IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Previously, remount_idmap() failed as /var/ was already mounted, thus
remounting (strictly speaking, unmounting old root directory) failed
with -EBUSY.
As tmpfs /var/ is mounted with picked UID shift, it should not be
remounted with idmap, but needs to be mounted after the root directory
being remounted.
This makes '-U --volatile=state' work as expected.
(cherry picked from commit 2c2511aa73)
log_setup() overrides the previously set log target again so we
can't use it in log_setup_generator().
Follow-up for aa976d8788
(cherry picked from commit b3ebd480d6)
* cb00be93e5 Upstream profile: skip dh_strip_nondeterminism
* c948e192a8 autopkgtest: skip gdm3 on armel for smoke tests
* e12116becb initramfs-tools: ensure rules file exists before invoking chzdev
* c8904f67e9 Filter out zdev rules in the initramfs hook (LP: #2044104)
* 9967984fc8 salsa-ci: test the stage1 build profile
* 2c81f4a6cc d/e/checkout-upstream: undo quilt patches before switching debian branch
* e75197fa10 d/e/checkout-upstream: do not rebase on main when building stable branches
* 7989319bca Drop patch merged upstream
* b7127a0725 Depend on new linux-bpf-dev package where available
* 7966d2543f autopkgtest: use hint-testsuite-triggers to ensure other packages changes trigger our testsuite
* 777af76cae autopkgtest: run upstream test last
* f257c53fe3 Stop installing legaly pkla file in upstream CI too
* a4b54fd693 Use d/not-installed instead of manual removals
* e0fdbb4496 Stop shipping empty /etc/init.d directory
* 202c7fc8f9 Use debian/clean instead of override in d/rules
* ba81ea64a6 Drop redundant pot build
* 9152d0e064 autopkgtest: allow localectl in localed tests
* 319a078b8e Fix D-Bus policy for locale1 blocking
* 28daa8b37b Drop last patch, all merged upstream
* 7bf7bf6f4e Drop out-of-tree localed patch and use D-Bus policy instead
* 409028b7e6 Drop /etc/sysctl.d/99-sysctl.conf symlink
* 6f37d3cb3e d/e/checkout-upstream: switch packaging branch on upstream stable PRs
* b7e53c00b2 d/e/checkout-upstream: do not fail if rebase fails
* 1364bb81d4 d/e/checkout-upstream: fix shellcheck warnings
* 796d133b0c initramfs-tools: copy network drop-ins too
On Ubuntu/Debian infrastructure QEMU crashes a lot, so mark the test
as skipped in that case as there's nothing we can do about it and
we shouldn't mark runs as failed
(cherry picked from commit 0d7f5a9ae6)
This slows down the build, which is often near the 1hr limit. There are
other jobs running the extra unit tests.
(cherry picked from commit 3bc5480bac)
It's due for release soon and will fix the flakyness of TEST-58-REPART
so let's bump the Fedora 40 job to Fedora 41.
(cherry picked from commit 12a1b02b52)
The disk/by-diskseq symlink should not be shared with multiple block
devices. Hence, it is not necessary to create stack directory for the
symlink that manages which device owns the symlink.
This is not just a optimization.
If a service unit tries to mount a disk image but the service fails, then
the diskseq of the loop device for the image may be continuously increased
during restart, and inodes in /run may increase rapidly, as the stack
directories are cleaned up only when udev queue is empty.
Fixes#34637.
(cherry picked from commit 09373c1a50)
boot loader specification states:
architecture: refers to the architecture this entry is for. The argument
should be an architecture identifier, using the architecture vocabulary
defined by the EFI specification (i.e. IA32, x64, IA64, ARM, AA64, …).
If specified and it does not match the local system architecture this
entry should be hidden. The comparison should be done case-insensitively.
Example: architecture aa64
https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-entry-keys
(cherry picked from commit f819a516db)
Avoids the need to maintain the same list over and over again, and
link it to the defition table in the implementation as a reminder
too
(cherry picked from commit 3509fe124d)
This is to ensure that the UUIDs from the CopyBlocks= devices are copied
to the corresponding new partition instead of creating a new UUID for
it. With this verity partitions can be copied, keeping their UUIDs to
ensure that they still match up with what is specified in roothash=.
(cherry picked from commit f106fd2dbd)
We had several users, that wrote their unit files with
WantedBy=default.target because it should be started "every time".
But for example in Fedora/CentOS/RHEL, this often breaks for
example selinux relabels (where we just want to do a relabel and reboot).
(cherry picked from commit 67b6404b80)
bpftrace nudges the Fedora Rawhide images towards compiler-rt18 while the
sanitizer builds pull in clang19, leading to the sanitizer libraries
not being found at runtime. Let's drop bpftrace for now so that compiler-rt19
is pulled in in the main image.
(cherry picked from commit d98b6c66ff)
systemd built with sanitizers is installed in subimages and tools
might get invoked in postinstall scripts so we have to disable ASAN
in the subimages as well during the image build.
(cherry picked from commit 345a4fcbb6)
The latest clang has started catching more integer promotions which
cause us to pass the wrong type to printf() format specifiers so let's
fix those.
(cherry picked from commit c73d14c43e)
We don't support "split /usr" systems anymore, hence no point in
mentioning /bin/ anymore as being part of the binary search path.
(cherry picked from commit f39e66b85a)
So far we supported this syntax:
ExecStart=foo ; bar
as equivalent to:
ExecStart=foo
ExecStart=bar
With this change we'll "soft" deprecate the first syntax. i.e. it's
still supported in code, but not documented anymore.
The concept was originally added to make things easier for 3rd party
.ini readers, as it allowed writing unit files with a .ini framework
that doesn't allow multiple assignments for the same key. But frankly,
this is kinda pointless, as so many other of our knobs require the
double assignment.
Hence, let's just stop advertising the concept, let's simplify the docs,
by removing one entirely redundant feature from it.
Replaces: #34570
(cherry picked from commit 225f18b9a9)
Let's systematically use RTL_NOW|RLTD_NODELETE as flags passed to
dlopen(), across our codebase.
Various distros build with "-z now" anyway, hence it's weird to specify
RTLD_LAZY trying to override that (which it doesn't). Hence, let's
follow suit, and just do what everybody else does.
Also set RTLD_NODELETE, which is apparently what distros will probably
end up implying sooner or later anyway. Given that for pretty much all
our dlopen() calls we never call dlclose() anyway, let's just set this
everywhere too, to make things systematic.
This way, the flags we use by default match what distros such as fedora
do, there are no surprises, and read-only relocations can be a thing.
Fixes: #34537
(cherry picked from commit bd4beaa2eb)
For compiling bpf code, the system include directory needs to be
constructed. On Debian-like systems, this requires passing a multiarch
directory. Since clang's -dump-machine prints something other that the
multiarch triplet, gcc was interrogated earlier, but that also yields a
wrong result for cross compilation and was thus skipped resulting in
clang not finding asm/types.h.
Rather than, -dump-machine we should ask for -print-multiarch (which
rarely differs). Whenever gcc is in use, this is right (even for cross
building). Since clang does not support -print-multiarch and its
-dump-machine never matches Debian's multiarch, we resort to asking gcc
when building natively. For cross builds using clang, we are out of
luck.
(cherry picked from commit 608009dc62)
On upgrades, only the %postun scriptlets of the old package version
run. This means that any changes related to restarting daemons require
two releases before they're actually used.
%postun is used because it runs after the old package has been removed,
which is important as it means any lingering dropins from the old package
will have been removed as well.
To allow deploying fixes in just a single release while still running after
the old package has been removed, let's introduce %posttrans versions of these
scriptlets as %posttrans of the new package runs on upgrade and install after
the old package has been removed.
(cherry picked from commit 9fd8a9dffe)
Today it seems this is mostly used by mail and printer servers, and it's
not clear to me at all what the property is that makes
/var/spool/<package> the better place for the relevant data than
/var/lib/<package>.
Hence, in the interest of shortening the spec, let's not mention the dir
anymore. In particular as the dir really isn't used by us much, for
example we do not have a counterpart for RuntimeDirectory=,
StateDirectory=, … that would cover the spool.
Since most systems these days we care about probably come *without* a
printer or mail server, let's maybe no mention this in the man page that
is supposed to discuss the rough skeleton how things are set up. After
all, people are supposed to exend the skeleton with their stuff, and
this sounds more like a case for an extension of the skeleton instead of
being considered part of the skeleton itself.
(cherry picked from commit b0201b36d2)
The man page is supposed to provide a "generalized, though minimal and
modernized subset" (as per introductory pargapraghs), from a systemd
perspective. But the thing is that /usr/include/ really doesn't matter
to us. It's a development thing, and slightly weird (because it arguably
would be better places in /usr/share/include/ or so). It's not going to
be there on 95% of deployed systems, and we really don't want people to
bother with it on such systems.
We only define the skeleton of directories in this document, and it's
expected that people extend it, and I think this really should be one of
those dirs that is an extension of our skeleton, but not part of the
skeleton, if that makes any sense.
(cherry picked from commit 9e7b691073)
Every services and containers should be able to protect their users and
limit the impact of security bugs thanks to the security syscalls
provided by seccomp and Landlock. The goal of these syscalls is to
improve security with additional restrictions. They are designed to be
safely used by unprivileged (and then potentially malicious) users.
Remove the now-redundant "seccomp" entry for nspawn.
(cherry picked from commit e996663475)
Somebody wrapped the text, but whitespace is preserved in <programlisting>, so
the output was mangled. It also doesn't make sense to run systemd-path as root
(as indicated by '#'), so drop that. Also, this chunk should be a separate
paragraph.
(cherry picked from commit 1ca81b2e00)
