IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
log_setup() overrides the previously set log target again so we
can't use it in log_setup_generator().
Follow-up for aa976d87889ae22b7347787a1ebd03a31dcc0a9e
(cherry picked from commit b3ebd480d6674ce4f66200858c88557595713bd5)
* cb00be93e5 Upstream profile: skip dh_strip_nondeterminism
* c948e192a8 autopkgtest: skip gdm3 on armel for smoke tests
* e12116becb initramfs-tools: ensure rules file exists before invoking chzdev
* c8904f67e9 Filter out zdev rules in the initramfs hook (LP: #2044104)
* 9967984fc8 salsa-ci: test the stage1 build profile
* 2c81f4a6cc d/e/checkout-upstream: undo quilt patches before switching debian branch
* e75197fa10 d/e/checkout-upstream: do not rebase on main when building stable branches
* 7989319bca Drop patch merged upstream
* b7127a0725 Depend on new linux-bpf-dev package where available
* 7966d2543f autopkgtest: use hint-testsuite-triggers to ensure other packages changes trigger our testsuite
* 777af76cae autopkgtest: run upstream test last
* f257c53fe3 Stop installing legaly pkla file in upstream CI too
* a4b54fd693 Use d/not-installed instead of manual removals
* e0fdbb4496 Stop shipping empty /etc/init.d directory
* 202c7fc8f9 Use debian/clean instead of override in d/rules
* ba81ea64a6 Drop redundant pot build
* 9152d0e064 autopkgtest: allow localectl in localed tests
* 319a078b8e Fix D-Bus policy for locale1 blocking
* 28daa8b37b Drop last patch, all merged upstream
* 7bf7bf6f4e Drop out-of-tree localed patch and use D-Bus policy instead
* 409028b7e6 Drop /etc/sysctl.d/99-sysctl.conf symlink
* 6f37d3cb3e d/e/checkout-upstream: switch packaging branch on upstream stable PRs
* b7e53c00b2 d/e/checkout-upstream: do not fail if rebase fails
* 1364bb81d4 d/e/checkout-upstream: fix shellcheck warnings
* 796d133b0c initramfs-tools: copy network drop-ins too
On Ubuntu/Debian infrastructure QEMU crashes a lot, so mark the test
as skipped in that case as there's nothing we can do about it and
we shouldn't mark runs as failed
(cherry picked from commit 0d7f5a9ae6f5fc70c5ad23398c2b7a515e9b1982)
There are other CI runs that build manpages, speed up build which is close to 1hr limit
(cherry picked from commit d58a904d35d3abcb7265b28b14aac596631e27d6)
This slows down the build, which is often near the 1hr limit. There are
other jobs running the extra unit tests.
(cherry picked from commit 3bc5480bac474263881e4c5919d5cce0debf3c40)
It's due for release soon and will fix the flakyness of TEST-58-REPART
so let's bump the Fedora 40 job to Fedora 41.
(cherry picked from commit 12a1b02b528e1802025fdc7e3ac9de9426a14391)
The disk/by-diskseq symlink should not be shared with multiple block
devices. Hence, it is not necessary to create stack directory for the
symlink that manages which device owns the symlink.
This is not just a optimization.
If a service unit tries to mount a disk image but the service fails, then
the diskseq of the loop device for the image may be continuously increased
during restart, and inodes in /run may increase rapidly, as the stack
directories are cleaned up only when udev queue is empty.
Fixes#34637.
(cherry picked from commit 09373c1a50297079e6b0447ea97af4e9a60f77fa)
boot loader specification states:
architecture: refers to the architecture this entry is for. The argument
should be an architecture identifier, using the architecture vocabulary
defined by the EFI specification (i.e. IA32, x64, IA64, ARM, AA64, …).
If specified and it does not match the local system architecture this
entry should be hidden. The comparison should be done case-insensitively.
Example: architecture aa64
https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-entry-keys
(cherry picked from commit f819a516dbbddb16724f33dcef5badcb6fe8b80b)
If the source is a file, don't copy the mode and such from it to
the root directory, even if the target is /.
(cherry picked from commit 413d3ce1b76b42ba691eea54cd1704b14602442e)
Avoids the need to maintain the same list over and over again, and
link it to the defition table in the implementation as a reminder
too
(cherry picked from commit 3509fe124d3a4fe2934028f83ae156ade050c8fe)
This is to ensure that the UUIDs from the CopyBlocks= devices are copied
to the corresponding new partition instead of creating a new UUID for
it. With this verity partitions can be copied, keeping their UUIDs to
ensure that they still match up with what is specified in roothash=.
(cherry picked from commit f106fd2dbdbd9debfc2d2ed4d96ae3108a29c79b)
We had several users, that wrote their unit files with
WantedBy=default.target because it should be started "every time".
But for example in Fedora/CentOS/RHEL, this often breaks for
example selinux relabels (where we just want to do a relabel and reboot).
(cherry picked from commit 67b6404b80cf8078f3d9ec6d4c2f34ac25b15077)
bpftrace nudges the Fedora Rawhide images towards compiler-rt18 while the
sanitizer builds pull in clang19, leading to the sanitizer libraries
not being found at runtime. Let's drop bpftrace for now so that compiler-rt19
is pulled in in the main image.
(cherry picked from commit d98b6c66ffaccbef1c86fc729f2f9601bfb02fd5)
systemd built with sanitizers is installed in subimages and tools
might get invoked in postinstall scripts so we have to disable ASAN
in the subimages as well during the image build.
(cherry picked from commit 345a4fcbb6ed16ab19d0d5b0c7344e5cdfe29efd)
The latest clang has started catching more integer promotions which
cause us to pass the wrong type to printf() format specifiers so let's
fix those.
(cherry picked from commit c73d14c43e7998ca54011875ad25afc634d57498)
We don't support "split /usr" systems anymore, hence no point in
mentioning /bin/ anymore as being part of the binary search path.
(cherry picked from commit f39e66b85a4a97818a618758e34019d052aeb772)
So far we supported this syntax:
ExecStart=foo ; bar
as equivalent to:
ExecStart=foo
ExecStart=bar
With this change we'll "soft" deprecate the first syntax. i.e. it's
still supported in code, but not documented anymore.
The concept was originally added to make things easier for 3rd party
.ini readers, as it allowed writing unit files with a .ini framework
that doesn't allow multiple assignments for the same key. But frankly,
this is kinda pointless, as so many other of our knobs require the
double assignment.
Hence, let's just stop advertising the concept, let's simplify the docs,
by removing one entirely redundant feature from it.
Replaces: #34570
(cherry picked from commit 225f18b9a9d39331ea862478ab2ff893678e249d)
Let's systematically use RTL_NOW|RLTD_NODELETE as flags passed to
dlopen(), across our codebase.
Various distros build with "-z now" anyway, hence it's weird to specify
RTLD_LAZY trying to override that (which it doesn't). Hence, let's
follow suit, and just do what everybody else does.
Also set RTLD_NODELETE, which is apparently what distros will probably
end up implying sooner or later anyway. Given that for pretty much all
our dlopen() calls we never call dlclose() anyway, let's just set this
everywhere too, to make things systematic.
This way, the flags we use by default match what distros such as fedora
do, there are no surprises, and read-only relocations can be a thing.
Fixes: #34537
(cherry picked from commit bd4beaa2ebfbbec0a1263a7091a91e528ce8cf13)
For compiling bpf code, the system include directory needs to be
constructed. On Debian-like systems, this requires passing a multiarch
directory. Since clang's -dump-machine prints something other that the
multiarch triplet, gcc was interrogated earlier, but that also yields a
wrong result for cross compilation and was thus skipped resulting in
clang not finding asm/types.h.
Rather than, -dump-machine we should ask for -print-multiarch (which
rarely differs). Whenever gcc is in use, this is right (even for cross
building). Since clang does not support -print-multiarch and its
-dump-machine never matches Debian's multiarch, we resort to asking gcc
when building natively. For cross builds using clang, we are out of
luck.
(cherry picked from commit 608009dc6218f7c41420f665586f2449b64a08f7)
On upgrades, only the %postun scriptlets of the old package version
run. This means that any changes related to restarting daemons require
two releases before they're actually used.
%postun is used because it runs after the old package has been removed,
which is important as it means any lingering dropins from the old package
will have been removed as well.
To allow deploying fixes in just a single release while still running after
the old package has been removed, let's introduce %posttrans versions of these
scriptlets as %posttrans of the new package runs on upgrade and install after
the old package has been removed.
(cherry picked from commit 9fd8a9dffe9b8f29da52e4e1481926bceed5ce6c)
Just to tighten the language a bit, why people should care about where
they place their inodes.
(cherry picked from commit 5b53894123b9d01f5738b02befd4189625c5451f)
(And specifically mention /usr/include + /var/spool as not covered here,
but being OK to add downstream)
(cherry picked from commit fd6e079e7b296696028c161224d2a86fce70726f)
Today it seems this is mostly used by mail and printer servers, and it's
not clear to me at all what the property is that makes
/var/spool/<package> the better place for the relevant data than
/var/lib/<package>.
Hence, in the interest of shortening the spec, let's not mention the dir
anymore. In particular as the dir really isn't used by us much, for
example we do not have a counterpart for RuntimeDirectory=,
StateDirectory=, … that would cover the spool.
Since most systems these days we care about probably come *without* a
printer or mail server, let's maybe no mention this in the man page that
is supposed to discuss the rough skeleton how things are set up. After
all, people are supposed to exend the skeleton with their stuff, and
this sounds more like a case for an extension of the skeleton instead of
being considered part of the skeleton itself.
(cherry picked from commit b0201b36d2e0181d08530aaad496322812c4e77e)
The man page is supposed to provide a "generalized, though minimal and
modernized subset" (as per introductory pargapraghs), from a systemd
perspective. But the thing is that /usr/include/ really doesn't matter
to us. It's a development thing, and slightly weird (because it arguably
would be better places in /usr/share/include/ or so). It's not going to
be there on 95% of deployed systems, and we really don't want people to
bother with it on such systems.
We only define the skeleton of directories in this document, and it's
expected that people extend it, and I think this really should be one of
those dirs that is an extension of our skeleton, but not part of the
skeleton, if that makes any sense.
(cherry picked from commit 9e7b691073922433a71cf49dcaaf7f9f61f58e6d)
Every services and containers should be able to protect their users and
limit the impact of security bugs thanks to the security syscalls
provided by seccomp and Landlock. The goal of these syscalls is to
improve security with additional restrictions. They are designed to be
safely used by unprivileged (and then potentially malicious) users.
Remove the now-redundant "seccomp" entry for nspawn.
(cherry picked from commit e9966634754b8c9ee3f3c579f25d938e185c282e)
Somebody wrapped the text, but whitespace is preserved in <programlisting>, so
the output was mangled. It also doesn't make sense to run systemd-path as root
(as indicated by '#'), so drop that. Also, this chunk should be a separate
paragraph.
(cherry picked from commit 1ca81b2e005ccef6e9ddf06c3e3441bae0a6e1d5)
I encountered this race condition while working on TEST-13-NSPAWN.varlinkctl.sh.
The long-running machine's init script sometimes does not have time to start and
register signals. As result, occasiounally failed tests.
(cherry picked from commit e826a8bed447f3b3f9ad487f96ab7f8c7620c75b)
Verity= is an image build concept, not a first boot concept, whereas
a partition designator is always available, so let's do the size stuff
based on that.
(cherry picked from commit e11745d000d7e9b3112bb336735c1bdfa77e9add)
Different device paths may resolve to same device node
(lookup_block_device()), e.g.
IOReadBandwidthMax=/dev/sda1 18879
IOReadBandwidthMax=/dev/sda2 18878
where both partitions resolve to /dev/sda and when these values are
applied (they are associated with original paths, i.e. as if applied for
different device) in the order from io_device_limits.
The parsing code prepends, so they end up in reverse order wrt config
file. Switch the direction so that the order of application matches the
order of configuration -- i.e. semantics in all other unit file
directives.
Apply same change to all directives that use per-device lists. (The
question whether partitions should be resolved to base device is
independent.)
And apply the changes equally to DBus properties write handlers.
Fixes#34126
(cherry picked from commit 0fa0dfa04465651a18107d503f9967f84bd761d1)
When removing a cgroup in unit_prune_cgroup(), read IO metrics to cache
them similar to the existing treatment of the CPU and memory usage data.
Note that we do not do this for the IP metrics as the firewall objects
are only destroyed in unit_free() and thus stay alive long enough to
be read out directly by all interested parties.
Fixes#26988.
(cherry picked from commit 17bbdefd8c49617d7596bbf708c818a9773a9b44)
