diff --git a/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch b/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch index 5856ed0..fa86425 100644 --- a/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch +++ b/0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch @@ -1,4 +1,4 @@ -From e48936b0be085f15a2e2ac88b2e50a91a66782ac Mon Sep 17 00:00:00 2001 +From ce0609bc26d33e47b23fbbe1aa7465283a10fb10 Mon Sep 17 00:00:00 2001 From: Daniel Berrange Date: Wed, 19 Jul 2017 10:06:07 +0100 Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399) diff --git a/0013-test-condition-don-t-assume-that-all-non-root-users-.patch b/0013-test-condition-don-t-assume-that-all-non-root-users-.patch index 8212cd4..37d844e 100644 --- a/0013-test-condition-don-t-assume-that-all-non-root-users-.patch +++ b/0013-test-condition-don-t-assume-that-all-non-root-users-.patch @@ -1,4 +1,4 @@ -From 8864ff594b43a34e5a593da42336f28e2f30b9f5 Mon Sep 17 00:00:00 2001 +From 6e4a6549267f3e932b3478abfe9f863b55259538 Mon Sep 17 00:00:00 2001 From: Felipe Sateler Date: Wed, 19 Jul 2017 20:48:23 -0400 Subject: [PATCH] test-condition: don't assume that all non-root users are diff --git a/0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch b/0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch new file mode 100644 index 0000000..017f4a6 --- /dev/null +++ b/0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch @@ -0,0 +1,71 @@ +From 5b499dab86989eb61d7b82053a3b1a2e5e054a2e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 22 Jul 2017 08:39:49 -0400 +Subject: [PATCH] Revert "core: don't load dropin data multiple times for the + same unit (#5139)" + +This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244. + +When we add another name to a unit (by following an alias), we need to +reload all drop-ins. This is necessary to load any additional dropins +found in the dirs created from the alias name. + +Fixes #6334. + +(cherry picked from commit 9e4ea9cc34fa032a47c253ddd94ac6c7afda663e) +--- + src/core/unit.c | 23 +++++++---------------- + 1 file changed, 7 insertions(+), 16 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index b28eeb2262..9d913e8c64 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1098,7 +1098,6 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + + /* Common implementation for multiple backends */ + int unit_load_fragment_and_dropin(Unit *u) { +- Unit *t; + int r; + + assert(u); +@@ -1111,18 +1110,15 @@ int unit_load_fragment_and_dropin(Unit *u) { + if (u->load_state == UNIT_STUB) + return -ENOENT; + +- /* If the unit is an alias and the final unit has already been +- * loaded, there's no point in reloading the dropins one more time. */ +- t = unit_follow_merge(u); +- if (t != u && t->load_state != UNIT_STUB) +- return 0; +- +- return unit_load_dropin(t); ++ /* Load drop-in directory data. If u is an alias, we might be reloading the ++ * target unit needlessly. But we cannot be sure which drops-ins have already ++ * been loaded and which not, at least without doing complicated book-keeping, ++ * so let's always reread all drop-ins. */ ++ return unit_load_dropin(unit_follow_merge(u)); + } + + /* Common implementation for multiple backends */ + int unit_load_fragment_and_dropin_optional(Unit *u) { +- Unit *t; + int r; + + assert(u); +@@ -1138,13 +1134,8 @@ int unit_load_fragment_and_dropin_optional(Unit *u) { + if (u->load_state == UNIT_STUB) + u->load_state = UNIT_LOADED; + +- /* If the unit is an alias and the final unit has already been +- * loaded, there's no point in reloading the dropins one more time. */ +- t = unit_follow_merge(u); +- if (t != u && t->load_state != UNIT_STUB) +- return 0; +- +- return unit_load_dropin(t); ++ /* Load drop-in directory data */ ++ return unit_load_dropin(unit_follow_merge(u)); + } + + int unit_add_default_target_dependency(Unit *u, Unit *target) { diff --git a/0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch b/0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch deleted file mode 100644 index 79a140d..0000000 --- a/0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch +++ /dev/null @@ -1,31 +0,0 @@ -From eca55fbc51056b2a4fa3242917b6fc2f0c02e981 Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Thu, 20 Jul 2017 19:13:09 +0200 -Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411) - -In case fstab-generator is called in the initrd, chase_symlinks() -returns with a canonical path "/sysroot/sysroot/", if the -"/sysroot" prefix is present in the path. - -This patch skips the "/sysroot" prefix for the chase_symlinks() call, -because "/sysroot" is already the root directory and chase_symlinks() -prepends the root directory in the canonical path returned. - -(cherry picked from commit 98eda38aed6a10c4f6d6ad0cac6e5361e87de52b) ---- - src/fstab-generator/fstab-generator.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index 7f23b9fd74..f172e9c07b 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -537,7 +537,7 @@ static int parse_fstab(bool initrd) { - continue; - } - -- where = initrd ? strappend("/sysroot/", me->mnt_dir) : strdup(me->mnt_dir); -+ where = strdup(me->mnt_dir); - if (!where) - return log_oom(); - diff --git a/0015-bash-completion-use-the-first-argument-instead-of-th.patch b/0015-bash-completion-use-the-first-argument-instead-of-th.patch new file mode 100644 index 0000000..f4030a7 --- /dev/null +++ b/0015-bash-completion-use-the-first-argument-instead-of-th.patch @@ -0,0 +1,73 @@ +From 4c02374f27cd8bbd4cc101cf350b1219c05e8911 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 27 Jul 2017 20:22:54 +0900 +Subject: [PATCH] bash-completion: use the first argument instead of the global + variable (#6457) + +Without this fix: + +$ systemctl start +Display all 135 possibilities? (y or n) +$ __get_startable_units --system | wc -l +224 + +the number of the suggestions are quite different, as __get_startable_units --system does +not filter already started units. With this fix, + +$ systemctl start +Display all 135 possibilities? (y or n) +$ __get_startable_units --system | wc -l +123 +$ __get_template_names --system | wc -l +12 + +the number of the suggestions matches one the function returns. +For consistency with the other internal functions, it should use the first argument +instead of the global variable $mode. + +[zj: add commit message to make it sound like we know what we're doing] + +(cherry picked from commit 6bda23dd6aaba50cf8e3e6024248cf736cc443ca) +--- + shell-completion/bash/systemctl.in | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in +index 0398d09d18..bde28efc3e 100644 +--- a/shell-completion/bash/systemctl.in ++++ b/shell-completion/bash/systemctl.in +@@ -68,7 +68,7 @@ __filter_units_by_properties () { + done + for ((i=0; i < ${#units[*]}; i++)); do + for ((j=0; j < ${#conditions[*]}; j++)); do +- if [[ "${props[ i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then ++ if [[ "${props[i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then + break + fi + done +@@ -87,19 +87,19 @@ __get_active_units () { __systemctl $1 list-units \ + | { while read -r a b; do echo " $a"; done; }; } + __get_startable_units () { + # find startable inactive units +- __filter_units_by_properties $mode ActiveState,CanStart inactive,yes $( +- { __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \ ++ __filter_units_by_properties $1 ActiveState,CanStart inactive,yes $( ++ { __systemctl $1 list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \ + { while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; } +- __systemctl $mode list-units --state inactive,failed | \ ++ __systemctl $1 list-units --state inactive,failed | \ + { while read -r a b c; do [[ $b == "loaded" ]] && echo " $a"; done; } + } | sort -u ) + } + __get_restartable_units () { + # filter out masked and not-found +- __filter_units_by_property $mode CanStart yes $( +- __systemctl $mode list-unit-files --state enabled,disabled,static | \ ++ __filter_units_by_property $1 CanStart yes $( ++ __systemctl $1 list-unit-files --state enabled,disabled,static | \ + { while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; } +- __systemctl $mode list-units | \ ++ __systemctl $1 list-units | \ + { while read -r a b; do echo " $a"; done; } ) + } + __get_failed_units () { __systemctl $1 list-units \ diff --git a/0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch b/0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch deleted file mode 100644 index 0dc1b02..0000000 --- a/0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0e50428d3699e3ad25861f458540d24038cfaa4e Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 20 Jul 2017 20:46:58 +0200 -Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message - from unexpected process (#6416) - -Given that we set NOTIFY_SOCKET unconditionally it's not surprising that -processes way down the process tree think it's smart to send us a -notification message. - -It's still useful to keep this message, for debugging things, but it -shouldn't be generated by default. - -(cherry picked from commit 8cb574307963d1aeb1c53e1d1fbeee4a2be37259) ---- - src/nspawn/nspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 8a5fedd4b0..0cbd8c3491 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -2836,7 +2836,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r - } - - if (!ucred || ucred->pid != inner_child_pid) { -- log_warning("Received notify message without valid credentials. Ignoring."); -+ log_debug("Received notify message without valid credentials. Ignoring."); - return 0; - } - diff --git a/0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch b/0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch deleted file mode 100644 index 383d5bd..0000000 --- a/0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 29d9cfc097586ac79911a5f5035c45b1971a5b1f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 22 Jul 2017 08:39:49 -0400 -Subject: [PATCH] Revert "core: don't load dropin data multiple times for the - same unit (#5139)" - -This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244. - -When we add another name to a unit (by following an alias), we need to -reload all drop-ins. This is necessary to load any additional dropins -found in the dirs created from the alias name. - -Fixes #6334. - -(cherry picked from commit 9e4ea9cc34fa032a47c253ddd94ac6c7afda663e) ---- - src/core/unit.c | 23 +++++++---------------- - 1 file changed, 7 insertions(+), 16 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index b28eeb2262..9d913e8c64 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1098,7 +1098,6 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { - - /* Common implementation for multiple backends */ - int unit_load_fragment_and_dropin(Unit *u) { -- Unit *t; - int r; - - assert(u); -@@ -1111,18 +1110,15 @@ int unit_load_fragment_and_dropin(Unit *u) { - if (u->load_state == UNIT_STUB) - return -ENOENT; - -- /* If the unit is an alias and the final unit has already been -- * loaded, there's no point in reloading the dropins one more time. */ -- t = unit_follow_merge(u); -- if (t != u && t->load_state != UNIT_STUB) -- return 0; -- -- return unit_load_dropin(t); -+ /* Load drop-in directory data. If u is an alias, we might be reloading the -+ * target unit needlessly. But we cannot be sure which drops-ins have already -+ * been loaded and which not, at least without doing complicated book-keeping, -+ * so let's always reread all drop-ins. */ -+ return unit_load_dropin(unit_follow_merge(u)); - } - - /* Common implementation for multiple backends */ - int unit_load_fragment_and_dropin_optional(Unit *u) { -- Unit *t; - int r; - - assert(u); -@@ -1138,13 +1134,8 @@ int unit_load_fragment_and_dropin_optional(Unit *u) { - if (u->load_state == UNIT_STUB) - u->load_state = UNIT_LOADED; - -- /* If the unit is an alias and the final unit has already been -- * loaded, there's no point in reloading the dropins one more time. */ -- t = unit_follow_merge(u); -- if (t != u && t->load_state != UNIT_STUB) -- return 0; -- -- return unit_load_dropin(t); -+ /* Load drop-in directory data */ -+ return unit_load_dropin(unit_follow_merge(u)); - } - - int unit_add_default_target_dependency(Unit *u, Unit *target) { diff --git a/0016-meson-D-remote-and-D-importd-should-be-combo-options.patch b/0016-meson-D-remote-and-D-importd-should-be-combo-options.patch new file mode 100644 index 0000000..de10eee --- /dev/null +++ b/0016-meson-D-remote-and-D-importd-should-be-combo-options.patch @@ -0,0 +1,37 @@ +From e3568f4365b867b6d2e80dc86c8e348f660c5f82 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Jul 2017 14:11:15 -0400 +Subject: [PATCH] meson: -D remote and -D importd should be "combo" options + +The default should be 'auto', and we allow 'true' +and 'false' too. + +Fixes #6445. + +(cherry picked from commit b1519d656691e725a8b8950fc0e6cc8d25b1016a) +--- + meson_options.txt | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/meson_options.txt b/meson_options.txt +index 1594fec41f..b7a45d5806 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -69,7 +69,7 @@ option('timedated', type : 'boolean', + description : 'install the systemd-timedated daemon') + option('timesyncd', type : 'boolean', + description : 'install the systemd-timesyncd daemon') +-option('remote', type : 'boolean', ++option('remote', type : 'combo', choices : ['auto', 'true', 'false'], + description : 'support for "journal over the network"') + option('myhostname', type : 'boolean', + description : 'nss-myhostname support') +@@ -87,7 +87,7 @@ option('sysusers', type : 'boolean', + description : 'support for the sysusers configuration') + option('tmpfiles', type : 'boolean', + description : 'support for tmpfiles.d') +-option('importd', type : 'boolean', ++option('importd', type : 'combo', choices : ['auto', 'true', 'false'], + description : 'install the systemd-importd daemon') + option('hwdb', type : 'boolean', + description : 'support for the hardware database') diff --git a/0017-bash-completion-use-the-first-argument-instead-of-th.patch b/0017-bash-completion-use-the-first-argument-instead-of-th.patch deleted file mode 100644 index 82333fe..0000000 --- a/0017-bash-completion-use-the-first-argument-instead-of-th.patch +++ /dev/null @@ -1,73 +0,0 @@ -From f6441eaf050267c05ef8df8d5614bb598528942f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 27 Jul 2017 20:22:54 +0900 -Subject: [PATCH] bash-completion: use the first argument instead of the global - variable (#6457) - -Without this fix: - -$ systemctl start -Display all 135 possibilities? (y or n) -$ __get_startable_units --system | wc -l -224 - -the number of the suggestions are quite different, as __get_startable_units --system does -not filter already started units. With this fix, - -$ systemctl start -Display all 135 possibilities? (y or n) -$ __get_startable_units --system | wc -l -123 -$ __get_template_names --system | wc -l -12 - -the number of the suggestions matches one the function returns. -For consistency with the other internal functions, it should use the first argument -instead of the global variable $mode. - -[zj: add commit message to make it sound like we know what we're doing] - -(cherry picked from commit 6bda23dd6aaba50cf8e3e6024248cf736cc443ca) ---- - shell-completion/bash/systemctl.in | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in -index 0398d09d18..bde28efc3e 100644 ---- a/shell-completion/bash/systemctl.in -+++ b/shell-completion/bash/systemctl.in -@@ -68,7 +68,7 @@ __filter_units_by_properties () { - done - for ((i=0; i < ${#units[*]}; i++)); do - for ((j=0; j < ${#conditions[*]}; j++)); do -- if [[ "${props[ i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then -+ if [[ "${props[i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then - break - fi - done -@@ -87,19 +87,19 @@ __get_active_units () { __systemctl $1 list-units \ - | { while read -r a b; do echo " $a"; done; }; } - __get_startable_units () { - # find startable inactive units -- __filter_units_by_properties $mode ActiveState,CanStart inactive,yes $( -- { __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \ -+ __filter_units_by_properties $1 ActiveState,CanStart inactive,yes $( -+ { __systemctl $1 list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \ - { while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; } -- __systemctl $mode list-units --state inactive,failed | \ -+ __systemctl $1 list-units --state inactive,failed | \ - { while read -r a b c; do [[ $b == "loaded" ]] && echo " $a"; done; } - } | sort -u ) - } - __get_restartable_units () { - # filter out masked and not-found -- __filter_units_by_property $mode CanStart yes $( -- __systemctl $mode list-unit-files --state enabled,disabled,static | \ -+ __filter_units_by_property $1 CanStart yes $( -+ __systemctl $1 list-unit-files --state enabled,disabled,static | \ - { while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; } -- __systemctl $mode list-units | \ -+ __systemctl $1 list-units | \ - { while read -r a b; do echo " $a"; done; } ) - } - __get_failed_units () { __systemctl $1 list-units \ diff --git a/0017-cryptsetup-fix-infinite-timeout-6486.patch b/0017-cryptsetup-fix-infinite-timeout-6486.patch new file mode 100644 index 0000000..cb065fc --- /dev/null +++ b/0017-cryptsetup-fix-infinite-timeout-6486.patch @@ -0,0 +1,42 @@ +From 6ef8e216e15fba045e8f8a13b7b57f56db767840 Mon Sep 17 00:00:00 2001 +From: Andrew Soutar +Date: Mon, 31 Jul 2017 02:19:16 -0400 +Subject: [PATCH] cryptsetup: fix infinite timeout (#6486) + +0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The +logic here now matches this change. + +Fixes #6381 + +(cherry picked from commit 0864d311766498563331f486909a0d950ba7de87) +--- + src/cryptsetup/cryptsetup.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c +index 3b4c086162..08ed7e53ba 100644 +--- a/src/cryptsetup/cryptsetup.c ++++ b/src/cryptsetup/cryptsetup.c +@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false; + static char **arg_tcrypt_keyfiles = NULL; + static uint64_t arg_offset = 0; + static uint64_t arg_skip = 0; +-static usec_t arg_timeout = 0; ++static usec_t arg_timeout = USEC_INFINITY; + + /* Options Debian's crypttab knows we don't: + +@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) { + if (arg_discards) + flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; + +- if (arg_timeout > 0) +- until = now(CLOCK_MONOTONIC) + arg_timeout; +- else ++ if (arg_timeout == USEC_INFINITY) + until = 0; ++ else ++ until = now(CLOCK_MONOTONIC) + arg_timeout; + + arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); + diff --git a/0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch b/0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch deleted file mode 100644 index 6d5976f..0000000 --- a/0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch +++ /dev/null @@ -1,49 +0,0 @@ -From ea0ff5cd4efb1d67820572fb0d7d1d8da0fc1dc1 Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Fri, 28 Jul 2017 09:46:05 +0200 -Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473) - -Display the error for a small amount of time, but don't fail hard. - -In case of a faulty BIOS, a TPM error should not prevent the boot. -If something cares about the PCM measurement, it will be noticed -anyway later on. - -Especially important now, that TPM measurement is the default now on -some distribution builds. - -https://bugzilla.redhat.com/show_bug.cgi?id=1411156 -(cherry picked from commit 522aa9f5f8755d7389131da41bd60b6276917ff2) ---- - src/boot/efi/boot.c | 3 +-- - src/boot/efi/stub.c | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 1e990b3825..316e95a72b 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -1657,8 +1657,7 @@ static EFI_STATUS image_start(EFI_HANDLE parent_image, const Config *config, con - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); - if (EFI_ERROR(err)) { - Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000); - } - #endif - } -diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c -index bab5d46de9..2562228090 100644 ---- a/src/boot/efi/stub.c -+++ b/src/boot/efi/stub.c -@@ -94,8 +94,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); - if (EFI_ERROR(err)) { - Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000); - } - #endif - } diff --git a/0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch b/0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch new file mode 100644 index 0000000..d0bbd65 --- /dev/null +++ b/0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch @@ -0,0 +1,162 @@ +From ca0cebc3f106d89973e0b02dbfc325c37d4c78b3 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 27 Sep 2017 17:30:50 +0200 +Subject: [PATCH] unit: when JobTimeoutSec= is turned off, implicitly turn off + JobRunningTimeoutSec= too + +We added JobRunningTimeoutSec= late, and Dracut configured only +JobTimeoutSec= to turn of root device timeouts before. With this change +we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=, +but only if the latter wasn't set explicitly. + +This should restore compatibility with older systemd versions. + +Fixes: #6402 +(cherry picked from commit eae51da36e8800f6d466580a817eb5877220376d) +--- + src/basic/time-util.c | 4 ++ + src/core/load-fragment-gperf.gperf.m4 | 4 +- + src/core/load-fragment.c | 72 +++++++++++++++++++++++++++++++++++ + src/core/load-fragment.h | 2 + + src/core/unit.h | 1 + + 5 files changed, 81 insertions(+), 2 deletions(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 68ba86f6a5..9199b6490d 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1010,7 +1010,11 @@ int parse_sec(const char *t, usec_t *usec) { + } + + int parse_sec_fix_0(const char *t, usec_t *usec) { ++ assert(t); ++ assert(usec); ++ + t += strspn(t, WHITESPACE); ++ + if (streq(t, "0")) { + *usec = USEC_INFINITY; + return 0; +diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 +index 7fb39cf948..a32385931e 100644 +--- a/src/core/load-fragment-gperf.gperf.m4 ++++ b/src/core/load-fragment-gperf.gperf.m4 +@@ -193,8 +193,8 @@ Unit.OnFailureJobMode, config_parse_job_mode, 0, + Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0, offsetof(Unit, on_failure_job_mode) + Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate) + Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0 +-Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout) +-Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout) ++Unit.JobTimeoutSec, config_parse_job_timeout_sec, 0, 0 ++Unit.JobRunningTimeoutSec, config_parse_job_running_timeout_sec, 0, 0 + Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action) + Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg) + Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 9d5c39b3dd..23bca0094c 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -4178,6 +4178,78 @@ int config_parse_protect_system( + return 0; + } + ++int config_parse_job_timeout_sec( ++ const char* unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ ++ Unit *u = data; ++ usec_t usec; ++ int r; ++ ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(u); ++ ++ r = parse_sec_fix_0(rvalue, &usec); ++ if (r < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue); ++ return 0; ++ } ++ ++ /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old ++ * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the usec picked should ++ * count. */ ++ ++ if (!u->job_running_timeout_set) ++ u->job_running_timeout = usec; ++ ++ u->job_timeout = usec; ++ ++ return 0; ++} ++ ++int config_parse_job_running_timeout_sec( ++ const char* unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ ++ Unit *u = data; ++ usec_t usec; ++ int r; ++ ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(u); ++ ++ r = parse_sec_fix_0(rvalue, &usec); ++ if (r < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue); ++ return 0; ++ } ++ ++ u->job_running_timeout = usec; ++ u->job_running_timeout_set = true; ++ ++ return 0; ++} ++ + #define FOLLOW_MAX 8 + + static int open_follow(char **filename, FILE **_f, Set *names, char **_final) { +diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h +index fc27a07955..5079d4c00c 100644 +--- a/src/core/load-fragment.h ++++ b/src/core/load-fragment.h +@@ -118,6 +118,8 @@ int config_parse_user_group(const char *unit, const char *filename, unsigned lin + int config_parse_user_group_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); + int config_parse_restrict_namespaces(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); + int config_parse_bind_paths(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); ++int config_parse_job_timeout_sec(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); ++int config_parse_job_running_timeout_sec(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); + + /* gperf prototypes */ + const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, GPERF_LEN_TYPE length); +diff --git a/src/core/unit.h b/src/core/unit.h +index cf21b37e22..d70fc970b5 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -115,6 +115,7 @@ struct Unit { + /* Job timeout and action to take */ + usec_t job_timeout; + usec_t job_running_timeout; ++ bool job_running_timeout_set:1; + EmergencyAction job_timeout_action; + char *job_timeout_reboot_arg; + diff --git a/0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch b/0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch new file mode 100644 index 0000000..b9a1335 --- /dev/null +++ b/0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch @@ -0,0 +1,31 @@ +From 95f02a94777902e9a46ac18e2bd3d54ab440c361 Mon Sep 17 00:00:00 2001 +From: Harald Hoyer +Date: Thu, 20 Jul 2017 19:13:09 +0200 +Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411) + +In case fstab-generator is called in the initrd, chase_symlinks() +returns with a canonical path "/sysroot/sysroot/", if the +"/sysroot" prefix is present in the path. + +This patch skips the "/sysroot" prefix for the chase_symlinks() call, +because "/sysroot" is already the root directory and chase_symlinks() +prepends the root directory in the canonical path returned. + +(cherry picked from commit 98eda38aed6a10c4f6d6ad0cac6e5361e87de52b) +--- + src/fstab-generator/fstab-generator.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index 7f23b9fd74..f172e9c07b 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -537,7 +537,7 @@ static int parse_fstab(bool initrd) { + continue; + } + +- where = initrd ? strappend("/sysroot/", me->mnt_dir) : strdup(me->mnt_dir); ++ where = strdup(me->mnt_dir); + if (!where) + return log_oom(); + diff --git a/0019-meson-D-remote-and-D-importd-should-be-combo-options.patch b/0019-meson-D-remote-and-D-importd-should-be-combo-options.patch deleted file mode 100644 index 6d79dce..0000000 --- a/0019-meson-D-remote-and-D-importd-should-be-combo-options.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 9c27ced1fac191139a131d179a25801ce9ca3357 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 26 Jul 2017 14:11:15 -0400 -Subject: [PATCH] meson: -D remote and -D importd should be "combo" options - -The default should be 'auto', and we allow 'true' -and 'false' too. - -Fixes #6445. - -(cherry picked from commit b1519d656691e725a8b8950fc0e6cc8d25b1016a) ---- - meson_options.txt | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/meson_options.txt b/meson_options.txt -index 1594fec41f..b7a45d5806 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -69,7 +69,7 @@ option('timedated', type : 'boolean', - description : 'install the systemd-timedated daemon') - option('timesyncd', type : 'boolean', - description : 'install the systemd-timesyncd daemon') --option('remote', type : 'boolean', -+option('remote', type : 'combo', choices : ['auto', 'true', 'false'], - description : 'support for "journal over the network"') - option('myhostname', type : 'boolean', - description : 'nss-myhostname support') -@@ -87,7 +87,7 @@ option('sysusers', type : 'boolean', - description : 'support for the sysusers configuration') - option('tmpfiles', type : 'boolean', - description : 'support for tmpfiles.d') --option('importd', type : 'boolean', -+option('importd', type : 'combo', choices : ['auto', 'true', 'false'], - description : 'install the systemd-importd daemon') - option('hwdb', type : 'boolean', - description : 'support for the hardware database') diff --git a/0020-cryptsetup-fix-infinite-timeout-6486.patch b/0020-cryptsetup-fix-infinite-timeout-6486.patch deleted file mode 100644 index 860d816..0000000 --- a/0020-cryptsetup-fix-infinite-timeout-6486.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c64c6a8b259abfbff5ce202d5d5982b120cf928f Mon Sep 17 00:00:00 2001 -From: Andrew Soutar -Date: Mon, 31 Jul 2017 02:19:16 -0400 -Subject: [PATCH] cryptsetup: fix infinite timeout (#6486) - -0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The -logic here now matches this change. - -Fixes #6381 - -(cherry picked from commit 0864d311766498563331f486909a0d950ba7de87) ---- - src/cryptsetup/cryptsetup.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c -index 3b4c086162..08ed7e53ba 100644 ---- a/src/cryptsetup/cryptsetup.c -+++ b/src/cryptsetup/cryptsetup.c -@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false; - static char **arg_tcrypt_keyfiles = NULL; - static uint64_t arg_offset = 0; - static uint64_t arg_skip = 0; --static usec_t arg_timeout = 0; -+static usec_t arg_timeout = USEC_INFINITY; - - /* Options Debian's crypttab knows we don't: - -@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) { - if (arg_discards) - flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; - -- if (arg_timeout > 0) -- until = now(CLOCK_MONOTONIC) + arg_timeout; -- else -+ if (arg_timeout == USEC_INFINITY) - until = 0; -+ else -+ until = now(CLOCK_MONOTONIC) + arg_timeout; - - arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); - diff --git a/0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch b/0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch new file mode 100644 index 0000000..b17c5fd --- /dev/null +++ b/0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch @@ -0,0 +1,31 @@ +From 1d84ae053f1ffb95913f6f8407ef267a9c38cb4d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 20 Jul 2017 20:46:58 +0200 +Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message + from unexpected process (#6416) + +Given that we set NOTIFY_SOCKET unconditionally it's not surprising that +processes way down the process tree think it's smart to send us a +notification message. + +It's still useful to keep this message, for debugging things, but it +shouldn't be generated by default. + +(cherry picked from commit 8cb574307963d1aeb1c53e1d1fbeee4a2be37259) +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 8a5fedd4b0..0cbd8c3491 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -2836,7 +2836,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r + } + + if (!ucred || ucred->pid != inner_child_pid) { +- log_warning("Received notify message without valid credentials. Ignoring."); ++ log_debug("Received notify message without valid credentials. Ignoring."); + return 0; + } + diff --git a/0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch b/0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch new file mode 100644 index 0000000..69416b7 --- /dev/null +++ b/0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch @@ -0,0 +1,49 @@ +From 2fa3d5f243b8e0bb6ef51b5a4a66c538b2941812 Mon Sep 17 00:00:00 2001 +From: Harald Hoyer +Date: Fri, 28 Jul 2017 09:46:05 +0200 +Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473) + +Display the error for a small amount of time, but don't fail hard. + +In case of a faulty BIOS, a TPM error should not prevent the boot. +If something cares about the PCM measurement, it will be noticed +anyway later on. + +Especially important now, that TPM measurement is the default now on +some distribution builds. + +https://bugzilla.redhat.com/show_bug.cgi?id=1411156 +(cherry picked from commit 522aa9f5f8755d7389131da41bd60b6276917ff2) +--- + src/boot/efi/boot.c | 3 +-- + src/boot/efi/stub.c | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 1e990b3825..316e95a72b 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -1657,8 +1657,7 @@ static EFI_STATUS image_start(EFI_HANDLE parent_image, const Config *config, con + loaded_image->LoadOptionsSize, loaded_image->LoadOptions); + if (EFI_ERROR(err)) { + Print(L"Unable to add image options measurement: %r", err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return err; ++ uefi_call_wrapper(BS->Stall, 1, 200 * 1000); + } + #endif + } +diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c +index bab5d46de9..2562228090 100644 +--- a/src/boot/efi/stub.c ++++ b/src/boot/efi/stub.c +@@ -94,8 +94,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + loaded_image->LoadOptionsSize, loaded_image->LoadOptions); + if (EFI_ERROR(err)) { + Print(L"Unable to add image options measurement: %r", err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return err; ++ uefi_call_wrapper(BS->Stall, 1, 200 * 1000); + } + #endif + } diff --git a/0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch b/0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch deleted file mode 100644 index 4790389..0000000 --- a/0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From cb81159ce49380d39c80f803353784633b8f306c Mon Sep 17 00:00:00 2001 -From: "S. Fan" -Date: Mon, 31 Jul 2017 05:10:10 -0500 -Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor - (#6489) - -Comparing udev_device_get_sysname(device) and sysname will always return -true. We need to check the device received from udev monitor instead. - -Also, fd_wait_for_event() sometimes never exits. Better set a timeout -here. - -(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f) ---- - src/rfkill/rfkill.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c -index c0f138b4f4..470853d1d2 100644 ---- a/src/rfkill/rfkill.c -+++ b/src/rfkill/rfkill.c -@@ -138,17 +138,21 @@ static int wait_for_initialized( - for (;;) { - _cleanup_udev_device_unref_ struct udev_device *t = NULL; - -- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY); -+ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC); - if (r == -EINTR) - continue; - if (r < 0) - return log_error_errno(r, "Failed to watch udev monitor: %m"); -+ if (r == 0) { -+ log_error("Timed out wating for udev monitor."); -+ return -ETIMEDOUT; -+ } - - t = udev_monitor_receive_device(monitor); - if (!t) - continue; - -- if (streq_ptr(udev_device_get_sysname(device), sysname)) { -+ if (streq_ptr(udev_device_get_sysname(t), sysname)) { - *ret = udev_device_ref(t); - return 0; - } diff --git a/0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch b/0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch deleted file mode 100644 index f310a4f..0000000 --- a/0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b56c4c19c8d0adca67eb34e1924d881e7d61b97f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= -Date: Mon, 31 Jul 2017 12:32:09 +0200 -Subject: [PATCH] core: Do not fail perpetual mount units without fragment - (#6459) - -mount_load does not require fragment files to be present in order to -load mount units which are perpetual, or come from /proc/self/mountinfo. - -mount_verify should do the same, otherwise a synthesized '-.mount' would -be marked as failed with "No such file or directory", as it is perpetual -but not marked to come from /proc/self/mountinfo at this point. - -This happens for the user instance, and I suspect it was the cause of #5375 -for the system instance, without gpt-generator. - -(cherry picked from commit 1df96fcb31b3bc30c4a983de4734f61ed5a29115) ---- - src/core/mount.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 214364d87d..7d9644e305 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -503,7 +503,7 @@ static int mount_verify(Mount *m) { - if (UNIT(m)->load_state != UNIT_LOADED) - return 0; - -- if (!m->from_fragment && !m->from_proc_self_mountinfo) -+ if (!m->from_fragment && !m->from_proc_self_mountinfo && !UNIT(m)->perpetual) - return -ENOENT; - - r = unit_name_from_path(m->where, ".mount", &e); diff --git a/0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch b/0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch new file mode 100644 index 0000000..f3ccf91 --- /dev/null +++ b/0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch @@ -0,0 +1,45 @@ +From cd8a9ccb7c06394a64bfe0cd2a88fad7be8e3f9f Mon Sep 17 00:00:00 2001 +From: "S. Fan" +Date: Mon, 31 Jul 2017 05:10:10 -0500 +Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor + (#6489) + +Comparing udev_device_get_sysname(device) and sysname will always return +true. We need to check the device received from udev monitor instead. + +Also, fd_wait_for_event() sometimes never exits. Better set a timeout +here. + +(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f) +--- + src/rfkill/rfkill.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c +index c0f138b4f4..470853d1d2 100644 +--- a/src/rfkill/rfkill.c ++++ b/src/rfkill/rfkill.c +@@ -138,17 +138,21 @@ static int wait_for_initialized( + for (;;) { + _cleanup_udev_device_unref_ struct udev_device *t = NULL; + +- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY); ++ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC); + if (r == -EINTR) + continue; + if (r < 0) + return log_error_errno(r, "Failed to watch udev monitor: %m"); ++ if (r == 0) { ++ log_error("Timed out wating for udev monitor."); ++ return -ETIMEDOUT; ++ } + + t = udev_monitor_receive_device(monitor); + if (!t) + continue; + +- if (streq_ptr(udev_device_get_sysname(device), sysname)) { ++ if (streq_ptr(udev_device_get_sysname(t), sysname)) { + *ret = udev_device_ref(t); + return 0; + } diff --git a/0023-build-sys-bump-xslt-maxdepth-limit.patch b/0023-build-sys-bump-xslt-maxdepth-limit.patch deleted file mode 100644 index f33ddb8..0000000 --- a/0023-build-sys-bump-xslt-maxdepth-limit.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f2618d3474090751ae364ca326f3563797cce54a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 18 Sep 2017 17:09:52 +0200 -Subject: [PATCH] build-sys: bump xslt maxdepth limit - -With libxslt-1.30, builds were failing on some recursion depth limit -with systemd.index.xml. Bumping the limit fixes the issue. ---- - man/meson.build | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/man/meson.build b/man/meson.build -index 8ddbd5557c..5b6a21fb9f 100644 ---- a/man/meson.build -+++ b/man/meson.build -@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found() - xsltproc_flags = [ - '--nonet', - '--xinclude', -+ '--maxdepth', '9000', - '--stringparam', 'man.output.quietly', '1', - '--stringparam', 'funcsynopsis.style', 'ansi', - '--stringparam', 'man.authors.section.enabled', '0', --- -2.13.5 - diff --git a/0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch b/0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch new file mode 100644 index 0000000..5142a64 --- /dev/null +++ b/0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch @@ -0,0 +1,34 @@ +From ed10d8afb4f327536a1fb4c2873c95d3ba457efa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= +Date: Mon, 31 Jul 2017 12:32:09 +0200 +Subject: [PATCH] core: Do not fail perpetual mount units without fragment + (#6459) + +mount_load does not require fragment files to be present in order to +load mount units which are perpetual, or come from /proc/self/mountinfo. + +mount_verify should do the same, otherwise a synthesized '-.mount' would +be marked as failed with "No such file or directory", as it is perpetual +but not marked to come from /proc/self/mountinfo at this point. + +This happens for the user instance, and I suspect it was the cause of #5375 +for the system instance, without gpt-generator. + +(cherry picked from commit 1df96fcb31b3bc30c4a983de4734f61ed5a29115) +--- + src/core/mount.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 214364d87d..7d9644e305 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -503,7 +503,7 @@ static int mount_verify(Mount *m) { + if (UNIT(m)->load_state != UNIT_LOADED) + return 0; + +- if (!m->from_fragment && !m->from_proc_self_mountinfo) ++ if (!m->from_fragment && !m->from_proc_self_mountinfo && !UNIT(m)->perpetual) + return -ENOENT; + + r = unit_name_from_path(m->where, ".mount", &e); diff --git a/0024-device-make-sure-to-remove-all-device-units-sharing-.patch b/0024-device-make-sure-to-remove-all-device-units-sharing-.patch deleted file mode 100644 index dd853fe..0000000 --- a/0024-device-make-sure-to-remove-all-device-units-sharing-.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 6d0fe8a5809ef5ccc8e92bdf2eea031178b87083 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Wed, 30 Aug 2017 17:16:16 +0200 -Subject: [PATCH] device: make sure to remove all device units sharing the same - sysfs path (#6679) - -When a device is unplugged all device units sharing the same sysfs path -pointing to that device are supposed to be removed. - -However it didn't work since while iterating the device unit list containing -all the relevant units, each unit was removed during each iteration of -LIST_FOREACH. However LIST_FOREACH doesn't support this use case and -LIST_FOREACH_SAFE must be use instead. - -(cherry picked from commit cc0df6cc35339976c367977dc292278a1939db0c) ---- - src/core/device.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 77601c552..87186f135 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool - } - - static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, DeviceFound found, bool now) { -- Device *d, *l; -+ Device *d, *l, *n; - - assert(m); - assert(sysfs); -@@ -523,7 +523,7 @@ static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, - return 0; - - l = hashmap_get(m->devices_by_sysfs, sysfs); -- LIST_FOREACH(same_sysfs, d, l) -+ LIST_FOREACH_SAFE(same_sysfs, d, n, l) - device_update_found_one(d, add, found, now); - - return 0; --- -2.13.5 - diff --git a/0024-process-util-update-the-end-pointer-of-the-process-n.patch b/0024-process-util-update-the-end-pointer-of-the-process-n.patch new file mode 100644 index 0000000..01150b3 --- /dev/null +++ b/0024-process-util-update-the-end-pointer-of-the-process-n.patch @@ -0,0 +1,63 @@ +From 4caa10a6bedf7a18b42e011bdbdb4b9c425c0d6d Mon Sep 17 00:00:00 2001 +From: Jouke Witteveen +Date: Wed, 2 Aug 2017 17:08:31 +0200 +Subject: [PATCH] process-util: update the end pointer of the process name on + rename (#6492) + +We only updated the end pointer when allocating new memory, i.e. on the first +call to rename_process. + +(cherry picked from commit 01f989c66253ea923679ffddf266ea13339c295b) +--- + src/basic/process-util.c | 26 +++++++++++++++----------- + 1 file changed, 15 insertions(+), 11 deletions(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index b80cacaa42..99b75c65f1 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -312,19 +312,18 @@ int rename_process(const char name[]) { + /* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but + * has the advantage that the argv[] array is exactly what we want it to be, and not filled up with zeros at + * the end. This is the best option for changing /proc/self/cmdline. */ +- if (mm_size < l+1) { ++ ++ /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the ++ * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is ++ * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if ++ * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but ++ * mmap() is not. */ ++ if (geteuid() != 0) ++ log_debug("Skipping PR_SET_MM, as we don't have privileges."); ++ else if (mm_size < l+1) { + size_t nn_size; + char *nn; + +- /* Let's not bother with this if we don't have euid == 0. Strictly speaking if people do weird stuff +- * with capabilities this could work even for euid != 0, but our own code generally doesn't do that, +- * hence let's use this as quick bypass check, to avoid calling mmap() if PR_SET_MM_ARG_START fails +- * with EPERM later on anyway. After all geteuid() is dead cheap to call, but mmap() is not. */ +- if (geteuid() != 0) { +- log_debug("Skipping PR_SET_MM_ARG_START, as we don't have privileges."); +- goto use_saved_argv; +- } +- + nn_size = PAGE_ALIGN(l+1); + nn = mmap(NULL, nn_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (nn == MAP_FAILED) { +@@ -351,9 +350,14 @@ int rename_process(const char name[]) { + + mm = nn; + mm_size = nn_size; +- } else ++ } else { + strncpy(mm, name, mm_size); + ++ /* Update the end pointer, continuing regardless of any failure. */ ++ if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) mm + l + 1, 0, 0) < 0) ++ log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m"); ++ } ++ + use_saved_argv: + /* Fourth step: in all cases we'll also update the original argv[], so that our own code gets it right too if + * it still looks here */ diff --git a/0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch b/0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch new file mode 100644 index 0000000..1483a39 --- /dev/null +++ b/0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch @@ -0,0 +1,98 @@ +From 672eb11bf702aa194e1c9e40f9b2acc6434540d4 Mon Sep 17 00:00:00 2001 +From: bengal +Date: Tue, 8 Aug 2017 18:55:31 +0200 +Subject: [PATCH] dhcp-network: adjust sockaddr length for addresses longer + than 8 bytes (#6527) + +An infiniband hardware address is 20 bytes, but sockaddr_ll.sll_addr is only 8 +bytes. Explicitly ensure that sockaddr_union has enough space for infiniband +addresses, even if they run over sockaddr_ll and add a macro to compute the +proper size to pass to kernel. + +(cherry picked from commit b1f24b75af135fe8efba9c7264447985e2843511) +--- + src/basic/socket-util.h | 20 ++++++++++++++++++++ + src/libsystemd-network/dhcp-network.c | 16 +++++++++------- + 2 files changed, 29 insertions(+), 7 deletions(-) + +diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h +index 73c3a339fc..43edc05c63 100644 +--- a/src/basic/socket-util.h ++++ b/src/basic/socket-util.h +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + + #include "macro.h" +@@ -42,6 +43,8 @@ union sockaddr_union { + struct sockaddr_storage storage; + struct sockaddr_ll ll; + struct sockaddr_vm vm; ++ /* Ensure there is enough space to store Infiniband addresses */ ++ uint8_t ll_buffer[offsetof(struct sockaddr_ll, sll_addr) + CONST_MAX(ETH_ALEN, INFINIBAND_ALEN)]; + }; + + typedef struct SocketAddress { +@@ -147,6 +150,23 @@ int flush_accept(int fd); + + struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length); + ++/* ++ * Certain hardware address types (e.g Infiniband) do not fit into sll_addr ++ * (8 bytes) and run over the structure. This macro returns the correct size that ++ * must be passed to kernel. ++ */ ++#define SOCKADDR_LL_LEN(sa) \ ++ ({ \ ++ const struct sockaddr_ll *_sa = &(sa); \ ++ size_t _mac_len = sizeof(_sa->sll_addr); \ ++ assert(_sa->sll_family == AF_PACKET); \ ++ if (be16toh(_sa->sll_hatype) == ARPHRD_ETHER) \ ++ _mac_len = MAX(_mac_len, (size_t) ETH_ALEN); \ ++ if (be16toh(_sa->sll_hatype) == ARPHRD_INFINIBAND) \ ++ _mac_len = MAX(_mac_len, (size_t) INFINIBAND_ALEN); \ ++ offsetof(struct sockaddr_ll, sll_addr) + _mac_len; \ ++ }) ++ + /* Covers only file system and abstract AF_UNIX socket addresses, but not unnamed socket addresses. */ + #define SOCKADDR_UN_LEN(sa) \ + ({ \ +diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c +index 65405dcce0..a440a20f96 100644 +--- a/src/libsystemd-network/dhcp-network.c ++++ b/src/libsystemd-network/dhcp-network.c +@@ -108,14 +108,16 @@ static int _bind_raw_socket(int ifindex, union sockaddr_union *link, + if (r < 0) + return -errno; + +- link->ll.sll_family = AF_PACKET; +- link->ll.sll_protocol = htobe16(ETH_P_IP); +- link->ll.sll_ifindex = ifindex; +- link->ll.sll_hatype = htobe16(arp_type); +- link->ll.sll_halen = mac_addr_len; ++ link->ll = (struct sockaddr_ll) { ++ .sll_family = AF_PACKET, ++ .sll_protocol = htobe16(ETH_P_IP), ++ .sll_ifindex = ifindex, ++ .sll_hatype = htobe16(arp_type), ++ .sll_halen = mac_addr_len, ++ }; + memcpy(link->ll.sll_addr, bcast_addr, mac_addr_len); + +- r = bind(s, &link->sa, sizeof(link->ll)); ++ r = bind(s, &link->sa, SOCKADDR_LL_LEN(link->ll)); + if (r < 0) + return -errno; + +@@ -221,7 +223,7 @@ int dhcp_network_send_raw_socket(int s, const union sockaddr_union *link, + assert(packet); + assert(len); + +- r = sendto(s, packet, len, 0, &link->sa, sizeof(link->ll)); ++ r = sendto(s, packet, len, 0, &link->sa, SOCKADDR_LL_LEN(link->ll)); + if (r < 0) + return -errno; + diff --git a/0026-service-attempt-to-execute-next-main-command-only-fo.patch b/0026-service-attempt-to-execute-next-main-command-only-fo.patch new file mode 100644 index 0000000..43a10ed --- /dev/null +++ b/0026-service-attempt-to-execute-next-main-command-only-fo.patch @@ -0,0 +1,79 @@ +From 950410cf37fd2ab5f7362f8d64fdc280dcce8810 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 25 Aug 2017 15:36:10 +0200 +Subject: [PATCH] service: attempt to execute next main command only for + oneshot services (#6619) + +This commit fixes crash described in +https://github.com/systemd/systemd/issues/6533 + +Multiple ExecStart lines are allowed only for oneshot services +anyway so it doesn't make sense to call service_run_next_main() with +services of type other than SERVICE_ONESHOT. + +Referring back to reproducer from the issue, previously we didn't observe +this problem because s->main_command was reset after daemon-reload hence +we never reached the assert statement in service_run_next_main(). + +Fixes #6533 + +(cherry picked from commit b58aeb70dbd1cab5908b003ef5187da1fc241839) +--- + src/core/service.c | 1 + + test/test-exec-deserialization.py | 31 +++++++++++++++++++++++++++++++ + 2 files changed, 32 insertions(+) + +diff --git a/src/core/service.c b/src/core/service.c +index 4c577db8d7..499f964322 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2884,6 +2884,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { + + if (s->main_command && + s->main_command->command_next && ++ s->type == SERVICE_ONESHOT && + f == SERVICE_SUCCESS) { + + /* There is another command to * +diff --git a/test/test-exec-deserialization.py b/test/test-exec-deserialization.py +index 39a9e62e15..c3fe0824c7 100755 +--- a/test/test-exec-deserialization.py ++++ b/test/test-exec-deserialization.py +@@ -178,6 +178,37 @@ class ExecutionResumeTest(unittest.TestCase): + + self.assertTrue(not os.path.exists(self.output_file)) + ++ def test_issue_6533(self): ++ unit = "test-issue-6533.service" ++ unitfile_path = "/run/systemd/system/{}".format(unit) ++ ++ content = ''' ++ [Service] ++ ExecStart=/bin/sleep 5 ++ ''' ++ ++ with open(unitfile_path, 'w') as f: ++ f.write(content) ++ ++ self.reload() ++ ++ subprocess.check_call(['systemctl', '--job-mode=replace', '--no-block', 'start', unit]) ++ time.sleep(2) ++ ++ content = ''' ++ [Service] ++ ExecStart=/bin/sleep 5 ++ ExecStart=/bin/true ++ ''' ++ ++ with open(unitfile_path, 'w') as f: ++ f.write(content) ++ ++ self.reload() ++ time.sleep(5) ++ ++ self.assertTrue(subprocess.call("journalctl -b _PID=1 | grep -q 'Freezing execution'", shell=True) != 0) ++ + def tearDown(self): + for f in [self.output_file, self.unitfile_path]: + try: diff --git a/0027-namespace-avoid-assertion-failure-6649.patch b/0027-namespace-avoid-assertion-failure-6649.patch new file mode 100644 index 0000000..7a4c2d5 --- /dev/null +++ b/0027-namespace-avoid-assertion-failure-6649.patch @@ -0,0 +1,31 @@ +From 65f6532eea53d862f7ad51d81f1f7b7c0fb3ac3a Mon Sep 17 00:00:00 2001 +From: Topi Miettinen +Date: Tue, 29 Aug 2017 15:31:24 +0000 +Subject: [PATCH] namespace: avoid assertion failure (#6649) + +If the root image is not decrypted, it must not be relinquished. + +(cherry picked from commit 07ce74074da29d8577ccbc98001d57253afd88d2) +--- + src/core/namespace.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 05175e9552..3e0d786ca5 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -1062,9 +1062,11 @@ int setup_namespace( + if (r < 0) + goto finish; + +- r = decrypted_image_relinquish(decrypted_image); +- if (r < 0) +- goto finish; ++ if (decrypted_image) { ++ r = decrypted_image_relinquish(decrypted_image); ++ if (r < 0) ++ goto finish; ++ } + + loop_device_relinquish(loop_device); + diff --git a/0028-terminal-reset-should-honour-default_utf8-kernel-set.patch b/0028-terminal-reset-should-honour-default_utf8-kernel-set.patch new file mode 100644 index 0000000..2a626a2 --- /dev/null +++ b/0028-terminal-reset-should-honour-default_utf8-kernel-set.patch @@ -0,0 +1,60 @@ +From ca9cb19a170921a17fa175ed68b8eb36f05ec4ed Mon Sep 17 00:00:00 2001 +From: g0tar +Date: Wed, 30 Aug 2017 10:00:44 +0200 +Subject: [PATCH] terminal reset should honour default_utf8 kernel setting + (#6606) + +terminal reset should honour default_utf8 kernel setting + +(cherry picked from commit 73e669e0fde6b9aabec48327d95c875a70555d34) +--- + src/basic/terminal-util.c | 10 ++++++++-- + src/login/logind-session.c | 6 +++--- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c +index 9a8ef825c5..2b6aa6400a 100644 +--- a/src/basic/terminal-util.c ++++ b/src/basic/terminal-util.c +@@ -244,6 +244,8 @@ int ask_string(char **ret, const char *text, ...) { + + int reset_terminal_fd(int fd, bool switch_to_text) { + struct termios termios; ++ _cleanup_free_ char *utf8 = NULL; ++ int kb; + int r = 0; + + /* Set terminal to some sane defaults */ +@@ -261,8 +263,12 @@ int reset_terminal_fd(int fd, bool switch_to_text) { + if (switch_to_text) + (void) ioctl(fd, KDSETMODE, KD_TEXT); + +- /* Enable console unicode mode */ +- (void) ioctl(fd, KDSKBMODE, K_UNICODE); ++ /* Set default keyboard mode */ ++ if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && parse_boolean(utf8) == 0) ++ kb = K_XLATE; ++ else ++ kb = K_UNICODE; ++ (void) ioctl(fd, KDSKBMODE, kb); + + if (tcgetattr(fd, &termios) < 0) { + r = -errno; +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 42dfecaffb..66c27d4fb4 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -1155,10 +1155,10 @@ void session_restore_vt(Session *s) { + + (void) ioctl(vt, KDSETMODE, KD_TEXT); + +- if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && *utf8 == '1') +- kb = K_UNICODE; +- else ++ if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && parse_boolean(utf8) == 0) + kb = K_XLATE; ++ else ++ kb = K_UNICODE; + + (void) ioctl(vt, KDSKBMODE, kb); + diff --git a/0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch b/0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch new file mode 100644 index 0000000..5b4345a --- /dev/null +++ b/0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch @@ -0,0 +1,26 @@ +From 60b0ab5c4f7f15454e91902b5ecd3e629a930b32 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 23 Aug 2017 12:36:36 +0900 +Subject: [PATCH] networkd: do not fail manager_connect_bus() if dbus is not + active yet + +Fixes #6618. + +(cherry picked from commit fb72b1d99f661ea62fd534e4bc1174c6337611c8) +--- + src/network/networkd-manager.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index 5f10b4f993..718c8bb03f 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -136,7 +136,7 @@ int manager_connect_bus(Manager *m) { + assert(m); + + r = sd_bus_default_system(&m->bus); +- if (r == -ENOENT) { ++ if (r < 0) { + /* We failed to connect? Yuck, we must be in early + * boot. Let's try in 5s again. As soon as we have + * kdbus we can stop doing this... */ diff --git a/0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch b/0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch new file mode 100644 index 0000000..7772e72 --- /dev/null +++ b/0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch @@ -0,0 +1,35 @@ +From 6bd2824d07a7cdb622df9a7876185142ad1f48e1 Mon Sep 17 00:00:00 2001 +From: Tom Gundersen +Date: Wed, 30 Aug 2017 13:09:03 +0200 +Subject: [PATCH] sd-bus: socket - only transmit auxillary FDs once (#6603) + +If a message is too large to fit into the output buffer, it will be +transmitted to the kernel in several chunks. However, the FDs must +only ever be transmitted once or they will bereceived by the remote +end repeatedly. + +The D-Bus specification disallows several sets of FDs attached to +one message, however, the reference implementation of D-Bus will +not reject such a message, rather it will reassign the duplicate +FDs to subsequent FD-carrying messages. + +This attaches the FD array only to the first byte of the message. + +(cherry picked from commit f29eef2e9072eac6f6570ff7975680bc9caeda2f) +--- + src/libsystemd/sd-bus/bus-socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index 8b25002f01..ab70a0c6e1 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -800,7 +800,7 @@ int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) { + .msg_iovlen = m->n_iovec, + }; + +- if (m->n_fds > 0) { ++ if (m->n_fds > 0 && *idx == 0) { + struct cmsghdr *control; + + mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds)); diff --git a/0031-device-make-sure-to-remove-all-device-units-sharing-.patch b/0031-device-make-sure-to-remove-all-device-units-sharing-.patch new file mode 100644 index 0000000..ef6a64e --- /dev/null +++ b/0031-device-make-sure-to-remove-all-device-units-sharing-.patch @@ -0,0 +1,41 @@ +From 75c8530d909c088c4c3dc63d2cbbc078db9b70c0 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Wed, 30 Aug 2017 17:16:16 +0200 +Subject: [PATCH] device: make sure to remove all device units sharing the same + sysfs path (#6679) + +When a device is unplugged all device units sharing the same sysfs path +pointing to that device are supposed to be removed. + +However it didn't work since while iterating the device unit list containing +all the relevant units, each unit was removed during each iteration of +LIST_FOREACH. However LIST_FOREACH doesn't support this use case and +LIST_FOREACH_SAFE must be use instead. + +(cherry picked from commit cc0df6cc35339976c367977dc292278a1939db0c) +--- + src/core/device.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/device.c b/src/core/device.c +index 77601c5520..87186f135b 100644 +--- a/src/core/device.c ++++ b/src/core/device.c +@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool + } + + static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, DeviceFound found, bool now) { +- Device *d, *l; ++ Device *d, *l, *n; + + assert(m); + assert(sysfs); +@@ -523,7 +523,7 @@ static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, + return 0; + + l = hashmap_get(m->devices_by_sysfs, sysfs); +- LIST_FOREACH(same_sysfs, d, l) ++ LIST_FOREACH_SAFE(same_sysfs, d, n, l) + device_update_found_one(d, add, found, now); + + return 0; diff --git a/0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch b/0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch new file mode 100644 index 0000000..e02a756 --- /dev/null +++ b/0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch @@ -0,0 +1,81 @@ +From a7c3c58bd9fac86d5f8e626ec402daa2a93d7bb3 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Thu, 31 Aug 2017 02:48:25 +1000 +Subject: [PATCH] shutdown: don't remount,ro network filesystems. (#6588) + +systemd-shutdown is run after the network is stopped, +so remounting a network filesystem read-only can hang. +A simple umount is the most useful thing that can +be done for a network filesystem once the network is down. + +(cherry picked from commit 9cbc4547702aac28466c497f720038b9e2dc510c) +--- + src/core/umount.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/core/umount.c b/src/core/umount.c +index 591dac71f0..b83f631141 100644 +--- a/src/core/umount.c ++++ b/src/core/umount.c +@@ -37,12 +37,14 @@ + #include "string-util.h" + #include "udev-util.h" + #include "umount.h" ++#include "mount-util.h" + #include "util.h" + #include "virt.h" + + typedef struct MountPoint { + char *path; + char *options; ++ char *type; + dev_t devnum; + LIST_FIELDS(struct MountPoint, mount_point); + } MountPoint; +@@ -76,7 +78,7 @@ static int mount_points_list_get(MountPoint **head) { + return -errno; + + for (i = 1;; i++) { +- _cleanup_free_ char *path = NULL, *options = NULL; ++ _cleanup_free_ char *path = NULL, *options = NULL, *type = NULL; + char *p = NULL; + MountPoint *m; + int k; +@@ -90,11 +92,11 @@ static int mount_points_list_get(MountPoint **head) { + "%*s" /* (6) mount flags */ + "%*[^-]" /* (7) optional fields */ + "- " /* (8) separator */ +- "%*s " /* (9) file system type */ ++ "%ms " /* (9) file system type */ + "%*s" /* (10) mount source */ + "%ms" /* (11) mount options */ + "%*[^\n]", /* some rubbish at the end */ +- &path, &options); ++ &path, &type, &options); + if (k != 2) { + if (k == EOF) + break; +@@ -132,6 +134,8 @@ static int mount_points_list_get(MountPoint **head) { + m->path = p; + m->options = options; + options = NULL; ++ m->type = type; ++ type = NULL; + + LIST_PREPEND(mount_point, *head, m); + } +@@ -388,8 +392,12 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e + /* If we are in a container, don't attempt to + read-only mount anything as that brings no real + benefits, but might confuse the host, as we remount +- the superblock here, not the bind mount. */ +- if (detect_container() <= 0) { ++ the superblock here, not the bind mount. ++ If the filesystem is a network fs, also skip the ++ remount. It brings no value (we cannot leave ++ a "dirty fs") and could hang if the network is down. */ ++ if (detect_container() <= 0 && ++ !fstype_is_network(m->type)) { + _cleanup_free_ char *options = NULL; + /* MS_REMOUNT requires that the data parameter + * should be the same from the original mount diff --git a/0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch b/0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch new file mode 100644 index 0000000..691b03b --- /dev/null +++ b/0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch @@ -0,0 +1,29 @@ +From f5f367d4a9872453888da79bdff3a50f78a9758a Mon Sep 17 00:00:00 2001 +From: Ivan Shapovalov +Date: Wed, 30 Aug 2017 19:49:07 +0300 +Subject: [PATCH] cryptsetup-generator: do not bind to the decrypted device + unit (#6538) + +This breaks things when the decrypted device is not immediately +`SYSTEMD_READY=1` (e. g. when a multi-device btrfs system is placed on +multiple cryptsetup devices). + +Fixes #6537. + +(cherry picked from commit e9ea4526a3a3b41eced29b8d742498cc36750424) +--- + src/cryptsetup/cryptsetup-generator.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index b58b6db7c9..f737f82b55 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -109,7 +109,6 @@ static int create_disk( + "SourcePath=/etc/crypttab\n" + "DefaultDependencies=no\n" + "Conflicts=umount.target\n" +- "BindsTo=dev-mapper-%i.device\n" + "IgnoreOnIsolate=true\n" + "After=cryptsetup-pre.target\n", + f); diff --git a/0034-log-reopen-log-for-failed-assertions-6703.patch b/0034-log-reopen-log-for-failed-assertions-6703.patch new file mode 100644 index 0000000..72bd77d --- /dev/null +++ b/0034-log-reopen-log-for-failed-assertions-6703.patch @@ -0,0 +1,33 @@ +From 342c2fdaf94f195f6273a88f9fe430c189e7168f Mon Sep 17 00:00:00 2001 +From: Topi Miettinen +Date: Thu, 31 Aug 2017 08:37:32 +0000 +Subject: [PATCH] log: reopen log for failed assertions (#6703) + +Reopen log so that failed and aborting assertions can be written to log. + +Closes: #6658 +(cherry picked from commit ea89a119cda917a17bd186b3c13197acfd655b12) +--- + src/basic/log.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/basic/log.c b/src/basic/log.c +index 3fd53800a0..ad99773cbb 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -804,6 +804,7 @@ noreturn void log_assert_failed_realm( + const char *file, + int line, + const char *func) { ++ log_open(); + log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func, + "Assertion '%s' failed at %s:%u, function %s(). Aborting."); + abort(); +@@ -815,6 +816,7 @@ noreturn void log_assert_failed_unreachable_realm( + const char *file, + int line, + const char *func) { ++ log_open(); + log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func, + "Code should not be reached '%s' at %s:%u, function %s(). Aborting."); + abort(); diff --git a/0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch b/0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch new file mode 100644 index 0000000..00ddb00 --- /dev/null +++ b/0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch @@ -0,0 +1,38 @@ +From 7943496d000c91b917a6f61dd42749c490ba3b2d Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Thu, 31 Aug 2017 11:38:30 +0300 +Subject: [PATCH] sd-bus: use -- when passing arguments to ssh (#6706) + +This prevents `systemctl` from runnning /bin/touch when the following +command is used: +``` +systemctl -H '-oProxyCommand=/bin/touch i-shouldnt-be-here' show-environment +``` + +(cherry picked from commit 58c6e4a2c00c47d0941cb978ec025b13e1798bf3) +--- + src/libsystemd/sd-bus/sd-bus.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 2f065c2657..fc01191e4e 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -1344,7 +1344,7 @@ int bus_set_address_system_remote(sd_bus *b, const char *host) { + if (!e) + return -ENOMEM; + +- c = strjoina(",argv4=--machine=", m); ++ c = strjoina(",argv5=--machine=", m); + } + } + +@@ -1354,7 +1354,7 @@ int bus_set_address_system_remote(sd_bus *b, const char *host) { + return -ENOMEM; + } + +- b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=", e, ",argv3=systemd-stdio-bridge", c); ++ b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=--,argv3=", e, ",argv4=systemd-stdio-bridge", c); + if (!b->address) + return -ENOMEM; + diff --git a/0036-networkd-dont-crash-when-mtu-changes-6594.patch b/0036-networkd-dont-crash-when-mtu-changes-6594.patch new file mode 100644 index 0000000..af895d2 --- /dev/null +++ b/0036-networkd-dont-crash-when-mtu-changes-6594.patch @@ -0,0 +1,38 @@ +From 642b62dfb642a2695c091d11db727ef920715250 Mon Sep 17 00:00:00 2001 +From: Andrew Jeddeloh +Date: Thu, 31 Aug 2017 01:58:39 -0700 +Subject: [PATCH] networkd: dont crash when mtu changes (#6594) + +Prevent networkd from crashing when UseMTU is used. Many drivers will +bring the link down and then back up to configure a new MTU. Networkd +will also asynchonously send rtnl messages to configure the link and may +receive responses after the link has gone down and come back up (which +networkd will handle and set the lease and network to NULL. + +This changes the behavior to instead return if this is the case instead +of crashing via assert. + +(cherry picked from commit 0c9b15a38a558d8f84257455ee24174221069e9e) +--- + src/network/networkd-dhcp4.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c +index 9229b5753c..77771688e1 100644 +--- a/src/network/networkd-dhcp4.c ++++ b/src/network/networkd-dhcp4.c +@@ -71,8 +71,12 @@ static int link_set_dhcp_routes(Link *link) { + int r, n, i; + + assert(link); +- assert(link->dhcp_lease); +- assert(link->network); ++ ++ if (!link->dhcp_lease) /* link went down while we configured the IP addresses? */ ++ return 0; ++ ++ if (!link->network) /* link went down while we configured the IP addresses? */ ++ return 0; + + if (!link->network->dhcp_use_routes) + return 0; diff --git a/0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch b/0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch new file mode 100644 index 0000000..486c580 --- /dev/null +++ b/0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch @@ -0,0 +1,22 @@ +From af9f32c663c244f9f5f8bf5e0a7ae40b07bda4c7 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Wed, 23 Aug 2017 15:58:03 +0100 +Subject: [PATCH] logind: remember to remove '/run/systemd/shutdown/scheduled' + +(cherry picked from commit cbc373502f1d6e2df01e43538006e31975f555ec) +--- + src/login/logind-dbus.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index c9b7d99818..242ad4fb2b 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1496,6 +1496,7 @@ static void reset_scheduled_shutdown(Manager *m) { + (void) unlink("/run/nologin"); + m->unlink_nologin = false; + } ++ (void) unlink("/run/systemd/shutdown/scheduled"); + } + + static int execute_shutdown_or_sleep( diff --git a/0038-logind-method_schedule_shutdown-already-rejects-empt.patch b/0038-logind-method_schedule_shutdown-already-rejects-empt.patch new file mode 100644 index 0000000..3ae8b47 --- /dev/null +++ b/0038-logind-method_schedule_shutdown-already-rejects-empt.patch @@ -0,0 +1,34 @@ +From 2a0c34eea8f68811f6eee2ad32652f20182d322e Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Tue, 22 Aug 2017 13:54:21 +0100 +Subject: [PATCH] logind: method_schedule_shutdown() already rejects empty + `type` + +Don't test for an empty `type` afterwards. This is not how you cancel +scheduled shutdowns - there's a separate method for that. + +(cherry picked from commit f8169e62dfc9ea903bc880064a5d384cdc68db3e) +--- + src/login/logind-dbus.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 242ad4fb2b..f0943e56e0 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -2051,12 +2051,9 @@ static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_ + if (r < 0) + return r; + +- if (!isempty(type)) { +- r = update_schedule_file(m); +- if (r < 0) +- return r; +- } else +- (void) unlink("/run/systemd/shutdown/scheduled"); ++ r = update_schedule_file(m); ++ if (r < 0) ++ return r; + + return sd_bus_reply_method_return(message, NULL); + } diff --git a/0039-logind-add-missing-check-for-conflicting-operation-v.patch b/0039-logind-add-missing-check-for-conflicting-operation-v.patch new file mode 100644 index 0000000..ef57f60 --- /dev/null +++ b/0039-logind-add-missing-check-for-conflicting-operation-v.patch @@ -0,0 +1,55 @@ +From d0968b783128667b1db0e97d6774a0a1f15fa152 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Mon, 21 Aug 2017 11:49:25 +0100 +Subject: [PATCH] logind: add missing check for conflicting operation v.s. + scheduled shutdown + +> We don't want to shutdown while a suspend is running, and vice versa. +> This would be confusing and could lead to data loss in the worst case. + +https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1441253/comments/4 + +According to the above comment, if the conflicting operation is hung, +we don't want to force things when the admin has not passed a force option. + +Similarly if you're not an admin, you probably shouldn't get to sneak +around this check by using a scheduled shutdown instead of an unscheduled +one. (And no-one so far thought it necessary to add such a permission in +PolKit). + +Note that if the conflicting operation was _not_ hung, and we lost the +race with suspend, the system might not have shut down at the scheduled +time anyway. Which is no good if you were scheduling a power outage. +And scheduling a shutdown for an arbitrary time when the system is resumed, +does not seem a very useful semantic. More likely, scheduled shutdowns are +useful on systems which do not use suspend, such as multi-user servers. +(In which case even PolKit defaults likely don't let the users trigger +suspend). + +(cherry picked from commit b498d6ea9f72520c579035928d16c527d992bca8) +--- + src/login/logind-dbus.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index f0943e56e0..3f05c86f5c 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1946,9 +1946,15 @@ static int manager_scheduled_shutdown_handler( + else + target = SPECIAL_REBOOT_TARGET; + +- r = execute_shutdown_or_sleep(m, 0, target, &error); ++ /* Don't allow multiple jobs being executed at the same time */ ++ if (m->action_what) { ++ log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target); ++ return -EALREADY; ++ } ++ ++ r = execute_shutdown_or_sleep(m, INHIBIT_SHUTDOWN, target, &error); + if (r < 0) +- return log_error_errno(r, "Unable to execute transition to %s: %m", target); ++ return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target); + + return 0; + } diff --git a/0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch b/0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch new file mode 100644 index 0000000..742c9a6 --- /dev/null +++ b/0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch @@ -0,0 +1,179 @@ +From 7d9e4212490f7c42d419de4befb438e173380da7 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Mon, 21 Aug 2017 17:28:35 +0100 +Subject: [PATCH] logind: respect "delay" inhibitors in scheduled shutdowns + +There is no justification not to wait an extra (default) 5 seconds, for +a more graceful shutdown of user programs. Again, you don't get to ignore +delay inhibitors for unscheduled shutdowns, short of +`systemctl poweroff -f`. + +It is simplest if we move the test for `m->shutdown_dry_run` into +manager_scheduled_shutdown_handler(). + +However we need to not add such delays during a "dry run". Otherwise, we +would still have to be considered "in progress" for some seconds after our +admin has seen the final wall message. If they go to `poweroff`, we would +have blocked them with a misleading error message. Note this `poweroff` +will still process delay inhibitors as needed. If the admin planned to +use a more forceful method... eh. It's their responsibility to assess +whether that's safe. + +There is an argument that the alternative behaviour could be used (racily!) +to kludge around them not being able to shutdown to "single user mode". If +we cared about that case, we would have easily preserved non-racy support +for it in `shutdown`. + +Additionally, though I think this code does read more easily by reducing +inconsistencies, we didn't come up with any use case for delay inhibitors +v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we +allow a whole 90 seconds for it, not just 5. So I don't think keeping this +approach bears a risk of significant damage. + +[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/ + +(cherry picked from commit df75a1a8aa5420335a56093077fa8cfcbfffac78) +--- + src/login/logind-dbus.c | 91 ++++++++++++++++++++++++++----------------------- + 1 file changed, 48 insertions(+), 43 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 3f05c86f5c..1fd64d32b7 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1399,7 +1399,6 @@ static int have_multiple_sessions( + + static int bus_manager_log_shutdown( + Manager *m, +- InhibitWhat w, + const char *unit_name) { + + const char *p, *q; +@@ -1407,9 +1406,6 @@ static int bus_manager_log_shutdown( + assert(m); + assert(unit_name); + +- if (w != INHIBIT_SHUTDOWN) +- return 0; +- + if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) { + p = "MESSAGE=System is powering down"; + q = "SHUTDOWN=power-off"; +@@ -1484,21 +1480,6 @@ int manager_set_lid_switch_ignore(Manager *m, usec_t until) { + return r; + } + +-static void reset_scheduled_shutdown(Manager *m) { +- m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source); +- m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source); +- m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source); +- m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type); +- m->scheduled_shutdown_timeout = 0; +- m->shutdown_dry_run = false; +- +- if (m->unlink_nologin) { +- (void) unlink("/run/nologin"); +- m->unlink_nologin = false; +- } +- (void) unlink("/run/systemd/shutdown/scheduled"); +-} +- + static int execute_shutdown_or_sleep( + Manager *m, + InhibitWhat w, +@@ -1515,32 +1496,28 @@ static int execute_shutdown_or_sleep( + assert(w < _INHIBIT_WHAT_MAX); + assert(unit_name); + +- bus_manager_log_shutdown(m, w, unit_name); ++ if (w == INHIBIT_SHUTDOWN) ++ bus_manager_log_shutdown(m, unit_name); + +- if (m->shutdown_dry_run) { +- log_info("Running in dry run, suppressing action."); +- reset_scheduled_shutdown(m); +- } else { +- r = sd_bus_call_method( +- m->bus, +- "org.freedesktop.systemd1", +- "/org/freedesktop/systemd1", +- "org.freedesktop.systemd1.Manager", +- "StartUnit", +- error, +- &reply, +- "ss", unit_name, "replace-irreversibly"); +- if (r < 0) +- return r; ++ r = sd_bus_call_method( ++ m->bus, ++ "org.freedesktop.systemd1", ++ "/org/freedesktop/systemd1", ++ "org.freedesktop.systemd1.Manager", ++ "StartUnit", ++ error, ++ &reply, ++ "ss", unit_name, "replace-irreversibly"); ++ if (r < 0) ++ return r; + +- r = sd_bus_message_read(reply, "o", &p); +- if (r < 0) +- return r; ++ r = sd_bus_message_read(reply, "o", &p); ++ if (r < 0) ++ return r; + +- c = strdup(p); +- if (!c) +- return -ENOMEM; +- } ++ c = strdup(p); ++ if (!c) ++ return -ENOMEM; + + m->action_unit = unit_name; + free(m->action_job); +@@ -1924,6 +1901,21 @@ fail: + return log_error_errno(r, "Failed to write information about scheduled shutdowns: %m"); + } + ++static void reset_scheduled_shutdown(Manager *m) { ++ m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source); ++ m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source); ++ m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source); ++ m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type); ++ m->scheduled_shutdown_timeout = 0; ++ m->shutdown_dry_run = false; ++ ++ if (m->unlink_nologin) { ++ (void) unlink("/run/nologin"); ++ m->unlink_nologin = false; ++ } ++ (void) unlink("/run/systemd/shutdown/scheduled"); ++} ++ + static int manager_scheduled_shutdown_handler( + sd_event_source *s, + uint64_t usec, +@@ -1952,7 +1944,20 @@ static int manager_scheduled_shutdown_handler( + return -EALREADY; + } + +- r = execute_shutdown_or_sleep(m, INHIBIT_SHUTDOWN, target, &error); ++ if (m->shutdown_dry_run) { ++ /* We do not process delay inhibitors here. Otherwise, we ++ * would have to be considered "in progress" (like the check ++ * above) for some seconds after our admin has seen the final ++ * wall message. */ ++ ++ bus_manager_log_shutdown(m, target); ++ log_info("Running in dry run, suppressing action."); ++ reset_scheduled_shutdown(m); ++ ++ return 0; ++ } ++ ++ r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error); + if (r < 0) + return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target); + diff --git a/0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch b/0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch new file mode 100644 index 0000000..4e69fcd --- /dev/null +++ b/0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch @@ -0,0 +1,166 @@ +From 1e3b4e30a2d030e9f81584a61b32b6541754fe02 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Thu, 24 Aug 2017 10:33:24 +0100 +Subject: [PATCH] logind: add missing resume signal when we fail to initiate + sleep/shutdown + +This fixed https://bugzilla.redhat.com/show_bug.cgi?id=1476313 +as much as I was able to reproduce it in a VM, at least. + +E.g. this signal might wake the screen back up, providing a more visible +indicator of suspend failure. In my VM testing, it was also required in +order to unblock keyboard input in gnome-shell after the failed suspend. + +At the same time, fix the error handling for scheduled shutdowns. This now +mirrors the behaviour of when you use `shutdown -k` - it sends all the +scary messages about shutting down, "but you'll have to do it [shut down +the system] yourself". It also avoids the risk of locking out the admin +(nologin file), in case they logged out for some reason (and they use +`sudo` instead of root). + +Not that I have any idea why you'd want to use `shutdown -k`, but the code +is easier to analyze if it rolls back on error (in the absence of any code +comment as to why that's not wanted). + +(cherry picked from commit 6d7f7fd49f8a094fc36e750de1e80afea80c8228) +--- + src/login/logind-dbus.c | 76 ++++++++++++++++++++++++++++++------------------- + 1 file changed, 46 insertions(+), 30 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 1fd64d32b7..e868a48f8c 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1480,6 +1480,28 @@ int manager_set_lid_switch_ignore(Manager *m, usec_t until) { + return r; + } + ++static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) { ++ ++ static const char * const signal_name[_INHIBIT_WHAT_MAX] = { ++ [INHIBIT_SHUTDOWN] = "PrepareForShutdown", ++ [INHIBIT_SLEEP] = "PrepareForSleep" ++ }; ++ ++ int active = _active; ++ ++ assert(m); ++ assert(w >= 0); ++ assert(w < _INHIBIT_WHAT_MAX); ++ assert(signal_name[w]); ++ ++ return sd_bus_emit_signal(m->bus, ++ "/org/freedesktop/login1", ++ "org.freedesktop.login1.Manager", ++ signal_name[w], ++ "b", ++ active); ++} ++ + static int execute_shutdown_or_sleep( + Manager *m, + InhibitWhat w, +@@ -1509,15 +1531,17 @@ static int execute_shutdown_or_sleep( + &reply, + "ss", unit_name, "replace-irreversibly"); + if (r < 0) +- return r; ++ goto error; + + r = sd_bus_message_read(reply, "o", &p); + if (r < 0) +- return r; ++ goto error; + + c = strdup(p); +- if (!c) +- return -ENOMEM; ++ if (!c) { ++ r = -ENOMEM; ++ goto error; ++ } + + m->action_unit = unit_name; + free(m->action_job); +@@ -1528,6 +1552,12 @@ static int execute_shutdown_or_sleep( + manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec); + + return 0; ++ ++error: ++ /* Tell people that they now may take a lock again */ ++ send_prepare_for(m, m->action_what, false); ++ ++ return r; + } + + int manager_dispatch_delayed(Manager *manager, bool timeout) { +@@ -1558,7 +1588,8 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) { + /* Actually do the operation */ + r = execute_shutdown_or_sleep(manager, manager->action_what, manager->action_unit, &error); + if (r < 0) { +- log_warning("Failed to send delayed message: %s", bus_error_message(&error, r)); ++ log_warning("Error during inhibitor-delayed operation (already returned success to client): %s", ++ bus_error_message(&error, r)); + + manager->action_unit = NULL; + manager->action_what = 0; +@@ -1619,28 +1650,6 @@ static int delay_shutdown_or_sleep( + return 0; + } + +-static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) { +- +- static const char * const signal_name[_INHIBIT_WHAT_MAX] = { +- [INHIBIT_SHUTDOWN] = "PrepareForShutdown", +- [INHIBIT_SLEEP] = "PrepareForSleep" +- }; +- +- int active = _active; +- +- assert(m); +- assert(w >= 0); +- assert(w < _INHIBIT_WHAT_MAX); +- assert(signal_name[w]); +- +- return sd_bus_emit_signal(m->bus, +- "/org/freedesktop/login1", +- "org.freedesktop.login1.Manager", +- signal_name[w], +- "b", +- active); +-} +- + int bus_manager_shutdown_or_sleep_now_or_later( + Manager *m, + const char *unit_name, +@@ -1940,8 +1949,9 @@ static int manager_scheduled_shutdown_handler( + + /* Don't allow multiple jobs being executed at the same time */ + if (m->action_what) { ++ r = -EALREADY; + log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target); +- return -EALREADY; ++ goto error; + } + + if (m->shutdown_dry_run) { +@@ -1958,10 +1968,16 @@ static int manager_scheduled_shutdown_handler( + } + + r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error); +- if (r < 0) +- return log_error_errno(r, "Scheduled shutdown to %s failed: %m", target); ++ if (r < 0) { ++ log_error_errno(r, "Scheduled shutdown to %s failed: %m", target); ++ goto error; ++ } + + return 0; ++ ++error: ++ reset_scheduled_shutdown(m); ++ return r; + } + + static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) { diff --git a/0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch b/0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch new file mode 100644 index 0000000..855bbe6 --- /dev/null +++ b/0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch @@ -0,0 +1,37 @@ +From ee4cb7618ab6232c78865357a153d99a4023ad13 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Thu, 24 Aug 2017 15:21:21 +0100 +Subject: [PATCH] logind: tighten assertion in execute_shutdown_or_sleep() + +Following commit b498d6ea, I belated realized we should tighten the +assertions as well, to make sure that we're setting `m->action_what` to +represent an action in progress. (The check for an action in progress is +to compare `m->action_what` to zero) + +(cherry picked from commit b61fa4e00166b2bf593e0f6edbb277543f03915f) +--- + src/login/logind-dbus.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index e868a48f8c..ba5cb19c6b 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1514,7 +1514,7 @@ static int execute_shutdown_or_sleep( + int r; + + assert(m); +- assert(w >= 0); ++ assert(w > 0); + assert(w < _INHIBIT_WHAT_MAX); + assert(unit_name); + +@@ -1661,7 +1661,7 @@ int bus_manager_shutdown_or_sleep_now_or_later( + + assert(m); + assert(unit_name); +- assert(w >= 0); ++ assert(w > 0); + assert(w <= _INHIBIT_WHAT_MAX); + assert(!m->action_job); + diff --git a/0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch b/0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch new file mode 100644 index 0000000..6b741e1 --- /dev/null +++ b/0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch @@ -0,0 +1,60 @@ +From 9ad12be34d5f12c91b26e859fb8aac184f50cea5 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 31 Aug 2017 12:45:25 +0200 +Subject: [PATCH] tmpfiles: with "e" don't attempt to set permissions when file + doesn't exist (#6682) + +tmpfiles.d option "e" when run through systemd-tmpfiles --create should +apply configured permissions (uid,gid) only to already existing +files. When file doesn't exist we bail out with error. Instead we should +silently ignore non-existing files. + +$ useradd test +$ cat /etc/tmpfiles.d/foobar.conf +e /tmp/test - test test 1d +$ ls -l /tmp/test +ls: cannot access '/tmp/test': No such file or directory + +Before: +$ systemd-tmpfiles --create /etc/tmpfiles.d/foobar.conf +Adjusting owner and mode for /tmp/test failed: No such file or directory +$ echo $? +1 + +After: +$ systemd-tmpfiles --create /etc/tmpfiles.d/foobar.conf +$ echo $? +0 + +(cherry picked from commit 780e2ee187e373565f9ded2859f8c6c7760b814a) +--- + src/tmpfiles/tmpfiles.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 9419c99e28..0ee606fc30 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -617,8 +617,20 @@ static int path_set_perms(Item *i, const char *path) { + * O_PATH. */ + + fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); +- if (fd < 0) +- return log_error_errno(errno, "Adjusting owner and mode for %s failed: %m", path); ++ if (fd < 0) { ++ int level = LOG_ERR, r = -errno; ++ ++ /* Option "e" operates only on existing objects. Do not ++ * print errors about non-existent files or directories */ ++ if (i->type == EMPTY_DIRECTORY && errno == ENOENT) { ++ level = LOG_DEBUG; ++ r = 0; ++ } ++ ++ log_full_errno(level, errno, "Adjusting owner and mode for %s failed: %m", path); ++ ++ return r; ++ } + + if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0) + return log_error_errno(errno, "Failed to fstat() file %s: %m", path); diff --git a/0044-man-fix-path-for-storing-random-seed.patch b/0044-man-fix-path-for-storing-random-seed.patch new file mode 100644 index 0000000..ce7d468 --- /dev/null +++ b/0044-man-fix-path-for-storing-random-seed.patch @@ -0,0 +1,23 @@ +From 000caa49a4ca3c18f38ac8dbb3d8bde39bc7cbbe Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 31 Aug 2017 18:31:08 +0900 +Subject: [PATCH] man: fix path for storing random seed + +(cherry picked from commit 621a2c804ce91763221799cde9d412423fcf8b51) +--- + man/systemd-random-seed.service.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/systemd-random-seed.service.xml b/man/systemd-random-seed.service.xml +index f3b5a947da..9ec01b6c34 100644 +--- a/man/systemd-random-seed.service.xml ++++ b/man/systemd-random-seed.service.xml +@@ -48,7 +48,7 @@ + + + systemd-random-seed.service +- /usr/lib/systemd/systemd-random-seed ++ /usr/lib/systemd/random-seed + + + diff --git a/0045-Load-virtio_rng-early-in-the-game-6710.patch b/0045-Load-virtio_rng-early-in-the-game-6710.patch new file mode 100644 index 0000000..a417803 --- /dev/null +++ b/0045-Load-virtio_rng-early-in-the-game-6710.patch @@ -0,0 +1,91 @@ +From 59e70293dbf06106c2f4a152f234581e284fae5f Mon Sep 17 00:00:00 2001 +From: Harald Hoyer +Date: Thu, 31 Aug 2017 15:33:33 +0200 +Subject: [PATCH] Load virtio_rng early in the game (#6710) + +If true randomness is needed before udev is triggered, which would load +virtio_rng, reading /dev/random takes forever and the boot stalls for a +long time. + +(cherry picked from commit 6c1f72f626355615daee0e5a7ef7044759251a23) +--- + src/core/kmod-setup.c | 41 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c +index fd1021f706..9f69a6d925 100644 +--- a/src/core/kmod-setup.c ++++ b/src/core/kmod-setup.c +@@ -17,6 +17,7 @@ + along with systemd; If not, see . + ***/ + ++#include + #include + #include + +@@ -24,10 +25,13 @@ + #include + #endif + ++#include "alloc-util.h" + #include "bus-util.h" + #include "capability-util.h" ++#include "fileio.h" + #include "kmod-setup.h" + #include "macro.h" ++#include "string-util.h" + + #ifdef HAVE_KMOD + static void systemd_kmod_log( +@@ -45,6 +49,41 @@ static void systemd_kmod_log( + } + #endif + ++static int has_virtio_rng_nftw_cb( ++ const char *fpath, ++ const struct stat *sb, ++ int tflag, ++ struct FTW *ftwbuf) { ++ ++ _cleanup_free_ char *alias = NULL; ++ int r; ++ ++ if ((FTW_D == tflag) && (ftwbuf->level > 2)) ++ return FTW_SKIP_SUBTREE; ++ ++ if (FTW_F != tflag) ++ return FTW_CONTINUE; ++ ++ if (!endswith(fpath, "/modalias")) ++ return FTW_CONTINUE; ++ ++ r = read_one_line_file(fpath, &alias); ++ if (r < 0) ++ return FTW_SKIP_SIBLINGS; ++ ++ if (startswith(alias, "pci:v00001AF4d00001005")) ++ return FTW_STOP; ++ ++ if (startswith(alias, "pci:v00001AF4d00001044")) ++ return FTW_STOP; ++ ++ return FTW_SKIP_SIBLINGS; ++} ++ ++static bool has_virtio_rng(void) { ++ return (nftw("/sys/devices/pci0000:00", has_virtio_rng_nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL) == FTW_STOP); ++} ++ + int kmod_setup(void) { + #ifdef HAVE_KMOD + +@@ -68,6 +107,8 @@ int kmod_setup(void) { + /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */ + { "ip_tables", "/proc/net/ip_tables_names", false, false, NULL }, + #endif ++ /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */ ++ { "virtio_rng", NULL, false, false, has_virtio_rng }, + }; + struct kmod_ctx *ctx = NULL; + unsigned int i; diff --git a/0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch b/0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch new file mode 100644 index 0000000..b5738a9 --- /dev/null +++ b/0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch @@ -0,0 +1,76 @@ +From 2c655092f8cd7c20c4146254cb549ff9ba795fda Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 4 Sep 2017 23:35:07 +1000 +Subject: [PATCH] tmpfiles: silently ignore any path that passes through autofs + (#6506) + +If a path passes though an autofs filesystem, then accessing +the path might trigger and automount. As systemd-tmpfiles is run before +the network is up, and as automounts are often used for networked +filesystems, this can cause a deadlock. + +So chase_symlinks is enhance to accept a new flag which tells it +to check for autofs, and return -EREMOTE if autofs is found. + +tmpfiles is changed to check just before acting on a path so that it +can avoid autofs even if a symlink was created earlier by tmpfiles +that would send this path through an autofs. + +This fixes a deadlock that happens when /home is listed in /etc/fstab as +x-systemd.automount for an NFS directory. + +(cherry picked from commit 655f2da0790d0f8670f7a4c7da1833786ce0137e) +--- + src/basic/fs-util.c | 4 ++++ + src/basic/fs-util.h | 1 + + src/tmpfiles/tmpfiles.c | 3 +++ + 3 files changed, 8 insertions(+) + +diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c +index 8fe19ee4e4..5b3bd0c45d 100644 +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -721,6 +722,9 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + + if (fstat(child, &st) < 0) + return -errno; ++ if ((flags & CHASE_NO_AUTOFS) && ++ fd_check_fstype(child, AUTOFS_SUPER_MAGIC) > 0) ++ return -EREMOTE; + + if (S_ISLNK(st.st_mode)) { + char *joined; +diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h +index 094acf1799..d3342d5cda 100644 +--- a/src/basic/fs-util.h ++++ b/src/basic/fs-util.h +@@ -81,6 +81,7 @@ int inotify_add_watch_fd(int fd, int what, uint32_t mask); + enum { + CHASE_PREFIX_ROOT = 1, /* If set, the specified path will be prefixed by the specified root before beginning the iteration */ + CHASE_NONEXISTENT = 2, /* If set, it's OK if the path doesn't actually exist. */ ++ CHASE_NO_AUTOFS = 4, /* If set, return -EREMOTE if autofs mount point found */ + }; + + int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret); +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 0ee606fc30..be52398f5f 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -1655,6 +1655,9 @@ static int process_item(Item *i) { + } + } + ++ if (chase_symlinks(i->path, NULL, CHASE_NO_AUTOFS, NULL) == -EREMOTE) ++ return t; ++ + r = arg_create ? create_item(i) : 0; + q = arg_remove ? remove_item(i) : 0; + p = arg_clean ? clean_item(i) : 0; diff --git a/0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch b/0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch new file mode 100644 index 0000000..396f6e0 --- /dev/null +++ b/0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch @@ -0,0 +1,36 @@ +From adc820ae57baf6d60884a5280cbb2f4842454131 Mon Sep 17 00:00:00 2001 +From: ettavolt +Date: Mon, 4 Sep 2017 16:36:52 +0300 +Subject: [PATCH] 6647 - use path_startswith("/dev") in cryptsetup (#6732) + +For both key and partition paths. + +(cherry picked from commit 048dd629c4590eefb2ebd6a316c7350ed3a6ff19) + +This fixes https://github.com/systemd/systemd/issues/6647. +--- + src/cryptsetup/cryptsetup-generator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index f737f82b55..afc5d7cf49 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -129,7 +129,7 @@ static int create_disk( + + if (!path_equal(uu, "/dev/null")) { + +- if (is_device_path(uu)) { ++ if (path_startswith(uu, "/dev/")) { + _cleanup_free_ char *dd = NULL; + + r = unit_name_from_path(uu, ".device", &dd); +@@ -143,7 +143,7 @@ static int create_disk( + } + } + +- if (is_device_path(u)) { ++ if (path_startswith(u, "/dev/")) { + fprintf(f, + "BindsTo=%s\n" + "After=%s\n" diff --git a/0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch b/0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch new file mode 100644 index 0000000..0bc57a0 --- /dev/null +++ b/0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch @@ -0,0 +1,26 @@ +From 7fa052cef9680e30e07a74423c440a2b79e81916 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 1 Sep 2017 17:03:01 +0900 +Subject: [PATCH] systemd-mount: fix that wrong argument is used for + arg_mount_what + +(cherry picked from commit 4185da7c4daf32bd9b5809fd6de99e52cb903bba) +--- + src/mount/mount-tool.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c +index ed6578d540..10bb5dda63 100644 +--- a/src/mount/mount-tool.c ++++ b/src/mount/mount-tool.c +@@ -344,9 +344,8 @@ static int parse_argv(int argc, char *argv[]) { + arg_mount_what = canonicalize_file_name(p); + if (!arg_mount_what) + return log_error_errno(errno, "Failed to canonicalize path: %m"); +- + } else { +- arg_mount_what = strdup(argv[optind+1]); ++ arg_mount_what = strdup(argv[optind]); + if (!arg_mount_what) + return log_oom(); + diff --git a/0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch b/0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch new file mode 100644 index 0000000..49681a7 --- /dev/null +++ b/0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch @@ -0,0 +1,90 @@ +From 3e8acdaf07d4f32b9df199d47b08f1ce67d27435 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 4 Sep 2017 10:55:51 +0900 +Subject: [PATCH] systemd-mount: allow to specify an arbitrary string for + arg_mount_what when vfs is used + +Fixes #6591. + +(cherry picked from commit e2be442e791fa1150aa835c684acc6d7189de3e1) +--- + src/basic/mount-util.c | 26 ++++++++++++++++++++++++++ + src/basic/mount-util.h | 1 + + src/mount/mount-tool.c | 8 +++++++- + 3 files changed, 34 insertions(+), 1 deletion(-) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index 7b9400b47c..cff44116c8 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -552,6 +552,32 @@ bool fstype_is_network(const char *fstype) { + return nulstr_contains(table, fstype); + } + ++bool fstype_is_api_vfs(const char *fstype) { ++ static const char table[] = ++ "autofs\0" ++ "bpf\0" ++ "cgroup\0" ++ "cgroup2\0" ++ "configfs\0" ++ "cpuset\0" ++ "debugfs\0" ++ "devpts\0" ++ "devtmpfs\0" ++ "efivarfs\0" ++ "hugetlbfs\0" ++ "mqueue\0" ++ "proc\0" ++ "pstore\0" ++ "ramfs\0" ++ "securityfs\0" ++ "sysfs\0" ++ "tmpfs\0" ++ "tracefs\0" ++ ; ++ ++ return nulstr_contains(table, fstype); ++} ++ + int repeat_unmount(const char *path, int flags) { + bool done = false; + +diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h +index 2e24a184c5..70af11c2ff 100644 +--- a/src/basic/mount-util.h ++++ b/src/basic/mount-util.h +@@ -44,6 +44,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent); + #define _cleanup_endmntent_ _cleanup_(endmntentp) + + bool fstype_is_network(const char *fstype); ++bool fstype_is_api_vfs(const char *fstype); + + union file_handle_union { + struct file_handle handle; +diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c +index 10bb5dda63..3c974addda 100644 +--- a/src/mount/mount-tool.c ++++ b/src/mount/mount-tool.c +@@ -30,6 +30,7 @@ + #include "fd-util.h" + #include "fileio.h" + #include "fstab-util.h" ++#include "mount-util.h" + #include "pager.h" + #include "parse-util.h" + #include "path-util.h" +@@ -330,7 +331,12 @@ static int parse_argv(int argc, char *argv[]) { + return -EINVAL; + } + +- if (arg_transport == BUS_TRANSPORT_LOCAL) { ++ if (arg_mount_type && (fstype_is_api_vfs(arg_mount_type) || fstype_is_network(arg_mount_type))) { ++ arg_mount_what = strdup(argv[optind]); ++ if (!arg_mount_what) ++ return log_oom(); ++ ++ } else if (arg_transport == BUS_TRANSPORT_LOCAL) { + _cleanup_free_ char *u = NULL, *p = NULL; + + u = fstab_node_to_udev_node(argv[optind]); diff --git a/0050-rfkill-Lookup-device-in-determine_state_file.patch b/0050-rfkill-Lookup-device-in-determine_state_file.patch new file mode 100644 index 0000000..a30264b --- /dev/null +++ b/0050-rfkill-Lookup-device-in-determine_state_file.patch @@ -0,0 +1,83 @@ +From 55a2b3a6031502c97cb467f1bfd5ddc86f7ac408 Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Thu, 31 Aug 2017 17:34:08 +0200 +Subject: [PATCH] rfkill: Lookup device in determine_state_file + +None of the callers actually need the device itself. So it makes sense +to do the lookup inside determine_state_file instead. + +(cherry picked from commit 8e707663135d28176163c9363c558ecac17c9ddb) +--- + src/rfkill/rfkill.c | 21 +++++++-------------- + 1 file changed, 7 insertions(+), 14 deletions(-) + +diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c +index 470853d1d2..3adbd20d8b 100644 +--- a/src/rfkill/rfkill.c ++++ b/src/rfkill/rfkill.c +@@ -162,18 +162,21 @@ static int wait_for_initialized( + static int determine_state_file( + struct udev *udev, + const struct rfkill_event *event, +- struct udev_device *d, + char **ret) { + ++ _cleanup_udev_device_unref_ struct udev_device *d = NULL; + _cleanup_udev_device_unref_ struct udev_device *device = NULL; + const char *path_id, *type; + char *state_file; + int r; + + assert(event); +- assert(d); + assert(ret); + ++ r = find_device(udev, event, &d); ++ if (r < 0) ++ return r; ++ + r = wait_for_initialized(udev, d, &device); + if (r < 0) + return r; +@@ -204,7 +207,6 @@ static int load_state( + struct udev *udev, + const struct rfkill_event *event) { + +- _cleanup_udev_device_unref_ struct udev_device *device = NULL; + _cleanup_free_ char *state_file = NULL, *value = NULL; + struct rfkill_event we; + ssize_t l; +@@ -217,11 +219,7 @@ static int load_state( + if (shall_restore_state() == 0) + return 0; + +- r = find_device(udev, event, &device); +- if (r < 0) +- return r; +- +- r = determine_state_file(udev, event, device, &state_file); ++ r = determine_state_file(udev, event, &state_file); + if (r < 0) + return r; + +@@ -266,7 +264,6 @@ static int save_state( + struct udev *udev, + const struct rfkill_event *event) { + +- _cleanup_udev_device_unref_ struct udev_device *device = NULL; + _cleanup_free_ char *state_file = NULL; + int r; + +@@ -274,11 +271,7 @@ static int save_state( + assert(udev); + assert(event); + +- r = find_device(udev, event, &device); +- if (r < 0) +- return r; +- +- r = determine_state_file(udev, event, device, &state_file); ++ r = determine_state_file(udev, event, &state_file); + if (r < 0) + return r; + diff --git a/0051-rfkill-Delay-writes-until-exit-5768.patch b/0051-rfkill-Delay-writes-until-exit-5768.patch new file mode 100644 index 0000000..2ac3f8a --- /dev/null +++ b/0051-rfkill-Delay-writes-until-exit-5768.patch @@ -0,0 +1,191 @@ +From a43c13e3cafe4f4499f81014cbbf6bd8a4d4712b Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Thu, 31 Aug 2017 17:36:37 +0200 +Subject: [PATCH] rfkill: Delay writes until exit (#5768) + +On thinkpads there are two rfkill devices for bluetooth. The first is an +ACPI switch which powers down the USB dongle and the second one is the +USB dongle itself. So when userspace decides to enable rfkill on all +devices systemd would randomly save the soft block state of the USB +dongle. This later causes issue when re-enabling the devie as +systemd-rfkill would put the USB dongle into soft block state right +after the ACPI rfkill switch is unblocked by userspace. + +The simple way to avoid this is to not store rfkill changes for devices +that disappear shortly after. That way only the "main" ACPI switch will +get stored and systemd-rfkill will not end up blocking the device right +after it is being added back again. + +(cherry picked from commit 202cb8c396deb90f841359054ca19f1c47fc8604) +--- + src/rfkill/rfkill.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 99 insertions(+), 5 deletions(-) + +diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c +index 3adbd20d8b..c934b70156 100644 +--- a/src/rfkill/rfkill.c ++++ b/src/rfkill/rfkill.c +@@ -35,9 +35,27 @@ + #include "string-util.h" + #include "udev-util.h" + #include "util.h" ++#include "list.h" + ++/* Note that any write is delayed until exit and the rfkill state will not be ++ * stored for rfkill indices that disappear after a change. */ + #define EXIT_USEC (5 * USEC_PER_SEC) + ++typedef struct write_queue_item { ++ LIST_FIELDS(struct write_queue_item, queue); ++ int rfkill_idx; ++ char *file; ++ int state; ++} write_queue_item; ++ ++static void write_queue_item_free(struct write_queue_item *item) ++{ ++ assert(item); ++ ++ free(item->file); ++ free(item); ++} ++ + static const char* const rfkill_type_table[NUM_RFKILL_TYPES] = { + [RFKILL_TYPE_ALL] = "all", + [RFKILL_TYPE_WLAN] = "wlan", +@@ -259,12 +277,30 @@ static int load_state( + return 0; + } + +-static int save_state( ++static void save_state_queue_remove( ++ struct write_queue_item **write_queue, ++ int idx, ++ char *state_file) { ++ ++ struct write_queue_item *item, *tmp; ++ ++ LIST_FOREACH_SAFE(queue, item, tmp, *write_queue) { ++ if ((state_file && streq(item->file, state_file)) || idx == item->rfkill_idx) { ++ log_debug("Canceled previous save state of '%s' to %s.", one_zero(item->state), item->file); ++ LIST_REMOVE(queue, *write_queue, item); ++ write_queue_item_free(item); ++ } ++ } ++} ++ ++static int save_state_queue( ++ struct write_queue_item **write_queue, + int rfkill_fd, + struct udev *udev, + const struct rfkill_event *event) { + + _cleanup_free_ char *state_file = NULL; ++ struct write_queue_item *item; + int r; + + assert(rfkill_fd >= 0); +@@ -274,16 +310,69 @@ static int save_state( + r = determine_state_file(udev, event, &state_file); + if (r < 0) + return r; ++ save_state_queue_remove(write_queue, event->idx, state_file); ++ ++ item = new0(struct write_queue_item, 1); ++ if (!item) ++ return -ENOMEM; + +- r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); ++ item->file = state_file; ++ item->rfkill_idx = event->idx; ++ item->state = event->soft; ++ state_file = NULL; ++ ++ LIST_APPEND(queue, *write_queue, item); ++ ++ return 0; ++} ++ ++static int save_state_cancel( ++ struct write_queue_item **write_queue, ++ int rfkill_fd, ++ struct udev *udev, ++ const struct rfkill_event *event) { ++ ++ _cleanup_free_ char *state_file = NULL; ++ int r; ++ ++ assert(rfkill_fd >= 0); ++ assert(udev); ++ assert(event); ++ ++ r = determine_state_file(udev, event, &state_file); ++ save_state_queue_remove(write_queue, event->idx, state_file); + if (r < 0) +- return log_error_errno(r, "Failed to write state file %s: %m", state_file); ++ return r; + +- log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file); + return 0; + } + ++static int save_state_write(struct write_queue_item **write_queue) { ++ struct write_queue_item *item, *tmp; ++ int result = 0; ++ bool error_logged = false; ++ int r; ++ ++ LIST_FOREACH_SAFE(queue, item, tmp, *write_queue) { ++ r = write_string_file(item->file, one_zero(item->state), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); ++ if (r < 0) { ++ result = r; ++ if (!error_logged) { ++ log_error_errno(r, "Failed to write state file %s: %m", item->file); ++ error_logged = true; ++ } else ++ log_warning_errno(r, "Failed to write state file %s: %m", item->file); ++ } else ++ log_debug("Saved state '%s' to %s.", one_zero(item->state), item->file); ++ ++ LIST_REMOVE(queue, *write_queue, item); ++ write_queue_item_free(item); ++ } ++ return result; ++} ++ + int main(int argc, char *argv[]) { ++ LIST_HEAD(write_queue_item, write_queue); + _cleanup_udev_unref_ struct udev *udev = NULL; + _cleanup_close_ int rfkill_fd = -1; + bool ready = false; +@@ -294,6 +383,8 @@ int main(int argc, char *argv[]) { + return EXIT_FAILURE; + } + ++ LIST_HEAD_INIT(write_queue); ++ + log_set_target(LOG_TARGET_AUTO); + log_parse_environment(); + log_open(); +@@ -403,11 +494,12 @@ int main(int argc, char *argv[]) { + + case RFKILL_OP_DEL: + log_debug("An rfkill device has been removed with index %i and type %s", event.idx, type); ++ (void) save_state_cancel(&write_queue, rfkill_fd, udev, &event); + break; + + case RFKILL_OP_CHANGE: + log_debug("An rfkill device has changed state with index %i and type %s", event.idx, type); +- (void) save_state(rfkill_fd, udev, &event); ++ (void) save_state_queue(&write_queue, rfkill_fd, udev, &event); + break; + + default: +@@ -419,5 +511,7 @@ int main(int argc, char *argv[]) { + r = 0; + + finish: ++ (void) save_state_write(&write_queue); ++ + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; + } diff --git a/0052-systemctl-check-existence-of-all-units-not-just-the-.patch b/0052-systemctl-check-existence-of-all-units-not-just-the-.patch new file mode 100644 index 0000000..5cc2acf --- /dev/null +++ b/0052-systemctl-check-existence-of-all-units-not-just-the-.patch @@ -0,0 +1,36 @@ +From 6aaee522ca978f2982e630508d7e14dc28d74907 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 2 Sep 2017 17:37:08 +0300 +Subject: [PATCH] systemctl: check existence of all units, not just the first + one + +(cherry picked from commit f8d6cb48a363ddae6fab50636ccc433b5f4dd604) +--- + src/systemctl/systemctl.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 83ed9ef9f7..a1b956111b 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -6201,11 +6201,15 @@ static int enable_unit(int argc, char *argv[], void *userdata) { + sd_bus *bus; + + if (STR_IN_SET(verb, "mask", "unmask")) { +- r = unit_exists(*names); +- if (r < 0) +- return r; +- if (r == 0) +- log_notice("Unit %s does not exist, proceeding anyway.", *names); ++ char **name; ++ ++ STRV_FOREACH(name, names) { ++ r = unit_exists(*name); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ log_notice("Unit %s does not exist, proceeding anyway.", *names); ++ } + } + + r = acquire_bus(BUS_MANAGER, &bus); diff --git a/0053-systemctl-fix-masking-of-template-units.patch b/0053-systemctl-fix-masking-of-template-units.patch new file mode 100644 index 0000000..513b652 --- /dev/null +++ b/0053-systemctl-fix-masking-of-template-units.patch @@ -0,0 +1,151 @@ +From 332a9f7e0105d223aed58e9b6504ec78bd22328c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 3 Sep 2017 17:45:54 +0300 +Subject: [PATCH] systemctl: fix masking of template units + +systemctl would try to load the properties of the unit, which is impossible +for template names, and the whole operation would fail. It seems that this +regression was introduced in 00c83b430020914499bebf22be6b258f518ae291. + +Export the part of unit_find_paths() responsible for locating instance unit +fragments and reuse it from unit_exists() to fix the handling of template +units. + +Fixes #6412. + +(cherry picked from commit 173471b771a52baa7f705019600956e875b0cb9a) +--- + src/systemctl/systemctl.c | 68 ++++++++++++++++++++++++++++++++++------------- + 1 file changed, 49 insertions(+), 19 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index a1b956111b..a5f248e865 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -2480,7 +2480,6 @@ static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **un + + assert(lp); + assert(unit_name); +- assert(unit_path); + + STRV_FOREACH(p, lp->search_path) { + _cleanup_free_ char *path = NULL, *lpath = NULL; +@@ -2498,14 +2497,48 @@ static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **un + if (r < 0) + return log_error_errno(r, "Failed to access path '%s': %m", path); + +- *unit_path = lpath; +- lpath = NULL; ++ if (unit_path) { ++ *unit_path = lpath; ++ lpath = NULL; ++ } + return 1; + } + + return 0; + } + ++static int unit_find_template_path( ++ const char *unit_name, ++ LookupPaths *lp, ++ char **fragment_path, ++ char **template) { ++ ++ _cleanup_free_ char *_template = NULL; ++ int r; ++ ++ /* Returns 1 if a fragment was found, 0 if not found, negative on error. */ ++ ++ r = unit_file_find_path(lp, unit_name, fragment_path); ++ if (r != 0) ++ return r; /* error or found a real unit */ ++ ++ r = unit_name_template(unit_name, &_template); ++ if (r == -EINVAL) ++ return 0; /* not a template, does not exist */ ++ if (r < 0) ++ return log_error_errno(r, "Failed to determine template name: %m"); ++ ++ r = unit_file_find_path(lp, _template, fragment_path); ++ if (r < 0) ++ return r; ++ ++ if (template) { ++ *template = _template; ++ _template = NULL; ++ } ++ return r; ++} ++ + static int unit_find_paths( + sd_bus *bus, + const char *unit_name, +@@ -2561,29 +2594,18 @@ static int unit_find_paths( + return log_error_errno(r, "Failed to get DropInPaths: %s", bus_error_message(&error, r)); + } + } else { +- _cleanup_set_free_ Set *names; ++ _cleanup_set_free_ Set *names = NULL; + _cleanup_free_ char *template = NULL; + + names = set_new(NULL); + if (!names) + return log_oom(); + +- r = unit_file_find_path(lp, unit_name, &path); ++ r = unit_find_template_path(unit_name, lp, &path, &template); + if (r < 0) + return r; + +- if (r == 0) { +- r = unit_name_template(unit_name, &template); +- if (r < 0 && r != -EINVAL) +- return log_error_errno(r, "Failed to determine template name: %m"); +- if (r >= 0) { +- r = unit_file_find_path(lp, template, &path); +- if (r < 0) +- return r; +- } +- } +- +- if (path) ++ if (r > 0) + /* We found the unit file. If we followed symlinks, this name might be + * different then the unit_name with started with. Look for dropins matching + * that "final" name. */ +@@ -6084,7 +6106,7 @@ static int normalize_names(char **names, bool warn_if_path) { + return 0; + } + +-static int unit_exists(const char *unit) { ++static int unit_exists(LookupPaths *lp, const char *unit) { + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_free_ char *path = NULL; +@@ -6097,6 +6119,9 @@ static int unit_exists(const char *unit) { + sd_bus *bus; + int r; + ++ if (unit_name_is_valid(unit, UNIT_NAME_TEMPLATE)) ++ return unit_find_template_path(unit, lp, NULL, NULL); ++ + path = unit_dbus_path_from_name(unit); + if (!path) + return log_oom(); +@@ -6202,9 +6227,14 @@ static int enable_unit(int argc, char *argv[], void *userdata) { + + if (STR_IN_SET(verb, "mask", "unmask")) { + char **name; ++ _cleanup_lookup_paths_free_ LookupPaths lp = {}; ++ ++ r = lookup_paths_init(&lp, arg_scope, 0, arg_root); ++ if (r < 0) ++ return r; + + STRV_FOREACH(name, names) { +- r = unit_exists(*name); ++ r = unit_exists(&lp, *name); + if (r < 0) + return r; + if (r == 0) diff --git a/0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch b/0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch new file mode 100644 index 0000000..6018a52 --- /dev/null +++ b/0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch @@ -0,0 +1,30 @@ +From 18647aa3d8f3ef8033cba55384d297d7ef8f3d9c Mon Sep 17 00:00:00 2001 +From: juga0 +Date: Tue, 5 Sep 2017 10:26:32 +0000 +Subject: [PATCH] networkd: send dhcp option NTP when UseNTP is true (#6726) + +(cherry picked from commit ead36ce651955999e7cf1f6167aa0065f8cd5f3f) +--- + src/network/networkd-dhcp4.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c +index 77771688e1..84a25b1a03 100644 +--- a/src/network/networkd-dhcp4.c ++++ b/src/network/networkd-dhcp4.c +@@ -635,10 +635,11 @@ int dhcp4_configure(Link *link) { + return r; + } + +- /* Always acquire the timezone and NTP */ +- r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NTP_SERVER); +- if (r < 0) +- return r; ++ if (link->network->dhcp_use_ntp) { ++ r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NTP_SERVER); ++ if (r < 0) ++ return r; ++ } + + r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE); + if (r < 0) diff --git a/0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch b/0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch new file mode 100644 index 0000000..d223ad7 --- /dev/null +++ b/0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch @@ -0,0 +1,30 @@ +From 63f2647249e5d55e6ae62c484d70690aedd41a41 Mon Sep 17 00:00:00 2001 +From: juga0 +Date: Wed, 6 Sep 2017 08:10:50 +0000 +Subject: [PATCH] networkd: send dhcp timezone option when UseTimezone is true + (#6725) + +(cherry picked from commit 89573b3728fc14033b99fc69f3f6181be9c8c6be) +--- + src/network/networkd-dhcp4.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c +index 84a25b1a03..546c90b6bb 100644 +--- a/src/network/networkd-dhcp4.c ++++ b/src/network/networkd-dhcp4.c +@@ -641,9 +641,11 @@ int dhcp4_configure(Link *link) { + return r; + } + +- r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE); +- if (r < 0) +- return r; ++ if (link->network->dhcp_use_timezone) { ++ r = sd_dhcp_client_set_request_option(link->dhcp_client, SD_DHCP_OPTION_NEW_TZDB_TIMEZONE); ++ if (r < 0) ++ return r; ++ } + + r = dhcp4_set_hostname(link); + if (r < 0) diff --git a/0056-journalctl-honor-quiet-when-vacuuming-6771.patch b/0056-journalctl-honor-quiet-when-vacuuming-6771.patch new file mode 100644 index 0000000..3679f5d --- /dev/null +++ b/0056-journalctl-honor-quiet-when-vacuuming-6771.patch @@ -0,0 +1,28 @@ +From b2403e6ea4cd04e3624d4ae4f7f2d7dde98f23dd Mon Sep 17 00:00:00 2001 +From: Kai-Heng Feng +Date: Fri, 8 Sep 2017 20:25:44 +0800 +Subject: [PATCH] journalctl: honor --quiet when vacuuming (#6771) + +'journalctl --vacuum-*' does not suppress output message with --quiet. + +Let journal_directory_vacuum honors --quiet to fix the problem. + +BugLink: https://bugs.launchpad.net/bugs/1692188 +(cherry picked from commit e3695e499a54071aa5fa3b79bdbff0be2c528204) +--- + src/journal/journalctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index 2313c8c678..1bb4d89159 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -2170,7 +2170,7 @@ int main(int argc, char *argv[]) { + if (d->is_root) + continue; + +- q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, true); ++ q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, !arg_quiet); + if (q < 0) { + log_error_errno(q, "Failed to vacuum %s: %m", d->path); + r = q; diff --git a/0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch b/0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch new file mode 100644 index 0000000..3280b15 --- /dev/null +++ b/0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch @@ -0,0 +1,45 @@ +From 21879b710e669f9965650bcafa8d504e617fd7ee Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 8 Sep 2017 15:41:44 +0200 +Subject: [PATCH] manager: when reexecuting try to connect to bus only when + dbus.service is around (#6773) + +Trying to connect otherwise is pointless, because if socket isn't around +we won't connect. However, when dbus.socket is present we attempt to +connect. That attempt can't succeed because we are then supposed +to activate dbus.service as a response to connection from +us. This results in deadlock. + +Fixes #6303 + +(cherry picked from commit 5463fa0a88f95d2002858592578f9bf4e0d2660a) +--- + src/core/manager.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 283720750f..482eab0f19 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -880,15 +880,19 @@ static int manager_setup_user_lookup_fd(Manager *m) { + + static int manager_connect_bus(Manager *m, bool reexecuting) { + bool try_bus_connect; ++ Unit *u = NULL; + + assert(m); + + if (m->test_run) + return 0; + ++ u = manager_get_unit(m, SPECIAL_DBUS_SERVICE); ++ + try_bus_connect = +- reexecuting || +- (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS")); ++ (u && UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) && ++ (reexecuting || ++ (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS"))); + + /* Try to connect to the buses, if possible. */ + return bus_init(m, try_bus_connect); diff --git a/0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch b/0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch new file mode 100644 index 0000000..dfc045e --- /dev/null +++ b/0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch @@ -0,0 +1,28 @@ +From ab76f797e85ba755f02db58f18b455c46dfed12a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 8 Sep 2017 17:34:11 +0200 +Subject: [PATCH] efivars: don't crash when somebody wants to remove an efi + variable + +This corrects b3c908b4a230c5cca0dcdd7e94d02ec54a298abf by allowing a +NULL value again for variable deletion. + +Fixes: #6753 +(cherry picked from commit e1e26566ec60aa66a3c21682322ebc376df609b2) +--- + src/shared/efivars.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/efivars.c b/src/shared/efivars.c +index 8229e6b183..2503346610 100644 +--- a/src/shared/efivars.c ++++ b/src/shared/efivars.c +@@ -269,7 +269,7 @@ int efi_set_variable( + _cleanup_close_ int fd = -1; + + assert(name); +- assert(value); ++ assert(value || size == 0); + + if (asprintf(&p, + "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", diff --git a/0059-util-make-get_block_device-available.patch b/0059-util-make-get_block_device-available.patch new file mode 100644 index 0000000..adb7cca --- /dev/null +++ b/0059-util-make-get_block_device-available.patch @@ -0,0 +1,310 @@ +From cd7bcbfad5c1319f8c7a9f74c2649ace096f6e2a Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Wed, 13 Sep 2017 11:47:15 +0200 +Subject: [PATCH] util: make get_block_device() available + +(cherry picked from commit c43b2b9c71e6e5f9af90ca178674d248acb0b9fc) +--- + src/basic/util.c | 131 ++++++++++++++++++++++++++++ + src/basic/util.h | 3 + + src/gpt-auto-generator/gpt-auto-generator.c | 130 --------------------------- + 3 files changed, 134 insertions(+), 130 deletions(-) + +diff --git a/src/basic/util.c b/src/basic/util.c +index b52a5db31b..6cbb58bdea 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -34,6 +34,7 @@ + #include + + #include "alloc-util.h" ++#include "btrfs-util.h" + #include "build.h" + #include "cgroup-util.h" + #include "def.h" +@@ -719,3 +720,133 @@ int version(void) { + SYSTEMD_FEATURES); + return 0; + } ++ ++int get_block_device(const char *path, dev_t *dev) { ++ struct stat st; ++ struct statfs sfs; ++ ++ assert(path); ++ assert(dev); ++ ++ /* Get's the block device directly backing a file system. If ++ * the block device is encrypted, returns the device mapper ++ * block device. */ ++ ++ if (lstat(path, &st)) ++ return -errno; ++ ++ if (major(st.st_dev) != 0) { ++ *dev = st.st_dev; ++ return 1; ++ } ++ ++ if (statfs(path, &sfs) < 0) ++ return -errno; ++ ++ if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC)) ++ return btrfs_get_block_device(path, dev); ++ ++ return 0; ++} ++ ++int get_block_device_harder(const char *path, dev_t *dev) { ++ _cleanup_closedir_ DIR *d = NULL; ++ _cleanup_free_ char *p = NULL, *t = NULL; ++ struct dirent *de, *found = NULL; ++ const char *q; ++ unsigned maj, min; ++ dev_t dt; ++ int r; ++ ++ assert(path); ++ assert(dev); ++ ++ /* Gets the backing block device for a file system, and ++ * handles LUKS encrypted file systems, looking for its ++ * immediate parent, if there is one. */ ++ ++ r = get_block_device(path, &dt); ++ if (r <= 0) ++ return r; ++ ++ if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0) ++ return -ENOMEM; ++ ++ d = opendir(p); ++ if (!d) { ++ if (errno == ENOENT) ++ goto fallback; ++ ++ return -errno; ++ } ++ ++ FOREACH_DIRENT_ALL(de, d, return -errno) { ++ ++ if (dot_or_dot_dot(de->d_name)) ++ continue; ++ ++ if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN)) ++ continue; ++ ++ if (found) { ++ _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL; ++ ++ /* We found a device backed by multiple other devices. We don't really support automatic ++ * discovery on such setups, with the exception of dm-verity partitions. In this case there are ++ * two backing devices: the data partition and the hash partition. We are fine with such ++ * setups, however, only if both partitions are on the same physical device. Hence, let's ++ * verify this. */ ++ ++ u = strjoin(p, "/", de->d_name, "/../dev"); ++ if (!u) ++ return -ENOMEM; ++ ++ v = strjoin(p, "/", found->d_name, "/../dev"); ++ if (!v) ++ return -ENOMEM; ++ ++ r = read_one_line_file(u, &a); ++ if (r < 0) { ++ log_debug_errno(r, "Failed to read %s: %m", u); ++ goto fallback; ++ } ++ ++ r = read_one_line_file(v, &b); ++ if (r < 0) { ++ log_debug_errno(r, "Failed to read %s: %m", v); ++ goto fallback; ++ } ++ ++ /* Check if the parent device is the same. If not, then the two backing devices are on ++ * different physical devices, and we don't support that. */ ++ if (!streq(a, b)) ++ goto fallback; ++ } ++ ++ found = de; ++ } ++ ++ if (!found) ++ goto fallback; ++ ++ q = strjoina(p, "/", found->d_name, "/dev"); ++ ++ r = read_one_line_file(q, &t); ++ if (r == -ENOENT) ++ goto fallback; ++ if (r < 0) ++ return r; ++ ++ if (sscanf(t, "%u:%u", &maj, &min) != 2) ++ return -EINVAL; ++ ++ if (maj == 0) ++ goto fallback; ++ ++ *dev = makedev(maj, min); ++ return 1; ++ ++fallback: ++ *dev = dt; ++ return 1; ++} +diff --git a/src/basic/util.h b/src/basic/util.h +index c7da6c39bf..b31dfd1c92 100644 +--- a/src/basic/util.h ++++ b/src/basic/util.h +@@ -192,3 +192,6 @@ uint64_t system_tasks_max_scale(uint64_t v, uint64_t max); + int update_reboot_parameter_and_warn(const char *param); + + int version(void); ++ ++int get_block_device(const char *path, dev_t *dev); ++int get_block_device_harder(const char *path, dev_t *dev); +diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c +index a072242430..dc307ff585 100644 +--- a/src/gpt-auto-generator/gpt-auto-generator.c ++++ b/src/gpt-auto-generator/gpt-auto-generator.c +@@ -609,136 +609,6 @@ static int enumerate_partitions(dev_t devnum) { + return r; + } + +-static int get_block_device(const char *path, dev_t *dev) { +- struct stat st; +- struct statfs sfs; +- +- assert(path); +- assert(dev); +- +- /* Get's the block device directly backing a file system. If +- * the block device is encrypted, returns the device mapper +- * block device. */ +- +- if (lstat(path, &st)) +- return -errno; +- +- if (major(st.st_dev) != 0) { +- *dev = st.st_dev; +- return 1; +- } +- +- if (statfs(path, &sfs) < 0) +- return -errno; +- +- if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC)) +- return btrfs_get_block_device(path, dev); +- +- return 0; +-} +- +-static int get_block_device_harder(const char *path, dev_t *dev) { +- _cleanup_closedir_ DIR *d = NULL; +- _cleanup_free_ char *p = NULL, *t = NULL; +- struct dirent *de, *found = NULL; +- const char *q; +- unsigned maj, min; +- dev_t dt; +- int r; +- +- assert(path); +- assert(dev); +- +- /* Gets the backing block device for a file system, and +- * handles LUKS encrypted file systems, looking for its +- * immediate parent, if there is one. */ +- +- r = get_block_device(path, &dt); +- if (r <= 0) +- return r; +- +- if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0) +- return -ENOMEM; +- +- d = opendir(p); +- if (!d) { +- if (errno == ENOENT) +- goto fallback; +- +- return -errno; +- } +- +- FOREACH_DIRENT_ALL(de, d, return -errno) { +- +- if (dot_or_dot_dot(de->d_name)) +- continue; +- +- if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN)) +- continue; +- +- if (found) { +- _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL; +- +- /* We found a device backed by multiple other devices. We don't really support automatic +- * discovery on such setups, with the exception of dm-verity partitions. In this case there are +- * two backing devices: the data partition and the hash partition. We are fine with such +- * setups, however, only if both partitions are on the same physical device. Hence, let's +- * verify this. */ +- +- u = strjoin(p, "/", de->d_name, "/../dev"); +- if (!u) +- return -ENOMEM; +- +- v = strjoin(p, "/", found->d_name, "/../dev"); +- if (!v) +- return -ENOMEM; +- +- r = read_one_line_file(u, &a); +- if (r < 0) { +- log_debug_errno(r, "Failed to read %s: %m", u); +- goto fallback; +- } +- +- r = read_one_line_file(v, &b); +- if (r < 0) { +- log_debug_errno(r, "Failed to read %s: %m", v); +- goto fallback; +- } +- +- /* Check if the parent device is the same. If not, then the two backing devices are on +- * different physical devices, and we don't support that. */ +- if (!streq(a, b)) +- goto fallback; +- } +- +- found = de; +- } +- +- if (!found) +- goto fallback; +- +- q = strjoina(p, "/", found->d_name, "/dev"); +- +- r = read_one_line_file(q, &t); +- if (r == -ENOENT) +- goto fallback; +- if (r < 0) +- return r; +- +- if (sscanf(t, "%u:%u", &maj, &min) != 2) +- return -EINVAL; +- +- if (maj == 0) +- goto fallback; +- +- *dev = makedev(maj, min); +- return 1; +- +-fallback: +- *dev = dt; +- return 1; +-} +- + static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { + int r; + diff --git a/0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch b/0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch new file mode 100644 index 0000000..523680c --- /dev/null +++ b/0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch @@ -0,0 +1,51 @@ +From c86784ebf6a8dc572a52ac1322ae558c39e61d92 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Wed, 13 Sep 2017 11:04:17 +0200 +Subject: [PATCH] shutdown: don't be fooled when detaching DM devices with + BTRFS + +Otherwise we would try to detach the DM device hosting the rootfs with BTRFS +which is doomed to fail. + +(cherry picked from commit 33e8d8af1482fd94edf8a41462012468ba852687) +--- + src/core/umount.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/core/umount.c b/src/core/umount.c +index b83f631141..87c5aa9029 100644 +--- a/src/core/umount.c ++++ b/src/core/umount.c +@@ -517,22 +517,22 @@ static int loopback_points_list_detach(MountPoint **head, bool *changed) { + + static int dm_points_list_detach(MountPoint **head, bool *changed) { + MountPoint *m, *n; +- int n_failed = 0, k; +- struct stat root_st; ++ int n_failed = 0, r; ++ dev_t rootdev; + + assert(head); + +- k = lstat("/", &root_st); ++ r = get_block_device("/", &rootdev); ++ if (r <= 0) ++ rootdev = 0; + + LIST_FOREACH_SAFE(mount_point, m, n, *head) { +- int r; + +- if (k >= 0 && +- major(root_st.st_dev) != 0 && +- root_st.st_dev == m->devnum) { +- n_failed++; +- continue; +- } ++ if (major(rootdev) != 0) ++ if (rootdev == m->devnum) { ++ n_failed ++; ++ continue; ++ } + + log_info("Detaching DM %u:%u.", major(m->devnum), minor(m->devnum)); + r = delete_dm(m->devnum); diff --git a/0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch b/0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch new file mode 100644 index 0000000..bf2c4f4 --- /dev/null +++ b/0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch @@ -0,0 +1,62 @@ +From 7f4b159f88d8d3b932e24646b50e4bdcac885581 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 13 Sep 2017 19:08:26 +0200 +Subject: [PATCH] sd-bus: extend D-Bus authentication timeout considerably + (#6813) + +As it turns out the authentication phase times out too often than is +good, mostly due to PRNG pools not being populated during boot. Hence, +let's increase the authentication timeout from 25s to 90s, to cover for +that. + +(Note that we leave the D-Bus method call timeout at 25s, matching the +reference implementation's value. And if the auth phase managed to +complete then the pools should be populated enough and mehtod calls +shouldn't take needlessly long anymore). + +Fixes: #6418 +(cherry picked from commit 036d61b32e7e684a532904ec26a6ebaa1b850ab9) +--- + src/libsystemd/sd-bus/bus-internal.h | 6 ++++++ + src/libsystemd/sd-bus/bus-socket.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h +index 3575ea8cde..473f486c3d 100644 +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -27,6 +27,7 @@ + #include "bus-error.h" + #include "bus-kernel.h" + #include "bus-match.h" ++#include "def.h" + #include "hashmap.h" + #include "kdbus.h" + #include "list.h" +@@ -327,8 +328,13 @@ struct sd_bus { + LIST_HEAD(sd_bus_track, tracks); + }; + ++/* For method calls we time-out at 25s, like in the D-Bus reference implementation */ + #define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC)) + ++/* For the authentication phase we grant 90s, to provide extra room during boot, when RNGs and such are not filled up ++ * with enough entropy yet and might delay the boot */ ++#define BUS_AUTH_TIMEOUT ((usec_t) DEFAULT_TIMEOUT_USEC) ++ + #define BUS_WQUEUE_MAX (192*1024) + #define BUS_RQUEUE_MAX (192*1024) + +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index ab70a0c6e1..fa7dcbb888 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -661,7 +661,7 @@ int bus_socket_start_auth(sd_bus *b) { + bus_get_peercred(b); + + b->state = BUS_AUTHENTICATING; +- b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT; ++ b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_AUTH_TIMEOUT; + + if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0) + b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD; diff --git a/0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch b/0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch new file mode 100644 index 0000000..94e21c7 --- /dev/null +++ b/0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch @@ -0,0 +1,48 @@ +From eb877dacc9f98f646ff9509d6df5c71bd4a33a17 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 14 Sep 2017 18:26:10 +0200 +Subject: [PATCH] timer: don't use persietent file timestamps from the future + (#6823) + +Also, use the mtime rather than the atime of the timestamp file. While +the atime is not completely wrong, the mtime appears more appropriate +as that's what we actually explicitly change, and is not effected by +mere reading. + +Fixes: #6821 +(cherry picked from commit 77542a7905520f1d637912bf47bddb4855506e41) +--- + src/core/timer.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index 701949fd60..3032a237b1 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -614,9 +614,23 @@ static int timer_start(Unit *u) { + if (t->stamp_path) { + struct stat st; + +- if (stat(t->stamp_path, &st) >= 0) +- t->last_trigger.realtime = timespec_load(&st.st_atim); +- else if (errno == ENOENT) ++ if (stat(t->stamp_path, &st) >= 0) { ++ usec_t ft; ++ ++ /* Load the file timestamp, but only if it is actually in the past. If it is in the future, ++ * something is wrong with the system clock. */ ++ ++ ft = timespec_load(&st.st_mtim); ++ if (ft < now(CLOCK_REALTIME)) ++ t->last_trigger.realtime = ft; ++ else { ++ char z[FORMAT_TIMESTAMP_MAX]; ++ ++ log_unit_warning(u, "Not using persistent file timestamp %s as it is in the future.", ++ format_timestamp(z, sizeof(z), ft)); ++ } ++ ++ } else if (errno == ENOENT) + /* The timer has never run before, + * make sure a stamp file exists. + */ diff --git a/0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch b/0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch new file mode 100644 index 0000000..764cf5b --- /dev/null +++ b/0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch @@ -0,0 +1,46 @@ +From 760a486ff45797b65093c5f0550cc42bfd5d70aa Mon Sep 17 00:00:00 2001 +From: Felipe Sateler +Date: Thu, 14 Sep 2017 14:51:20 -0300 +Subject: [PATCH] shared: end string with % if one was found at the end of a + expandible string (#6828) + +Current behavior is that %X where X is an unidentified specifier, then the result is +the same %X string. This was not the case when the string ended with a stray %, where +the character would have not been output. Lets add that missing character. + +Fixes: #6374 +(cherry picked from commit 038492aed3e0293fd9cf4998fd891addb597b954) +--- + src/shared/specifier.c | 4 ++++ + src/test/test-unit-name.c | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/shared/specifier.c b/src/shared/specifier.c +index 1c17eb5251..81379041cc 100644 +--- a/src/shared/specifier.c ++++ b/src/shared/specifier.c +@@ -107,6 +107,10 @@ int specifier_printf(const char *text, const Specifier table[], void *userdata, + *(t++) = *f; + } + ++ /* if string ended with a stray %, also end with % */ ++ if (percent) ++ *(t++) = '%'; ++ + *t = 0; + *_ret = ret; + return 0; +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 2fd83f321c..2af90c69ee 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -237,7 +237,8 @@ static int test_unit_printf(void) { + /* general tests */ + expect(u, "%%", "%"); + expect(u, "%%s", "%s"); +- expect(u, "%", ""); // REALLY? ++ expect(u, "%,", "%,"); ++ expect(u, "%", "%"); + + /* normal unit */ + expect(u, "%n", "blah.service"); diff --git a/0064-build-sys-bump-xslt-maxdepth-limit-6863.patch b/0064-build-sys-bump-xslt-maxdepth-limit-6863.patch new file mode 100644 index 0000000..5d6d1e6 --- /dev/null +++ b/0064-build-sys-bump-xslt-maxdepth-limit-6863.patch @@ -0,0 +1,25 @@ +From bd69342ded37a30850de4c85cbc709aaecfee396 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 19 Sep 2017 08:04:02 +0200 +Subject: [PATCH] build-sys: bump xslt maxdepth limit (#6863) + +With libxslt-1.30, builds were failing on some recursion depth limit +with systemd.index.xml. Bumping the limit fixes the issue. + +(cherry picked from commit f2adcd22d5d5498f1a00fdc303f71e7198b238ab) +--- + man/meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/man/meson.build b/man/meson.build +index 4f2ddad31a..c9fa91589a 100644 +--- a/man/meson.build ++++ b/man/meson.build +@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found() + xsltproc_flags = [ + '--nonet', + '--xinclude', ++ '--maxdepth', '9000', + '--stringparam', 'man.output.quietly', '1', + '--stringparam', 'funcsynopsis.style', 'ansi', + '--stringparam', 'man.authors.section.enabled', '0', diff --git a/0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch b/0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch new file mode 100644 index 0000000..8aacc18 --- /dev/null +++ b/0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch @@ -0,0 +1,175 @@ +From 7c4392650657a5ef264c4b1e2c55d5051b60fb30 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 22 Sep 2017 17:55:53 +0200 +Subject: [PATCH] fileio: add new helper call read_line() as bounded getline() + replacement + +read_line() is much like getline(), and returns a line read from a +FILE*, of arbitrary sizes. In contrast to gets() it will grow the buffer +dynamically, and in contrast to getline() it will place a user-specified +boundary on the line. + +(cherry picked from commit 4f9a66a32dda1d9a28f9bb3fa31c2148524bc46a) +--- + src/basic/fileio.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++ + src/basic/fileio.h | 2 ++ + src/test/test-fileio.c | 44 +++++++++++++++++++++++++++++ + 3 files changed, 123 insertions(+) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 9a185e3e60..db5897c360 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -1497,3 +1497,80 @@ int mkdtemp_malloc(const char *template, char **ret) { + *ret = p; + return 0; + } ++ ++int read_line(FILE *f, size_t limit, char **ret) { ++ _cleanup_free_ char *buffer = NULL; ++ size_t n = 0, allocated = 0, count = 0; ++ int r; ++ ++ assert(f); ++ ++ /* Something like a bounded version of getline(). ++ * ++ * Considers EOF, \n and \0 end of line delimiters, and does not include these delimiters in the string ++ * returned. ++ * ++ * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from ++ * the number of characters in the returned string). When EOF is hit, 0 is returned. ++ * ++ * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding ++ * delimiters. If the limit is hit we fail and return -ENOBUFS. ++ * ++ * If a line shall be skipped ret may be initialized as NULL. */ ++ ++ if (ret) { ++ if (!GREEDY_REALLOC(buffer, allocated, 1)) ++ return -ENOMEM; ++ } ++ ++ flockfile(f); ++ ++ for (;;) { ++ int c; ++ ++ if (n >= limit) { ++ funlockfile(f); ++ return -ENOBUFS; ++ } ++ ++ errno = 0; ++ c = fgetc_unlocked(f); ++ if (c == EOF) { ++ /* if we read an error, and have no data to return, then propagate the error */ ++ if (ferror_unlocked(f) && n == 0) { ++ r = errno > 0 ? -errno : -EIO; ++ funlockfile(f); ++ return r; ++ } ++ ++ break; ++ } ++ ++ count++; ++ ++ if (IN_SET(c, '\n', 0)) /* Reached a delimiter */ ++ break; ++ ++ if (ret) { ++ if (!GREEDY_REALLOC(buffer, allocated, n + 2)) { ++ funlockfile(f); ++ return -ENOMEM; ++ } ++ ++ buffer[n] = (char) c; ++ } ++ ++ n++; ++ } ++ ++ funlockfile(f); ++ ++ if (ret) { ++ buffer[n] = 0; ++ ++ *ret = buffer; ++ buffer = NULL; ++ } ++ ++ return (int) count; ++} +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 6098562265..2674148efe 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -99,3 +99,5 @@ int link_tmpfile(int fd, const char *path, const char *target); + int read_nul_string(FILE *f, char **ret); + + int mkdtemp_malloc(const char *template, char **ret); ++ ++int read_line(FILE *f, size_t limit, char **ret); +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index b1d688c89e..375b7a8910 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -663,6 +663,49 @@ static void test_tempfn(void) { + free(ret); + } + ++static void test_read_line(void) { ++ _cleanup_fclose_ FILE *f = NULL; ++ _cleanup_free_ char *line = NULL; ++ ++ char buffer[] = ++ "Some test data\n" ++ "With newlines, and a NUL byte\0" ++ "\n" ++ "an empty line\n" ++ "an ignored line\n" ++ "and a very long line that is supposed to be truncated, because it is so long\n"; ++ ++ f = fmemopen(buffer, sizeof(buffer), "re"); ++ assert_se(f); ++ ++ assert_se(read_line(f, (size_t) -1, &line) == 15 && streq(line, "Some test data")); ++ line = mfree(line); ++ ++ assert_se(read_line(f, 1024, &line) == 30 && streq(line, "With newlines, and a NUL byte")); ++ line = mfree(line); ++ ++ assert_se(read_line(f, 1024, &line) == 1 && streq(line, "")); ++ line = mfree(line); ++ ++ assert_se(read_line(f, 1024, &line) == 14 && streq(line, "an empty line")); ++ line = mfree(line); ++ ++ assert_se(read_line(f, (size_t) -1, NULL) == 16); ++ ++ assert_se(read_line(f, 16, &line) == -ENOBUFS); ++ line = mfree(line); ++ ++ /* read_line() stopped when it hit the limit, that means when we continue reading we'll read at the first ++ * character after the previous limit. Let's make use of tha to continue our test. */ ++ assert_se(read_line(f, 1024, &line) == 61 && streq(line, "line that is supposed to be truncated, because it is so long")); ++ line = mfree(line); ++ ++ assert_se(read_line(f, 1024, &line) == 1 && streq(line, "")); ++ line = mfree(line); ++ ++ assert_se(read_line(f, 1024, &line) == 0 && streq(line, "")); ++} ++ + int main(int argc, char *argv[]) { + log_set_max_level(LOG_DEBUG); + log_parse_environment(); +@@ -684,6 +727,7 @@ int main(int argc, char *argv[]) { + test_search_and_fopen_nulstr(); + test_writing_tmpfile(); + test_tempfn(); ++ test_read_line(); + + return 0; + } diff --git a/0066-def-add-new-constant-LONG_LINE_MAX.patch b/0066-def-add-new-constant-LONG_LINE_MAX.patch new file mode 100644 index 0000000..fa58bf4 --- /dev/null +++ b/0066-def-add-new-constant-LONG_LINE_MAX.patch @@ -0,0 +1,26 @@ +From 8eda468cb9445e5a9e2505d47fc5b15eae453a0a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 22 Sep 2017 20:23:58 +0200 +Subject: [PATCH] def: add new constant LONG_LINE_MAX + +LONG_LINE_MAX is much like LINE_MAX, but longer. + +As it turns out LINE_MAX at 4096 is too short for many usecases. Since +the general concept of having a common maximum line length limit makes +sense let's add our own, and make it larger (1MB for now). + +(cherry picked from commit 189912440f6545404e84b3cd1d6ca54f1057e3e6) +--- + src/basic/def.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/basic/def.h b/src/basic/def.h +index b1a3bc190b..e2d91519ba 100644 +--- a/src/basic/def.h ++++ b/src/basic/def.h +@@ -86,3 +86,5 @@ + "/usr/local/lib/" n "\0" \ + "/usr/lib/" n "\0" \ + _CONF_PATHS_SPLIT_USR(n) ++ ++#define LONG_LINE_MAX (1U*1024U*1024U) diff --git a/0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch b/0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch new file mode 100644 index 0000000..cc5938d --- /dev/null +++ b/0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch @@ -0,0 +1,53 @@ +From 773fe149cec50517ff1ed113c802c4e1a047a3e4 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 22 Sep 2017 18:01:32 +0200 +Subject: [PATCH] fileio: rework read_one_line_file() on top of read_line() + +(cherry picked from commit f4b51a2d092685c9a080e84130fec2d74c834f5c) +--- + src/basic/fileio.c | 18 ++---------------- + 1 file changed, 2 insertions(+), 16 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index db5897c360..c66b7b814e 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -30,6 +30,7 @@ + + #include "alloc-util.h" + #include "ctype.h" ++#include "def.h" + #include "env-util.h" + #include "escape.h" + #include "fd-util.h" +@@ -163,7 +164,6 @@ fail: + + int read_one_line_file(const char *fn, char **line) { + _cleanup_fclose_ FILE *f = NULL; +- char t[LINE_MAX], *c; + + assert(fn); + assert(line); +@@ -172,21 +172,7 @@ int read_one_line_file(const char *fn, char **line) { + if (!f) + return -errno; + +- if (!fgets(t, sizeof(t), f)) { +- +- if (ferror(f)) +- return errno > 0 ? -errno : -EIO; +- +- t[0] = 0; +- } +- +- c = strdup(t); +- if (!c) +- return -ENOMEM; +- truncate_nl(c); +- +- *line = c; +- return 0; ++ return read_line(f, LONG_LINE_MAX, line); + } + + int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { diff --git a/0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch b/0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch new file mode 100644 index 0000000..802fa57 --- /dev/null +++ b/0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch @@ -0,0 +1,31 @@ +From f4037dc520045b4779cf8589bd75ced2d343c215 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 22 Sep 2017 18:25:45 +0200 +Subject: [PATCH] cgroup-util: replace one use of fgets() by read_line() + +(cherry picked from commit 2351e44d3ed57b7a48b9e544a59c3b797ac4d216) +--- + src/basic/cgroup-util.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 6344372610..9148a7b1ab 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2326,7 +2326,6 @@ int cg_mask_supported(CGroupMask *ret) { + + int cg_kernel_controllers(Set *controllers) { + _cleanup_fclose_ FILE *f = NULL; +- char buf[LINE_MAX]; + int r; + + assert(controllers); +@@ -2344,7 +2343,7 @@ int cg_kernel_controllers(Set *controllers) { + } + + /* Ignore the header line */ +- (void) fgets(buf, sizeof(buf), f); ++ (void) read_line(f, (size_t) -1, NULL); + + for (;;) { + char *controller; diff --git a/0069-test-conf-parser-add-some-basic-tests-for-config_par.patch b/0069-test-conf-parser-add-some-basic-tests-for-config_par.patch new file mode 100644 index 0000000..9ca1f3e --- /dev/null +++ b/0069-test-conf-parser-add-some-basic-tests-for-config_par.patch @@ -0,0 +1,128 @@ +From 663be46f39f6c6e51b035683b304671eaffdafe8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 21 Sep 2017 14:24:01 +0200 +Subject: [PATCH] test-conf-parser: add some basic tests for config_parse() + +This function is pretty important, but we weren't calling it directly +even once in tests. + +v2: add a few tests for escaping and line continuations +(cherry picked from commit e3f46367f577f8bd4b3a62ea0149bdcb112da573) +--- + src/test/test-conf-parser.c | 89 +++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 89 insertions(+) + +diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c +index 77fcbc0dd3..81db9d1bd7 100644 +--- a/src/test/test-conf-parser.c ++++ b/src/test/test-conf-parser.c +@@ -18,6 +18,8 @@ + ***/ + + #include "conf-parser.h" ++#include "fd-util.h" ++#include "fileio.h" + #include "log.h" + #include "macro.h" + #include "string-util.h" +@@ -227,7 +229,91 @@ static void test_config_parse_iec_uint64(void) { + assert_se(config_parse_iec_uint64(NULL, "/this/file", 11, "Section", 22, "Size", 0, "4.5M", &offset, NULL) == 0); + } + ++static const char* const config_file[] = { ++ "[Section]\n" ++ "setting1=1\n", ++ ++ "[Section]\n" ++ "setting1=1", /* no terminating newline */ ++ ++ "\n\n\n\n[Section]\n\n\n" ++ "setting1=1", /* some whitespace, no terminating newline */ ++ ++ "[Section]\n" ++ "[Section]\n" ++ "setting1=1\n" ++ "setting1=2\n" ++ "setting1=1\n", /* repeated settings */ ++ ++ "[Section]\n" ++ "setting1=1\\\n" /* normal continuation */ ++ "2\\\n" ++ "3\n", ++ ++ "[Section]\n" ++ "setting1=1\\\\\\\n" /* continuation with trailing escape symbols */ ++ "\\\\2\n", /* note that C requires one level of escaping, so the ++ * parser gets "…1 BS BS BS NL BS BS 2 NL", which ++ * it translates into "…1 BS BS SP BS BS 2" */ ++}; ++ ++static void test_config_parse(unsigned i, const char *s) { ++ char name[] = "/tmp/test-conf-parser.XXXXXX"; ++ int fd, r; ++ _cleanup_fclose_ FILE *f = NULL; ++ _cleanup_free_ char *setting1 = NULL; ++ ++ const ConfigTableItem items[] = { ++ { "Section", "setting1", config_parse_string, 0, &setting1}, ++ {} ++ }; ++ ++ log_info("== %s[%i] ==", __func__, i); ++ ++ fd = mkostemp_safe(name); ++ assert_se(fd >= 0); ++ assert_se((size_t) write(fd, s, strlen(s)) == strlen(s)); ++ ++ assert_se(lseek(fd, 0, SEEK_SET) == 0); ++ assert_se(f = fdopen(fd, "r")); ++ ++ /* ++ int config_parse(const char *unit, ++ const char *filename, ++ FILE *f, ++ const char *sections, ++ ConfigItemLookup lookup, ++ const void *table, ++ bool relaxed, ++ bool allow_include, ++ bool warn, ++ void *userdata) ++ */ ++ ++ r = config_parse(NULL, name, f, ++ "Section\0", ++ config_item_table_lookup, items, ++ false, false, true, NULL); ++ assert_se(r == 0); ++ ++ switch (i) { ++ case 0 ... 3: ++ assert_se(streq(setting1, "1")); ++ break; ++ ++ case 4: ++ assert_se(streq(setting1, "1 2 3")); ++ break; ++ ++ case 5: ++ assert_se(streq(setting1, "1\\\\ \\\\2")); ++ break; ++ } ++} ++ + int main(int argc, char **argv) { ++ unsigned i; ++ + log_parse_environment(); + log_open(); + +@@ -244,5 +330,8 @@ int main(int argc, char **argv) { + test_config_parse_nsec(); + test_config_parse_iec_uint64(); + ++ for (i = 0; i < ELEMENTSOF(config_file); i++) ++ test_config_parse(i, config_file[i]); ++ + return 0; + } diff --git a/0070-conf-parse-remove-4K-line-length-limit.patch b/0070-conf-parse-remove-4K-line-length-limit.patch new file mode 100644 index 0000000..ba709a3 --- /dev/null +++ b/0070-conf-parse-remove-4K-line-length-limit.patch @@ -0,0 +1,93 @@ +From 032ba8cf22cc58b801d747c4063fcfe2364772de Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 22 Sep 2017 18:26:35 +0200 +Subject: [PATCH] conf-parse: remove 4K line length limit + +Let's use read_line() to solve our long line limitation. + +Fixes #3302. + +(cherry picked from commit e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af) +--- + src/shared/conf-parser.c | 43 ++++++++++++++++++++++++++++++++----------- + 1 file changed, 32 insertions(+), 11 deletions(-) + +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index e08402e3d2..57bc8e3036 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -28,8 +28,10 @@ + #include "alloc-util.h" + #include "conf-files.h" + #include "conf-parser.h" ++#include "def.h" + #include "extract-word.h" + #include "fd-util.h" ++#include "fileio.h" + #include "fs-util.h" + #include "log.h" + #include "macro.h" +@@ -316,24 +318,44 @@ int config_parse(const char *unit, + fd_warn_permissions(filename, fileno(f)); + + for (;;) { +- char buf[LINE_MAX], *l, *p, *c = NULL, *e; ++ _cleanup_free_ char *buf = NULL; ++ char *l, *p, *c = NULL, *e; + bool escaped = false; + +- if (!fgets(buf, sizeof buf, f)) { +- if (feof(f)) +- break; ++ r = read_line(f, LONG_LINE_MAX, &buf); ++ if (r == 0) ++ break; ++ if (r == -ENOBUFS) { ++ if (warn) ++ log_error_errno(r, "%s:%u: Line too long", filename, line); + +- return log_error_errno(errno, "Failed to read configuration file '%s': %m", filename); ++ return r; ++ } ++ if (r < 0) { ++ if (warn) ++ log_error_errno(r, "%s:%u: Error while reading configuration file: %m", filename, line); ++ ++ return r; + } + + l = buf; +- if (allow_bom && startswith(l, UTF8_BYTE_ORDER_MARK)) +- l += strlen(UTF8_BYTE_ORDER_MARK); +- allow_bom = false; ++ if (allow_bom) { ++ char *q; + +- truncate_nl(l); ++ q = startswith(buf, UTF8_BYTE_ORDER_MARK); ++ if (q) { ++ l = q; ++ allow_bom = false; ++ } ++ } + + if (continuation) { ++ if (strlen(continuation) + strlen(l) > LONG_LINE_MAX) { ++ if (warn) ++ log_error("%s:%u: Continuation line too long", filename, line); ++ return -ENOBUFS; ++ } ++ + c = strappend(continuation, l); + if (!c) { + if (warn) +@@ -387,8 +409,7 @@ int config_parse(const char *unit, + + if (r < 0) { + if (warn) +- log_warning_errno(r, "Failed to parse file '%s': %m", +- filename); ++ log_warning_errno(r, "%s:%u: Failed to parse file: %m", filename, line); + return r; + } + } diff --git a/0071-fileio-use-_cleanup_-for-FILE-unlocking.patch b/0071-fileio-use-_cleanup_-for-FILE-unlocking.patch new file mode 100644 index 0000000..23a0b46 --- /dev/null +++ b/0071-fileio-use-_cleanup_-for-FILE-unlocking.patch @@ -0,0 +1,101 @@ +From 2269f63e3bee44993cf57843d83369b03bec1d6a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 23 Sep 2017 10:48:09 +0200 +Subject: [PATCH] fileio: use _cleanup_ for FILE unlocking + +(cherry picked from commit f858e5148e4f36335555dfaac812197ebd3ef036) +--- + src/basic/fileio.c | 57 ++++++++++++++++++++++++++---------------------------- + 1 file changed, 27 insertions(+), 30 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index c66b7b814e..36cb0edaf4 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -1484,10 +1484,13 @@ int mkdtemp_malloc(const char *template, char **ret) { + return 0; + } + ++static inline void funlockfilep(FILE **f) { ++ funlockfile(*f); ++} ++ + int read_line(FILE *f, size_t limit, char **ret) { + _cleanup_free_ char *buffer = NULL; + size_t n = 0, allocated = 0, count = 0; +- int r; + + assert(f); + +@@ -1509,48 +1512,42 @@ int read_line(FILE *f, size_t limit, char **ret) { + return -ENOMEM; + } + +- flockfile(f); ++ { ++ _cleanup_(funlockfilep) FILE *flocked = f; ++ flockfile(f); + +- for (;;) { +- int c; ++ for (;;) { ++ int c; + +- if (n >= limit) { +- funlockfile(f); +- return -ENOBUFS; +- } ++ if (n >= limit) ++ return -ENOBUFS; ++ ++ errno = 0; ++ c = fgetc_unlocked(f); ++ if (c == EOF) { ++ /* if we read an error, and have no data to return, then propagate the error */ ++ if (ferror_unlocked(f) && n == 0) ++ return errno > 0 ? -errno : -EIO; + +- errno = 0; +- c = fgetc_unlocked(f); +- if (c == EOF) { +- /* if we read an error, and have no data to return, then propagate the error */ +- if (ferror_unlocked(f) && n == 0) { +- r = errno > 0 ? -errno : -EIO; +- funlockfile(f); +- return r; ++ break; + } + +- break; +- } ++ count++; + +- count++; ++ if (IN_SET(c, '\n', 0)) /* Reached a delimiter */ ++ break; + +- if (IN_SET(c, '\n', 0)) /* Reached a delimiter */ +- break; ++ if (ret) { ++ if (!GREEDY_REALLOC(buffer, allocated, n + 2)) ++ return -ENOMEM; + +- if (ret) { +- if (!GREEDY_REALLOC(buffer, allocated, n + 2)) { +- funlockfile(f); +- return -ENOMEM; ++ buffer[n] = (char) c; + } + +- buffer[n] = (char) c; ++ n++; + } +- +- n++; + } + +- funlockfile(f); +- + if (ret) { + buffer[n] = 0; + diff --git a/0072-test-conf-parser-use-_cleanup_.patch b/0072-test-conf-parser-use-_cleanup_.patch new file mode 100644 index 0000000..2ed9602 --- /dev/null +++ b/0072-test-conf-parser-use-_cleanup_.patch @@ -0,0 +1,42 @@ +From f365f6b194f4335e77f6c0f54b88b831c99a0f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 21 Sep 2017 12:02:49 +0200 +Subject: [PATCH] test-conf-parser: use _cleanup_ + +(cherry picked from commit a12807aaeaf20ff9507cf2c1e338d5c16d528a1e) +--- + src/test/test-conf-parser.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c +index 81db9d1bd7..cd538f0d40 100644 +--- a/src/test/test-conf-parser.c ++++ b/src/test/test-conf-parser.c +@@ -27,12 +27,10 @@ + #include "util.h" + + static void test_config_parse_path_one(const char *rvalue, const char *expected) { +- char *path = NULL; ++ _cleanup_free_ char *path = NULL; + + assert_se(config_parse_path("unit", "filename", 1, "section", 1, "lvalue", 0, rvalue, &path, NULL) >= 0); + assert_se(streq_ptr(expected, path)); +- +- free(path); + } + + static void test_config_parse_log_level_one(const char *rvalue, int expected) { +@@ -78,12 +76,10 @@ static void test_config_parse_unsigned_one(const char *rvalue, unsigned expected + } + + static void test_config_parse_strv_one(const char *rvalue, char **expected) { +- char **strv = 0; ++ _cleanup_strv_free_ char **strv = NULL; + + assert_se(config_parse_strv("unit", "filename", 1, "section", 1, "lvalue", 0, rvalue, &strv, NULL) >= 0); + assert_se(strv_equal(expected, strv)); +- +- strv_free(strv); + } + + static void test_config_parse_mode_one(const char *rvalue, mode_t expected) { diff --git a/0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch b/0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch new file mode 100644 index 0000000..4d9a2e6 --- /dev/null +++ b/0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch @@ -0,0 +1,90 @@ +From fd59e9d550fd944b4b629342c080c92703e7ef0d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 21 Sep 2017 14:36:12 +0200 +Subject: [PATCH] test-conf-parser: add tests for the new long lines, including + overflow handling + +(cherry picked from commit 8f313f4febb4df13279aaae86c846bbb142a5a39) +--- + src/test/test-conf-parser.c | 41 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 40 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-conf-parser.c b/src/test/test-conf-parser.c +index cd538f0d40..7a7de98bec 100644 +--- a/src/test/test-conf-parser.c ++++ b/src/test/test-conf-parser.c +@@ -225,6 +225,10 @@ static void test_config_parse_iec_uint64(void) { + assert_se(config_parse_iec_uint64(NULL, "/this/file", 11, "Section", 22, "Size", 0, "4.5M", &offset, NULL) == 0); + } + ++#define x10(x) x x x x x x x x x x ++#define x100(x) x10(x10(x)) ++#define x1000(x) x10(x100(x)) ++ + static const char* const config_file[] = { + "[Section]\n" + "setting1=1\n", +@@ -251,6 +255,24 @@ static const char* const config_file[] = { + "\\\\2\n", /* note that C requires one level of escaping, so the + * parser gets "…1 BS BS BS NL BS BS 2 NL", which + * it translates into "…1 BS BS SP BS BS 2" */ ++ ++ "\n[Section]\n\n" ++ "setting1=" /* a line above LINE_MAX length */ ++ x1000("ABCD") ++ "\n", ++ ++ "[Section]\n" ++ "setting1=" /* a line above LINE_MAX length, with continuation */ ++ x1000("ABCD") "\\\n" ++ "foobar", ++ ++ "[Section]\n" ++ "setting1=" /* a line above the allowed limit: 9 + 1050000 + 1 */ ++ x1000(x1000("x") x10("abcde")) "\n", ++ ++ "[Section]\n" ++ "setting1=" /* many continuation lines, together above the limit */ ++ x1000(x1000("x") x10("abcde") "\\\n") "xxx", + }; + + static void test_config_parse(unsigned i, const char *s) { +@@ -290,20 +312,37 @@ static void test_config_parse(unsigned i, const char *s) { + "Section\0", + config_item_table_lookup, items, + false, false, true, NULL); +- assert_se(r == 0); + + switch (i) { + case 0 ... 3: ++ assert_se(r == 0); + assert_se(streq(setting1, "1")); + break; + + case 4: ++ assert_se(r == 0); + assert_se(streq(setting1, "1 2 3")); + break; + + case 5: ++ assert_se(r == 0); + assert_se(streq(setting1, "1\\\\ \\\\2")); + break; ++ ++ case 6: ++ assert_se(r == 0); ++ assert_se(streq(setting1, x1000("ABCD"))); ++ break; ++ ++ case 7: ++ assert_se(r == 0); ++ assert_se(streq(setting1, x1000("ABCD") " foobar")); ++ break; ++ ++ case 8 ... 9: ++ assert_se(r == -ENOBUFS); ++ assert_se(setting1 == NULL); ++ break; + } + } + diff --git a/0074-test-fileio-close-two-leaked-file-handles.patch b/0074-test-fileio-close-two-leaked-file-handles.patch new file mode 100644 index 0000000..1a7d701 --- /dev/null +++ b/0074-test-fileio-close-two-leaked-file-handles.patch @@ -0,0 +1,32 @@ +From 8873d22603623b4d611b178dfd597ed16081375a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 24 Sep 2017 08:59:49 +0200 +Subject: [PATCH] test-fileio: close two leaked file handles + +(cherry picked from commit 9707d55213959bb171ea810d56e9226f5ffa5466) +--- + src/test/test-fileio.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index 375b7a8910..eebaa2c155 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -209,7 +209,7 @@ static void test_parse_multiline_env_file(void) { + static void test_merge_env_file(void) { + char t[] = "/tmp/test-fileio-XXXXXX"; + int fd, r; +- FILE *f; ++ _cleanup_fclose_ FILE *f = NULL; + _cleanup_strv_free_ char **a = NULL; + char **i; + +@@ -278,7 +278,7 @@ static void test_merge_env_file(void) { + static void test_merge_env_file_invalid(void) { + char t[] = "/tmp/test-fileio-XXXXXX"; + int fd, r; +- FILE *f; ++ _cleanup_fclose_ FILE *f = NULL; + _cleanup_strv_free_ char **a = NULL; + char **i; + diff --git a/0075-test-fileio-also-test-read_line-with-actual-files.patch b/0075-test-fileio-also-test-read_line-with-actual-files.patch new file mode 100644 index 0000000..80346da --- /dev/null +++ b/0075-test-fileio-also-test-read_line-with-actual-files.patch @@ -0,0 +1,104 @@ +From 0e1ae5aba8476602b3e69ac470e20a2efa0380a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 24 Sep 2017 09:10:48 +0200 +Subject: [PATCH] test-fileio: also test read_line() with actual files + +Just in case the real FILE and the one from fmemopen weren't exactly +the same. + +(cherry picked from commit 2c9de13912350f5887ccccdae9e1707512208053) +--- + src/test/test-fileio.c | 64 ++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 51 insertions(+), 13 deletions(-) + +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index eebaa2c155..7f22973157 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -663,21 +663,17 @@ static void test_tempfn(void) { + free(ret); + } + +-static void test_read_line(void) { +- _cleanup_fclose_ FILE *f = NULL; ++static const char buffer[] = ++ "Some test data\n" ++ "With newlines, and a NUL byte\0" ++ "\n" ++ "an empty line\n" ++ "an ignored line\n" ++ "and a very long line that is supposed to be truncated, because it is so long\n"; ++ ++static void test_read_line_one_file(FILE *f) { + _cleanup_free_ char *line = NULL; + +- char buffer[] = +- "Some test data\n" +- "With newlines, and a NUL byte\0" +- "\n" +- "an empty line\n" +- "an ignored line\n" +- "and a very long line that is supposed to be truncated, because it is so long\n"; +- +- f = fmemopen(buffer, sizeof(buffer), "re"); +- assert_se(f); +- + assert_se(read_line(f, (size_t) -1, &line) == 15 && streq(line, "Some test data")); + line = mfree(line); + +@@ -706,6 +702,46 @@ static void test_read_line(void) { + assert_se(read_line(f, 1024, &line) == 0 && streq(line, "")); + } + ++static void test_read_line(void) { ++ _cleanup_fclose_ FILE *f = NULL; ++ _cleanup_free_ char *line = NULL; ++ ++ f = fmemopen((void*) buffer, sizeof(buffer), "re"); ++ assert_se(f); ++ ++ test_read_line_one_file(f); ++} ++ ++static void test_read_line2(void) { ++ char name[] = "/tmp/test-fileio.XXXXXX"; ++ int fd; ++ _cleanup_fclose_ FILE *f = NULL; ++ ++ fd = mkostemp_safe(name); ++ assert_se(fd >= 0); ++ assert_se((size_t) write(fd, buffer, sizeof(buffer)) == sizeof(buffer)); ++ ++ assert_se(lseek(fd, 0, SEEK_SET) == 0); ++ assert_se(f = fdopen(fd, "r")); ++ ++ test_read_line_one_file(f); ++} ++ ++static void test_read_line3(void) { ++ _cleanup_fclose_ FILE *f = NULL; ++ _cleanup_free_ char *line = NULL; ++ int r; ++ ++ f = fopen("/proc/cmdline", "re"); ++ if (!f && IN_SET(errno, ENOENT, EPERM)) ++ return; ++ assert_se(f); ++ ++ r = read_line(f, LINE_MAX, &line); ++ assert_se((size_t) r == strlen(line) + 1); ++ assert_se(read_line(f, LINE_MAX, NULL) == 0); ++} ++ + int main(int argc, char *argv[]) { + log_set_max_level(LOG_DEBUG); + log_parse_environment(); +@@ -728,6 +764,8 @@ int main(int argc, char *argv[]) { + test_writing_tmpfile(); + test_tempfn(); + test_read_line(); ++ test_read_line2(); ++ test_read_line3(); + + return 0; + } diff --git a/0076-fileio-return-0-from-read_one_line_file-on-success.patch b/0076-fileio-return-0-from-read_one_line_file-on-success.patch new file mode 100644 index 0000000..f2d68b1 --- /dev/null +++ b/0076-fileio-return-0-from-read_one_line_file-on-success.patch @@ -0,0 +1,34 @@ +From 32c49980110767e0ff013c0235e5e9a6bc2f3c31 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 24 Sep 2017 14:27:21 +0200 +Subject: [PATCH] fileio: return 0 from read_one_line_file on success + +Fixup for f4b51a2d09. Suggested by Evgeny Vereshchagin. + +(cherry picked from commit 2e33df93dee35af986683d1226f93e0f9659de5d) +--- + src/basic/fileio.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 36cb0edaf4..9d56b7ccbc 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -164,6 +164,7 @@ fail: + + int read_one_line_file(const char *fn, char **line) { + _cleanup_fclose_ FILE *f = NULL; ++ int r; + + assert(fn); + assert(line); +@@ -172,7 +173,8 @@ int read_one_line_file(const char *fn, char **line) { + if (!f) + return -errno; + +- return read_line(f, LONG_LINE_MAX, line); ++ r = read_line(f, LONG_LINE_MAX, line); ++ return r < 0 ? r : 0; + } + + int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { diff --git a/0077-string-util-use-size_t-for-strjoina-macro-6914.patch b/0077-string-util-use-size_t-for-strjoina-macro-6914.patch new file mode 100644 index 0000000..98f7441 --- /dev/null +++ b/0077-string-util-use-size_t-for-strjoina-macro-6914.patch @@ -0,0 +1,25 @@ +From 3c2e58887a5d9282670b3e41b6e584367a2bda18 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Mon, 25 Sep 2017 15:56:57 -0400 +Subject: [PATCH] string-util: use size_t for strjoina macro (#6914) + +`strlen` returns a `size_t` and `alloca` expects a `size_t`. + +(cherry picked from commit 35207e259ef44f62faf71acc4bbc7d43311a4583) +--- + src/basic/string-util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index be44dedff4..f8dde61549 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -120,7 +120,7 @@ char *strjoin_real(const char *x, ...) _sentinel_; + ({ \ + const char *_appendees_[] = { a, __VA_ARGS__ }; \ + char *_d_, *_p_; \ +- int _len_ = 0; \ ++ size_t _len_ = 0; \ + unsigned _i_; \ + for (_i_ = 0; _i_ < ELEMENTSOF(_appendees_) && _appendees_[_i_]; _i_++) \ + _len_ += strlen(_appendees_[_i_]); \ diff --git a/0078-mount-util-add-fusectl-to-list-of-API-VFS.patch b/0078-mount-util-add-fusectl-to-list-of-API-VFS.patch new file mode 100644 index 0000000..859851c --- /dev/null +++ b/0078-mount-util-add-fusectl-to-list-of-API-VFS.patch @@ -0,0 +1,22 @@ +From 63fe668593009a59cc2670d78974fccacb245c61 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 29 Sep 2017 14:36:06 +0200 +Subject: [PATCH] mount-util: add fusectl to list of API VFS + +(cherry picked from commit 7941e2189bf0a2118d4ad1fcf5ff2da534c3b67d) +--- + src/basic/mount-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index cff44116c8..a13f12096c 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -564,6 +564,7 @@ bool fstype_is_api_vfs(const char *fstype) { + "devpts\0" + "devtmpfs\0" + "efivarfs\0" ++ "fusectl\0" + "hugetlbfs\0" + "mqueue\0" + "proc\0" diff --git a/0079-units-do-not-kill-rescue-shell-when-machines.target-.patch b/0079-units-do-not-kill-rescue-shell-when-machines.target-.patch new file mode 100644 index 0000000..9e55f77 --- /dev/null +++ b/0079-units-do-not-kill-rescue-shell-when-machines.target-.patch @@ -0,0 +1,47 @@ +From a1bf52c278196d4bc8d419afeb6507c48e5fd461 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Mon, 25 Sep 2017 11:38:08 +0100 +Subject: [PATCH] units: do not kill rescue shell when machines.target is + started + +The original aim of this commit is that starting machines.target from the +rescue shell would not kill the rescue shell and lock you out of the +system. + +This is similar to commit 6579a622, for the conflict between +sysinit.target and the _emergency_ shell. That particular commit +introduced an ordering cycle and will need to be reverted and/or +fixed. This one does not, because it does not need to introduce any new +dependencies. + +The reason why this commit is allowable also has it's own merit: + +machines.target was not marked as AllowIsolate. Also, the point of +containers is to not escape them... I don't think we want to promote +machines.target as a default target or similar; you would generally want +some system service to allow you to shut down the machine, for example. I +don't see this approach used in CoreOS, nor in Fedora Atomic Host; we are +missing any positive examples of its utility. + +Requires=basic.target / After=basic.target can be removed for the same +reason. + +(cherry picked from commit a3b22cc5962efef2f4cd57d49f59a67e0617e9e0) +--- + units/machines.target | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/units/machines.target b/units/machines.target +index 99618a19f7..e07b0bb6ae 100644 +--- a/units/machines.target ++++ b/units/machines.target +@@ -8,9 +8,6 @@ + [Unit] + Description=Containers + Documentation=man:systemd.special(7) +-Requires=basic.target +-Conflicts=rescue.service rescue.target +-After=basic.target rescue.service rescue.target + Before=multi-user.target + + [Install] diff --git a/0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch b/0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch new file mode 100644 index 0000000..834bdb0 --- /dev/null +++ b/0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch @@ -0,0 +1,62 @@ +From cbe2db129832eb71c03857a0029c1ff8dea27a45 Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Fri, 29 Sep 2017 17:20:31 +0100 +Subject: [PATCH] units: express Conflict in syslog.socket instead of + emergency.service + +Note this commit only changes how the code is expressed; it does not change +the existence of any dependency. + +The `Conflicts=` was added in 3136ec90, "Stop syslog.socket when entering +emergency mode". The discussion in the issue #266 raised concerns that +this might be needed for other units, but failed to point out why +syslog.socket is special. The reason is that syslog.socket has +DefaultDepedencies=no, so it does not get Requires=sysinit.target like +other socket units do. But syslog.service does require sysinit.target, +among other things. + +We don't have many socket, path, or timer units with +DefaultDependencies=no, and I don't think any of the triggered services +have such additional hard dependencies as syslog.service does. + +It is much less confusing if we keep this `Conflicts=` in the same file as +the `DefaultDependencies=no` which made it necessary. + +(cherry picked from commit 950d8fcdd9aa7e71ad32ea224e7d6fbe0f9f53de) +--- + units/emergency.service.in | 1 - + units/syslog.socket | 6 +++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/units/emergency.service.in b/units/emergency.service.in +index e9eb238b98..8768fe137e 100644 +--- a/units/emergency.service.in ++++ b/units/emergency.service.in +@@ -11,7 +11,6 @@ Documentation=man:sulogin(8) + DefaultDependencies=no + Conflicts=shutdown.target + Conflicts=rescue.service +-Conflicts=syslog.socket + Before=shutdown.target + + [Service] +diff --git a/units/syslog.socket b/units/syslog.socket +index d3987cb9a8..372e8fcd45 100644 +--- a/units/syslog.socket ++++ b/units/syslog.socket +@@ -10,10 +10,14 @@ Description=Syslog Socket + Documentation=man:systemd.special(7) + Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog + DefaultDependencies=no +-Before=sockets.target shutdown.target ++Before=sockets.target + + # Don't allow logging until the very end + Conflicts=shutdown.target ++Before=shutdown.target ++ ++# Don't try to activate syslog.service if sysinit.target has failed. ++Conflicts=emergency.service + + [Socket] + ListenDatagram=/run/systemd/journal/syslog diff --git a/0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch b/0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch new file mode 100644 index 0000000..25fba6e --- /dev/null +++ b/0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch @@ -0,0 +1,45 @@ +From 7533ad492b3c7e9fd3901ab948eb6a030761ce2f Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Mon, 25 Sep 2017 11:45:03 +0100 +Subject: [PATCH] units: add missing ordering deps for Conflicts= of + emergency.service + +1. If we exited emergency mode immediately, we don't want to have an + irreversible stop job still running for syslog.socket. I _suspect_ that + can't happen, but let's not waste effort working out exactly why it's + impossible and not just very improbable. + +2. Similarly, it seems undesirable to have rescue.service and + emergency.service both running with an open FD of /dev/console, for + however short a period. + +(cherry picked from commit 6f6d1a8a6abae490e14e6a448895e36c6cefdefc) +--- + units/emergency.service.in | 1 + + units/syslog.socket | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/units/emergency.service.in b/units/emergency.service.in +index 8768fe137e..27c9a1c23e 100644 +--- a/units/emergency.service.in ++++ b/units/emergency.service.in +@@ -12,6 +12,7 @@ DefaultDependencies=no + Conflicts=shutdown.target + Conflicts=rescue.service + Before=shutdown.target ++Before=rescue.service + + [Service] + Environment=HOME=/root +diff --git a/units/syslog.socket b/units/syslog.socket +index 372e8fcd45..43981904ea 100644 +--- a/units/syslog.socket ++++ b/units/syslog.socket +@@ -18,6 +18,7 @@ Before=shutdown.target + + # Don't try to activate syslog.service if sysinit.target has failed. + Conflicts=emergency.service ++Before=emergency.service + + [Socket] + ListenDatagram=/run/systemd/journal/syslog diff --git a/0082-units-add-missing-Before-shutdown.target-for-units-w.patch b/0082-units-add-missing-Before-shutdown.target-for-units-w.patch new file mode 100644 index 0000000..9b2c8f9 --- /dev/null +++ b/0082-units-add-missing-Before-shutdown.target-for-units-w.patch @@ -0,0 +1,55 @@ +From ae3540d2387f24f3620ac1cd03dc952df654264b Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Mon, 25 Sep 2017 12:10:38 +0100 +Subject: [PATCH] units: add missing Before=shutdown.target for units which it + Conflicts + +There's a few services missing this ordering. + +Also remove a duplicate Conflicts=shutdown.target from +systemd-volatile-root.service. + +(cherry picked from commit 0b9ad5bf2ec09e963f706fdba498d99f29f97a54) +--- + units/system-update-cleanup.service.in | 1 + + units/systemd-networkd-wait-online.service.in | 2 +- + units/systemd-volatile-root.service.in | 1 - + 3 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/units/system-update-cleanup.service.in b/units/system-update-cleanup.service.in +index 116be8bc2d..dc524da7a3 100644 +--- a/units/system-update-cleanup.service.in ++++ b/units/system-update-cleanup.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd.special(5) man:systemd.offline-updates(7) + After=system-update.target + DefaultDependencies=no + Conflicts=shutdown.target ++Before=shutdown.target + + # system-update-generator uses laccess("/system-update"), while a plain + # ConditionPathExists=/system-update uses access("/system-update"), so +diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in +index a84e91906d..89ca865b55 100644 +--- a/units/systemd-networkd-wait-online.service.in ++++ b/units/systemd-networkd-wait-online.service.in +@@ -12,7 +12,7 @@ DefaultDependencies=no + Conflicts=shutdown.target + Requires=systemd-networkd.service + After=systemd-networkd.service +-Before=network-online.target ++Before=network-online.target shutdown.target + + [Service] + Type=oneshot +diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in +index cc4e604e4c..c5a4ca3c27 100644 +--- a/units/systemd-volatile-root.service.in ++++ b/units/systemd-volatile-root.service.in +@@ -12,7 +12,6 @@ DefaultDependencies=no + Conflicts=shutdown.target + After=sysroot.mount + Before=initrd-root-fs.target shutdown.target +-Conflicts=shutdown.target + AssertPathExists=/etc/initrd-release + + [Service] diff --git a/0083-units-DefaultDependencies-already-implies-conflict-w.patch b/0083-units-DefaultDependencies-already-implies-conflict-w.patch new file mode 100644 index 0000000..9c3a3af --- /dev/null +++ b/0083-units-DefaultDependencies-already-implies-conflict-w.patch @@ -0,0 +1,26 @@ +From 0854289230b44c44e2c312f50be24c2c286dc90f Mon Sep 17 00:00:00 2001 +From: Alan Jenkins +Date: Mon, 25 Sep 2017 12:46:32 +0100 +Subject: [PATCH] units: DefaultDependencies already implies conflict with + shutdown.target + +(and system-update.target does not have DefaultDependencies=no) + +(cherry picked from commit 2d4b910383c6c14b3720e26cca11c223ad868d9d) +--- + units/system-update.target | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/units/system-update.target b/units/system-update.target +index 3542879706..b95639a876 100644 +--- a/units/system-update.target ++++ b/units/system-update.target +@@ -10,8 +10,6 @@ Description=Offline System Update + Documentation=man:systemd.offline-updates(7) + Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) + Requires=sysinit.target +-Conflicts=shutdown.target + After=sysinit.target +-Before=shutdown.target + AllowIsolate=yes + Wants=system-update-cleanup.service diff --git a/0084-systemctl-supress-enable-disable-messages-when-q-is-.patch b/0084-systemctl-supress-enable-disable-messages-when-q-is-.patch new file mode 100644 index 0000000..1290e62 --- /dev/null +++ b/0084-systemctl-supress-enable-disable-messages-when-q-is-.patch @@ -0,0 +1,26 @@ +From 2dcc7e34ae37e1a8f3af9ed91329b9cb9afd3e65 Mon Sep 17 00:00:00 2001 +From: John Lin +Date: Thu, 12 Oct 2017 02:22:51 +0800 +Subject: [PATCH] systemctl: supress enable/disable messages when -q is given + (#7067) + +Fixes: #7036 +(cherry picked from commit 35d379b2e8b92388a73f245e5cfcaa7e7371e8a7) +(cherry picked from commit 6c5ff1d86e7e54f460599e92abbb4a5327e6a6db) +--- + src/shared/bus-unit-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 5cbe663fa8..1e6cd05054 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -1071,7 +1071,7 @@ int bus_deserialize_and_dump_unit_file_changes(sd_bus_message *m, bool quiet, Un + if (r < 0) + return bus_log_parse_error(r); + +- unit_file_dump_changes(0, NULL, *changes, *n_changes, false); ++ unit_file_dump_changes(0, NULL, *changes, *n_changes, quiet); + return 0; + } + diff --git a/0085-basic-env-util-drop-the-validation-when-deserializin.patch b/0085-basic-env-util-drop-the-validation-when-deserializin.patch new file mode 100644 index 0000000..be120e7 --- /dev/null +++ b/0085-basic-env-util-drop-the-validation-when-deserializin.patch @@ -0,0 +1,64 @@ +From 91545520e9e0313302b1c1391a691e567f7b41dd Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 11 Oct 2017 09:29:30 +0200 +Subject: [PATCH] basic/env-util: drop the validation when deserializing + environment + +The environment variables we've serialized can quite possibly contain +characters outside the set allowed by env_assignment_is_valid(). In +fact, my environment seems to contain a couple of these: + + * TERMCAP set by screen contains a '\x7f' character + * BASH_FUNC_module%% variable has a '%' character in name + +Strict check of environment variables name and value certainly makes sense for +unit files, but not so much for deserialization of values we already had +in our environment. + +(cherry picked from commit ea43bdd1d7c14e3695a4cc081e4ef4f964160dc1) +(cherry picked from commit cdc2ef6ba88210264f00997e7c99b7f3339c629e) +--- + src/basic/env-util.c | 5 ----- + src/test/test-env-util.c | 5 +++-- + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index 56e7b6fd8c..7c271973a3 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -799,10 +799,5 @@ int deserialize_environment(char ***environment, const char *line) { + if (r < 0) + return r; + +- if (!env_assignment_is_valid(uce)) { +- free(uce); +- return -EINVAL; +- } +- + return strv_env_replace(environment, uce); + } +diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c +index 3a2492dc6f..b14d62760f 100644 +--- a/src/test/test-env-util.c ++++ b/src/test/test-env-util.c +@@ -319,10 +319,10 @@ static void test_env_assignment_is_valid(void) { + static void test_deserialize_environment(void) { + _cleanup_strv_free_ char **env = strv_new("A=1", NULL); + +- assert_se(deserialize_environment(&env, "env=test") < 0); + assert_se(deserialize_environment(&env, "env=B=2") >= 0); ++ assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0); + +- assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2"))); ++ assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e"))); + } + + static void test_serialize_environment(void) { +@@ -334,6 +334,7 @@ static void test_serialize_environment(void) { + "B=2", + "C=ąęółń", + "D=D=a\\x0Ab", ++ "FOO%%=a\177b\nc\td e", + NULL); + _cleanup_strv_free_ char **env2 = NULL; + diff --git a/0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch b/0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch new file mode 100644 index 0000000..0771f8d --- /dev/null +++ b/0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch @@ -0,0 +1,42 @@ +From 24ee53d5b566b12c8c5be026b55bb8e48c1ca19f Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 11 Oct 2017 15:05:38 +0200 +Subject: [PATCH] basic/env-util: don't relax unesaping of serialized + environment strings + +We wrote them ourselves -- they shouldn't contain invalid sequences. + +(cherry picked from commit c7d797bbdfaccd950988698823e17103f418a3c5) +(cherry picked from commit 1ff2852a188de9235a293a347683c4c012708fe8) +--- + src/basic/env-util.c | 2 +- + src/test/test-env-util.c | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index 7c271973a3..f629a1fc37 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -795,7 +795,7 @@ int deserialize_environment(char ***environment, const char *line) { + assert(environment); + + assert(startswith(line, "env=")); +- r = cunescape(line + 4, UNESCAPE_RELAX, &uce); ++ r = cunescape(line + 4, 0, &uce); + if (r < 0) + return r; + +diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c +index b14d62760f..a76f691b79 100644 +--- a/src/test/test-env-util.c ++++ b/src/test/test-env-util.c +@@ -323,6 +323,9 @@ static void test_deserialize_environment(void) { + assert_se(deserialize_environment(&env, "env=FOO%%=a\\177b\\nc\\td e") >= 0); + + assert_se(strv_equal(env, STRV_MAKE("A=1", "B=2", "FOO%%=a\177b\nc\td e"))); ++ ++ assert_se(deserialize_environment(&env, "env=foo\\") < 0); ++ assert_se(deserialize_environment(&env, "env=bar\\_baz") < 0); + } + + static void test_serialize_environment(void) { diff --git a/0087-networkd-Consider-linkLocalAddressing-state-while-co.patch b/0087-networkd-Consider-linkLocalAddressing-state-while-co.patch new file mode 100644 index 0000000..4c9fd64 --- /dev/null +++ b/0087-networkd-Consider-linkLocalAddressing-state-while-co.patch @@ -0,0 +1,34 @@ +From ee8f87bc3433035652b053211b44c485eb81d72b Mon Sep 17 00:00:00 2001 +From: Susant Sahani <145210+ssahani@users.noreply.github.com> +Date: Wed, 18 Oct 2017 14:42:59 +0530 +Subject: [PATCH] networkd: Consider linkLocalAddressing state while + configuring ndisc. (#7012) + +If linkLocalAddressing is disabled in for the interface still then +we look for ndisc configured or not in link_check_ready. + +Link local is used automatic address configuration and neighbor discovery protocol. +If link local is disabled we should not configure ndisc. + +Fixes #2713, #6441, #5841. + +(cherry picked from commit 702c979fefc6d3e69c5982b8469ec8a47792d62f) +(cherry picked from commit 610f5ddb3c4ae3b08ddb1334bbdcbcf7799f091f) +--- + src/network/networkd-link.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 4c57fa1793..d8b13be381 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -225,6 +225,9 @@ static bool link_ipv6_accept_ra_enabled(Link *link) { + if (!link->network) + return false; + ++ if (!link_ipv6ll_enabled(link)) ++ return false; ++ + /* If unset use system default (enabled if local forwarding is disabled. + * disabled if local forwarding is enabled). + * If set, ignore or enforce RA independent of local forwarding state. diff --git a/0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch b/0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch new file mode 100644 index 0000000..c20cf7e --- /dev/null +++ b/0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch @@ -0,0 +1,38 @@ +From ace9b102d1977c7776cb185f29aa6b6814897939 Mon Sep 17 00:00:00 2001 +From: Susant Sahani <145210+ssahani@users.noreply.github.com> +Date: Wed, 18 Oct 2017 16:08:56 +0530 +Subject: [PATCH] networkd: don't stop the dhcp server if it's not configured. + (#7083) + +we call sd_dhcp_server_stop even if it's not configured when link is +down resulting unwanted logs. +``` +Oct 10 13:41:07 nena systemd-networkd[126]: eth0: Lost carrier +Oct 10 13:41:07 nena systemd-networkd[126]: DHCP CLIENT (0x560f2dc5): STOPPED +Oct 10 13:41:07 nena systemd-networkd[126]: eth0: DHCP lease lost +Oct 10 13:41:07 nena systemd-networkd[126]: NDISC: Stopping IPv6 Router Solicitation client +Oct 10 13:41:07 nena systemd-networkd[126]: Assertion 'server' failed at ../src/libsystemd-network/sd-dhcp-server.c:256, function sd_dhcp_server_stop(). Ignoring. +``` + +fixes #7047 + +(cherry picked from commit 28464ae0e21e7b9dfea7b733f9470091b2480a9a) +(cherry picked from commit 14d3f593b115fb46361e5dab4de0bead8451ca27) +--- + src/network/networkd-link.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index d8b13be381..fd6106c13d 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -3063,7 +3063,8 @@ static int link_carrier_lost(Link *link) { + return r; + } + +- (void) sd_dhcp_server_stop(link->dhcp_server); ++ if (link_dhcp4_server_enabled(link)) ++ (void) sd_dhcp_server_stop(link->dhcp_server); + + r = link_drop_config(link); + if (r < 0) diff --git a/0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch b/0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch new file mode 100644 index 0000000..7eea283 --- /dev/null +++ b/0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch @@ -0,0 +1,32 @@ +From 02b8ffe180bc10370a172e8272499648f396fed7 Mon Sep 17 00:00:00 2001 +From: myrkr +Date: Tue, 24 Oct 2017 09:56:40 +0200 +Subject: [PATCH] nspawn: Fix calculation of capabilities for configuration + file (#7087) + +The current code shifting an integer 1 failed for capabilities like +CAP_MAC_ADMIN (numerical value 33). This caused issues when specifying +them in the nspawn configuration file. Using an uint64_t 1 instead. + +The similar code for processing the --capability command line option +was already correctly working. + +(cherry picked from commit 1898e5f9a37d1a50f8c0bd1147abe11c3d38a16b) +(cherry picked from commit b4c63693634d3a56a1afe22dd59c63a7e8fe99f8) +--- + src/nspawn/nspawn-settings.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c +index 5217d10665..19bc8ba4b8 100644 +--- a/src/nspawn/nspawn-settings.c ++++ b/src/nspawn/nspawn-settings.c +@@ -200,7 +200,7 @@ int config_parse_capability( + continue; + } + +- u |= 1 << ((uint64_t) cap); ++ u |= UINT64_C(1) << cap; + } + + if (u == 0) diff --git a/0090-timedatectl-stop-using-xstrftime.patch b/0090-timedatectl-stop-using-xstrftime.patch new file mode 100644 index 0000000..536cbf6 --- /dev/null +++ b/0090-timedatectl-stop-using-xstrftime.patch @@ -0,0 +1,120 @@ +From f720fbe4564bb322847a34a930e124bab2aac8b3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 16:15:09 +0200 +Subject: [PATCH] timedatectl: stop using xstrftime +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When using strftime in arbitrary locales, we cannot really say how big the +buffer should be. Let's make the buffer "large", which will work fine pretty +much always, and just print n/a if the timestamp does not fit. strftime returns +0 if the buffer is too small and a NUL-terminated string otherwise, so we +can drop the size specifications in string formatting. + +$ export LANG=fa_IR.UTF-8 +$ date +چهارشنبه ۱۸ اكتبر ۱۷، ساعت ۱۰:۵۴:۲۴ (+0330) +$ timedatectl +Assertion 'xstrftime: a[] must be big enough' failed at ../src/timedate/timedatectl.c:105, function print_status_info(). Aborting. + +now: + +$ timedatectl + Local time: چهارشنبه 2017-10-18 16:29:40 CEST + Universal time: چهارشنبه 2017-10-18 14:29:40 UTC + RTC time: چهارشنبه 2017-10-18 14:29:40 +… + +https://bugzilla.redhat.com/show_bug.cgi?id=1503452 +(cherry picked from commit 14ce0c25c28ba58e80084e28b4f23884199900e4) +(cherry picked from commit b3e823e43c45b6233405d62e5f095c11130e638f) +--- + src/basic/time-util.h | 4 ---- + src/timedate/timedatectl.c | 27 ++++++++++++++------------- + 2 files changed, 14 insertions(+), 17 deletions(-) + +diff --git a/src/basic/time-util.h b/src/basic/time-util.h +index 3b7f0e99c0..73f7e40066 100644 +--- a/src/basic/time-util.h ++++ b/src/basic/time-util.h +@@ -148,10 +148,6 @@ clockid_t clock_boottime_or_monotonic(void); + + usec_t usec_shift_clock(usec_t, clockid_t from, clockid_t to); + +-#define xstrftime(buf, fmt, tm) \ +- assert_message_se(strftime(buf, ELEMENTSOF(buf), fmt, tm) > 0, \ +- "xstrftime: " #buf "[] must be big enough") +- + int get_timezone(char **timezone); + + time_t mktime_or_timegm(struct tm *tm, bool utc); +diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c +index 281b1534a3..2a011208ce 100644 +--- a/src/timedate/timedatectl.c ++++ b/src/timedate/timedatectl.c +@@ -72,12 +72,13 @@ static void status_info_clear(StatusInfo *info) { + } + + static void print_status_info(const StatusInfo *i) { +- char a[FORMAT_TIMESTAMP_MAX]; ++ char a[LINE_MAX]; + struct tm tm; + time_t sec; + bool have_time = false; + const char *old_tz = NULL, *tz; + int r; ++ size_t n; + + assert(i); + +@@ -102,11 +103,11 @@ static void print_status_info(const StatusInfo *i) { + log_warning("Could not get time from timedated and not operating locally, ignoring."); + + if (have_time) { +- xstrftime(a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm)); +- printf(" Local time: %.*s\n", (int) sizeof(a), a); ++ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm)); ++ printf(" Local time: %s\n", n > 0 ? a : "n/a"); + +- xstrftime(a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm)); +- printf(" Universal time: %.*s\n", (int) sizeof(a), a); ++ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm)); ++ printf(" Universal time: %s\n", n > 0 ? a : "n/a"); + } else { + printf(" Local time: %s\n", "n/a"); + printf(" Universal time: %s\n", "n/a"); +@@ -116,13 +117,13 @@ static void print_status_info(const StatusInfo *i) { + time_t rtc_sec; + + rtc_sec = (time_t) (i->rtc_time / USEC_PER_SEC); +- xstrftime(a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm)); +- printf(" RTC time: %.*s\n", (int) sizeof(a), a); ++ n = strftime(a, sizeof a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm)); ++ printf(" RTC time: %s\n", n > 0 ? a : "n/a"); + } else + printf(" RTC time: %s\n", "n/a"); + + if (have_time) +- xstrftime(a, "%Z, %z", localtime_r(&sec, &tm)); ++ n = strftime(a, sizeof a, "%Z, %z", localtime_r(&sec, &tm)); + + /* Restore the $TZ */ + if (old_tz) +@@ -134,11 +135,11 @@ static void print_status_info(const StatusInfo *i) { + else + tzset(); + +- printf(" Time zone: %s (%.*s)\n" +- " Network time on: %s\n" +- "NTP synchronized: %s\n" +- " RTC in local TZ: %s\n", +- strna(i->timezone), (int) sizeof(a), have_time ? a : "n/a", ++ printf(" Time zone: %s (%s)\n" ++ " System clock synchronized: %s\n" ++ "systemd-timesyncd.service active: %s\n" ++ " RTC in local TZ: %s\n", ++ strna(i->timezone), have_time && n > 0 ? a : "n/a", + i->ntp_capable ? yes_no(i->ntp_enabled) : "n/a", + yes_no(i->ntp_synced), + yes_no(i->rtc_local)); diff --git a/0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch b/0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch new file mode 100644 index 0000000..a3b121a --- /dev/null +++ b/0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch @@ -0,0 +1,38 @@ +From d6ac00972a031eda491a354bf3e2a6c9a7f2b553 Mon Sep 17 00:00:00 2001 +From: Lauri Tirkkonen +Date: Tue, 24 Oct 2017 20:40:50 +0300 +Subject: [PATCH] nspawn: EROFS for chowning mount points is not fatal (#7122) + +This fixes --read-only with --private-users. mkdir_userns_p may return +-EROFS if either mkdir or lchown fails; lchown failing is fine as the +mount point will just be overmounted, and if mkdir fails then the +following mount() will also fail (with ENOENT). + +(cherry picked from commit 4f13e534282414b5e58ef31a26cc5c3f06f8cb18) +(cherry picked from commit 1b7014dfc1584d1f3b10eb91c4f22e0deaca999d) +--- + src/nspawn/nspawn-mount.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c +index ac7290732e..3d2151a06a 100644 +--- a/src/nspawn/nspawn-mount.c ++++ b/src/nspawn/nspawn-mount.c +@@ -601,11 +601,15 @@ int mount_all(const char *dest, + + r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift); + if (r < 0 && r != -EEXIST) { +- if (fatal) ++ if (fatal && r != -EROFS) + return log_error_errno(r, "Failed to create directory %s: %m", where); + + log_debug_errno(r, "Failed to create directory %s: %m", where); +- continue; ++ /* If we failed mkdir() or chown() due to the root ++ * directory being read only, attempt to mount this fs ++ * anyway and let mount_verbose log any errors */ ++ if (r != -EROFS) ++ continue; + } + + o = mount_table[k].options; diff --git a/0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch new file mode 100644 index 0000000..fd851e1 --- /dev/null +++ b/0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch @@ -0,0 +1,38 @@ +From 1e20ca63e06337b95f4b0deedc062511d2ff31cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 25 Oct 2017 11:19:19 +0200 +Subject: [PATCH] resolved: fix loop on packets with pseudo dns types + +Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. + +https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 +(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62) +(cherry picked from commit 743b771c559c6101544f7358a42c8c519fe4b0db) +--- + src/resolve/resolved-dns-packet.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index 49a04615d4..1165940e0d 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1503,7 +1503,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + + found = true; + +- while (bitmask) { ++ for (; bitmask; bit++, bitmask >>= 1) + if (bitmap[i] & bitmask) { + uint16_t n; + +@@ -1517,10 +1517,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + if (r < 0) + return r; + } +- +- bit++; +- bitmask >>= 1; +- } + } + + if (!found) diff --git a/0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch b/0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch new file mode 100644 index 0000000..b5ffc5a --- /dev/null +++ b/0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch @@ -0,0 +1,143 @@ +From ea8cb69ee23cd67ef45ca34f1b192c9adb5fa878 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 9 Jul 2017 23:31:47 -0400 +Subject: [PATCH] cryptsetup-generator: add a helper utility to create symlinks + +It seems that there's a common pattern among the various generators. Let's add +a helper function for it and make use of it in cryptsetup-generator. + +This fixes a bunch of theoretical memleaks in error paths, since *to wasn't +generally freed properly. Not thath it matters. + +(cherry picked from commit b559616f2321643c5194b474d39a722cefaf6059) +--- + src/cryptsetup/cryptsetup-generator.c | 53 ++++++++++------------------------- + src/shared/generator.c | 15 ++++++++++ + src/shared/generator.h | 2 ++ + 3 files changed, 32 insertions(+), 38 deletions(-) + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index afc5d7cf49..4edf709c3e 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -58,11 +58,11 @@ static int create_disk( + const char *password, + const char *options) { + +- _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL, ++ _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *e = NULL, + *filtered = NULL; + _cleanup_fclose_ FILE *f = NULL; ++ const char *dmname; + bool noauto, nofail, tmp, swap; +- char *from; + int r; + + assert(name); +@@ -120,7 +120,7 @@ static int create_disk( + if (password) { + if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) + fputs("After=systemd-random-seed.service\n", f); +- else if (!streq(password, "-") && !streq(password, "none")) { ++ else if (!STR_IN_SET(password, "-", "none")) { + _cleanup_free_ char *uu; + + uu = fstab_node_to_udev_node(password); +@@ -186,46 +186,23 @@ static int create_disk( + if (r < 0) + return log_error_errno(r, "Failed to write file %s: %m", p); + +- from = strjoina("../", n); +- + if (!noauto) { +- +- to = strjoin(arg_dest, "/", d, ".wants/", n); +- if (!to) +- return log_oom(); +- +- mkdir_parents_label(to, 0755); +- if (symlink(from, to) < 0) +- return log_error_errno(errno, "Failed to create symlink %s: %m", to); +- +- free(to); +- if (!nofail) +- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n); +- else +- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n); +- if (!to) +- return log_oom(); +- +- mkdir_parents_label(to, 0755); +- if (symlink(from, to) < 0) +- return log_error_errno(errno, "Failed to create symlink %s: %m", to); ++ r = generator_add_symlink(arg_dest, d, "wants", n); ++ if (r < 0) ++ return r; ++ ++ r = generator_add_symlink(arg_dest, "cryptsetup.target", ++ nofail ? "wants" : "requires", n); ++ if (r < 0) ++ return r; + } + +- free(to); +- to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n); +- if (!to) +- return log_oom(); +- +- mkdir_parents_label(to, 0755); +- if (symlink(from, to) < 0) +- return log_error_errno(errno, "Failed to create symlink %s: %m", to); ++ dmname = strjoina("dev-mapper-", e, ".device"); ++ r = generator_add_symlink(arg_dest, dmname, "requires", n); ++ if (r < 0) ++ return r; + + if (!noauto && !nofail) { +- _cleanup_free_ char *dmname; +- dmname = strjoin("dev-mapper-", e, ".device"); +- if (!dmname) +- return log_oom(); +- + r = write_drop_in(arg_dest, dmname, 90, "device-timeout", + "# Automatically generated by systemd-cryptsetup-generator \n\n" + "[Unit]\nJobTimeoutSec=0"); +diff --git a/src/shared/generator.c b/src/shared/generator.c +index 6a887e3aad..325fe9fcbf 100644 +--- a/src/shared/generator.c ++++ b/src/shared/generator.c +@@ -37,6 +37,21 @@ + #include "unit-name.h" + #include "util.h" + ++int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src) { ++ /* Adds a symlink from ..d/ to ../ */ ++ ++ const char *from, *to; ++ ++ from = strjoina("../", src); ++ to = strjoina(root, "/", dst, ".", dep_type, "/", src); ++ ++ mkdir_parents_label(to, 0755); ++ if (symlink(from, to) < 0) ++ return log_error_errno(errno, "Failed to create symlink \"%s\": %m", to); ++ ++ return 0; ++} ++ + static int write_fsck_sysroot_service(const char *dir, const char *what) { + _cleanup_free_ char *device = NULL, *escaped = NULL; + _cleanup_fclose_ FILE *f = NULL; +diff --git a/src/shared/generator.h b/src/shared/generator.h +index 825d934c8e..e70016839f 100644 +--- a/src/shared/generator.h ++++ b/src/shared/generator.h +@@ -21,6 +21,8 @@ + + #include + ++int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src); ++ + int generator_write_fsck_deps( + FILE *f, + const char *dir, diff --git a/0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch b/0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch new file mode 100644 index 0000000..731b3b7 --- /dev/null +++ b/0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch @@ -0,0 +1,24 @@ +From c55ccd92b9503bc074e6ffb07925f09024e9949d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 09:14:51 +0200 +Subject: [PATCH] units: order cryptsetup-pre.target before cryptsetup.target + +Normally this happens automatically, but if it happened that both targets were +pulled in, even though there were no cryptsetup units, they could be started +in reverse order, which would be somewhat confusing. Add an explicit ordering +to avoid this potential issue. + +(cherry picked from commit 947d21171bdd8375db6482bc7d758d74b27f7dd4) +--- + units/cryptsetup-pre.target | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target +index 65353419fc..42e35dd4e4 100644 +--- a/units/cryptsetup-pre.target ++++ b/units/cryptsetup-pre.target +@@ -9,3 +9,4 @@ + Description=Encrypted Volumes (Pre) + Documentation=man:systemd.special(7) + RefuseManualStart=yes ++Before=cryptsetup.target diff --git a/0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch b/0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch new file mode 100644 index 0000000..3ed9a34 --- /dev/null +++ b/0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch @@ -0,0 +1,138 @@ +From ca24b1e7731260a972af22387aad16e506dc1826 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 10:15:13 +0200 +Subject: [PATCH] units: add remote-cryptsetup.target and + remote-cryptsetup-pre.target + +The pair is similar to remote-fs.target and remote-fs-pre.target. Any +cryptsetup devices which require network shall be ordered after +remote-cryptsetup-pre.target and before remote-cryptsetup.target. + +(cherry picked from commit 889128b8b27abb13e1691a72e4ce0562c564e257) +--- + man/systemd.special.xml | 23 +++++++++++++++++++++++ + units/cryptsetup-pre.target | 2 +- + units/cryptsetup.target | 2 +- + units/meson.build | 3 +++ + units/remote-cryptsetup-pre.target | 15 +++++++++++++++ + units/remote-cryptsetup.target | 10 ++++++++++ + 6 files changed, 53 insertions(+), 2 deletions(-) + create mode 100644 units/remote-cryptsetup-pre.target + create mode 100644 units/remote-cryptsetup.target + +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index 66c45e39a3..7107b8a920 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -81,6 +81,8 @@ + poweroff.target, + printer.target, + reboot.target, ++ remote-cryptsetup-pre.target, ++ remote-cryptsetup.target, + remote-fs-pre.target, + remote-fs.target, + rescue.target, +@@ -450,6 +452,27 @@ + this target unit, for compatibility with SysV. + + ++ ++ remote-cryptsetup-pre.target ++ ++ This target unit is automatically ordered before all cryptsetup devices ++ marked with the . It can be used to execute additional ++ units before such devices are set up. ++ ++ It is ordered after network.target and ++ network-online.target, and also pulls the latter in as a ++ Wants= dependency. ++ ++ ++ ++ remote-cryptsetup.target ++ ++ Similar to cryptsetup.target, but for encrypted ++ devices which are accessed over the network. It is used for ++ crypttab8 ++ entries marked with . ++ ++ + + remote-fs.target + +diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target +index 42e35dd4e4..6cb28a61ae 100644 +--- a/units/cryptsetup-pre.target ++++ b/units/cryptsetup-pre.target +@@ -6,7 +6,7 @@ + # (at your option) any later version. + + [Unit] +-Description=Encrypted Volumes (Pre) ++Description=Local Encrypted Volumes (Pre) + Documentation=man:systemd.special(7) + RefuseManualStart=yes + Before=cryptsetup.target +diff --git a/units/cryptsetup.target b/units/cryptsetup.target +index 25d3e33f6a..10b17fd387 100644 +--- a/units/cryptsetup.target ++++ b/units/cryptsetup.target +@@ -6,5 +6,5 @@ + # (at your option) any later version. + + [Unit] +-Description=Encrypted Volumes ++Description=Local Encrypted Volumes + Documentation=man:systemd.special(7) +diff --git a/units/meson.build b/units/meson.build +index e94add6a6f..e6351c7a2e 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -47,6 +47,9 @@ units = [ + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'runlevel6.target ctrl-alt-del.target'], ++ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], ++ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', ++ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['remote-fs-pre.target', ''], + ['remote-fs.target', '', + join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], +diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target +new file mode 100644 +index 0000000000..a375e61889 +--- /dev/null ++++ b/units/remote-cryptsetup-pre.target +@@ -0,0 +1,15 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Remote Encrypted Volumes (Pre) ++Documentation=man:systemd.special(7) ++RefuseManualStart=yes ++Before=remote-cryptsetup.target ++ ++After=network.target network-online.target ++Wants=network-online.target +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +new file mode 100644 +index 0000000000..60943bd1cb +--- /dev/null ++++ b/units/remote-cryptsetup.target +@@ -0,0 +1,10 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Remote Encrypted Volumes ++Documentation=man:systemd.special(7) diff --git a/0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch b/0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch new file mode 100644 index 0000000..be990d8 --- /dev/null +++ b/0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch @@ -0,0 +1,106 @@ +From 8f21747f369f6d88768d1409d95527c60f2cd7c7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 11:30:33 +0200 +Subject: [PATCH] cryptsetup-generator: use remote-cryptsetup.target when + _netdev is present + +This allows such devices to depend on the network. Their startup will +be delayed similarly to network mount units. + +Fixes #4642. + +(cherry picked from commit b001ad61e91b6499897f0c977045c7608c233bfa) +--- + man/crypttab.xml | 13 +++++++++++++ + src/cryptsetup/cryptsetup-generator.c | 30 +++++++++++++++++------------- + 2 files changed, 30 insertions(+), 13 deletions(-) + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 17976f3704..162377ebc1 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -213,6 +213,19 @@ + . + + ++ ++ ++ ++ Marks this cryptsetup device as requiring network. It will be ++ started after the network is available, similarly to ++ systemd.mount5 ++ units marked with . The service unit to set up this device ++ will be ordered between remote-cryptsetup-pre.target and ++ remote-cryptsetup.target, instead of ++ cryptsetup-pre.target and ++ cryptsetup.target. ++ ++ + + + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 4edf709c3e..962d712639 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -62,7 +62,7 @@ static int create_disk( + *filtered = NULL; + _cleanup_fclose_ FILE *f = NULL; + const char *dmname; +- bool noauto, nofail, tmp, swap; ++ bool noauto, nofail, tmp, swap, netdev; + int r; + + assert(name); +@@ -72,6 +72,7 @@ static int create_disk( + nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); + tmp = fstab_test_option(options, "tmp\0"); + swap = fstab_test_option(options, "swap\0"); ++ netdev = fstab_test_option(options, "_netdev\0"); + + if (tmp && swap) { + log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); +@@ -102,20 +103,22 @@ static int create_disk( + if (!f) + return log_error_errno(errno, "Failed to create unit file %s: %m", p); + +- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n" +- "[Unit]\n" +- "Description=Cryptography Setup for %I\n" +- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" +- "SourcePath=/etc/crypttab\n" +- "DefaultDependencies=no\n" +- "Conflicts=umount.target\n" +- "IgnoreOnIsolate=true\n" +- "After=cryptsetup-pre.target\n", +- f); ++ fprintf(f, ++ "# Automatically generated by systemd-cryptsetup-generator\n\n" ++ "[Unit]\n" ++ "Description=Cryptography Setup for %%I\n" ++ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" ++ "SourcePath=/etc/crypttab\n" ++ "DefaultDependencies=no\n" ++ "Conflicts=umount.target\n" ++ "IgnoreOnIsolate=true\n" ++ "After=%s\n", ++ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); + + if (!nofail) + fprintf(f, +- "Before=cryptsetup.target\n"); ++ "Before=%s\n", ++ netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); + + if (password) { + if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) +@@ -191,7 +194,8 @@ static int create_disk( + if (r < 0) + return r; + +- r = generator_add_symlink(arg_dest, "cryptsetup.target", ++ r = generator_add_symlink(arg_dest, ++ netdev ? "remote-cryptsetup.target" : "cryptsetup.target", + nofail ? "wants" : "requires", n); + if (r < 0) + return r; diff --git a/0097-units-add-Install-section-to-remote-cryptsetup.targe.patch b/0097-units-add-Install-section-to-remote-cryptsetup.targe.patch new file mode 100644 index 0000000..af810cb --- /dev/null +++ b/0097-units-add-Install-section-to-remote-cryptsetup.targe.patch @@ -0,0 +1,44 @@ +From e937bdf0271e664ede61fafd74f8487334745d01 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:13:03 +0200 +Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target + +This makes this target the same as remote-fs.target in this regard. In practice +it probably doesn't make that much difference, because all encrypted devices +that are part of remote-fs.target (marked with _netdev) will be used for mount +points, so they will be pulled in anyway individually, but with this change any +such device will be configured, even if it is not pulled by any other unit. + +(cherry picked from commit 8f462b074eb9830d6d5029f70c9010ce50e68357) +(cherry picked from commit eaaa52cc40bc7f94762ca622d4bd3e9440ccee90) +--- + system-preset/90-systemd.preset | 1 + + units/remote-cryptsetup.target | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset +index 3ba4bb760d..98bc4c3c55 100644 +--- a/system-preset/90-systemd.preset ++++ b/system-preset/90-systemd.preset +@@ -9,6 +9,7 @@ + # generally follow a default-off policy. + + enable remote-fs.target ++enable remote-cryptsetup.target + enable machines.target + + enable getty@.service +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index 60943bd1cb..c306d521f7 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,3 +8,9 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) ++After=remote-cryptsetup-pre.target ++DefaultDependencies=no ++Conflicts=shutdown.target ++ ++[Install] ++WantedBy=multi-user.target diff --git a/0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch b/0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch new file mode 100644 index 0000000..33fbab2 --- /dev/null +++ b/0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch @@ -0,0 +1,150 @@ +From e4340effce763b111fc14a64f759beef6ed3a276 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:34:54 +0200 +Subject: [PATCH] units: replace remote-cryptsetup-pre.target with + remote-fs-pre.target + +remote-cryptsetup-pre.target was designed as an active unit (that pulls in +network-online.target), the opposite of remote-fs-pre.target (a passive unit, +with individual provider services ordering itself before it and pulling it in, +for example iscsi.service and nfs-client.target). + +To make remote-cryptsetup-pre.target really work, those services should be +ordered before it too. But this would require updates to all those services, +not just changes from systemd side. + +But the requirements for remote-fs-pre.target and remote-cryptset-pre.target +are fairly similar (e.g. iscsi devices can certainly be used for both), so +let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses +a bit of flexibility, but does away with the requirement for various provider +services to know about remote-cryptsetup-pre.target. + +(cherry picked from commit a0dd209763f9e67054ee322a2dfd52bccf345c2e) +(cherry picked from commit c5e8935962eadc9e901f4fe13e187aaaad487142) +--- + man/crypttab.xml | 2 +- + man/systemd.special.xml | 20 ++++---------------- + src/cryptsetup/cryptsetup-generator.c | 2 +- + units/meson.build | 1 - + units/remote-cryptsetup-pre.target | 15 --------------- + units/remote-cryptsetup.target | 2 +- + 6 files changed, 7 insertions(+), 35 deletions(-) + delete mode 100644 units/remote-cryptsetup-pre.target + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 162377ebc1..239bbfa87d 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -220,7 +220,7 @@ + started after the network is available, similarly to + systemd.mount5 + units marked with . The service unit to set up this device +- will be ordered between remote-cryptsetup-pre.target and ++ will be ordered between remote-fs-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and + cryptsetup.target. +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index 7107b8a920..145848dbc5 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -81,7 +81,6 @@ + poweroff.target, + printer.target, + reboot.target, +- remote-cryptsetup-pre.target, + remote-cryptsetup.target, + remote-fs-pre.target, + remote-fs.target, +@@ -452,18 +451,6 @@ + this target unit, for compatibility with SysV. + + +- +- remote-cryptsetup-pre.target +- +- This target unit is automatically ordered before all cryptsetup devices +- marked with the . It can be used to execute additional +- units before such devices are set up. +- +- It is ordered after network.target and +- network-online.target, and also pulls the latter in as a +- Wants= dependency. +- +- + + remote-cryptsetup.target + +@@ -864,9 +851,10 @@ + remote-fs-pre.target + + This target unit is automatically ordered before all +- remote mount point units (see above). It can be used to run +- certain units before the remote mounts are established. Note +- that this unit is generally not part of the initial ++ mount point units (see above) and cryptsetup devices ++ marked with the . It can be used to run ++ certain units before remote encrypted devices and mounts are established. ++ Note that this unit is generally not part of the initial + transaction, unless the unit that wants to be ordered before + all remote mounts pulls it in via a + Wants= type dependency. If the unit wants +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 962d712639..4d68710c1d 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -113,7 +113,7 @@ static int create_disk( + "Conflicts=umount.target\n" + "IgnoreOnIsolate=true\n" + "After=%s\n", +- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); ++ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); + + if (!nofail) + fprintf(f, +diff --git a/units/meson.build b/units/meson.build +index e6351c7a2e..d85cc491c9 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -47,7 +47,6 @@ units = [ + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'runlevel6.target ctrl-alt-del.target'], +- ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['remote-fs-pre.target', ''], +diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target +deleted file mode 100644 +index a375e61889..0000000000 +--- a/units/remote-cryptsetup-pre.target ++++ /dev/null +@@ -1,15 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Remote Encrypted Volumes (Pre) +-Documentation=man:systemd.special(7) +-RefuseManualStart=yes +-Before=remote-cryptsetup.target +- +-After=network.target network-online.target +-Wants=network-online.target +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index c306d521f7..d485b06726 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,7 +8,7 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) +-After=remote-cryptsetup-pre.target ++After=remote-fs-pre.target + DefaultDependencies=no + Conflicts=shutdown.target + diff --git a/0099-man-add-a-note-about-_netdev-usage.patch b/0099-man-add-a-note-about-_netdev-usage.patch new file mode 100644 index 0000000..f82521c --- /dev/null +++ b/0099-man-add-a-note-about-_netdev-usage.patch @@ -0,0 +1,41 @@ +From 3557377795afb0410c703707633dd5ad589fdd11 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:43:58 +0200 +Subject: [PATCH] man: add a note about _netdev usage + +(cherry picked from commit 288c26165e0ff71857394f360f42432bc808556f) +(cherry picked from commit 51f2176d0df1088407afbadc138aeaa9dbe017e8) +--- + man/crypttab.xml | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 239bbfa87d..88f8909a60 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -223,7 +223,16 @@ + will be ordered between remote-fs-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and +- cryptsetup.target. ++ cryptsetup.target. ++ ++ Hint: if this device is used for a mount point that is specified in ++ fstab5, ++ the option should also be used for the mount ++ point. Otherwise, a dependency loop might be created where the mount point ++ will be pulled in by local-fs.target, while the ++ service to configure the network is usually only started after ++ the local file system has been mounted. ++ + + + +@@ -431,6 +440,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil + systemd1, + systemd-cryptsetup@.service8, + systemd-cryptsetup-generator8, ++ fstab5, + cryptsetup8, + mkswap8, + mke2fs8 diff --git a/0100-units-make-remote-cryptsetup.target-also-after-crypt.patch b/0100-units-make-remote-cryptsetup.target-also-after-crypt.patch new file mode 100644 index 0000000..711fa29 --- /dev/null +++ b/0100-units-make-remote-cryptsetup.target-also-after-crypt.patch @@ -0,0 +1,28 @@ +From a33807a581643c73377d3ef476979bf1d53ccf08 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 15:14:46 +0200 +Subject: [PATCH] units: make remote-cryptsetup.target also after + cryptsetup-pre.target + +This way people can order units before cryptsetup-pre.target and +have them run before any cryptsetup-related stuff. + +(cherry picked from commit a0e030f53bad355be1084a0475eb30aae20e3e43) +(cherry picked from commit d56bbe6540ed5075ab6c2845c63d08c12499e46d) +--- + units/remote-cryptsetup.target | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index d485b06726..ac4e1b71db 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,7 +8,7 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) +-After=remote-fs-pre.target ++After=remote-fs-pre.target cryptsetup-pre.target + DefaultDependencies=no + Conflicts=shutdown.target + diff --git a/0101-man-describe-how-machine-id-should-be-initialized-70.patch b/0101-man-describe-how-machine-id-should-be-initialized-70.patch new file mode 100644 index 0000000..be94307 --- /dev/null +++ b/0101-man-describe-how-machine-id-should-be-initialized-70.patch @@ -0,0 +1,123 @@ +From 3a5ffde6675f952785d39593bb5038e8f827b22d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 18:47:34 +0200 +Subject: [PATCH] man: describe how machine-id should be initialized (#7051) + +(cherry picked from commit 74a79c657e17fc43172a59f1f158d4a26aec2be1) +(cherry picked from commit 07ba9da0bc0d4e3309e766d3734ac56683d3298d) +--- + man/machine-id.xml | 90 +++++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 69 insertions(+), 21 deletions(-) + +diff --git a/man/machine-id.xml b/man/machine-id.xml +index 3c261bffcc..e434c89de9 100644 +--- a/man/machine-id.xml ++++ b/man/machine-id.xml +@@ -53,18 +53,26 @@ + + Description + +- The /etc/machine-id file contains the unique machine ID of the local +- system that is set during installation. The machine ID is a single newline-terminated, +- hexadecimal, 32-character, lowercase ID. When decoded from hexadecimal, this corresponds to a +- 16-byte/128-bit value. ++ The /etc/machine-id file contains the unique machine ID of ++ the local system that is set during installation or boot. The machine ID is a single ++ newline-terminated, hexadecimal, 32-character, lowercase ID. When decoded from ++ hexadecimal, this corresponds to a 16-byte/128-bit value. This ID may not be all ++ zeros. + +- The machine ID is usually generated from a random source +- during system installation and stays constant for all subsequent +- boots. Optionally, for stateless systems, it is generated during +- runtime at early boot if it is found to be empty. ++ The machine ID is usually generated from a random source during system ++ installation or first boot and stays constant for all subsequent boots. Optionally, ++ for stateless systems, it is generated during runtime during early boot if necessary. ++ + +- The machine ID does not change based on local or network configuration or when hardware is +- replaced. Due to this and its greater length, it is a more useful replacement for the ++ The machine ID may be set, for example when network booting, with the ++ systemd.machine_id= kernel command line parameter or by passing the ++ option to systemd. An ID is specified in this manner ++ has higher priority and will be used instead of the ID stored in ++ /etc/machine-id. ++ ++ The machine ID does not change based on local or network configuration or when ++ hardware is replaced. Due to this and its greater length, it is a more useful ++ replacement for the + gethostid3 + call that POSIX specifies. + +@@ -79,19 +87,59 @@ + the original machine ID from the application-specific one. The + sd_id128_get_machine_app_specific3 + API provides an implementation of such an algorithm. ++ + +- The ++ ++ Initialization ++ ++ Each machine should have a non-empty ID in normal operation. The ID of each ++ machine should be unique. To achive those objectives, ++ /etc/machine-id can be initialized in a few different ways. ++ ++ ++ For normal operating system installations, where a custom image is created for a ++ specific machine, /etc/machine-id should be populated during ++ installation. ++ ++ + systemd-machine-id-setup1 +- tool may be used by installer tools to initialize the machine ID +- at install time. Use +- systemd-firstboot1 +- to initialize it on mounted (but not booted) system images. +- +- The machine-id may also be set, for example when network +- booting, by setting the systemd.machine_id= +- kernel command line parameter or passing the option +- to systemd. A machine-id may not +- be set to all zeros. ++ may be used by installer tools to initialize the machine ID at install time, but ++ /etc/machine-id may also be written using any other means. ++ ++ ++ For operating system images which are created once and used on multiple ++ machines, for example for containers or in the cloud, ++ /etc/machine-id should be an empty file in the generic file ++ system image. An ID will be generated during boot and saved to this file if ++ possible. Having an empty file in place is useful because it allows a temporary file ++ to be bind-mounted over the real file, in case the image is used read-only. ++ ++ systemd-firstboot1 ++ may be used to to initialize /etc/machine-id on mounted (but not ++ booted) system images. ++ ++ When a machine is booted with ++ systemd1 ++ the ID of the machine will be established. If systemd.machine_id= ++ or options (see first section) are specified, this ++ value will be used. Otherwise, the value in /etc/machine-id will ++ be used. If this file is empty or missing, systemd will attempt ++ to use the D-Bus machine ID from /var/lib/dbus/machine-id, the ++ value of the kernel command line option container_uuid, the KVM DMI ++ product_uuid (on KVM systems), and finally a randomly generated ++ UUID. ++ ++ After the machine ID is established, ++ systemd1 ++ will attempt to save it to /etc/machine-id. If this fails, it ++ will attempt to bind-mount a temporary file over /etc/machine-id. ++ It is an error if the file system is read-only and does not contain a (possibly empty) ++ /etc/machine-id file. ++ ++ systemd-machine-id-commit.service8 ++ will attempt to write the machine ID to the file system if ++ /etc/machine-id or /etc are read-only during ++ early boot but become writable later on. + + + diff --git a/0999-netdev-crypttab.patch b/0999-netdev-crypttab.patch deleted file mode 100644 index ba91dee..0000000 --- a/0999-netdev-crypttab.patch +++ /dev/null @@ -1,280 +0,0 @@ -From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 5 Sep 2017 09:14:51 +0200 -Subject: [PATCH 1/3] units: order cryptsetup-pre.target before - cryptsetup.target - -Normally this happens automatically, but if it happened that both targets were -pulled in, even though there were no cryptsetup units, they could be started -in reverse order, which would be somewhat confusing. Add an explicit ordering -to avoid this potential issue. ---- - units/cryptsetup-pre.target | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target -index 65353419f..42e35dd4e 100644 ---- a/units/cryptsetup-pre.target -+++ b/units/cryptsetup-pre.target -@@ -9,3 +9,4 @@ - Description=Encrypted Volumes (Pre) - Documentation=man:systemd.special(7) - RefuseManualStart=yes -+Before=cryptsetup.target --- -2.14.1 - - -From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 5 Sep 2017 10:15:13 +0200 -Subject: [PATCH 2/3] units: add remote-cryptsetup.target and - remote-cryptsetup-pre.target - -The pair is similar to remote-fs.target and remote-fs-pre.target. Any -cryptsetup devices which require network shall be ordered after -remote-cryptsetup-pre.target and before remote-cryptsetup.target. ---- - man/systemd.special.xml | 23 +++++++++++++++++++++++ - units/cryptsetup-pre.target | 2 +- - units/cryptsetup.target | 2 +- - units/meson.build | 3 +++ - units/remote-cryptsetup-pre.target | 15 +++++++++++++++ - units/remote-cryptsetup.target | 10 ++++++++++ - 6 files changed, 53 insertions(+), 2 deletions(-) - create mode 100644 units/remote-cryptsetup-pre.target - create mode 100644 units/remote-cryptsetup.target - -diff --git a/man/systemd.special.xml b/man/systemd.special.xml -index 66c45e39a..7107b8a92 100644 ---- a/man/systemd.special.xml -+++ b/man/systemd.special.xml -@@ -81,6 +81,8 @@ - poweroff.target, - printer.target, - reboot.target, -+ remote-cryptsetup-pre.target, -+ remote-cryptsetup.target, - remote-fs-pre.target, - remote-fs.target, - rescue.target, -@@ -450,6 +452,27 @@ - this target unit, for compatibility with SysV. - - -+ -+ remote-cryptsetup-pre.target -+ -+ This target unit is automatically ordered before all cryptsetup devices -+ marked with the . It can be used to execute additional -+ units before such devices are set up. -+ -+ It is ordered after network.target and -+ network-online.target, and also pulls the latter in as a -+ Wants= dependency. -+ -+ -+ -+ remote-cryptsetup.target -+ -+ Similar to cryptsetup.target, but for encrypted -+ devices which are accessed over the network. It is used for -+ crypttab8 -+ entries marked with . -+ -+ - - remote-fs.target - -diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target -index 42e35dd4e..6cb28a61a 100644 ---- a/units/cryptsetup-pre.target -+++ b/units/cryptsetup-pre.target -@@ -6,7 +6,7 @@ - # (at your option) any later version. - - [Unit] --Description=Encrypted Volumes (Pre) -+Description=Local Encrypted Volumes (Pre) - Documentation=man:systemd.special(7) - RefuseManualStart=yes - Before=cryptsetup.target -diff --git a/units/cryptsetup.target b/units/cryptsetup.target -index 25d3e33f6..10b17fd38 100644 ---- a/units/cryptsetup.target -+++ b/units/cryptsetup.target -@@ -6,5 +6,5 @@ - # (at your option) any later version. - - [Unit] --Description=Encrypted Volumes -+Description=Local Encrypted Volumes - Documentation=man:systemd.special(7) -diff --git a/units/meson.build b/units/meson.build -index e94add6a6..e6351c7a2 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -47,6 +47,9 @@ units = [ - ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], - ['reboot.target', '', - 'runlevel6.target ctrl-alt-del.target'], -+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], -+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', -+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], - ['remote-fs-pre.target', ''], - ['remote-fs.target', '', - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], -diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target -new file mode 100644 -index 000000000..a375e6188 ---- /dev/null -+++ b/units/remote-cryptsetup-pre.target -@@ -0,0 +1,15 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+[Unit] -+Description=Remote Encrypted Volumes (Pre) -+Documentation=man:systemd.special(7) -+RefuseManualStart=yes -+Before=remote-cryptsetup.target -+ -+After=network.target network-online.target -+Wants=network-online.target -diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target -new file mode 100644 -index 000000000..60943bd1c ---- /dev/null -+++ b/units/remote-cryptsetup.target -@@ -0,0 +1,10 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+[Unit] -+Description=Remote Encrypted Volumes -+Documentation=man:systemd.special(7) --- -2.14.1 - - -From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 5 Sep 2017 11:30:33 +0200 -Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when - _netdev is present - -This allows such devices to depend on the network. Their startup will -be delayed similarly to network mount units. - -Fixes #4642. ---- - man/crypttab.xml | 13 +++++++++++++ - src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++----------------- - 2 files changed, 32 insertions(+), 17 deletions(-) - -diff --git a/man/crypttab.xml b/man/crypttab.xml -index 17976f370..162377ebc 100644 ---- a/man/crypttab.xml -+++ b/man/crypttab.xml -@@ -213,6 +213,19 @@ - . - - -+ -+ -+ -+ Marks this cryptsetup device as requiring network. It will be -+ started after the network is available, similarly to -+ systemd.mount5 -+ units marked with . The service unit to set up this device -+ will be ordered between remote-cryptsetup-pre.target and -+ remote-cryptsetup.target, instead of -+ cryptsetup-pre.target and -+ cryptsetup.target. -+ -+ - - - -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index b58b6db7c..8571ab06e 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -61,7 +61,7 @@ static int create_disk( - _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL, - *filtered = NULL; - _cleanup_fclose_ FILE *f = NULL; -- bool noauto, nofail, tmp, swap; -+ bool noauto, nofail, tmp, swap, netdev; - char *from; - int r; - -@@ -72,6 +72,7 @@ static int create_disk( - nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); - tmp = fstab_test_option(options, "tmp\0"); - swap = fstab_test_option(options, "swap\0"); -+ netdev = fstab_test_option(options, "_netdev\0"); - - if (tmp && swap) { - log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); -@@ -102,21 +103,22 @@ static int create_disk( - if (!f) - return log_error_errno(errno, "Failed to create unit file %s: %m", p); - -- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n" -- "[Unit]\n" -- "Description=Cryptography Setup for %I\n" -- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" -- "SourcePath=/etc/crypttab\n" -- "DefaultDependencies=no\n" -- "Conflicts=umount.target\n" -- "BindsTo=dev-mapper-%i.device\n" -- "IgnoreOnIsolate=true\n" -- "After=cryptsetup-pre.target\n", -- f); -+ fprintf(f, -+ "# Automatically generated by systemd-cryptsetup-generator\n\n" -+ "[Unit]\n" -+ "Description=Cryptography Setup for %%I\n" -+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" -+ "SourcePath=/etc/crypttab\n" -+ "DefaultDependencies=no\n" -+ "Conflicts=umount.target\n" -+ "IgnoreOnIsolate=true\n" -+ "After=%s\n", -+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); - - if (!nofail) - fprintf(f, -- "Before=cryptsetup.target\n"); -+ "Before=%s\n", -+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); - - if (password) { - if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) -@@ -200,10 +202,10 @@ static int create_disk( - return log_error_errno(errno, "Failed to create symlink %s: %m", to); - - free(to); -- if (!nofail) -- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n); -- else -- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n); -+ to = strjoin(arg_dest, -+ netdev ? "/remote-cryptsetup" : "/cryptsetup", -+ ".target.", -+ nofail ? "wants/" : "requires/", n); - if (!to) - return log_oom(); - --- -2.14.1 - diff --git a/systemd.spec b/systemd.spec index 1ef9152..451b528 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 234 -Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Release: 9%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -42,7 +42,7 @@ Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60cead %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v234..v234-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip +i=1; for j in 0[0-8]*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch %endif @@ -59,20 +59,96 @@ Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch Patch0012: 0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch Patch0013: 0013-test-condition-don-t-assume-that-all-non-root-users-.patch -Patch0014: 0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch -Patch0015: 0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch -Patch0016: 0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch -Patch0017: 0017-bash-completion-use-the-first-argument-instead-of-th.patch -Patch0018: 0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch -Patch0019: 0019-meson-D-remote-and-D-importd-should-be-combo-options.patch -Patch0020: 0020-cryptsetup-fix-infinite-timeout-6486.patch -Patch0021: 0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch -Patch0022: 0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch -Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch -Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch +Patch0014: 0014-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch +Patch0015: 0015-bash-completion-use-the-first-argument-instead-of-th.patch +Patch0016: 0016-meson-D-remote-and-D-importd-should-be-combo-options.patch +Patch0017: 0017-cryptsetup-fix-infinite-timeout-6486.patch +Patch0018: 0018-unit-when-JobTimeoutSec-is-turned-off-implicitly-tur.patch +Patch0019: 0019-call-chase_symlinks-without-the-sysroot-prefix-6411.patch +Patch0020: 0020-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch +Patch0021: 0021-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch +Patch0022: 0022-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch +Patch0023: 0023-core-Do-not-fail-perpetual-mount-units-without-fragm.patch +Patch0024: 0024-process-util-update-the-end-pointer-of-the-process-n.patch +Patch0025: 0025-dhcp-network-adjust-sockaddr-length-for-addresses-lo.patch +Patch0026: 0026-service-attempt-to-execute-next-main-command-only-fo.patch +Patch0027: 0027-namespace-avoid-assertion-failure-6649.patch +Patch0028: 0028-terminal-reset-should-honour-default_utf8-kernel-set.patch +Patch0029: 0029-networkd-do-not-fail-manager_connect_bus-if-dbus-is-.patch +Patch0030: 0030-sd-bus-socket-only-transmit-auxillary-FDs-once-6603.patch +Patch0031: 0031-device-make-sure-to-remove-all-device-units-sharing-.patch +Patch0032: 0032-shutdown-don-t-remount-ro-network-filesystems.-6588.patch +Patch0033: 0033-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch +Patch0034: 0034-log-reopen-log-for-failed-assertions-6703.patch +Patch0035: 0035-sd-bus-use-when-passing-arguments-to-ssh-6706.patch +Patch0036: 0036-networkd-dont-crash-when-mtu-changes-6594.patch +Patch0037: 0037-logind-remember-to-remove-run-systemd-shutdown-sched.patch +Patch0038: 0038-logind-method_schedule_shutdown-already-rejects-empt.patch +Patch0039: 0039-logind-add-missing-check-for-conflicting-operation-v.patch +Patch0040: 0040-logind-respect-delay-inhibitors-in-scheduled-shutdow.patch +Patch0041: 0041-logind-add-missing-resume-signal-when-we-fail-to-ini.patch +Patch0042: 0042-logind-tighten-assertion-in-execute_shutdown_or_slee.patch +Patch0043: 0043-tmpfiles-with-e-don-t-attempt-to-set-permissions-whe.patch +Patch0044: 0044-man-fix-path-for-storing-random-seed.patch +Patch0045: 0045-Load-virtio_rng-early-in-the-game-6710.patch +Patch0046: 0046-tmpfiles-silently-ignore-any-path-that-passes-throug.patch +Patch0047: 0047-6647-use-path_startswith-dev-in-cryptsetup-6732.patch +Patch0048: 0048-systemd-mount-fix-that-wrong-argument-is-used-for-ar.patch +Patch0049: 0049-systemd-mount-allow-to-specify-an-arbitrary-string-f.patch +Patch0050: 0050-rfkill-Lookup-device-in-determine_state_file.patch +Patch0051: 0051-rfkill-Delay-writes-until-exit-5768.patch +Patch0052: 0052-systemctl-check-existence-of-all-units-not-just-the-.patch +Patch0053: 0053-systemctl-fix-masking-of-template-units.patch +Patch0054: 0054-networkd-send-dhcp-option-NTP-when-UseNTP-is-true-67.patch +Patch0055: 0055-networkd-send-dhcp-timezone-option-when-UseTimezone-.patch +Patch0056: 0056-journalctl-honor-quiet-when-vacuuming-6771.patch +Patch0057: 0057-manager-when-reexecuting-try-to-connect-to-bus-only-.patch +Patch0058: 0058-efivars-don-t-crash-when-somebody-wants-to-remove-an.patch +Patch0059: 0059-util-make-get_block_device-available.patch +Patch0060: 0060-shutdown-don-t-be-fooled-when-detaching-DM-devices-w.patch +Patch0061: 0061-sd-bus-extend-D-Bus-authentication-timeout-considera.patch +Patch0062: 0062-timer-don-t-use-persietent-file-timestamps-from-the-.patch +Patch0063: 0063-shared-end-string-with-if-one-was-found-at-the-end-o.patch +Patch0064: 0064-build-sys-bump-xslt-maxdepth-limit-6863.patch +Patch0065: 0065-fileio-add-new-helper-call-read_line-as-bounded-getl.patch +Patch0066: 0066-def-add-new-constant-LONG_LINE_MAX.patch +Patch0067: 0067-fileio-rework-read_one_line_file-on-top-of-read_line.patch +Patch0068: 0068-cgroup-util-replace-one-use-of-fgets-by-read_line.patch +Patch0069: 0069-test-conf-parser-add-some-basic-tests-for-config_par.patch +Patch0070: 0070-conf-parse-remove-4K-line-length-limit.patch +Patch0071: 0071-fileio-use-_cleanup_-for-FILE-unlocking.patch +Patch0072: 0072-test-conf-parser-use-_cleanup_.patch +Patch0073: 0073-test-conf-parser-add-tests-for-the-new-long-lines-in.patch +Patch0074: 0074-test-fileio-close-two-leaked-file-handles.patch +Patch0075: 0075-test-fileio-also-test-read_line-with-actual-files.patch +Patch0076: 0076-fileio-return-0-from-read_one_line_file-on-success.patch +Patch0077: 0077-string-util-use-size_t-for-strjoina-macro-6914.patch +Patch0078: 0078-mount-util-add-fusectl-to-list-of-API-VFS.patch +Patch0079: 0079-units-do-not-kill-rescue-shell-when-machines.target-.patch +Patch0080: 0080-units-express-Conflict-in-syslog.socket-instead-of-e.patch +Patch0081: 0081-units-add-missing-ordering-deps-for-Conflicts-of-eme.patch +Patch0082: 0082-units-add-missing-Before-shutdown.target-for-units-w.patch +Patch0083: 0083-units-DefaultDependencies-already-implies-conflict-w.patch +Patch0084: 0084-systemctl-supress-enable-disable-messages-when-q-is-.patch +Patch0085: 0085-basic-env-util-drop-the-validation-when-deserializin.patch +Patch0086: 0086-basic-env-util-don-t-relax-unesaping-of-serialized-e.patch +Patch0087: 0087-networkd-Consider-linkLocalAddressing-state-while-co.patch +Patch0088: 0088-networkd-don-t-stop-the-dhcp-server-if-it-s-not-conf.patch +Patch0089: 0089-nspawn-Fix-calculation-of-capabilities-for-configura.patch +Patch0090: 0090-timedatectl-stop-using-xstrftime.patch +Patch0091: 0091-nspawn-EROFS-for-chowning-mount-points-is-not-fatal-.patch +Patch0092: 0092-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch +Patch0093: 0093-cryptsetup-generator-add-a-helper-utility-to-create-.patch +Patch0094: 0094-units-order-cryptsetup-pre.target-before-cryptsetup..patch +Patch0095: 0095-units-add-remote-cryptsetup.target-and-remote-crypts.patch +Patch0096: 0096-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch +Patch0097: 0097-units-add-Install-section-to-remote-cryptsetup.targe.patch +Patch0098: 0098-units-replace-remote-cryptsetup-pre.target-with-remo.patch +Patch0099: 0099-man-add-a-note-about-_netdev-usage.patch +Patch0100: 0100-units-make-remote-cryptsetup.target-also-after-crypt.patch +Patch0101: 0101-man-describe-how-machine-id-should-be-initialized-70.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch -Patch0999: 0999-netdev-crypttab.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -1053,6 +1129,38 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/tests %changelog +* Thu Oct 26 2017 Zbigniew Jędrzejewski-Szmek - 234-9 +- Use infinite timeouts for passwords during boot when JobTimeoutSec=0 +- Some tty utf8-mode fixes +- Only send one auxillary fd set over dbus +- Various network-manager crash and spurious assert fixes +- Do not remount network filesystems ro during shutdown and unmount DM + devices better +- Fix cryptsetup devices disappearing when used for btrfs +- Fix assertions messages sometimes not appearing during bootup/shutdown +- Fix passing arguments over ssh (-H) +- Fix networks crash on MTU changes +- Respect delay inhibitors in scheduled shutdowns using logind +- Send resume signal on failed sleep/shutdown from logind (#1476313) +- Make tmpfiles treat various errors more leniently and ignore autofs paths +- Load virtio_rng early +- Fix cryptsetup generator usage in initramfs +- Fix mounting of APIFSs using systemd-mount +- Fix rfkill on some thinkpads +- Fix masking of template units +- Honour quiet flag in more places +- Fix crash when removing EFI variables +- Fix handling of persistent timer timestamps from the future +- Extend dbus timeouts to handle slow dbus daemon startup +- Allow lines of unlimited length in configuration files +- Fix starting of units in emergency mode +- Make environment variable validation allow all shell variables +- Fix systemd-networkd issues when LinkLocalAddressing=no and DHCPServer=no +- Fix assertion triggered in timedatectl under Iranian locale +- Fix systemd-resolved DOS with crafted NSEC packets (LP#1725351) +- Backport /etc/crypttab _netdev feature from upstream + (v2, with crypttab _netdev units using remote-fs-pre.target) + * Tue Sep 26 2017 Nathaniel McCallum - 234-8 - Backport /etc/crypttab _netdev feature from upstream