1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-07 21:18:41 +03:00
Commit Graph

74673 Commits

Author SHA1 Message Date
Luca Boccassi
dd577dde5e mkosi: use util-linux's autologin
login is now from util-linux so credentials are supported.
It also needs to be pulled in as it's Protected: yes rather than
Essential: yes.

Keep the old setting for Ubuntu as that still uses login from shadow.

(cherry picked from commit ec54029017)
2024-09-10 14:56:05 +02:00
Daan De Meyer
37e130e203 mkosi: Don't create sanitizer wrappers for every mkfs binary
mksquashfs for some reason ends up in nss_systemd and mkfs.btrfs
links against libudev. The others don't need a sanitizer wrapper
script.

(cherry picked from commit 67b240f6b0)
2024-09-10 14:56:05 +02:00
dependabot[bot]
4fe2c97477 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 8c2f828701a1bdb3dc9b80d6f2ab979f0430a6b8 to 31b4e756c1484c302435653da5d3b9bdfae38518.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](8c2f828701...31b4e756c1)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 0333969a40)
2024-09-10 14:56:05 +02:00
Daan De Meyer
5d48558f4b mkosi: Use apt patterns to install dependencies on Debian/Ubuntu
Instead of parsing the human readable output of apt-cache, let's
use apt patterns to figure out the dependencies.

We also filter out virtual packages as apt will fail and say we need
to install an implementation of the virtual package even if a package
that provides the virtual package is already installed.

(cherry picked from commit 89c579788d)
2024-09-10 14:56:05 +02:00
Daan De Meyer
e6feb4fa90 mkosi: Make systemd package filtering more robust
Let's not just filter everything with systemd in the name, but instead
use the same list of volatile packages that we install to do the
filtering.

(cherry picked from commit 70ecdbfa23)
2024-09-10 14:56:05 +02:00
Daan De Meyer
65d59fbd1c mkosi: Include noarch in dnf repoquery architectures
ukify is noarch so we should include noarch to get all results.

(cherry picked from commit 3e09a3eac2)
2024-09-10 14:56:05 +02:00
Yu Watanabe
0d0c5bff92 mkosi: fix typo
Follow-up for 7205fc7dc3.

(cherry picked from commit f38aac5e01)
2024-09-10 14:56:05 +02:00
Daan De Meyer
23a60e89e7 mkosi: Switch back to src.opensuse.org for opensuse spec
Supposedly they're never going to rewrite their git history again
so let's give src.opensuse.org another try given that code.opensuse.org
is down again.

(cherry picked from commit ffd76bdd97)
2024-09-10 14:56:05 +02:00
Daan De Meyer
a24fe6af45 mkosi: update fedora commit reference
* a67221c3f0 Always build ukify package
* abb115a905 Do not use patch to modify systemd-user pam config file
* 196ec98228 Drop %upstream conditionalization for patches

(cherry picked from commit e921a8ad67)
2024-09-10 14:56:05 +02:00
Daan De Meyer
0c314a93ff mkosi: Don't fetch remote if the commit to check out already exists
If the commit we're about to check out already exists in the local
repository, don't fetch from the remote repository.

(cherry picked from commit c5730846fe)
2024-09-10 14:56:05 +02:00
Daan De Meyer
ff409b84b6 mkosi: Always specify _sourcedir as an absolute path
A relative path is not supported by rpm so let's make sure we specify
it as an absolute path.

(cherry picked from commit 71acb00c28)
2024-09-10 14:56:05 +02:00
Daan De Meyer
41235e2717 mkosi: Don't apply distribution specific patches
rpm upstream is going to imply --noprep when running with --build-in-place so let's do the same on older
versions of rpm (e0925ad6e3)

Also, to keep things consistent between distros, run with --noprepare
on Arch Linux as well (we already skip patches on Debian/Ubuntu).

To keep things working on Arch, we apply the one downstream patch
manually ourselves.

(cherry picked from commit 00a2a67d81)
2024-09-10 14:56:05 +02:00
Daan De Meyer
f193dbac8b mkosi: Stop using git commit timestamps for package releases
This prevents bisecting to figure out which commit broke something
as when going backwards the git commit timestamp will be older meaning
package managers will refuse to upgrade to the "older" version. Let's
make sure the release is always newer by using the current date unless
$SOURCE_DATE_EPOCH is set.

(cherry picked from commit caf5eb586a)
2024-09-10 14:56:05 +02:00
Daan De Meyer
31ce8677e9 mkosi: update fedora commit reference
* 28076e6232 Only make python3-pillow Recommends on Fedora
* a9807c4486 Do not require grubby on CentOS Stream 9
* d38cacfd3a Version 256.5
* 38291e13c1 Disable integration of userdb in sshd
* 53118d2112 Backport patch to only read /proc/cmdline when not in container
* 903e8e0f88 Backport upstream patch to try more initrd variants in 90-loaderentry.install
* b29a66006c Version 256.4
* 1cdae03391 Update tmpfiles --destroy-data patch
* 4fd4ef72a6 Upload sources
* 3c3772150d Version 256.3

(cherry picked from commit 92c22e02c1)
2024-09-10 14:56:05 +02:00
Daan De Meyer
b8526eb0a4 mkosi: update opensuse commit reference
* 2866762da8 Update systemd to version 256.4 / rev 429 via SR 1192932

(cherry picked from commit 051fddfc41)
2024-09-10 14:56:05 +02:00
Daan De Meyer
033c3a020b mkosi: update arch commit reference
* ea5f086275 handle uncommon license
* 43e43faab8 upgpkg: 256.5-1: new upstream release
* 7f4443062f Provide /etc/cryptsetup-keys.d/
* 262a14b8e5 upgpkg: 256.4-1: new upstream release
* 1aff4eb5f6 upgpkg: 256.3-1: new upstream release

(cherry picked from commit caf984def5)
2024-09-10 14:56:05 +02:00
Daan De Meyer
2725b5c01f mkosi: Update to latest
(cherry picked from commit dbff64ddf0)
2024-09-10 14:56:05 +02:00
Daan De Meyer
145f581e88 mkosi: Update to latest
Should fix the Fedora Rawhide CI failure.

(cherry picked from commit f134a79ff8)
2024-09-10 14:56:05 +02:00
Daan De Meyer
cfc3c113f7 mkosi: Update to latest
(cherry picked from commit 2dc99fdadb)
2024-09-10 14:56:05 +02:00
Daan De Meyer
07b2d49089 mkosi: Improve formatting
(cherry picked from commit bc07b026f0)
2024-09-10 14:56:05 +02:00
dependabot[bot]
da76d7c4f5 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 4eba736412c702bbbe2c6d4a58a92fa977219249 to 63fc1fde5b1aac1abf07ac499068c2b62263dafb.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](4eba736412...63fc1fde5b)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 5186b40c6f)
2024-09-10 14:56:05 +02:00
Daan De Meyer
58f38e0a28 tests: Don't override QemuKvm= value if TEST_NO_KVM=0
Let's disable KVM if TEST_NO_KVM=1 is set but let's not specify anything
if it's not set so the QemuKvm= setting from mkosi.conf is used.

(cherry picked from commit c8e7cfeddc)
2024-09-10 14:56:05 +02:00
Daan De Meyer
b72761a67d mkosi: Install util-linux-script on Rawhide
It's now subpackaged so we can build images without pulling in
libutempter but we use script in the testsuite so let's install the
subpackage.

(cherry picked from commit 4eae2be0d7)
2024-09-10 14:56:05 +02:00
Daan De Meyer
a1cdcbc9b9 mkosi: Drop _fixperms workaround
This was added to deal with a bug in the rpm 4.20 rc in Rawhide
but since that's been fixed, let's drop the workaround.

(cherry picked from commit 517e892210)
2024-09-10 14:56:05 +02:00
Yu Watanabe
e80e9dce63 tree-wide: check if non-empty password is acquired
(cherry picked from commit 204529d0fc)
2024-09-10 14:56:05 +02:00
Yu Watanabe
34881c9d5a ask-password: refuse empty password strv
Fixes #34270.

(cherry picked from commit 623a8b1922)
2024-09-10 14:56:05 +02:00
Yu Watanabe
dda8cb4a8e test: fix indentation
(cherry picked from commit fe6049d021)
2024-09-10 14:56:05 +02:00
Yu Watanabe
69282da9aa test: add test case for systemd-repart --seed=random
For issue #34257.

(cherry picked from commit 56d6ebd404)
2024-09-10 14:56:05 +02:00
Yu Watanabe
f85a4fba33 repart: initialize seed earlier
As the seed is used by context_load_partition_table() -> derive_uuid().

Fixes #34257.

(cherry picked from commit b8a8000aba)
2024-09-10 14:56:05 +02:00
Yu Watanabe
a23591891b nspawn: refuse to bind mount device node from host when --private-users= is specified
Also do not chown if a device node is bind-mounted.

Fixes #34243.

(cherry picked from commit efedb6b0f3)
2024-09-10 14:56:05 +02:00
Mike Yuan
c90ae08b0a audit-util: check correct errno
(cherry picked from commit 190a095380)
2024-09-10 14:56:05 +02:00
Daan De Meyer
d5640c4f85 repart: Keep existing directory timestamps intact when copying
Otherwise, when merging multiple directory trees, the output becomes
unreproducible as the directory timestamps will be changed to the current
time when copying identical directories from the second tree.

We introduce a new copy flag to achieve this behavior.

(cherry picked from commit d850a544bc)
2024-09-10 14:56:05 +02:00
Daan De Meyer
c355457fd3 ukify: Skip test on architectures without UEFI
(cherry picked from commit 5121f7c45b)
2024-09-10 14:56:05 +02:00
Ronan Pigott
3a2be65228 resolved: clear the AD bit for bypass packets
When the bypass logic is invoked, such as for queries to the stub with
the DO bit set, be certain to clear the AD bit in the reply before
forwarding it if the answer is not known to be authentic.

(cherry picked from commit 13e15dae9f)
2024-09-10 14:56:05 +02:00
Yu Watanabe
9b0415a5ad udevadm/test,test-builtin: enable debugging logs by default again
The lines were mistakenly dropped by
aa976d8788.

(cherry picked from commit b9142e2ba7)
2024-09-10 14:56:05 +02:00
Mike Yuan
0ce6df4a6b logind-session: downgrade user@.service dep to Wants=
This partially reverts 52bcc872b5.

We explicitly support running without user manager,
hence only user-runtime-dir@.service should be
required.

Fixes #33405

(cherry picked from commit 26f78eff69)
2024-09-10 14:56:05 +02:00
Alyssa Ross
8d7eef9ee5 bootctl: don't load etc/machine-info from cwd
arg_root defaults to null, so if --root isn't given, this would try reading
etc/machine-info from the current working directory, which is likely to fail.

Fixes: 77db9ef2ab ("boot: Make sure we take --root into account everywhere.")
(cherry picked from commit 0452779b00)
2024-09-10 14:56:05 +02:00
maia x.
83f3094173 namespace: Fix extension release memory leak
In apply_one_mount(), in the MOUNT_EXTENSION_DIRECTORY case,
char **extension_release was used as a return pointer twice but only
cleaned up once in the end. Fix it by removing duplicate code that
was causing this issue.

Fixes issue introduced in 55ea4ef096.

(cherry picked from commit 010ea061fc)
2024-09-10 14:56:05 +02:00
Kornilios Kourtis
54c6907e95 process-util: handle pidfd_spawn() returning E2BIG
In some kernels (specifically, 5.4) even though the clone3 syscall is
supported, setting CLONE_INTO_CGROUP is not. The error message returned
in this case is E2BIG.

If posix_spawn_wrapper encounters this error, it does not retry, and
cannot spawn any programs in said kernels.

This commit adds a check for the E2BIG error and retries pidfd_spawn()
without the POSIX_SPAWN_SETCGROUP flag.

If we encounter an E2BIG error, and the pidfd_spawn() succeeds after
removing the POSIX_SPAWN_SETCGROUP flag, then we cache the result so
that we do not retry every time.

Originally, this issue was reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077204.

Signed-off-by: Kornilios Kourtis <kornilios@gmail.com>
(cherry picked from commit 7ac58157ca)
2024-09-10 14:56:05 +02:00
Yu Watanabe
632bf155a2 test: add ASSERT_OK_POSITIVE() and ASSERT_OK_ZERO()
(cherry picked from commit 538766ddf4)
2024-09-10 14:56:05 +02:00
Raphaël Mélotte
0730ec4f3e src/basic/missing_loop.h: fix missing LOOP_SET_BLOCK_SIZE
Builds with kernels headers < 4.14 fail with:

../src/shared/loop-util.c: In function ‘loop_configure_fallback’:
../src/shared/loop-util.c:237:31: error: ‘LOOP_SET_BLOCK_SIZE’ undeclared (first use in this function); did you mean ‘LOOP_SET_DIRECT_IO’?
                 if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) c->block_size) < 0)
                               ^~~~~~~~~~~~~~~~~~~
                               LOOP_SET_DIRECT_IO

Fixes: https://github.com/systemd/systemd/issues/33341

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
(cherry picked from commit 56ab1c5449)
2024-09-10 14:56:05 +02:00
Yu Watanabe
44dc95690c test: add test case that 'nspawn --network-veth' enables IP forwarding
(cherry picked from commit 08779d7c55)
2024-09-10 14:56:05 +02:00
Yu Watanabe
93759103e6 test: allow to skip matrix_run_one() if $TEST_MATCH_TESTCASE is set
(cherry picked from commit 7908e1d459)
2024-09-10 14:56:05 +02:00
Yu Watanabe
9ab5eba325 network: make IPMasquerade= imply global IP forwarding settings again
After 3976c43092 (#31423), IPMasquerade=
implies only per-interface IP forwarding. That means, nspawn users need
to manually enable IPv4/IPv6Forwarding= in networkd.conf when
--network-veth or friend is used. Even the change was announced in NEWS,
the change itself breaks backward compatibility and extremely reduces
usability.

Let's make the setting imply the global setting again.

Fixes #34010.

(cherry picked from commit 0b695febb2)
2024-09-10 14:56:05 +02:00
Yu Watanabe
0372b780b1 network/lldp-tx: introduce link_lldp_tx_update_capabilities()
Currently it is unused, but it will be used later.

(cherry picked from commit 8ceca83141)
2024-09-10 14:56:05 +02:00
Yu Watanabe
9a9472d248 sd-lldp-tx: insert missing empty line
(cherry picked from commit fbcd7e054b)
2024-09-10 14:56:05 +02:00
Daan De Meyer
2ccce3513b
Merge pull request #34032 from DaanDeMeyer/backport-tests
Backport various commits to v256-stable
2024-08-19 10:53:53 +02:00
Daan De Meyer
0eec580add Add $SYSTEMD_IN_CHROOT to override chroot detection
When running unprivileged, checking /proc/1/root doesn't work because
it requires privileges. Instead, let's add an environment variable so
the process that chroot's can tell (systemd) subprocesses whether
they're running in a chroot or not.

(cherry picked from commit 2701c2f67d)
2024-08-19 07:49:55 +02:00
Daan De Meyer
2e52cf1df7 test-dhcp-server: Gracefully handle the network being down
(cherry picked from commit 4cf7a676af)
2024-08-19 07:48:30 +02:00
Daan De Meyer
ec5cdf9ba0 test: Gracefully handle running within user namespace with single user
Unprivileged users often make themselves root by unsharing a user namespace
and then mapping their current user to root which does not require privileges.
Let's make sure our tests don't fail in such an environment by adding checks
where required to see if we're not running in a user namespace with only a
single user.

(cherry picked from commit ef31767ed7)
2024-08-19 00:06:15 +02:00