From 35bb94669a3c1ae2712a8b69e3cf791aa9bf51e0 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Oct 25 2017 14:25:53 +0000 Subject: Backport a bunch of patches, including LP#172535 --- diff --git a/0001-po-update-Polish-translation-7015.patch b/0001-po-update-Polish-translation-7015.patch index 4542584..8645607 100644 --- a/0001-po-update-Polish-translation-7015.patch +++ b/0001-po-update-Polish-translation-7015.patch @@ -1,4 +1,4 @@ -From b32bceb6c319f5a7b61f8bbfc14af8bb43effc11 Mon Sep 17 00:00:00 2001 +From 553fddb488fef147c21a8ddf0359ccb33524ecb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Dr=C4=85g?= Date: Fri, 6 Oct 2017 16:10:33 +0200 Subject: [PATCH] po: update Polish translation (#7015) diff --git a/0002-man-fix-typo-for-in-systemd.service-7031.patch b/0002-man-fix-typo-for-in-systemd.service-7031.patch new file mode 100644 index 0000000..9d9250f --- /dev/null +++ b/0002-man-fix-typo-for-in-systemd.service-7031.patch @@ -0,0 +1,25 @@ +From 72fd308ac00d5dddc6c36c1318674270b163568f Mon Sep 17 00:00:00 2001 +From: bleep_blop +Date: Mon, 9 Oct 2017 01:31:08 +0530 +Subject: [PATCH] man: fix typo for !! in systemd.service (#7031) + +!! must be very similar to !, not itself. + +(cherry picked from commit 132523e7f74e337120b2db62108470759125c349) +--- + man/systemd.service.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/systemd.service.xml b/man/systemd.service.xml +index 2b183a9cef..b99f7f9df8 100644 +--- a/man/systemd.service.xml ++++ b/man/systemd.service.xml +@@ -342,7 +342,7 @@ + + !! + +- This prefix is very similar to !!, however it only has an effect on systems lacking support for ambient process capabilities, i.e. without support for AmbientCapabilities=. It's intended to be used for unit files that take benefit of ambient capabilities to run processes with minimal privileges wherever possible while remaining compatible with systems that lack ambient capabilities support. Note that when !! is used, and a system lacking ambient capability support is detected any configured SystemCallFilter= and CapabilityBoundingSet= stanzas are implicitly modified, in order to permit spawned processes to drop credentials and capabilities themselves, even if this is configured to not be allowed. Moreover, if this prefix is used and a system lacking ambient capability support is detected AmbientCapabilities= will be skipped and not be applied. On systems supporting ambient capabilities, !! has no effect and is redundant. ++ This prefix is very similar to !, however it only has an effect on systems lacking support for ambient process capabilities, i.e. without support for AmbientCapabilities=. It's intended to be used for unit files that take benefit of ambient capabilities to run processes with minimal privileges wherever possible while remaining compatible with systems that lack ambient capabilities support. Note that when !! is used, and a system lacking ambient capability support is detected any configured SystemCallFilter= and CapabilityBoundingSet= stanzas are implicitly modified, in order to permit spawned processes to drop credentials and capabilities themselves, even if this is configured to not be allowed. Moreover, if this prefix is used and a system lacking ambient capability support is detected AmbientCapabilities= will be skipped and not be applied. On systems supporting ambient capabilities, !! has no effect and is redundant. + + + diff --git a/0002-tests-skip-tests-when-cg_pid_get_path-fails.patch b/0002-tests-skip-tests-when-cg_pid_get_path-fails.patch deleted file mode 100644 index 549c227..0000000 --- a/0002-tests-skip-tests-when-cg_pid_get_path-fails.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0068962099fe81e644fdf2218408ce2baac0e234 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 6 Oct 2017 17:24:50 +0200 -Subject: [PATCH] tests: skip tests when cg_pid_get_path fails - ---- - src/test/test-helper.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-helper.c b/src/test/test-helper.c -index 5b707c3276..2f61f779a5 100644 ---- a/src/test/test-helper.c -+++ b/src/test/test-helper.c -@@ -25,8 +25,14 @@ - void enter_cgroup_subroot(void) { - _cleanup_free_ char *cgroup_root = NULL, *cgroup_subroot = NULL; - CGroupMask supported; -+ int r; -+ -+ r = cg_pid_get_path(NULL, 0, &cgroup_root); -+ if (r < 0) { -+ log_error_errno(r, "cg_pid_get_path(NULL, 0, ...) failed, bailing out: %m"); -+ exit(EXIT_TEST_SKIP); -+ } - -- assert_se(cg_pid_get_path(NULL, 0, &cgroup_root) >= 0); - assert_se(asprintf(&cgroup_subroot, "%s/%" PRIx64, cgroup_root, random_u64()) >= 0); - assert_se(cg_mask_supported(&supported) >= 0); - diff --git a/0003-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch b/0003-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch new file mode 100644 index 0000000..d8ccbe7 --- /dev/null +++ b/0003-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch @@ -0,0 +1,42 @@ +From 8bb0e24c72f8fc7ef4ecd1e51e482b3fc6856945 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sun, 8 Oct 2017 16:14:45 -0400 +Subject: [PATCH] test: skip hwdb and sysv-generator if the features are + disabled (#7026) + +(cherry picked from commit 1e99c1ee825fc2ba451a3f0ddf5e922bd8bd43ad) +--- + test/meson.build | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/test/meson.build b/test/meson.build +index 995a971778..c2df7ec226 100644 +--- a/test/meson.build ++++ b/test/meson.build +@@ -163,9 +163,11 @@ endif + + ############################################################ + +-sysv_generator_test_py = find_program('sysv-generator-test.py') +-test('sysv-generator-test', +- sysv_generator_test_py) ++if conf.get('HAVE_SYSV_COMPAT') == 1 ++ sysv_generator_test_py = find_program('sysv-generator-test.py') ++ test('sysv-generator-test', ++ sysv_generator_test_py) ++endif + + ############################################################ + +@@ -181,6 +183,8 @@ udev_test_pl = find_program('udev-test.pl') + test('udev-test', + udev_test_pl) + +-hwdb_test_sh = find_program('hwdb-test.sh') +-test('hwdb-test', +- hwdb_test_sh) ++if conf.get('ENABLE_HWDB') == 1 ++ hwdb_test_sh = find_program('hwdb-test.sh') ++ test('hwdb-test', ++ hwdb_test_sh) ++endif diff --git a/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch b/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch deleted file mode 100644 index 304874d..0000000 --- a/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 8f462b074eb9830d6d5029f70c9010ce50e68357 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 12 Oct 2017 22:13:03 +0200 -Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target - -This makes this target the same as remote-fs.target in this regard. In practice -it probably doesn't make that much difference, because all encrypted devices -that are part of remote-fs.target (marked with _netdev) will be used for mount -points, so they will be pulled in anyway individually, but with this change any -such device will be configured, even if it is not pulled by any other unit. ---- - system-preset/90-systemd.preset | 1 + - units/remote-cryptsetup.target | 6 ++++++ - 2 files changed, 7 insertions(+) - -diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset -index 3ba4bb760d..98bc4c3c55 100644 ---- a/system-preset/90-systemd.preset -+++ b/system-preset/90-systemd.preset -@@ -9,6 +9,7 @@ - # generally follow a default-off policy. - - enable remote-fs.target -+enable remote-cryptsetup.target - enable machines.target - - enable getty@.service -diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target -index 60943bd1cb..c306d521f7 100644 ---- a/units/remote-cryptsetup.target -+++ b/units/remote-cryptsetup.target -@@ -8,3 +8,9 @@ - [Unit] - Description=Remote Encrypted Volumes - Documentation=man:systemd.special(7) -+After=remote-cryptsetup-pre.target -+DefaultDependencies=no -+Conflicts=shutdown.target -+ -+[Install] -+WantedBy=multi-user.target diff --git a/0004-Updated-Turkish-translation-7017.patch b/0004-Updated-Turkish-translation-7017.patch new file mode 100644 index 0000000..80520ac --- /dev/null +++ b/0004-Updated-Turkish-translation-7017.patch @@ -0,0 +1,259 @@ +From 9cd809562e53ba839e491ddcb4666b9faa67ff48 Mon Sep 17 00:00:00 2001 +From: Muhammet Kara +Date: Mon, 9 Oct 2017 15:39:19 +0200 +Subject: [PATCH] Updated Turkish translation (#7017) + +(cherry picked from commit be6e38ed1d5d74077de9221174fae6a5b58a9092) +--- + po/tr.po | 104 +++++++++++++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 72 insertions(+), 32 deletions(-) + +diff --git a/po/tr.po b/po/tr.po +index b71f30b835..262ca906d9 100644 +--- a/po/tr.po ++++ b/po/tr.po +@@ -3,16 +3,16 @@ + # This file is distributed under the same license as the systemd package. + # Necdet Yücel , 2014. + # Gökhan Gurbetoğlu , 2015. +-# Muhammet Kara , 2015, 2016. ++# Muhammet Kara , 2015, 2016, 2017. + # + msgid "" + msgstr "" + "Project-Id-Version: systemd master\n" + "Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n" +-"POT-Creation-Date: 2016-04-24 12:53+0000\n" +-"PO-Revision-Date: 2016-06-09 16:05+0300\n" ++"POT-Creation-Date: 2017-10-06 13:26+0000\n" ++"PO-Revision-Date: 2017-10-06 20:59+0300\n" + "Last-Translator: Muhammet Kara \n" +-"Language-Team: Turkish \n" ++"Language-Team: Türkçe \n" + "Language: tr_TR\n" + "MIME-Version: 1.0\n" + "Content-Type: text/plain; charset=UTF-8\n" +@@ -249,12 +249,10 @@ msgstr "" + "kimlik doğrulaması gereklidir." + + #: ../src/login/org.freedesktop.login1.policy.in.h:19 +-#| msgid "Allow non-logged-in users to run programs" + msgid "Allow non-logged-in user to run programs" + msgstr "Oturum açmamış kullanıcının program çalıştırmasına izin ver" + + #: ../src/login/org.freedesktop.login1.policy.in.h:20 +-#| msgid "Authentication is required to run programs as a non-logged-in user." + msgid "Explicit request is required to run programs as a non-logged-in user." + msgstr "" + "Oturum açmamış bir kullanıcı olarak program çalıştırmak için açıkça istekte " +@@ -355,18 +353,60 @@ msgstr "" + "doğrulaması gerektiriyor." + + #: ../src/login/org.freedesktop.login1.policy.in.h:39 ++#| msgid "Hibernate the system" ++msgid "Halt the system" ++msgstr "Sistemi durdur" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++#| msgid "Authentication is required for hibernating the system." ++msgid "Authentication is required for halting the system." ++msgstr "Sistemi durdurmak kimlik doğrulaması gerektiriyor." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++#| msgid "Hibernate the system while other users are logged in" ++msgid "Halt the system while other users are logged in" ++msgstr "Diğer kullanıcılar oturum açmışken sistemi durdur" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++#| msgid "" ++#| "Authentication is required for hibernating the system while other users " ++#| "are logged in." ++msgid "" ++"Authentication is required for halting the system while other users are " ++"logged in." ++msgstr "" ++"Diğer kullanıcılar oturum açmışken sistemi durdurmak kimlik doğrulaması " ++"gerektiriyor." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++#| msgid "Hibernate the system while an application asked to inhibit it" ++msgid "Halt the system while an application asked to inhibit it" ++msgstr "Bir uygulama engellenmesini isterken sistemi durdur" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++#| msgid "" ++#| "Authentication is required for hibernating the system while an " ++#| "application asked to inhibit it." ++msgid "" ++"Authentication is required for halting the system while an application asked " ++"to inhibit it." ++msgstr "" ++"Bir uygulama engellenmesini isterken sistemi durdurmak kimlik doğrulaması " ++"gerektiriyor." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:45 + msgid "Suspend the system" + msgstr "Sistemi askıya al" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++#: ../src/login/org.freedesktop.login1.policy.in.h:46 + msgid "Authentication is required for suspending the system." + msgstr "Sistemi askıya almak kimlik doğrulaması gerektiriyor." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++#: ../src/login/org.freedesktop.login1.policy.in.h:47 + msgid "Suspend the system while other users are logged in" + msgstr "Diğer kullanıcılar oturum açmışken sistemi askıya al" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++#: ../src/login/org.freedesktop.login1.policy.in.h:48 + msgid "" + "Authentication is required for suspending the system while other users are " + "logged in." +@@ -374,11 +414,11 @@ msgstr "" + "Diğer kullanıcılar oturum açmışken sistemi askıya almak kimlik doğrulaması " + "gerektiriyor." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++#: ../src/login/org.freedesktop.login1.policy.in.h:49 + msgid "Suspend the system while an application asked to inhibit it" + msgstr "Bir uygulama engellenmesini isterken sistemi askıya al" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++#: ../src/login/org.freedesktop.login1.policy.in.h:50 + msgid "" + "Authentication is required for suspending the system while an application " + "asked to inhibit it." +@@ -386,19 +426,19 @@ msgstr "" + "Bir uygulama engellenmesini isterken sistemi askıya almak kimlik doğrulaması " + "gerektiriyor." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:45 ++#: ../src/login/org.freedesktop.login1.policy.in.h:51 + msgid "Hibernate the system" + msgstr "Sistemi hazırda beklet" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:46 ++#: ../src/login/org.freedesktop.login1.policy.in.h:52 + msgid "Authentication is required for hibernating the system." + msgstr "Sistemi hazırda bekletmek kimlik doğrulaması gerektiriyor." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:47 ++#: ../src/login/org.freedesktop.login1.policy.in.h:53 + msgid "Hibernate the system while other users are logged in" + msgstr "Diğer kullanıcılar oturum açmışken sistemi hazırda beklet" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:48 ++#: ../src/login/org.freedesktop.login1.policy.in.h:54 + msgid "" + "Authentication is required for hibernating the system while other users are " + "logged in." +@@ -406,11 +446,11 @@ msgstr "" + "Diğer kullanıcılar oturum açmışken sistemi hazırda bekletmek kimlik " + "doğrulaması gerektiriyor." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:49 ++#: ../src/login/org.freedesktop.login1.policy.in.h:55 + msgid "Hibernate the system while an application asked to inhibit it" + msgstr "Bir uygulama engellenmesini isterken sistemi hazırda beklet" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:50 ++#: ../src/login/org.freedesktop.login1.policy.in.h:56 + msgid "" + "Authentication is required for hibernating the system while an application " + "asked to inhibit it." +@@ -418,33 +458,33 @@ msgstr "" + "Bir uygulama engellenmesini isterken sistemi hazırda bekletmek kimlik " + "doğrulaması gerektiriyor." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:51 ++#: ../src/login/org.freedesktop.login1.policy.in.h:57 + msgid "Manage active sessions, users and seats" + msgstr "Aktif oturumları, kullanıcıları ve yuvaları yönet" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:52 ++#: ../src/login/org.freedesktop.login1.policy.in.h:58 + msgid "" + "Authentication is required for managing active sessions, users and seats." + msgstr "" + "Aktif oturumları, kullanıcıları ve yuvaları yönetmek için kimlik doğrulaması " + "gereklidir." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:53 ++#: ../src/login/org.freedesktop.login1.policy.in.h:59 + msgid "Lock or unlock active sessions" + msgstr "Aktif oturumları kilitle ya da kilidini aç" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:54 ++#: ../src/login/org.freedesktop.login1.policy.in.h:60 + msgid "Authentication is required to lock or unlock active sessions." + msgstr "" + "Aktif oturumları kilitlemek ve bunların kilidini açmak için kimlik " + "doğrulaması gereklidir." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:55 ++#: ../src/login/org.freedesktop.login1.policy.in.h:61 + msgid "Allow indication to the firmware to boot to setup interface" + msgstr "" + "Kurulum arayüzünü önyüklemek için ürün yazılımının belirtilmesine izin ver" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:56 ++#: ../src/login/org.freedesktop.login1.policy.in.h:62 + msgid "" + "Authentication is required to indicate to the firmware to boot to setup " + "interface." +@@ -452,11 +492,11 @@ msgstr "" + "Kurulum arayüzünü önyüklemek için ürün yazılımının belirtilmesi için kimlik " + "doğrulaması gereklidir." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:57 ++#: ../src/login/org.freedesktop.login1.policy.in.h:63 + msgid "Set a wall message" + msgstr "Bir duvar mesajı ayarla" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:58 ++#: ../src/login/org.freedesktop.login1.policy.in.h:64 + msgid "Authentication is required to set a wall message" + msgstr "Duvar mesajı ayarlamak için kimlik doğrulaması gereklidir" + +@@ -577,33 +617,33 @@ msgid "" + msgstr "" + "Ağ zaman eş zamanlamasını kontrol etmek kimlik doğrulaması gerektiriyor." + +-#: ../src/core/dbus-unit.c:450 ++#: ../src/core/dbus-unit.c:458 + msgid "Authentication is required to start '$(unit)'." + msgstr "'$(unit)' başlatmak için kimlik doğrulaması gereklidir." + +-#: ../src/core/dbus-unit.c:451 ++#: ../src/core/dbus-unit.c:459 + msgid "Authentication is required to stop '$(unit)'." + msgstr "'$(unit)' durdurmak için kimlik doğrulaması gereklidir." + +-#: ../src/core/dbus-unit.c:452 ++#: ../src/core/dbus-unit.c:460 + msgid "Authentication is required to reload '$(unit)'." + msgstr "'$(unit)' yeniden yüklemek için kimlik doğrulaması gereklidir." + +-#: ../src/core/dbus-unit.c:453 ../src/core/dbus-unit.c:454 ++#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462 + msgid "Authentication is required to restart '$(unit)'." + msgstr "'$(unit)' yeniden başlatmak için kimlik doğrulaması gereklidir." + +-#: ../src/core/dbus-unit.c:560 ++#: ../src/core/dbus-unit.c:569 + msgid "Authentication is required to kill '$(unit)'." + msgstr "'$(unit)' sonlandırmak için kimlik doğrulaması gereklidir." + +-#: ../src/core/dbus-unit.c:590 ++#: ../src/core/dbus-unit.c:600 + msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." + msgstr "" + "'$(unit)'in \"failed\" (başarısız) durumunu sıfırlamak için kimlik " + "doğrulaması gereklidir." + +-#: ../src/core/dbus-unit.c:622 ++#: ../src/core/dbus-unit.c:633 + msgid "Authentication is required to set properties on '$(unit)'." + msgstr "" + "'$(unit)' üzerindeki özellikleri ayarlamak için kimlik doğrulaması " diff --git a/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch b/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch deleted file mode 100644 index c5a6ffa..0000000 --- a/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch +++ /dev/null @@ -1,147 +0,0 @@ -From a0dd209763f9e67054ee322a2dfd52bccf345c2e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 12 Oct 2017 22:34:54 +0200 -Subject: [PATCH] units: replace remote-cryptsetup-pre.target with - remote-fs-pre.target - -remote-cryptsetup-pre.target was designed as an active unit (that pulls in -network-online.target), the opposite of remote-fs-pre.target (a passive unit, -with individual provider services ordering itself before it and pulling it in, -for example iscsi.service and nfs-client.target). - -To make remote-cryptsetup-pre.target really work, those services should be -ordered before it too. But this would require updates to all those services, -not just changes from systemd side. - -But the requirements for remote-fs-pre.target and remote-cryptset-pre.target -are fairly similar (e.g. iscsi devices can certainly be used for both), so -let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses -a bit of flexibility, but does away with the requirement for various provider -services to know about remote-cryptsetup-pre.target. ---- - man/crypttab.xml | 2 +- - man/systemd.special.xml | 20 ++++---------------- - src/cryptsetup/cryptsetup-generator.c | 2 +- - units/meson.build | 1 - - units/remote-cryptsetup-pre.target | 15 --------------- - units/remote-cryptsetup.target | 2 +- - 6 files changed, 7 insertions(+), 35 deletions(-) - delete mode 100644 units/remote-cryptsetup-pre.target - -diff --git a/man/crypttab.xml b/man/crypttab.xml -index ac7d55271c..caed04836e 100644 ---- a/man/crypttab.xml -+++ b/man/crypttab.xml -@@ -198,7 +198,7 @@ - started after the network is available, similarly to - systemd.mount5 - units marked with . The service unit to set up this device -- will be ordered between remote-cryptsetup-pre.target and -+ will be ordered between remote-fs-pre.target and - remote-cryptsetup.target, instead of - cryptsetup-pre.target and - cryptsetup.target. -diff --git a/man/systemd.special.xml b/man/systemd.special.xml -index 69c24c3979..bb0c796377 100644 ---- a/man/systemd.special.xml -+++ b/man/systemd.special.xml -@@ -81,7 +81,6 @@ - poweroff.target, - printer.target, - reboot.target, -- remote-cryptsetup-pre.target, - remote-cryptsetup.target, - remote-fs-pre.target, - remote-fs.target, -@@ -494,18 +493,6 @@ - this target unit, for compatibility with SysV. - - -- -- remote-cryptsetup-pre.target -- -- This target unit is automatically ordered before all cryptsetup devices -- marked with the . It can be used to execute additional -- units before such devices are set up. -- -- It is ordered after network.target and -- network-online.target, and also pulls the latter in as a -- Wants= dependency. -- -- - - remote-cryptsetup.target - -@@ -906,9 +893,10 @@ - remote-fs-pre.target - - This target unit is automatically ordered before all -- remote mount point units (see above). It can be used to run -- certain units before the remote mounts are established. Note -- that this unit is generally not part of the initial -+ mount point units (see above) and cryptsetup devices -+ marked with the . It can be used to run -+ certain units before remote encrypted devices and mounts are established. -+ Note that this unit is generally not part of the initial - transaction, unless the unit that wants to be ordered before - all remote mounts pulls it in via a - Wants= type dependency. If the unit wants -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index 3752ca2ef2..040a1aa408 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -113,7 +113,7 @@ static int create_disk( - "Conflicts=umount.target\n" - "IgnoreOnIsolate=true\n" - "After=%s\n", -- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); -+ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); - - if (!nofail) - fprintf(f, -diff --git a/units/meson.build b/units/meson.build -index 8494d23e9e..4e2ae3f302 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -48,7 +48,6 @@ units = [ - ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], - ['reboot.target', '', - 'runlevel6.target ctrl-alt-del.target'], -- ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], - ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], - ['remote-fs-pre.target', ''], -diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target -deleted file mode 100644 -index a375e61889..0000000000 ---- a/units/remote-cryptsetup-pre.target -+++ /dev/null -@@ -1,15 +0,0 @@ --# This file is part of systemd. --# --# systemd is free software; you can redistribute it and/or modify it --# under the terms of the GNU Lesser General Public License as published by --# the Free Software Foundation; either version 2.1 of the License, or --# (at your option) any later version. -- --[Unit] --Description=Remote Encrypted Volumes (Pre) --Documentation=man:systemd.special(7) --RefuseManualStart=yes --Before=remote-cryptsetup.target -- --After=network.target network-online.target --Wants=network-online.target -diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target -index c306d521f7..d485b06726 100644 ---- a/units/remote-cryptsetup.target -+++ b/units/remote-cryptsetup.target -@@ -8,7 +8,7 @@ - [Unit] - Description=Remote Encrypted Volumes - Documentation=man:systemd.special(7) --After=remote-cryptsetup-pre.target -+After=remote-fs-pre.target - DefaultDependencies=no - Conflicts=shutdown.target - diff --git a/0005-catalog-po-update-Russian-translation-7041.patch b/0005-catalog-po-update-Russian-translation-7041.patch new file mode 100644 index 0000000..bceb24f --- /dev/null +++ b/0005-catalog-po-update-Russian-translation-7041.patch @@ -0,0 +1,403 @@ +From 1f0ce7b19cc7f21890772aa922fbbe6525030518 Mon Sep 17 00:00:00 2001 +From: Sergey Ptashnick <14880972+nnz1024@users.noreply.github.com> +Date: Tue, 10 Oct 2017 10:44:52 +0300 +Subject: [PATCH] catalog,po: update Russian translation (#7041) + +(cherry picked from commit 4984902ccb1e4d793d3cfd6a9056391b96001678) +--- + catalog/systemd.ru.catalog.in | 17 ++++++ + po/ru.po | 138 ++++++++++++++++++++++++++++-------------- + 2 files changed, 109 insertions(+), 46 deletions(-) + +diff --git a/catalog/systemd.ru.catalog.in b/catalog/systemd.ru.catalog.in +index 367ed89d96..b04c78dc24 100644 +--- a/catalog/systemd.ru.catalog.in ++++ b/catalog/systemd.ru.catalog.in +@@ -377,3 +377,20 @@ Documentation: man:systemd-resolved.service(8) + + Открытый ключ (trust ahcnor) DNSSEC был отозван. Необходимо настроить новый + открытый ключ, либо обновить систему, чтобы получить обновленный открытый ключ. ++ ++# Subject: Automatic restarting of a unit has been scheduled ++-- 5eb03494b6584870a536b337290809b3 ++Subject: Назначен автоматический перезапуск юнита ++Defined-By: systemd ++Support: %SUPPORT_URL% ++ ++Назначен автоматический перезапуск юнита @UNIT@, так как для него был задан ++параметр Restart=. ++ ++# Subject: Resources consumed by unit runtime ++-- ae8f7b866b0347b9af31fe1c80b127c0 ++Subject: Потребленные юнитом ресурсы ++Defined-By: systemd ++Support: %SUPPORT_URL% ++ ++Юнит @UNIT@ завершен. Приводится статистика по потребленным им ресурсам. +diff --git a/po/ru.po b/po/ru.po +index 0c0fab780e..d2d866b4f4 100644 +--- a/po/ru.po ++++ b/po/ru.po +@@ -1,13 +1,13 @@ + # translation of ru.po to Rissian + # Julia Dronova , 2013. +-# Sergey Ptashnick <0comffdiz@inbox.ru>, 2013-2016. ++# Sergey Ptashnick <0comffdiz@inbox.ru>, 2013-2017. + # + msgid "" + msgstr "" + "Project-Id-Version: systemd\n" + "Report-Msgid-Bugs-To: \n" + "POT-Creation-Date: 2015-11-22 16:37+0100\n" +-"PO-Revision-Date: 2016-02-02 20:22+0300\n" ++"PO-Revision-Date: 2017-10-10 00:28+0300\n" + "Last-Translator: Sergey Ptashnick <0comffdiz@inbox.ru>\n" + "Language: ru\n" + "MIME-Version: 1.0\n" +@@ -255,52 +255,63 @@ msgstr "" + "крышки ноутбука, необходимо пройти аутентификацию." + + #: ../src/login/org.freedesktop.login1.policy.in.h:19 ++msgid "Allow non-logged-in user to run programs" ++msgstr "" ++"Разрешить работу программ в фоновом режиме после завершения сеанса" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:20 ++msgid "Explicit request is required to run programs as a non-logged-in user." ++msgstr "" ++"Чтобы разрешить работу программ в фоновом режиме после завершения сеанса, " ++"необходимо явное подтверждение." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:21 + msgid "Allow non-logged-in users to run programs" + msgstr "" + "Разрешить пользователям оставлять программы в фоновом режиме после " + "завершения сеанса" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:20 ++#: ../src/login/org.freedesktop.login1.policy.in.h:22 + msgid "Authentication is required to run programs as a non-logged-in user." + msgstr "" + "Чтобы разрешить пользователям оставлять программы в фоновом режиме после " + "завершения сеанса, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:21 ++#: ../src/login/org.freedesktop.login1.policy.in.h:23 + msgid "Allow attaching devices to seats" + msgstr "Разрешить подключение устройств к рабочим местам" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:22 ++#: ../src/login/org.freedesktop.login1.policy.in.h:24 + msgid "Authentication is required for attaching a device to a seat." + msgstr "" + "Чтобы разрешить подключение устройств к рабочим местам, необходимо пройти " + "аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:23 ++#: ../src/login/org.freedesktop.login1.policy.in.h:25 + msgid "Flush device to seat attachments" + msgstr "Сбросить привязки устройств к рабочим местам" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:24 ++#: ../src/login/org.freedesktop.login1.policy.in.h:26 + msgid "" + "Authentication is required for resetting how devices are attached to seats." + msgstr "" + "Чтобы сбросить привязки устройств к рабочим местам, необходимо пройти " + "аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:25 ++#: ../src/login/org.freedesktop.login1.policy.in.h:27 + msgid "Power off the system" + msgstr "Выключить систему" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:26 ++#: ../src/login/org.freedesktop.login1.policy.in.h:28 + msgid "Authentication is required for powering off the system." + msgstr "Чтобы выключить систему, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:27 ++#: ../src/login/org.freedesktop.login1.policy.in.h:29 + msgid "Power off the system while other users are logged in" + msgstr "" + "Выключить систему, несмотря на то, что в ней работают другие пользователи" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:28 ++#: ../src/login/org.freedesktop.login1.policy.in.h:30 + msgid "" + "Authentication is required for powering off the system while other users are " + "logged in." +@@ -308,13 +319,13 @@ msgstr "" + "Чтобы выключить систему, несмотря на то, что в ней работают другие " + "пользователи, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:29 ++#: ../src/login/org.freedesktop.login1.policy.in.h:31 + msgid "Power off the system while an application asked to inhibit it" + msgstr "" + "Выключить систему, несмотря на то, что приложение запросило блокировку " + "выключения" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:30 ++#: ../src/login/org.freedesktop.login1.policy.in.h:32 + msgid "" + "Authentication is required for powering off the system while an application " + "asked to inhibit it." +@@ -322,20 +333,20 @@ msgstr "" + "Чтобы выключить систему, несмотря на то, что приложение запросило блокировку " + "выключения, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:31 ++#: ../src/login/org.freedesktop.login1.policy.in.h:33 + msgid "Reboot the system" + msgstr "Перезагрузить систему" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:32 ++#: ../src/login/org.freedesktop.login1.policy.in.h:34 + msgid "Authentication is required for rebooting the system." + msgstr "Чтобы перезагрузить систему, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:33 ++#: ../src/login/org.freedesktop.login1.policy.in.h:35 + msgid "Reboot the system while other users are logged in" + msgstr "" + "Перезагрузить систему, несмотря на то, что в ней работают другие пользователи" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:34 ++#: ../src/login/org.freedesktop.login1.policy.in.h:36 + msgid "" + "Authentication is required for rebooting the system while other users are " + "logged in." +@@ -343,13 +354,13 @@ msgstr "" + "Чтобы перезагрузить систему, несмотря на то, что в ней работают другие " + "пользователи, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:35 ++#: ../src/login/org.freedesktop.login1.policy.in.h:37 + msgid "Reboot the system while an application asked to inhibit it" + msgstr "" + "Перезагрузить систему, несмотря на то, что приложение запросило блокировку " + "выключения" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:36 ++#: ../src/login/org.freedesktop.login1.policy.in.h:38 + msgid "" + "Authentication is required for rebooting the system while an application " + "asked to inhibit it." +@@ -357,22 +368,57 @@ msgstr "" + "Чтобы перезагрузить систему, несмотря на то, что приложение запросило " + "блокировку выключения, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:37 ++#: ../src/login/org.freedesktop.login1.policy.in.h:39 ++msgid "Halt the system" ++msgstr "Остановить систему" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++msgid "Authentication is required for halting the system." ++msgstr "Чтобы остановить систему, необходимо пройти аутентификацию." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++msgid "Halt the system while other users are logged in" ++msgstr "" ++"Остановить систему, несмотря на то, что в ней работают другие пользователи" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++msgid "" ++"Authentication is required for halting the system while other users are " ++"logged in." ++msgstr "" ++"Чтобы остановить систему, несмотря на то, что в ней работают другие " ++"пользователи, необходимо пройти аутентификацию." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++msgid "Halt the system while an application asked to inhibit it" ++msgstr "" ++"Остановить систему, несмотря на то, что приложение запросило блокировку " ++"выключения" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++msgid "" ++"Authentication is required for halting the system while an application asked " ++"to inhibit it." ++msgstr "" ++"Чтобы остановить систему, несмотря на то, что приложение запросило " ++"блокировку выключения, необходимо пройти аутентификацию." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:45 + msgid "Suspend the system" + msgstr "Перевести систему в ждущий режим" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:38 ++#: ../src/login/org.freedesktop.login1.policy.in.h:46 + msgid "Authentication is required for suspending the system." + msgstr "" + "Чтобы перевести систему в ждущий режим, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:39 ++#: ../src/login/org.freedesktop.login1.policy.in.h:47 + msgid "Suspend the system while other users are logged in" + msgstr "" + "Перевести систему в ждущий режим, несмотря на то, что в ней работают другие " + "пользователи" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++#: ../src/login/org.freedesktop.login1.policy.in.h:48 + msgid "" + "Authentication is required for suspending the system while other users are " + "logged in." +@@ -380,13 +426,13 @@ msgstr "" + "Чтобы перевести систему в ждущий режим, несмотря на то, что в ней работают " + "другие пользователи, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++#: ../src/login/org.freedesktop.login1.policy.in.h:49 + msgid "Suspend the system while an application asked to inhibit it" + msgstr "" + "Перевести систему в ждущий режим, несмотря на то, что приложение запросило " + "блокировку" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++#: ../src/login/org.freedesktop.login1.policy.in.h:50 + msgid "" + "Authentication is required for suspending the system while an application " + "asked to inhibit it." +@@ -394,22 +440,22 @@ msgstr "" + "Чтобы перевести систему в ждущий режим, несмотря на то, что приложение " + "запросило блокировку, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++#: ../src/login/org.freedesktop.login1.policy.in.h:51 + msgid "Hibernate the system" + msgstr "Перевести систему в спящий режим" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++#: ../src/login/org.freedesktop.login1.policy.in.h:52 + msgid "Authentication is required for hibernating the system." + msgstr "" + "Чтобы перевести систему в спящий режим, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:45 ++#: ../src/login/org.freedesktop.login1.policy.in.h:53 + msgid "Hibernate the system while other users are logged in" + msgstr "" + "Перевести систему в спящий режим, несмотря на то, что в ней работают другие " + "пользователи" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:46 ++#: ../src/login/org.freedesktop.login1.policy.in.h:54 + msgid "" + "Authentication is required for hibernating the system while other users are " + "logged in." +@@ -417,13 +463,13 @@ msgstr "" + "Чтобы перевести систему в спящий режим, несмотря на то, что в ней работают " + "другие пользователи, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:47 ++#: ../src/login/org.freedesktop.login1.policy.in.h:55 + msgid "Hibernate the system while an application asked to inhibit it" + msgstr "" + "Перевести систему в спящий режим, несмотря на то, что приложение запросило " + "блокировку" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:48 ++#: ../src/login/org.freedesktop.login1.policy.in.h:56 + msgid "" + "Authentication is required for hibernating the system while an application " + "asked to inhibit it." +@@ -431,32 +477,32 @@ msgstr "" + "Чтобы перевести систему в спящий режим, несмотря на то, что приложение " + "запросило блокировку, необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:49 ++#: ../src/login/org.freedesktop.login1.policy.in.h:57 + msgid "Manage active sessions, users and seats" + msgstr "Управление текущими сеансами, пользователями и рабочими местами" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:50 ++#: ../src/login/org.freedesktop.login1.policy.in.h:58 + msgid "" + "Authentication is required for managing active sessions, users and seats." + msgstr "" + "Для управления текущими сеансами, пользователями и рабочими местами, " + "необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:51 ++#: ../src/login/org.freedesktop.login1.policy.in.h:59 + msgid "Lock or unlock active sessions" + msgstr "Заблокировать или разблокировать текущие сеансы" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:52 ++#: ../src/login/org.freedesktop.login1.policy.in.h:60 + msgid "Authentication is required to lock or unlock active sessions." + msgstr "" + "Чтобы заблокировать или разблокировать текущие сеансы, необходимо пройти " + "аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:53 ++#: ../src/login/org.freedesktop.login1.policy.in.h:61 + msgid "Allow indication to the firmware to boot to setup interface" + msgstr "Разрешить загрузку в режиме настройки прошивки материнской платы" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:54 ++#: ../src/login/org.freedesktop.login1.policy.in.h:62 + msgid "" + "Authentication is required to indicate to the firmware to boot to setup " + "interface." +@@ -464,11 +510,11 @@ msgstr "" + "Чтобы разрешить загрузку в режиме настройки прошивки материнской платы, " + "необходимо пройти аутентификацию." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:55 ++#: ../src/login/org.freedesktop.login1.policy.in.h:63 + msgid "Set a wall message" + msgstr "Отправить сообщение на все терминалы" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:56 ++#: ../src/login/org.freedesktop.login1.policy.in.h:64 + msgid "Authentication is required to set a wall message" + msgstr "" + "Чтобы отправить сообщение на все терминалы, необходимо пройти аутентификацию." +@@ -593,35 +639,35 @@ msgstr "" + "Чтобы включить или выключить синхронизацию времени по сети, необходимо " + "пройти аутентификацию." + +-#: ../src/core/dbus-unit.c:428 ++#: ../src/core/dbus-unit.c:458 + msgid "Authentication is required to start '$(unit)'." + msgstr "Чтобы запустить «$(unit)», необходимо пройти аутентификацию." + +-#: ../src/core/dbus-unit.c:429 ++#: ../src/core/dbus-unit.c:459 + msgid "Authentication is required to stop '$(unit)'." + msgstr "Чтобы остановить «$(unit)», необходимо пройти аутентификацию." + +-#: ../src/core/dbus-unit.c:430 ++#: ../src/core/dbus-unit.c:460 + msgid "Authentication is required to reload '$(unit)'." + msgstr "" + "Чтобы заставить «$(unit)» перечитать конфигурацию, необходимо пройти " + "аутентификацию." + +-#: ../src/core/dbus-unit.c:431 ../src/core/dbus-unit.c:432 ++#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462 + msgid "Authentication is required to restart '$(unit)'." + msgstr "Чтобы перезапустить «$(unit)», необходимо пройти аутентификацию." + +-#: ../src/core/dbus-unit.c:535 ++#: ../src/core/dbus-unit.c:569 + msgid "Authentication is required to kill '$(unit)'." + msgstr "Чтобы убить юнит «$(unit)», необходимо пройти аутентификацию." + +-#: ../src/core/dbus-unit.c:565 ++#: ../src/core/dbus-unit.c:600 + msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." + msgstr "" + "Чтобы сбросить состояние «failed» у юнита «$(unit)», необходимо пройти " + "аутентификацию." + +-#: ../src/core/dbus-unit.c:597 ++#: ../src/core/dbus-unit.c:633 + msgid "Authentication is required to set properties on '$(unit)'." + msgstr "Чтобы изменить параметры юнита «$(unit)», необходимо пройти " + "аутентификацию." diff --git a/0005-man-add-a-note-about-_netdev-usage.patch b/0005-man-add-a-note-about-_netdev-usage.patch deleted file mode 100644 index 620ccb2..0000000 --- a/0005-man-add-a-note-about-_netdev-usage.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 288c26165e0ff71857394f360f42432bc808556f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 12 Oct 2017 22:43:58 +0200 -Subject: [PATCH] man: add a note about _netdev usage - ---- - man/crypttab.xml | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/man/crypttab.xml b/man/crypttab.xml -index caed04836e..3aebd7ea90 100644 ---- a/man/crypttab.xml -+++ b/man/crypttab.xml -@@ -201,7 +201,16 @@ - will be ordered between remote-fs-pre.target and - remote-cryptsetup.target, instead of - cryptsetup-pre.target and -- cryptsetup.target. -+ cryptsetup.target. -+ -+ Hint: if this device is used for a mount point that is specified in -+ fstab5, -+ the option should also be used for the mount -+ point. Otherwise, a dependency loop might be created where the mount point -+ will be pulled in by local-fs.target, while the -+ service to configure the network is usually only started after -+ the local file system has been mounted. -+ - - - -@@ -433,6 +442,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil - systemd1, - systemd-cryptsetup@.service8, - systemd-cryptsetup-generator8, -+ fstab5, - cryptsetup8, - mkswap8, - mke2fs8 diff --git a/0006-l10n-update-Czech-Translation-7049.patch b/0006-l10n-update-Czech-Translation-7049.patch new file mode 100644 index 0000000..354ba4b --- /dev/null +++ b/0006-l10n-update-Czech-Translation-7049.patch @@ -0,0 +1,425 @@ +From e043d835b2fdae009e4145dd4a42da2c2f6bb1d9 Mon Sep 17 00:00:00 2001 +From: AsciiWolf +Date: Tue, 10 Oct 2017 21:52:52 +0200 +Subject: [PATCH] l10n: update Czech Translation (#7049) + +(cherry picked from commit f7ed48a9ae769f8842e4f7f4e852fe94828ae38d) +--- + po/cs.po | 212 +++++++++++++++++++++++++++++---------------------------------- + 1 file changed, 99 insertions(+), 113 deletions(-) + +diff --git a/po/cs.po b/po/cs.po +index 9622c71054..32d9709232 100644 +--- a/po/cs.po ++++ b/po/cs.po +@@ -9,16 +9,16 @@ msgstr "" + "Project-Id-Version: systemd master\n" + "Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n" + "POT-Creation-Date: 2016-04-23 14:24+0200\n" +-"PO-Revision-Date: 2017-04-20 23:00+0200\n" ++"PO-Revision-Date: 2017-10-10 19:54+0200\n" + "Last-Translator: Daniel Rusek \n" + "Language: cs\n" + "MIME-Version: 1.0\n" + "Content-Type: text/plain; charset=UTF-8\n" + "Content-Transfer-Encoding: 8bit\n" +-"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n" +-"%100>=20) ? 1 : 2);\n" ++"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? " ++"1 : 2);\n" + "Language-Team: \n" +-"X-Generator: Poedit 1.8.7.1\n" ++"X-Generator: Poedit 2.0.3\n" + + #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:1 + msgid "Send passphrase back to system" +@@ -50,11 +50,8 @@ msgstr "Nastavit nebo rušit proměnné správce systému a služeb" + + #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:8 + msgid "" +-"Authentication is required to set or unset system and service manager environment " +-"variables." +-msgstr "" +-"Pro nastavení nebo rušení proměnných správce systému a služeb je vyžadováno " +-"ověření." ++"Authentication is required to set or unset system and service manager environment variables." ++msgstr "Pro nastavení nebo rušení proměnných správce systému a služeb je vyžadováno ověření." + + #: ../src/core/org.freedesktop.systemd1.policy.in.in.h:9 + msgid "Reload the systemd state" +@@ -78,11 +75,11 @@ msgstr "Nastavit statický název stoje" + + #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4 + msgid "" +-"Authentication is required to set the statically configured local host name, as " +-"well as the pretty host name." ++"Authentication is required to set the statically configured local host name, as well as the " ++"pretty host name." + msgstr "" +-"Pro nastavení staticky konfigurovaného názvu lokálního stroje, stejně tak pro " +-"změnu uživatelsky přívětivého jména je vyžadováno ověření." ++"Pro nastavení staticky konfigurovaného názvu lokálního stroje, stejně tak pro změnu " ++"uživatelsky přívětivého jména je vyžadováno ověření." + + #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5 + msgid "Set machine information" +@@ -169,10 +166,8 @@ msgid "Allow applications to inhibit automatic system suspend" + msgstr "Povolit aplikacím zakázat automatické vypnutí systému" + + #: ../src/login/org.freedesktop.login1.policy.in.h:10 +-msgid "" +-"Authentication is required for an application to inhibit automatic system suspend." +-msgstr "" +-"Pro povolení aplikacím zakázat automatické vypnutí systému je vyžadováno ověření." ++msgid "Authentication is required for an application to inhibit automatic system suspend." ++msgstr "Pro povolení aplikacím zakázat automatické vypnutí systému je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:11 + msgid "Allow applications to inhibit system handling of the power key" +@@ -180,8 +175,7 @@ msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí vypínacího + + #: ../src/login/org.freedesktop.login1.policy.in.h:12 + msgid "" +-"Authentication is required for an application to inhibit system handling of the " +-"power key." ++"Authentication is required for an application to inhibit system handling of the power key." + msgstr "" + "Pro povolení aplikacím zakázat chovaní systému na stisknutí vypínacího tlačítka je " + "vyžadováno ověření." +@@ -192,8 +186,7 @@ msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí uspávacího + + #: ../src/login/org.freedesktop.login1.policy.in.h:14 + msgid "" +-"Authentication is required for an application to inhibit system handling of the " +-"suspend key." ++"Authentication is required for an application to inhibit system handling of the suspend key." + msgstr "" + "Pro povolení aplikacím zakázat chovaní systému na stisknutí uspávacího tlačítka je " + "vyžadováno ověření." +@@ -204,11 +197,11 @@ msgstr "Povolit aplikacím zakázat chovaní systému na stisknutí tlačítka h + + #: ../src/login/org.freedesktop.login1.policy.in.h:16 + msgid "" +-"Authentication is required for an application to inhibit system handling of the " +-"hibernate key." ++"Authentication is required for an application to inhibit system handling of the hibernate " ++"key." + msgstr "" +-"Pro povolení aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace je " +-"vyžadováno ověření." ++"Pro povolení aplikacím zakázat chovaní systému na stisknutí tlačítka hibernace je vyžadováno " ++"ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:17 + msgid "Allow applications to inhibit system handling of the lid switch" +@@ -216,11 +209,8 @@ msgstr "Povolit aplikacím zakázat chovaní systému na zavření víka" + + #: ../src/login/org.freedesktop.login1.policy.in.h:18 + msgid "" +-"Authentication is required for an application to inhibit system handling of the " +-"lid switch." +-msgstr "" +-"Pro povolení aplikacím zakázat chovaní systému na zavření víka je vyžadováno " +-"ověření." ++"Authentication is required for an application to inhibit system handling of the lid switch." ++msgstr "Pro povolení aplikacím zakázat chovaní systému na zavření víka je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:19 + msgid "Allow non-logged-in user to run programs" +@@ -228,8 +218,7 @@ msgstr "Povolit nepřihlášenému uživateli spouštět programy" + + #: ../src/login/org.freedesktop.login1.policy.in.h:20 + msgid "Explicit request is required to run programs as a non-logged-in user." +-msgstr "" +-"Ke spuštění programů jako nepřihlášený uživatel je třeba speciální požadavek." ++msgstr "Ke spuštění programů jako nepřihlášený uživatel je třeba speciální požadavek." + + #: ../src/login/org.freedesktop.login1.policy.in.h:21 + msgid "Allow non-logged-in users to run programs" +@@ -253,9 +242,7 @@ msgstr "Odstranit přiřazení zařízení ke stanovištím" + + #: ../src/login/org.freedesktop.login1.policy.in.h:26 + msgid "Authentication is required for resetting how devices are attached to seats." +-msgstr "" +-"Pro reset způsobu jak jsou zařízení přiřazována ke stanovištím je vyžadováno " +-"ověření." ++msgstr "Pro reset způsobu jak jsou zařízení přiřazována ke stanovištím je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:27 + msgid "Power off the system" +@@ -270,11 +257,8 @@ msgid "Power off the system while other users are logged in" + msgstr "Vypnout systém, i když jsou přihlášeni další uživatelé" + + #: ../src/login/org.freedesktop.login1.policy.in.h:30 +-msgid "" +-"Authentication is required for powering off the system while other users are " +-"logged in." +-msgstr "" +-"Pro vypnutí systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." ++msgid "Authentication is required for powering off the system while other users are logged in." ++msgstr "Pro vypnutí systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:31 + msgid "Power off the system while an application asked to inhibit it" +@@ -282,10 +266,9 @@ msgstr "Vypnout systém, i když aplikace požádala o zákaz vypnutí" + + #: ../src/login/org.freedesktop.login1.policy.in.h:32 + msgid "" +-"Authentication is required for powering off the system while an application asked " +-"to inhibit it." +-msgstr "" +-"Pro vypnutí systému, když aplikace požádala o zákaz vypnutí je vyžadováno ověření." ++"Authentication is required for powering off the system while an application asked to inhibit " ++"it." ++msgstr "Pro vypnutí systému, když aplikace požádala o zákaz vypnutí je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:33 + msgid "Reboot the system" +@@ -300,12 +283,8 @@ msgid "Reboot the system while other users are logged in" + msgstr "Restartovat systém, i když jsou přihlášeni další uživatelé" + + #: ../src/login/org.freedesktop.login1.policy.in.h:36 +-msgid "" +-"Authentication is required for rebooting the system while other users are logged " +-"in." +-msgstr "" +-"Pro restartování systému, když jsou přihlášeni další uživatelé je vyžadováno " +-"ověření." ++msgid "Authentication is required for rebooting the system while other users are logged in." ++msgstr "Pro restartování systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:37 + msgid "Reboot the system while an application asked to inhibit it" +@@ -313,104 +292,116 @@ msgstr "Restartovat systém, i když aplikace požádala o zákaz restartu" + + #: ../src/login/org.freedesktop.login1.policy.in.h:38 + msgid "" +-"Authentication is required for rebooting the system while an application asked to " +-"inhibit it." ++"Authentication is required for rebooting the system while an application asked to inhibit it." + msgstr "" +-"Pro restartování systému, když aplikace požádala o zákaz restartu je vyžadováno " +-"ověření." ++"Pro restartování systému, když aplikace požádala o zákaz restartu je vyžadováno ověření." + + #: ../src/login/org.freedesktop.login1.policy.in.h:39 ++msgid "Halt the system" ++msgstr "Zastavit systém" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++msgid "Authentication is required for halting the system." ++msgstr "Pro zastavení systému je vyžadováno ověření." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++msgid "Halt the system while other users are logged in" ++msgstr "Zastavit systém, i když jsou přihlášeni další uživatelé" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++msgid "Authentication is required for halting the system while other users are logged in." ++msgstr "Pro zastavení systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++msgid "Halt the system while an application asked to inhibit it" ++msgstr "Zastavit systém, i když aplikace požádala o zákaz zastavení" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++msgid "" ++"Authentication is required for halting the system while an application asked to inhibit it." ++msgstr "Pro zastavení systému, když aplikace požádala o zákaz zastavení je vyžadováno ověření." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:45 + msgid "Suspend the system" + msgstr "Uspat systém" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++#: ../src/login/org.freedesktop.login1.policy.in.h:46 + msgid "Authentication is required for suspending the system." + msgstr "Pro uspání systému je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++#: ../src/login/org.freedesktop.login1.policy.in.h:47 + msgid "Suspend the system while other users are logged in" + msgstr "Uspat systém, i když jsou přihlášeni další uživatelé" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:42 +-msgid "" +-"Authentication is required for suspending the system while other users are logged " +-"in." +-msgstr "" +-"Pro uspání systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." ++#: ../src/login/org.freedesktop.login1.policy.in.h:48 ++msgid "Authentication is required for suspending the system while other users are logged in." ++msgstr "Pro uspání systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++#: ../src/login/org.freedesktop.login1.policy.in.h:49 + msgid "Suspend the system while an application asked to inhibit it" + msgstr "Uspat systém, i když aplikace požádala o zákaz uspání" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++#: ../src/login/org.freedesktop.login1.policy.in.h:50 + msgid "" +-"Authentication is required for suspending the system while an application asked to " +-"inhibit it." +-msgstr "" +-"Pro uspání systému, když aplikace požádala o zákaz uspání je vyžadováno ověření." ++"Authentication is required for suspending the system while an application asked to inhibit " ++"it." ++msgstr "Pro uspání systému, když aplikace požádala o zákaz uspání je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:45 ++#: ../src/login/org.freedesktop.login1.policy.in.h:51 + msgid "Hibernate the system" + msgstr "Hibernovat systém" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:46 ++#: ../src/login/org.freedesktop.login1.policy.in.h:52 + msgid "Authentication is required for hibernating the system." + msgstr "Pro hibernaci systému je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:47 ++#: ../src/login/org.freedesktop.login1.policy.in.h:53 + msgid "Hibernate the system while other users are logged in" + msgstr "Hibernovat systém, i když jsou přihlášeni další uživatelé" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:48 +-msgid "" +-"Authentication is required for hibernating the system while other users are logged " +-"in." +-msgstr "" +-"Pro hibernaci systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." ++#: ../src/login/org.freedesktop.login1.policy.in.h:54 ++msgid "Authentication is required for hibernating the system while other users are logged in." ++msgstr "Pro hibernaci systému, když jsou přihlášeni další uživatelé je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:49 ++#: ../src/login/org.freedesktop.login1.policy.in.h:55 + msgid "Hibernate the system while an application asked to inhibit it" + msgstr "Hibernovat systém, i když aplikace požádala o zákaz hibernace" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:50 ++#: ../src/login/org.freedesktop.login1.policy.in.h:56 + msgid "" +-"Authentication is required for hibernating the system while an application asked " +-"to inhibit it." +-msgstr "" +-"Pro hibernaci systému, když aplikace požádala o zákaz hibernace je vyžadováno " +-"ověření." ++"Authentication is required for hibernating the system while an application asked to inhibit " ++"it." ++msgstr "Pro hibernaci systému, když aplikace požádala o zákaz hibernace je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:51 ++#: ../src/login/org.freedesktop.login1.policy.in.h:57 + msgid "Manage active sessions, users and seats" + msgstr "Spravovat aktivní sezení, uživatele a stanoviště" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:52 ++#: ../src/login/org.freedesktop.login1.policy.in.h:58 + msgid "Authentication is required for managing active sessions, users and seats." + msgstr "Pro správu aktivních sezení, uživatelů a stanovišť je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:53 ++#: ../src/login/org.freedesktop.login1.policy.in.h:59 + msgid "Lock or unlock active sessions" + msgstr "Zamknout nebo odemknout aktivní sezení" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:54 ++#: ../src/login/org.freedesktop.login1.policy.in.h:60 + msgid "Authentication is required to lock or unlock active sessions." + msgstr "Pro zamčení nebo odemčení aktivních sezení je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:55 ++#: ../src/login/org.freedesktop.login1.policy.in.h:61 + msgid "Allow indication to the firmware to boot to setup interface" + msgstr "Povolit indikaci firmwaru bootovat instalační prostředí" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:56 +-msgid "" +-"Authentication is required to indicate to the firmware to boot to setup interface." +-msgstr "" +-"K povolení indikace firmwaru bootovat instalační prostředí je vyžadováno ověření." ++#: ../src/login/org.freedesktop.login1.policy.in.h:62 ++msgid "Authentication is required to indicate to the firmware to boot to setup interface." ++msgstr "K povolení indikace firmwaru bootovat instalační prostředí je vyžadováno ověření." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:57 ++#: ../src/login/org.freedesktop.login1.policy.in.h:63 + msgid "Set a wall message" + msgstr "Nastavit zprávu všem uživatelům" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:58 ++#: ../src/login/org.freedesktop.login1.policy.in.h:64 + msgid "Authentication is required to set a wall message" + msgstr "K nastavení zprávy všem uživatelům je vyžadováno ověření" + +@@ -475,10 +466,8 @@ msgid "Manage local virtual machine and container images" + msgstr "Spravovat lokální obrazy virtuálních strojů a kontejnerů" + + #: ../src/machine/org.freedesktop.machine1.policy.in.h:16 +-msgid "" +-"Authentication is required to manage local virtual machine and container images." +-msgstr "" +-"Pro správu obrazů lokálních virtuálních strojů a kontejnerů je vyžadováno ověření." ++msgid "Authentication is required to manage local virtual machine and container images." ++msgstr "Pro správu obrazů lokálních virtuálních strojů a kontejnerů je vyžadováno ověření." + + #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:1 + msgid "Set system time" +@@ -501,11 +490,9 @@ msgid "Set RTC to local timezone or UTC" + msgstr "Nastavit RTC na lokální časovou zónu nebo UTC" + + #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:6 +-msgid "" +-"Authentication is required to control whether the RTC stores the local or UTC time." ++msgid "Authentication is required to control whether the RTC stores the local or UTC time." + msgstr "" +-"Pro kontrolu jestli RTC ukládá lokální časovou zónu nebo UTC čas je vyžadováno " +-"ověření." ++"Pro kontrolu jestli RTC ukládá lokální časovou zónu nebo UTC čas je vyžadováno ověření." + + #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:7 + msgid "Turn network time synchronization on or off" +@@ -513,34 +500,33 @@ msgstr "Zapnout nebo vypnout synchronizaci s časem ze sítě" + + #: ../src/timedate/org.freedesktop.timedate1.policy.in.h:8 + msgid "" +-"Authentication is required to control whether network time synchronization shall " +-"be enabled." ++"Authentication is required to control whether network time synchronization shall be enabled." + msgstr "Pro kontrolu synchronizace času ze sítě je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:459 ++#: ../src/core/dbus-unit.c:458 + msgid "Authentication is required to start '$(unit)'." + msgstr "Pro spuštění „$(unit)” je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:460 ++#: ../src/core/dbus-unit.c:459 + msgid "Authentication is required to stop '$(unit)'." + msgstr "Pro vypnutí „$(unit)” je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:461 ++#: ../src/core/dbus-unit.c:460 + msgid "Authentication is required to reload '$(unit)'." + msgstr "Pro znovu načtení „$(unit)” je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:462 ../src/core/dbus-unit.c:463 ++#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462 + msgid "Authentication is required to restart '$(unit)'." + msgstr "Pro restart „$(unit)” je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:570 ++#: ../src/core/dbus-unit.c:569 + msgid "Authentication is required to kill '$(unit)'." + msgstr "Pro ukončení „$(unit)” je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:601 ++#: ../src/core/dbus-unit.c:600 + msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." + msgstr "Pro resetování chybného stavu „$(unit)” je vyžadováno ověření." + +-#: ../src/core/dbus-unit.c:634 ++#: ../src/core/dbus-unit.c:633 + msgid "Authentication is required to set properties on '$(unit)'." + msgstr "Pro nastavení vlastností na „$(unit)” je vyžadováno ověření." diff --git a/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch b/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch deleted file mode 100644 index b6bc910..0000000 --- a/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a0e030f53bad355be1084a0475eb30aae20e3e43 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 18 Oct 2017 15:14:46 +0200 -Subject: [PATCH] units: make remote-cryptsetup.target also after - cryptsetup-pre.target - -This way people can order units before cryptsetup-pre.target and -have them run before any cryptsetup-related stuff. ---- - units/remote-cryptsetup.target | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target -index d485b06726..ac4e1b71db 100644 ---- a/units/remote-cryptsetup.target -+++ b/units/remote-cryptsetup.target -@@ -8,7 +8,7 @@ - [Unit] - Description=Remote Encrypted Volumes - Documentation=man:systemd.special(7) --After=remote-fs-pre.target -+After=remote-fs-pre.target cryptsetup-pre.target - DefaultDependencies=no - Conflicts=shutdown.target - diff --git a/0007-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch b/0007-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch new file mode 100644 index 0000000..22dfc9f --- /dev/null +++ b/0007-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch @@ -0,0 +1,235 @@ +From 07d4eb06d6f9ef1bb8c3666a1aaa7297eae59f17 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 10 Oct 2017 20:55:20 +0200 +Subject: [PATCH] tests: skip tests when cg_pid_get_path fails (#7033) + +v2: +- cast the fstype_t type to ull, because it varies between arches. + Making it long long should be on the safe side. + +(cherry picked from commit 651d47d14b987883c604468e87e0e1871554d213) +--- + src/basic/cgroup-util.c | 5 ++++- + src/test/test-bpf.c | 7 ++++++- + src/test/test-cgroup-mask.c | 6 +++++- + src/test/test-engine.c | 6 +++++- + src/test/test-execute.c | 8 ++++++-- + src/test/test-helper.c | 17 +++++++++++------ + src/test/test-helper.h | 2 +- + src/test/test-path.c | 6 +++++- + src/test/test-sched-prio.c | 6 +++++- + src/test/test-unit-file.c | 6 +++++- + src/test/test-unit-name.c | 8 ++++++-- + 11 files changed, 59 insertions(+), 18 deletions(-) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index d51c3efd22..f5fed2a927 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2456,8 +2456,11 @@ static int cg_unified_update(void) { + return -ENOMEDIUM; + unified_cache = CGROUP_UNIFIED_NONE; + } +- } else ++ } else { ++ log_debug("Unknown filesystem type %llx mounted on /sys/fs/cgroup.", ++ (unsigned long long) fs.f_type); + return -ENOMEDIUM; ++ } + + return 0; + } +diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c +index 74e9d50561..ec8e00b070 100644 +--- a/src/test/test-bpf.c ++++ b/src/test/test-bpf.c +@@ -49,7 +49,12 @@ int main(int argc, char *argv[]) { + log_parse_environment(); + log_open(); + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ log_notice("cgroupfs not available, skipping tests"); ++ return EXIT_TEST_SKIP; ++ } ++ + assert_se(set_unit_path(get_testdata_dir("")) >= 0); + assert_se(runtime_dir = setup_fake_runtime_dir()); + +diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c +index 02aae84152..6fd35c81dc 100644 +--- a/src/test/test-cgroup-mask.c ++++ b/src/test/test-cgroup-mask.c +@@ -34,7 +34,11 @@ static int test_cgroup_mask(void) { + FDSet *fdset = NULL; + int r; + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ puts("Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + /* Prepare the manager. */ + assert_se(set_unit_path(get_testdata_dir("")) >= 0); +diff --git a/src/test/test-engine.c b/src/test/test-engine.c +index 6916f838d4..55249fdce2 100644 +--- a/src/test/test-engine.c ++++ b/src/test/test-engine.c +@@ -37,7 +37,11 @@ int main(int argc, char *argv[]) { + Job *j; + int r; + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ log_notice_errno(r, "Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + /* prepare the test */ + assert_se(set_unit_path(get_testdata_dir("")) >= 0); +diff --git a/src/test/test-execute.c b/src/test/test-execute.c +index 6786d56197..486c7e1226 100644 +--- a/src/test/test-execute.c ++++ b/src/test/test-execute.c +@@ -528,11 +528,15 @@ int main(int argc, char *argv[]) { + + /* It is needed otherwise cgroup creation fails */ + if (getuid() != 0) { +- printf("Skipping test: not root\n"); ++ puts("Skipping test: not root"); + return EXIT_TEST_SKIP; + } + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ puts("Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + assert_se(setenv("XDG_RUNTIME_DIR", "/tmp/", 1) == 0); + assert_se(set_unit_path(get_testdata_dir("/test-execute")) >= 0); +diff --git a/src/test/test-helper.c b/src/test/test-helper.c +index 5b707c3276..2a4b4347b6 100644 +--- a/src/test/test-helper.c ++++ b/src/test/test-helper.c +@@ -22,20 +22,25 @@ + #include "alloc-util.h" + #include "cgroup-util.h" + +-void enter_cgroup_subroot(void) { ++int enter_cgroup_subroot(void) { + _cleanup_free_ char *cgroup_root = NULL, *cgroup_subroot = NULL; + CGroupMask supported; ++ int r; ++ ++ r = cg_pid_get_path(NULL, 0, &cgroup_root); ++ if (r == -ENOMEDIUM) ++ return log_warning_errno(r, "cg_pid_get_path(NULL, 0, ...) failed: %m"); ++ assert(r >= 0); + +- assert_se(cg_pid_get_path(NULL, 0, &cgroup_root) >= 0); + assert_se(asprintf(&cgroup_subroot, "%s/%" PRIx64, cgroup_root, random_u64()) >= 0); + assert_se(cg_mask_supported(&supported) >= 0); + + /* If this fails, then we don't mind as the later cgroup operations will fail too, and it's fine if we handle + * any errors at that point. */ + +- if (cg_create_everywhere(supported, _CGROUP_MASK_ALL, cgroup_subroot) < 0) +- return; ++ r = cg_create_everywhere(supported, _CGROUP_MASK_ALL, cgroup_subroot); ++ if (r < 0) ++ return r; + +- if (cg_attach_everywhere(supported, cgroup_subroot, 0, NULL, NULL) < 0) +- return; ++ return cg_attach_everywhere(supported, cgroup_subroot, 0, NULL, NULL); + } +diff --git a/src/test/test-helper.h b/src/test/test-helper.h +index 8af32c8744..f7235527a5 100644 +--- a/src/test/test-helper.h ++++ b/src/test/test-helper.h +@@ -40,4 +40,4 @@ + -ENOMEDIUM /* cannot determine cgroup */ \ + ) + +-void enter_cgroup_subroot(void); ++int enter_cgroup_subroot(void); +diff --git a/src/test/test-path.c b/src/test/test-path.c +index c1915017df..9de3dd6674 100644 +--- a/src/test/test-path.c ++++ b/src/test/test-path.c +@@ -45,7 +45,11 @@ static int setup_test(Manager **m) { + + assert_se(m); + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ log_notice_errno(r, "Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &tmp); + if (MANAGER_SKIP_TEST(r)) { +diff --git a/src/test/test-sched-prio.c b/src/test/test-sched-prio.c +index 9bed4b3832..8f526a8415 100644 +--- a/src/test/test-sched-prio.c ++++ b/src/test/test-sched-prio.c +@@ -34,7 +34,11 @@ int main(int argc, char *argv[]) { + FDSet *fdset = NULL; + int r; + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ log_notice_errno(r, "Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + /* prepare the test */ + assert_se(set_unit_path(get_testdata_dir("")) >= 0); +diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c +index 07f21d0d3d..c16a6342f7 100644 +--- a/src/test/test-unit-file.c ++++ b/src/test/test-unit-file.c +@@ -858,7 +858,11 @@ int main(int argc, char *argv[]) { + log_parse_environment(); + log_open(); + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ log_notice_errno(r, "Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + assert_se(runtime_dir = setup_fake_runtime_dir()); + +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 1992357e1b..858bbf8476 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -465,12 +465,16 @@ static void test_unit_name_path_unescape(void) { + + int main(int argc, char* argv[]) { + _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- int rc = 0; ++ int r, rc = 0; + + log_parse_environment(); + log_open(); + +- enter_cgroup_subroot(); ++ r = enter_cgroup_subroot(); ++ if (r == -ENOMEDIUM) { ++ log_notice_errno(r, "Skipping test: cgroupfs not available"); ++ return EXIT_TEST_SKIP; ++ } + + assert_se(runtime_dir = setup_fake_runtime_dir()); + diff --git a/0008-core-fix-segfault-in-compile_bind_mounts-when-BindPa.patch b/0008-core-fix-segfault-in-compile_bind_mounts-when-BindPa.patch new file mode 100644 index 0000000..207681f --- /dev/null +++ b/0008-core-fix-segfault-in-compile_bind_mounts-when-BindPa.patch @@ -0,0 +1,28 @@ +From 7ba74d5f939d0322d6ea730dd0b5ceefd7d7f527 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 11 Oct 2017 12:27:13 +0900 +Subject: [PATCH] core: fix segfault in compile_bind_mounts() when BindPaths= + or BindReadOnlyPaths= is set + +This fixes a bug introduced by 6c47cd7d3bf35c8158a0737f34fe2c5dc95e72d6. + +Fixes #7055. + +(cherry picked from commit a8cabc612b16834260831a8163ae4b479b5c33a5) +--- + src/core/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index c4dfac96d9..2453f84fbd 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2161,7 +2161,7 @@ static int compile_bind_mounts( + if (!bind_mounts) + return -ENOMEM; + +- for (i = 0; context->n_bind_mounts; i++) { ++ for (i = 0; i < context->n_bind_mounts; i++) { + BindMount *item = context->bind_mounts + i; + char *s, *d; + diff --git a/0009-namespace-fall-back-gracefully-when-kernel-doesn-t-s.patch b/0009-namespace-fall-back-gracefully-when-kernel-doesn-t-s.patch new file mode 100644 index 0000000..21cae41 --- /dev/null +++ b/0009-namespace-fall-back-gracefully-when-kernel-doesn-t-s.patch @@ -0,0 +1,123 @@ +From aad46f8f761dfe93954ebba2cd764c4530337083 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 10 Oct 2017 09:46:13 +0200 +Subject: [PATCH] namespace: fall back gracefully when kernel doesn't support + network namespaces (#7024) + +(cherry picked from commit 6e2d7c4f131edb19255842cdd4dc199cf8adb5ab) +--- + TODO | 3 --- + src/core/execute.c | 13 ++++++++----- + src/core/namespace.c | 24 ++++++++++++++++++++++++ + src/core/namespace.h | 17 +++++++++++++++++ + 4 files changed, 49 insertions(+), 8 deletions(-) + +diff --git a/TODO b/TODO +index 81f009918c..020bdae9c8 100644 +--- a/TODO ++++ b/TODO +@@ -115,9 +115,6 @@ Features: + + * maybe introduce gpt auto discovery for /var/tmp? + +-* fix PrivateNetwork= so that we fall back gracefully on kernels lacking +- namespacing support (similar for the other namespacing options) +- + * maybe add gpt-partition-based user management: each user gets his own + LUKS-encrypted GPT partition with a new GPT type. A small nss module + enumerates users via udev partition enumeration. UIDs are assigned in a fixed +diff --git a/src/core/execute.c b/src/core/execute.c +index 2453f84fbd..ef95a75e75 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -3070,11 +3070,14 @@ static int exec_child( + } + + if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) { +- r = setup_netns(runtime->netns_storage_socket); +- if (r < 0) { +- *exit_status = EXIT_NETWORK; +- return log_unit_error_errno(unit, r, "Failed to set up network namespacing: %m"); +- } ++ if (ns_type_supported(NAMESPACE_NET)) { ++ r = setup_netns(runtime->netns_storage_socket); ++ if (r < 0) { ++ *exit_status = EXIT_NETWORK; ++ return log_unit_error_errno(unit, r, "Failed to set up network namespacing: %m"); ++ } ++ } else ++ log_unit_warning(unit, "PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring."); + } + + needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime); +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 6d74b8da67..df32d666bf 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -1428,6 +1428,18 @@ fail: + return r; + } + ++bool ns_type_supported(NamespaceType type) { ++ const char *t, *ns_proc; ++ ++ if (type <= _NAMESPACE_TYPE_INVALID || type >= _NAMESPACE_TYPE_MAX) ++ return false; ++ ++ t = namespace_type_to_string(type); ++ ns_proc = strjoina("/proc/self/ns/", t); ++ ++ return access(ns_proc, F_OK) == 0; ++} ++ + static const char *const protect_home_table[_PROTECT_HOME_MAX] = { + [PROTECT_HOME_NO] = "no", + [PROTECT_HOME_YES] = "yes", +@@ -1444,3 +1456,15 @@ static const char *const protect_system_table[_PROTECT_SYSTEM_MAX] = { + }; + + DEFINE_STRING_TABLE_LOOKUP(protect_system, ProtectSystem); ++ ++static const char* const namespace_type_table[] = { ++ [NAMESPACE_MOUNT] = "mnt", ++ [NAMESPACE_CGROUP] = "cgroup", ++ [NAMESPACE_UTS] = "uts", ++ [NAMESPACE_IPC] = "ipc", ++ [NAMESPACE_USER] = "user", ++ [NAMESPACE_PID] = "pid", ++ [NAMESPACE_NET] = "net", ++}; ++ ++DEFINE_STRING_TABLE_LOOKUP(namespace_type, NamespaceType); +diff --git a/src/core/namespace.h b/src/core/namespace.h +index da8d85dbc5..b244c8f337 100644 +--- a/src/core/namespace.h ++++ b/src/core/namespace.h +@@ -36,6 +36,18 @@ typedef enum ProtectHome { + _PROTECT_HOME_INVALID = -1 + } ProtectHome; + ++typedef enum NamespaceType { ++ NAMESPACE_MOUNT, ++ NAMESPACE_CGROUP, ++ NAMESPACE_UTS, ++ NAMESPACE_IPC, ++ NAMESPACE_USER, ++ NAMESPACE_PID, ++ NAMESPACE_NET, ++ _NAMESPACE_TYPE_MAX, ++ _NAMESPACE_TYPE_INVALID = -1, ++} NamespaceType; ++ + typedef enum ProtectSystem { + PROTECT_SYSTEM_NO, + PROTECT_SYSTEM_YES, +@@ -94,3 +106,8 @@ ProtectSystem protect_system_from_string(const char *s) _pure_; + + void bind_mount_free_many(BindMount *b, unsigned n); + int bind_mount_add(BindMount **b, unsigned *n, const BindMount *item); ++ ++const char* namespace_type_to_string(NamespaceType t) _const_; ++NamespaceType namespace_type_from_string(const char *s) _pure_; ++ ++bool ns_type_supported(NamespaceType type); diff --git a/0010-networkd-bridge-allow-AgeingTimeSec-to-be-set-0-7021.patch b/0010-networkd-bridge-allow-AgeingTimeSec-to-be-set-0-7021.patch new file mode 100644 index 0000000..2de2855 --- /dev/null +++ b/0010-networkd-bridge-allow-AgeingTimeSec-to-be-set-0-7021.patch @@ -0,0 +1,33 @@ +From c37f094c79877bea56b929b74b4e5c8df05f2eda Mon Sep 17 00:00:00 2001 +From: Susant Sahani <145210+ssahani@users.noreply.github.com> +Date: Wed, 11 Oct 2017 12:38:05 +0530 +Subject: [PATCH] networkd: bridge allow AgeingTimeSec to be set 0 (#7021) + +Closes #7019. + +(cherry picked from commit 0da812036f6fd60a7b5477fafb2eead9e98f4c78) +--- + src/network/netdev/bridge.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c +index 16fff78bf8..17c3955ef5 100644 +--- a/src/network/netdev/bridge.c ++++ b/src/network/netdev/bridge.c +@@ -91,7 +91,7 @@ static int netdev_bridge_post_create(NetDev *netdev, Link *link, sd_netlink_mess + return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_MAX_AGE attribute: %m"); + } + +- if (b->ageing_time > 0) { ++ if (b->ageing_time != USEC_INFINITY) { + r = sd_netlink_message_append_u32(req, IFLA_BR_AGEING_TIME, usec_to_jiffies(b->ageing_time)); + if (r < 0) + return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_AGEING_TIME attribute: %m"); +@@ -169,6 +169,7 @@ static void bridge_init(NetDev *n) { + b->stp = -1; + b->default_pvid = VLANID_INVALID; + b->forward_delay = USEC_INFINITY; ++ b->ageing_time = USEC_INFINITY; + } + + const NetDevVTable bridge_vtable = { diff --git a/0011-systemctl-supress-enable-disable-messages-when-q-is-.patch b/0011-systemctl-supress-enable-disable-messages-when-q-is-.patch new file mode 100644 index 0000000..8fae28d --- /dev/null +++ b/0011-systemctl-supress-enable-disable-messages-when-q-is-.patch @@ -0,0 +1,25 @@ +From 6c5ff1d86e7e54f460599e92abbb4a5327e6a6db Mon Sep 17 00:00:00 2001 +From: John Lin +Date: Thu, 12 Oct 2017 02:22:51 +0800 +Subject: [PATCH] systemctl: supress enable/disable messages when -q is given + (#7067) + +Fixes: #7036 +(cherry picked from commit 35d379b2e8b92388a73f245e5cfcaa7e7371e8a7) +--- + src/shared/bus-unit-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index e191f8c93e..6e2022587a 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -1471,7 +1471,7 @@ int bus_deserialize_and_dump_unit_file_changes(sd_bus_message *m, bool quiet, Un + if (r < 0) + return bus_log_parse_error(r); + +- unit_file_dump_changes(0, NULL, *changes, *n_changes, false); ++ unit_file_dump_changes(0, NULL, *changes, *n_changes, quiet); + return 0; + } + diff --git a/0012-man-update-changes-about-gateway-_gateway-7085.patch b/0012-man-update-changes-about-gateway-_gateway-7085.patch new file mode 100644 index 0000000..cbfebe7 --- /dev/null +++ b/0012-man-update-changes-about-gateway-_gateway-7085.patch @@ -0,0 +1,29 @@ +From 5d759f673438f49617040734b92056b25d211283 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Fri, 13 Oct 2017 09:10:26 +0200 +Subject: [PATCH] man: update changes about gateway -> _gateway (#7085) + +Commit 5248e7e1f11aba6859de0b28f0dd3778b22842f2 +(resolved,nss-myhostname: use _gateway for the gateway) changed how the +gateway is resolved. Reflect the change in documentation. + +Close #7084. + +(cherry picked from commit 1dc92a06e210a978e54c72168aaaa7487bf2fd2a) +--- + man/nss-myhostname.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml +index 6e05cb1897..2b180a37cb 100644 +--- a/man/nss-myhostname.xml ++++ b/man/nss-myhostname.xml +@@ -75,7 +75,7 @@ + ending in .localhost or .localhost.localdomain) + are resolved to the IP addresses 127.0.0.1 and ::1. + +- The hostname gateway is ++ The hostname _gateway is + resolved to all current default routing gateway addresses, + ordered by their metric. This assigns a stable hostname to the + current gateway, useful for referencing it independently of the diff --git a/0013-basic-env-util-drop-the-validation-when-deserializin.patch b/0013-basic-env-util-drop-the-validation-when-deserializin.patch new file mode 100644 index 0000000..420d726 --- /dev/null +++ b/0013-basic-env-util-drop-the-validation-when-deserializin.patch @@ -0,0 +1,63 @@ +From cdc2ef6ba88210264f00997e7c99b7f3339c629e Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 11 Oct 2017 09:29:30 +0200 +Subject: [PATCH] basic/env-util: drop the validation when deserializing + environment + +The environment variables we've serialized can quite possibly contain +characters outside the set allowed by env_assignment_is_valid(). In +fact, my environment seems to contain a couple of these: + + * TERMCAP set by screen contains a '\x7f' character + * BASH_FUNC_module%% variable has a '%' character in name + +Strict check of environment variables name and value certainly makes sense for +unit files, but not so much for deserialization of values we already had +in our environment. + +(cherry picked from commit ea43bdd1d7c14e3695a4cc081e4ef4f964160dc1) +--- + src/basic/env-util.c | 5 ----- + src/test/test-env-util.c | 5 +++-- + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index fa42edfa96..a8b51e719f 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -809,10 +809,5 @@ int deserialize_environment(char ***environment, const char *line) { + if (r < 0) + return r; + +- if (!env_assignment_is_valid(uce)) { +- free(uce); +- return -EINVAL; +- } +- + return strv_env_replace(environment, uce); + } +diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c +index 3a2492dc6f..b14d62760f 100644 +--- a/src/test/test-env-util.c ++++ b/src/test/test-env-util.c +@@ -319,10 +319,10 @@ static void test_env_assignment_is_valid(void) { + static void test_deserialize_environment(void) { + _cleanup_strv_free_ char **env = strv_new("A=1", NULL); + +- assert_se(deserialize_environment(&env, "env=test") < 0); + assert_se(deserialize_environment(&env, "env=B=2") >= 0); ++ assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0); + +- assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2"))); ++ assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e"))); + } + + static void test_serialize_environment(void) { +@@ -334,6 +334,7 @@ static void test_serialize_environment(void) { + "B=2", + "C=ąęółń", + "D=D=a\\x0Ab", ++ "FOO%%=a\177b\nc\td e", + NULL); + _cleanup_strv_free_ char **env2 = NULL; + diff --git a/0014-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch b/0014-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch new file mode 100644 index 0000000..2bee77f --- /dev/null +++ b/0014-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch @@ -0,0 +1,41 @@ +From 1ff2852a188de9235a293a347683c4c012708fe8 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 11 Oct 2017 15:05:38 +0200 +Subject: [PATCH] basic/env-util: don't relax unesaping of serialized + environment strings + +We wrote them ourselves -- they shouldn't contain invalid sequences. + +(cherry picked from commit c7d797bbdfaccd950988698823e17103f418a3c5) +--- + src/basic/env-util.c | 2 +- + src/test/test-env-util.c | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index a8b51e719f..0da10de0c8 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -805,7 +805,7 @@ int deserialize_environment(char ***environment, const char *line) { + assert(environment); + + assert(startswith(line, "env=")); +- r = cunescape(line + 4, UNESCAPE_RELAX, &uce); ++ r = cunescape(line + 4, 0, &uce); + if (r < 0) + return r; + +diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c +index b14d62760f..a76f691b79 100644 +--- a/src/test/test-env-util.c ++++ b/src/test/test-env-util.c +@@ -323,6 +323,9 @@ static void test_deserialize_environment(void) { + assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0); + + assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e"))); ++ ++ assert_se(deserialize_environment(&env, "env=foo\\") < 0); ++ assert_se(deserialize_environment(&env, "env=bar\\_baz") < 0); + } + + static void test_serialize_environment(void) { diff --git a/0015-test-path-fix-inverted-return-value-7050.patch b/0015-test-path-fix-inverted-return-value-7050.patch new file mode 100644 index 0000000..8e3202f --- /dev/null +++ b/0015-test-path-fix-inverted-return-value-7050.patch @@ -0,0 +1,27 @@ +From 4b3d3fc4e2e489706a1a4ad3ced1ca5cc81cb583 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 17 Oct 2017 17:49:48 +0200 +Subject: [PATCH] test-path: fix inverted return value (#7050) + +It must be <0 to indicate failure. + +Fixes #7050. + +(cherry picked from commit be21bf856b77629c7f49ca65b3e62f650097048a) +--- + src/test/test-path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/test/test-path.c b/src/test/test-path.c +index 9de3dd6674..051dfc4868 100644 +--- a/src/test/test-path.c ++++ b/src/test/test-path.c +@@ -48,7 +48,7 @@ static int setup_test(Manager **m) { + r = enter_cgroup_subroot(); + if (r == -ENOMEDIUM) { + log_notice_errno(r, "Skipping test: cgroupfs not available"); +- return EXIT_TEST_SKIP; ++ return -EXIT_TEST_SKIP; + } + + r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &tmp); diff --git a/0016-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch b/0016-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch new file mode 100644 index 0000000..d3099a0 --- /dev/null +++ b/0016-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch @@ -0,0 +1,49 @@ +From 56ea854f0691e93501edb45d11625da63106b0ca Mon Sep 17 00:00:00 2001 +From: Susant Sahani <145210+ssahani@users.noreply.github.com> +Date: Wed, 18 Oct 2017 11:55:57 +0530 +Subject: [PATCH] networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel + (#7030) + +If FIB Rules are not supported by the kernel then networkd fails to +start as it retuns error=-EOPNOTSUPP. +In this case just ignore and let start networkd. + +``` +sendto(5, {{len=28, type=RTM_GETRULE, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_DUMP, seq=8, pid=0}, {family=AF_UNSPEC, dst_len=0, src_len=0, tos=0, table=RT_TABLE_UNSPEC, action=FR_ACT_TO_TBL, flags=0}}, 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 16) = 28 +recvmsg(5, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=128->12, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_NETLINK, cmsg_type=0x3}], msg_controllen=24, msg_flags=MSG_TRUNC}, MSG_PEEK|MSG_TRUNC) = 48 +recvmsg(5, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=128->12, msg_iov=[{iov_base={{len=48, type=NLMSG_ERROR, flags=0, seq=8, pid=8856}, {error=-EOPNOTSUPP, msg={{len=28, type=RTM_GETRULE, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_DUMP, seq=8, pid=0}, {family=AF_UNSPEC, dst_len=0, src_len=0, tos=0, table=RT_TABLE_UNSPEC, action=FR_ACT_TO_TBL, flags=0}}}}, iov_len=7416}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_NETLINK, cmsg_type=0x3}], msg_controllen=24, msg_flags=0}, MSG_TRUNC) = 48 +``` + +``` +Oct 08 10:22:24 naomi systemd[1]: Starting Network Service... +Oct 08 10:22:24 naomi systemd-networkd[983]: Could not enumerate rules: Operation not supported +Oct 08 10:22:24 naomi systemd[1]: systemd-networkd.service: Main process exited, code=exited, status=1/FAILURE +``` + +Fixes #7027 + +(cherry picked from commit 6acbbdd4da2d072112042abbce8c0a9523beed4e) +--- + src/network/networkd-manager.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index 71445d5dda..200d0f622d 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -1454,8 +1454,14 @@ int manager_rtnl_enumerate_rules(Manager *m) { + return r; + + r = sd_netlink_call(m->rtnl, req, 0, &reply); +- if (r < 0) ++ if (r < 0) { ++ if (r == -EOPNOTSUPP) { ++ log_debug("FIB Rules are not supported by the kernel. Ignoring."); ++ return 0; ++ } ++ + return r; ++ } + + for (rule = reply; rule; rule = sd_netlink_message_next(rule)) { + int k; diff --git a/0017-dynamic-user-label-functions-not-necessary-to-export.patch b/0017-dynamic-user-label-functions-not-necessary-to-export.patch new file mode 100644 index 0000000..a0d599a --- /dev/null +++ b/0017-dynamic-user-label-functions-not-necessary-to-export.patch @@ -0,0 +1,90 @@ +From 50e78e3f7f0e1751a594214d1e25f06ca371035d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 11 Oct 2017 12:46:27 +0900 +Subject: [PATCH] dynamic-user: label functions not necessary to export as + static + +(cherry picked from commit 9da440b1b3d8476394e6ffcaf687e0f89932e6ac) +--- + src/core/dynamic-user.c | 12 ++++++------ + src/core/dynamic-user.h | 9 --------- + 2 files changed, 6 insertions(+), 15 deletions(-) + +diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c +index f1b5ee7ecb..a191341186 100644 +--- a/src/core/dynamic-user.c ++++ b/src/core/dynamic-user.c +@@ -82,7 +82,7 @@ static int dynamic_user_add(Manager *m, const char *name, int storage_socket[2], + return 0; + } + +-int dynamic_user_acquire(Manager *m, const char *name, DynamicUser** ret) { ++static int dynamic_user_acquire(Manager *m, const char *name, DynamicUser** ret) { + _cleanup_close_pair_ int storage_socket[2] = { -1, -1 }; + DynamicUser *d; + int r; +@@ -421,7 +421,7 @@ static void unlink_uid_lock(int lock_fd, uid_t uid, const char *name) { + (void) make_uid_symlinks(uid, name, false); /* remove direct lookup symlinks */ + } + +-int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *ret) { ++static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *ret) { + + _cleanup_close_ int etc_passwd_lock_fd = -1, uid_lock_fd = -1; + uid_t uid = UID_INVALID; +@@ -526,7 +526,7 @@ finish: + return r; + } + +-int dynamic_user_current(DynamicUser *d, uid_t *ret) { ++static int dynamic_user_current(DynamicUser *d, uid_t *ret) { + _cleanup_close_ int lock_fd = -1; + uid_t uid; + int r; +@@ -555,7 +555,7 @@ finish: + return r; + } + +-DynamicUser* dynamic_user_ref(DynamicUser *d) { ++static DynamicUser* dynamic_user_ref(DynamicUser *d) { + if (!d) + return NULL; + +@@ -565,7 +565,7 @@ DynamicUser* dynamic_user_ref(DynamicUser *d) { + return d; + } + +-DynamicUser* dynamic_user_unref(DynamicUser *d) { ++static DynamicUser* dynamic_user_unref(DynamicUser *d) { + if (!d) + return NULL; + +@@ -608,7 +608,7 @@ finish: + return r; + } + +-DynamicUser* dynamic_user_destroy(DynamicUser *d) { ++static DynamicUser* dynamic_user_destroy(DynamicUser *d) { + if (!d) + return NULL; + +diff --git a/src/core/dynamic-user.h b/src/core/dynamic-user.h +index e7de4f46ae..a0cb378115 100644 +--- a/src/core/dynamic-user.h ++++ b/src/core/dynamic-user.h +@@ -43,15 +43,6 @@ struct DynamicUser { + char name[]; + }; + +-int dynamic_user_acquire(Manager *m, const char *name, DynamicUser **ret); +- +-int dynamic_user_realize(DynamicUser *d, char **suggested_paths, uid_t *ret); +-int dynamic_user_current(DynamicUser *d, uid_t *ret); +- +-DynamicUser* dynamic_user_ref(DynamicUser *d); +-DynamicUser* dynamic_user_unref(DynamicUser *d); +-DynamicUser* dynamic_user_destroy(DynamicUser *d); +- + int dynamic_user_serialize(Manager *m, FILE *f, FDSet *fds); + void dynamic_user_deserialize_one(Manager *m, const char *value, FDSet *fds); + void dynamic_user_vacuum(Manager *m, bool close_user); diff --git a/0018-dynamic-user-permit-the-case-static-uid-and-gid-are-.patch b/0018-dynamic-user-permit-the-case-static-uid-and-gid-are-.patch new file mode 100644 index 0000000..98c0425 --- /dev/null +++ b/0018-dynamic-user-permit-the-case-static-uid-and-gid-are-.patch @@ -0,0 +1,89 @@ +From b06ca097172783c89e04134abf16a00b5151032a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 11 Oct 2017 14:41:13 +0900 +Subject: [PATCH] dynamic-user: permit the case static uid and gid are + different + +This makes systemd supports the case that DynamicUser=yes and +static user and group exist such that uid and gid of them are different. +We only refuse the operation when user does not exist but the group +with the same name exists. + +Fixes #7013. + +(cherry picked from commit 9ec655cbbd7505ef465e0444da0622e46099ce42) +--- + src/core/dynamic-user.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c +index a191341186..8f229d27ff 100644 +--- a/src/core/dynamic-user.c ++++ b/src/core/dynamic-user.c +@@ -421,7 +421,7 @@ static void unlink_uid_lock(int lock_fd, uid_t uid, const char *name) { + (void) make_uid_symlinks(uid, name, false); /* remove direct lookup symlinks */ + } + +-static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *ret) { ++static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *ret, bool is_user) { + + _cleanup_close_ int etc_passwd_lock_fd = -1, uid_lock_fd = -1; + uid_t uid = UID_INVALID; +@@ -460,19 +460,28 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + struct passwd *p; + struct group *g; + +- /* OK, this is not a numeric UID. Let's see if there's a user by this name */ +- p = getpwnam(d->name); +- if (p) +- uid = p->pw_uid; +- +- /* Let's see if there's a group by this name */ +- g = getgrnam(d->name); +- if (g) { +- /* If the UID/GID of the user/group of the same don't match, refuse operation */ +- if (uid != UID_INVALID && uid != (uid_t) g->gr_gid) +- return -EILSEQ; +- +- uid = (uid_t) g->gr_gid; ++ if (is_user) { ++ /* OK, this is not a numeric UID. Let's see if there's a user by this name */ ++ p = getpwnam(d->name); ++ if (p) ++ uid = p->pw_uid; ++ else { ++ /* if the user does not exist but the group with the same name exists, refuse operation */ ++ g = getgrnam(d->name); ++ if (g) ++ return -EILSEQ; ++ } ++ } else { ++ /* Let's see if there's a group by this name */ ++ g = getgrnam(d->name); ++ if (g) ++ uid = (uid_t) g->gr_gid; ++ else { ++ /* if the group does not exist but the user with the same name exists, refuse operation */ ++ p = getpwnam(d->name); ++ if (p) ++ return -EILSEQ; ++ } + } + } + +@@ -814,13 +823,13 @@ int dynamic_creds_realize(DynamicCreds *creds, char **suggested_paths, uid_t *ui + /* Realize both the referenced user and group */ + + if (creds->user) { +- r = dynamic_user_realize(creds->user, suggested_paths, &u); ++ r = dynamic_user_realize(creds->user, suggested_paths, &u, true); + if (r < 0) + return r; + } + + if (creds->group && creds->group != creds->user) { +- r = dynamic_user_realize(creds->group, suggested_paths, &g); ++ r = dynamic_user_realize(creds->group, suggested_paths, &g, false); + if (r < 0) + return r; + } else diff --git a/0019-core-fix-invalid-error-message.patch b/0019-core-fix-invalid-error-message.patch new file mode 100644 index 0000000..d72107e --- /dev/null +++ b/0019-core-fix-invalid-error-message.patch @@ -0,0 +1,30 @@ +From efbd654ae84bc8033affed03538429b51eac02e8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Oct 2017 08:57:54 +0900 +Subject: [PATCH] core: fix invalid error message + +The error message corresponds to EILSEQ is "Invalid or incomplete +multibyte or wide character", and is not suitable in this case. +So, let's show a custom error message when the function +dynamic_creds_realize() returns -EILSEQ. + +(cherry picked from commit e2b0cc3415980f7a145f8772f4ae0a4ad0fbe85a) +--- + src/core/execute.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index ef95a75e75..239ad7bcfd 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2798,6 +2798,10 @@ static int exec_child( + r = dynamic_creds_realize(dcreds, suggested_paths, &uid, &gid); + if (r < 0) { + *exit_status = EXIT_USER; ++ if (r == -EILSEQ) { ++ log_unit_error(unit, "Failed to update dynamic user credentials: User or group with specified name already exists."); ++ return -EOPNOTSUPP; ++ } + return log_unit_error_errno(unit, r, "Failed to update dynamic user credentials: %m"); + } + diff --git a/0020-man-comment-a-requirement-about-the-static-user-or-g.patch b/0020-man-comment-a-requirement-about-the-static-user-or-g.patch new file mode 100644 index 0000000..04d2df4 --- /dev/null +++ b/0020-man-comment-a-requirement-about-the-static-user-or-g.patch @@ -0,0 +1,27 @@ +From 88d84756b38bdac98e820ca1b17e0b3bf0ea7a25 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Oct 2017 15:30:00 +0900 +Subject: [PATCH] man: comment a requirement about the static user or group + when DynamicUser=yes + +(cherry picked from commit 3bd493dc93e1be976fb9868c349a4711b97d2790) +--- + man/systemd.exec.xml | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml +index dfae0572d8..68291264bd 100644 +--- a/man/systemd.exec.xml ++++ b/man/systemd.exec.xml +@@ -206,7 +206,10 @@ + enabled for a unit, the name of the dynamic user/group is implicitly derived from the unit name. If the unit + name without the type suffix qualifies as valid user name it is used directly, otherwise a name incorporating a + hash of it is used. If a statically allocated user or group of the configured name already exists, it is used +- and no dynamic user/group is allocated. Dynamic users/groups are allocated from the UID/GID range ++ and no dynamic user/group is allocated. Note that if User= is specified and the static group ++ with the name exists, then it is required that the static user with the name already exists. Similarly, ++ if Group= is specified and the static user with the name exists, then it is required that ++ the static group with the name already exists. Dynamic users/groups are allocated from the UID/GID range + 61184…65519. It is recommended to avoid this range for regular system or login users. At any point in time + each UID/GID from this range is only assigned to zero or one dynamically allocated users/groups in + use. However, UID/GIDs are recycled after a unit is terminated. Care should be taken that any processes running diff --git a/0021-core-dynamic-user-use-_cleanup_-in-dynamic-user-lock.patch b/0021-core-dynamic-user-use-_cleanup_-in-dynamic-user-lock.patch new file mode 100644 index 0000000..ed492de --- /dev/null +++ b/0021-core-dynamic-user-use-_cleanup_-in-dynamic-user-lock.patch @@ -0,0 +1,183 @@ +From 56fe0eb7f350b8c75fd952ce930a9ef0f00d45fc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 20 Oct 2017 12:41:04 +0200 +Subject: [PATCH] core/dynamic-user: use _cleanup_ in dynamic user locking + +This makes the code a bit easier to read. + +(cherry picked from commit 362d90b7f2776f7fabf78274587fd38ceb1b1c12) +--- + src/core/dynamic-user.c | 78 +++++++++++++++++++++++++++---------------------- + 1 file changed, 43 insertions(+), 35 deletions(-) + +diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c +index 8f229d27ff..0f4ec15721 100644 +--- a/src/core/dynamic-user.c ++++ b/src/core/dynamic-user.c +@@ -421,9 +421,25 @@ static void unlink_uid_lock(int lock_fd, uid_t uid, const char *name) { + (void) make_uid_symlinks(uid, name, false); /* remove direct lookup symlinks */ + } + ++static int lockfp(int fd, int *fd_lock) { ++ if (lockf(fd, F_LOCK, 0) < 0) ++ return -errno; ++ *fd_lock = fd; ++ return 0; ++} ++ ++static void unlockfp(int *fd_lock) { ++ if (*fd_lock < 0) ++ return; ++ lockf(*fd_lock, F_ULOCK, 0); ++ *fd_lock = -1; ++} ++ + static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *ret, bool is_user) { + +- _cleanup_close_ int etc_passwd_lock_fd = -1, uid_lock_fd = -1; ++ _cleanup_(unlockfp) int storage_socket0_lock = -1; ++ _cleanup_close_ int uid_lock_fd = -1; ++ _cleanup_close_ int etc_passwd_lock_fd = -1; + uid_t uid = UID_INVALID; + int r; + +@@ -432,8 +448,9 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + /* Acquire a UID for the user name. This will allocate a UID for the user name if the user doesn't exist + * yet. If it already exists its existing UID/GID will be reused. */ + +- if (lockf(d->storage_socket[0], F_LOCK, 0) < 0) +- return -errno; ++ r = lockfp(d->storage_socket[0], &storage_socket0_lock); ++ if (r < 0) ++ return r; + + r = dynamic_user_pop(d, &uid, &uid_lock_fd); + if (r < 0) { +@@ -441,11 +458,11 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + uid_t new_uid; + + if (r != -EAGAIN) +- goto finish; ++ return r; + + /* OK, nothing stored yet, let's try to find something useful. While we are working on this release the + * lock however, so that nobody else blocks on our NSS lookups. */ +- (void) lockf(d->storage_socket[0], F_ULOCK, 0); ++ unlockfp(&storage_socket0_lock); + + /* Let's see if a proper, static user or group by this name exists. Try to take the lock on + * /etc/passwd, if that fails with EROFS then /etc is read-only. In that case it's fine if we don't +@@ -494,9 +511,10 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + } + + /* So, we found a working UID/lock combination. Let's see if we actually still need it. */ +- if (lockf(d->storage_socket[0], F_LOCK, 0) < 0) { ++ r = lockfp(d->storage_socket[0], &storage_socket0_lock); ++ if (r < 0) { + unlink_uid_lock(uid_lock_fd, uid, d->name); +- return -errno; ++ return r; + } + + r = dynamic_user_pop(d, &new_uid, &new_uid_lock_fd); +@@ -504,7 +522,7 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + if (r != -EAGAIN) { + /* OK, something bad happened, let's get rid of the bits we acquired. */ + unlink_uid_lock(uid_lock_fd, uid, d->name); +- goto finish; ++ return r; + } + + /* Great! Nothing is stored here, still. Store our newly acquired data. */ +@@ -525,17 +543,14 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + * dynamically right here, push that in along with the lock fd for it. */ + r = dynamic_user_push(d, uid, uid_lock_fd); + if (r < 0) +- goto finish; ++ return r; + + *ret = uid; +- r = 0; +- +-finish: +- (void) lockf(d->storage_socket[0], F_ULOCK, 0); +- return r; ++ return 0; + } + + static int dynamic_user_current(DynamicUser *d, uid_t *ret) { ++ _cleanup_(unlockfp) int storage_socket0_lock = -1; + _cleanup_close_ int lock_fd = -1; + uid_t uid; + int r; +@@ -545,23 +560,20 @@ static int dynamic_user_current(DynamicUser *d, uid_t *ret) { + + /* Get the currently assigned UID for the user, if there's any. This simply pops the data from the storage socket, and pushes it back in right-away. */ + +- if (lockf(d->storage_socket[0], F_LOCK, 0) < 0) +- return -errno; ++ r = lockfp(d->storage_socket[0], &storage_socket0_lock); ++ if (r < 0) ++ return r; + + r = dynamic_user_pop(d, &uid, &lock_fd); + if (r < 0) +- goto finish; ++ return r; + + r = dynamic_user_push(d, uid, lock_fd); + if (r < 0) +- goto finish; ++ return r; + + *ret = uid; +- r = 0; +- +-finish: +- (void) lockf(d->storage_socket[0], F_ULOCK, 0); +- return r; ++ return 0; + } + + static DynamicUser* dynamic_user_ref(DynamicUser *d) { +@@ -589,6 +601,7 @@ static DynamicUser* dynamic_user_unref(DynamicUser *d) { + } + + static int dynamic_user_close(DynamicUser *d) { ++ _cleanup_(unlockfp) int storage_socket0_lock = -1; + _cleanup_close_ int lock_fd = -1; + uid_t uid; + int r; +@@ -596,25 +609,20 @@ static int dynamic_user_close(DynamicUser *d) { + /* Release the user ID, by releasing the lock on it, and emptying the storage socket. After this the user is + * unrealized again, much like it was after it the DynamicUser object was first allocated. */ + +- if (lockf(d->storage_socket[0], F_LOCK, 0) < 0) +- return -errno; ++ r = lockfp(d->storage_socket[0], &storage_socket0_lock); ++ if (r < 0) ++ return r; + + r = dynamic_user_pop(d, &uid, &lock_fd); +- if (r == -EAGAIN) { ++ if (r == -EAGAIN) + /* User wasn't realized yet, nothing to do. */ +- r = 0; +- goto finish; +- } ++ return 0; + if (r < 0) +- goto finish; ++ return r; + + /* This dynamic user was realized and dynamically allocated. In this case, let's remove the lock file. */ + unlink_uid_lock(lock_fd, uid, d->name); +- r = 1; +- +-finish: +- (void) lockf(d->storage_socket[0], F_ULOCK, 0); +- return r; ++ return 1; + } + + static DynamicUser* dynamic_user_destroy(DynamicUser *d) { diff --git a/0022-core-dynamic-user-use-gid-from-pwnam-if-a-static-use.patch b/0022-core-dynamic-user-use-gid-from-pwnam-if-a-static-use.patch new file mode 100644 index 0000000..23059a3 --- /dev/null +++ b/0022-core-dynamic-user-use-gid-from-pwnam-if-a-static-use.patch @@ -0,0 +1,174 @@ +From 699b9dcb4e1ab66703bc22c0e3eed16b650895c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 20 Oct 2017 13:00:12 +0200 +Subject: [PATCH] core/dynamic-user: use gid from pwnam if a static user was + found + +Fixes #7133. + +v2: +- update based on review + +(cherry picked from commit c2983a7fdd027b6241b8c8814706c6ea9768a34c) +--- + src/core/dynamic-user.c | 53 +++++++++++++++++++++++++++++-------------------- + 1 file changed, 32 insertions(+), 21 deletions(-) + +diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c +index 0f4ec15721..ce84f8d41a 100644 +--- a/src/core/dynamic-user.c ++++ b/src/core/dynamic-user.c +@@ -435,15 +435,22 @@ static void unlockfp(int *fd_lock) { + *fd_lock = -1; + } + +-static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *ret, bool is_user) { ++static int dynamic_user_realize( ++ DynamicUser *d, ++ char **suggested_dirs, ++ uid_t *ret_uid, gid_t *ret_gid, ++ bool is_user) { + + _cleanup_(unlockfp) int storage_socket0_lock = -1; + _cleanup_close_ int uid_lock_fd = -1; + _cleanup_close_ int etc_passwd_lock_fd = -1; +- uid_t uid = UID_INVALID; ++ uid_t num = UID_INVALID; /* a uid if is_user, and a gid otherwise */ ++ gid_t gid = GID_INVALID; /* a gid if is_user, ignored otherwise */ + int r; + + assert(d); ++ assert(is_user == !!ret_uid); ++ assert(ret_gid); + + /* Acquire a UID for the user name. This will allocate a UID for the user name if the user doesn't exist + * yet. If it already exists its existing UID/GID will be reused. */ +@@ -452,7 +459,7 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + if (r < 0) + return r; + +- r = dynamic_user_pop(d, &uid, &uid_lock_fd); ++ r = dynamic_user_pop(d, &num, &uid_lock_fd); + if (r < 0) { + int new_uid_lock_fd; + uid_t new_uid; +@@ -472,7 +479,7 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + return etc_passwd_lock_fd; + + /* First, let's parse this as numeric UID */ +- r = parse_uid(d->name, &uid); ++ r = parse_uid(d->name, &num); + if (r < 0) { + struct passwd *p; + struct group *g; +@@ -480,9 +487,10 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + if (is_user) { + /* OK, this is not a numeric UID. Let's see if there's a user by this name */ + p = getpwnam(d->name); +- if (p) +- uid = p->pw_uid; +- else { ++ if (p) { ++ num = p->pw_uid; ++ gid = p->pw_gid; ++ } else { + /* if the user does not exist but the group with the same name exists, refuse operation */ + g = getgrnam(d->name); + if (g) +@@ -492,7 +500,7 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + /* Let's see if there's a group by this name */ + g = getgrnam(d->name); + if (g) +- uid = (uid_t) g->gr_gid; ++ num = (uid_t) g->gr_gid; + else { + /* if the group does not exist but the user with the same name exists, refuse operation */ + p = getpwnam(d->name); +@@ -502,10 +510,10 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + } + } + +- if (uid == UID_INVALID) { ++ if (num == UID_INVALID) { + /* No static UID assigned yet, excellent. Let's pick a new dynamic one, and lock it. */ + +- uid_lock_fd = pick_uid(suggested_dirs, d->name, &uid); ++ uid_lock_fd = pick_uid(suggested_dirs, d->name, &num); + if (uid_lock_fd < 0) + return uid_lock_fd; + } +@@ -513,7 +521,7 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + /* So, we found a working UID/lock combination. Let's see if we actually still need it. */ + r = lockfp(d->storage_socket[0], &storage_socket0_lock); + if (r < 0) { +- unlink_uid_lock(uid_lock_fd, uid, d->name); ++ unlink_uid_lock(uid_lock_fd, num, d->name); + return r; + } + +@@ -521,7 +529,7 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + if (r < 0) { + if (r != -EAGAIN) { + /* OK, something bad happened, let's get rid of the bits we acquired. */ +- unlink_uid_lock(uid_lock_fd, uid, d->name); ++ unlink_uid_lock(uid_lock_fd, num, d->name); + return r; + } + +@@ -530,10 +538,10 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + /* Hmm, so as it appears there's now something stored in the storage socket. Throw away what we + * acquired, and use what's stored now. */ + +- unlink_uid_lock(uid_lock_fd, uid, d->name); ++ unlink_uid_lock(uid_lock_fd, num, d->name); + safe_close(uid_lock_fd); + +- uid = new_uid; ++ num = new_uid; + uid_lock_fd = new_uid_lock_fd; + } + } +@@ -541,11 +549,16 @@ static int dynamic_user_realize(DynamicUser *d, char **suggested_dirs, uid_t *re + /* If the UID/GID was already allocated dynamically, push the data we popped out back in. If it was already + * allocated statically, push the UID back too, but do not push the lock fd in. If we allocated the UID + * dynamically right here, push that in along with the lock fd for it. */ +- r = dynamic_user_push(d, uid, uid_lock_fd); ++ r = dynamic_user_push(d, num, uid_lock_fd); + if (r < 0) + return r; + +- *ret = uid; ++ if (is_user) { ++ *ret_uid = num; ++ *ret_gid = gid != GID_INVALID ? gid : num; ++ } else ++ *ret_gid = num; ++ + return 0; + } + +@@ -831,21 +844,19 @@ int dynamic_creds_realize(DynamicCreds *creds, char **suggested_paths, uid_t *ui + /* Realize both the referenced user and group */ + + if (creds->user) { +- r = dynamic_user_realize(creds->user, suggested_paths, &u, true); ++ r = dynamic_user_realize(creds->user, suggested_paths, &u, &g, true); + if (r < 0) + return r; + } + + if (creds->group && creds->group != creds->user) { +- r = dynamic_user_realize(creds->group, suggested_paths, &g, false); ++ r = dynamic_user_realize(creds->group, suggested_paths, NULL, &g, false); + if (r < 0) + return r; +- } else +- g = u; ++ } + + *uid = u; + *gid = g; +- + return 0; + } + diff --git a/0023-networkd-Consider-linkLocalAddressing-state-while-co.patch b/0023-networkd-Consider-linkLocalAddressing-state-while-co.patch new file mode 100644 index 0000000..bedb6ec --- /dev/null +++ b/0023-networkd-Consider-linkLocalAddressing-state-while-co.patch @@ -0,0 +1,33 @@ +From 610f5ddb3c4ae3b08ddb1334bbdcbcf7799f091f Mon Sep 17 00:00:00 2001 +From: Susant Sahani <145210+ssahani@users.noreply.github.com> +Date: Wed, 18 Oct 2017 14:42:59 +0530 +Subject: [PATCH] networkd: Consider linkLocalAddressing state while + configuring ndisc. (#7012) + +If linkLocalAddressing is disabled in for the interface still then +we look for ndisc configured or not in link_check_ready. + +Link local is used automatic address configuration and neighbor discovery protocol. +If link local is disabled we should not configure ndisc. + +Fixes #2713, #6441, #5841. + +(cherry picked from commit 702c979fefc6d3e69c5982b8469ec8a47792d62f) +--- + src/network/networkd-link.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 6b591271a0..c581a49b4e 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -226,6 +226,9 @@ static bool link_ipv6_accept_ra_enabled(Link *link) { + if (!link->network) + return false; + ++ if (!link_ipv6ll_enabled(link)) ++ return false; ++ + /* If unset use system default (enabled if local forwarding is disabled. + * disabled if local forwarding is enabled). + * If set, ignore or enforce RA independent of local forwarding state. diff --git a/0024-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch b/0024-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch new file mode 100644 index 0000000..63cf54a --- /dev/null +++ b/0024-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch @@ -0,0 +1,37 @@ +From 14d3f593b115fb46361e5dab4de0bead8451ca27 Mon Sep 17 00:00:00 2001 +From: Susant Sahani <145210+ssahani@users.noreply.github.com> +Date: Wed, 18 Oct 2017 16:08:56 +0530 +Subject: [PATCH] networkd: don't stop the dhcp server if it's not configured. + (#7083) + +we call sd_dhcp_server_stop even if it's not configured when link is +down resulting unwanted logs. +``` +Oct 10 13:41:07 nena systemd-networkd[126]: eth0: Lost carrier +Oct 10 13:41:07 nena systemd-networkd[126]: DHCP CLIENT (0x560f2dc5): STOPPED +Oct 10 13:41:07 nena systemd-networkd[126]: eth0: DHCP lease lost +Oct 10 13:41:07 nena systemd-networkd[126]: NDISC: Stopping IPv6 Router Solicitation client +Oct 10 13:41:07 nena systemd-networkd[126]: Assertion 'server' failed at ../src/libsystemd-network/sd-dhcp-server.c:256, function sd_dhcp_server_stop(). Ignoring. +``` + +fixes #7047 + +(cherry picked from commit 28464ae0e21e7b9dfea7b733f9470091b2480a9a) +--- + src/network/networkd-link.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index c581a49b4e..70039940bc 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -3085,7 +3085,8 @@ static int link_carrier_lost(Link *link) { + return r; + } + +- (void) sd_dhcp_server_stop(link->dhcp_server); ++ if (link_dhcp4_server_enabled(link)) ++ (void) sd_dhcp_server_stop(link->dhcp_server); + + r = link_drop_config(link); + if (r < 0) diff --git a/0025-units-add-Install-section-to-remote-cryptsetup.targe.patch b/0025-units-add-Install-section-to-remote-cryptsetup.targe.patch new file mode 100644 index 0000000..545d8f0 --- /dev/null +++ b/0025-units-add-Install-section-to-remote-cryptsetup.targe.patch @@ -0,0 +1,43 @@ +From eaaa52cc40bc7f94762ca622d4bd3e9440ccee90 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:13:03 +0200 +Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target + +This makes this target the same as remote-fs.target in this regard. In practice +it probably doesn't make that much difference, because all encrypted devices +that are part of remote-fs.target (marked with _netdev) will be used for mount +points, so they will be pulled in anyway individually, but with this change any +such device will be configured, even if it is not pulled by any other unit. + +(cherry picked from commit 8f462b074eb9830d6d5029f70c9010ce50e68357) +--- + system-preset/90-systemd.preset | 1 + + units/remote-cryptsetup.target | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset +index 3ba4bb760d..98bc4c3c55 100644 +--- a/system-preset/90-systemd.preset ++++ b/system-preset/90-systemd.preset +@@ -9,6 +9,7 @@ + # generally follow a default-off policy. + + enable remote-fs.target ++enable remote-cryptsetup.target + enable machines.target + + enable getty@.service +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index 60943bd1cb..c306d521f7 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,3 +8,9 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) ++After=remote-cryptsetup-pre.target ++DefaultDependencies=no ++Conflicts=shutdown.target ++ ++[Install] ++WantedBy=multi-user.target diff --git a/0026-units-replace-remote-cryptsetup-pre.target-with-remo.patch b/0026-units-replace-remote-cryptsetup-pre.target-with-remo.patch new file mode 100644 index 0000000..298d583 --- /dev/null +++ b/0026-units-replace-remote-cryptsetup-pre.target-with-remo.patch @@ -0,0 +1,149 @@ +From c5e8935962eadc9e901f4fe13e187aaaad487142 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:34:54 +0200 +Subject: [PATCH] units: replace remote-cryptsetup-pre.target with + remote-fs-pre.target + +remote-cryptsetup-pre.target was designed as an active unit (that pulls in +network-online.target), the opposite of remote-fs-pre.target (a passive unit, +with individual provider services ordering itself before it and pulling it in, +for example iscsi.service and nfs-client.target). + +To make remote-cryptsetup-pre.target really work, those services should be +ordered before it too. But this would require updates to all those services, +not just changes from systemd side. + +But the requirements for remote-fs-pre.target and remote-cryptset-pre.target +are fairly similar (e.g. iscsi devices can certainly be used for both), so +let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses +a bit of flexibility, but does away with the requirement for various provider +services to know about remote-cryptsetup-pre.target. + +(cherry picked from commit a0dd209763f9e67054ee322a2dfd52bccf345c2e) +--- + man/crypttab.xml | 2 +- + man/systemd.special.xml | 20 ++++---------------- + src/cryptsetup/cryptsetup-generator.c | 2 +- + units/meson.build | 1 - + units/remote-cryptsetup-pre.target | 15 --------------- + units/remote-cryptsetup.target | 2 +- + 6 files changed, 7 insertions(+), 35 deletions(-) + delete mode 100644 units/remote-cryptsetup-pre.target + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index ac7d55271c..caed04836e 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -198,7 +198,7 @@ + started after the network is available, similarly to + systemd.mount5 + units marked with . The service unit to set up this device +- will be ordered between remote-cryptsetup-pre.target and ++ will be ordered between remote-fs-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and + cryptsetup.target. +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index 4beef07dd5..32706dc6cf 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -81,7 +81,6 @@ + poweroff.target, + printer.target, + reboot.target, +- remote-cryptsetup-pre.target, + remote-cryptsetup.target, + remote-fs-pre.target, + remote-fs.target, +@@ -494,18 +493,6 @@ + this target unit, for compatibility with SysV. + + +- +- remote-cryptsetup-pre.target +- +- This target unit is automatically ordered before all cryptsetup devices +- marked with the . It can be used to execute additional +- units before such devices are set up. +- +- It is ordered after network.target and +- network-online.target, and also pulls the latter in as a +- Wants= dependency. +- +- + + remote-cryptsetup.target + +@@ -906,9 +893,10 @@ + remote-fs-pre.target + + This target unit is automatically ordered before all +- remote mount point units (see above). It can be used to run +- certain units before the remote mounts are established. Note +- that this unit is generally not part of the initial ++ mount point units (see above) and cryptsetup devices ++ marked with the . It can be used to run ++ certain units before remote encrypted devices and mounts are established. ++ Note that this unit is generally not part of the initial + transaction, unless the unit that wants to be ordered before + all remote mounts pulls it in via a + Wants= type dependency. If the unit wants +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 3752ca2ef2..040a1aa408 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -113,7 +113,7 @@ static int create_disk( + "Conflicts=umount.target\n" + "IgnoreOnIsolate=true\n" + "After=%s\n", +- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); ++ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); + + if (!nofail) + fprintf(f, +diff --git a/units/meson.build b/units/meson.build +index 8494d23e9e..4e2ae3f302 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -48,7 +48,6 @@ units = [ + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'runlevel6.target ctrl-alt-del.target'], +- ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['remote-fs-pre.target', ''], +diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target +deleted file mode 100644 +index a375e61889..0000000000 +--- a/units/remote-cryptsetup-pre.target ++++ /dev/null +@@ -1,15 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Remote Encrypted Volumes (Pre) +-Documentation=man:systemd.special(7) +-RefuseManualStart=yes +-Before=remote-cryptsetup.target +- +-After=network.target network-online.target +-Wants=network-online.target +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index c306d521f7..d485b06726 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,7 +8,7 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) +-After=remote-cryptsetup-pre.target ++After=remote-fs-pre.target + DefaultDependencies=no + Conflicts=shutdown.target + diff --git a/0027-man-add-a-note-about-_netdev-usage.patch b/0027-man-add-a-note-about-_netdev-usage.patch new file mode 100644 index 0000000..9ca2877 --- /dev/null +++ b/0027-man-add-a-note-about-_netdev-usage.patch @@ -0,0 +1,40 @@ +From 51f2176d0df1088407afbadc138aeaa9dbe017e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:43:58 +0200 +Subject: [PATCH] man: add a note about _netdev usage + +(cherry picked from commit 288c26165e0ff71857394f360f42432bc808556f) +--- + man/crypttab.xml | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index caed04836e..3aebd7ea90 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -201,7 +201,16 @@ + will be ordered between remote-fs-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and +- cryptsetup.target. ++ cryptsetup.target. ++ ++ Hint: if this device is used for a mount point that is specified in ++ fstab5, ++ the option should also be used for the mount ++ point. Otherwise, a dependency loop might be created where the mount point ++ will be pulled in by local-fs.target, while the ++ service to configure the network is usually only started after ++ the local file system has been mounted. ++ + + + +@@ -433,6 +442,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil + systemd1, + systemd-cryptsetup@.service8, + systemd-cryptsetup-generator8, ++ fstab5, + cryptsetup8, + mkswap8, + mke2fs8 diff --git a/0028-units-make-remote-cryptsetup.target-also-after-crypt.patch b/0028-units-make-remote-cryptsetup.target-also-after-crypt.patch new file mode 100644 index 0000000..00c12aa --- /dev/null +++ b/0028-units-make-remote-cryptsetup.target-also-after-crypt.patch @@ -0,0 +1,27 @@ +From d56bbe6540ed5075ab6c2845c63d08c12499e46d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 15:14:46 +0200 +Subject: [PATCH] units: make remote-cryptsetup.target also after + cryptsetup-pre.target + +This way people can order units before cryptsetup-pre.target and +have them run before any cryptsetup-related stuff. + +(cherry picked from commit a0e030f53bad355be1084a0475eb30aae20e3e43) +--- + units/remote-cryptsetup.target | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index d485b06726..ac4e1b71db 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,7 +8,7 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) +-After=remote-fs-pre.target ++After=remote-fs-pre.target cryptsetup-pre.target + DefaultDependencies=no + Conflicts=shutdown.target + diff --git a/0029-man-describe-how-machine-id-should-be-initialized-70.patch b/0029-man-describe-how-machine-id-should-be-initialized-70.patch new file mode 100644 index 0000000..fd5a7cc --- /dev/null +++ b/0029-man-describe-how-machine-id-should-be-initialized-70.patch @@ -0,0 +1,122 @@ +From 07ba9da0bc0d4e3309e766d3734ac56683d3298d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 18:47:34 +0200 +Subject: [PATCH] man: describe how machine-id should be initialized (#7051) + +(cherry picked from commit 74a79c657e17fc43172a59f1f158d4a26aec2be1) +--- + man/machine-id.xml | 90 +++++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 69 insertions(+), 21 deletions(-) + +diff --git a/man/machine-id.xml b/man/machine-id.xml +index 3c261bffcc..e434c89de9 100644 +--- a/man/machine-id.xml ++++ b/man/machine-id.xml +@@ -53,18 +53,26 @@ + + Description + +- The /etc/machine-id file contains the unique machine ID of the local +- system that is set during installation. The machine ID is a single newline-terminated, +- hexadecimal, 32-character, lowercase ID. When decoded from hexadecimal, this corresponds to a +- 16-byte/128-bit value. ++ The /etc/machine-id file contains the unique machine ID of ++ the local system that is set during installation or boot. The machine ID is a single ++ newline-terminated, hexadecimal, 32-character, lowercase ID. When decoded from ++ hexadecimal, this corresponds to a 16-byte/128-bit value. This ID may not be all ++ zeros. + +- The machine ID is usually generated from a random source +- during system installation and stays constant for all subsequent +- boots. Optionally, for stateless systems, it is generated during +- runtime at early boot if it is found to be empty. ++ The machine ID is usually generated from a random source during system ++ installation or first boot and stays constant for all subsequent boots. Optionally, ++ for stateless systems, it is generated during runtime during early boot if necessary. ++ + +- The machine ID does not change based on local or network configuration or when hardware is +- replaced. Due to this and its greater length, it is a more useful replacement for the ++ The machine ID may be set, for example when network booting, with the ++ systemd.machine_id= kernel command line parameter or by passing the ++ option to systemd. An ID is specified in this manner ++ has higher priority and will be used instead of the ID stored in ++ /etc/machine-id. ++ ++ The machine ID does not change based on local or network configuration or when ++ hardware is replaced. Due to this and its greater length, it is a more useful ++ replacement for the + gethostid3 + call that POSIX specifies. + +@@ -79,19 +87,59 @@ + the original machine ID from the application-specific one. The + sd_id128_get_machine_app_specific3 + API provides an implementation of such an algorithm. ++ + +- The ++ ++ Initialization ++ ++ Each machine should have a non-empty ID in normal operation. The ID of each ++ machine should be unique. To achive those objectives, ++ /etc/machine-id can be initialized in a few different ways. ++ ++ ++ For normal operating system installations, where a custom image is created for a ++ specific machine, /etc/machine-id should be populated during ++ installation. ++ ++ + systemd-machine-id-setup1 +- tool may be used by installer tools to initialize the machine ID +- at install time. Use +- systemd-firstboot1 +- to initialize it on mounted (but not booted) system images. +- +- The machine-id may also be set, for example when network +- booting, by setting the systemd.machine_id= +- kernel command line parameter or passing the option +- to systemd. A machine-id may not +- be set to all zeros. ++ may be used by installer tools to initialize the machine ID at install time, but ++ /etc/machine-id may also be written using any other means. ++ ++ ++ For operating system images which are created once and used on multiple ++ machines, for example for containers or in the cloud, ++ /etc/machine-id should be an empty file in the generic file ++ system image. An ID will be generated during boot and saved to this file if ++ possible. Having an empty file in place is useful because it allows a temporary file ++ to be bind-mounted over the real file, in case the image is used read-only. ++ ++ systemd-firstboot1 ++ may be used to to initialize /etc/machine-id on mounted (but not ++ booted) system images. ++ ++ When a machine is booted with ++ systemd1 ++ the ID of the machine will be established. If systemd.machine_id= ++ or options (see first section) are specified, this ++ value will be used. Otherwise, the value in /etc/machine-id will ++ be used. If this file is empty or missing, systemd will attempt ++ to use the D-Bus machine ID from /var/lib/dbus/machine-id, the ++ value of the kernel command line option container_uuid, the KVM DMI ++ product_uuid (on KVM systems), and finally a randomly generated ++ UUID. ++ ++ After the machine ID is established, ++ systemd1 ++ will attempt to save it to /etc/machine-id. If this fails, it ++ will attempt to bind-mount a temporary file over /etc/machine-id. ++ It is an error if the file system is read-only and does not contain a (possibly empty) ++ /etc/machine-id file. ++ ++ systemd-machine-id-commit.service8 ++ will attempt to write the machine ID to the file system if ++ /etc/machine-id or /etc are read-only during ++ early boot but become writable later on. + + + diff --git a/0030-catalog-update-french-translation.patch b/0030-catalog-update-french-translation.patch new file mode 100644 index 0000000..133e045 --- /dev/null +++ b/0030-catalog-update-french-translation.patch @@ -0,0 +1,33 @@ +From ca996afe74bea700282f6f4af6a98b463229ede7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sylvain=20Plantef=C3=A8ve?= +Date: Thu, 19 Oct 2017 00:26:27 +0200 +Subject: [PATCH] catalog: update french translation + +(cherry picked from commit b5ff403d1438e4e5a2634e03a6dfb3f2942fef90) +--- + catalog/systemd.fr.catalog.in | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/catalog/systemd.fr.catalog.in b/catalog/systemd.fr.catalog.in +index c4b1a81ceb..d9fa58fff0 100644 +--- a/catalog/systemd.fr.catalog.in ++++ b/catalog/systemd.fr.catalog.in +@@ -329,3 +329,18 @@ Documentation: man:systemd-resolved.service(8) + Une ancre de confiance DNSSEC a été révoquée. Une nouvelle ancre de + confiance doit être configurée, ou le système d'exploitation a besoin + d'être mis à jour, pour fournir une version à jour de l'ancre de confiance. ++ ++-- 5eb03494b6584870a536b337290809b3 ++Subject: Le redémarrage automatique d'une unité (unit) a été planifié ++Defined-By: systemd ++Support: %SUPPORT_URL% ++ ++Le redémarrage automatique de l'unité (unit) @UNIT@ a été planifié, en ++raison de sa configuration avec le paramètre Restart=. ++ ++-- ae8f7b866b0347b9af31fe1c80b127c0 ++Subject: Ressources consommées durant l'éxécution de l'unité (unit) ++Defined-By: systemd ++Support: %SUPPORT_URL% ++ ++L'unité (unit) @UNIT@ s'est arrêtée et a consommé les ressources indiquées. diff --git a/0031-po-update-french-translation.patch b/0031-po-update-french-translation.patch new file mode 100644 index 0000000..80c922b --- /dev/null +++ b/0031-po-update-french-translation.patch @@ -0,0 +1,241 @@ +From bfbee4194c5a51ebc3c8f06069fa81f37b513ebf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sylvain=20Plantef=C3=A8ve?= +Date: Thu, 19 Oct 2017 00:26:52 +0200 +Subject: [PATCH] po: update french translation + +(cherry picked from commit 629be9c9d18c134feb2a764173eb476a3c107b70) +--- + po/fr.po | 90 ++++++++++++++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 62 insertions(+), 28 deletions(-) + +diff --git a/po/fr.po b/po/fr.po +index 17550c755e..f4c6bfdfe6 100644 +--- a/po/fr.po ++++ b/po/fr.po +@@ -1,14 +1,14 @@ + # French translations for systemd package + # Traductions françaises du paquet systemd. + # This file is distributed under the same license as the systemd package. +-# Sylvain Plantefève , 2013-2016 ++# Sylvain Plantefève , 2013-2017 + # + msgid "" + msgstr "" + "Project-Id-Version: systemd\n" + "Report-Msgid-Bugs-To: \n" + "POT-Creation-Date: 2016-04-24 21:13+0200\n" +-"PO-Revision-Date: 2014-12-28 13:04+0100\n" ++"PO-Revision-Date: 2017-10-18 21:30+0200\n" + "Last-Translator: Sylvain Plantefève \n" + "Language-Team: French\n" + "Language: fr\n" +@@ -358,19 +358,53 @@ msgstr "" + "a demandé de l'empêcher." + + #: ../src/login/org.freedesktop.login1.policy.in.h:39 ++msgid "Halt the system" ++msgstr "Arrêter le système" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++msgid "Authentication is required for halting the system." ++msgstr "Authentification requise pour arrêter le système." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++msgid "Halt the system while other users are logged in" ++msgstr "" ++"Arrêter le système alors que d'autres utilisateurs sont connectés" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++msgid "" ++"Authentication is required for halting the system while other users are " ++"logged in." ++msgstr "" ++"Authentification requise pour arrêter le système alors que d'autres " ++"utilisateurs sont connectés." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++msgid "Halt the system while an application asked to inhibit it" ++msgstr "" ++"Arrêter le système alors qu'une application a demandé de l'empêcher" ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++msgid "" ++"Authentication is required for halting the system while an application " ++"asked to inhibit it." ++msgstr "" ++"Authentification requise pour arrêter le système alors qu'une " ++"application a demandé de l'empêcher." ++ ++#: ../src/login/org.freedesktop.login1.policy.in.h:45 + msgid "Suspend the system" + msgstr "Mettre le système en veille" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:40 ++#: ../src/login/org.freedesktop.login1.policy.in.h:46 + msgid "Authentication is required for suspending the system." + msgstr "Authentification requise pour mettre le système en veille." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:41 ++#: ../src/login/org.freedesktop.login1.policy.in.h:47 + msgid "Suspend the system while other users are logged in" + msgstr "" + "Mettre le système en veille alors que d'autres utilisateurs sont connectés" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:42 ++#: ../src/login/org.freedesktop.login1.policy.in.h:48 + msgid "" + "Authentication is required for suspending the system while other users are " + "logged in." +@@ -378,12 +412,12 @@ msgstr "" + "Authentification requise pour mettre le système en veille alors que d'autres " + "utilisateurs sont connectés." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:43 ++#: ../src/login/org.freedesktop.login1.policy.in.h:49 + msgid "Suspend the system while an application asked to inhibit it" + msgstr "" + "Mettre le système en veille alors qu'une application a demandé de l'empêcher" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:44 ++#: ../src/login/org.freedesktop.login1.policy.in.h:50 + msgid "" + "Authentication is required for suspending the system while an application " + "asked to inhibit it." +@@ -391,21 +425,21 @@ msgstr "" + "Authentification requise pour mettre le système en veille alors qu'une " + "application a demandé de l'empêcher." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:45 ++#: ../src/login/org.freedesktop.login1.policy.in.h:51 + msgid "Hibernate the system" + msgstr "Mettre le système en hibernation" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:46 ++#: ../src/login/org.freedesktop.login1.policy.in.h:52 + msgid "Authentication is required for hibernating the system." + msgstr "Authentification requise pour mettre le système en hibernation." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:47 ++#: ../src/login/org.freedesktop.login1.policy.in.h:53 + msgid "Hibernate the system while other users are logged in" + msgstr "" + "Mettre le système en hibernation alors que d'autres utilisateurs sont " + "connectés" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:48 ++#: ../src/login/org.freedesktop.login1.policy.in.h:54 + msgid "" + "Authentication is required for hibernating the system while other users are " + "logged in." +@@ -413,13 +447,13 @@ msgstr "" + "Authentification requise pour mettre le système en hibernation alors que " + "d'autres utilisateurs sont connectés." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:49 ++#: ../src/login/org.freedesktop.login1.policy.in.h:55 + msgid "Hibernate the system while an application asked to inhibit it" + msgstr "" + "Mettre le système en hibernation alors qu'une application a demandé de " + "l'empêcher" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:50 ++#: ../src/login/org.freedesktop.login1.policy.in.h:56 + msgid "" + "Authentication is required for hibernating the system while an application " + "asked to inhibit it." +@@ -427,34 +461,34 @@ msgstr "" + "Authentification requise pour mettre le système en hibernation alors qu'une " + "application a demandé de l'empêcher." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:51 ++#: ../src/login/org.freedesktop.login1.policy.in.h:57 + msgid "Manage active sessions, users and seats" + msgstr "Gérer les sessions actives, les utilisateurs et les postes (seats)" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:52 ++#: ../src/login/org.freedesktop.login1.policy.in.h:58 + msgid "" + "Authentication is required for managing active sessions, users and seats." + msgstr "" + "Authentification requise pour gérer les sessions actives, les utilisateurs " + "et les postes (seats)." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:53 ++#: ../src/login/org.freedesktop.login1.policy.in.h:59 + msgid "Lock or unlock active sessions" + msgstr "Verrouiller ou déverrouiller des sessions actives" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:54 ++#: ../src/login/org.freedesktop.login1.policy.in.h:60 + msgid "Authentication is required to lock or unlock active sessions." + msgstr "" + "Authentification requise pour verrouiller ou déverrouiller des sessions " + "actives." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:55 ++#: ../src/login/org.freedesktop.login1.policy.in.h:61 + msgid "Allow indication to the firmware to boot to setup interface" + msgstr "" + "Permet d'indiquer au micrologiciel de démarrer sur l'interface de " + "configuration" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:56 ++#: ../src/login/org.freedesktop.login1.policy.in.h:62 + msgid "" + "Authentication is required to indicate to the firmware to boot to setup " + "interface." +@@ -462,11 +496,11 @@ msgstr "" + "Authentification requise pour indiquer au micrologiciel de démarrer sur " + "l'interface de configuration." + +-#: ../src/login/org.freedesktop.login1.policy.in.h:57 ++#: ../src/login/org.freedesktop.login1.policy.in.h:63 + msgid "Set a wall message" + msgstr "Définir un message wall" + +-#: ../src/login/org.freedesktop.login1.policy.in.h:58 ++#: ../src/login/org.freedesktop.login1.policy.in.h:64 + msgid "Authentication is required to set a wall message" + msgstr "Authentification requise pour définir un message wall." + +@@ -591,33 +625,33 @@ msgstr "" + "Authentification requise pour activer ou désactiver la synchronisation de " + "l'heure avec le réseau." + +-#: ../src/core/dbus-unit.c:450 ++#: ../src/core/dbus-unit.c:458 + msgid "Authentication is required to start '$(unit)'." + msgstr "Authentification requise pour démarrer « $(unit) »." + +-#: ../src/core/dbus-unit.c:451 ++#: ../src/core/dbus-unit.c:459 + msgid "Authentication is required to stop '$(unit)'." + msgstr "Authentification requise pour arrêter « $(unit) »." + +-#: ../src/core/dbus-unit.c:452 ++#: ../src/core/dbus-unit.c:460 + msgid "Authentication is required to reload '$(unit)'." + msgstr "Authentification requise pour recharger « $(unit) »." + +-#: ../src/core/dbus-unit.c:453 ../src/core/dbus-unit.c:454 ++#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462 + msgid "Authentication is required to restart '$(unit)'." + msgstr "Authentification requise pour redémarrer « $(unit) »." + +-#: ../src/core/dbus-unit.c:560 ++#: ../src/core/dbus-unit.c:569 + msgid "Authentication is required to kill '$(unit)'." + msgstr "Authentification requise pour tuer « $(unit) »." + +-#: ../src/core/dbus-unit.c:590 ++#: ../src/core/dbus-unit.c:600 + msgid "Authentication is required to reset the \"failed\" state of '$(unit)'." + msgstr "" + "Authentification requise pour réinitialiser l'état d'« échec » de " + "« $(unit) »." + +-#: ../src/core/dbus-unit.c:622 ++#: ../src/core/dbus-unit.c:633 + msgid "Authentication is required to set properties on '$(unit)'." + msgstr "Authentification requise pour définir des propriétés de « $(unit) »." + diff --git a/0032-sd-radv-Allocate-space-also-for-DNSSL-iov-option-714.patch b/0032-sd-radv-Allocate-space-also-for-DNSSL-iov-option-714.patch new file mode 100644 index 0000000..c098d8c --- /dev/null +++ b/0032-sd-radv-Allocate-space-also-for-DNSSL-iov-option-714.patch @@ -0,0 +1,29 @@ +From ffee10553f786e69787f9813dae5b0395040b443 Mon Sep 17 00:00:00 2001 +From: Patrik Flykt +Date: Fri, 20 Oct 2017 11:59:15 +0300 +Subject: [PATCH] sd-radv: Allocate space also for DNSSL iov option (#7144) + +The iov array needs to hold five entries in addition to the number +of prefixes. + +(cherry picked from commit 6852c0f6b0f7a4ac666e1d174f366d003d31edb3) +--- + src/libsystemd-network/sd-radv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd-network/sd-radv.c b/src/libsystemd-network/sd-radv.c +index a3aa5c9c62..e4d12977cd 100644 +--- a/src/libsystemd-network/sd-radv.c ++++ b/src/libsystemd-network/sd-radv.c +@@ -160,8 +160,9 @@ static int radv_send(sd_radv *ra, const struct in6_addr *dst, + .nd_opt_mtu_type = ND_OPT_MTU, + .nd_opt_mtu_len = 1, + }; +- /* Reserve iov space for RA header, linkaddr, MTU, N prefixes, RDNSS */ +- struct iovec iov[4 + ra->n_prefixes]; ++ /* Reserve iov space for RA header, linkaddr, MTU, N prefixes, RDNSS ++ and DNSSL */ ++ struct iovec iov[5 + ra->n_prefixes]; + struct msghdr msg = { + .msg_name = &dst_addr, + .msg_namelen = sizeof(dst_addr), diff --git a/0033-modprobe.d-fix-directory-of-modprobe-configuration-f.patch b/0033-modprobe.d-fix-directory-of-modprobe-configuration-f.patch new file mode 100644 index 0000000..d392d58 --- /dev/null +++ b/0033-modprobe.d-fix-directory-of-modprobe-configuration-f.patch @@ -0,0 +1,30 @@ +From 6529579e0b2aed71bb5bd952cb8a82d25ca259bd Mon Sep 17 00:00:00 2001 +From: Michael Biebl +Date: Sat, 21 Oct 2017 08:32:50 +0200 +Subject: [PATCH] modprobe.d: fix directory of modprobe configuration file + (#7149) + +kmod upstream uses /lib/modprobe.d which means we need to use rootprefix +instead of prefix for installing the modprobe configuration file as +otherwise split-usr systems are broken. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879191 + +(cherry picked from commit 02fa054dc44916f4840e2020a5ebac3042d4bf65) +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index f7a610af3b..e394ee5eee 100644 +--- a/meson.build ++++ b/meson.build +@@ -83,7 +83,7 @@ polkitpkladir = join_paths(localstatedir, 'lib/polkit-1/localauthority/10-vendor + varlogdir = join_paths(localstatedir, 'log') + xinitrcdir = join_paths(sysconfdir, 'X11/xinit/xinitrc.d') + rpmmacrosdir = get_option('rpmmacrosdir') +-modprobedir = join_paths(prefixdir, 'lib/modprobe.d') ++modprobedir = join_paths(rootprefixdir, 'lib/modprobe.d') + + # Our own paths + pkgdatadir = join_paths(datadir, 'systemd') diff --git a/0034-nspawn-Fix-calculation-of-capabilities-for-configura.patch b/0034-nspawn-Fix-calculation-of-capabilities-for-configura.patch new file mode 100644 index 0000000..564c392 --- /dev/null +++ b/0034-nspawn-Fix-calculation-of-capabilities-for-configura.patch @@ -0,0 +1,31 @@ +From b4c63693634d3a56a1afe22dd59c63a7e8fe99f8 Mon Sep 17 00:00:00 2001 +From: myrkr +Date: Tue, 24 Oct 2017 09:56:40 +0200 +Subject: [PATCH] nspawn: Fix calculation of capabilities for configuration + file (#7087) + +The current code shifting an integer 1 failed for capabilities like +CAP_MAC_ADMIN (numerical value 33). This caused issues when specifying +them in the nspawn configuration file. Using an uint64_t 1 instead. + +The similar code for processing the --capability command line option +was already correctly working. + +(cherry picked from commit 1898e5f9a37d1a50f8c0bd1147abe11c3d38a16b) +--- + src/nspawn/nspawn-settings.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c +index c02c1ea697..285e22820f 100644 +--- a/src/nspawn/nspawn-settings.c ++++ b/src/nspawn/nspawn-settings.c +@@ -202,7 +202,7 @@ int config_parse_capability( + continue; + } + +- u |= 1 << ((uint64_t) cap); ++ u |= UINT64_C(1) << cap; + } + + if (u == 0) diff --git a/0035-timedatectl-stop-using-xstrftime.patch b/0035-timedatectl-stop-using-xstrftime.patch new file mode 100644 index 0000000..3e19fcd --- /dev/null +++ b/0035-timedatectl-stop-using-xstrftime.patch @@ -0,0 +1,116 @@ +From b3e823e43c45b6233405d62e5f095c11130e638f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 16:15:09 +0200 +Subject: [PATCH] timedatectl: stop using xstrftime +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When using strftime in arbitrary locales, we cannot really say how big the +buffer should be. Let's make the buffer "large", which will work fine pretty +much always, and just print n/a if the timestamp does not fit. strftime returns +0 if the buffer is too small and a NUL-terminated string otherwise, so we +can drop the size specifications in string formatting. + +$ export LANG=fa_IR.UTF-8 +$ date +چهارشنبه ۱۸ اكتبر ۱۷، ساعت ۱۰:۵۴:۲۴ (+0330) +$ timedatectl +Assertion 'xstrftime: a[] must be big enough' failed at ../src/timedate/timedatectl.c:105, function print_status_info(). Aborting. + +now: + +$ timedatectl + Local time: چهارشنبه 2017-10-18 16:29:40 CEST + Universal time: چهارشنبه 2017-10-18 14:29:40 UTC + RTC time: چهارشنبه 2017-10-18 14:29:40 +… + +https://bugzilla.redhat.com/show_bug.cgi?id=1503452 +(cherry picked from commit 14ce0c25c28ba58e80084e28b4f23884199900e4) +--- + src/basic/time-util.h | 4 ---- + src/timedate/timedatectl.c | 21 +++++++++++---------- + 2 files changed, 11 insertions(+), 14 deletions(-) + +diff --git a/src/basic/time-util.h b/src/basic/time-util.h +index 3b7f0e99c0..73f7e40066 100644 +--- a/src/basic/time-util.h ++++ b/src/basic/time-util.h +@@ -148,10 +148,6 @@ clockid_t clock_boottime_or_monotonic(void); + + usec_t usec_shift_clock(usec_t, clockid_t from, clockid_t to); + +-#define xstrftime(buf, fmt, tm) \ +- assert_message_se(strftime(buf, ELEMENTSOF(buf), fmt, tm) > 0, \ +- "xstrftime: " #buf "[] must be big enough") +- + int get_timezone(char **timezone); + + time_t mktime_or_timegm(struct tm *tm, bool utc); +diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c +index a30e783c09..716675aa1d 100644 +--- a/src/timedate/timedatectl.c ++++ b/src/timedate/timedatectl.c +@@ -72,12 +72,13 @@ static void status_info_clear(StatusInfo *info) { + } + + static void print_status_info(const StatusInfo *i) { +- char a[FORMAT_TIMESTAMP_MAX]; ++ char a[LINE_MAX]; + struct tm tm; + time_t sec; + bool have_time = false; + const char *old_tz = NULL, *tz; + int r; ++ size_t n; + + assert(i); + +@@ -102,11 +103,11 @@ static void print_status_info(const StatusInfo *i) { + log_warning("Could not get time from timedated and not operating locally, ignoring."); + + if (have_time) { +- xstrftime(a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm)); +- printf(" Local time: %.*s\n", (int) sizeof(a), a); ++ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm)); ++ printf(" Local time: %s\n", n > 0 ? a : "n/a"); + +- xstrftime(a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm)); +- printf(" Universal time: %.*s\n", (int) sizeof(a), a); ++ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm)); ++ printf(" Universal time: %s\n", n > 0 ? a : "n/a"); + } else { + printf(" Local time: %s\n", "n/a"); + printf(" Universal time: %s\n", "n/a"); +@@ -116,13 +117,13 @@ static void print_status_info(const StatusInfo *i) { + time_t rtc_sec; + + rtc_sec = (time_t) (i->rtc_time / USEC_PER_SEC); +- xstrftime(a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm)); +- printf(" RTC time: %.*s\n", (int) sizeof(a), a); ++ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm)); ++ printf(" RTC time: %s\n", n > 0 ? a : "n/a"); + } else + printf(" RTC time: %s\n", "n/a"); + + if (have_time) +- xstrftime(a, "%Z, %z", localtime_r(&sec, &tm)); ++ n = strftime(a, sizeof a, "%Z, %z", localtime_r(&sec, &tm)); + + /* Restore the $TZ */ + if (old_tz) +@@ -134,11 +135,11 @@ static void print_status_info(const StatusInfo *i) { + else + tzset(); + +- printf(" Time zone: %s (%.*s)\n" ++ printf(" Time zone: %s (%s)\n" + " System clock synchronized: %s\n" + "systemd-timesyncd.service active: %s\n" + " RTC in local TZ: %s\n", +- strna(i->timezone), (int) sizeof(a), have_time ? a : "n/a", ++ strna(i->timezone), have_time && n > 0 ? a : "n/a", + i->ntp_capable ? yes_no(i->ntp_enabled) : "n/a", + yes_no(i->ntp_synced), + yes_no(i->rtc_local)); diff --git a/0036-core-fix-D-Bus-API.patch b/0036-core-fix-D-Bus-API.patch new file mode 100644 index 0000000..b8b51d1 --- /dev/null +++ b/0036-core-fix-D-Bus-API.patch @@ -0,0 +1,201 @@ +From 5038dc90efcd92e3fbbae06a7d459c8f5d549915 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 19 Oct 2017 22:40:04 +0900 +Subject: [PATCH] core: fix D-Bus API + +This fixes bugs introduced by cffaed83e87bde81378b2be74192193850d0e03a. + +Closes #7129. + +(cherry picked from commit 3f856a2813359ad8203ccad388e54ff41a9ecaf1) +--- + src/core/dbus-execute.c | 8 ++--- + src/shared/bus-unit-util.c | 79 ++++++++++++++++++++++++++-------------------- + 2 files changed, 49 insertions(+), 38 deletions(-) + +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index e0aa9fdd82..26c6e039b8 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -1189,7 +1189,7 @@ int bus_exec_context_set_transient_property( + + } else if (streq(name, "SystemCallFilter")) { + int whitelist; +- _cleanup_strv_free_ char **l; ++ _cleanup_strv_free_ char **l = NULL; + + r = sd_bus_message_enter_container(message, 'r', "bas"); + if (r < 0) +@@ -1238,7 +1238,7 @@ int bus_exec_context_set_transient_property( + if (id == __NR_SCMP_ERROR) + return -EINVAL; + +- r = set_put(c->address_families, INT_TO_PTR(id + 1)); ++ r = set_put(c->syscall_filter, INT_TO_PTR(id + 1)); + if (r < 0) + return r; + } +@@ -1250,7 +1250,7 @@ int bus_exec_context_set_transient_property( + if (id == __NR_SCMP_ERROR) + return -EINVAL; + +- r = set_put(c->address_families, INT_TO_PTR(id + 1)); ++ r = set_put(c->syscall_filter, INT_TO_PTR(id + 1)); + if (r < 0) + return r; + } +@@ -1330,7 +1330,7 @@ int bus_exec_context_set_transient_property( + + } else if (streq(name, "RestrictAddressFamilies")) { + int whitelist; +- _cleanup_strv_free_ char **l; ++ _cleanup_strv_free_ char **l = NULL; + + r = sd_bus_message_enter_container(message, 'r', "bas"); + if (r < 0) +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 6e2022587a..0b8260193a 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -602,12 +602,9 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen + + } else if (streq(field, "SystemCallFilter")) { + int whitelist; ++ _cleanup_strv_free_ char **l = NULL; + const char *p; + +- r = sd_bus_message_open_container(m, 'v', "bas"); +- if (r < 0) +- return bus_log_create_error(r); +- + p = eq; + if (*p == '~') { + whitelist = 0; +@@ -615,18 +612,10 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen + } else + whitelist = 1; + +- r = sd_bus_message_append_basic(m, 'b', &whitelist); +- if (r < 0) +- return bus_log_create_error(r); +- +- r = sd_bus_message_open_container(m, 'a', "s"); +- if (r < 0) +- return bus_log_create_error(r); +- + if (whitelist != 0) { +- r = sd_bus_message_append_basic(m, 's', "@default"); ++ r = strv_extend(&l, "@default"); + if (r < 0) +- return bus_log_create_error(r); ++ return log_oom(); + } + + for (;;) { +@@ -638,16 +627,34 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen + if (r == 0) + break; + +- r = sd_bus_message_append_basic(m, 's', word); ++ r = strv_extend(&l, word); + if (r < 0) +- return bus_log_create_error(r); ++ return log_oom(); + } + ++ r = sd_bus_message_open_container(m, 'v', "(bas)"); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_open_container(m, 'r', "bas"); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append_basic(m, 'b', &whitelist); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append_strv(m, l); ++ if (r < 0) ++ return bus_log_create_error(r); ++ + r = sd_bus_message_close_container(m); + if (r < 0) + return bus_log_create_error(r); + + r = sd_bus_message_close_container(m); ++ if (r < 0) ++ return bus_log_create_error(r); + + } else if (streq(field, "SystemCallArchitectures")) { + const char *p; +@@ -691,27 +698,15 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen + + } else if (streq(field, "RestrictAddressFamilies")) { + int whitelist; +- const char *p; ++ _cleanup_strv_free_ char **l = NULL; ++ const char *p = eq; + +- r = sd_bus_message_open_container(m, 'v', "bas"); +- if (r < 0) +- return bus_log_create_error(r); +- +- p = eq; + if (*p == '~') { + whitelist = 0; + p++; + } else + whitelist = 1; + +- r = sd_bus_message_append_basic(m, 'b', &whitelist); +- if (r < 0) +- return bus_log_create_error(r); +- +- r = sd_bus_message_open_container(m, 'a', "s"); +- if (r < 0) +- return bus_log_create_error(r); +- + for (;;) { + _cleanup_free_ char *word = NULL; + +@@ -721,19 +716,35 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen + if (r == 0) + break; + +- r = sd_bus_message_append_basic(m, 's', word); ++ r = strv_extend(&l, word); + if (r < 0) +- return bus_log_create_error(r); ++ return log_oom(); + } + +- r = sd_bus_message_close_container(m); ++ r = sd_bus_message_open_container(m, 'v', "(bas)"); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_open_container(m, 'r', "bas"); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append_basic(m, 'b', &whitelist); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append_strv(m, l); + if (r < 0) + return bus_log_create_error(r); + + r = sd_bus_message_close_container(m); ++ if (r < 0) ++ return bus_log_create_error(r); + ++ r = sd_bus_message_close_container(m); ++ if (r < 0) ++ return bus_log_create_error(r); + #endif +- + } else if (streq(field, "FileDescriptorStoreMax")) { + unsigned u; + diff --git a/0037-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch b/0037-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch new file mode 100644 index 0000000..dd4d652 --- /dev/null +++ b/0037-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch @@ -0,0 +1,37 @@ +From 1b7014dfc1584d1f3b10eb91c4f22e0deaca999d Mon Sep 17 00:00:00 2001 +From: Lauri Tirkkonen +Date: Tue, 24 Oct 2017 20:40:50 +0300 +Subject: [PATCH] nspawn: EROFS for chowning mount points is not fatal (#7122) + +This fixes --read-only with --private-users. mkdir_userns_p may return +-EROFS if either mkdir or lchown fails; lchown failing is fine as the +mount point will just be overmounted, and if mkdir fails then the +following mount() will also fail (with ENOENT). + +(cherry picked from commit 4f13e534282414b5e58ef31a26cc5c3f06f8cb18) +--- + src/nspawn/nspawn-mount.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c +index 531f29cb7b..9b7ceb6bdc 100644 +--- a/src/nspawn/nspawn-mount.c ++++ b/src/nspawn/nspawn-mount.c +@@ -598,11 +598,15 @@ int mount_all(const char *dest, + + r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift); + if (r < 0 && r != -EEXIST) { +- if (fatal) ++ if (fatal && r != -EROFS) + return log_error_errno(r, "Failed to create directory %s: %m", where); + + log_debug_errno(r, "Failed to create directory %s: %m", where); +- continue; ++ /* If we failed mkdir() or chown() due to the root ++ * directory being read only, attempt to mount this fs ++ * anyway and let mount_verbose log any errors */ ++ if (r != -EROFS) ++ continue; + } + + o = mount_table[k].options; diff --git a/0038-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/0038-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch new file mode 100644 index 0000000..b44b374 --- /dev/null +++ b/0038-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch @@ -0,0 +1,37 @@ +From 743b771c559c6101544f7358a42c8c519fe4b0db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 25 Oct 2017 11:19:19 +0200 +Subject: [PATCH] resolved: fix loop on packets with pseudo dns types + +Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. + +https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 +(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62) +--- + src/resolve/resolved-dns-packet.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index e2f227bfc6..35f4d0689b 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + + found = true; + +- while (bitmask) { ++ for (; bitmask; bit++, bitmask >>= 1) + if (bitmap[i] & bitmask) { + uint16_t n; + +@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + if (r < 0) + return r; + } +- +- bit++; +- bitmask >>= 1; +- } + } + + if (!found) diff --git a/systemd.spec b/systemd.spec index bcb5935..b1a166c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 235 -Release: 2%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Release: 3%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -41,17 +41,49 @@ Source11: 20-grubby.install Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60ceade446773c67031b47a566d4a70d/src/login/systemd-user.m4 %if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v234..v234-stable +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch %endif Patch0001: 0001-po-update-Polish-translation-7015.patch -Patch0002: 0002-tests-skip-tests-when-cg_pid_get_path-fails.patch -Patch0003: 0003-units-add-Install-section-to-remote-cryptsetup.targe.patch -Patch0004: 0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch -Patch0005: 0005-man-add-a-note-about-_netdev-usage.patch -Patch0006: 0006-units-make-remote-cryptsetup.target-also-after-crypt.patch +Patch0002: 0002-man-fix-typo-for-in-systemd.service-7031.patch +Patch0003: 0003-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch +Patch0004: 0004-Updated-Turkish-translation-7017.patch +Patch0005: 0005-catalog-po-update-Russian-translation-7041.patch +Patch0006: 0006-l10n-update-Czech-Translation-7049.patch +Patch0007: 0007-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch +Patch0008: 0008-core-fix-segfault-in-compile_bind_mounts-when-BindPa.patch +Patch0009: 0009-namespace-fall-back-gracefully-when-kernel-doesn-t-s.patch +Patch0010: 0010-networkd-bridge-allow-AgeingTimeSec-to-be-set-0-7021.patch +Patch0011: 0011-systemctl-supress-enable-disable-messages-when-q-is-.patch +Patch0012: 0012-man-update-changes-about-gateway-_gateway-7085.patch +Patch0013: 0013-basic-env-util-drop-the-validation-when-deserializin.patch +Patch0014: 0014-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch +Patch0015: 0015-test-path-fix-inverted-return-value-7050.patch +Patch0016: 0016-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch +Patch0017: 0017-dynamic-user-label-functions-not-necessary-to-export.patch +Patch0018: 0018-dynamic-user-permit-the-case-static-uid-and-gid-are-.patch +Patch0019: 0019-core-fix-invalid-error-message.patch +Patch0020: 0020-man-comment-a-requirement-about-the-static-user-or-g.patch +Patch0021: 0021-core-dynamic-user-use-_cleanup_-in-dynamic-user-lock.patch +Patch0022: 0022-core-dynamic-user-use-gid-from-pwnam-if-a-static-use.patch +Patch0023: 0023-networkd-Consider-linkLocalAddressing-state-while-co.patch +Patch0024: 0024-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch +Patch0025: 0025-units-add-Install-section-to-remote-cryptsetup.targe.patch +Patch0026: 0026-units-replace-remote-cryptsetup-pre.target-with-remo.patch +Patch0027: 0027-man-add-a-note-about-_netdev-usage.patch +Patch0028: 0028-units-make-remote-cryptsetup.target-also-after-crypt.patch +Patch0029: 0029-man-describe-how-machine-id-should-be-initialized-70.patch +Patch0030: 0030-catalog-update-french-translation.patch +Patch0031: 0031-po-update-french-translation.patch +Patch0032: 0032-sd-radv-Allocate-space-also-for-DNSSL-iov-option-714.patch +Patch0033: 0033-modprobe.d-fix-directory-of-modprobe-configuration-f.patch +Patch0034: 0034-nspawn-Fix-calculation-of-capabilities-for-configura.patch +Patch0035: 0035-timedatectl-stop-using-xstrftime.patch +Patch0036: 0036-core-fix-D-Bus-API.patch +Patch0037: 0037-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch +Patch0038: 0038-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -1035,7 +1067,10 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/tests %changelog -* Wed Oct 18 2017 zbyszek - 235-2 +* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 +- Backport a bunch of patches, including LP#172535 + +* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 - Patches for cryptsetup _netdev * Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1