_IS_DEVICE_ABSENT(errno); -+ -+ log_device_debug_errno(dev, errno, "Failed to open '%s'%s: %m", val, ignore ? ", ignoring" : ""); -+ return ignore ? 0 : -errno; - } - - if (flock(fd, LOCK_SH|LOCK_NB) < 0) --- -2.25.1 - diff --git a/packages/systemd/0008-udev-split-worker_lock_block_device-into-two.patch b/packages/systemd/0008-udev-split-worker_lock_block_device-into-two.patch deleted file mode 100644 index 1cb638560bc..00000000000 --- a/packages/systemd/0008-udev-split-worker_lock_block_device-into-two.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 87d86be1dcfbe10bd774ee346fb644353fd1641f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:55:25 +0900 -Subject: [PATCH 08/12] udev: split worker_lock_block_device() into two - -This also makes return value initialized when these function return 0 to -follow our coding style. - -Just a preparation for later commits. ---- - src/udev/udevd.c | 54 ++++++++++++++++++++++++++++++++++++------------ - 1 file changed, 41 insertions(+), 13 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 2b34bbf991..c86f401922 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -381,35 +381,29 @@ static int worker_send_result(Manager *manager, EventResult result) { - return loop_write(manager->worker_watch[WRITE_END], &result, sizeof(result), false); - } - --static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -- _cleanup_close_ int fd = -1; -+static int device_get_block_device(sd_device *dev, const char **ret) { - const char *val; - int r; - - assert(dev); -- assert(ret_fd); -- -- /* Take a shared lock on the device node; this establishes a concept of device "ownership" to -- * serialize device access. External processes holding an exclusive lock will cause udev to skip the -- * event handling; in the case udev acquired the lock, the external process can block until udev has -- * finished its event handling. */ -+ assert(ret); - - if (device_for_action(dev, SD_DEVICE_REMOVE)) -- return 0; -+ goto irrelevant; - - r = sd_device_get_subsystem(dev, &val); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get subsystem: %m"); - - if (!streq(val, "block")) -- return 0; -+ goto irrelevant; - - r = sd_device_get_sysname(dev, &val); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get sysname: %m"); - - if (STARTSWITH_SET(val, "dm-", "md", "drbd")) -- return 0; -+ goto irrelevant; - - r = sd_device_get_devtype(dev, &val); - if (r < 0 && r != -ENOENT) -@@ -422,16 +416,46 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - r = sd_device_get_devname(dev, &val); - if (r == -ENOENT) -- return 0; -+ goto irrelevant; - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get devname: %m"); - -+ *ret = val; -+ return 1; -+ -+irrelevant: -+ *ret = NULL; -+ return 0; -+} -+ -+static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -+ _cleanup_close_ int fd = -1; -+ const char *val; -+ int r; -+ -+ assert(dev); -+ assert(ret_fd); -+ -+ /* Take a shared lock on the device node; this establishes a concept of device "ownership" to -+ * serialize device access. External processes holding an exclusive lock will cause udev to skip the -+ * event handling; in the case udev acquired the lock, the external process can block until udev has -+ * finished its event handling. */ -+ -+ r = device_get_block_device(dev, &val); -+ if (r < 0) -+ return r; -+ if (r == 0) -+ goto nolock; -+ - fd = open(val, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK); - if (fd < 0) { - bool ignore = ERRNO_IS_DEVICE_ABSENT(errno); - - log_device_debug_errno(dev, errno, "Failed to open '%s'%s: %m", val, ignore ? ", ignoring" : ""); -- return ignore ? 0 : -errno; -+ if (!ignore) -+ return -errno; -+ -+ goto nolock; - } - - if (flock(fd, LOCK_SH|LOCK_NB) < 0) -@@ -439,6 +463,10 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - *ret_fd = TAKE_FD(fd); - return 1; -+ -+nolock: -+ *ret_fd = -1; -+ return 0; - } - - static int worker_mark_block_device_read_only(sd_device *dev) { --- -2.25.1 - diff --git a/packages/systemd/0009-udev-assume-block-device-is-not-locked-when-a-new-ev.patch b/packages/systemd/0009-udev-assume-block-device-is-not-locked-when-a-new-ev.patch deleted file mode 100644 index 4a5de4fac4b..00000000000 --- a/packages/systemd/0009-udev-assume-block-device-is-not-locked-when-a-new-ev.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 9fb5157398d4c5d0b6a6ee3ab3ed774feb5574e6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:56:58 +0900 -Subject: [PATCH 09/12] udev: assume block device is not locked when a new - event is queued - -Then, hopefully, previously requeued events are processed earlier. - -[etungsten: backport to v250 - use LIST_FOREACH_SAFE instead of -LIST_FOREACH] -Signed-off-by: Erikson Tung ---- - src/udev/udevd.c | 40 +++++++++++++++++++++++++++++++++++++++- - 1 file changed, 39 insertions(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index c86f401922..e1dc5e56c6 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1041,6 +1041,40 @@ static int event_requeue(Event *event) { - return 0; - } - -+static int event_queue_assume_block_device_unlocked(Manager *manager, sd_device *dev) { -+ const char *devname; -+ int r; -+ -+ /* When a new event for a block device is queued or we get an inotify event, assume that the -+ * device is not locked anymore. The assumption may not be true, but that should not cause any -+ * issues, as in that case events will be requeued soon. */ -+ -+ r = device_get_block_device(dev, &devname); -+ if (r <= 0) -+ return r; -+ -+ Event *event, *tmp; -+ LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -+ const char *event_devname; -+ -+ if (event->state != EVENT_QUEUED) -+ continue; -+ -+ if (event->retry_again_next_usec == 0) -+ continue; -+ -+ if (device_get_block_device(event->dev, &event_devname) <= 0) -+ continue; -+ -+ if (!streq(devname, event_devname)) -+ continue; -+ -+ event->retry_again_next_usec = 0; -+ } -+ -+ return 0; -+} -+ - static int event_queue_insert(Manager *manager, sd_device *dev) { - sd_device_action_t action; - uint64_t seqnum; -@@ -1103,6 +1137,8 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - return 1; - } - -+ (void) event_queue_assume_block_device_unlocked(manager, dev); -+ - /* we have fresh events, try to schedule them */ - event_queue_start(manager); - -@@ -1432,8 +1468,10 @@ static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userda - continue; - - log_device_debug(dev, "Inotify event: %x for %s", e->mask, devnode); -- if (e->mask & IN_CLOSE_WRITE) -+ if (e->mask & IN_CLOSE_WRITE) { -+ (void) event_queue_assume_block_device_unlocked(manager, dev); - (void) synthesize_change(dev); -+ } - - /* Do not handle IN_IGNORED here. It should be handled by worker in 'remove' uevent; - * udev_event_execute_rules() -> event_execute_rules_on_remove() -> udev_watch_end(). */ --- -2.25.1 - diff --git a/packages/systemd/0010-udev-fix-inversed-inequality-for-timeout-of-retrying.patch b/packages/systemd/0010-udev-fix-inversed-inequality-for-timeout-of-retrying.patch deleted file mode 100644 index 0684f08acbe..00000000000 --- a/packages/systemd/0010-udev-fix-inversed-inequality-for-timeout-of-retrying.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b1bdec13285d295785065fb72364e9147a8f6e9e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 19 Aug 2022 21:25:03 +0900 -Subject: [PATCH 10/12] udev: fix inversed inequality for timeout of retrying - event - -Follow-up for 5d354e525a56955ae7f68062e283dda85ab07794. ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index e1dc5e56c6..dd200b241c 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -820,7 +820,7 @@ static int event_is_blocked(Event *event) { - if (r < 0) - return r; - -- if (event->retry_again_next_usec <= now_usec) -+ if (event->retry_again_next_usec > now_usec) - return true; - } - --- -2.25.1 - diff --git a/packages/systemd/0011-udev-certainly-restart-event-for-previously-locked-d.patch b/packages/systemd/0011-udev-certainly-restart-event-for-previously-locked-d.patch deleted file mode 100644 index 7ff868ee6c7..00000000000 --- a/packages/systemd/0011-udev-certainly-restart-event-for-previously-locked-d.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 93b17554058e18e9a71d97c5d0be51d969a7291d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 26 Aug 2022 00:16:17 +0900 -Subject: [PATCH 11/12] udev: certainly restart event for previously locked - device - -If udevd receives a uevent for a locked block device, then the event -is requeued. However, the queued event will be processed only when at -least one sd_event_source is processed. Hence, if udevd has no event -under processing, or receives no new uevent, etc., then the requeued -event will be never processed. - -Follow-up for 400e3d21f8cae53a8ba9f9567f244fbf6f3e076c. - -Fixes #24439. ---- - src/udev/udevd.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index dd200b241c..6707befecf 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -128,8 +128,11 @@ typedef struct Event { - sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; -+ -+ /* Used when the device is locked by another program. */ - usec_t retry_again_next_usec; - usec_t retry_again_timeout_usec; -+ sd_event_source *retry_event_source; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -171,6 +174,9 @@ static Event *event_free(Event *event) { - LIST_REMOVE(event, event->manager->events, event); - sd_device_unref(event->dev); - -+ /* Do not use sd_event_source_disable_unref() here, as this is called by both workers and the -+ * main process. */ -+ sd_event_source_unref(event->retry_event_source); - sd_event_source_unref(event->timeout_warning_event); - sd_event_source_unref(event->timeout_event); - -@@ -757,6 +763,8 @@ static int event_run(Event *event) { - - log_device_uevent(event->dev, "Device ready for processing"); - -+ (void) event_source_disable(event->retry_event_source); -+ - manager = event->manager; - HASHMAP_FOREACH(worker, manager->workers) { - if (worker->state != WORKER_IDLE) -@@ -1003,6 +1011,11 @@ static int event_queue_start(Manager *manager) { - return 0; - } - -+static int on_event_retry(sd_event_source *s, uint64_t usec, void *userdata) { -+ /* This does nothing. The on_post() callback will start the event if there exists an idle worker. */ -+ return 1; -+} -+ - static int event_requeue(Event *event) { - usec_t now_usec; - int r; -@@ -1033,6 +1046,15 @@ static int event_requeue(Event *event) { - if (event->retry_again_timeout_usec == 0) - event->retry_again_timeout_usec = usec_add(now_usec, EVENT_RETRY_TIMEOUT_USEC); - -+ r = event_reset_time_relative(event->manager->event, &event->retry_event_source, -+ CLOCK_MONOTONIC, EVENT_RETRY_INTERVAL_USEC, 0, -+ on_event_retry, NULL, -+ 0, "retry-event", true); -+ if (r < 0) -+ return log_device_warning_errno(event->dev, r, "Failed to reset timer event source for retrying event, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m", -+ event->seqnum, strna(device_action_to_string(event->action))); -+ - if (event->worker && event->worker->event == event) - event->worker->event = NULL; - event->worker = NULL; --- -2.25.1 - diff --git a/packages/systemd/0012-udev-try-to-reload-selinux-label-database-less-frequ.patch b/packages/systemd/0012-udev-try-to-reload-selinux-label-database-less-frequ.patch deleted file mode 100644 index 2260fa809fb..00000000000 --- a/packages/systemd/0012-udev-try-to-reload-selinux-label-database-less-frequ.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e5150a06351570f050ede4c12706be460780df24 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 13 Mar 2022 04:45:08 +0900 -Subject: [PATCH 12/12] udev: try to reload selinux label database less - frequently - -Previously, `event_run()` was called repeatedly in one `event_queue_start()` -invocation. Hence, the SELinux label database is reloaded many times needlessly. -Other settings, e.g. udev rules or hwdata, are tried to be reloaded in the -beginning of `event_queue_start()`. Let's also do so for the SELinux database. ---- - src/udev/udevd.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 6707befecf..fd93a1a4c1 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -795,10 +795,6 @@ static int event_run(Event *event) { - /* Re-enable the debug message for the next batch of events */ - log_children_max_reached = true; - -- /* fork with up-to-date SELinux label database, so the child inherits the up-to-date db -- * and, until the next SELinux policy changes, we safe further reloads in future children */ -- mac_selinux_maybe_reload(); -- - /* start new worker and pass initial device */ - r = worker_spawn(manager, event); - if (r < 0) -@@ -988,6 +984,10 @@ static int event_queue_start(Manager *manager) { - return log_warning_errno(r, "Failed to read udev rules: %m"); - } - -+ /* fork with up-to-date SELinux label database, so the child inherits the up-to-date db -+ * and, until the next SELinux policy changes, we safe further reloads in future children */ -+ mac_selinux_maybe_reload(); -+ - LIST_FOREACH_SAFE(event, event, event_next, manager->events) { - if (event->state != EVENT_QUEUED) - continue; --- -2.25.1 - diff --git a/packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch b/packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch index 7a96aeeafd5..782c93f6b62 100644 --- a/packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch +++ b/packages/systemd/9009-sysusers-set-root-shell-to-sbin-nologin.patch @@ -1,15 +1,16 @@ -From 4280d48485805d16481f63834c355e2e0c42c761 Mon Sep 17 00:00:00 2001 +From 060606c86791071663373a9ac45bd06cc3966552 Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Sat, 28 May 2022 04:12:07 +0000 Subject: [PATCH] sysusers: set root shell to /sbin/nologin Signed-off-by: Ben Cressey +Signed-off-by: Arnaldo Garcia Rincon --- sysusers.d/basic.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in -index a1af8be..b9955c5 100644 +index 0aec080..d825aad 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -7,7 +7,7 @@ diff --git a/packages/systemd/9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch b/packages/systemd/9011-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch similarity index 83% rename from packages/systemd/9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch rename to packages/systemd/9011-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch index 6798700b4db..e41492ea393 100644 --- a/packages/systemd/9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch +++ b/packages/systemd/9011-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch @@ -1,4 +1,4 @@ -From 3ba1f48b28c5d510222066e5a9b211828ac8f426 Mon Sep 17 00:00:00 2001 +From 1539259546fe7f686d07e256d700ee2929b78064 Mon Sep 17 00:00:00 2001 From: Zac Mrowicki Date: Thu, 6 Jul 2023 17:50:28 +0000 Subject: [PATCH] systemd-networkd: Conditionalize hostnamed/timezoned DBUS @@ -21,10 +21,10 @@ inconsequential messages in the journal on boot. 4 files changed, 25 insertions(+) diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c -index 4f13ead..1c1b2ec 100644 +index 7b0b2de..43cf30d 100644 --- a/src/network/networkd-dhcp-common.c +++ b/src/network/networkd-dhcp-common.c -@@ -170,6 +170,7 @@ static int get_product_uuid_handler(sd_bus_message *m, void *userdata, sd_bus_er +@@ -171,6 +171,7 @@ static int get_product_uuid_handler(sd_bus_message *m, void *userdata, sd_bus_er return 0; } @@ -32,7 +32,7 @@ index 4f13ead..1c1b2ec 100644 int manager_request_product_uuid(Manager *m) { static bool bus_method_is_called = false; int r; -@@ -207,6 +208,7 @@ int manager_request_product_uuid(Manager *m) { +@@ -206,6 +207,7 @@ int manager_request_product_uuid(Manager *m) { return 0; } @@ -59,10 +59,10 @@ index c19bc10..9d13cde 100644 bool address_is_filtered(int family, const union in_addr_union *address, uint8_t prefixlen, Set *allow_list, Set *deny_list); static inline bool in4_address_is_filtered(const struct in_addr *address, Set *allow_list, Set *deny_list) { diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c -index ff2770f..5aede2d 100644 +index cdfd29b..d226b1f 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c -@@ -845,6 +845,7 @@ static int set_hostname_handler(sd_bus_message *m, void *userdata, sd_bus_error +@@ -1002,6 +1002,7 @@ static int set_hostname_handler(sd_bus_message *m, void *userdata, sd_bus_error return 1; } @@ -70,7 +70,7 @@ index ff2770f..5aede2d 100644 int manager_set_hostname(Manager *m, const char *hostname) { int r; -@@ -876,6 +877,7 @@ int manager_set_hostname(Manager *m, const char *hostname) { +@@ -1031,6 +1032,7 @@ int manager_set_hostname(Manager *m, const char *hostname) { return 0; } @@ -78,7 +78,7 @@ index ff2770f..5aede2d 100644 static int set_timezone_handler(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { const sd_bus_error *e; -@@ -892,6 +894,7 @@ static int set_timezone_handler(sd_bus_message *m, void *userdata, sd_bus_error +@@ -1047,6 +1049,7 @@ static int set_timezone_handler(sd_bus_message *m, void *userdata, sd_bus_error return 1; } @@ -86,16 +86,16 @@ index ff2770f..5aede2d 100644 int manager_set_timezone(Manager *m, const char *tz) { int r; -@@ -925,3 +928,4 @@ int manager_set_timezone(Manager *m, const char *tz) { +@@ -1078,3 +1081,4 @@ int manager_set_timezone(Manager *m, const char *tz) { return 0; } +#endif diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h -index 86de529..0fef259 100644 +index 40e6092..cab2a6a 100644 --- a/src/network/networkd-manager.h +++ b/src/network/networkd-manager.h -@@ -110,7 +110,20 @@ bool manager_should_reload(Manager *m); +@@ -112,7 +112,20 @@ int manager_load_config(Manager *m); int manager_enumerate(Manager *m); diff --git a/packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch b/packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch deleted file mode 100644 index a447b6d4f77..00000000000 --- a/packages/systemd/9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 036e90b85cc26200b1887ca764f703f2a9f4fb74 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 27 Apr 2022 10:25:22 +0100 -Subject: [PATCH] tmpfiles: Split networkd entries into a separate file - -Many distributions ship systemd-networkd as a separate file so we -need to be able to ship the tmpfiles networkd entries as part of -that separate networkd package. Let's split the networkd entries -into a separate file to make that possible. ---- - tmpfiles.d/meson.build | 1 + - tmpfiles.d/systemd-network.conf | 13 +++++++++++++ - tmpfiles.d/systemd.conf.in | 6 ------ - 3 files changed, 14 insertions(+), 6 deletions(-) - create mode 100644 tmpfiles.d/systemd-network.conf - -diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build -index b8d3919..7c2604c 100644 ---- a/tmpfiles.d/meson.build -+++ b/tmpfiles.d/meson.build -@@ -13,6 +13,7 @@ files = [['README', ''], - ['systemd-pstore.conf', 'ENABLE_PSTORE'], - ['tmp.conf', ''], - ['x11.conf', ''], -+ ['systemd-network.conf', 'ENABLE_NETWORKD'], - ] - - foreach pair : files -diff --git a/tmpfiles.d/systemd-network.conf b/tmpfiles.d/systemd-network.conf -new file mode 100644 -index 0000000..b30bc91 ---- /dev/null -+++ b/tmpfiles.d/systemd-network.conf -@@ -0,0 +1,13 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+# See tmpfiles.d(5) for details -+ -+d /run/systemd/netif 0755 systemd-network systemd-network - -+d /run/systemd/netif/links 0755 systemd-network systemd-network - -+d /run/systemd/netif/leases 0755 systemd-network systemd-network - -+d /run/systemd/netif/lldp 0755 systemd-network systemd-network - -diff --git a/tmpfiles.d/systemd.conf.in b/tmpfiles.d/systemd.conf.in -index 9b2357c..e23e102 100644 ---- a/tmpfiles.d/systemd.conf.in -+++ b/tmpfiles.d/systemd.conf.in -@@ -18,12 +18,6 @@ d /run/systemd/sessions 0755 root root - - d /run/systemd/users 0755 root root - - d /run/systemd/machines 0755 root root - - d /run/systemd/shutdown 0755 root root - --{% if ENABLE_NETWORKD %} --d /run/systemd/netif 0755 systemd-network systemd-network - --d /run/systemd/netif/links 0755 systemd-network systemd-network - --d /run/systemd/netif/leases 0755 systemd-network systemd-network - --d /run/systemd/netif/lldp 0755 systemd-network systemd-network - --{% endif %} - - d /run/log 0755 root root - - --- -2.40.1 - diff --git a/packages/systemd/Cargo.toml b/packages/systemd/Cargo.toml index cc330234579..5a6fc9b3449 100644 --- a/packages/systemd/Cargo.toml +++ b/packages/systemd/Cargo.toml @@ -13,8 +13,8 @@ releases-url = "https://github.com/systemd/systemd-stable/releases" package-features = ["unified-cgroup-hierarchy"] [[package.metadata.build-package.external-files]] -url = "https://github.com/systemd/systemd-stable/archive/v250.11/systemd-stable-250.11.tar.gz" -sha512 = "75dc5dbbc34247027a2139b8e4dfe27e844c1c8c79a90fc914abd4efd76f04673f9ec38be98931ab62b74cdc04d3c85c7f7000cdbb1fd45d2ec610c33016d5f3" +url = "https://github.com/systemd/systemd-stable/archive/v252.13/systemd-stable-252.13.tar.gz" +sha512 = "db96a49a8819abbd68606c4063b2f8ef56d2fa07a62733e82c31de12f8e6d33f40bc85d162edc56bd77b23904a017b3b7f7050d281613b78ac39d25c0f1f70ad" [build-dependencies] glibc = { path = "../glibc" } diff --git a/packages/systemd/systemd-journald.conf b/packages/systemd/systemd-journald.conf new file mode 100644 index 00000000000..2d8d85439be --- /dev/null +++ b/packages/systemd/systemd-journald.conf @@ -0,0 +1,3 @@ +[Service] +Environment=SYSTEMD_JOURNAL_KEYED_HASH=0 +Environment=SYSTEMD_JOURNAL_COMPACT=0 diff --git a/packages/systemd/systemd.spec b/packages/systemd/systemd.spec index 405b80802ec..7a85ae213bb 100644 --- a/packages/systemd/systemd.spec +++ b/packages/systemd/systemd.spec @@ -2,7 +2,7 @@ %global __brp_check_rpaths %{nil} Name: %{_cross_os}systemd -Version: 250.11 +Version: 252.13 Release: 1%{?dist} Summary: System and Service Manager License: GPL-2.0-or-later AND GPL-2.0-only AND LGPL-2.1-or-later @@ -12,28 +12,7 @@ Source1: systemd-tmpfiles.conf Source2: systemd-modules-load.conf Source3: journald.conf Source4: issue - -# Backports for fixing udev skipping kernel uevents under special circumstances -# * https://github.com/systemd/systemd/commit/2d40f02ee4317233365f53c85234be3af6b000a6 -# * https://github.com/systemd/systemd/pull/22717 -# * https://github.com/systemd/systemd/commit/400e3d21f8cae53a8ba9f9567f244fbf6f3e076c -# * https://github.com/systemd/systemd/commit/4f294ffdf18ab9f187400dbbab593a980e60be89 -# * https://github.com/systemd/systemd/commit/c02fb80479b23e70f4ad6f7717eec5c9444aa7f4 -# From v251: -Patch0001: 0001-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch -Patch0002: 0002-udev-drop-unnecessary-clone-of-received-sd-device-ob.patch -Patch0003: 0003-udev-introduce-device_broadcast-helper-function.patch -Patch0004: 0004-udev-assume-there-is-no-blocker-when-failed-to-check.patch -Patch0005: 0005-udev-store-action-in-struct-Event.patch -Patch0006: 0006-udev-requeue-event-when-the-corresponding-block-devi.patch -Patch0007: 0007-udev-only-ignore-ENOENT-or-friends-which-suggest-the.patch -Patch0008: 0008-udev-split-worker_lock_block_device-into-two.patch -Patch0009: 0009-udev-assume-block-device-is-not-locked-when-a-new-ev.patch -# From v252: -Patch0010: 0010-udev-fix-inversed-inequality-for-timeout-of-retrying.patch -Patch0011: 0011-udev-certainly-restart-event-for-previously-locked-d.patch -# From v251: -Patch0012: 0012-udev-try-to-reload-selinux-label-database-less-frequ.patch +Source5: systemd-journald.conf # Local patch to work around the fact that /var is a bind mount from # /local/var, and we want the /local/var/run symlink to point to /run. @@ -69,13 +48,9 @@ Patch9009: 9009-sysusers-set-root-shell-to-sbin-nologin.patch # Local patch to keep modprobe units running to avoid repeated log entries. Patch9010: 9010-units-keep-modprobe-service-units-running.patch -# Local patch to split the systemd-networkd tmpfiles into a separate file which -# allows us to exclude them when not using networkd. -Patch9011: 9011-tmpfiles-Split-networkd-entries-into-a-separate-file.patch - # Local patch to conditionalize systemd-networkd calls to hostname and timezone # DBUS services not used in Bottlerocket -Patch9012: 9012-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch +Patch9011: 9011-systemd-networkd-Conditionalize-hostnamed-timezoned-.patch BuildRequires: gperf BuildRequires: intltool @@ -168,6 +143,7 @@ CONFIGURE_OPTS=( -Dmachined=false -Dportabled=false -Dsysext=false + -Dsysupdate=false -Duserdb=false -Dhomed=false -Dnetworkd=true @@ -192,6 +168,7 @@ CONFIGURE_OPTS=( -Dman=false -Dhtml=false -Dtranslations=false + -Dlog-message-verification=false -Dcertificate-root='%{_cross_sysconfdir}/ssl' -Dpkgconfigdatadir='%{_cross_pkgconfigdir}' @@ -254,6 +231,7 @@ CONFIGURE_OPTS=( -Ddbus=false -Dgnu-efi=false + -Defi-tpm-pcr-compat=false -Dbashcompletiondir=no -Dzshcompletiondir=no @@ -287,7 +265,9 @@ install -d %{buildroot}%{_cross_libdir}/modules-load.d install -p -m 0644 %{S:2} %{buildroot}%{_cross_libdir}/modules-load.d/nf_conntrack.conf install -d %{buildroot}%{_cross_libdir}/systemd/journald.conf.d +install -d %{buildroot}%{_cross_libdir}/systemd/system/systemd-journald.service.d install -p -m 0644 %{S:3} %{buildroot}%{_cross_libdir}/systemd/journald.conf.d/journald.conf +install -p -m 0644 %{S:5} %{buildroot}%{_cross_libdir}/systemd/system/systemd-journald.service.d/systemd-journald.conf # Remove all stock network configurations, as they can interfere # with container networking by attempting to manage veth devices. @@ -379,6 +359,7 @@ install -p -m 0644 %{S:4} %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/i %dir %{_cross_factorydir} %{_cross_factorydir}%{_cross_sysconfdir}/issue +%{_cross_factorydir}%{_cross_sysconfdir}/locale.conf %exclude %{_cross_factorydir}%{_cross_sysconfdir}/nsswitch.conf %exclude %{_cross_factorydir}%{_cross_sysconfdir}/pam.d %exclude %{_cross_factorydir}%{_cross_sysconfdir}/pam.d/other