IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Device mapper devices are set up in multiple steps. The first step, which
generates the initial "add" event, only creates an empty container, which is
useless for higher layers. SYSTEMD_READY should be set to 0 on this event to
avoid premature device activation.
The event that matters is the "activation" event: the first "change" event on
which DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 is not set. When this event arrives,
the device is ready for being scanned by blkid and similar tools, and for being
activated by systemd.
Intermittent events with DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 should be ignored
as far as systemd or higher-level block layers are concerned. Previous device
properties and symlinks should be preserved: the device shouldn't be scanned or
activated, but shouldn't be deactivated, either. In particular, SYSTEM_READY
shouldn't be set to 0 if it wasn't set before, because that might cause mounted
file systems to be unmounted. Such intermittent events may occur any time,
before or after the "activation" event.
DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 can have multiple reasons. One possible reason
is that the device is suspended. There are other reasons that depend on the
device-mapper subsystem (LVM, multipath, dm-crypt, etc.).
The current systemd rule set
1) sets SYSTEMD_READY=0 if DM_UDEV_DISABLE_OTHER_RULES_FLAG is set in "add"
events;
2) imports SYSTEMD_READY from the udev db if DM_SUSPENDED is set, and jumps to systemd_end;
3) sets SYSTEMD_READY=1, otherwise.
This logic has several flaws:
* 1) can cause file systems to be unmounted if an coldplug event arrives while
a file system is suspended. This rule shouldn't be applied for coldplug events
or in general, "synthetic" add events;
* 2) evaluates DM_SUSPENDED=1, which is a device-mapper internal property.
It's wrong to infer that a device is accessible if DM_SUSPENDED=0.
The jump to systemd_end may cause properties and/or symlinks to be lost;
* 3) is superfluous, because SYSTEMD_READY=1 is equivalent with SYSTEMD_READY
being unset, and can create the wrong impression that the device was explicitly
activated.
This patch fixes the logic as follows:
- apply 1) only if DM_NAME is empty, which is only the case for the first
"genuine add" event;
- change 2) to use DM_UDEV_DISABLE_OTHER_RULES_FLAG instead of DM_SUSPENDED,
and remove the GOTO directive;
- remove 3).
Fixes: b7cf1b6 ("udev: use SYSTEMD_READY to mask uninitialized DM devices")
Fixes: 35a6750 ("rules: set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event (#2747)")
Signed-off-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit c072860593329293e19580b337504adb52248462)
Apparently some RTC drivers return EINVAL in that case when we try to
read it. Handle that reasonably gracefully.
Fixes: #31854
(cherry picked from commit 5c81de98fcb533c0889ed6c6f6cd8640bb626360)
F39 doesn't build anymore:
GPG key at https://fedoraproject.org/fedora.gpg (0x31645531) is already installed
Public key for filesystem-3.18-6.fc39.x86_64.rpm is not installed. Failing package is: filesystem-3.18-6.fc39.x86_64
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for setup-2.14.4-1.fc39.noarch.rpm is not installed. Failing package is: setup-2.14.4-1.fc39.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
The GPG keys listed for the "updates" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: fedora-gpg-keys-39-2.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-39-36.noarch.rpm is not installed. Failing package is: fedora-release-39-36.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-common-39-36.noarch.rpm is not installed. Failing package is: fedora-release-common-39-36.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-identity-basic-39-36.noarch.rpm is not installed. Failing package is: fedora-release-identity-basic-39-36.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-repos-39-2.noarch.rpm is not installed. Failing package is: fedora-repos-39-2.noarch
GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Error: GPG check FAILED
These are throw-away CI images, so just skip the checks
OpenSUSE's busybox has a bunch of Provides for basic tools that cause
it to get pulled into images unless the corresponding tool is explicitly
installed so let's add explicit tools to make sure we don't get busybox.
(cherry picked from commit 857e4528f5fe556bbe98e32ffcde8932d0d80f83)
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__main__.py", line 60, in <module>
main()
File "/usr/lib/python3.12/contextlib.py", line 81, in inner
return func(*args, **kwds)
^^^^^^^^^^^^^^^^^^^
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__main__.py", line 52, in main
run_verb(args, images)
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__init__.py", line 2789, in run_verb
become_root()
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/run.py", line 125, in become_root
os.setresuid(0, 0, 0)
PermissionError: [Errno 1] Operation not permitted
/usr/bin/pacman-key: line 31: /usr/share/makepkg/util/message.sh: No such file or directory
/usr/bin/pacman-key: line 32: /usr/share/makepkg/util/parseopts.sh: No such file or directory
/usr/bin/pacman-key: line 620: parseopts: command not found
If we use TCP fastopen to connect to a DNS server via TCP, and it
responds really quickly between our connection attempt and our immediate
check back, then we have not identified the peer yet, and will not be
able to use the peer metadata to fill in our packet info.
Let's fix that, and simply not read from the socket until identification
is complete.
Fixes: #34956
(cherry picked from commit facc9439a76b4c3a5c273c71bd7a676e4c74778c)
(cherry picked from commit 11da52785c978369e4cd92e67e5017a436404340)
(cherry picked from commit 9bf15a285e96eec950e21528d712ec0539839a8b)
Import thew new key from https://data.iana.org/root-anchors/root-anchors.xml.
The old one remains valid, as per provided data.
Fixes: #36260
(cherry picked from commit 8113361e82eea2741290f7117034d356acb3ab4d)
(cherry picked from commit 961e351061b2366889c8af1feae522f8f4123f5d)
(cherry picked from commit 6cb60bbe838b6d153216c14c95851d095ce639a2)
The values assigned to 'r' were never used, and overwritten by the next
call of read_line_full().
Fixes CID#1548043 and CID#1548064.
(cherry picked from commit 00575cfd696a2a335decb66580727fafd3c152aa)
(cherry picked from commit 244790adfa626fbdbaf8cebec2f1b4759b12456b)
(cherry picked from commit f92b518f17232b709a62c21250e0502464743409)
This is a kind of paranoia, as memeqzero() does not read anyting if
length is zero. But, strictly speaking C language does not allow such,
and Coverity warn about that.
Fixes CID#1561177.
(cherry picked from commit 6529ab0b066c93a6b8a8bf24b999d67e67a261f5)
(cherry picked from commit 73986494b65acd5eb68b889d0b8966f72f55bbb3)
(cherry picked from commit 9b7aaf3e02469676efcbcbdeab53dda40f090fe9)
The test expects _not_ to find the patterns but the run_and_grep would
still print 'FAIL:' message. Use the dedicated -n option that inverts
the semantics cleaner than shell's !.
(cherry picked from commit c4b75966075e01d39556a87caa778eb63d96d6f6)
(cherry picked from commit f45b42ea5d7055f0fdd5bfe548bde3b73a0c2051)
(cherry picked from commit 63725bc3a312ca5481b514a8ebb00ef2617a331e)
In various scenarios we invoke containers with access to the kernel
keyring blocked. Let's make sure we can handle this properly: when the
invocation ID is stored in in the kernel keyring and we try to read it
and get EPERM we should handle it gracefully, like EOPNOTSUPP.
(cherry picked from commit f2e38b01e052ebd50eaf98763bd9709e880c0a75)
(cherry picked from commit a2abc3b8ecef41dea432d39ff19cb66c6aa3baa9)
(cherry picked from commit 9cd3101704592c3022d22cac2c2877bd37768ba5)
Fixes a bug in b5a07e524e42d2594174ca1a5b72aa4fdb9af94c (v250).
(cherry picked from commit 91421f8379b66316f937d56c60c2e782b7a79eca)
(cherry picked from commit 349012c4935c49bde6bb7bc6daa8e4a783657338)
(cherry picked from commit 786f94faefe36fea7337ed2b2d31ea2040071da9)
When using UEFI with bhyve it behaves similarly to qemu, and provides
a product_uuid. Use it if found, just like with qemu.
(cherry picked from commit 113c159ba9c4e8052ae162e12faba28b102a90d0)
(cherry picked from commit 4cdaff292c8918511b88d9a05a4111c366702c3c)
(cherry picked from commit ebdb1df19e34b02a32e1b67cf06a4fa3935cb569)
fido2_generate_hmac_hash() sets req->keyring to "fido2-pin" when
calling ask_password_auto(), suggesting that a key by this name
can be read from the kernel keyring. But the keyring is never
opened because the ASK_PASSWORD_ACCEPT_CACHED flag is not set.
Set ASK_PASSWORD_ACCEPT_CACHED to allow automated / scripted
setup of encrypted volumes with FIDO2. If the PIN turns out to
be invalid, clear ASK_PASSWORD_ACCEPT_CACHED to avoid retrying
and possible lockout.
(cherry picked from commit 505c2f21377019c058de16aa9e2d8db005e97e6f)
(cherry picked from commit f2054b8aee28a09767d9bfb976167ce288152d5d)
(cherry picked from commit 012cde19b899475cb72153daba69144d47122801)
All dbus programs have to be up-to-date for update-dbus-docs to
produce the expected output, so add the missing dependency.
(cherry picked from commit 461bd9277a69833a534518c263d00443f2f6fbf4)
(cherry picked from commit cd727da491f0715995f06f3ad7e6e2ec2ab2e44a)
(cherry picked from commit c5e562c8eeb81f9573bd14446ad77c43f5b73d7a)
Follow-up for 3bd28bf721dc70722ff1c675026ed0b44ad968a3
SERVICE_RELOAD_SIGNAL state can only be reached via explicit reload jobs,
and we have a clear distinction between that and plain RELOADING=1
notifications, the latter of which is issued by clients doing reload
outside of our job engine. I.e. upon SERVICE_RELOAD_SIGNAL + RELOADING=1
we don't propagate reload jobs again, since that's done during transaction
construction stage already. The handling of combined RELOADING=1 + READY=1
so far is bogus however, as it tries to propagate duplicate reload jobs.
Amend this by following the logic for standalone RELOADING=1.
(cherry picked from commit c337a1301f2de4105fc8023e45db20238c6a895a)
(cherry picked from commit aef4adde624246b074082db8b4c1d446e13f85ca)
(cherry picked from commit 7e6e8b3dedc136d77e9698ba9f140a33573daead)
There is a typo passing flags to `install_file()`, if `IMPORT_READ_ONLY` is set,
`IMPORT_SYNC` is never checked.
(cherry picked from commit 5d2d0c055b1ec68d4fc5d4ec85390fc427171ff3)
(cherry picked from commit 6d3621d38ee85bce79931612d6b63d6539274ea8)
(cherry picked from commit b7109d7f6ea841215d409623217190ae4ca1a889)
(cherry picked from commit f4e5a730002fa7ed714b89775c3e5fae6d003aae)
(cherry picked from commit e23c2e8bed7db1f12d026e8036464edba1fe309d)
(cherry picked from commit 623a9c2b6526655742a61f6ffe3dfede053ad897)
When hardlink recreation is requested, it creates temporary files that
will be deleted once the context is destroyed. The deletion
(potentially) updates the directory's timestamps, so it's crucial that
the deletion happens before the directory timestamps are restored when
`COPY_RESTORE_DIRECTORY_TIMESTAMPS` is requested.
(cherry picked from commit b66291444b8d4022ce68121af8e6f99d29ebefd0)
(cherry picked from commit 9e2ba7eb050fcfd9c13f5212c7df9c82cd44cef5)
(cherry picked from commit 9ade6934cb18afa2cb38ad49c31b34e0467b30d5)
mkfs.erofs is extremely verbose and will log every single file added
to the filesystem, which is a lot of them when building a rootfs.
(cherry picked from commit 323213cfea8b78d44f63b8a83f74fbd1f79f1775)
(cherry picked from commit b92ea51d000e69d032b0a8cf80bf2714a95e69c2)
(cherry picked from commit 37ba21ae354ecccbc69a8b43c2620b3f80d32d66)
It does not work on oss-fuzz for some reasons. See #11018.
(cherry picked from commit 0656b3a083b48a2cccb90ee1f7fed949d9283b76)
(cherry picked from commit 16c3e3eac0864d9707b4eac018edcf6c88e754da)
(cherry picked from commit 6b2e003525542959dc73a1377947ac21f08ca19b)
(cherry picked from commit 7593173c947d7ac2a4a890c570501034f3a4f9b1)
(cherry picked from commit 77af82eeb73efbb5fb9ed429a2730e8b9ccb6d73)
(cherry picked from commit f65e179e69a53a1e047ed409510d3195361553d1)
While this is obvious if you spend a few minutes thinking about how
D-Bus signals work (in this case, they are broadcast from a system
service, so cannot apply to a specific user/session/seat), it’s a bit
easy to overlook this while putting code together which uses the login1
D-Bus API, so it’s helpful to point this hazard out specifically in the
docs.
The signals can only be emitted on the canonical objects. The
convenience objects are useful for method calls, as the calling context
can be used to dereference ‘self’ and ‘auto’, but this can’t work for
signals.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 82b32b997c51e259ddf66a0ec6bd7631b0ea781d)
(cherry picked from commit afc6244bb1accde277359e3aa7b1976cc96080cf)
(cherry picked from commit aa560dbadced069da9d3c44cf3a352435a782b31)
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 5fe4edd3fccd2a14ec3488daeac80ddb33bc71db)
(cherry picked from commit 8ef9fdf79bfa852898a569a9032faa1dafe8c6c1)
(cherry picked from commit be45ace625bcbfe0a91966d16c447f9ebf2b5f85)
The script runs the binaries which try to find the internal libs via /proc/self/exe due
to glibc's RPATH resolution and fail:
/var/cache/src/systemd/tools/dbus_exporter.py interfaces
/var/cache/src/systemd/build/systemd
/var/cache/src/systemd/build/systemd-homed
/var/cache/src/systemd/build/systemd-hostnamed
/var/cache/src/systemd/build/systemd-importd
/var/cache/src/systemd/build/systemd-localed
/var/cache/src/systemd/build/systemd-logind
/var/cache/src/systemd/build/systemd-machined
/var/cache/src/systemd/build/systemd-networkd
/var/cache/src/systemd/build/systemd-oomd
/var/cache/src/systemd/build/systemd-portabled
/var/cache/src/systemd/build/systemd-resolved
/var/cache/src/systemd/build/systemd-sysupdated
/var/cache/src/systemd/build/systemd-timedated
execve("/var/cache/src/systemd/build/systemd", ["/var/cache/src/systemd/build/sys"..., "--bus-introspect", "list"], 0x7ffc7ab68600 /* 20 vars */) = 0
brk(NULL) = 0x56265bf70000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56ced7f000
readlinkat(AT_FDCWD, "/proc/self/exe", 0x7ffedeaa7a90, 4096) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=20293, ...}) = 0
mmap(NULL, 20293, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f56ced7a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=19312, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=19312, ...}, 0) = 0
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/", {st_mode=S_IFDIR|0755, st_size=642, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/", {st_mode=S_IFDIR|0755, st_size=642, ...}, 0) = 0
writev(2, [{iov_base="/var/cache/src/systemd/build/sys"..., iov_len=36},
{iov_base=": ", iov_len=2},
{iov_base="error while loading shared libra"..., iov_len=36},
{iov_base=": ", iov_len=2},
{iov_base="libsystemd-core-258.so", iov_len=22},
{iov_base=": ", iov_len=2},
{iov_base="cannot open shared object file", iov_len=30},
{iov_base=": ", iov_len=2},
{iov_base="No such file or directory", iov_len=25},
{iov_base="\n", iov_len=1}],
10/var/cache/src/systemd/build/systemd: error while loading shared libraries: libsystemd-core-258.so: cannot open shared object file: No such file or directory
) = 158
(cherry picked from commit c6a932fd0db5bfcc523d0a57351b906bce2955cd)
(cherry picked from commit 8b84cad890a0dbc73ad8d0d2f73c303bf56b0eb1)
(cherry picked from commit 06f05bad59ded95a30de0950cf13669b9e293ab0)
Follow-up for a05255981ba5b04f1cf54ea656fbce1dfd9c3a68
Follow-up for 3e0a3a0259324b4c40a9a62c8506fe683cd0273b
(cherry picked from commit 6a6d4c3f3c123a1cbb6770f1cae8c130a48333e1)
(cherry picked from commit 769997ee17d64cf0cecd9db20ebe0af1f69dc23d)
(cherry picked from commit 1cd0325097ded1bbe91d366fce4699e252ab383c)
We want to be able to capture stdout for json and such, so convert
all remaining logging to stderr.
(cherry picked from commit cf4deeaf1e822ade5c1fbbe2584b23a2d0988439)
(cherry picked from commit 3110d46f4a7b6a41c9d6fc6a9f65cf7058bb4001)
(cherry picked from commit 6fc9646401c4db84fc3f3bff15e00680ebb9d3d4)
Updating footer to reflect current year: 2025
(cherry picked from commit 1bcb739f080a56ab578129d9a87e061d92059eb5)
(cherry picked from commit 81486f3af7074151e6f8e4e594b80bd78c7a718e)
(cherry picked from commit f2d7b71376d3e8600cd1ffbddfd424395d8f3a9f)
The header starts with 'zstd', not 'zstd22':
$ ukify build --linux vmlinuz-6.13+unreleased-cloud-arm64 --initrd /boot/initrd.img-6.12.12-amd64 --output uki
Kernel version not specified, starting autodetection 😖.
Real-Mode Kernel Header magic not found
+ readelf --notes vmlinuz-6.13+unreleased-cloud-arm64
readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
Traceback (most recent call last):
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2510, in <module>
main()
~~~~^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2499, in main
make_uki(opts)
~~~~~~~~^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 1328, in make_uki
opts.uname = Uname.scrape(linux, opts=opts)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 384, in scrape
version = func(filename, opts=opts)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 374, in scrape_generic
text = maybe_decompress(filename)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 221, in maybe_decompress
return get_zboot_kernel(f)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 201, in get_zboot_kernel
raise NotImplementedError(f'unknown compressed type: {comp_type!r}')
NotImplementedError: unknown compressed type: b'zstd\x00\x00'
(cherry picked from commit a6d51ae582c863c01c581f1e31492910d53b0427)
(cherry picked from commit 9b9a8d7e5468a847b8deaa8ce79402872a2c1dd5)
(cherry picked from commit 92510a1d7991806fcd3e01330fdc11eba5c0ae53)
The zstd library does not support stream decompression, and it
requires the zstd header to contain extra metadata, that the kernel
build does not append:
$ file -k vmlinuz-6.13+unreleased-cloud-arm64
vmlinuz-6.13+unreleased-cloud-arm64: PE32+ executable (EFI application) Aarch64 (stripped to external PDB), for MS Windows, 2 sections\012- data
$ ukify build --linux vmlinuz-6.13+unreleased-cloud-arm64 --initrd /boot/initrd.img-6.12.12-amd64 --output uki
Kernel version not specified, starting autodetection 😖.
Real-Mode Kernel Header magic not found
+ readelf --notes vmlinuz-6.13+unreleased-cloud-arm64
readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
Traceback (most recent call last):
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2508, in <module>
main()
~~~~^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 2497, in main
make_uki(opts)
~~~~~~~~^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 1326, in make_uki
opts.uname = Uname.scrape(linux, opts=opts)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 382, in scrape
version = func(filename, opts=opts)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 372, in scrape_generic
text = maybe_decompress(filename)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 219, in maybe_decompress
return get_zboot_kernel(f)
File "/home/bluca/git/systemd/src/ukify/ukify.py", line 199, in get_zboot_kernel
return cast(bytes, zstd.uncompress(f.read(size)))
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
zstd.Error: Input data invalid or missing content size in frame header.
This appears to be by design:
https://github.com/sergey-dryabzhinsky/python-zstd/issues/53
Switch to python3-zstandard, which works.
(cherry picked from commit fbc6fecf1adbd34bd541c04d04ceef2695caa80a)
(cherry picked from commit 77fc49891a162dae56b1e2cc3112a8c26516f656)
(cherry picked from commit c72cc9e81ad9d8b71d6ba149227d4d88375ca52d)
UKIs should generally not be compressed since the kernel image and
initrd in them will already be compressed so let's remove the compression
suffix from the examples in the sysupdate manpage.
(cherry picked from commit 5ca1865ad95a10b744321d21293587ed1d446ee6)
(cherry picked from commit 9440a08ccce6c5ebb5091a38dd709737a4ae22b9)
(cherry picked from commit 082fab587bef69adf30c2950e5a59a92c78021c8)
'ConditionOSRelease=|ID_LIKE$=*rhel*' results in a segfault.
The key 'ID_LIKE' is not present in Fedora's os-release file.
I think the most reasonable behaviour is to treat missing keys as empty.
This matches the "shell-like" sprit, since in a shell empty keys would
by default be treated as empty too. Thus, "ID_LIKE=" would match, if
ID_LIKE is not present in the file, and ID_LIKE=!$foo" would also match.
The other option would be to make those matches fail, but I think that'd
make the feature harder to use, esp. with negative matches.
Documentation is updated to clarify the new behaviour.
https://bugzilla.redhat.com/show_bug.cgi?id=2345544
(cherry picked from commit de02b551adcf74e5677454fd36bf7653b1a4def1)
(cherry picked from commit 8f8514c03f166c352ebdcb577c29d2dff88a37f7)
(cherry picked from commit f36638fbd262f79b334f0f4cf8f0d056458d30ae)
Otherwise json will be interleaved with plain text messages
(cherry picked from commit 7d64e2f368ec7c683fee95d21f527c406b8eb5e6)
(cherry picked from commit 47be0e801ef7761a2472fd704400e4fd3b737625)
(cherry picked from commit 8d81afe6d769431a0f8e38bbdfbc1c0e3e9c5d04)
When a new device is processed, there should be no watch handle for
the device, hence udev_watch_clear() provides -1. Let's not try to call
inotify_rm_watch() in that case.
This should not change any behavior. Just for suppressing spurious
debugging log:
=====
(udev-worker)[3626140]: zram1: Removing watch handle -1.
=====
(cherry picked from commit b3b442062045eac61a9dd3ed73b650dfb5be0b46)
(cherry picked from commit d32f4bcaf274e208568a5e6151c0a81d00d80438)
(cherry picked from commit 93930340c9b6725f72c5d4e811e1522d9ce9f031)
(cherry picked from commit a52aad3b4bb735a22ce67110142d135819589a87)
(cherry picked from commit cc77e140a8b194f710f33c9f552750ce350e6122)
(cherry picked from commit a6f86fcf0f66724913bc0725a5109b4dce585955)
(cherry picked from commit 951def0e276c041a262b3f147bb42206195fe13e)
(cherry picked from commit a112fca1212c1488c6c43991df2be1fc171b8138)
(cherry picked from commit 2948d0647e9077fb2181ed7792278869018cd263)
(cherry picked from commit 6f91e7a3bea2c5046354b31cb650b54e3b2884d5)
(cherry picked from commit 6caab0c58c8c43c5d4244e2ef2bb739aa06d81c0)
(cherry picked from commit 3d36ded4105f326e51c13c6f516d4f6e58fd3f73)
pefile has an hardcoded limit to 256MB per section:
https://github.com/erocarrera/pefile/issues/396
When building an initrd with large firmware files and
lots of kernel modules, this limit can be reached.
Skip over those warnings.
(cherry picked from commit 32caed550f5a81eb87d2e39bc83917df2898d844)
(cherry picked from commit 87224a2d4efa30b48407f71aad3ee2df591fe224)
(cherry picked from commit 9141043f6f8e71eb7fa4aefac28b85bbb4e999b6)
Add a bunch of more released keys. Kinda a follow-up for c8c5ce5772b08da0ad317331b1f4929c1b466ae0
(cherry picked from commit 8135d37f81917f2a7f98a52bdae92eae5878946d)
(cherry picked from commit d14161d4d08037f28070c9766ae1aebc32876064)
(cherry picked from commit 4476418c5bb9b4b60ffb68cccb9d9514fa32c54a)
(cherry picked from commit c8c5ce5772b08da0ad317331b1f4929c1b466ae0)
(cherry picked from commit 131eff83701ed40468fb68fb0ed33108f215950e)
(cherry picked from commit 84d99190ffeed4dd502480b22c552a0c36c0f60d)
(cherry picked from commit 2443b4d9a17787fd0a63d6591fbdb74650c43994)
(cherry picked from commit e8d5d7f355ae826f4f8c0f61f62c31e828bde7d0)
(cherry picked from commit 34eb74020f77ddc3635bfc489198fe18d123cdb7)
CLONE_PIDFD was introduced in v5.2 and in sched.h in glibc-2.31 so
without this, building with older version fails with:
src/basic/raw-clone.h:41:108: error: 'CLONE_PIDFD' undeclared (first use in this function); did you mean 'CLONE_FILES'?
(cherry picked from commit e91c5cf06ab7ca9e5576c6feac5f743927f2b063)
(cherry picked from commit 480e39dbbb3df253e02a4908dfcfecf1fb3511e2)
(cherry picked from commit 5e0588e3d97715da9995013eb8dbc13eb21a8d0b)
