Hello community, here is the log from the commit of package systemd.12025 for openSUSE:Leap:15.1:Update checked in at 2020-03-02 00:15:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/systemd.12025 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.systemd.12025.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd.12025" Mon Mar 2 00:15:11 2020 rev:1 rq:779214 version:234 Changes: -------- New Changes file: --- /dev/null 2019-12-19 10:12:34.003146842 +0100 +++ /work/SRC/openSUSE:Leap:15.1:Update/.systemd.12025.new.26092/systemd-mini.changes 2020-03-02 00:15:13.236754683 +0100 @@ -0,0 +1,9829 @@ +------------------------------------------------------------------- +Tue Feb 18 09:13:34 UTC 2020 - Franck Bui <[email protected]> + +- Remove TasksMax limit for both user and system slices (jsc#SLE-10123) + +------------------------------------------------------------------- +Mon Feb 17 21:06:38 UTC 2020 - Franck Bui <[email protected]> + +- Import commit 4695ebe0b91ec6a23ba9ea238e61a7348474fbc5 + + Backport support of dash-truncated dropins. + + The new mechanism is used (since v239) to configure TasksMax limit + for user slices and therefore is used to replace UserTasksMax= + option in logind.conf as it's more flexible. + + The old option is still supported thanks to a generator that creates + a dash-truncated dropin at boot. It also warns about the use of the + old option. This will hopefully allow us to remove the support of + UserTasksMax option in the next major version of SLE. + + ec0bddf1f4 logind: keep backward compatibility with UserTasksMax= in logind.conf + 7804fb95bd logind: move two functions to logind_core utility lib + fb99d7bc4c login: fix typo in log message + 15a8ffa5cc Use a dash-truncated drop-in for user-%j.slice configuration + c5bf60565e man: document the new dash truncation drop-in directories + 38fb5d11cb test: add test for prefix unit loading + 7669c783e8 dropin: when looking for dropins for a unit, also look within "-" prefix unit dirs + de1d19b8fb systemctl: fix indentation in output of "systemcl status" if there are multiple drop-in dirs + 5da4984f6f unit-name: add new unit_name_build_from_type() helper + 278643dc78 tests: skip tests when cg_pid_get_path fails (#7033) + a77203d893 shared/dropin: improve error message + +------------------------------------------------------------------- +Mon Feb 17 16:41:44 UTC 2020 - Franck Bui <[email protected]> + +- Import commit d2826c2ca2eab2b9f6fc08ff2010faafd4c1b9f9 + + Backport IP filtering feature (jsc#SLE-7743) + + e6b00a63dc main: when bumping RLIMIT_MEMLOCK, save the previous value to pass to children (bsc#1160595) + b7b5a3ba5d main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE + 61d77e2bda def: add a "high" limit for RLIMIT_NOFILE + 51a8b7fe9b core: bump mlock ulimit to 64Mb + 4a53ff678c Move warning about unsupported BPF firewall right before the firewall would be created + f26201d72c core: refactor bpf firewall support into a pseudo-controller + 3c6af31da6 core: rename cgroup_queue → cgroup_realize_queue + 12ac94d9d4 cgroup: improve cg_mask_to_string a bit, and add tests for it + 6e049a2f46 unit: initialize bpf cgroup realization state properly + cfbb2dfb1b cgroup: always invalidate "cpu" and "cpuacct" together + 55a0d5a690 main: bump RLIMIT_MEMLOCK for the root user substantially + 3c0ec7c460 bpf-firewall: always use log_unit_xyz() insteadof log_xyz() + f8e7b8530a core: fix the check if CONFIG_CGROUP_BPF is on + a3950086e4 tree-wide: avoid assignment of r just to use in a comparison + 92ad831159 Fix three uses of bogus errno value in logs (and returned value in one case) + 8f9b4436fa bpf: reset "extra" IP accounting counters when turning off IP accounting for a unit + 4edd970f68 bpf: rework how we keep track and attach cgroup bpf programs + b6152deaa1 bpf-program: make bpf_program_load_kernel() idempotent + 49fa5c4f73 bpf: use BPF_F_ALLOW_MULTI flag if it is available + 089bac557e bpf-program: optionally take fd of program to detach + aed6959d28 bpf: beef up bpf detection, check if BPF_F_ALLOW_MULTI is supported + c548f48cb2 bpf: add new bpf.h header copy from 4.15 kernel + 54cc371347 bpf-firewall: fix warning text + c08bb273ac ip-address-access: let's exit the loop after invalidating our entry a (#7803) + 3dc5591f72 bpf-firewall: actually invoke BPF_PROG_ATTACH to check whether cgroup/bpf is available + c5f34b169e cgroup: drop unused parameter from function + b519973b49 core: only warn about BPF/cgroup missing once per runtime (#7319) + cbeb2f95ac run: also show IP traffic accounting data on "systemd-run --wait" + 3ff2299ccb core: improve dbus-cgroup error message + 2f0c48782e bpf-firewall: properly handle kernels where BPF cgroup is disabled but TRIE maps are enabled (#7298) + 867a8bf0d7 fix compile error on musl + 8d3314daf3 bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set + c6a029bcc0 cgroup: refuse to return accounting data if accounting isn't turned on + 33ef892f4b core: when coming back from reload/reexec, reapply all cgroup properties + 4bb809e720 core: serialize/deserialize IP accounting across daemon reload/reexec + ec63d2a10c core: when creating the socket fds for a socket unit, join socket's cgroup first + 5efe9d8b24 socket-label: let's use IN_SET, so that we have to call socket_address_family() only once + 35bf6b235f core: warn loudly if IP firewalling is configured but not in effect + e62a2ae266 Add test for eBPF firewall code + d936dbdb8c ip-address-access: minimize IP address lists + df69bcd8d5 core: support IP firewalling to be configured for transient units + c03104bf21 cgroup: dump the newly added IP settings in the cgroup context + 693934ae53 man: document the new ip accounting and filting directives + 7a7b7f97d8 systemctl: report accounted network traffic in "systemctl status" + 3079fcd21c manager: hook up IP accounting defaults + 44e2578544 cgroup, unit, fragment parser: make use of new firewall functions + 61cff5ed0c Add firewall eBPF compiler + 3fabe4de90 cgroup: add fields to accommodate eBPF related details + 031f1b27f4 Add IP address address ACL representation and parser + 7f9545d053 Add abstraction model for BPF programs + d44583412a build-sys: add new kernel bpf.h drop-in + 80842fbc20 in-addr-util: add new helper call in_addr_prefix_from_string_auto() + f5909b1007 in-addr-util: prefix return parameters with ret_ + 4de91e22b7 in-addr-util: be more systematic with naming our functions + 877cc03ac4 tests: when running a manager object in a test, migrate to private cgroup subroot first (#6576) + +------------------------------------------------------------------- +Tue Feb 4 14:02:16 UTC 2020 - Franck Bui <[email protected]> + +- Fix bsc#1162108 CVE-2020-1712 + + Add 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch + Add 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch + Add 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch + +------------------------------------------------------------------- +Mon Feb 3 15:11:37 UTC 2020 - Franck Bui <[email protected]> + +- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) + +------------------------------------------------------------------- +Mon Feb 3 14:56:05 UTC 2020 - Franck Bui <[email protected]> + +- Import commit 938b0a2f966d2606cbb20f4bcce7509995aaa7dc + + 1d7de5e8c2 libblkid: open device in nonblock mode. (bsc#1084671) + 87d18b8209 udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) + 277ab600b0 bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) + 6558c318fc fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) + 0c6fb31abb fileio: initialize errno to zero before we do fread() + 0baf4768d3 fileio: try to read one byte too much in read_full_stream() + 3226d763f7 logind: consider "greeter" sessions suitable as "display" sessions of a user (bsc#1158485) + 5aa70da60d logind: never elect a session that is stopping as display + +------------------------------------------------------------------- +Fri Dec 13 10:56:06 UTC 2019 - Franck Bui <[email protected]> + +- Import commit be5eeb6c7d0bbb8147ff894227140d3d21639aeb + + 24fc1e1ff6 journal: include kmsg lines from the systemd process which exec()d us (#8078) + b213992a3d udevd: don't use monitor after manager_exit() + 28998ada7d udevd: capitalize log messages in on_sigchld() + 6065eee5f8 udevd: merge conditions to decrease indentation + d727a42d46 Revert "udevd: fix crash when workers time out after exit is signal caught" + 0e6ff3b3d1 core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) + 3523d5a0c8 udevd: fix crash when workers time out after exit is signal caught + 787b2f859f udevd: wait for workers to finish when exiting (bsc#1106383) + +------------------------------------------------------------------- +Wed Nov 13 10:16:47 UTC 2019 - Franck Bui <[email protected]> + +- Import commit 71778a1423b0f599ede9faa96d20add61d24db36 + + 98c082a6ca shell-completion: systemctl: do not list template units in {re,}start + 816d6111fc shell-completion: systemctl: pass current word to all list_unit* + e8b40b6b10 bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) + 7cdab60839 bash-completion: systemctl: use systemctl --no-pager + 8844419dc8 bash-completion: also suggest template unit files + 6f0e7ca3d1 bash-completion: systemctl: add missing options and verbs + 4f4d2d4c1b bash-completion: use the first argument instead of the global variable (#6457) + + A bunch of commits which improves bash completion support. It only + touches the shell completion and hence is pretty safe. + +------------------------------------------------------------------- +Wed Nov 13 10:14:37 UTC 2019 - Franck Bui <[email protected]> + +- Import commit cff9adac2f06cc0876dc905d5642d271b69e755d + + 3f5a84b97c networkd: VXLan Make group and remote variable separate (bsc#1156213) + 9c4571d6b2 networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) + 7f1b579fc6 fs-util: let's avoid unnecessary strerror() + 49e51f69b5 fs-util: introduce inotify_add_watch_and_warn() helper + 454c094294 ask-password: improve log message when inotify limit is reached (bsc#1155574) + 012115b8dd shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) + caa9e284af man: alias names can't be used with enable command (bsc#1151377) + +------------------------------------------------------------------- +Fri Nov 8 15:02:14 UTC 2019 - Franck Bui <[email protected]> + +- No need to daemon-reexec at package installation time. + + During package installation PID1 is obviously not being run. + +------------------------------------------------------------------- +Thu Nov 7 14:28:28 UTC 2019 - Franck Bui <[email protected]> + +- Add 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch (jsc#SLE-7689) + +------------------------------------------------------------------- +Mon Sep 30 10:10:57 UTC 2019 - Franck Bui <[email protected]> + +- Add 0001-core-coldplug-possible-nop_job.patch + + This likely fixes bsc#1139459 but it's not been confirmed + yet. That's the reason why it's been put in the quarantine area so + we can mark this patch as a fix once it will be verified before + merging it in our git repo. See https://github.com/systemd/systemd/pull/13124 + for a reproducer and the fix. + + In any cases it fixes a real bug that could be easily reproduced and + the fix verified. + +------------------------------------------------------------------- +Fri Sep 27 08:57:15 UTC 2019 - Franck Bui <[email protected]> + +- Import commit 1b9a7a16f19285e04646b879a7ee932d677a13a6 (jsc#SLE-7687) ++++ 9632 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.systemd.12025.new.26092/systemd-mini.changes New Changes file: systemd.changes: same change New: ---- 0001-core-coldplug-possible-nop_job.patch 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch 0001-udev-don-t-create-by-partlabel-primary-and-.-logical.patch 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch 0002-udev-optionally-disable-the-generation-of-the-partla.patch 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch 80-acpi-container-hotplug.rules 80-hotplug-cpu-mem.rules 99-wakeup-from-idle.rules _service after-local.service baselibs.conf kbd-model-map.legacy pre_checkin.sh scripts-systemd-fix-machines-btrfs-subvol.sh scripts-systemd-migrate-sysconfig-i18n.sh scripts-systemd-upgrade-from-pre-210.sh scripts-udev-convert-lib-udev-path.sh systemd-mini-rpmlintrc systemd-mini.changes systemd-mini.spec systemd-rpmlintrc systemd-sysv-convert systemd-sysv-install systemd-user systemd-v234+suse.531.g4695ebe0b9.tar.xz systemd.changes systemd.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ ++++ 1419 lines (skipped) systemd.spec: same change ++++++ 0001-core-coldplug-possible-nop_job.patch ++++++ >From 1a8f476dc4e17cf4c2ec34aa73966812c6a23f61 Mon Sep 17 00:00:00 2001 From: ypf791 <[email protected]> Date: Fri, 19 Jul 2019 18:28:04 +0800 Subject: [PATCH] core: coldplug possible nop_job (cherry picked from commit b49e14d5f3081dfcd363d8199a14c0924ae9152f) [fbui: fixes bsc#1139459] --- src/core/unit.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c index febce9d242..b2fd4075b3 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3184,6 +3184,7 @@ int unit_add_node_link(Unit *u, const char *what, bool wants, UnitDependency dep int unit_coldplug(Unit *u) { int r = 0, q; char **i; + Job *uj; assert(u); @@ -3207,8 +3208,9 @@ int unit_coldplug(Unit *u) { r = q; } - if (u->job) { - q = job_coldplug(u->job); + uj = u->job ?: u->nop_job; + if (uj) { + q = job_coldplug(uj); if (q < 0 && r >= 0) r = q; } -- 2.21.0 ++++++ 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch ++++++ >From c61c3e2ac903e6c8a53d0e70ec04eb0fe3a58fd6 Mon Sep 17 00:00:00 2001 From: Franck Bui <[email protected]> Date: Thu, 31 Oct 2019 18:32:08 +0100 Subject: [PATCH 1/1] mount/swap/cryptsetup: introduce an option to prevent systemd from making a unit wanted by its device unit systemd introduced a behavior that consisted in activating automatically a unit generated by either fstab-generator or cryptsetup-generator each time its device unit is entering in plugged state and regardless of whether it happened during the boot process or much later. This behavior is confusing for a lot of users and interacts badly with tools which are operating on block devices. Fortunately this feature has been removed by upstream since v242 for both mount and swap units, with commits 142b8142d7bb84f07ac33fc00527a4d48ac8ef9f and 9b88bb5023dfa3cea406c14fdaa3d8e3e320907a respectively. However for backward compatibility reasons we can't simply drop it, therefore this patch introduces a new (but temporary) kernel command line option named 'systemd.device_wants_unit' so one can choose to prevent systemd from starting automagically a unit which was generated by {cryptsetup,fstab}-generator by setting it to 'off'. The default value for this option is 'on' so no behavior change will happen by default but please note that next major versions of SLE will permanently switch it to 'off' without any possibilities to change it. With this option enabled, it's now possible to prevent all swap units to be activated by masking the swap target. [fbui: fixes jsc#SLE-7689] --- src/basic/proc-cmdline.c | 15 +++++++++++++++ src/basic/proc-cmdline.h | 2 ++ src/core/unit.c | 3 ++- src/cryptsetup/cryptsetup-generator.c | 8 +++++--- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c index 8592a428d5..3936e809b6 100644 --- a/src/basic/proc-cmdline.c +++ b/src/basic/proc-cmdline.c @@ -247,6 +247,21 @@ int shall_restore_state(void) { return r > 0 ? ret : true; } +bool shall_device_want_unit(void) { + static int device_wants_unit = -1; + + if (device_wants_unit < 0) { + bool ret; + + if (proc_cmdline_get_bool("systemd.device_wants_unit", &ret) > 0) + device_wants_unit = ret; + else + device_wants_unit = true; + } + + return device_wants_unit; +} + static const char * const rlmap[] = { "emergency", SPECIAL_EMERGENCY_TARGET, "-b", SPECIAL_EMERGENCY_TARGET, diff --git a/src/basic/proc-cmdline.h b/src/basic/proc-cmdline.h index ebfed355e9..bb4ebe5ee7 100644 --- a/src/basic/proc-cmdline.h +++ b/src/basic/proc-cmdline.h @@ -52,3 +52,5 @@ static inline bool proc_cmdline_value_missing(const char *key, const char *value return false; } + +bool shall_device_want_unit(void); diff --git a/src/core/unit.c b/src/core/unit.c index febce9d242..736863e48c 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -46,6 +46,7 @@ #include "mkdir.h" #include "parse-util.h" #include "path-util.h" +#include "proc-cmdline.h" #include "process-util.h" #include "set.h" #include "signal-util.h" @@ -3172,7 +3173,7 @@ int unit_add_node_link(Unit *u, const char *what, bool wants, UnitDependency dep if (r < 0) return r; - if (wants) { + if (wants && shall_device_want_unit()) { r = unit_add_dependency(device, UNIT_WANTS, u, false); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 312cdf3d1f..ce47f9f0da 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -195,9 +195,11 @@ static int create_disk( return log_error_errno(r, "Failed to write file %s: %m", p); if (!noauto) { - r = generator_add_symlink(arg_dest, d, "wants", n); - if (r < 0) - return r; + if (shall_device_want_unit()) { + r = generator_add_symlink(arg_dest, d, "wants", n); + if (r < 0) + return r; + } r = generator_add_symlink(arg_dest, netdev ? "remote-cryptsetup.target" : "cryptsetup.target", -- 2.16.4 ++++++ 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch ++++++ >From e5b27eea8901287ed752a3d074c6cc9c71bc1103 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 22 Jan 2020 16:52:10 +0100 Subject: [PATCH 1/3] polkit: on async pk requests, re-validate action/details When we do an async pk request, let's store which action/details we used for the original request, and when we are called for the second time, let's compare. If the action/details changed, let's not allow the access to go through. [fbui: adjust context] --- src/shared/bus-util.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 207b5e66fc..770e15acba 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -334,6 +334,9 @@ int bus_test_polkit( #ifdef ENABLE_POLKIT typedef struct AsyncPolkitQuery { + char *action; + char **details; + sd_bus_message *request, *reply; sd_bus_message_handler_t callback; void *userdata; @@ -354,6 +357,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { sd_bus_message_unref(q->request); sd_bus_message_unref(q->reply); + free(q->action); + strv_free(q->details); + free(q); } @@ -418,11 +424,17 @@ int bus_verify_polkit_async( if (q) { int authorized, challenge; - /* This is the second invocation of this function, and - * there's already a response from polkit, let's - * process it */ + /* This is the second invocation of this function, and there's already a response from + * polkit, let's process it */ assert(q->reply); + /* If the operation we want to authenticate changed between the first and the second time, + * let's not use this authentication, it might be out of date as the object and context we + * operate on might have changed. */ + if (!streq(q->action, action) || + !strv_equal(q->details, (char**) details)) + return -ESTALE; + if (sd_bus_message_is_method_error(q->reply, NULL)) { const sd_bus_error *e; @@ -528,6 +540,18 @@ int bus_verify_polkit_async( q->callback = callback; q->userdata = userdata; + q->action = strdup(action); + if (!q->action) { + async_polkit_query_free(q); + return -ENOMEM; + } + + q->details = strv_copy((char**) details); + if (!q->details) { + async_polkit_query_free(q); + return -ENOMEM; + } + r = hashmap_put(*registry, call, q); if (r < 0) { async_polkit_query_free(q); -- 2.16.4 ++++++ 0001-udev-don-t-create-by-partlabel-primary-and-.-logical.patch ++++++ >From 34f38aa61d5189a0258982efd976da7d249a11d3 Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Mon, 16 Apr 2018 23:03:27 +0200 Subject: [PATCH 1/2] udev: don't create by-partlabel/primary and .../logical symlinks These links are created by libstorage / parted by default. They are ambiguous and may be present hundred- or thousandfold on large systems. They are meaningless for device identification and may slow down udev processing. They aren't used anywhere. Don't create them. A service has been added to detect at boot cases that likely need to be fixed: a warning is thrown at both the console and syslog to encourage sysadmin to consult the relevant TID explaining how to permanently fix the issue. [fbui: added the detection part] [fbui: fixes bsc#1089761] --- Makefile.am | 2 ++ rules/60-persistent-storage.rules | 2 +- units/detect-part-label-duplicates.service | 16 ++++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 units/detect-part-label-duplicates.service diff --git a/Makefile.am b/Makefile.am index 240d193eb..84563d4a9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -489,6 +489,7 @@ dist_sysctl_DATA = \ sysctl.d/50-default.conf dist_systemunit_DATA = \ + units/detect-part-label-duplicates.service \ units/graphical.target \ units/multi-user.target \ units/emergency.target \ @@ -6586,6 +6587,7 @@ MULTI_USER_TARGET_WANTS += \ systemd-ask-password-wall.path SYSINIT_TARGET_WANTS += \ + detect-part-label-duplicates.service \ dev-hugepages.mount \ dev-mqueue.mount \ sys-kernel-config.mount \ diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules index d2745f65f..5e803d639 100644 --- a/rules/60-persistent-storage.rules +++ b/rules/60-persistent-storage.rules @@ -92,6 +92,6 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-i # by-partlabel/by-partuuid links (partition metadata) ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" -ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", ENV{ID_PART_ENTRY_NAME}!="primary|logical", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" LABEL="persistent_storage_end" diff --git a/units/detect-part-label-duplicates.service b/units/detect-part-label-duplicates.service new file mode 100644 index 000000000..1fbca2114 --- /dev/null +++ b/units/detect-part-label-duplicates.service @@ -0,0 +1,16 @@ +[Unit] +Description=Detect if the system suffers from bsc#1089761 +ConditionDirectoryNotEmpty=/run/udev/data + +[Service] +RemainAfterExit=true +StandardOutput=syslog+console +SyslogLevel=warning +ExecStart=/bin/sh -c " \ + if [ $(grep -r "E:ID_PART_ENTRY_NAME=primary" /run/udev/data | wc -l) -ge 100 ]; then \ + echo 'Warning: a high number of partitions uses \"primary\" or \"logical\" as'; \ + echo 'partition label name, which may cause slow-down in the boot process.'; \ + echo 'To prevent it, a workaround is temporarly in place but we recommend to'; \ + echo 'refer to TID #7023057 in order to permanently fix this issue (as the'; \ + echo 'workaround will be dropped in the future).'; \ + fi" -- 2.18.0 ++++++ 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch ++++++ >From 1c70ce389264ee8344841ea68454de2f47ce5bb6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 22 Jan 2020 17:05:17 +0100 Subject: [PATCH 2/3] sd-bus: introduce API for re-enqueuing incoming messages When authorizing via PolicyKit we want to process incoming method calls twice: once to process and figure out that we need PK authentication, and a second time after we aquired PK authentication to actually execute the operation. With this new call sd_bus_enqueue_for_read() we have a way to put an incoming message back into the read queue for this purpose. This might have other uses too, for example debugging. [fbui: don't make it public] [fbui: adjust context] [fbui: bus_message_ref_queued() and bus_resolve() are not available] [fbui: fix function name misspelling] --- src/libsystemd/sd-bus/sd-bus.c | 23 +++++++++++++++++++++++ src/systemd/sd-bus.h | 1 + 2 files changed, 24 insertions(+) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index fc13e78744..ecb13f6c5c 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -3915,3 +3915,26 @@ _public_ int sd_bus_get_exit_on_disconnect(sd_bus *bus) { return bus->exit_on_disconnect; } + +int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) { + int r; + + assert_return(bus, -EINVAL); + assert_return(m, -EINVAL); + assert_return(m->sealed, -EINVAL); + assert_return(!bus_pid_changed(bus), -ECHILD); + + if (!BUS_IS_OPEN(bus->state)) + return -ENOTCONN; + + /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication, + * where we want accept a message, then determine we need to interactively authenticate the user, and + * when we have that process the message again. */ + + r = bus_rqueue_make_room(bus); + if (r < 0) + return r; + + bus->rqueue[bus->rqueue_size++] = sd_bus_message_ref(m); + return 0; +} diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h index 2b6aeb7989..9123f5547c 100644 --- a/src/systemd/sd-bus.h +++ b/src/systemd/sd-bus.h @@ -180,6 +180,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r); int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r); int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec); int sd_bus_flush(sd_bus *bus); +int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m); sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus); sd_bus_message* sd_bus_get_current_message(sd_bus *bus); -- 2.16.4 ++++++ 0002-udev-optionally-disable-the-generation-of-the-partla.patch ++++++ >From 749f0c9b1431470dbc3f36cc507e86f9894d65bc Mon Sep 17 00:00:00 2001 From: Franck Bui <[email protected]> Date: Tue, 21 Aug 2018 16:21:53 +0200 Subject: [PATCH 2/2] udev: optionally disable the generation of the 'partlabel' symlinks We already addressed bsc#1089761 to prevent the generation of "primary" or "logical". But it wasn't enough: some users could also have used their own name other than "primary" and "logical" of course... For them, we introduce "udev.no-partlabel-links" kernel command-line option to prevent the generation of all by-partlabel symlinks regardless of the name which was choosen. This option should be *only* used to address performance issue related to bsc#1089761 because it will be removed as soon as the udev performance issue will be addressed. [fbui: fixes bsc#1089761] --- rules/60-persistent-storage.rules | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules index 5e803d639..eefa28f7d 100644 --- a/rules/60-persistent-storage.rules +++ b/rules/60-persistent-storage.rules @@ -92,6 +92,8 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-i # by-partlabel/by-partuuid links (partition metadata) ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" -ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", ENV{ID_PART_ENTRY_NAME}!="primary|logical", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" + +IMPORT{cmdline}="udev.no-partlabel-links" +ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", ENV{ID_PART_ENTRY_NAME}!="primary|logical", ENV{udev.no-partlabel-links}!="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" LABEL="persistent_storage_end" -- 2.18.0 ++++++ 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch ++++++ >From ab50bd435ba58549fe5dd5d52d32b9bd185324ee Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 22 Jan 2020 17:07:47 +0100 Subject: [PATCH 3/3] polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it Previously, when doing an async PK query we'd store the original callback/userdata pair and call it again after the PK request is complete. This is problematic, since PK queries might be slow and in the meantime the userdata might be released and re-acquired. Let's avoid this by always traversing through the message handlers so that we always re-resolve the callback and userdata pair and thus can be sure it's up-to-date and properly valid. [fbui: adjust context] [fbui: sd_event_source_disable_unref() is not available] [fbui: fixes bsc#1162108] --- src/shared/bus-util.c | 78 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 26 deletions(-) diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 770e15acba..393d0742aa 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -338,14 +338,13 @@ typedef struct AsyncPolkitQuery { char **details; sd_bus_message *request, *reply; - sd_bus_message_handler_t callback; - void *userdata; sd_bus_slot *slot; + Hashmap *registry; + sd_event_source *defer_event_source; } AsyncPolkitQuery; static void async_polkit_query_free(AsyncPolkitQuery *q) { - if (!q) return; @@ -360,9 +359,23 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { free(q->action); strv_free(q->details); + sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_OFF); + sd_event_source_unref(q->defer_event_source); free(q); } +static int async_polkit_defer(sd_event_source *s, void *userdata) { + AsyncPolkitQuery *q = userdata; + + assert(s); + + /* This is called as idle event source after we processed the async polkit reply, hopefully after the + * method call we re-enqueued has been properly processed. */ + + async_polkit_query_free(q); + return 0; +} + static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; AsyncPolkitQuery *q = userdata; @@ -371,21 +384,46 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e assert(reply); assert(q); + assert(q->slot); q->slot = sd_bus_slot_unref(q->slot); + + assert(!q->reply); q->reply = sd_bus_message_ref(reply); + /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the + * whole message processing again, and thus re-validating and re-retrieving the "userdata" field + * again. + * + * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again, + * i.e. after the second time the message is processed is complete. */ + + assert(!q->defer_event_source); + r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); + if (r < 0) + goto fail; + + r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); + if (r < 0) + goto fail; + + r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); + if (r < 0) + goto fail; + r = sd_bus_message_rewind(q->request, true); - if (r < 0) { - r = sd_bus_reply_method_errno(q->request, r, NULL); - goto finish; - } + if (r < 0) + goto fail; - r = q->callback(q->request, q->userdata, &error_buffer); - r = bus_maybe_reply_error(q->request, r, &error_buffer); + r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request); + if (r < 0) + goto fail; -finish: - async_polkit_query_free(q); + return 1; +fail: + log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); + (void) sd_bus_reply_method_errno(q->request, r, NULL); + async_polkit_query_free(q); return r; } @@ -404,11 +442,10 @@ int bus_verify_polkit_async( #ifdef ENABLE_POLKIT _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; AsyncPolkitQuery *q; - const char *sender, **k, **v; - sd_bus_message_handler_t callback; - void *userdata; + const char **k, **v; int c; #endif + const char *sender; int r; assert(call); @@ -472,20 +509,11 @@ int bus_verify_polkit_async( else if (r > 0) return 1; -#ifdef ENABLE_POLKIT - if (sd_bus_get_current_message(call->bus) != call) - return -EINVAL; - - callback = sd_bus_get_current_handler(call->bus); - if (!callback) - return -EINVAL; - - userdata = sd_bus_get_current_userdata(call->bus); - sender = sd_bus_message_get_sender(call); if (!sender) return -EBADMSG; +#ifdef ENABLE_POLKIT c = sd_bus_message_get_allow_interactive_authorization(call); if (c < 0) return c; @@ -537,8 +565,6 @@ int bus_verify_polkit_async( return -ENOMEM; q->request = sd_bus_message_ref(call); - q->callback = callback; - q->userdata = userdata; q->action = strdup(action); if (!q->action) { -- 2.16.4 ++++++ 80-acpi-container-hotplug.rules ++++++ # ACPI0004 container offline for Huawei Kunlun # do not edit this file, it will be overwritten on update SUBSYSTEM=="container", ACTION=="change", ENV{EVENT}=="offline", ATTR{online}=="1", ATTR{[dmi/id]sys_vendor}=="Huawei", ATTR{[dmi/id]product_name}=="9008|9016|9032", DEVPATH=="*/ACPI0004:??", \ RUN+="/usr/bin/sh -c ' \ /usr/bin/find -L /sys/$env{DEVPATH}/firmware_node/*/physical_node* -maxdepth 1 -name online | \ while read line; do \ if [ $(/usr/bin/cat $line) -eq 1 ]; then \ /usr/bin/echo 0 > $line; \ fi \ done; \ /usr/bin/echo 0 > /sys/$env{DEVPATH}/online; '" ++++++ 80-hotplug-cpu-mem.rules ++++++ # do not edit this file, it will be overwritten on update # # Hotplug physical CPU # SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" # # Hotplug physical memory. Instances of tmpfs are remounted so their # size are recalculated. This might be needed if some sizes were # specified relative to the total amount of memory (boo#869603). For # now make it simple and remount all tmpfs regardless of how their # size are specified. It should be handled by the kernel as it has a # lot of shortcomings anyways (tmpfs mounted by other processes, mount # namespaces, ...) # SUBSYSTEM=="memory", ACTION=="add", PROGRAM=="/usr/bin/uname -m", RESULT!="s390x", ATTR{state}=="offline", \ ATTR{state}="online", \ RUN+="/bin/sh -c ' \ while read src dst fs opts unused; do \ case $fs in \ tmpfs) mount -o remount \"$dst\" ;; \ esac \ done </proc/self/mounts" ++++++ 99-wakeup-from-idle.rules ++++++ # enable usb and standard AT Keyboards as wakeup sources for suspend-to-idle (S2I) fate#323814 ACTION=="add", ATTR{power/wakeup}=="disabled", SUBSYSTEM=="serio", ATTR{description}=="i8042 KBD port", ATTR{power/wakeup}="enabled" ACTION=="add", ATTR{power/wakeup}=="disabled", SUBSYSTEM=="hid", ATTRS{bInterfaceProtocol}=="01", ATTR{power/wakeup}="enabled" ++++++ _service ++++++ <!-- See https://en.opensuse.org/openSUSE:Build_Service_Concept_SourceService --> <!-- for more details on the syntax --> <services> <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://github.com/openSUSE/systemd.git</param> <param name="filename">systemd</param> <param name="versionformat">@PARENT_TAG@+suse.@[email protected]%h</param> <param name="revision">SLE15</param> </service> <service name="recompress" mode="disabled"> <param name="file">*systemd-v234+suse.*.tar</param> <param name="compression">xz</param> </service> </services> ++++++ after-local.service ++++++ # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. [Unit] Description=/etc/init.d/after.local Compatibility ConditionFileIsExecutable=/etc/init.d/after.local After=getty.target [Service] Type=idle ExecStart=/etc/init.d/after.local TimeoutSec=0 RemainAfterExit=yes ++++++ baselibs.conf ++++++ # # https://en.opensuse.org/openSUSE:Build_Service_baselibs.conf#Quickstart # systemd supplements "packageand(systemd:pam-<targettype>)" -/lib/systemd/system/ -/usr/lib/systemd/libsystemd-shared.*\.so post "<prefix>%{_sbindir}/pam-config -a --systemd || :" libsystemd0 libudev1 libudev-devel nss-myhostname nss-mymachines ++++++ kbd-model-map.legacy ++++++ # Additional layouts offered by YaST Pl02 pl pc105 - terminate:ctrl_alt_bksp arabic ara,us pc105 - terminate:ctrl_alt_bksp,grp:shift_toggle cn-latin1 ca pc105 multix terminate:ctrl_alt_bksp cz-lat2-us cz,us pc105 qwerty,basic terminate:ctrl_alt_bksp,grp:shift_toggle es-cp850 es pc105 - terminate:ctrl_alt_bksp ir ir pc105 - terminate:ctrl_alt_bksp korean kr pc105 - terminate:ctrl_alt_bksp lt.std lt pc105 std terminate:ctrl_alt_bksp no-latin1 no pc105 - terminate:ctrl_alt_bksp ruwin_alt-UTF-8 us,ru pc105 ,winkeys terminate:ctrl_alt_bksp,grp:ctrl_shift_toggle,grp_led:scroll ++++++ pre_checkin.sh ++++++ #!/bin/sh # This script is based on libcdio_spec-prepare.sh (thanks to [email protected]) # create a -mini spec for systemd for bootstrapping ORIG_SPEC=systemd EDIT_WARNING="##### WARNING: please do not edit this auto generated spec file. Use the ${ORIG_SPEC}.spec! #####\n" sed "s/^%define bootstrap .*$/${EDIT_WARNING}%define bootstrap 1/; s/^%define mini .*$/${EDIT_WARNING}%define mini -mini/; s/^Name:.*/&-mini/ " < ${ORIG_SPEC}.spec > ${ORIG_SPEC}-mini.spec cp ${ORIG_SPEC}.changes ${ORIG_SPEC}-mini.changes cp ${ORIG_SPEC}-rpmlintrc ${ORIG_SPEC}-mini-rpmlintrc osc service localrun format_spec_file ++++++ scripts-systemd-fix-machines-btrfs-subvol.sh ++++++ #! /bin/bash # # This is used to initially create /var/lib/machines subvolume in case # the system we're running on is using BTRFS with the specific layout # used by snapper to perform snapshots, rollbacks, etc... # # Unfortunately some distros (TW) already shipped versions with # systemd creating a plain subvolume which breaks snapper. # # If /var/lib/machines is already populated then it's going to be # pretty ugly to convert the old subvolume into a new one specially # since it can be in use. # # Hopefully not a lot of users are using machinectl to import # container/VM images. So in most of the cases this directory should # be empty and we can then simple delete the subvolume and create a # new one respecting the snapper layout. # # In the rare case where /var/lib/machines is populated, we will warn # the user and let him fix it manually. # # In order to avoid ugly dependencies added in systemd package, this # script should only be called during package updates when # mksubvolume(8) is available. During installation, /var/lib/machines # is supposed to be created by the installer now. # # See bsc#992573 # warn() { echo >&2 "warning: $@" } is_btrfs_subvolume() { # On btrfs subvolumes always have the inode 256 test $(stat --format=%i "$1") -eq 256 } # This assumes the directory/subvol is emptied by the caller. rm_subvolume_or_directory() { is_btrfs_subvolume "$1" && { btrfs subvolume delete "$1" return } rmdir "$1" } on_exit() { # Simply print a common error message in case something went # wrong. if test $? -ne 0; then warn "Please fix /var/lib/machines manually." # FIXME: point to a documentation explaining how to do # that. exit 1 fi } # # If there's already an entry in fstab for /var/lib/machines, it # means that: # # - the installer initialized /var/lib/machines correctly (default) # - we already fixed it # - the sysadmin added it manually # # In any cases we should exit. # # Note: we can't simply check if /var/lib/machines has been mounted # because an update through a chroot might be in progress (see # bsc#1030290). # if mount --fake /var/lib/machines 2>/dev/null; then exit fi # # If there is already an entry in fstab for /var, it means that: # # - the system has a seperate /var subvolume (default from Feb 2018) # - the system has a seperate /var partition # # In any case we should exit # if mount --fake /var 2>/dev/null; then exit fi # # If something is already mounted don't try to fix anything, it's been # done manually by the sysadmin. # if mountpoint -q /var/lib/machines; then exit fi # # Let's try to figure out if the current filesystem uses a Snapper # BTRFS specific layout. Note that TW uses a different layout than # SLE... # # FIXME: not sure if it's correct, reliable or optimal. # case $(findmnt -nr -t btrfs -o FSROOT / 2>/dev/null) in *.snapshots/*/snapshot*) ;; *) exit 0 esac trap on_exit EXIT if test -d /var/lib/machines; then # # Ok, we're on a system supporting rollbacks and # /var/lib/machines is not a subvolume remotely mounted so it # cannot be suitable for systems supporting rollback. Fix it. # echo "Making /var/lib/machines suitable for rollbacks..." type mksubvolume >/dev/null 2>&1 || { warn "mksubvolume(8) is not installed, aborting." exit 1 } test "$(ls -A /var/lib/machines/)" && { warn "/var/lib/machines is not empty, aborting." exit 1 } echo "Deleting empty /var/lib/machines directory/subvolume" rm_subvolume_or_directory /var/lib/machines || { warn "fail to delete /var/lib/machines" exit 1 } fi # At this point /var/lib/machines shouldn't exist. echo "Creating /var/lib/machines subvolume suitable for rollbacks." mksubvolume /var/lib/machines ++++++ scripts-systemd-migrate-sysconfig-i18n.sh ++++++ #! /bin/bash # FIXME: only do this once # /etc/sysconfig/console | /etc/vconsole.conf # -------------------------+--------------------- # CONSOLE_FONT | FONT # CONSOLE_SCREENMAP | FONT_MAP # CONSOLE_UNICODEMAP | FONT_UNIMAP migrate_locale () { local migrated="" if ! test -f /etc/sysconfig/console; then return fi source /etc/sysconfig/console || return if test -f /etc/vconsole.conf; then source /etc/vconsole.conf || return fi if test -n "$CONSOLE_FONT" && test -z "$FONT"; then echo "FONT=$CONSOLE_FONT" >>/etc/vconsole.conf migrated+="CONSOLE_FONT " fi if test -n "$CONSOLE_SCREENMAP" && test -z "$FONT_MAP"; then echo "FONT_MAP=$CONSOLE_SCREENMAP" >>/etc/vconsole.conf migrated+="CONSOLE_SCREENMAP " fi if test -n "$CONSOLE_UNICODEMAP" && test -z "$FONT_UNIMAP"; then echo "FONT_UNIMAP=$CONSOLE_UNICODEMAP" >>/etc/vconsole.conf migrated+="CONSOLE_UNICODEMAP " fi if test -n "$migrated"; then echo >&2 "The following variables from /etc/sysconfig/console have been migrated" echo >&2 "into /etc/vconsole.conf:" echo >&2 for v in $migrated; do echo " - $v=${!v}"; done echo >&2 echo >&2 "Please edit /etc/vconsole.conf if you need to tune these settings" echo >&2 "as /etc/sysconfig/console won't be considered anymore." echo >&2 fi } # /etc/sysconfig/keyboard | /etc/vconsole.conf # -------------------------+--------------------- # KEYTABLE | KEYMAP migrate_keyboard () { local migrated="" if ! test -f /etc/sysconfig/keyboard; then return fi source /etc/sysconfig/keyboard || return if test -f /etc/vconsole.conf; then source /etc/vconsole.conf || return fi if test -n "$KEYTABLE" && test -z "$KEYMAP"; then echo "KEYMAP=$KEYTABLE" >>/etc/vconsole.conf migrated+="KEYTABLE " fi if test -n "$migrated"; then echo >&2 "The following variables from /etc/sysconfig/keyboard have been migrated" echo >&2 "into /etc/vconsole.conf:" echo >&2 for v in $migrated; do echo " - $v=${!v}"; done echo >&2 echo >&2 "Please use localectl(1) if you need to tune these settings since" echo >&2 "/etc/sysconfig/keyboard won't be considered anymore." echo >&2 fi } # According to # https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_suse_l10n.html, # variables in /etc/sysconfig/language are supposed to be passed to # the users' shell *only*. However it seems that there has been some # confusion and they ended up configuring the system-wide locale as # well. The logic followed by systemd was implemented in commit # 01c4b6f4f0d951d17f6873f68156ecd7763429c6, which was reverted. The # code below follows the same logic to migrate content of # /etc/sysconfig/language into locale.conf. migrate_language () { local lang= local migrated=false if ! test -f /etc/sysconfig/language; then return fi source /etc/sysconfig/language || return lang=$(grep ^LANG= /etc/locale.conf 2>/dev/null) lang=${lang#LANG=} case "$ROOT_USES_LANG" in yes) if test -z "$lang" && test -n "$RC_LANG"; then echo "LANG=$RC_LANG" >>/etc/locale.conf migrated=true fi ;; ctype) if ! grep -q ^LC_CTYPE= /etc/locale.conf 2>/dev/null; then : ${lc_ctype:="$lang"} : ${lc_ctype:="$RC_LC_CTYPE"} : ${lc_ctype:="$RC_LANG"} if test -n "$lc_ctype"; then echo "LC_CTYPE=$lc_ctype" >>/etc/locale.conf migrated=true fi fi ;; esac if $migrated; then echo >&2 "The content of /etc/sysconfig/language has been migrated into" echo >&2 "/etc/locale.conf. The former file is now only used for setting" echo >&2 "the locale used by user's shells. The system-wide locale is" echo >&2 "only read from /etc/locale.conf since now." echo >&2 echo >&2 "Please only use localectl(1) or YaST if you need to change the" echo >&2 "settings of the *system-wide* locale from now." fi } migrate_locale; rv1=$? migrate_keyboard; rv2=$? migrate_language; rv3=$? test $((rv1 + rv2 + rv3)) -eq 0 ++++++ scripts-systemd-upgrade-from-pre-210.sh ++++++ #! /bin/bash # # This script is supposed to be executed from the %post section. It # contains all hacks needed to update a system which was running # systemd < v210. This also includes systems migrating from SysV. # # All hacks can potentially break the admin settings since they work # in /etc... # Try to read default runlevel from the old inittab if it exists. If # it fails fallback to runlevel 3 which should still be better than # the rescue shell. # # Note: /etc/inittab was part of the aaa_base package which can be # upgraded before systemd is. Therefore this file is likely to be # missing. if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then runlevel=$(sed -n -r "s/^id:([[:digit:]]):initdefault:/\1/p" /etc/inittab) : ${runlevel:=3} echo "Initializing default.target to runlevel${runlevel}.target" ln -s /usr/lib/systemd/system/runlevel${runlevel}.target /etc/systemd/system/default.target fi # migrate any symlink which may refer to the old path for f in $(find /etc/systemd/system -type l -xtype l); do new_target="/usr$(readlink $f)" [ -f "$new_target" ] && ln -s -f $new_target $f done ++++++ scripts-udev-convert-lib-udev-path.sh ++++++ #! /bin/bash # # When upgrading from systems predating systemd (SLE11, openSUSE # 12.x), udev libexec directory was changed from /lib/udev to # /usr/lib/udev. Some customer scripts might still rely on the old # path, therefore try to create a symlink that preserves the old path # (see bsc#1050152). # # This script is supposed to be called from the %posttrans scection of # the udev package. # convert_lib_udev_path () { local failed=/bin/false # Sanity check: /usr/lib/udev must exist at that point since # the new udev package should have been installed. if ! test -d /usr/lib/udev; then echo >&2 "/usr/lib/udev does not exist, refusing to create" echo >&2 "/lib/udev compat symlink." return 1 fi # If the symlink is missing it probably means that we're # upgrading and the old /lib/udev path was removed as it was # empty at the time the old version of udev was uninstalled. if ! test -e /lib/udev; then echo "Creating /lib/udev -> /usr/lib/udev symlink." ln -s /usr/lib/udev /lib/udev return fi # If a symlink already exists, simply assume that we already # did the job. IOW we're just doing a simple update of # systemd/udev (not upgrading). if test -L /lib/udev; then return fi # Sanity check: refuse to deal with anything but a directory. if ! test -d /lib/udev; then echo >&2 "/lib/udev is not either a directory nor a symlink !" echo >&2 "It won't be converted into a symlink to /usr/lib/udev." echo >&2 "Please create it manually." return 1 fi # /lib/udev exists and is still a directory (probably not # empty otherwise it would have been removed when the old # version of udev was uninstalled), we try to merge its # content with the new location and if it fails we warn the # user and let him sort this out. shopt -s globstar for f in /lib/udev/**; do if test -d "$f"; then continue fi if test -e /usr/"$f"; then echo >&2 "Failed to migrate '$f' to /usr/lib/udev because it already exists." failed=/bin/true continue fi echo "Migrating '$f' in /usr/lib/udev" if ! cp -a --parents "$f" /usr; then echo >&2 "Failed to move '$f' in /usr/lib/udev." failed=/bin/true continue fi rm "$f" done shopt -u globstar if ! $failed; then rm -fr /lib/udev && ln -s ../usr/lib/udev /lib/udev && echo "The content of /lib/udev has been moved in /usr/lib/udev successfully" && echo "and /lib/udev is now a symlink pointing to /usr/lib/udev." && echo "Please note /lib/udev is deprecated and shouldn't be used by" && echo "new scripts/applications anymore." || failed=/bin/true fi if $failed; then echo >&2 "Converting /lib/udev into a symlink pointing to /usr/lib/udev was not" echo >&2 "possible due to previous error(s)." echo >&2 "Please fix them and then create the symlink with:" echo >&2 " 'ln -s ../usr/lib/udev /lib/udev'." return 1 fi } convert_lib_udev_path ++++++ systemd-mini-rpmlintrc ++++++ addFilter("invalid-pkgconfig-file") addFilter(".*dangling-symlink /sbin/(halt|init|poweroff|telinit|shutdown|runlevel|reboot).*") addFilter(".*dangling-symlink .* /dev/null.*") addFilter(".*files-duplicate .*/reboot\.8.*") addFilter(".*files-duplicate .*/sd_is_socket\.3.*") addFilter("non-conffile-in-etc /etc/bash_completion.d/systemd-bash-completion\.sh") addFilter("non-conffile-in-etc /etc/rpm/macros\.systemd") addFilter(".*dbus-policy-allow-receive") addFilter(".*dangling-symlink /lib/udev/devices/std(in|out|err).*") addFilter(".*dangling-symlink /lib/udev/devices/core.*") addFilter(".*dangling-symlink /lib/udev/devices/fd.*") addFilter(".*incoherent-init-script-name boot\.udev.*") addFilter(".init-script-without-%stop_on_removal-preun /etc/init\.d/boot\.udev") addFilter(".init-script-without-%restart_on_update-postun /etc/init\.d/boot\.udev") addFilter(".*devel-file-in-non-devel-package.*udev.pc.*") addFilter(".*libgudev-.*shlib-fixed-dependency.*") addFilter(".*suse-filelist-forbidden-systemd-userdirs.*") addFilter("libudev-mini.*shlib-policy-name-error.*") addFilter("nss-systemd.*shlib-policy-name-error.*") addFilter("nss-myhostname.*shlib-policy-name-error.*") addFilter("nss-mymachines.*shlib-policy-name-error.*") addFilter("nss-resolve.*shlib-policy-name-error.*") addFilter("systemd-logger.*useless-provides sysvinit(syslog).*") addFilter("devel-file-in-non-devel-package.*/usr/share/pkgconfig/(udev|systemd)\.pc.*") addFilter(".*script-without-shebang.*/usr/lib/udev/rule_generator.functions.*") addFilter(".*files-duplicate.*/systemd-logger.*") addFilter(".*missing-call-to-setgroups-before-setuid.*") addFilter(".*missing-call-to-chdir-with-chroot.*") addFilter(".*systemd-service-without-service.*") addFilter(".*shlib-policy-missing-suffix.*") addFilter(".*suse-missing-rclink.*") ++++++ systemd-rpmlintrc ++++++ addFilter("invalid-pkgconfig-file") addFilter(".*dangling-symlink /sbin/(halt|init|poweroff|telinit|shutdown|runlevel|reboot).*") addFilter(".*dangling-symlink .* /dev/null.*") addFilter(".*files-duplicate .*/reboot\.8.*") addFilter(".*files-duplicate .*/sd_is_socket\.3.*") addFilter("non-conffile-in-etc /etc/bash_completion.d/systemd-bash-completion\.sh") addFilter("non-conffile-in-etc /etc/rpm/macros\.systemd") addFilter(".*dbus-policy-allow-receive") addFilter(".*dangling-symlink /lib/udev/devices/std(in|out|err).*") addFilter(".*dangling-symlink /lib/udev/devices/core.*") addFilter(".*dangling-symlink /lib/udev/devices/fd.*") addFilter(".*incoherent-init-script-name boot\.udev.*") addFilter(".init-script-without-%stop_on_removal-preun /etc/init\.d/boot\.udev") addFilter(".init-script-without-%restart_on_update-postun /etc/init\.d/boot\.udev") addFilter(".*devel-file-in-non-devel-package.*udev.pc.*") addFilter(".*libgudev-.*shlib-fixed-dependency.*") addFilter(".*suse-filelist-forbidden-systemd-userdirs.*") addFilter("libudev-mini.*shlib-policy-name-error.*") addFilter("nss-systemd.*shlib-policy-name-error.*") addFilter("nss-myhostname.*shlib-policy-name-error.*") addFilter("nss-mymachines.*shlib-policy-name-error.*") addFilter("nss-resolve.*shlib-policy-name-error.*") addFilter("systemd-logger.*useless-provides sysvinit(syslog).*") addFilter("devel-file-in-non-devel-package.*/usr/share/pkgconfig/(udev|systemd)\.pc.*") addFilter(".*script-without-shebang.*/usr/lib/udev/rule_generator.functions.*") addFilter(".*files-duplicate.*/systemd-logger.*") addFilter(".*missing-call-to-setgroups-before-setuid.*") addFilter(".*missing-call-to-chdir-with-chroot.*") addFilter(".*systemd-service-without-service.*") addFilter(".*shlib-policy-missing-suffix.*") addFilter(".*suse-missing-rclink.*") ++++++ systemd-sysv-convert ++++++ #!/bin/bash if [ "$UID" != "0" ]; then echo Need to be root. exit 1 fi declare -A results_target usage() { cat << EOF usage: systemd-sysv-convert [-h] [--save] [--show] [--apply] SERVICE [SERVICE ...] EOF } help() { usage cat << EOF Save and Restore SysV Service Runlevel Information positional arguments: SERVICE Service names optional arguments: -h, --help show this help message and exit --save Save SysV runlevel information for one or more services --show Show saved SysV runlevel information for one or more services --apply Apply saved SysV runlevel information for one or more services to systemd counterparts EOF } find_service() { local service=$1 local rcnd=$2 case $rcnd in boot.d) [ -L /etc/rc.d/$rcnd/S??boot.$service ] ;; *) [ -L /etc/rc.d/$rcnd/S??$service ] esac } lookup_database() { local services=$@ local service local runlevel local priority # 'priority' field is not used but is kept for backward compat # reason. while read service runlevel priority; do for s in $services ; do if [ $s == $service ]; then results_target[$service]+=" runlevel$runlevel.target" break fi done done < /var/lib/systemd/sysv-convert/database } declare -i fail=0 case "$1" in -h|--help) help exit 0 ;; --save) shift for service in $@ ; do if [ ! -r /etc/init.d/$service ] && [ ! -r /etc/init.d/boot.$service ]; then echo "SysV service $service does not exist, skipping" continue fi for rcnd in rc2.d rc3.d rc4.d rc5.d boot.d; do case $rcnd in rc*.d) runlevel=${rcnd:2:1} ;; boot.d) runlevel=3 ;; esac # Write a dumb priority as it is not used. find_service $service $rcnd && echo "$service $runlevel 50" >>/var/lib/systemd/sysv-convert/database done done ;; --show) shift services=$@ lookup_database $services for service in $services; do if [ -z "${results_target[$service]}" ]; then echo "No information about service $service found." >/dev/stderr let fail++ continue fi for target in ${results_target[$service]}; do echo "SysV service '$service' is pulled by $target" done done ;; --apply) shift services=$@ for service in $services; do if [ ! -f "/lib/systemd/system/$service.service" -a ! -f "/usr/lib/systemd/system/$service.service" ]; then echo systemd service $service.service does not exist. >/dev/stderr exit 1 fi done # # The database might no have been created by a previous --save # call. This can happen when: # # - we're upgrading a package which initially didn't # have any unit file nor sysv init script and now # start shipping one or more unit files (bsc#982303). # # - the sysv init service wasn't enabled at all before # being migrated to a native unit file (bsc#982211). # if [ -e /var/lib/systemd/sysv-convert/database ]; then lookup_database $services for service in $services; do [ -f "/lib/systemd/system/$service.service" ] && unit="/lib/systemd/system/$service.service" [ -f "/usr/lib/systemd/system/$service.service" ] && unit="/usr/lib/systemd/system/$service.service" # If $service is not present in the database, # then it simply means that the sysv init # service was not enabled at all. for target in ${results_target[$service]}; do echo ln -sf $unit /etc/systemd/system/$target.wants/$service.service >/dev/stderr mkdir -p "/etc/systemd/system/$target.wants" /bin/ln -sf $unit /etc/systemd/system/$target.wants/$service.service done done fi ;; *) usage let fail=2 ;; esac exit $fail ++++++ systemd-sysv-install ++++++ #!/bin/sh # This script is called by "systemctl enable/disable" when the given unit is a # SysV init.d script. It needs to call the distribution's mechanism for # enabling/disabling those, such as chkconfig, update-rc.d, or similar. This # can optionally take a --root argument for enabling a SysV init script # in a chroot or similar. set -e usage() { echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2 exit 1 } # parse options eval set -- "$(getopt -o r: --long root: -- "$@")" while true; do case "$1" in -r|--root) ROOT="$2" shift 2 ;; --) shift ; break ;; *) usage ;; esac done NAME="$2" [ -n "$NAME" ] || usage case "$1" in enable) chkconfig $ROOT --no-systemctl -s "$NAME" on ;; disable) chkconfig $ROOT --no-systemctl -s "$NAME" off ;; is-enabled) chkconfig $ROOT --no-systemctl -c "$NAME" ;; *) usage ;; esac ++++++ systemd-user ++++++ # This file is part of systemd. # # Used by systemd --user instances. account include common-account session required pam_selinux.so close session required pam_selinux.so nottys open session include common-session
