diff --git a/.abignore b/.abignore deleted file mode 100644 index 6a33b88..0000000 --- a/.abignore +++ /dev/null @@ -1,3 +0,0 @@ -[suppress_file] -# Those shared objects are private to systemd -file_name_regexp=libsystemd-(shared|core)-.*.so diff --git a/0001-Revert-network-lldp-do-not-save-LLDP-neighbors-under.patch b/0001-Revert-network-lldp-do-not-save-LLDP-neighbors-under.patch index 1fdbd67..234b2ad 100644 --- a/0001-Revert-network-lldp-do-not-save-LLDP-neighbors-under.patch +++ b/0001-Revert-network-lldp-do-not-save-LLDP-neighbors-under.patch @@ -1,4 +1,4 @@ -From d8798eb733d5680047128ec1f74c82f347c321ed Mon Sep 17 00:00:00 2001 +From 1ef7ac52b34cef84ad5d4103bdaab4a2578bad9e Mon Sep 17 00:00:00 2001 From: Ryan Wilson Date: Wed, 4 Dec 2024 16:53:40 -0800 Subject: [PATCH] Revert "network/lldp: do not save LLDP neighbors under @@ -18,10 +18,10 @@ This reverts commit 5a0f6adbb2e39914897f404ac97fecebcc2c385a. 9 files changed, 94 insertions(+), 2 deletions(-) diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c -index 02af2954ae..3d381294e6 100644 +index 4e51a55bd1..39864d18f7 100644 --- a/src/libsystemd-network/lldp-neighbor.c +++ b/src/libsystemd-network/lldp-neighbor.c -@@ -376,6 +376,17 @@ int sd_lldp_neighbor_get_destination_address(sd_lldp_neighbor *n, struct ether_a +@@ -377,6 +377,17 @@ int sd_lldp_neighbor_get_destination_address(sd_lldp_neighbor *n, struct ether_a return 0; } @@ -40,10 +40,10 @@ index 02af2954ae..3d381294e6 100644 assert_return(n, -EINVAL); assert_return(type, -EINVAL); diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 9ce75361fd..0436233ac9 100644 +index 3c042e6c18..6a740b186a 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c -@@ -273,6 +273,7 @@ static Link *link_free(Link *link) { +@@ -275,6 +275,7 @@ static Link *link_free(Link *link) { free(link->driver); unlink_and_free(link->lease_file); @@ -51,7 +51,7 @@ index 9ce75361fd..0436233ac9 100644 unlink_and_free(link->state_file); sd_device_unref(link->dev); -@@ -2645,7 +2646,7 @@ static Link *link_drop_or_unref(Link *link) { +@@ -2662,7 +2663,7 @@ static Link *link_drop_or_unref(Link *link) { DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_drop_or_unref); static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { @@ -60,7 +60,7 @@ index 9ce75361fd..0436233ac9 100644 _cleanup_(link_drop_or_unrefp) Link *link = NULL; unsigned short iftype; int r, ifindex; -@@ -2686,6 +2687,9 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { +@@ -2703,6 +2704,9 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { if (asprintf(&lease_file, "/run/systemd/netif/leases/%d", ifindex) < 0) return log_oom_debug(); @@ -70,7 +70,7 @@ index 9ce75361fd..0436233ac9 100644 } link = new(Link, 1); -@@ -2708,6 +2712,7 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { +@@ -2725,6 +2729,7 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { .state_file = TAKE_PTR(state_file), .lease_file = TAKE_PTR(lease_file), @@ -79,10 +79,10 @@ index 9ce75361fd..0436233ac9 100644 .n_dns = UINT_MAX, .dns_default_route = -1, diff --git a/src/network/networkd-link.h b/src/network/networkd-link.h -index b1b2fe42db..d590d071bd 100644 +index 113217cdb6..229ce976bc 100644 --- a/src/network/networkd-link.h +++ b/src/network/networkd-link.h -@@ -184,6 +184,7 @@ typedef struct Link { +@@ -194,6 +194,7 @@ typedef struct Link { /* This is about LLDP reception */ sd_lldp_rx *lldp_rx; @@ -91,7 +91,7 @@ index b1b2fe42db..d590d071bd 100644 /* This is about LLDP transmission */ sd_lldp_tx *lldp_tx; diff --git a/src/network/networkd-lldp-rx.c b/src/network/networkd-lldp-rx.c -index f74485488e..c45d3e32d7 100644 +index 6ba198282e..853e0a0ace 100644 --- a/src/network/networkd-lldp-rx.c +++ b/src/network/networkd-lldp-rx.c @@ -52,6 +52,8 @@ static void lldp_rx_handler(sd_lldp_rx *lldp_rx, sd_lldp_rx_event_t event, sd_ll @@ -187,23 +187,23 @@ index 75c9f8ca86..22f6602bd0 100644 const char* lldp_mode_to_string(LLDPMode m) _const_; LLDPMode lldp_mode_from_string(const char *s) _pure_; diff --git a/src/network/networkd-state-file.c b/src/network/networkd-state-file.c -index fbe4fee17d..bc08a84c74 100644 +index da917dd897..2e32fbc300 100644 --- a/src/network/networkd-state-file.c +++ b/src/network/networkd-state-file.c -@@ -584,6 +584,8 @@ static int link_save(Link *link) { +@@ -714,6 +714,8 @@ static int link_save(Link *link) { if (link->state == LINK_STATE_LINGER) return 0; + link_lldp_save(link); + - admin_state = link_state_to_string(link->state); - assert(admin_state); - + admin_state = ASSERT_PTR(link_state_to_string(link->state)); + oper_state = ASSERT_PTR(link_operstate_to_string(link->operstate)); + carrier_state = ASSERT_PTR(link_carrier_state_to_string(link->carrier_state)); diff --git a/src/network/networkd.c b/src/network/networkd.c -index 69a28647c8..3384c7c3ea 100644 +index 883f16d81b..12edb68583 100644 --- a/src/network/networkd.c +++ b/src/network/networkd.c -@@ -72,7 +72,8 @@ static int run(int argc, char *argv[]) { +@@ -75,7 +75,8 @@ static int run(int argc, char *argv[]) { * to support old kernels not supporting AmbientCapabilities=. */ FOREACH_STRING(p, "/run/systemd/netif/links/", @@ -214,7 +214,7 @@ index 69a28647c8..3384c7c3ea 100644 if (r < 0) log_warning_errno(r, "Could not create directory '%s': %m", p); diff --git a/src/systemd/sd-lldp-rx.h b/src/systemd/sd-lldp-rx.h -index 154e37e2d8..a876e41b25 100644 +index b697643a07..fedf9956cf 100644 --- a/src/systemd/sd-lldp-rx.h +++ b/src/systemd/sd-lldp-rx.h @@ -75,6 +75,7 @@ sd_lldp_neighbor *sd_lldp_neighbor_unref(sd_lldp_neighbor *n); @@ -226,15 +226,15 @@ index 154e37e2d8..a876e41b25 100644 /* High-level, direct, parsed out field access. These fields exist at most once, hence may be queried directly. */ int sd_lldp_neighbor_get_chassis_id(sd_lldp_neighbor *n, uint8_t *type, const void **ret, size_t *size); diff --git a/tmpfiles.d/systemd-network.conf b/tmpfiles.d/systemd-network.conf -index 323beca59c..107317a03c 100644 +index 75b61b7d07..881937d456 100644 --- a/tmpfiles.d/systemd-network.conf +++ b/tmpfiles.d/systemd-network.conf @@ -10,4 +10,5 @@ - d /run/systemd/netif 0755 systemd-network systemd-network - - d /run/systemd/netif/links 0755 systemd-network systemd-network - - d /run/systemd/netif/leases 0755 systemd-network systemd-network - -+d /run/systemd/netif/lldp 0755 systemd-network systemd-network - - d /var/lib/systemd/network 0755 systemd-network systemd-network - + d$ /run/systemd/netif 0755 systemd-network systemd-network - + d$ /run/systemd/netif/links 0755 systemd-network systemd-network - + d$ /run/systemd/netif/leases 0755 systemd-network systemd-network - ++d$ /run/systemd/netif/lldp 0755 systemd-network systemd-network - + d$ /var/lib/systemd/network 0755 systemd-network systemd-network - -- -2.43.5 +2.47.1 diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch new file mode 100644 index 0000000..eca67f0 --- /dev/null +++ b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch @@ -0,0 +1,69 @@ +From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 17:00:08 +0100 +Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' + if DefaultDependencies=no" + +This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. +--- + units/systemd-coredump@.service.in | 2 +- + units/systemd-oomd.service.in | 2 +- + units/systemd-resolved.service.in | 2 +- + units/systemd-timesyncd.service.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in +index c74dc7a5a1..fa3206d07b 100644 +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -26,7 +26,7 @@ NoNewPrivileges=yes + OOMScoreAdjust=500 + PrivateDevices=yes + PrivateNetwork=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=read-only + ProtectHostname=yes +diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in +index 670d5e6140..82bd6245f8 100644 +--- a/units/systemd-oomd.service.in ++++ b/units/systemd-oomd.service.in +@@ -37,7 +37,7 @@ MemoryLow=64M + NoNewPrivileges=yes + OOMScoreAdjust=-900 + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectHome=yes + ProtectHostname=yes +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index e181b2528a..4aa0788ac4 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -29,7 +29,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in +index 835d6327e7..cf233fbffd 100644 +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -31,7 +31,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectProc=invisible + ProtectControlGroups=yes + ProtectHome=yes +-- +2.47.1 + diff --git a/0001-networkctl-Make-lldp-status-backwards-compatible-wit.patch b/0001-networkctl-Make-lldp-status-backwards-compatible-wit.patch index dc78857..5dd957c 100644 --- a/0001-networkctl-Make-lldp-status-backwards-compatible-wit.patch +++ b/0001-networkctl-Make-lldp-status-backwards-compatible-wit.patch @@ -1,4 +1,4 @@ -From 11d47b91b0fd35aaf2db486783d80bdca7229d82 Mon Sep 17 00:00:00 2001 +From 9ae68659b0870f3213a8e06011b1dbccdeb86ee6 Mon Sep 17 00:00:00 2001 From: Ryan Wilson Date: Wed, 4 Dec 2024 16:15:30 -0800 Subject: [PATCH] networkctl: Make lldp/status backwards compatible with 255 @@ -6,15 +6,18 @@ Subject: [PATCH] networkctl: Make lldp/status backwards compatible with 255 --- src/libsystemd-network/lldp-neighbor.c | 22 +++ - src/network/networkctl.c | 208 ++++++++++++++++++++++++- + src/network/networkctl-lldp.c | 198 ++++++++++++++++++++++++- + src/network/networkctl-lldp.h | 1 + + src/network/networkctl-status-link.c | 9 +- + src/network/networkctl-util.c | 2 +- src/systemd/sd-lldp-rx.h | 1 + - 3 files changed, 224 insertions(+), 7 deletions(-) + 6 files changed, 226 insertions(+), 7 deletions(-) diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c -index a4384ac2e1..02af2954ae 100644 +index 457b1e5926..4e51a55bd1 100644 --- a/src/libsystemd-network/lldp-neighbor.c +++ b/src/libsystemd-network/lldp-neighbor.c -@@ -629,6 +629,28 @@ int sd_lldp_neighbor_get_enabled_capabilities(sd_lldp_neighbor *n, uint16_t *ret +@@ -630,6 +630,28 @@ int sd_lldp_neighbor_get_enabled_capabilities(sd_lldp_neighbor *n, uint16_t *ret return 0; } @@ -43,29 +46,28 @@ index a4384ac2e1..02af2954ae 100644 int sd_lldp_neighbor_tlv_rewind(sd_lldp_neighbor *n) { assert_return(n, -EINVAL); -diff --git a/src/network/networkctl.c b/src/network/networkctl.c -index a447c39a64..e31018e813 100644 ---- a/src/network/networkctl.c -+++ b/src/network/networkctl.c -@@ -16,6 +16,7 @@ - #include "sd-device.h" - #include "sd-dhcp-client.h" - #include "sd-hwdb.h" -+#include "sd-lldp-rx.h" - #include "sd-netlink.h" - #include "sd-network.h" - -@@ -173,7 +174,7 @@ int acquire_bus(sd_bus **ret) { - if (networkd_is_running()) { - r = varlink_connect_networkd(/* ret_varlink = */ NULL); - if (r < 0) -- return r; -+ log_warning("Varlink connection failed, fallback to D-Bus."); - } else - log_warning("systemd-networkd is not running, output might be incomplete."); +diff --git a/src/network/networkctl-lldp.c b/src/network/networkctl-lldp.c +index b1dc927af9..6a3a88210c 100644 +--- a/src/network/networkctl-lldp.c ++++ b/src/network/networkctl-lldp.c +@@ -1,11 +1,15 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ -@@ -1410,6 +1411,99 @@ static int dump_lldp_neighbors(Varlink *vl, Table *table, int ifindex) { - return dump_list(table, "Connected To", buf); + #include "alloc-util.h" ++#include "fd-util.h" + #include "json-util.h" + #include "networkctl.h" + #include "networkctl-dump-util.h" ++#include "networkctl-link-info.h" + #include "networkctl-lldp.h" + #include "networkctl-util.h" ++#include "sd-lldp-rx.h" ++#include "sparse-endian.h" + #include "stdio-util.h" + #include "strv.h" + #include "terminal-util.h" +@@ -214,6 +218,194 @@ static int dump_lldp_neighbors_json(sd_json_variant *reply, char * const *patter + return sd_json_variant_dump(v, arg_json_format_flags, NULL, NULL); } +static int open_lldp_neighbors_legacy(int ifindex, FILE **ret) { @@ -118,7 +120,7 @@ index a447c39a64..e31018e813 100644 + return 1; +} + -+static int dump_lldp_neighbors_legacy(Table *table, const char *prefix, int ifindex) { ++int dump_lldp_neighbors_legacy(Table *table, const char *prefix, int ifindex) { + _cleanup_strv_free_ char **buf = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; @@ -159,45 +161,6 @@ index a447c39a64..e31018e813 100644 + + return dump_list(table, prefix, buf); +} -+ -+ - static int dump_dhcp_leases(Table *table, const char *prefix, sd_bus *bus, const LinkInfo *link) { - _cleanup_strv_free_ char **buf = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -@@ -1696,7 +1790,6 @@ static int link_status_one( - - assert(bus); - assert(rtnl); -- assert(vl); - assert(info); - - (void) sd_network_link_get_operational_state(info->ifindex, &operational_state); -@@ -2315,7 +2408,7 @@ static int link_status_one( - return table_log_add_error(r); - } - -- r = dump_lldp_neighbors(vl, table, info->ifindex); -+ r = vl ? dump_lldp_neighbors(vl, table, info->ifindex) : dump_lldp_neighbors_legacy(table, "Connected To", info->ifindex); - if (r < 0) - return r; - -@@ -2449,8 +2542,10 @@ static int link_status(int argc, char *argv[], void *userdata) { - log_debug_errno(r, "Failed to open hardware database: %m"); - - r = varlink_connect_networkd(&vl); -- if (r < 0) -- return r; -+ if (r < 0) { -+ log_warning("Varlink connection failed, fallback to D-Bus."); -+ vl = NULL; -+ } - - if (arg_all) - c = acquire_link_info(bus, rtnl, NULL, &links); -@@ -2584,6 +2679,103 @@ static int dump_lldp_neighbors_json(JsonVariant *reply, char * const *patterns) - return json_variant_dump(v, arg_json_format_flags, NULL, NULL); - } - +static int link_lldp_status_legacy(int argc, char *argv[], void *userdata) { + _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; + _cleanup_(link_info_array_freep) LinkInfo *links = NULL; @@ -295,10 +258,10 @@ index a447c39a64..e31018e813 100644 + return 0; +} + - static int link_lldp_status(int argc, char *argv[], void *userdata) { - _cleanup_(varlink_flush_close_unrefp) Varlink *vl = NULL; + int link_lldp_status(int argc, char *argv[], void *userdata) { + _cleanup_(sd_varlink_flush_close_unrefp) sd_varlink *vl = NULL; _cleanup_(table_unrefp) Table *table = NULL; -@@ -2594,8 +2786,10 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) { +@@ -224,8 +416,10 @@ int link_lldp_status(int argc, char *argv[], void *userdata) { int r; r = varlink_connect_networkd(&vl); @@ -311,8 +274,64 @@ index a447c39a64..e31018e813 100644 r = varlink_call_and_log(vl, "io.systemd.Network.GetLLDPNeighbors", NULL, &reply); if (r < 0) +diff --git a/src/network/networkctl-lldp.h b/src/network/networkctl-lldp.h +index 3ec6fe76c1..9828847924 100644 +--- a/src/network/networkctl-lldp.h ++++ b/src/network/networkctl-lldp.h +@@ -7,3 +7,4 @@ + + int dump_lldp_neighbors(sd_varlink *vl, Table *table, int ifindex); + int link_lldp_status(int argc, char *argv[], void *userdata); ++int dump_lldp_neighbors_legacy(Table *table, const char *prefix, int ifindex); +diff --git a/src/network/networkctl-status-link.c b/src/network/networkctl-status-link.c +index ae13eba9ae..fbda880e9c 100644 +--- a/src/network/networkctl-status-link.c ++++ b/src/network/networkctl-status-link.c +@@ -267,7 +267,6 @@ static int link_status_one( + + assert(bus); + assert(rtnl); +- assert(vl); + assert(info); + + (void) sd_network_link_get_operational_state(info->ifindex, &operational_state); +@@ -904,7 +903,7 @@ static int link_status_one( + return table_log_add_error(r); + } + +- r = dump_lldp_neighbors(vl, table, info->ifindex); ++ r = vl ? dump_lldp_neighbors(vl, table, info->ifindex) : dump_lldp_neighbors_legacy(table, "Connected To", info->ifindex); + if (r < 0) + return r; + +@@ -955,8 +954,10 @@ int link_status(int argc, char *argv[], void *userdata) { + log_debug_errno(r, "Failed to open hardware database: %m"); + + r = varlink_connect_networkd(&vl); +- if (r < 0) +- return r; ++ if (r < 0) { ++ log_warning("Varlink connection failed, fallback to D-Bus."); ++ vl = NULL; ++ } + + if (arg_all) + c = acquire_link_info(bus, rtnl, NULL, &links); +diff --git a/src/network/networkctl-util.c b/src/network/networkctl-util.c +index 88620aad53..8bda6b1aec 100644 +--- a/src/network/networkctl-util.c ++++ b/src/network/networkctl-util.c +@@ -90,7 +90,7 @@ int acquire_bus(sd_bus **ret) { + if (networkd_is_running()) { + r = varlink_connect_networkd(/* ret_varlink = */ NULL); + if (r < 0) +- return r; ++ log_warning("Varlink connection failed, fallback to D-Bus."); + } else + log_warning("systemd-networkd is not running, output might be incomplete."); + diff --git a/src/systemd/sd-lldp-rx.h b/src/systemd/sd-lldp-rx.h -index a7e1a9f376..154e37e2d8 100644 +index 51b9f39482..b697643a07 100644 --- a/src/systemd/sd-lldp-rx.h +++ b/src/systemd/sd-lldp-rx.h @@ -88,6 +88,7 @@ int sd_lldp_neighbor_get_port_description(sd_lldp_neighbor *n, const char **ret) @@ -324,5 +343,5 @@ index a7e1a9f376..154e37e2d8 100644 /* Low-level, iterative TLV access. This is for everything else, it iteratively goes through all available TLVs * (including the ones covered with the calls above), and allows multiple TLVs for the same fields. */ -- -2.43.5 +2.47.1 diff --git a/0001-networkctl-Make-networkctl-lldp-output-backwards-com.patch b/0001-networkctl-Make-networkctl-lldp-output-backwards-com.patch index f284573..0e8a953 100644 --- a/0001-networkctl-Make-networkctl-lldp-output-backwards-com.patch +++ b/0001-networkctl-Make-networkctl-lldp-output-backwards-com.patch @@ -1,18 +1,18 @@ -From 7d236cbb2ceea8881e57d9f2e2af091088c4f178 Mon Sep 17 00:00:00 2001 +From 799367ff00cd0c85acd0bbea3dcec619e48b5601 Mon Sep 17 00:00:00 2001 From: Ryan Wilson Date: Tue, 3 Dec 2024 14:46:54 -0800 Subject: [PATCH] networkctl: Make networkctl lldp output backwards compatible with 255 --- - src/network/networkctl.c | 16 +++++++--------- + src/network/networkctl-lldp.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) -diff --git a/src/network/networkctl.c b/src/network/networkctl.c -index a447c39a64..8b15ba1fdf 100644 ---- a/src/network/networkctl.c -+++ b/src/network/networkctl.c -@@ -2608,12 +2608,11 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) { +diff --git a/src/network/networkctl-lldp.c b/src/network/networkctl-lldp.c +index 43ffbab..b1dc927 100644 +--- a/src/network/networkctl-lldp.c ++++ b/src/network/networkctl-lldp.c +@@ -238,12 +238,11 @@ int link_lldp_status(int argc, char *argv[], void *userdata) { table = table_new("index", "link", @@ -28,7 +28,7 @@ index a447c39a64..8b15ba1fdf 100644 if (!table) return log_oom(); -@@ -2626,7 +2625,7 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) { +@@ -256,7 +255,7 @@ int link_lldp_status(int argc, char *argv[], void *userdata) { table_hide_column_from_display(table, (size_t) 0); /* Make the capabilities not truncated */ @@ -36,8 +36,8 @@ index a447c39a64..8b15ba1fdf 100644 + assert_se(cell = table_get_cell(table, 0, 4)); table_set_minimum_width(table, cell, 11); - JsonVariant *i; -@@ -2655,12 +2654,11 @@ static int link_lldp_status(int argc, char *argv[], void *userdata) { + sd_json_variant *i; +@@ -285,12 +284,11 @@ int link_lldp_status(int argc, char *argv[], void *userdata) { r = table_add_many(table, TABLE_INT, info.ifindex, TABLE_STRING, info.ifname, @@ -54,5 +54,5 @@ index a447c39a64..8b15ba1fdf 100644 return table_log_add_error(r); -- -2.43.5 +2.47.1 diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch deleted file mode 100644 index 033b575..0000000 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 1e788a7fb535a37a8268aa7dc5130f670eb72a6b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 23 Jul 2024 13:14:05 +0200 -Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use - -Follow-up for https://github.com/systemd/systemd/pull/33383. ---- - src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 4 ++-- - 2 files changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 8cc8c1ccd6..14048545db 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { - ARG_IMAGE_POLICY, - ARG_REPLACE, - ARG_DRY_RUN, -+ ARG_DESTROY_DATA, - ARG_NO_PAGER, - }; - -@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { - { "replace", required_argument, NULL, ARG_REPLACE }, - { "dry-run", no_argument, NULL, ARG_DRY_RUN }, - { "no-pager", no_argument, NULL, ARG_NO_PAGER }, -+ -+ /* This is not documented on purpose. -+ * If you think --purge should be allowed without jumping through hoops, -+ * consider opening a bug report with the description of the use case. -+ */ -+ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, -+ - {} - }; - - int c, r; -+ bool destroy_data = false; - - assert(argc >= 0); - assert(argv); -@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { - arg_dry_run = true; - break; - -+ case ARG_DESTROY_DATA: -+ destroy_data = true; -+ break; -+ - case ARG_NO_PAGER: - arg_pager_flags |= PAGER_DISABLE; - break; -@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Refusing --purge without specification of a configuration file."); - -+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "Refusing --purge without --destroy-data."); -+ - if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Option --replace= is not supported with --cat-config/--tldr."); -diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index 5d24197c81..de23bbb95f 100755 ---- a/test/units/TEST-22-TMPFILES.18.sh -+++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -21,7 +21,7 @@ systemd-tmpfiles --purge --dry-run - <<<"$c" - test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - -@@ -29,6 +29,6 @@ systemd-tmpfiles --create --purge --dry-run - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - --systemd-tmpfiles --create --purge - <<<"$c" -+systemd-tmpfiles --create --destroy-data --purge - <<<"$c" - test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile --- -2.45.2 - diff --git a/33738.patch b/33738.patch deleted file mode 100644 index 58ab604..0000000 --- a/33738.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 69c5d6bea7cc2168a2a483d232aa9a77202173f0 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 16 Jul 2024 17:46:09 +0200 -Subject: [PATCH] rules: Add uaccess tag to /dev/udmabuf - -In some cases userspace may need to create dmabuffers from userspace -on such example is the software ISP part of libcamera which needs to -allocate dma-buffers for the output of the software ISP. - -At first the plan was to allow console users access to /dev/dma_heap/*, -this was discussed with various kernel folks here: -https://lore.kernel.org/all/bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com/ - -Giving console users access to the dma_heap's was deemed a bad idea -because memory allocated this way is not accounted in cgroup limits. - -Giving access to /dev/udmabuf OTOH was deemed acceptable so that -is what this patch adds. - -Resolves: #32662 ---- - rules.d/70-uaccess.rules.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index b82ce04a39d38..e683bb1114461 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -34,6 +34,8 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ - SUBSYSTEM=="video4linux", TAG+="uaccess" - SUBSYSTEM=="dvb", TAG+="uaccess" - SUBSYSTEM=="media", TAG+="uaccess" -+# libcamera software ISP used with some cams requires udmabuf access -+KERNEL=="udmabuf", TAG+="uaccess" - - # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more - SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" diff --git a/libabigail.abignore b/libabigail.abignore new file mode 100644 index 0000000..6a33b88 --- /dev/null +++ b/libabigail.abignore @@ -0,0 +1,3 @@ +[suppress_file] +# Those shared objects are private to systemd +file_name_regexp=libsystemd-(shared|core)-.*.so diff --git a/sources b/sources index db248bb..b8843e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 diff --git a/split-files.py b/split-files.py index 51400fd..b08c2bd 100644 --- a/split-files.py +++ b/split-files.py @@ -154,6 +154,9 @@ for file in files(buildroot): and os.path.exists(f'./{n}.example')): o = outputs['networkd-defaults'] + # Files that are "consumed" by systemd-networkd go into the -networkd + # subpackage. As a special case, network-generator is co-owned also by + # the -udev subpackage because systemd-udevd reads .link files. elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| @@ -164,6 +167,8 @@ for file in files(buildroot): systemd\.netdev ''', n, re.X): o = outputs['networkd'] + elif 'network-generator' in n: + o = (outputs['networkd'], outputs['udev']) elif '.so.' in n: o = outputs['libs'] @@ -255,7 +260,10 @@ for file in files(buildroot): suffix = '*' if '/man/' in n else '' - print(f'{prefix}{n}{suffix}', file=o) + if not isinstance(o, tuple): + o = (o,) + for file in o: + print(f'{prefix}{n}{suffix}', file=file) if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() diff --git a/systemd.spec b/systemd.spec index 3033ea4..191b711 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,9 @@ # Build from git main %bcond upstream 0 +# Build with OBS-specific quirks +%bcond obs 0 + # When bootstrap, libcryptsetup is disabled # but auto-features causes many options to be turned on # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) @@ -43,8 +46,14 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.7} -Release: %{?release_override}%{!?release_override:1.13}%{?dist} +# But don't do that on OBS, otherwise the version subst fails, and will be +# like 257-123-gabcd257.1 instead of 257-123-gabcd +%if %{without obs} +Version: %{?version_override}%{!?version_override:257.2} +%else +Version: %{?version_override}%{!?version_override:%(cat meson.version)} +%endif +Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -74,7 +83,7 @@ Source9: systemd-journal-gatewayd.xml Source10: 20-yama-ptrace.conf Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports -Source13: .abignore +Source13: libabigail.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf @@ -91,69 +100,21 @@ Source25: 98-default-mac-none.link Source26: systemd-user -%if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch -%endif - -# Backports of patches from upstream (0000–0499) -# -# Any patches which are "in preparation" upstream should be listed here, rather -# than in the next section. Packit CI will drop any patches in this range before -# applying upstream pull requests. - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0010: https://github.com/systemd/systemd/pull/26494.patch -%endif - -%if %{without upstream} - -# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 -Patch0011: https://github.com/systemd/systemd/pull/33738.patch - -# Various logging improvements -Patch0013: https://github.com/systemd/systemd/pull/34728.patch - -# Make sure bus_connect_transport_systemd() actually connects to the private manager bus -Patch0014: https://github.com/systemd/systemd/pull/34686.patch - -# Simplify user manager upgrades -Patch0015: https://github.com/systemd/systemd/pull/34707.patch - -# core/device: ignore ID_PROCESSING udev property on enumerate -Patch0016: https://github.com/systemd/systemd/pull/35332.patch - -# Soft-disable tmpfiles --purge until a good use case comes up. -Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch - +Patch: https://github.com/systemd/systemd/pull/26494.patch %endif # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0491: https://github.com/systemd/systemd/pull/30846.patch - # Meta specific backports (900-1000) %if 0%{?facebook} %if %{without upstream} -# network: Make qdisc reconfigurable -Patch0900: https://github.com/systemd/systemd/pull/34543.patch - -# network: Add support for multiq qdisc -Patch0901: https://github.com/systemd/systemd/pull/34251.patch - -# core: Add support for PrivateUsers=identity -Patch0902: https://github.com/systemd/systemd/pull/34400.patch - -# bus-util: Return ENOMEDIUM if XDG_RUNTIME_DIR is unset -Patch0903: https://github.com/systemd/systemd/pull/34851.patch - # pam_systemd: Make pam_systemd 256 backwards compatible to logind 255 Patch0904: 0001-pam_systemd-Make-pam_systemd-256-backwards-compatibl.patch @@ -181,6 +142,7 @@ Patch1003: 0001-Temporary-workaround-PrivateUsers-full-implies-Deleg.patch %endif +Patch: https://github.com/systemd/systemd/pull/30846.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 @@ -228,7 +190,7 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +%if 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif %if %{with gnutls} @@ -264,7 +226,6 @@ BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) %if 0%{?fedora} BuildRequires: python3dist(pillow) -BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) %if 0%{?want_bootloader} @@ -298,6 +259,10 @@ BuildRequires: xen-devel %endif %endif +%if %{with obs} +BuildRequires: pesign-obs-integration +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl @@ -573,6 +538,7 @@ with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). %if 0%{?want_bootloader} +%if %{without obs} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -593,6 +559,27 @@ line. systemd-boot supports systems with UEFI firmware only. This package contains the unsigned version. Install systemd-boot instead to get the version that works with Secure Boot. +%else +%package boot +Summary: UEFI boot manager (signed version) + +Provides: systemd-boot-signed-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-signed) = %version +Provides: version(systemd-boot-signed)%{_isa} = %version + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +%description boot +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains the signed version. +%endif %endif %package container @@ -602,7 +589,13 @@ Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +# For systemd-vmspawn which uses qemu: +Recommends: qemu-kvm-core +%if 0%{?fedora} +Recommends: qemu-device-display-virtio-gpu +Recommends: qemu-device-display-virtio-vga +%endif +# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -772,6 +765,10 @@ main systemd package and is meant for use in exitrds. %endif +# Disable user lockdown until rpm implements it natively. +# https://github.com/rpm-software-management/rpm/issues/3450 +sed -r -i 's/^u!/u/' sysusers.d/*.conf* + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -799,7 +796,8 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') %endif CONFIGURE_OPTS=( - -Dmode=%[%{with upstream}?"developer":"release"] + -Dmode=release + -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' @@ -1050,7 +1048,7 @@ install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} -install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} +install -Dm0644 %{SOURCE13} %{buildroot}%{_prefix}/lib/systemd/.abignore # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} @@ -1113,11 +1111,25 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} +# Disable freezing of user sessions while we're working out the details. +mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ +cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf </dev/null +systemd-hwdb update &>/dev/null %systemd_post %udev_services @@ -1296,10 +1308,8 @@ fi %systemd_post systemd-resolved.service %preun resolved +%systemd_preun systemd-resolved.service if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : if [ -L /etc/resolv.conf ] && \ realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then rm -f /etc/resolv.conf # no longer useful @@ -1386,7 +1396,11 @@ fi %files ukify -f .file-list-ukify %if 0%{?want_bootloader} +%if %{without obs} %files boot-unsigned -f .file-list-boot +%else +%files boot -f .file-list-boot +%endif %endif %files container -f .file-list-container diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 4a87d53..944abff 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -69,7 +69,7 @@ parse() { [ -z "$line" ] && continue eval "arr=( $line )" case "${arr[0]}" in - ('u') + ('u'|'u!') if [[ "${arr[2]}" == *":"* ]]; then user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" else diff --git a/sysusers.prov b/sysusers.prov index f12e929..7b3d704 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -42,7 +42,7 @@ parse() { [ -z "$line" ] && continue set -- $line case "$1" in - ('u') + ('u'|'u!') process_u "$2" "$3" ;; ('g') diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 2754578..6f04f15 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -11,7 +11,7 @@ def parse_sysusers_file(filename): continue words = line.split() match words[0]: - case 'u': + case 'u'|'u!': users.add(words[1]) case 'g': groups.add(words[1]) diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml deleted file mode 100644 index 94ea8a5..0000000 --- a/tests/tests-reboot.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: localhost - vars: - - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" - tags: - - classic - tasks: - # switch SELinux to permissive mode - - name: Get default kernel - command: "grubby --default-kernel" - register: default_kernel - - debug: msg="{{ default_kernel.stdout }}" - - name: Set permissive mode - command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" - - - name: reboot - block: - - name: restart host - shell: sleep 2 && shutdown -r now "Ansible updates triggered" - async: 1 - poll: 0 - ignore_errors: true - - - name: wait for host to come back - wait_for_connection: - delay: 10 - timeout: 300 - - - name: Re-create /tmp/artifacts - command: mkdir /tmp/artifacts - - - name: Gather SELinux denials since boot - shell: | - result=pass - dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail - ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log - grep -q '' /tmp/avc.log || result=fail - echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml - ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log - - always: - - name: Pull out the artifacts - fetch: - dest: "{{ artifacts }}/" - src: "{{ item }}" - flat: yes - with_items: - - /tmp/test.log - - /tmp/avc.log - - /tmp/results.yml