IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Apparently some RTC drivers return EINVAL in that case when we try to
read it. Handle that reasonably gracefully.
Fixes: #31854
(cherry picked from commit 5c81de98fcb533c0889ed6c6f6cd8640bb626360)
(cherry picked from commit b858433a79633bdef1ebea7d5ea4cc2585dcbaab)
F39 doesn't build anymore:
GPG key at https://fedoraproject.org/fedora.gpg (0x31645531) is already installed
Public key for filesystem-3.18-6.fc39.x86_64.rpm is not installed. Failing package is: filesystem-3.18-6.fc39.x86_64
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for setup-2.14.4-1.fc39.noarch.rpm is not installed. Failing package is: setup-2.14.4-1.fc39.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
The GPG keys listed for the "updates" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: fedora-gpg-keys-39-2.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-39-36.noarch.rpm is not installed. Failing package is: fedora-release-39-36.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-common-39-36.noarch.rpm is not installed. Failing package is: fedora-release-common-39-36.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-identity-basic-39-36.noarch.rpm is not installed. Failing package is: fedora-release-identity-basic-39-36.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-repos-39-2.noarch.rpm is not installed. Failing package is: fedora-repos-39-2.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Error: GPG check FAILED
These are throw-away CI images, so just skip the checks
(cherry picked from commit 44a978a22e0d196eb0f0d2870227008524182e19)
/usr/lib/systemd/systemd: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
(cherry picked from commit 6fdd047619b9a54d6a04bb87fe486762ad688975)
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__main__.py", line 60, in <module>
main()
File "/usr/lib/python3.12/contextlib.py", line 81, in inner
return func(*args, **kwds)
^^^^^^^^^^^^^^^^^^^
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__main__.py", line 52, in main
run_verb(args, images)
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__init__.py", line 2789, in run_verb
become_root()
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/run.py", line 125, in become_root
os.setresuid(0, 0, 0)
PermissionError: [Errno 1] Operation not permitted
(cherry picked from commit f47a46000209bae446ca335281071118e5272d44)
/usr/bin/pacman-key: line 31: /usr/share/makepkg/util/message.sh: No such file or directory
/usr/bin/pacman-key: line 32: /usr/share/makepkg/util/parseopts.sh: No such file or directory
/usr/bin/pacman-key: line 620: parseopts: command not found
(cherry picked from commit 66ffce73033738d0b34f4d2ab917c7d190e28d7d)
If we use TCP fastopen to connect to a DNS server via TCP, and it
responds really quickly between our connection attempt and our immediate
check back, then we have not identified the peer yet, and will not be
able to use the peer metadata to fill in our packet info.
Let's fix that, and simply not read from the socket until identification
is complete.
Fixes: #34956
(cherry picked from commit facc9439a76b4c3a5c273c71bd7a676e4c74778c)
(cherry picked from commit 11da52785c978369e4cd92e67e5017a436404340)
(cherry picked from commit 9bf15a285e96eec950e21528d712ec0539839a8b)
(cherry picked from commit e22b61dd1e1828f0af1e298aa8f626adc1907f12)
Import thew new key from https://data.iana.org/root-anchors/root-anchors.xml.
The old one remains valid, as per provided data.
Fixes: #36260
(cherry picked from commit 8113361e82eea2741290f7117034d356acb3ab4d)
(cherry picked from commit 961e351061b2366889c8af1feae522f8f4123f5d)
(cherry picked from commit 6cb60bbe838b6d153216c14c95851d095ce639a2)
(cherry picked from commit 6a97871d20fc0b8242483454d2d231a01e961508)
The values assigned to 'r' were never used, and overwritten by the next
call of read_line_full().
Fixes CID#1548043 and CID#1548064.
(cherry picked from commit 00575cfd696a2a335decb66580727fafd3c152aa)
(cherry picked from commit 244790adfa626fbdbaf8cebec2f1b4759b12456b)
(cherry picked from commit f92b518f17232b709a62c21250e0502464743409)
(cherry picked from commit 8858f69efa24a219586eb715b46ee306c59479bb)
The test expects _not_ to find the patterns but the run_and_grep would
still print 'FAIL:' message. Use the dedicated -n option that inverts
the semantics cleaner than shell's !.
(cherry picked from commit c4b75966075e01d39556a87caa778eb63d96d6f6)
(cherry picked from commit f45b42ea5d7055f0fdd5bfe548bde3b73a0c2051)
(cherry picked from commit 63725bc3a312ca5481b514a8ebb00ef2617a331e)
(cherry picked from commit ec3def8aaec6903571f7131e15e3fe9f1b3fe7a3)
In various scenarios we invoke containers with access to the kernel
keyring blocked. Let's make sure we can handle this properly: when the
invocation ID is stored in in the kernel keyring and we try to read it
and get EPERM we should handle it gracefully, like EOPNOTSUPP.
(cherry picked from commit f2e38b01e052ebd50eaf98763bd9709e880c0a75)
(cherry picked from commit a2abc3b8ecef41dea432d39ff19cb66c6aa3baa9)
(cherry picked from commit 9cd3101704592c3022d22cac2c2877bd37768ba5)
(cherry picked from commit e52806db521b91cfa9d96dcbfd112e74d9919ade)
Fixes a bug in b5a07e524e42d2594174ca1a5b72aa4fdb9af94c (v250).
(cherry picked from commit 91421f8379b66316f937d56c60c2e782b7a79eca)
(cherry picked from commit 349012c4935c49bde6bb7bc6daa8e4a783657338)
(cherry picked from commit 786f94faefe36fea7337ed2b2d31ea2040071da9)
(cherry picked from commit 68f7289b5f01f86a19a077a7f4f08c9eb3f78bae)
When using UEFI with bhyve it behaves similarly to qemu, and provides
a product_uuid. Use it if found, just like with qemu.
(cherry picked from commit 113c159ba9c4e8052ae162e12faba28b102a90d0)
(cherry picked from commit 4cdaff292c8918511b88d9a05a4111c366702c3c)
(cherry picked from commit ebdb1df19e34b02a32e1b67cf06a4fa3935cb569)
(cherry picked from commit 4c702186cb92255380713f0e6ed10e3e7f6d1c6a)
fido2_generate_hmac_hash() sets req->keyring to "fido2-pin" when
calling ask_password_auto(), suggesting that a key by this name
can be read from the kernel keyring. But the keyring is never
opened because the ASK_PASSWORD_ACCEPT_CACHED flag is not set.
Set ASK_PASSWORD_ACCEPT_CACHED to allow automated / scripted
setup of encrypted volumes with FIDO2. If the PIN turns out to
be invalid, clear ASK_PASSWORD_ACCEPT_CACHED to avoid retrying
and possible lockout.
(cherry picked from commit 505c2f21377019c058de16aa9e2d8db005e97e6f)
(cherry picked from commit f2054b8aee28a09767d9bfb976167ce288152d5d)
(cherry picked from commit 012cde19b899475cb72153daba69144d47122801)
(cherry picked from commit 993f1e90a7d3ddee790565a8481a178dc3f3422c)
All dbus programs have to be up-to-date for update-dbus-docs to
produce the expected output, so add the missing dependency.
(cherry picked from commit 461bd9277a69833a534518c263d00443f2f6fbf4)
(cherry picked from commit cd727da491f0715995f06f3ad7e6e2ec2ab2e44a)
(cherry picked from commit c5e562c8eeb81f9573bd14446ad77c43f5b73d7a)
(cherry picked from commit bf899b73cfe66b5688604e22dbdc79c701b20e39)
Follow-up for 3bd28bf721dc70722ff1c675026ed0b44ad968a3
SERVICE_RELOAD_SIGNAL state can only be reached via explicit reload jobs,
and we have a clear distinction between that and plain RELOADING=1
notifications, the latter of which is issued by clients doing reload
outside of our job engine. I.e. upon SERVICE_RELOAD_SIGNAL + RELOADING=1
we don't propagate reload jobs again, since that's done during transaction
construction stage already. The handling of combined RELOADING=1 + READY=1
so far is bogus however, as it tries to propagate duplicate reload jobs.
Amend this by following the logic for standalone RELOADING=1.
(cherry picked from commit c337a1301f2de4105fc8023e45db20238c6a895a)
(cherry picked from commit aef4adde624246b074082db8b4c1d446e13f85ca)
(cherry picked from commit 7e6e8b3dedc136d77e9698ba9f140a33573daead)
(cherry picked from commit f6b973d48e7bea959aaa2aa8c319b2cdaaf79ed4)
There is a typo passing flags to `install_file()`, if `IMPORT_READ_ONLY` is set,
`IMPORT_SYNC` is never checked.
(cherry picked from commit 5d2d0c055b1ec68d4fc5d4ec85390fc427171ff3)
(cherry picked from commit 6d3621d38ee85bce79931612d6b63d6539274ea8)
(cherry picked from commit b7109d7f6ea841215d409623217190ae4ca1a889)
(cherry picked from commit 4963abe9ce450758a71e7fed7674d280641fb176)
When hardlink recreation is requested, it creates temporary files that
will be deleted once the context is destroyed. The deletion
(potentially) updates the directory's timestamps, so it's crucial that
the deletion happens before the directory timestamps are restored when
`COPY_RESTORE_DIRECTORY_TIMESTAMPS` is requested.
(cherry picked from commit b66291444b8d4022ce68121af8e6f99d29ebefd0)
(cherry picked from commit 9e2ba7eb050fcfd9c13f5212c7df9c82cd44cef5)
(cherry picked from commit 9ade6934cb18afa2cb38ad49c31b34e0467b30d5)
(cherry picked from commit 0ef879114ac9cfe4cb0ce51893cb3a2487b55bac)
It does not work on oss-fuzz for some reasons. See #11018.
(cherry picked from commit 0656b3a083b48a2cccb90ee1f7fed949d9283b76)
(cherry picked from commit 16c3e3eac0864d9707b4eac018edcf6c88e754da)
(cherry picked from commit 6b2e003525542959dc73a1377947ac21f08ca19b)
(cherry picked from commit d6cf5e1733aa6b8a57896753c356f6c2d1fef713)
While this is obvious if you spend a few minutes thinking about how
D-Bus signals work (in this case, they are broadcast from a system
service, so cannot apply to a specific user/session/seat), it’s a bit
easy to overlook this while putting code together which uses the login1
D-Bus API, so it’s helpful to point this hazard out specifically in the
docs.
The signals can only be emitted on the canonical objects. The
convenience objects are useful for method calls, as the calling context
can be used to dereference ‘self’ and ‘auto’, but this can’t work for
signals.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 82b32b997c51e259ddf66a0ec6bd7631b0ea781d)
(cherry picked from commit afc6244bb1accde277359e3aa7b1976cc96080cf)
(cherry picked from commit aa560dbadced069da9d3c44cf3a352435a782b31)
(cherry picked from commit e3e2147952c21b99090e08eee8c7277c3bab344b)
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 5fe4edd3fccd2a14ec3488daeac80ddb33bc71db)
(cherry picked from commit 8ef9fdf79bfa852898a569a9032faa1dafe8c6c1)
(cherry picked from commit be45ace625bcbfe0a91966d16c447f9ebf2b5f85)
(cherry picked from commit 867dbd9e596c92a3606719b6aa433f3080140446)
The script runs the binaries which try to find the internal libs via /proc/self/exe due
to glibc's RPATH resolution and fail:
/var/cache/src/systemd/tools/dbus_exporter.py interfaces
/var/cache/src/systemd/build/systemd
/var/cache/src/systemd/build/systemd-homed
/var/cache/src/systemd/build/systemd-hostnamed
/var/cache/src/systemd/build/systemd-importd
/var/cache/src/systemd/build/systemd-localed
/var/cache/src/systemd/build/systemd-logind
/var/cache/src/systemd/build/systemd-machined
/var/cache/src/systemd/build/systemd-networkd
/var/cache/src/systemd/build/systemd-oomd
/var/cache/src/systemd/build/systemd-portabled
/var/cache/src/systemd/build/systemd-resolved
/var/cache/src/systemd/build/systemd-sysupdated
/var/cache/src/systemd/build/systemd-timedated
execve("/var/cache/src/systemd/build/systemd", ["/var/cache/src/systemd/build/sys"..., "--bus-introspect", "list"], 0x7ffc7ab68600 /* 20 vars */) = 0
brk(NULL) = 0x56265bf70000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56ced7f000
readlinkat(AT_FDCWD, "/proc/self/exe", 0x7ffedeaa7a90, 4096) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=20293, ...}) = 0
mmap(NULL, 20293, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f56ced7a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=19312, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=19312, ...}, 0) = 0
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/", {st_mode=S_IFDIR|0755, st_size=642, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/", {st_mode=S_IFDIR|0755, st_size=642, ...}, 0) = 0
writev(2, [{iov_base="/var/cache/src/systemd/build/sys"..., iov_len=36},
{iov_base=": ", iov_len=2},
{iov_base="error while loading shared libra"..., iov_len=36},
{iov_base=": ", iov_len=2},
{iov_base="libsystemd-core-258.so", iov_len=22},
{iov_base=": ", iov_len=2},
{iov_base="cannot open shared object file", iov_len=30},
{iov_base=": ", iov_len=2},
{iov_base="No such file or directory", iov_len=25},
{iov_base="\n", iov_len=1}],
10/var/cache/src/systemd/build/systemd: error while loading shared libraries: libsystemd-core-258.so: cannot open shared object file: No such file or directory
) = 158
(cherry picked from commit c6a932fd0db5bfcc523d0a57351b906bce2955cd)
(cherry picked from commit 8b84cad890a0dbc73ad8d0d2f73c303bf56b0eb1)
(cherry picked from commit 06f05bad59ded95a30de0950cf13669b9e293ab0)
(cherry picked from commit 626e1179d735d5491bb62e8c2461a28e19cfcb0a)
Follow-up for a05255981ba5b04f1cf54ea656fbce1dfd9c3a68
Follow-up for 3e0a3a0259324b4c40a9a62c8506fe683cd0273b
(cherry picked from commit 6a6d4c3f3c123a1cbb6770f1cae8c130a48333e1)
(cherry picked from commit 769997ee17d64cf0cecd9db20ebe0af1f69dc23d)
(cherry picked from commit 1cd0325097ded1bbe91d366fce4699e252ab383c)
(cherry picked from commit a70cd6a8df936ac257df0753975b69d176b1a53b)
Updating footer to reflect current year: 2025
(cherry picked from commit 1bcb739f080a56ab578129d9a87e061d92059eb5)
(cherry picked from commit 81486f3af7074151e6f8e4e594b80bd78c7a718e)
(cherry picked from commit f2d7b71376d3e8600cd1ffbddfd424395d8f3a9f)
(cherry picked from commit 70ad227c2188c7525cd2fded60b7f3f75b6cf7de)
The header starts with 'zstd', not 'zstd22':
$ ukify build --linux vmlinuz-6.13+unreleased-cloud-arm64 --initrd /boot/initrd.img-6.12.12-amd64 --output uki
Kernel version not specified, starting autodetection 😖.
Real-Mode Kernel Header magic not found
+ readelf --notes vmlinuz-6.13+unreleased-cloud-arm64
readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
Traceback (most recent call last):
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2510, in <module>
main()
~~~~^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2499, in main
make_uki(opts)
~~~~~~~~^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 1328, in make_uki
opts.uname = Uname.scrape(linux, opts=opts)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 384, in scrape
version = func(filename, opts=opts)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 374, in scrape_generic
text = maybe_decompress(filename)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 221, in maybe_decompress
return get_zboot_kernel(f)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 201, in get_zboot_kernel
raise NotImplementedError(f'unknown compressed type: {comp_type!r}')
NotImplementedError: unknown compressed type: b'zstd\x00\x00'
(cherry picked from commit a6d51ae582c863c01c581f1e31492910d53b0427)
(cherry picked from commit 9b9a8d7e5468a847b8deaa8ce79402872a2c1dd5)
(cherry picked from commit 92510a1d7991806fcd3e01330fdc11eba5c0ae53)
(cherry picked from commit 9287bdb5cd99509543a2e2247080fa51bc68eafe)
The zstd library does not support stream decompression, and it
requires the zstd header to contain extra metadata, that the kernel
build does not append:
$ file -k vmlinuz-6.13+unreleased-cloud-arm64
vmlinuz-6.13+unreleased-cloud-arm64: PE32+ executable (EFI application) Aarch64 (stripped to external PDB), for MS Windows, 2 sections\012- data
$ ukify build --linux vmlinuz-6.13+unreleased-cloud-arm64 --initrd /boot/initrd.img-6.12.12-amd64 --output uki
Kernel version not specified, starting autodetection 😖.
Real-Mode Kernel Header magic not found
+ readelf --notes vmlinuz-6.13+unreleased-cloud-arm64
readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
Traceback (most recent call last):
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2508, in <module>
main()
~~~~^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2497, in main
make_uki(opts)
~~~~~~~~^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 1326, in make_uki
opts.uname = Uname.scrape(linux, opts=opts)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 382, in scrape
version = func(filename, opts=opts)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 372, in scrape_generic
text = maybe_decompress(filename)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 219, in maybe_decompress
return get_zboot_kernel(f)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 199, in get_zboot_kernel
return cast(bytes, zstd.uncompress(f.read(size)))
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
zstd.Error: Input data invalid or missing content size in frame header.
This appears to be by design:
https://github.com/sergey-dryabzhinsky/python-zstd/issues/53
Switch to python3-zstandard, which works.
(cherry picked from commit fbc6fecf1adbd34bd541c04d04ceef2695caa80a)
(cherry picked from commit 77fc49891a162dae56b1e2cc3112a8c26516f656)
(cherry picked from commit c72cc9e81ad9d8b71d6ba149227d4d88375ca52d)
(cherry picked from commit 8071513b2dd6fb7527e871b71f6533f3b9a1b117)
UKIs should generally not be compressed since the kernel image and
initrd in them will already be compressed so let's remove the compression
suffix from the examples in the sysupdate manpage.
(cherry picked from commit 5ca1865ad95a10b744321d21293587ed1d446ee6)
(cherry picked from commit 9440a08ccce6c5ebb5091a38dd709737a4ae22b9)
(cherry picked from commit 082fab587bef69adf30c2950e5a59a92c78021c8)
(cherry picked from commit 3ca2a2d2188b1f1ef8aca9f11f95182b007a8245)
'ConditionOSRelease=|ID_LIKE$=*rhel*' results in a segfault.
The key 'ID_LIKE' is not present in Fedora's os-release file.
I think the most reasonable behaviour is to treat missing keys as empty.
This matches the "shell-like" sprit, since in a shell empty keys would
by default be treated as empty too. Thus, "ID_LIKE=" would match, if
ID_LIKE is not present in the file, and ID_LIKE=!$foo" would also match.
The other option would be to make those matches fail, but I think that'd
make the feature harder to use, esp. with negative matches.
Documentation is updated to clarify the new behaviour.
https://bugzilla.redhat.com/show_bug.cgi?id=2345544
(cherry picked from commit de02b551adcf74e5677454fd36bf7653b1a4def1)
(cherry picked from commit 8f8514c03f166c352ebdcb577c29d2dff88a37f7)
(cherry picked from commit f36638fbd262f79b334f0f4cf8f0d056458d30ae)
(cherry picked from commit 42dc6431fde34b4e0c64293ecfd211de239e5d21)
When a new device is processed, there should be no watch handle for
the device, hence udev_watch_clear() provides -1. Let's not try to call
inotify_rm_watch() in that case.
This should not change any behavior. Just for suppressing spurious
debugging log:
=====
(udev-worker)[3626140]: zram1: Removing watch handle -1.
=====
(cherry picked from commit b3b442062045eac61a9dd3ed73b650dfb5be0b46)
(cherry picked from commit d32f4bcaf274e208568a5e6151c0a81d00d80438)
(cherry picked from commit 93930340c9b6725f72c5d4e811e1522d9ce9f031)
(cherry picked from commit 0b15dcbd7ab53ff8da37536e6da7182543a6935c)
(cherry picked from commit a52aad3b4bb735a22ce67110142d135819589a87)
(cherry picked from commit cc77e140a8b194f710f33c9f552750ce350e6122)
(cherry picked from commit a6f86fcf0f66724913bc0725a5109b4dce585955)
(cherry picked from commit 17a6af2fb5481f8a15e5df3fe75529a1b4b58914)
(cherry picked from commit 6f91e7a3bea2c5046354b31cb650b54e3b2884d5)
(cherry picked from commit 6caab0c58c8c43c5d4244e2ef2bb739aa06d81c0)
(cherry picked from commit 3d36ded4105f326e51c13c6f516d4f6e58fd3f73)
(cherry picked from commit 2baea7d3968e373555531962385046a2a223c8b0)
pefile has an hardcoded limit to 256MB per section:
https://github.com/erocarrera/pefile/issues/396
When building an initrd with large firmware files and
lots of kernel modules, this limit can be reached.
Skip over those warnings.
(cherry picked from commit 32caed550f5a81eb87d2e39bc83917df2898d844)
(cherry picked from commit 87224a2d4efa30b48407f71aad3ee2df591fe224)
(cherry picked from commit 9141043f6f8e71eb7fa4aefac28b85bbb4e999b6)
(cherry picked from commit 870c6651f4f000ea921d8312395ff97bd5922ae1)
Add a bunch of more released keys. Kinda a follow-up for c8c5ce5772b08da0ad317331b1f4929c1b466ae0
(cherry picked from commit 8135d37f81917f2a7f98a52bdae92eae5878946d)
(cherry picked from commit d14161d4d08037f28070c9766ae1aebc32876064)
(cherry picked from commit 4476418c5bb9b4b60ffb68cccb9d9514fa32c54a)
(cherry picked from commit 15f2c2d842187fca7a93e4cd902b5bdb9e231e93)
(cherry picked from commit c8c5ce5772b08da0ad317331b1f4929c1b466ae0)
(cherry picked from commit 131eff83701ed40468fb68fb0ed33108f215950e)
(cherry picked from commit 84d99190ffeed4dd502480b22c552a0c36c0f60d)
(cherry picked from commit e45b44b00ca45764c48e469256328992ff6f8a16)
(cherry picked from commit 2443b4d9a17787fd0a63d6591fbdb74650c43994)
(cherry picked from commit e8d5d7f355ae826f4f8c0f61f62c31e828bde7d0)
(cherry picked from commit 34eb74020f77ddc3635bfc489198fe18d123cdb7)
(cherry picked from commit 709e254d52e34f0e17da7d8ddf0a09c25d0453e1)
CLONE_PIDFD was introduced in v5.2 and in sched.h in glibc-2.31 so
without this, building with older version fails with:
src/basic/raw-clone.h:41:108: error: 'CLONE_PIDFD' undeclared (first use in this function); did you mean 'CLONE_FILES'?
(cherry picked from commit e91c5cf06ab7ca9e5576c6feac5f743927f2b063)
(cherry picked from commit 480e39dbbb3df253e02a4908dfcfecf1fb3511e2)
(cherry picked from commit 5e0588e3d97715da9995013eb8dbc13eb21a8d0b)
(cherry picked from commit e6b576c8bd542f46c03a4b8fdc345604b3833a81)
Give access to USB/Bluetooth lights such as the Logitech Litra family of
devices.
The Logitech devices in particular are accessible through USB
and Bluetooth.
(cherry picked from commit 106f64cbd66b8aa76333c3f11177f53e79e2cd82)
(cherry picked from commit 2e14f59f1476b9356ad8da6feaa01c9e684841e4)
(cherry picked from commit 3b5543aa4beb1f096431939821d30f9a889f7afe)
(cherry picked from commit ac023efa8f5f1b97a7c1c7bc0416ed4a48c726e2)
For issue #36244.
(cherry picked from commit f7ae28fcec9513435f8258431b686fbaf846915b)
(cherry picked from commit 0af0e37813b5ab7e1ee4a4863f2087bb35173b5a)
(cherry picked from commit 9724602ff361a33b356ffc859fcd971619d1985c)
(cherry picked from commit 82dc7061ec5786a8985e542a9d5e6c6b4747aede)
errno handling for NSS is always a bit weird since NSS modules generally
are not particularly careful with it. Hence let's initialize errno
explicitly before we invoke getpwent() so that we know it's in a
reasonable state afterwards on failure, or zero if not.
We do this in most places we use NSS, including in userdb when it comes
to getgrent(), just for getpwent() we don't so far. Address that.
(cherry picked from commit 83e3b96d0a3b665b7b7a291500fa354a7760a917)
(cherry picked from commit 4fc9748a2773655e1ad55745cb2302b4a809f137)
(cherry picked from commit 443dbf488fe5246289638f8a14d2f17a845c879c)
(cherry picked from commit c1d49aa8d50179d55ccc7734c1a4d032c8f0ad57)
(cherry picked from commit 8b413ae4060b21ed4712fdad7eba195890740756)
(cherry picked from commit 2b9914bd23a9a7c123e9330c3121e2e72af66ccb)
(cherry picked from commit 10c5fa5bd1454d015cd7d709239446a272378b1a)
(cherry picked from commit 818c33b1e4e806d4c3aa0d702dc7b898044c9c58)
Skip unsupport/invalid `DS` and `DNSKEY` combinations during verification.
Fixes: #12545
(cherry picked from commit cac3b43eee83829d68ebf7d4786ebc32e62fe813)
(cherry picked from commit bb22ed069bc6220b20c75f4a873419a24cae266d)
(cherry picked from commit 49f7ac90c9403c07ea73f1b7bb16cb9d04f5c33f)
(cherry picked from commit 758a152ddac8c1877251ecde7b5c9bbaf3ef8e51)
(cherry picked from commit df9c5c1c9c230605734aeace4cd3861ff3d6ee6d)
(cherry picked from commit e24bc34ed8dc5a663344c2a6468d820431bbd4ea)
(cherry picked from commit f7ef06102598a84e30fbffb71147db0cddd38358)
(cherry picked from commit 1a8d5c53d856a933d939b7ac5173e73c05b448b9)
