IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Starting with commit 2f3b873a4973, when the path contains a specifier
and the argument is omitted, tmpfiles used to perform specifier
expansions twice: first specifier expansion was applied to the path
itself, and afterwards the result of the first expansion was used
in the constructed argument and expanded once again.
Resolves: #26244
Fixes: 2f3b873a4973 ("tmpfiles: copy/link /usr/share/factory/ files when the source argument is omitted")
(cherry picked from commit 05381430a5d632ffc716fb4c89328952bd8ccafd)
Make sure the argument of "C" type undergoes specifier expansion
before it's checked for validity. In particular, starting with
commit ce610af143b2, the check for path existence used to fail
in case of presence of any specifier in the argument.
Also, starting with commit 2f3b873a4973, when the path contains
a specifier and the argument is omitted, tmpfiles used to perform
specifier expansions twice: first specifier expansion was applied
to the path itself, and afterwards the result of the first expansion
was used in the constructed argument and expanded once again.
Finally, starting with commit 849958d1ba35, when the argument begins
with %h specifier, tmpfiles used to complain that the source path
is not absolute.
Resolves: #25381
Fixes: ce610af143b2 ('tmpfiles: in C lines, make missing source graceful error')
Fixes: 2f3b873a4973 ('tmpfiles: copy/link /usr/share/factory/ files when the source argument is omitted')
Fixes: 849958d1ba35 ('tmpfiles: add new "C" line for copying files or directories')
(cherry picked from commit 1ed8887e3b539c89f3bb381427fbe9b0307bdfd0)
If we receive a header only message, and the server is running in relay
mode, then the assertion was triggered.
Fixes#26151.
(cherry picked from commit b52031dbbcabe4b1e3016ba64d4a2822740188bc)
If we don't have CAP_NET_BIND_SERVICE, we won't be able to bind
the stub listener socket, so let's skip creating it and log a warning.
We do the same for the extra stubs if they're configured on privileged
ports.
(cherry picked from commit 0398c084efba664e44625d82f2be72e18c952678)
If we're in a user namespace but not unsharing the network namespace,
we won't be able to bind any privileged ports even with
CAP_NET_BIND_SERVICE, so let's drop it from the retained capabilities
so services can condition themselves on that.
(cherry picked from commit 2642d22adc66771bd8bbb4187dc3de5472d04ad6)
This should be used in VMs and should also yield the same value when
running on real devices. It is also what grub uses.
Fixes: #26224
(cherry picked from commit 2df8574af035ce4f515beb7c0adf83973440a8a6)
The sha256 header uses size_t which is within stddef, so add it.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
(cherry picked from commit 6ae3bd82d04155d27488c85c63f7330cc7e144d3)
Add a test that verifies a deleted alternative name is restored on error
in rtnl_set_link_name().
(cherry picked from commit b338a8bb402a3ab241a617e096b21ae6a7b7badf)
Currently rename_netif() will not attempt to rename a device if it is
already up, because the kernel will return -EBUSY unless live renaming
is allowed on the device. This restriction will be removed in a future
kernel version [1].
To cover both cases, always attempt to rename the interface and return 0
if we get -EBUSY.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=bd039b5ea2a9
(cherry picked from commit 53584e7b61373c26635b906eb64e98fbd3fd3ba4)
If a current alternative name is to be used to rename a network
interface, the alternative name must be removed first. If interface
renaming fails, restore the alternative name that was deleted if
necessary.
(cherry picked from commit 4d600667f8af2985850b03a46357e068d3fb8570)
Commit 434a348380 ("netlink: do not fail when new interface name is
already used as an alternative name") added logic to set the old
interface name as an alternative name, but only when the new name is
currently an alternative name. This is not the desired outcome in most
cases, and the important part of this commit was to delete the new name
from the list of alternative names if necessary.
(cherry picked from commit 080afbb57c4b2d592c5cf77ab10c6e0be74f0732)
When configuring a link's alternative names, the link's new name to-be
is not allowed to be included because interface renaming will fail if
the new name is already present as an alternative name. However,
rtnl_set_link_name will delete the conflicting alternative name before
renaming the device, if necessary.
Allow the new link name to be set as an alternative name before the
device is renamed. This means that if the rename is later skipped (i.e.
because the link is already up), then the name can at least still be
present as an alternative name.
(cherry picked from commit d0b31efc1ab7f6826ad834cf6b9e371bf73776aa)
Fixes a bug introduced by db50d326a46beca3cc24b6354b6e1b3591902d45.
Fixes RHBZ#2167468 (https://bugzilla.redhat.com/show_bug.cgi?id=2167468).
(cherry picked from commit 1c3762937e9184c9abbc8d5541b4228841ccc24f)
This ensures that cg_kill_items returns the correct value to let the
manager know that a process was killed.
(cherry picked from commit 500cd2e83b8246fbf20d99db898039cfba746223)
Linux kernel's bpf-next contains BPF LSM support for s390x. systemd's
test-bpf-lsm currently fails with this kernel.
This is an endianness issue: in the restrict_fs bpf program,
magic_number has type unsigned long (64 bits on s390x), but magic_map
keys are uint32_t (32 bits). Accessing magic_map using 64-bit keys may
work by accident on little-endian systems, but fails hard on big-endian
ones.
Fix by casting magic_number to uint32_t.
(cherry picked from commit 907046282c27ee2ced5e22abb80ed8df2e157baf)
RFC3442 specifies option 121 (Classless Static Routes) that allow a DHCP
server to push arbitrary routes to a client. It has a Local Subnet
Routes section expliciting the behavior of routes with a null (0.0.0.0)
gateway.
Such routes are to be installed on the interface with a Link scope, to
mark them as directly available on the link without any gateway.
Networkd currently drops those routes, which is against the RFC, as
Linux has proper support for such routes.
Fixes: 7f20627 ("network: dhcp4: ignore gateway in static routes if destination is link-local or in the same network")
(cherry picked from commit 1d84a3c7792a8910b05904937c703307ca19740f)
"resolvectl status" shows per-link DNS servers separately from global
ones. When querying the global list, it will contain both per-link and
global servers however. Thus, to not show duplicate info we filter all
entries that actually have a non-zero ifindex set (under the assumption
that that's a per-link server).
This doesn't work if people configured 127.0.0.1 as global server
though, as we'll add ifindex 1 to it since
6e32414a66ff8dbcef233981a7066684d903ee9f unconditionally even for global
servers.
Let's address that by excluding entries with ifindex 1 from suppression.
This is safe as resolved ignores loopback ifaces, hence never will have
per-link servers on ifindex 1.
Note that this splits up the "with_ifindex" parameter into a second
parameter "only_global", since they semantically do two different
things. One controls whether we shall expect/parse an ifindex dbus
field. The other controls whether we shall filter all ifindex values set
!= 0. These are effectively always used in conjunction hence making them
the same actually worked. However this is utterly confusing I think,
which as I guess is resulting in the confusion around #25796 (which
removes the whole check)
Replaces: #25796
(cherry picked from commit 889a1b9f4e799b31f1be06db74708aa8beb70829)
This ensures that udev scripts using `TAG-="..."` and expecting later
udev rules to honor it will work properly. An use case is removing the
`uaccess` tag from a device without overriding the original file and
ensuring that `73-seat-uaccess.rules` won't run the uaccess builtin later.
(cherry picked from commit 310249903986957997b76bc52441cabb5843aad8)
It is pretty convenient to add .cmdline using /proc/cmdline like
this:
--add-section .cmdline=/proc/cmdline --change-section-vma .cmdline=0x25000
However, it always returns a trailing newline, and stub will
convert it to a whitespace by mangle_stub_cmdline() in next boot.
Thus the resulting /proc/cmdline would contain a trailing
whitespace. When /proc/cmdline is used to generate .cmdline again,
the resulting UKI is mangled.
To address this kind of inconvenience, mangle_stub_cmdline() should
skip converting the trailing newline, and try to chomp all the
trailing whitespaces.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
(cherry picked from commit 486cf22c35780d9ed621b931f3534b3e6d659c17)
The text said /dev/tty* as a whole was the VT subsystem and that VT is
not supported in containers.
But that's not accurate as /dev/tty* will match /dev/tty too and that
one device node is special and is not related to VT: it always points to
the current process own controlling tty, regardless what that is.
hence, rewrite /dev/tty* as /dev/tty[0-9]*.
(cherry picked from commit 6ae5c39af1da5b0b6e49278e7a33158d49ec04a5)
We want to make use of that when formatting file systems, hence let's
pull in these modules explicitly.
(This is necessary because we are an early boot service that might run
before systemd-tmpfiles-dev.service, which creates /dev/loop-control and
/dev/mapper/control.)
Alternatively we could just order ourselves after
systemd-tmpfiles-dev.service, but I think there's value in adding an
explicit minimal ordering here, since we know what we'll need.
Fixes: #25775
(cherry picked from commit ce7dcfd6b00b8099d1793d04bcfa9968ca4a0d96)
If everything points to the fact that TPM2 should work, but then the
driver fails to initialize we should handle this gracefully and not
cause failing services all over the place.
Fixes: #25700
(cherry picked from commit 0318d54539fe168822447889ac0e858a10c55f74)
Also, rename get_battery_identifier() to siphash24_compress_device_sysattr().
This also makes any errors in sd_id128_get_machine() or id128_get_product()
ignored. For the machine ID, the failure should not be significant unless
the file stored in the discharge level is reused by another system, which
is quite unusual. For the product ID, if the firmware provides useless
ID (all zero or all 0xFF), then loading/storing the discharge rate
becomes completely broken, that should be avoided.
Note, now sysattrs are used instead of properties in uevent files, but
both provide the same information, hence no functionality should be
changed.
(cherry picked from commit a7795a4ecfe5c51fc837d0cb2f27d892c83df7a4)
Before v252, HibernateDelaySec= specifies the maximum timespan that the
system in suspend state, and the system hibernate after the timespan.
However, after 96d662fa4c8cab24da57523c5e49e6ef3967fc13, the setting is
repurposed as the default interval to measure battery charge level and
estimate the battery discharging late. And if the system has enough
battery capacity, then the system will stay in suspend state and not
hibernate even if the time passed. See issue #25269.
To keep the backward compatibility, let's introduce another setting
SuspendEstimationSec= for controlling the interval to measure
battery charge level, and make HibernateDelaySec= work as of v251.
This also drops implementation details from the man page.
Fixes#25269.
(cherry picked from commit 4f58b656d92b09a953b7cffcfd1ee6d5136a57ed)
linux/btrfs.h needs to be included after sys/mount.h, as since [0]
linux/btrfs.h includes linux/fs.h causing build errors:
```
In file included from /usr/include/linux/fs.h:19,
from ../src/basic/linux/btrfs.h:29,
from ../src/partition/growfs.c:6:
/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
35 | MS_RDONLY = 1, /* Mount read-only. */
| ^~~~~~~~~
[1222/2169] Compiling C object systemd-creds.p/src_creds_creds.c.o
ninja: build stopped: subcommand failed.
```
See: https://github.com/systemd/systemd/issues/8507
[0] a28135303a
(cherry picked from commit ed614f17fc9f3876b2178db949df42a2605f6895)
IPPROTO_L2TP was moved from linux/l2tp.h to linux/in.h [0], so let's
reflect that change to fix build with newer kernels:
```
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:10:
../src/basic/linux/l2tp.h:16: error: "IPPROTO_L2TP" redefined [-Werror]
16 | #define IPPROTO_L2TP 115
|
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:3:
/usr/include/netinet/in.h:85: note: this is the location of the previous definition
85 | #define IPPROTO_L2TP IPPROTO_L2TP
|
cc1: all warnings being treated as errors
```
When at it, update the rest of the headers we ship as well.
[0] 65b32f801b
(cherry picked from commit a95ff98ec40edad2825c824a186f44454120cf1f)
This handles a Debian-specific quirk where /etc/default/locale is used
instead of /etc/locale.conf. There is currently special handling for
this in testsuite-73.sh, so the quirk should be handled here too for
consistency.
(cherry picked from commit bb59fdc1e3a7119f3680d309147020fce9bf67b5)
Binutils 2.38 added support for efi-app-aarch64
Still use binary mode if we have an older objcopy
Add check for incompatible gnu-efi crt0 containing the header section
which gets added by objcopy and if used results in duplicate header
and subsequently a broken binary
Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
(cherry picked from commit 9c100c4e709e1a063578cad1b6b3cdbf7de48610)
Those hashmaps are created anew in each iteration of the loop. The
leak wasn't really a problem, because the loop is bounded and the
hashmaps were not huge, but it's nicer to be correct.
(cherry picked from commit de5d8b40eda84cfd546c9d969a191ce4615e6375)
