diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:25:51 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:25:51 +0000 |
commit | ac8399db6ce846597966360732ce6d39a247bdd2 (patch) | |
tree | 046a28d2cbd02afa147291e8f69e9bb5dc29f1aa | |
parent | Adding upstream version 241. (diff) | |
download | systemd-ac8399db6ce846597966360732ce6d39a247bdd2.tar.xz systemd-ac8399db6ce846597966360732ce6d39a247bdd2.zip |
Adding debian version 241-7~deb10u8.debian/241-7_deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
210 files changed, 20340 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..e6dd9bc --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,98 @@ +Enabling persistent logging in journald +======================================= + +To enable persistent logging, create /var/log/journal: + + mkdir -p /var/log/journal + systemd-tmpfiles --create --prefix /var/log/journal + +systemd will make the journal files owned by the "systemd-journal" group and +add an ACL for read permissions for users in the "adm" group. +To grant a user read access to the system journal, add them to one of the two +groups. + +This will allow you to look at previous boot logs with e. g. +"journalctl -b -1". + +If you enable persistent logging, consider uninstalling rsyslog or any other +system-log-daemon, to avoid logging everything twice. + +Debugging boot/shutdown problems +================================ + +The "debug-shell" service starts a root shell on VT 9 which is available very +early during boot and very late during shutdown. You can temporarily enable +this when booting the system does not get sufficiently far to get a desktop or +even the text console logins (getty), or when shutdown hangs eternally. + +For boot problems the recommended way is to append "systemd.debug-shell" to the +kernel command line in the bootloader. +For shutdown problems, run "systemctl start debug-shell" as root, then shut +down. + +WARNING: Please avoid "systemctl enable debug-shell" as this will start the +debug shell permanently which is a SECURITY HOLE as it allows unauthenticated +and unrestricted root access to your computer if you forget to disable it! +Please only enable it if you cannot pass "systemd.debug-shell" to the boot +loader for some reason, and then immediately run "systemctl disable debug-shell" +after booting. + +Once the boot/shutdown problem happened, switch to VT9 (Ctrl+Alt+F9). There you +can use the usual systemctl or journalctl commands, or any other Linux shell +command to list or kill processes. For example, run "systemctl list-jobs" to +see what's currently being run, or "systemctl" to find units which are not in +the expected state (e. g. "failed" for boot or still "active" during shutdown), +and then get more detailed information with "systemctl status -l foo.service" +to get a service "foo"'s status and recent logging. + +In situations where the debug shell is not available, you can generate a +/shutdown-log.txt file instead: +1. Boot with these kernel command line options: + systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M +2. Save the following script as /lib/systemd/system-shutdown/debug.sh and make it executable: + #!/bin/sh + mount -o remount,rw / + dmesg > /shutdown-log.txt + mount -o remount,ro / +3. Reboot + +Enable and use networkd +======================= +networkd is a small and lean service to configure network interfaces, designed +mostly for server use cases in a world with hotplugged and virtualized +networking. Its configuration is similar in spirit and abstraction level to +ifupdown, but you don't need any extra packages to configure bridges, bonds, +vlan etc. It is not very suitable for managing WLANs yet; NetworkManager is +still much more appropriate for such Desktop use cases. + +networkd is not enabled by default; run + + systemctl enable systemd-networkd + +if you want to use it. After that you need to create some *.network +configuration files. In the simplest case you just want to run DHCP on all +available Ethernet interfaces: + +--- /etc/systemd/network/all-eth.network --- +[Match] +Name=e* +[Network] +DHCP=yes + +This will match on both the kernel "ethN" as well as the predictable interface +names "en*". Please see man systemd.network(5) for all available configuration +options and examples. + +You need to make sure that interfaces handled by networkd are not handled by +ifupdown (/etc/network/interfaces) and NetworkManager. + +Note that interfaces brought up/down will *not* run hooks in +/etc/network/if-*.d/. + +It is recommended to use networkd together with systemd-resolved(8) to +dynamically manage /etc/resolv.conf: + + systemctl enable systemd-resolved + ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf + +Debian's networkd has been modified to also work with the resolvconf package. diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..e3ba8cf --- /dev/null +++ b/debian/README.source @@ -0,0 +1,103 @@ +Building from source +-------------------- +Install “git-buildpackage” and run the following steps: + + gbp clone git+ssh://git.debian.org/git/pkg-systemd/systemd.git + cd systemd + gbp buildpackage + +We recommend you use pbuilder to make sure you build in a clean environment: + + gbp buildpackage --git-pbuilder + +Changelog +--------- +The systemd package uses gbp dch for automatically generating +debian/changelog entries from the corresponding git commits. This makes +cherry-picking, merging, and rebasing much simpler. + +Thus, for any packaging change *don't* modify debian/changelog, just write a +meaningful git commit log with proper bug references (such as "Closes: #12345" +on the last line). For doing a release, run + + gbp dch --auto + +then beautify the generated debian/changelog, then run the usual "dch -r" and +"debcommit -ar --sign-tags". + +Patch handling +-------------- +The systemd package uses gbp pq for maintaining patches with a git-like +workflow in a "patch-queue/<branch>" local branch and then exporting them as +quilt series. For working on patches you run + + gbp pq import --force + +Then you are in the patch-queue branch and can git log, commit, cherry-pick +upstream commits, rebase, etc. there. After you are done, run + + gbp pq export + +which will put you back into master and update debian/patches/ (including +series). You need to git add etc. new patches, possibly other +packaging changes, and then git commit as usual. + +systemd uses gbp pq's "topic" branches for organizing patches; for simplicity +(as this is the most common operation), upstream cherry-picks go into the +"empty" topic (i. e. directly into debian/patches/), while Debian specific +patches go into "Gbp-Pq: Topic debian" (i. e. debian/patches/debian/). + +Rebasing patches to a new upstream version +------------------------------------------ +gbp pq's "rebase" command does not work very conveniently as it fails on merge +conflicts. First, ensure you are in the master branch: + + git checkout master # in case you aren't already + +Now, do one of + + (1) To import a new upstream release into the existing master branch for unstable, +do: + + gbp pq import --force + gbp pq switch # switch back to master from patch-queue/master + gbp import-orig [...] + gbp pq switch # switch to patch-queue/master + git rebase master + + (2) To import a new upstream release into a new branch for Debian experimental, do: + + git branch experimental + git checkout experimental + editor debian/gbp.conf # set "debian-branch=experimental" + gbp import-orig [...] + git branch patch-queue/experimental patch-queue/master + git checkout patch-queue/experimental + git rebase experimental + +Now resolve all the conflicts, skip obsolete patches, etc. When you are done, run + + gbp pq export + +Note that our debian/gbp.conf disables patch numbers. + +Cherry-picking upstream patches +------------------------------- +You can add the systemd upstream branch as an additional remote to the Debian +packaging branch. Call it "github" or similar to avoid confusing it with the +already existing "upstream" branch from git-buildpackage: + + git remote add github https://github.com/systemd/systemd.git + git fetch github -n + +Now you can look at the upstream log and cherry-pick patches into the +patch-queue branch: + + gbp pq import --force + git log github/master + git cherry-pick 123DEADBEEF + +debian/git-cherry-pick is a nice tool to automate all that: + + debian/git-cherry-pick 123DEADBEEF 987654 AFFE99 + git checkout master # switch back from patch-queue branch diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..3766b2e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5834 @@ +systemd (241-7~deb10u8) buster-security; urgency=high + + * Non-maintainer upload by the Security Team. + * basic/unit-name: do not use strdupa() on a path (CVE-2021-33910) + + -- Salvatore Bonaccorso <carnil@debian.org> Thu, 08 Jul 2021 15:03:45 +0200 + +systemd (241-7~deb10u7) buster; urgency=medium + + * core: make sure to restore the control command id, too. + Fixes a segfault in systemd that can be triggered when both + daemon-reload and a service restart happen concurrently. (Closes: #984495) + * seccomp: allow turning off of seccomp filtering via env var. + Since glibc 2.33 faccessat() is implemented via faccessat2(), which + is breaking running containers that use such a version of glibc under + systemd-nspawn in Buster. + Turning off seccomp filtering via the SYSTEMD_SECCOMP env var makes it + possible to run such new containers. (Closes: #984573) + + -- Michael Biebl <biebl@debian.org> Thu, 18 Mar 2021 20:59:14 +0100 + +systemd (241-7~deb10u6) buster; urgency=medium + + * journal: do not trigger assertion when journal_file_close() get NULL + (Closes: #975561) + * test-bpf: skip test when run inside containers. + The test reliably fails inside LXC and Docker when run on a new enough + kernel. It's unclear whether this is a kernel, LXC/Docker or systemd + issue and apparently there is no real interest to get this fixed, so + let's skip this test. + * autopkgtest: mark networkd-test.py as flaky. + See https://github.com/systemd/systemd/issues/18357 + and https://github.com/systemd/systemd/issues/18196 + + -- Michael Biebl <biebl@debian.org> Fri, 29 Jan 2021 15:16:06 +0100 + +systemd (241-7~deb10u5) buster; urgency=medium + + * basic/cap-list: parse/print numerical capabilities (Closes: #964926) + * missing: add new Linux capabilities. + Linux kernel v5.8 adds two new capabilities. Make sure we can recognize + them even when built with an older kernel. + * networkd: do not generate MAC for bridge device (Closes: #963488) + + -- Michael Biebl <biebl@debian.org> Sat, 24 Oct 2020 20:44:48 +0200 + +systemd (241-7~deb10u4) buster; urgency=medium + + * polkit: when authorizing via PolicyKit re-resolve callback/userdata + instead of caching it. + This fixes a heap use-after-free vulnerability in systemd, when + asynchronous PolicyKit queries are performed while handling DBus messages. + CVE-2020-1712 (Closes: #950732) + * Install 60-block.rules in udev-udeb and initramfs-tools. + The block device rules were split out from 60-persistent-storage.rules + into its own rules file in v220. Those rules ensure that change events + are emitted and the udev db is updated after metadata changes. + Thanks to Pascal Hambourg (Closes: #958397) + + -- Michael Biebl <biebl@debian.org> Mon, 27 Apr 2020 19:02:57 +0200 + +systemd (241-7~deb10u3) buster; urgency=medium + + * core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX. + Since kernel 5.2 (but also stable kernels like 4.19.53) the kernel + thankfully returns proper errors when we write a value out of range to + the sysctl. Which however breaks writing ULONG_MAX to request the + maximum value. Hence let's write the new maximum value instead, + LONG_MAX. (Closes: #945018) + * core: change ownership/mode of the execution directories also for static + users. + This ensures that execution directories like CacheDirectory and + StateDirectory are properly chowned to the user specified in User= before + launching the service. (Closes: #919231) + + -- Michael Biebl <biebl@debian.org> Wed, 29 Jan 2020 19:07:53 +0100 + +systemd (241-7~deb10u2) buster; urgency=medium + + * core: never propagate reload failure to service result. + Fixes a regression introduced in v239 where the main process of a + service unit gets killed on reload if ExecReload fails. (Closes: #936032) + * shared/seccomp: add sync_file_range2. + Some architectures need the arguments to be reordered because of alignment + issues. Otherwise, it's the same as sync_file_range. + Fixes sync_file_range failures in nspawn containers on arm, ppc. + (Closes: #935091) + * core: factor root_directory application out of apply_working_directory. + Fixes RootDirectory not working when used in combination with User. + (Closes: #939408) + * shared/bus-util: drop trusted annotation from + bus_open_system_watch_bind_with_description(). + This ensures that access controls on systemd-resolved's D-Bus interface + are enforced properly. + (CVE-2019-15718, Closes: #939353) + * login: add a missing error check for session_set_leader() + Fixes assertion due to insufficient function return check. + (Closes: #939998) + * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices + (Closes: #934589) + * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space + * namespace: make MountFlags=shared work again (Closes: #939551) + * mount/generators: do not make unit wanted by its device unit. + Among other things, this fixes StopWhenUnneeded=true being broken for + mount units. (Closes: #941758) + + -- Michael Biebl <biebl@debian.org> Wed, 16 Oct 2019 15:24:54 +0200 + +systemd (241-7~deb10u1) buster; urgency=medium + + * Rebuild for buster + + -- Michael Biebl <biebl@debian.org> Tue, 20 Aug 2019 13:50:42 +0200 + +systemd (241-7) unstable; urgency=medium + + [ Michael Biebl ] + * network: Fix failure to bring up interface with Linux kernel 5.2. + Backport two patches from systemd master in order to fix a bug with 5.2 + kernels where the network interface fails to come up with the following + error: "enp3s0: Could not bring up interface: Invalid argument" + (Closes: #931636) + * Use /usr/sbin/nologin as nologin shell. + In Debian the nologin shell is installed in /usr/sbin, not /sbin. + (Closes: #931850) + + [ Mert Dirik ] + * 40-systemd: Don't fail if SysV init script uses set -u and $1 is unset + (Closes: #931719) + + -- Michael Biebl <biebl@debian.org> Thu, 18 Jul 2019 19:38:23 +0200 + +systemd (241-6) unstable; urgency=medium + + * ask-password: Prevent buffer overflow when reading from keyring. + Fixes a possible memory corruption that causes systemd-cryptsetup to + crash either when a single large password is used or when multiple + passwords have already been pushed to the keyring. (Closes: #929726) + * Clarify documentation regarding %h/%u/%U specifiers. + Make it clear, that setting "User=" has no effect on those specifiers. + Also ensure that "%h" is actually resolved to "/root" for the system + manager instance as documented in the systemd.unit man page. + (Closes: #927911) + * network: Behave more gracefully when IPv6 has been disabled. + Ignore any configured IPv6 settings when IPv6 has been disabled in the + kernel via sysctl. Instead of failing completely, continue and log a + warning instead. (Closes: #929469) + + -- Michael Biebl <biebl@debian.org> Mon, 08 Jul 2019 11:27:51 +0200 + +systemd (241-5) unstable; urgency=medium + + * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" + This change left the keyboard in an unusable state when exiting an X + session. (Closes: #929229) + + -- Michael Biebl <biebl@debian.org> Fri, 24 May 2019 22:58:59 +0200 + +systemd (241-4) unstable; urgency=medium + + * journal-remote: Do not request Content-Length if Transfer-Encoding is + chunked (Closes: #927008) + * systemctl: Restore "systemctl reboot ARG" functionality. + Fixes a regression introduced in v240. (Closes: #928659) + * random-util: Eat up bad RDRAND values seen on AMD CPUs. + Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle + while still reporting success via the carry flag. + Filter out invalid data like -1 (and also 0, just to be sure). + (Closes: #921267) + * Add check to switch VTs only between K_XLATE or K_UNICODE. + Switching to K_UNICODE from other than L_XLATE can make the keyboard + unusable and possibly leak keypresses from X. + (CVE-2018-20839, Closes: #929116) + * Document that DRM render nodes are now owned by group "render" + (Closes: #926886) + + -- Michael Biebl <biebl@debian.org> Fri, 17 May 2019 21:16:33 +0200 + +systemd (241-3) unstable; urgency=high + + [ Michael Biebl ] + * Drop systemd-shim alternative from libpam-systemd. + A fixed systemd-shim package which works with newer versions of systemd + is unlikely to happen given that the systemd-shim package has been + removed from the archive. Drop the alternative dependency from + libpam-systemd accordingly. + * Properly remove duplicate directories from systemd package. + When removing duplicate directories from the systemd package, sort the + list of directories in reverse order so we properly delete nested + directories. + * udev: Run programs in the specified order (Closes: #925190) + * bash-completion: Use default completion for redirect operators + (Closes: #924541) + * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's + (Closes: #815582) + * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf" + Apparently Conflicts= are not a reliable mechanism to ensure alternative + NTP implementations take precedence over systemd-timesyncd. + (Closes: #902026) + * network: Fix routing policy rule issue. + When multiple links request a routing policy, make sure they are all + applied correctly. (Closes: #924406) + * pam-systemd: Use secure_getenv() rather than getenv() + Fixes a vulnerability in the systemd PAM module which insecurely uses + the environment and lacks seat verification permitting spoofing an + active session to PolicyKit. (CVE-2019-3842) + + [ Martin Pitt ] + * Enable udev autopkgtest in containers. + This test doesn't actually need udev.service (which is disabled in + containers) and works fine in LXC. + * Enable boot-and-service autopkgtest in containers + - Skip tests which can't work in containers. + - Add missing rsyslog test dependency. + - e2scrub_reap.service fails in containers, ignore (filed as #926138) + - Relax pgrep pattern for gdm, as there's no wayland session in + containers. + + -- Michael Biebl <biebl@debian.org> Mon, 08 Apr 2019 12:59:32 +0200 + +systemd (241-2) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-smoke: Create journal and udevdb artifacts on all + failures + * autopkgtests: Replace obsolete $ADT_* variables + * networkd-test: Ignore failures of test_route_only_dns* in containers. + This test exposes a race condition when running in LXC, see issue #11848 + for details. Until that is understood and fixed, skip the test as it's + not a recent regression. (Closes: #924539) + * Bump Standards-Version to 4.3.0. + No changes necessary. + * debian/tests/boot-smoke: Only check current boot for connection timeouts. + Otherwise we'll catch some + Failed to resolve group 'render': Connection timed out + messages that happen in earlier boots during VM setup, before the + "render" group is created. + Fixes https://github.com/systemd/systemd/issues/11875 + * timedated: Fix emitted value when ntp client is enabled/disabled. + Fixes a regression introduced in 241. + * debian/tests/timedated: Check enabling/disabling NTP. + Assert that `timedatectl set-ntp` correctly controls the service, sets + the `org.freedesktop.timedate1 NTP` property, and sends the right + `PropertiesChanged` signal. + This reproduces <https://github.com/systemd/systemd/issues/11944> and + also the earlier <https://github.com/systemd/systemd/issues/9672>. + + [ Michael Biebl ] + * Disable fallback DNS servers in resolved (Closes: #923081) + * cgtop: Fix processing of controllers other than CPU (Closes: #921280) + * udev: Restore debug level when logging a failure in the external prog + called by IMPORT{program} (Closes: #924199) + * core: Remove "." path components from required mount paths. + Fixes mount related failures when a user's home directory contains "/./" + (Closes: #923881) + * udev.init: Use new s-s-d --notify-await to start udev daemon. + Fixes a race condition during startup under SysV init. + Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version + of start-stop-daemon which supports --notify-await is installed. + (Closes: #908796) + * Make /dev/dri/renderD* accessible to group "render" + Follow upstream and make render nodes available to a dedicated system + group "render" instead of "video". Keep the uaccess tag for local, + active users. + + -- Michael Biebl <biebl@debian.org> Fri, 15 Mar 2019 18:33:54 +0100 + +systemd (241-1) unstable; urgency=medium + + [ Adam Borowski ] + * Make libpam-systemd Provide: logind, default-logind. + This allows alternate logind implementations such as elogind, without + having to recompile every dependent package -- as long as the client API + remains compatible. + These new virtual packages got policy-approved in #917431. (Closes: #915407) + + [ Felipe Sateler ] + * New upstream version 241 + - Refresh patches + - Backport upstream fix for Driver= matches in .network files + + [ Martin Pitt ] + * debian/libsystemd0.symbols: Add new symbol from release 241 + * Fix various bugs and races in networkd tests. + This should get the autopkgtest back to green, which regressed with + dnsmasq 2.80. + + -- Felipe Sateler <fsateler@debian.org> Thu, 21 Feb 2019 20:10:15 -0300 + +systemd (240-6) unstable; urgency=high + + * High urgency as this fixes a vulnerability. + + [ Felipe Sateler ] + * Reenable pristine-tar in gbp.conf. + The pristine-tar bug has been fixed, so we can use it again. + This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e. + * d/watch: add version mangle to transform -rc to ~rc. + Upstream has started releasing rcs, so let's account for that + * Fix comment about why we disable hwclock.service. + Systemd nowadays doesn't do it itself because the kernel does it on its + own when necessary, and when not, it is not safe to save the hwclock (eg, + there is no certainty the system clock + is correct) + * udev: Backport upstream preventing mass killings when not running under + systemd (Closes: #918764) + + [ Dimitri John Ledkov ] + * debian/tests/storage: improve cleanups. + On fast ppc64el machines, cryptsetup start job may not complete by the + time tearDown is executed. In that case stop, causes to simply cancel the + start job without actually cleaning up the dmsetup node. This leads to + failing subsequent test as it no longer starts with a clean device. Thus + ensure the systemd-cryptsetup unit is started, before stopping it. + Also rmmod scsi_debug module at the end, to allow re-running the test in a + loop. + * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey. + * debian/tests/control: add socat to upstream tests for pull #11591 + * Blacklist TEST-10-ISSUE-2467 #11706 + * debian/tests/storage: fix for LUKS2 and avoid interactive password + prompts. + + [ Martin Pitt ] + * udevadm: Fix segfault with subsystem-match containing '/' + (Closes: #919206) + * sd-bus: if we receive an invalid dbus message, ignore and proceed + * sd-bus: enforce a size limit on D-Bus object paths. + This avoids accessing/modifying memory outside of the allocated stack + region by sending specially crafted D-Bus messages with very large object + paths. + Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>, + patch provided by Riccardo Schirone <rschiron@redhat.com>. + (CVE-2019-6454) + + -- Martin Pitt <mpitt@debian.org> Mon, 18 Feb 2019 13:54:04 +0000 + +systemd (240-5) unstable; urgency=medium + + [ Felipe Sateler ] + * Revert interface renaming changes. (Closes: #919390) + + [ Martin Pitt ] + * process-util: Fix memory leak (Closes: #920018) + + -- Martin Pitt <mpitt@debian.org> Sun, 27 Jan 2019 21:33:07 +0000 + +systemd (240-4) unstable; urgency=medium + + [ Benjamin Drung ] + * Fix shellcheck issues in initramfs-tools scripts + + [ Michael Biebl ] + * Import patches from v240-stable branch (up to f02b5472c6) + - Fixes a problem in logind closing the controlling terminal when using + startx. (Closes: #918927) + - Fixes various journald vulnerabilities via attacker controlled alloca. + (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848) + * sd-device-monitor: Fix ordering of setting buffer size. + Fixes an issue with uevents not being processed properly during coldplug + stage and some kernel modules not being loaded via "udevadm trigger". + (Closes: #917607) + * meson: Stop setting -fPIE globally. + Setting -fPIE globally can lead to miscompilations on certain + architectures. Instead use the b_pie=true build option, which was + introduced in meson 0.49. Bump the Build-Depends accordingly. + (Closes: #909396) + + -- Michael Biebl <biebl@debian.org> Sat, 12 Jan 2019 21:49:44 +0100 + +systemd (240-3) unstable; urgency=medium + + * udev.init: Trigger add events for subsystems. + Update the SysV init script and mimic the behaviour of the initramfs and + systemd-udev-trigger.service which first trigger subsystems and then + devices during the coldplug stage. + * udevadm: Refuse to run trigger, control, settle and monitor commands in + chroot (Closes: #917633) + * network: Set link state configuring before setting addresses. + Fixes a crash in systemd-networkd caused by an assertion failure. + (Closes: #918658) + * libudev-util: Make util_replace_whitespace() read only len characters. + Fixes a regression where /dev/disk/by-id/ names had additional + underscores. + * man: Update color of journal logs in DEBUG level (Closes: #917948) + * Remove old state directory of systemd-timesyncd on upgrades. + Otherwise timesyncd will fail to update the clock file if it was created + as /var/lib/private/systemd/timesync/clock. + This was the case when the service was using DynamicUser=yes which it no + longer does in v240. (Closes: #918190) + + -- Michael Biebl <biebl@debian.org> Wed, 09 Jan 2019 18:40:57 +0100 + +systemd (240-2) unstable; urgency=medium + + * Pass separate dev_t var to device_path_parse_major_minor. + Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195) + * test-json: Check absolute and relative difference in floating point test. + Fixes FTBFS due to test-suite failures on armel, armhf and hppa. + (Closes: #917215) + * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}() + Fixes a segfault in systemd-udevd when debug logging is enabled. + * udev-event: Do not read stdout or stderr if the pipefd is not created. + This fixes problems with device-mapper symlinks no longer being created + or certain devices not being marked as ready. (Closes: #917124) + * Don't bump fs.nr_open in PID 1. + In v240, systemd bumped fs.nr_open in PID 1 to the highest possible + value. Processes that are spawned directly by systemd, will have + RLIMIT_NOFILE be set to 512K (hard). + pam_limits in Debian defaults to "set_all", i.e. for limits which are + not explicitly configured in /etc/security/limits.conf, the value from + PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to + the highest possible value instead of 512K. Not every software is able + to deal with such an RLIMIT_NOFILE properly. + While this is arguably a questionable default in Debian's pam_limit, + work around this problem by not bumping fs.nr_open in PID 1. + (Closes: #917167) + + -- Michael Biebl <biebl@debian.org> Thu, 27 Dec 2018 14:03:57 +0100 + +systemd (240-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 240 + - core: Skip cgroup_subtree_mask_valid update if UNIT_STUB + (Closes: #903011) + - machined: Rework referencing of machine scopes from machined + (Closes: #903288) + - timesync: Fix serialization of IP address + (Closes: #916516) + - core: Don't track jobs-finishing-during-reload explicitly + (Closes: #916678) + * Rebase patches + * Install new systemd-id128 binary + * Update symbols file for libsystemd0 + * Update nss build options + + [ Martin Pitt ] + * tests: Disable some flaky upstream tests. + See https://github.com/systemd/systemd/issues/11195 + * tests: Disable flaky TEST-17-UDEV-WANTS upstream test. + See https://github.com/systemd/systemd/issues/11195 + + -- Michael Biebl <biebl@debian.org> Sat, 22 Dec 2018 16:01:43 +0100 + +systemd (239-15) unstable; urgency=medium + + [ Felipe Sateler ] + * Fix container check in udev init script. + Udev needs writable /sys, so the init script tried to check before + starting. Unfortunately, the check was inverted. Let's add the missing + '!' to negate the check. + (Closes: #915261) + * Add myself to uploaders + + [ Michael Biebl ] + * Remove obsolete systemd-shim conffile on upgrades. + The D-Bus policy file was dropped from the systemd-shim package in + version 8-4, but apparently there are cases where users removed the + package before that cleanup happened. The D-Bus policy file that was + shipped by systemd-shim was much more restrictive and now prevents + calling GetDynamicUsers() and other recent APIs on systemd Manager. + (Closes: #914285) + + -- Felipe Sateler <fsateler@debian.org> Wed, 05 Dec 2018 21:03:34 -0300 + +systemd (239-14) unstable; urgency=medium + + [ Michael Biebl ] + * autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services + * resolved: Increase size of TCP stub replies (Closes: #915049) + * meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE. + Fixes a build failure with glibc 2.28. + * Drop procps dependency from systemd. + The systemd-exit.service user service no longer uses the "kill" binary. + * Simplify container check in udev SysV init script. + Instead of using "ps" to detect a container environment, simply test if + /sys is writable. This matches what's used in systemd-udevd.service via + ConditionPathIsReadWrite=/sys and follows + https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ + This means we no longer need procps, so drop that dependency from the + udev package. (Closes: #915095) + + [ Mert Dirik ] + * 40-systemd: Honour __init_d_script_name. + Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name + (if available) to figure out real script name. (Closes: #826214) + * 40-systemd: Improve heuristics for init-d-script. + Improve heuristics for scripts run via init-d-script so that the + redirection works even for older init-d-script versions without the + __init_d_script_name variable. + + -- Michael Biebl <biebl@debian.org> Sun, 02 Dec 2018 01:00:01 +0100 + +systemd (239-13) unstable; urgency=medium + + * autopktest: Add e2fsprogs dependency to upstream test. + Some of the upstream tests require mkfs.ext4. (Closes: #887250) + * systemctl: Tell update-rc.d to skip creating any systemd symlinks. + When calling update-rc.d via systemd-sysv-install, tell it to skip + creating any systemd symlinks as we want to handle those directly in + systemctl. Older update-rc.d versions will ignore that request, but + that's ok. This means we don't need a versioned dependency against + init-system-helpers. (Closes: #743217) + * pam_systemd: Suppress LOG_DEBUG log messages if debugging is off + (Closes: #825949) + * Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch. + The patch is no longer necessary as lxc.service now uses Delegate=yes. + * Remove obsolete Replaces from pre-jessie + + -- Michael Biebl <biebl@debian.org> Tue, 20 Nov 2018 19:44:39 +0100 + +systemd (239-12) unstable; urgency=high + + [ Martin Pitt ] + * Enable QEMU on more architectures in "upstream" autopkgtest. + Taken from the Ubuntu package, so apparently QEMU works well enough on + these architectures now. + * autopkgtest: Avoid test bed reset for boot-smoke. + Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so + that autopkgtest doesn't have to provide a new testbed. + * Fix wrong "nobody" group from sysusers.d. + Fix our make-sysusers-basic sysusers.d generator to special-case the + nobody group. "nobody" user and "nogroup" group both have the same ID + 65534, which is the only special case for Debian's static users/groups. + So specify the gid explicitly, to avoid systemd-sysusers creating a + dynamic system group for "nobody". + Also clean up the group on upgrades. + Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525) + + [ Michael Biebl ] + * autopkgtest: Use shutil.which() which is provided by Python 3 + * Drop non-existing gnuefi=false build option. + This was mistakenly added when converting from autotools to meson. + * core: When deserializing state always use read_line(…, LONG_LINE_MAX, …) + Fixes a vulnerability in unit_deserialize which allows an attacker to + supply arbitrary state across systemd re-execution via NotifyAccess. + (CVE-2018-15686, Closes: #912005) + * meson: Use the host architecture compiler/linker for src/boot/efi. + Fixes cross build failure for arm64. (Closes: #905381) + * systemd: Do not pass .wants fragment path to manager_load_unit. + Fixes an issue with overridden units in /etc not being used due to a + .wants/ symlink pointing to /lib. (Closes: #907054) + * machined: When reading os-release file, join PID namespace too. + This ensures that we properly acquire the os-release file from containers. + (Closes: #911231) + + -- Michael Biebl <biebl@debian.org> Sat, 17 Nov 2018 18:39:21 +0100 + +systemd (239-11) unstable; urgency=high + + [ Michael Biebl ] + * debian/tests/upstream: Clean up after each test run. + Otherwise the loopback images used by qemu are not properly released and + we might run out of disk space. + * dhcp6: Make sure we have enough space for the DHCP6 option header. + Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option + handling. + (CVE-2018-15688, LP: #1795921, Closes: #912008) + * chown-recursive: Rework the recursive logic to use O_PATH. + Fixes a race condition in chown_one() which allows an attacker to cause + systemd to set arbitrary permissions on arbitrary files. + (CVE-2018-15687, LP: #1796692, Closes: #912007) + + [ Martin Pitt ] + * debian/tests/boot-and-services: Use gdm instead of lightdm. + This seems to work more reliably, on Ubuntu CI's i386 instances lightdm + fails. + + [ Manuel A. Fernandez Montecelo ] + * Run "meson test" instead of "ninja test" + Upstream developers of meson recommend to run it in this way, because + "ninja test" just calls "meson test", and by using meson directly and + using extra command line arguments it is possible to control aspects of + how the tests are run. + * Increase timeout for test in riscv64. + The buildds for the riscv64 arch used at the moment are slow, so increase + the timeouts for this arch by a factor of 10, for good measure. + (Closes: #906429) + + -- Michael Biebl <biebl@debian.org> Sun, 28 Oct 2018 13:02:18 +0100 + +systemd (239-10) unstable; urgency=medium + + [ Michael Biebl ] + * meson: Rename -Ddebug to -Ddebug-extra. + Meson added -Doptimization and -Ddebug options, which obviously causes + a conflict with our -Ddebug options. Let's rename it. + (Closes: #909455) + * Add conflicts against consolekit. + Letting both ConsoleKit and logind manage dynamic device permissions + will only lead to inconsistent and unexpected results. + + [ Felipe Sateler ] + * Link systemctl binary statically against libshared. + This reduces the Pre-Depends list considerably, and is more resilient + against borked installs. + + -- Michael Biebl <biebl@debian.org> Tue, 25 Sep 2018 16:11:12 +0200 + +systemd (239-9) unstable; urgency=medium + + * autopkgtest: Remove needs-recommends runtime restriction. + This restriction has been deprecated and there are plans to remove it + altogether. The tests pass withouth needs-recommends, so it seems safe + to remove. + * test: Use installed catalogs when test-catalog is not located at build + dir. + This makes it possible to run test-catalog as installed test, so we no + longer need to mark it as EXFAIL in our root-unittests autopkgtest. + * test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and + $SYSTEMD_CATALOG_DIR. + This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and + the test binaries and should make the build reproducible. + (Closes: #908365) + + -- Michael Biebl <biebl@debian.org> Wed, 12 Sep 2018 19:07:38 +0200 + +systemd (239-8) unstable; urgency=medium + + [ Michael Biebl ] + * Clean up dbus-org.freedesktop.timesync1.service Alias on purge + (Closes: #904290) + * user-runtime-dir: Fix wrong SELinux context (Closes: #908026) + * core: Fix gid when DynamicUser=yes with static user (Closes: #904335) + * Remove udev control socket on shutdown under sysvinit. + The udev control socket is no longer removed automatically when the + daemon is stopped. As this can confuse other software, update the SysV + init script to remove the control socket manually and make sure the init + script is executed on shutdown (runlevel 0) and reboot (runlevel 6). + (Closes: #791944) + * Bump Standards-Version to 4.2.1 + + [ Martin Pitt ] + * timedated: Fix wrong PropertyChanged values and refcounting + + -- Michael Biebl <biebl@debian.org> Fri, 07 Sep 2018 08:41:12 +0200 + +systemd (239-7) unstable; urgency=medium + + * autopkgtest: Add iputils-ping dependency to root-unittests. + The ping binary is required by test-bpf. + * autopkgtest: Add dbus-user-session and libpam-systemd dependency to + root-unittests. + Without a working D-Bus user session, a lot of the test-bus-* tests are + skipped. + * network/link: Fix logic error in matching devices by MAC (Closes: #904198) + + -- Michael Biebl <biebl@debian.org> Sun, 22 Jul 2018 13:40:15 +0200 + +systemd (239-6) unstable; urgency=medium + + [ Martin Pitt ] + * autopkgtest: Install libnss-systemd. + Make sure that dynamic users can be resolved. This e. g. prevents a + startup failure for systemd-resolved. + * autopkgtest: Add missing python3 test dependency for udev test + + [ Michael Biebl ] + * autopkgtest: Make AppArmor violator test work with merged-usr + * Make /dev/kvm accessible to local users and group kvm. + Re-add the uaccess tag to /dev/kvm to make it accessible to local + users. Access is also granted via group kvm, so create that in + udev.postinst. (Closes: #887852) + * Move a few man pages from systemd to systemd-journal-remote. + The systemd package shipped a few systemd-journal-remote and + systemd-journal-upload related man pages which really belong into the + systemd-journal-remote package. Move those man pages into the correct + package and add a Breaks/Replaces against systemd accordingly. + (Closes: #903557) + * autopkgtest: Drop no-longer needed workaround from upstream test + * Go back to statically allocate system users for timesyncd, networkd and + resolved. + There are currently too many open issues related to D-Bus and the usage + of DynamicUser. (Closes: #902971) + * Change python3-minimal dependency to python3. + While we strictly only need python3-minimal, the usage of + python3-minimal triggers a lintian error: depends-on-python-minimal + * test: Drop SKIP_INITRD for QEMU-based tests. + The Debian Linux kernel ships ext4 support as a module, so we require an + initrd to successfully start the QEMU images. + * debian/tests/localed-x11-keymap: Deal with absence of + /etc/default/keyboard more gracefully + * autopkgtest: Add various dependencies to make upstream test pass on Debian + - netcat-openbsd: Required by TEST-12-ISSUE-3171. + - busybox-static: Required by TEST-13-NSPAWN-SMOKE. + - plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES. + * Drop seccomp system call filter for udev. + The seccomp based system call whitelist requires at least systemd 239 to + be the active init and during a dist-upgrade we can't guarantee that + systemd has been fully configured before udev is restarted. + The versioned systemd Breaks that was added to udev for #902185 didn't + really fix this issue, so revert that change again. (Closes: #903224) + + -- Michael Biebl <biebl@debian.org> Thu, 19 Jul 2018 00:04:54 +0200 + +systemd (239-5) unstable; urgency=medium + + * Add inverse version restriction of the Breaks to the systemd-shim + alternative in libpam-systemd. + Otherwise apt will fail to find an installation path for libpam-systemd + in cases where libpam-systemd is an indirect dependency. (Closes: #902998) + + -- Michael Biebl <biebl@debian.org> Thu, 05 Jul 2018 11:50:10 +0200 + +systemd (239-4) unstable; urgency=medium + + [ Michael Biebl ] + * Drop outdated section from README.Debian about switching back to SysV init + * sleep: Fix one more printf format of a fiemap field + * basic: Add missing comma in raw_clone assembly for sparc + * bus-util: Make log level lower in request_name_destroy_callback() + * tmpfiles: Specify access mode for /run/systemd/netif + * Add Breaks against python-dbusmock (<< 0.18) to systemd. + The logind and timedated tests in python-dbusmock were broken by the + latest systemd release and had to be adjusted to work with systemd 239. + See #902602 + * Drop patches which try to support running systemd services without systemd + as pid 1. + No one is currently actively maintaining systemd-shim, which means that + e.g. running systemd-logind no longer works when systemd is not pid 1. + Thus drop our no longer working patches. Bump the Breaks against + systemd-shim accordingly. + See #895292, #901404, #901405 + + [ Martin Pitt ] + * test: fix networkd-test.py rate limiting and dynamic user + + -- Michael Biebl <biebl@debian.org> Tue, 03 Jul 2018 23:36:28 +0200 + +systemd (239-3) unstable; urgency=medium + + * Revert "systemctl: when removing enablement or mask symlinks, cover both + /run and /etc" + We currently have packages in the archive which use + "systemctl --runtime unmask" and are broken by this change. + This is a intermediate step until it is clear whether upstream will + revert this commit or whether we will have to update affected packages + to deal with this changed behaviour. + See #902287 and https://github.com/systemd/systemd/issues/9393 + + -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 14:46:06 +0200 + +systemd (239-2) unstable; urgency=medium + + * sleep: Fix printf format of fiemap fields. + This should fix a FTBFS on ia64. + * timesync: Change type of drift_freq to int64_t. + This should fix a FTBFS on x32. + * Bump systemd Breaks to ensure it is upgraded in lockstep with udev. + The hardening features used by systemd-udevd.service require systemd 239 + and udev will fail to start with older versions. (Closes: #902185) + + -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 13:59:24 +0200 + +systemd (239-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 239 + * Drop alternative iptables-dev Build-Depends. + It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in + their latest stable (LTS) release. + * Drop alternative btrfs-tools Recommends. + It is no longer needed as btrfs-progs is now available in both Debian + and Ubuntu and keeping the alternative around prevents the transitional + package from being autoremoved. + * Disable installation of RPM macros. + This avoids having to remove them manually later on. + * Drop cleanup rules for libtool .la files. + With the switch to Meson, libtool is no longer used. + * Drop fallback for older kernels when running the test suite. + We now assume that we have a kernel newer then 3.13. + * Stop cleaning up .busname units. + Those are gone upstream, so we no longer need to remove them manually. + * Update symbols file for libsystemd0 + * Rebase patches + * Install new resolvectl tool. + Don't ship the /sbin/resolvconf compat symlink in the systemd package, + as this would cause a file conflict with the resolvconf and openresolv + package. + * Disable support for "Portable Services" + This is still an experimental feature. + * Disable pristine-tar in gbp.conf. + It is currently not possible to import the systemd v239 tarball using + pristine-tar due to #902115. + * Bump Build-Depends on meson to (>= 0.44) + * Stop setting the path for the kill binary, no longer necessary + * Stop creating systemd-network and systemd-resolve system user + systemd-networkd.service and systemd-resolved.service now use + DynamicUser=yes. + + [ Dimitri John Ledkov ] + * Run all upstream tests, and then report all that failed. + + -- Michael Biebl <biebl@debian.org> Sat, 23 Jun 2018 00:18:08 +0200 + +systemd (238-5) unstable; urgency=medium + + [ Evgeny Vereshchagin ] + * upstream autopkgtest: Copy journal subdirectories. + Otherwise logs are missing on failures. + + [ Martin Pitt ] + * debian/tests/boot-and-services: Ignore cpi.service failure. + This is apparently a regression in Ubuntu 18.04, not in systemd, so + ignore it. + + [ Michael Biebl ] + * sd-bus: Do not try to close already closed fd (Closes: #896781) + * Use dh_missing to act on uninstalled files. + The usage of dh_install --fail-missing has been deprecated. + * meson: Avoid warning about comparison of bool and string. + The result of this is undefined and will become a hard error in a future + Meson release. + * login: Respect --no-wall when cancelling a shutdown request + (Closes: #897938) + * Add dependencies of libsystemd-shared to Pre-Depends. + This is necessary so systemctl is functional at all times during a + dist-upgrade. (Closes: #897986) + * Drop dh_strip override, the dbgsym migration is done + + [ Felipe Sateler ] + * Don't include libmount.h in a header file. + Kernel and glibc headers both use MS_* constants, but are not in sync, so + only one of them can be used at a time. Thus, only import them where + needed. Works around #898743. + + -- Michael Biebl <biebl@debian.org> Sat, 26 May 2018 10:31:29 +0200 + +systemd (238-4) unstable; urgency=medium + + [ Michael Biebl ] + * udev/net-id: Fix check for address to keep interface names stable + * debian/copyright: Move global wildcard section to the top + + [ Martin Pitt ] + * Fix daemon reload failures + + [ Laurent Bigonville ] + * Fix /sys/fs/cgroup mount when using SELinux. + Since v236, all cgroups except /sys/fs/cgroup/systemd and + /sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in + permissive mode). Disabling SELinux completely restores these cgroups. + This patch fixes that issue by no longer making the assumption that those + cgroups are mounted by initrd/dracut before systemd is started. + + -- Michael Biebl <biebl@debian.org> Sun, 01 Apr 2018 13:02:57 +0200 + +systemd (238-3) unstable; urgency=medium + + [ Martin Pitt ] + * Enable systemd-sysusers unit and provide correct Debian static u/gids. + Add a helper script debian/extra/make-sysusers-basic which generates a + sysusers.d(5) file from Debian's static master passwd/group files. + systemd 238 now supports specifying different uid and gid and a + non-default login shell, so this is possible now. (Closes: #888126) + * udev README.Debian: Include initrd rebuild and some clarifications in + migration. + While initrd update is already being mentioned in the introductory + section, it is easy to miss when going through the migration steps, so + explicitly mention it again. Also add a warning about keeping a fallback + on misconfigurations, and the possibility to migrate one interface at a + time. + Thanks to Karl O. Pinc for the suggestions! (Closes: #881769) + + [ Michael Biebl ] + * basic/macros: Rename noreturn into _noreturn_. + "noreturn" is reserved and can be used in other header files we include. + (Closes: #893426) + * units: Fix SuccessAction that belongs to [Unit] section not [Service] + section (Closes: #893282) + + -- Michael Biebl <biebl@debian.org> Tue, 20 Mar 2018 23:22:57 +0100 + +systemd (238-2) unstable; urgency=medium + + [ Alf Gaida ] + * core: do not free stack-allocated strings. + Fixes a crash in systemd when the cpuacct cgroup controller is not + available. (Closes: #892360) + + -- Michael Biebl <biebl@debian.org> Sat, 10 Mar 2018 01:12:47 +0100 + +systemd (238-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 238 + - Fixes systemd-tmpfiles to correctly handle symlinks present in + non-terminal path components. (CVE-2018-6954, Closes: #890779) + * Rebase patches + * Use compat symlinks as provided by upstream. + As the upstream build system now creates those symlinks for us, we no + longer have to create them manually. + * Update symbols file for libsystemd0 + * test-cgroup-util: bail out when running under a buildd environment + + [ Dimitri John Ledkov ] + * systemd-sysv-install: Fix name initialisation. + Only initialise NAME after --root optional argument has been parsed, + otherwise NAME is initialized to e.g. `enable`, instead of to the + `unit-name`, resulting in failures. (LP: #1752882) + + -- Michael Biebl <biebl@debian.org> Wed, 07 Mar 2018 23:21:53 +0100 + +systemd (237-4) unstable; urgency=medium + + [ Gunnar Hjalmarsson ] + * Fix PO template creation. + Cherry-pick upstream patches to build a correct systemd.pot including + the polkit policy files even without policykit-1 being installed. + (LP: #1707898) + + [ Michael Biebl ] + * Drop mask for fuse SysV init script. + The fuse package has removed its SysV init script a long time ago, so + the mask is no longer needed. + * Replace two Debian specific patches which cherry-picks from upstream + master + + -- Michael Biebl <biebl@debian.org> Wed, 28 Feb 2018 19:18:34 +0100 + +systemd (237-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-smoke: More robust journal checking. + Also fail the test if calling journalctl fails, and avoid calling it + twice. See https://github.com/systemd/systemd/pull/8032 + * Simplify PO template creation. + Use the existing upstream build system instead of a manual call to + `intltool-update` and `xgettext` to build systemd.pot. Remove the now + obsolete intltool build dependency, but still explicitly keep gettext. + (LP: #1707898) + * Make systemd-sysv-install robust against existing $ROOT. + Always initialize `$ROOT`, to avoid the script getting confused by an + existing outside env variable. Also fix the `--root` option to actually + work, the previous approach was conceptually broken due to how shell + quoting works. Make the work with `set -u`. (Closes: #890436) + + [ Felipe Sateler ] + * Backport upstream patch fixing a wrong assert() call (Closes: #890423) + + -- Michael Biebl <biebl@debian.org> Wed, 14 Feb 2018 23:07:17 +0100 + +systemd (237-2) unstable; urgency=medium + + * Drop debian/extra/rules/70-debian-uaccess.rules. + Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays. + (Closes: #889665) + * service: relax PID file symlink chain checks a bit. + Let's read the PID file after all if there's a potentially unsafe symlink + chain in place. But if we do, then refuse taking the PID if its outside of + the cgroup. (Closes: #889144) + + -- Michael Biebl <biebl@debian.org> Fri, 09 Feb 2018 23:35:31 +0100 + +systemd (237-1) unstable; urgency=medium + + * New upstream version 237 + * Rebase patches + * Update symbols file for libsystemd0 + * Update Vcs-* to point to https://salsa.debian.org + * Bump Standards-Version to 4.1.3 + * Set Rules-Requires-Root to no + + -- Michael Biebl <biebl@debian.org> Tue, 30 Jan 2018 01:55:24 +0100 + +systemd (236-4) unstable; urgency=medium + + [ Felipe Sateler ] + * Allow systemd-timesyncd to start when libnss-systemd is not installed. + Pick upstream patch requiring the existence of the systemd-timesync user + only when running as root, which is not the case for the system unit. + (Closes: #887343) + + [ Nicolas Braud-Santoni ] + * debian/copyright: Refer to the CC0 license file (Closes: #882629) + + [ Michael Biebl ] + * Add Build-Depends on python3-evdev <!nocheck> + This is used by hwdb/parse_hwdb.py to perform additional validation on + hwdb files. + + -- Michael Biebl <biebl@debian.org> Sun, 28 Jan 2018 22:29:32 +0100 + +systemd (236-3) unstable; urgency=medium + + * Revert "core/execute: RuntimeDirectory= or friends requires mount + namespace" + This was making mounts from SSH sessions invisible to the system. + (Closes: #885325) + + -- Michael Biebl <biebl@debian.org> Thu, 11 Jan 2018 16:46:04 +0100 + +systemd (236-2) unstable; urgency=medium + + * Downgrade priority of libudev1 to optional. + This makes it compliant with recent versions of debian-policy which + recommends to use priority optional for library packages. + * Clarify NEWS entry about removal of system users. + Mention in the recent NEWS entry that the associated system groups + should be removed as well. (Closes: #885061) + * cryptsetup-generator: Don't mistake NULL input as OOM. + Fixes systemd-cryptsetup-generator failing to run during boot. + (Closes: #885201) + * analyze: Use normal bus connection for "plot" verb. + Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506) + * Stop re-enabling systemd services on every upgrade. + This was done so changes to the [Install] section would be applied on + upgrades. Forcefully re-enabling a service might overwrite local + modifications though and thus far, none of the affected services did + actually change its [Install] section. So remove this code from the + maintainer scripts as it was apparently doing more harm then good. + (Closes: #869354) + + -- Michael Biebl <biebl@debian.org> Tue, 02 Jan 2018 00:35:14 +0100 + +systemd (236-1) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/upstream: Only show ≥ warning in journal dumps. + Showing the entire debug log is too hard to scan visually, and most of + the time the warnings and errors are sufficient to explain a failure. + Put the journal files into the artifacts though, in case the debug + information is necessary. + + [ Michael Biebl ] + * New upstream version 236 + - nspawn: Adjust path to static resolv.conf to support split usr. + (Closes: #881310) + - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel. + (Closes: #881823) + - core: Fix segfault in compile_bind_mounts() when BindPaths= or + BindReadOnlyPaths= is set. (Closes: #883380) + - meson: Link NSS modules with -z nodelete to fix memory leak in + nss-systemd. (Closes: #883407) + - logind: Make sure we don't acces m->action_what if it's not initialized. + (Closes: #882270) + - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245) + - core: Be more defensive if we can't determine per-connection socket + peer. (Closes: #879603) + - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether + cgroup/bpf is available. (Closes: #878965) + * Rebase patches + * Update symbols file for libsystemd0 + * Bump Standards-Version to 4.1.2 + * Clean up old /var/lib/systemd/clock on upgrade. + The clock file used by systemd-timesyncd is now stored in + StateDirectory=systemd/timesync. (Closes: #883605) + * Stop creating systemd-timesync system user. + DynamicUser=yes has been enabled for systemd-timesyncd.service so + allocating a system user statically is no longer necessary. + * Document removal of systemd-{timesync,journal-gateway,journal-upload} user. + We no longer create those system users as the corresponding services now + use DynamicUser=yes. Removing those system users automatically is tricky, + as the relevant services might be running during upgrade. Add a NEWS + entry instead which documents this change. + * Revert "udev-rules: Permission changes for /dev/dri/renderD*" + This would introduce a new system group "render". As the name is rather + generic, this needs further discussion first, so revert this change for + now. + + -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:45:51 +0100 + +systemd (235-3) unstable; urgency=medium + + [ Michael Biebl ] + * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7 + Package-Type is recognized as an official field name. + * Install modprobe configuration file to /lib/modprobe.d. + Otherwise it is not read by kmod. (Closes: #879191) + + [ Felipe Sateler ] + * Backport upstream (partial) fix for combined DynamicUser= + User= + UID was not allowed to be different to GID, which is normally the case in + debian, due to the group users being allocated the GID 100 without an + equivalent UID 100 being allocated. + * Backport upstream patches to fully make DynamicUser=yes + static, + pre-existing User= work. + + [ Martin Pitt ] + * Add missing python3-minimal dependency to systemd-tests + * Drop long-obsolete systemd-bus-proxy system user + systemd-bus-proxy hasn't been shipped since before stretch and never + created any files. Thus clean up the obsolete system user on upgrades. + (Closes: #878182) + * Drop static systemd-journal-gateway system user + systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need + to create this statically any more. Don't remove the user on upgrades + though, as there is likely still be a running process. (Closes: #878183) + * Use DynamicUser= for systemd-journal-upload.service. + * Add Recommends: libnss-systemd to systemd-sysv. + This is useful to actually be able to resolve dynamically created system + users with DynamicUser=true. This concept is going to be used much more + in future versions and (hopefully) third-party .services, so pulling it + into the default installation seems prudent now. + * resolved: Fix loop on packets with pseudo dns types. + (CVE-2017-15908, Closes: #880026, LP: #1725351) + * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps. + Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965) + * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348) + + -- Martin Pitt <mpitt@debian.org> Wed, 15 Nov 2017 09:34:00 +0100 + +systemd (235-2) unstable; urgency=medium + + * Revert "tests: when running a manager object in a test, migrate to private + cgroup subroot first" + This was causing test suite failures when running inside a chroot. + + -- Michael Biebl <biebl@debian.org> Wed, 11 Oct 2017 00:46:07 +0200 + +systemd (235-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 235 + - cryptsetup-generator: use remote-cryptsetup.target when _netdev is + present (Closes: #852534) + - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638) + - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready + (Closes: #869995) + - exec-util,conf-files: skip non-executable files in execute_directories() + (Closes: #867902) + - man: update udevadm -y/--sysname-match documentation (Closes: #865081) + - tmpfiles: silently ignore any path that passes through autofs + (Closes: #805553) + - shared: end string with % if one was found at the end of a expandible + string (Closes: #865450) + * Refresh patches + * Bump Build-Depends on libmount-dev to (>= 2.30) + * Install new modprobe.d config file + * Bump Standards-Version to 4.1.1 + + [ Martin Pitt ] + * Merge logind-kill-off autopkgtest into logind test. + This was horribly inefficient as a separate test (from commit + 6bd0dab41e), as that cost two VM resets plus accompanying boots; and + this does not change any state thus does not require this kind of + isolation. + + -- Michael Biebl <biebl@debian.org> Tue, 10 Oct 2017 18:29:28 +0200 + +systemd (234-3) unstable; urgency=medium + + [ Martin Pitt ] + * Various fixes for the upstream autopkgtest. + + [ Felipe Sateler ] + * Add fdisk to the dependencies of the upstream autopkgtest. + The upstream autopkgtest uses sfdisk, which is now in the non-essential + fdisk package. (Closes: #872119) + * Disable nss-systemd on udeb builds + * Correctly disable resolved on udeb builds + * Help fix collisions in libsystemd-shared symbols by versioning them. + Backport upstream patch to version the symbols provided in the private + library, so that they cannot confuse unversioned pam modules or libraries + linked into them. (Closes: #873708) + + [ Dimitri John Ledkov ] + * Cherrypick upstream networkd-test.py assertion/check fixes. + This resolves ADT test suite failures, when running tests under lxc/lxd + providers. + * Cherrypick arm* seccomp fixes. + This should resolve ADT test failures, on arm64, when running as root. + * Disable KillUserProcesses, yet again, with meson this time. + * initramfs-tools: trigger udevadm add actions with subsystems first. + This updates the initramfs-tools init-top udev script to trigger udevadm + actions with type specified. This mimics the systemd-udev-trigger.service. + Without type specified only devices are triggered, but triggering + subsystems may also be required and should happen before triggering the + devices. This is the case for example on s390x with zdev generated udev + rules. (LP: #1713536) + + [ Michael Biebl ] + * (Re)add --quiet flag to addgroup calls. + This is now safe with adduser having been fixed to no longer suppress + fatal error messages if --quiet is used. (Closes: #837871) + * Switch back to default GCC (Closes: #873661) + * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf. + All major NTP implementations ship a native service file nowadays with a + Conflicts=systemd-timesyncd.service so this drop-in is no longer + necessary. (Closes: #873185) + + -- Michael Biebl <biebl@debian.org> Mon, 04 Sep 2017 00:17:00 +0200 + +systemd (234-2.3) unstable; urgency=high + + * Non-maintainer upload. + * Also switch to g++-6 temporarily (needed for some tests): + - Add g++-6 to Build-Depends + - Export CXX = g++-6 + + -- Cyril Brulebois <kibi@debian.org> Thu, 24 Aug 2017 02:40:53 +0200 + +systemd (234-2.2) unstable; urgency=high + + * Non-maintainer upload. + * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el, + apparently due to a gcc-7 bug (See: #871514): + - Add gcc-6 to Build-Depends in debian/control + - Export CC = gcc-6 in debian/rules + + -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 22:53:09 +0000 + +systemd (234-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical + version of the Debian Installer, as no key presses or mouse events get + processed (Closes: #872598). + + -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 20:41:33 +0200 + +systemd (234-2) unstable; urgency=medium + + [ Martin Pitt ] + * udev README.Debian: Fix name of example *.link file + + [ Felipe Sateler ] + * test-condition: Don't assume that all non-root users are normal users. + Automated builders may run under a dedicated system user, and this test + would fail that. + + [ Michael Biebl ] + * Revert "units: Tell login to preserve environment" + Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is + not unsetting the variables but instead sets it to an empty var. Passing + that environment to login messes up the system locale settings and + breaks programs like gpg-agent. + (Closes: #868695) + + -- Michael Biebl <biebl@debian.org> Thu, 20 Jul 2017 15:13:42 +0200 + +systemd (234-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 234 + - tmpfiles: Create /var/log/lastlog if it does not exist. + (Closes: #866313) + - network: Bridge vlan without PVID. (Closes: #859941) + * Rebase patches + * Switch build system from autotools to meson. + Update the Build-Depends accordingly. + * Update fsckd patch for meson + * udev autopkgtest: no longer install test-udev binary manually. + This is now done by the upstream build system. + * Update symbols file for libsystemd0 + * Update lintian override for systemd-tests. + Upstream now installs manual and unsafe tests in subdirectories of + /usr/lib/systemd/tests/, so ignore those as well. + * Bump Standards-Version to 4.0.0 + * Change priority of libnss-* packages from extra to optional. + * Use UTF-8 locale when building the package. + Otherwise meson will be pretty unhappy when trying to process files with + unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed + to be available everywhere. + * Mark test-timesync as manual. + The test tries to setup inotify watches for /run/systemd/netif/links + which fails in a buildd environment where systemd is not active. + * Do not link udev against libsystemd-shared. + We ship udev in a separate binary package, so can't use + libsystemd-shared, which is part of the systemd binary package. + * Avoid requiring a "kvm" system group. + This group is not universally available and as a result generates a + warning during boot. As kvm is only really useful if the qemu package is + installed and this package already takes care of setting up the proper + permissions for /dev/kvm, drop this rule from 50-udev-default.rules. + + [ Martin Pitt ] + * udev README.Debian: Update transitional rules and mention *.link files. + - 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules + - /etc/systemd/network/50-virtio-kernel-names.link is an upgrade + transition for VMs with virtio + - Describe *.link files as a simpler/less error prone (but also less + flexible) way of customizing interface names. (Closes: #868002) + + -- Michael Biebl <biebl@debian.org> Thu, 13 Jul 2017 17:38:28 +0200 + +systemd (233-10) unstable; urgency=medium + + [ Martin Pitt ] + * Adjust var-lib-machines.mount target. + Upstream PR #6095 changed the location to + {remote-fs,machines}.target.wants, so just install all available ones. + + [ Dimitri John Ledkov ] + * Fix out-of-bounds write in systemd-resolved. + CVE-2017-9445 (Closes: #866147, LP: #1695546) + + [ Michael Biebl ] + * Be truly quiet in systemctl -q is-enabled (Closes: #866579) + * Improve RLIMIT_NOFILE handling. + Use /proc/sys/fs/nr_open to find the current limit of open files + compiled into the kernel instead of using a hard-coded value of 65536 + for RLIMIT_NOFILE. (Closes: #865449) + + [ Nicolas Braud-Santoni ] + * debian/extra/rules: Use updated U2F ruleset. + This ruleset comes from Yubico's libu2f-host. (Closes: #824532) + + -- Michael Biebl <biebl@debian.org> Mon, 03 Jul 2017 18:51:58 +0200 + +systemd (233-9) unstable; urgency=medium + + * hwdb: Use path_join() to generate the hwdb_bin path. + This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having + double slashes in the path makes selabel_lookup_raw() return the wrong + context. (Closes: #851933) + * Drop no longer needed Breaks against usb-modeswitch + * Drop Breaks for packages shipping rcS init scripts. + This transition was completed in stretch. + + -- Michael Biebl <biebl@debian.org> Mon, 19 Jun 2017 15:10:14 +0200 + +systemd (233-8) experimental; urgency=medium + + * Bump debhelper compatibility level to 10 + * Drop versioned Build-Depends on dpkg-dev. + It's no longer necessary as even Jessie ships a new enough version. + * timesyncd: don't use compiled-in list if FallbackNTP has been configured + explicitly (Closes: #861769) + * resolved: fix null pointer p->question dereferencing. + This fixes a bug which allowed a remote DoS (daemon crash) via a crafted + DNS response with an empty question section. + Fixes: CVE-2017-9217 (Closes: #863277) + + -- Michael Biebl <biebl@debian.org> Mon, 29 May 2017 14:12:08 +0200 + +systemd (233-7) experimental; urgency=medium + + [ Michael Biebl ] + * basic/journal-importer: Fix unaligned access in get_data_size() + (Closes: #862062) + * ima: Ensure policy exists before asking the kernel to load it + (Closes: #863111) + * Add Depends: procps to systemd. + It's required by /usr/lib/systemd/user/systemd-exit.service which calls + /bin/kill to stop the systemd --user instance. (Closes: #862292) + * service: Serialize information about currently executing command + (Closes: #861157) + * seccomp: Add clone syscall definitions for mips (Closes: #861171) + + [ Dimitri John Ledkov ] + * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605) + + [ Felipe Sateler ] + * Specify nobody user and group. + Otherwise nss-systemd will translate to group 'nobody', which doesn't + exist on debian systems. + + -- Michael Biebl <biebl@debian.org> Wed, 24 May 2017 12:26:18 +0200 + +systemd (233-6) experimental; urgency=medium + + [ Felipe Sateler ] + * Backport upstream PR #5531. + This delays opening the mdns and llmnr sockets until a network has enabled + them. This silences annoying messages when networkd receives such packets + without expecting them: Got mDNS UDP packet on unknown scope. + + [ Martin Pitt ] + * resolved: Disable DNSSEC by default on stretch and zesty. + Both Debian stretch and Ubuntu zesty are close to releasing, switch to + DNSSEC=off by default for those. Users can still turn it back on with + DNSSEC=allow-downgrade (or even "yes"). + + [ Michael Biebl ] + * Add Conflicts against hal. + Since v183, udev no longer supports RUN+="socket:". This feature is + still used by hal, but now generates vast amounts of errors in the + journal. Thus force the removal of hal by adding a Conflicts to the udev + package. This is safe, as hal is long dead and no longer useful. + * Drop systemd-ui Suggests + systemd-ui is unmaintained upstream and not particularly useful anymore. + * journal: fix up syslog facility when forwarding native messages. + Native journal messages (_TRANSPORT=journal) typically don't have a + syslog facility attached to it. As a result when forwarding the + messages to syslog they ended up with facility 0 (LOG_KERN). + Apply syslog_fixup_facility() so we use LOG_USER instead. + (Closes: #837893) + * Split upstream tests into systemd-tests binary package (Closes: #859152) + * Get PACKAGE_VERSION from config.h. + This also works with meson and is not autotools specific. + + [ Sjoerd Simons ] + * init-functions Only call daemon-reload when planning to redirect + systemctl daemon-reload is a quite a heavy operation, it will re-parse + all configuration and re-run all generators. This should only be done + when strictly needed. (Closes: #861158) + + -- Michael Biebl <biebl@debian.org> Fri, 28 Apr 2017 21:47:14 +0200 + +systemd (233-5) experimental; urgency=medium + + * Do not throw a warning in emergency and rescue mode if plymouth is not + installed. + Ideally, plymouth should only be referenced via dependencies, not + ExecStartPre. This at least avoids the confusing error message on + minimal installations that do not carry plymouth. + * rules: Allow SPARC vdisk devices when identifying CD drives + (Closes: #858014) + + -- Michael Biebl <biebl@debian.org> Tue, 21 Mar 2017 21:00:08 +0100 + +systemd (233-4) experimental; urgency=medium + + [ Martin Pitt ] + * udev autopkgtest: Drop obsolete sys.tar.xz fallback. + This was only necessary for supporting 232 as well. + * root-unittest: Drop obsolete FIXME comment. + * Add libpolkit-gobject-1-dev build dep for polkit version detection. + * Move systemd.link(5) to udev package. + .link files are being handled by udev, so it should ship the + corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270) + + [ Michael Biebl ] + * Restart journald on upgrades (Closes: #851438) + * Avoid strict DM API versioning. + Compiling against the dm-ioctl.h header as provided by the Linux kernel + will embed the DM interface version number. Running an older kernel can + lead to errors on shutdown when trying to detach DM devices. + As a workaround, build against a local copy of dm-ioctl.h based on 3.13, + which is the minimum required version to support DM_DEFERRED_REMOVE. + (Closes: #856337) + + -- Michael Biebl <biebl@debian.org> Thu, 16 Mar 2017 18:40:16 +0100 + +systemd (233-3) experimental; urgency=medium + + [ Michael Biebl ] + * Install D-Bus policy files in /usr + * Drop no longer needed maintainer scripts migration code and simplify + various version checks + * Fix location of installed tests + * Override package-name-doesnt-match-sonames lintian warning for libnss-* + * Don't ship any symlinks in /etc/systemd/system. + Those should be created dynamically via "systemctl enable". + + [ Martin Pitt ] + * root-unittests autopkgtest: Skip test-udev. + It has its own autopkgtest and needs some special preparation. At some + point that should be merged into root-unittests, but let's quickfix this + to unbreak upstream CI. + + -- Michael Biebl <biebl@debian.org> Fri, 03 Mar 2017 19:49:44 +0100 + +systemd (233-2) experimental; urgency=medium + + * test: skip instead of fail if crypto kmods are not available. + The Debian buildds have module loading disabled, thus AF_ALG sockets are + not available during build. Skip the tests that cover those (khash and + id128) instead of failing them in this case. + https://github.com/systemd/systemd/issues/5524 + + -- Martin Pitt <mpitt@debian.org> Fri, 03 Mar 2017 11:51:25 +0100 + +systemd (233-1) experimental; urgency=medium + + [ Martin Pitt ] + * New upstream release 233: + - udev: Remove /run/udev/control on stop to avoid sendsigs to kill + udevd. (Closes: #791944) + - nspawn: Handle container directory symlinks. (Closes: #805785) + - Fix mount units to not become "active" when NFS mounts time out. + (Closes: #835810) + - hwdb: Rework path/priority comparison when loading files from /etc/ + vs. /lib. (Closes: #845442) + - machinectl: Fix "list" command when failing to determine OS version. + (Closes: #849316) + - Support tilegx architecture. (Closes: #856306) + - systemd-sleep(8): Point out inhibitor interface as better alternative + for suspend integration. (Closes: #758279) + - journalctl: Improve error message wording when specifying boot + offset with ephemeral journal. (Closes: #839291) + * Install new systemd-umount and /usr/lib/environment.d/ + * Use "make install-tests" for shipped unit tests + * Switch back to gold linker on mips* + Bug #851736 got fixed now. + * debian/rules: Drop obsolete SETCAP path + + [ Michael Biebl ] + * Drop upstart jobs for udev + * Drop /sbin/udevadm compat symlink from udev-udeb and initramfs + * Drop Breaks and Replaces from pre-jessie + + -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 17:10:09 +0100 + +systemd (232-19) unstable; urgency=medium + + [ Martin Pitt ] + * debian/README.source: Update patch and changelog handling to current + reality. + * root-unittests autopkgtest: Blacklist test-journal-importer. + This got added in a recent PR, but running this requires using "make + install-tests" which hasn't landed yet. + * fsckd: Fix format specifiers on 32 bit architectures. + * resolved: Fix NSEC proofs for missing TLDs (Closes: #855479) + * boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy. + * boot-smoke autopkgtest: Run in containers, too. + * logind autopkgtest: Adjust to work in containers. + + [ Dimitri John Ledkov ] + * Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031) + * Fix emitting change signals with a sessions property in logind + (LP: #1661568) + + [ Michael Biebl ] + * If an automount unit is masked, don't react to activation anymore. + Otherwise we'll hit an assert sooner or later. (Closes: #856035) + + [ Felipe Sateler ] + * resolved: add the new KSK to the built-in resolved trust anchor. + The old root key will be discarded in early 2018, so get this into + stretch. + * Backport some zsh completion fixes from upstream (Closes: #847203) + + -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 09:21:12 +0100 + +systemd (232-18) unstable; urgency=medium + + * udev autopkgtest: Adjust to script-based test /sys creation. + PR #5250 changes from the static sys.tar.xz to creating the test /sys + directory with a script. Get along with both cases until 233 gets + released and packaged. + * systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is + not installed. ReadWritePaths= fails by default if the referenced + directory does not exist. This happens if resolvconf is not installed, so + use '-' to ignore the absence. (Closes: #854814) + * Fix two more seccomp issues. + * Permit seeing process list of units whose unit files are missing. + * Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set. + (Closes: #855050) + + -- Martin Pitt <mpitt@debian.org> Mon, 13 Feb 2017 17:36:12 +0100 + +systemd (232-17) unstable; urgency=medium + + * Add libcap2-bin build dependency for tests. This will make + test_exec_capabilityboundingset() actually run. (Closes: #854394) + * Add iproute2 build dependency for tests. This will make + test_exec_privatenetwork() actually run; it skips if "ip" is not present. + (Closes: #854396) + * autopkgtest: Run all upstream unit tests as root. + Ship all upstream unit tests in libsystemd-dev, and run them all as root + in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp + architectures. + * systemd-resolved.service.d/resolvconf.conf: Allow writing to + /run/resolvconf. Upstream PR #5283 will introduce permission restrictions + for systemd-resolved.service, including the lockdown to writing + /run/systemd/. This will then cause the resolvconf call in our drop-in to + fail as that needs to write to /run/resolvconf/. Add this to + ReadWritePaths=. (This is a no-op with the current unrestricted unit). + + -- Martin Pitt <mpitt@debian.org> Fri, 10 Feb 2017 11:52:46 +0100 + +systemd (232-16) unstable; urgency=medium + + [ Martin Pitt ] + * Add autopkgtest for test-seccomp + * udev: Fix by-id symlinks for devices whose IDs contain whitespace + (Closes: #851164, LP: #1647485) + * Add lintian overrides for binary-or-shlib-defines-rpath on shipped test + programs. This is apparently a new lintian warning on which uploads get + rejected. These are only test programs, not in $PATH, and they need to + link against systemd's internal library. + + [ Michael Biebl ] + * Fix seccomp filtering. (Closes: #852811) + * Do not crash on daemon-reexec when /run is full (Closes: #850074) + + -- Martin Pitt <mpitt@debian.org> Thu, 09 Feb 2017 16:22:43 +0100 + +systemd (232-15) unstable; urgency=medium + + * Add missing Build-Depends on tzdata. + It is required to successfully run the test suite. (Closes: #852883) + * Bump systemd Breaks to ensure it is upgraded in lockstep with udev. + The sandboxing features used by systemd-udevd.service require systemd + (>= 232-11). (Closes: #853078) + * Bump priority of libpam-systemd to standard. + This reflects the changes that have been made in the archive a while + ago. See #803184 + + -- Michael Biebl <biebl@debian.org> Wed, 01 Feb 2017 22:45:35 +0100 + +systemd (232-14) unstable; urgency=medium + + * Deal with NULL pointers more gracefully in unit_free() (Closes: #852202) + * Fix issues in journald during startup + + -- Michael Biebl <biebl@debian.org> Mon, 23 Jan 2017 14:52:46 +0100 + +systemd (232-13) unstable; urgency=medium + + * Re-add versioned Conflicts/Replaces against upstart. + In Debian the upstart package was never split into upstart and + upstart-sysv, so we need to keep that for switching from upstart to + systemd-sysv. (Closes: #852156) + * Update Vcs-* according to the latest recommendation + * Update Homepage and the URLs in debian/copyright to use https + + -- Michael Biebl <biebl@debian.org> Sun, 22 Jan 2017 08:19:28 +0100 + +systemd (232-12) unstable; urgency=medium + + * Fix build if seccomp support is disabled + * Enable seccomp support on ppc64 + + -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 19:43:51 +0100 + +systemd (232-11) unstable; urgency=medium + + [ Martin Pitt ] + * Fix RestrictAddressFamilies= + Backport upstream fix for setting up seccomp filters to fix + RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from + debian/rules to remove this property from unit files. + See #843160 + * Use local machine-id for running tests during package build. + Since "init" and thus "systemd" are not part of debootstrap any more, + some buildd chroots don't have an /etc/machine-id any more. Port the old + Add-env-variable-for-machine-ID-path.patch to the current code, use a + local machine-id again, and always make test suite failures fatal. + (Closes: #851445) + + [ Michael Biebl ] + * gpt-auto-generator: support LUKS encrypted root partitions + (Closes: #851475) + * Switch to bfd linker on mips* + The gold linker is currently producing broken libraries on mips* + resulting in segfaults for users of libsystemd. Switch to bfd until + binutils has been fixed. (Closes: #851412) + * Revert "core: turn on specifier expansion for more unit file settings" + The expansion of the % character broke the fstab-generator and + specifying the tmpfs size as percentage of physical RAM resulted in the + size being set to 4k. (Closes: #851492) + * Drop obsolete Conflicts, Breaks and Replaces + * Require systemd-shim version which supports v232. + See #844785 + + [ Ondřej Nový ] + * Redirect try-restart in init-functions hook (Closes: #851688) + + -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 12:38:54 +0100 + +systemd (232-10) unstable; urgency=medium + + * Add NULL sentinel to strjoin. + We haven't cherry-picked upstream commit 605405c6c which introduced a + strjoin macro that adds the NULL sentinel automatically so we need to do + it manually. (Closes: #851210) + + -- Michael Biebl <biebl@debian.org> Fri, 13 Jan 2017 05:08:55 +0100 + +systemd (232-9) unstable; urgency=medium + + * Use --disable-wheel-group configure switch. + Instead of mangling the tmpfiles via sed to remove the wheel group, use + the configure switch which was added upstream in v230. + See https://github.com/systemd/systemd/issues/2492 + * Update debian/copyright. + Bob Jenkins released the lookup3.[ch] files as public domain which means + there is no copyright holder. + * Drop fallback for older reportbug versions when attaching files + * debian/extra/init-functions.d/40-systemd: Stop checking for init env var. + This env variable is no longer set when systemd executes a service so + it's pointless to check for it. + * debian/extra/init-functions.d/40-systemd: Stop setting + _SYSTEMCTL_SKIP_REDIRECT=true. + It seems we don't actually need it to detect recursive loops (PPID is + sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into + the runtime environment of the service. (Closes: #802018) + * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT. + Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more + consistent with other environment variables which are used internally by + systemd, like SYSTEMCTL_SKIP_SYSV. + * Various specifier resolution fixes. + Turn on specifier expansion for more unit file settings. + See https://github.com/systemd/systemd/pull/4835 (Closes: #781730) + + -- Michael Biebl <biebl@debian.org> Thu, 12 Jan 2017 16:59:22 +0100 + +systemd (232-8) unstable; urgency=medium + + [ Martin Pitt ] + * Drop systemd dependency from libnss-myhostname again. + This NSS module is completely independent from systemd, unlike the other + three. + * Install 71-seat.rules into the initrd. + This helps plymouth to detect applicable devices. (Closes: #756109) + * networkd: Fix crash when setting routes. + * resolved: Drop removal of resolvconf entry on stop. + This leads to timeouts on shutdown via the resolvconf hooks and does not + actually help much -- /etc/resolv.conf would then just be empty instead of + having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved + in a running system is broken either way. (LP: #1648068) + * Keep RestrictAddressFamilies on amd64. + This option and libseccomp currently work on amd64 at least, so let's make + sure it does not break there as well, and benefit from the additional + protection at least on this architecture. + * Explicitly set D-Bus policy dir. + This is about to change upstream in + https://github.com/systemd/systemd/pull/4892, but as explained in commit + 2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1. + + [ Michael Biebl ] + * doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604) + * core: Rework logic to determine when we decide to add automatic deps for + mounts. This adds a concept of "extrinsic" mounts. If mounts are + extrinsic we consider them managed by something else and do not add + automatic ordering against umount.target, local-fs.target, + remote-fs.target. (Closes: #818978) + * rules: Add persistent links for nbd devices. (Closes: #837999) + + -- Michael Biebl <biebl@debian.org> Sat, 17 Dec 2016 01:54:18 +0100 + +systemd (232-7) unstable; urgency=medium + + [ Michael Biebl ] + * Mark liblz4-tool build dependency as <!nocheck> + * udev: Try mount -n -o move first + initramfs-tools is not actually using util-linux mount (yet), so making + mount -n --move the first alternative would trigger an error message if + users have built their initramfs without busybox support. + + [ Alexander Kurtz ] + * debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary + variable. (Closes: #845977) + + [ Martin Pitt ] + * Drop systemd-networkd's "After=dbus.service" ordering, so that it can + start during early boot (for cloud-init.service). It will auto-connect to + D-Bus once it becomes available later, and transient (from DHCP) hostname + and timezone setting do not currently work anyway. (LP: #1636912) + * Run hwdb/parse_hwdb.py during package build. + * Package libnss-systemd + * Make libnss-* depend on the same systemd package version. + + -- Martin Pitt <mpitt@debian.org> Wed, 30 Nov 2016 14:38:36 +0100 + +systemd (232-6) unstable; urgency=medium + + * Add policykit-1 test dependency for networkd-test.py. + * debian/rules: Don't destroy unit symlinks with sed -i. + Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies= + from units. This also caused unit symlinks to get turned into real files, + causing D-Bus activated services like timedated to fail ("two units with + the same D-Bus name"). + * Fall back to "mount -o move" in udev initramfs script + klibc's mount does not understand --move, so for the time being we need to + support both variants. (Closes: #845161) + * debian/README.Debian: Document how to generate a shutdown log. + Thanks 積丹尼 Dan Jacobson. (Closes: #826297) + + -- Martin Pitt <mpitt@debian.org> Mon, 21 Nov 2016 10:39:57 +0100 + +systemd (232-5) unstable; urgency=medium + + * Add missing liblz4-tool build dependency. + Fixes test-compress failure during package build. + * systemd: Ship /var/lib. + This will soon contain a polkit pkla file. + + -- Martin Pitt <mpitt@debian.org> Sun, 20 Nov 2016 12:22:52 +0100 + +systemd (232-4) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/unit-config: Query pkg-config for system unit dir. + This fixes confusion on merged-/usr systems where both /usr/lib/systemd and + /lib/systemd exist. It's actually useful to verify that systemd.pc says the + truth. + * debian/tests/upstream: Fix clobbering of merged-/usr symlinks + * debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary + * debian/rules: Drop check for linking to libs in /usr. + This was just an approximation, as booting without an initrd could still be + broken by library updates (e. g. #828991). With merged /usr now being the + default this is now completely moot. + * Move kernel-install initrd script to a later prefix. + 60- does not leave much room for scripts that want to run before initrd + building (which is usually one of the latest things to do), so bump to 85. + Thanks to Sjoerd Simons for the suggestion. + * Disable 99-default.link instead of the udev rule for disabling persistent + interface names. + Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be + set any more, which breaks 80-container-ve.network and matching on driver + name in general. So disable the actual default link policy instead. Still + keep testing for 80-net-setup-link.rules in the upgrade fix and + 73-usb-net-by-mac.rules to keep the desired behaviour on systems which + already disabled ifnames via that udev rule. + See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html + * debian/tests/boot-and-services: Always run seccomp test + seccomp is now available on all architectures on which Debian and Ubuntu + run tests, so stop making this test silently skip if seccomp is disabled. + * Bump libseccomp build dependency as per configure.ac. + * Replace "Drop RestrictAddressFamilies=" patch with sed call. + With that it will also apply to upstream builds/CI, and it is structurally + simpler. + * Rebuild against libseccomp with fixed shlibs. (Closes: #844497) + + [ Michael Biebl ] + * fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989) + * build-sys: do not install ctrl-alt-del.target symlink twice. + (Closes: #844039) + * Enable lz4 support. + While the compression rate is not as good as XZ, it is much faster, so a + better default for the journal and especially systemd-coredump. + (Closes: #832010) + + [ Felipe Sateler ] + * Enable machines.target by default. (Closes: #806787) + + [ Evgeny Vereshchagin ] + * debian/tests/upstream: Print all journal files. + We don't print all journal files. This is misleading a bit: + https://github.com/systemd/systemd/pull/4331#issuecomment-252830790 + https://github.com/systemd/systemd/pull/4395#discussion_r87948836 + + [ Luca Boccassi ] + * Use mount --move in initramfs-tools udev script. + Due to recent changes in busybox and initramfs-tools the mount + utility is no longer the one from busybox but from util-linux. + The latter does not support mount -o move. + The former supports both -o move and --move, so use it instead to be + compatible with both. + See this discussion for more details: + https://bugs.debian.org/823856 (Closes: #844775) + + -- Michael Biebl <biebl@debian.org> Sun, 20 Nov 2016 03:34:58 +0100 + +systemd (232-3) unstable; urgency=medium + + [ Felipe Sateler ] + * Make systemd-delta less confused on merged-usr systems. (Closes: #843070) + * Fix wrong paths for /bin/mount when compiled on merged-usr system. + Then the build system finds /usr/bin/mount which won't exist on a + split-/usr system. Set the paths explicitly in debian/rules and drop + Use-different-default-paths-for-various-binaries.patch. (Closes: #843433) + + [ Martin Pitt ] + * debian/tests/logind: Split out "pid in logind session" test + * debian/tests/logind: Adjust "in logind session" test for unified cgroup + hierarchy + * debian/tests/boot-and-services: Check common properties of CLI programs. + Verify that CLI programs have a sane behaviour and exit code when being + called with --help, --version, or an invalid option. + * nspawn: Fix exit code for --help and --version (Closes: #843544) + * core: Revert using the unified hierarchy for the systemd cgroup. + Too many things don't get along with it yet, like docker, LXC, or runc. + (Closes: #843509) + + -- Martin Pitt <mpitt@debian.org> Wed, 09 Nov 2016 09:34:45 +0100 + +systemd (232-2) unstable; urgency=medium + + * Drop RestrictAddressFamilies from service files. + RestrictAddressFamilies= is broken on 32bit architectures and causes + various services to fail with a timeout, including + systemd-udevd.service. + While this might actually be a libseccomp issue, remove this option for + now until a proper solution is found. (Closes: #843160) + + -- Michael Biebl <biebl@debian.org> Sat, 05 Nov 2016 22:43:27 +0100 + +systemd (232-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release 232: + - Fix "systemctl start" when ReadWriteDirectories is a symlink + (Closes: ##792187) + - Fix "journalctl --setup-keys" output (Closes: #839097) + - Run run sysctl service if /proc/sys/net is writable, for containers + (Closes: #840529) + - resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors + (Closes: #834453) + * debian/tests/logind: Copy the current on-disk unit instead of the + on-memory one. + * Build sd-boot on arm64. gnu-efi is available on arm64 now. + (Closes: #842617) + * Link test-seccomp against seccomp libs to fix FTBFS + * debian/rules: Remove nss-systemd (until we package it) + * Install new systemd-mount + + [ Michael Biebl ] + * Install new journal-upload.conf man pages in systemd-journal-remote + + -- Martin Pitt <mpitt@debian.org> Fri, 04 Nov 2016 07:18:10 +0200 + +systemd (231-10) unstable; urgency=medium + + [ Martin Pitt ] + * systemctl: Add --wait option to wait until started units terminate again. + * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors. + This makes it possible to configure a fallback to "dns" without breaking + DNSSEC, with "resolve [!UNAVAIL=return] dns". + * libnss-resolve.postinst: Skip dns fallback if resolve is present. + Only fall back to "dns" if nss-resolve is not installed (for the + architecture of the calling program). Once it is, we never want to fall + back to "dns" as that breaks enforcing DNSSEC verification and also + pointlessly retries NXDOMAIN failures. (LP: #1624071) + * unit: sent change signal before removing the unit if necessary + (LP: #1632964) + * networkd: Fix assertion crash on adding VTI with IPv6 addresses + (LP: #1633274) + * debian/tests/upstream: Stop specifying initrd, it is autodetected now. + * debian/tests/upstream: Add gcc/libc-dev/make test dependencies, + so that the tests can build helper binaries. + + [ Felipe Sateler ] + * Explicitly disable installing the upstream-provided PAM configuration. + * Register interest in the status of dracut and initramfs-tools in reportbug + template + + [ Michael Biebl ] + * Stop creating systemd-update-utmp-runlevel.service symlinks manually + + -- Martin Pitt <mpitt@debian.org> Wed, 26 Oct 2016 13:24:37 +0200 + +systemd (231-9) unstable; urgency=medium + + * pid1: process zero-length notification messages again. + Just remove the assertion, the "n" value was not used anyway. This fixes + a local DoS due to unprocessed/unclosed fds which got introduced by the + previous fix. (Closes: #839171) (LP: #1628687) + * pid1: Robustify manager_dispatch_notify_fd() + * test/networkd-test.py: Add missing writeConfig() helper function. + + -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 23:39:24 +0200 + +systemd (231-8) unstable; urgency=medium + + [ Martin Pitt ] + * Replace remaining systemctl --failed with --state=failed + "--failed" is deprecated in favor of --state. + * debian/shlibs.local.in: More precisely define version of internal shared + lib. + * debian/tests/upstream: Drop blacklisting + These tests now work fine without qemu. + * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737) + * upstream build system: Install libudev, libsystemd, and nss modules to + ${rootlibdir}. Drop downstream workaround from debian/rules. + * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release. + Resolved's DNSSEC support is still not mature enough, and upstream + recommends to disable it in stable distro releases still. + * Fix abort/DoS on zero-length notify message triggers (LP: #1628687) + * resolved: don't query domain-limited DNS servers for other domains + (LP: #1588230) + + [ Antonio Ospite ] + * Update systemd-user pam config to require pam_limits.so. + (Closes: #838191) + + -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 13:40:21 +0200 + +systemd (231-7) unstable; urgency=medium + + [ Michael Biebl ] + * fsckd: Do not exit on idle timeout if there are still clients connected + (Closes: #788050, LP: #1547844) + + [ Martin Pitt ] + * 73-usb-net-by-mac.rules: Split kernel command line import line. + Reportedly this makes the rule actually work on some platforms. Thanks Alp + Toker! (LP: #1593379) + * debian/tests/boot-smoke: Only run 5 iterations + * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt. + Drop corresponding libcap2-bin dependency. + * debian/tests/systemd-fsckd: Robustify check for "unit was running" + (LP: #1624406) + * debian/extra/set-cpufreq: Use powersave with intel_pstate. + This is what we did on xenial, and apparently powersave is still actually + better than performance. Thanks to Doug Smythies for the measurements! + (LP: #1579278) + * Ubuntu: Move ondemand.service from static to runtime enablement. + This makes it easier to keep performance, by disabling ondemand.service. + Side issue in LP: #1579278 + * Revert "networkd: remove route if carrier is lost" + This causes networkd to drop addresses from unmanaged interfaces in some + cases. (Closes: #837759) + * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service + * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well. + (LP: #1625584) + + -- Martin Pitt <mpitt@debian.org> Tue, 20 Sep 2016 15:03:06 +0200 + +systemd (231-6) unstable; urgency=medium + + [ Martin Pitt ] + * Add alternative iptables-dev build dependencies + libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases. + Add it as a fallback build dependency for backports and upstream tests. + * Detect if seccomp is enabled but seccomp filtering is disabled + (Closes: #832713) + * resolved: recognize DNS names with more than one trailing dot as invalid + (LP: #1600000) + * debian/tests/smoke: Store udev db dump artifact on failure + * networkd: limit the number of routes to the kernel limit + * systemctl: consider service running only when it is in active or reloading state + * networkd: remove route if carrier is lost + * Add Ref()/Unref() bus calls for units + + [ Felipe Sateler ] + * git-cherry-pick: always recreate the patch-queue branch. + + [ Dimitri John Ledkov ] + * Use idiomatic variables from dpkg include. + + -- Martin Pitt <mpitt@debian.org> Sun, 11 Sep 2016 15:00:55 +0200 + +systemd (231-5) unstable; urgency=medium + + [ Iain Lane ] + * Let graphical-session-pre.target be manually started (LP: #1615341) + + [ Felipe Sateler ] + * Add basic version of git-cherry-pick + * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream + patch + * sysv-generator: better error reporting. (Closes: #830257) + + [ Martin Pitt ] + * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more + efficiently. Stop calling readlink at all and just test if + /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to + disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e. + empty file), and if the rule is customized we cannot really predict anyway + if the user wants MAC-based USB net names or not. (LP: #1615021) + * Ship kernel-install (Closes: #744301) + * Add debian/extra/kernel-install.d/60-initrd.install. + This kernel-install drop-in copies the initrd of the selected kernel to + the EFI partition. + * bootctl: Automatically detect ESP partition. + This makes bootctl work with Debian's /boot/efi/ mountpoint without having + to explicitly specify --path. + Patches cherry-picked from upstream master. + * systemd.NEWS: Point out that alternatively rcS scripts can be moved to + rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion! + + [ Michael Biebl ] + * Enable iptables support (Closes: #787480) + * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf" + The special 'key handling' inhibitors should always work regardless of + any *IgnoreInhibited settings – otherwise they're nearly useless. + Update man pages to clarify that *KeyIgnoreInhibited only apply to a + subset of locks (Closes: #834148) + + -- Martin Pitt <mpitt@debian.org> Fri, 26 Aug 2016 10:58:07 +0200 + +systemd (231-4) unstable; urgency=medium + + * Revert "pid1: reconnect to the console before being re-executed" + This unbreaks consoles after "daemon-reexec". (Closes: #834367) + + -- Martin Pitt <mpitt@debian.org> Thu, 18 Aug 2016 07:03:13 +0200 + +systemd (231-3) unstable; urgency=medium + + * resolved resolvconf integration: Run resolvconf without privilege + restrictions. On some architectures (at least ppc64el), running resolvconf + does not work with MemoryDenyWriteExecute=yes. (LP: #1609740) + * Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented + through seccomp as well. (Closes: #832713) + + -- Martin Pitt <mpitt@debian.org> Mon, 15 Aug 2016 09:58:09 +0200 + +systemd (231-2) unstable; urgency=medium + + [ Martin Pitt ] + * debian/rules: Fix UPSTREAM_VERSION for upstream master builds + * Limit "link against /usr" check to some critical binaries only and add + generators + * debian/rules: Put back cleanup of *.busname (Closes: #833487) + * debian/tests/localed-x11-keymap: Robustify cleanup + * debian/tests/localed-x11-keymap: Check that localed works without + /etc/default/keyboard. This reproduces #833849. + * Revert "units: add a basic SystemCallFilter (#3471)" + This causes fatal failures on kernels that don't have seccomp enabled. + This can be reactivated once + https://github.com/systemd/systemd/issues/3882 is fixed. + (Closes: #832713, #832893) + + [ Simon McVittie ] + * localed: tolerate absence of /etc/default/keyboard. + The debian-specific patch to read Debian config files was not tolerating + the absence of /etc/default/keyboard. This causes systemd-localed to + fail to start on systems where that file isn't populated (like embedded + systems without keyboards). (Closes: #833849) + + -- Martin Pitt <mpitt@debian.org> Sun, 14 Aug 2016 10:54:57 +0200 + +systemd (231-1) unstable; urgency=low + + [ Martin Pitt ] + * New upstream release 231: + - Fix "Failed to create directory /str/sys/fs/selinux: Read-only file + system" warning. (Closes: #830693) + * systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal + leftover. (Closes: #830778) + * Drop support for rcS.d SysV init scripts. + These are prone to cause dependency loops, and almost all packages with + rcS scripts now ship a native systemd service. + * networkd: Handle router advertisements in userspace again. + Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch. + Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793 + are unreproducible and need more reporter feedback. + * debian/gbp.conf: Enable dch options "full" and "multimaint-merge" + * systemd-sysv: Add Conflicts: systemd-shim. + To avoid shim trying to claim the D-Bus interfaces. + * Add graphical-session.target user unit. + * Add graphical-session-pre.target user unit + * Add debian/extra/units-ubuntu/user@.service.d/timeout.conf. + This avoids long hangs during shutdown if user services fail/hang due to + X.org going away too early. This is mostly a workaround, so only install + for Ubuntu for now. + * Dynamically add upstream version to debian/shlibs.local + * Set Debian/Ubuntu downstream support URL in journal catalogs + (Closes: #769187) + + [ Michael Biebl ] + * Restrict Conflicts: openrc to << 0.20.4-2.1. + Newer versions of openrc no longer ship conflicting implementations of + update-rc.d/invoke-rc.d. + * Add Depends: dbus to systemd-container. + This is required for systemd-machined and systemd-nspawn to work + properly. (Closes: #830575) + * Drop insserv.conf generator. + We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and + augment services with that dependency information via runtime drop-in + files. Services which want to provide certain system facilities need to + pull in the corresponding targets themselves. Either directly in the + native service unit or by shipping a drop-in snippet for SysV init + scripts. (Closes: #825858) + * getty-static.service: Only start if we have a working VC subsystem. + Use ConditionPathExists=/dev/tty0, the same check as in getty@.service, + to determine whether we have a functional VC subsystem and we should + start any gettys. (Closes: #824779) + * Stop mentioning snapshot and restore in the package description. + Support for the .snapshot unit type has been removed upstream. + * Drop sigpwr-container-shutdown.service. + This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3 + to shut down systemd based LXC containers. + https://github.com/lxc/lxc/pull/1086 + https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ + + [ Felipe Sateler ] + * Add versioned breaks for packages shipping rcS init scripts + + -- Martin Pitt <mpitt@debian.org> Tue, 26 Jul 2016 12:17:14 +0200 + +systemd (230-7) unstable; urgency=medium + + * Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise + dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a + shlibs file for it. + * Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols. + This ensures proper dependencies when a package has a Build-Depends on a + higher version of libudev-dev or libsystemd-dev then what it gets from the + used symbols. + + -- Michael Biebl <biebl@debian.org> Fri, 08 Jul 2016 13:04:33 +0200 + +systemd (230-6) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-smoke: Stop running in containers again, too unreliable + on Ubuntu s390x right now. + + [ Michael Biebl ] + * Bump Build-Depends on debhelper to (>= 9.20160114), required for + --dbgsym-migration support. + * Install test-udev binary into $libdir/udev/ not $libdir. Only libraries + should be installed directly into $libdir. + * Exclude libsystemd-shared from dh_makeshlibs. + + [ Felipe Sateler ] + * Do not install libsystemd-shared.so symlink + * {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144) + + [ Michael Prokop ] + * debian/tests/logind: Ensure correct version of logind is running. + + -- Michael Biebl <biebl@debian.org> Thu, 07 Jul 2016 15:22:16 +0200 + +systemd (230-5) unstable; urgency=medium + + [ Martin Pitt ] + * Sync test/networkd-test.py with current upstream master, and remove our + debian/tests/networkd copy. Directly run test/networkd-test.py in + autopkgtest. + * debian/extra/rules/73-usb-net-by-mac.rules: Disable when + /etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be + consistent with the documented way to disable ifnames. (Closes: #824491, + LP: #1593379) + * debian/rules: Ignore libcap-ng.so in the "does anything link against /usr" + check, to work around libaudit1 recently gaining a new dependency against + that library (#828991). We have no influence on that ourselves. This fixes + the FTBFS in the meantime. + + [ Felipe Sateler ] + * Convert common code into a private shared library. This saves about 9 MB + of installed size in the systemd package, and some more in systemd-*. + + -- Martin Pitt <mpitt@debian.org> Fri, 01 Jul 2016 09:15:12 +0200 + +systemd (230-4) unstable; urgency=medium + + [ Martin Pitt ] + * tmp.mount: Add nosuid and nodev mount options. This restores compatibility + with the original SysV int RAMTMP defaults. (Closes: #826377) + * debian/tests/upstream: Some tests fail on platforms without QEMU at the + moment due to upstream PR#3587; blacklist these for now if QEMU is not + available. + * debian/rules: Don't run the "anything links against /usr" check for + upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have + libidn moved to /lib. + * debian/tests/upstream: Clean up old journals before running a test, to + avoid printing a wrong one on failure. + * debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on + i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the + only place where these actually run. + * resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to + disable local caching. + * resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489) + * resolved: Update resolv.conf when calling SetLinkDNS(). + * debian/tests/storage: Sync and settle udev after luksFormat, to reduce the + chance of seeing some half-written signatures. + * debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression + seems to have been fixed now. + * resolved: respond to local resolver requests on 127.0.0.53:53. This + provides compatibility with clients that don't use NSS but do DNS queries + directly, such as Chrome. + * resolved: Don't add route-only domains to /etc/resolv.conf. + * systemd-resolve: Add --flush-caches and --status commands. + * Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell + resolvconf about resolved's builtin DNS server on 127.0.0.53. With that, + DNS servers picked up via networkd are respected when using resolvconf, + and software like Chrome that does not do NSS (libnss-resolve) still gets + proper DNS resolution. Drop the brittle and ugly + systemd-networkd-resolvconf-update.{path,service} hack instead. + * debian/tests/boot-smoke: Run in containers as well. + + [ Laurent Bigonville ] + * Build with IDN support. (Closes: #814528) + + -- Martin Pitt <mpitt@debian.org> Wed, 29 Jun 2016 15:23:32 +0200 + +systemd (230-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed + systemctl exit code for "unit not found" in upstream commit ca473d57. + * debian/tests/boot-and-services, test_no_failed(): Show journal of failed + units. + * debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl + show behaviour in 231: now this fails for nonexisting units instead of + succeeding with "not-found". Make the code compatible to both for now. + * Fix networkd integration with resolvconf for domain-limited DNS servers, + so that these don't appear as global nameservers in resolv.conf. Thanks + Andy Whitcroft for the initial fix! Add corresponding test case to + debian/tests/networkd. (LP: #1587762) + * resolved: Fix comments in resolve.conf for search domain overflows. + (LP: #1588229) + * On Ubuntu, provide an "ondemand.service" that replaces + /etc/init.d/ondemand. The latter does not exist any more when + "initscripts" falls out of the default installation. (LP: #1584124) This + now does not do a fixed one-minute wait but uses "Type=idle" instead. This + also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old), + as on these the ondemand/powersave schedulers are actually detrimental. + (LP: #1579278) + * debian/systemd-container.install: Drop *.busname installation, they are + going away upstream. + * debian/extra/init-functions.d/40-systemd: Do not call systemctl + daemon-reload if the script is called as user (like reportbug does). Also + make sure that daemon-reload will not invoke polkit. + * Install test-udeb from .libs, to avoid installing the automake shell + wrapper. + * Fix transaction restarting in resolved to avoid async processing of + free'd transactions. + (Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740) + * Add "upstream" autopkgtest that runs the test/TEST* upstream integration + tests in QEMU and nspawn. + * Build systemd-sysusers binary, for using in rkt. Do not ship the + corresponding unit and sysusers.d/ files yet, as these need some + Debianization and an autopkgtest. (Closes: #823322) + * debian/tests/systemd-fsckd: Adjust was_running() to also work for version + 230. + + [ Michael Biebl ] + * Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState + of a service is "not-found". This will run systemd-sysv-generator, so SysV + init scripts that aren't installed by the package manager should be picked + up automatically. (Closes: #825913) + * automount: handle expire_tokens when the mount unit changes its state. + (Closes: #826512) + * debian/systemd.preinst: Correctly determine whether a service is enabled. + Testing for the return code alone is not sufficient as we need to + differentiate between "generated" and "enabled" services. + (Closes: #825981) + + [ Felipe Sateler ] + * Drop configure option --disable-compat-libs. It no longer exists. + * Add policykit-1 to Suggests. It is used to allow unprivileged users to + execute certain commands. (Closes: #827756) + + -- Martin Pitt <mpitt@debian.org> Tue, 21 Jun 2016 23:51:07 +0200 + +systemd (230-2) unstable; urgency=medium + + [ Martin Pitt ] + * Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there + it does not use hotplug.functions and is a lower version. + * boot-and-services autopkgtest: Add missing xserver-xorg and + lightdm-greeter test dependencies, so that lightdm can start. + (See LP #1581106) + * Re-disable logind's KillUserProcesses option by default. (Closes: #825394) + + [ Michael Biebl ] + * Drop --disable-silent-rules from debian/rules. This is now handled by dh + directly depending on whether the DH_QUIET environment variable is set. + + -- Martin Pitt <mpitt@debian.org> Tue, 31 May 2016 12:02:14 +0200 + +systemd (230-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release 230. + - Fix rare assertion failure in hashmaps. (Closes: #816612) + - Fix leaking scope units. (Closes: #805477) + - Fix wrong socket ownership after daemon-reload. (LP: #1577001) + - udev: Fix touch screen detection. (LP: #1530384) + * Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu + 16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu + now. + * udev: Drop hotplug.functions, now that the last remaining user of this got + fixed. Add appropriate versioned Breaks:. + * debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices + from different vendors. Thanks Atoyama Tokanawa. + * Remove "bootchart" autopkgtest, this upstream version does not ship + bootchart any more. It will be packaged separately. + + [ Michael Biebl ] + * Drop obsolete --disable-bootchart configure switch from udeb build. + * Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades. + + -- Martin Pitt <mpitt@debian.org> Mon, 23 May 2016 09:42:51 +0200 + +systemd (229-6) unstable; urgency=medium + + * systemd-container: Prefer renamed "btrfs-progs" package name over + "btrfs-tools". (Closes: #822629) + * systemd-container: Recommend libnss-mymachines. (Closes: #822615) + * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages. + * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't + need $x-display-manager any more as most/all DMs ship native services, and + $mail-transport-agent is not widely used (not even by our default MTA + exim4). + * Unify our two patches for Debian specific configuration files. + * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in + its own slave mount name space again. laptop-mode-tools 1.68 fixed the + original bug (#762018), thus add a Breaks: to earlier versions. + * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/; + remove the conffile on upgrades. + * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got + committed upstream. + * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch + that got committed upstream. + * debian/udev.README.Debian: Adjust documentation of MAC based naming for + USB network cards to the udev rule, where this was moved to in 229-5. + * debian/extra/init-functions.d/40-systemd: Invoke status command with + --no-pager, to avoid blocking scripts that call an init.d script with + "status" with an unexpected pager process. (Closes: #765175, LP: #1576409) + * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles + accessible to the user session. This avoids having to install libu2f-host0 + (which isn't discoverable at all) to make those devices work. + (LP: #1387908) + * libnss-resolve: Enable systemd-resolved.service on package installation, + as this package makes little sense without resolved. + * Add a DHCP exit hook for pushing received NTP servers into timesyncd. + (LP: #1578663) + * debian/udev.postinst: Fix migration check from the old persistent-net + generator to not apply to chroots. (Closes: #813141) + * Revert "enable TasksMax= for all services by default, and set it to 512". + Introducing a default limit on number of threads broke a lot of software + which regularly needs more, such as MySQL and RabbitMQ, or services that + spawn off an indefinite number of subtasks that are not in a scope, like + LXC or cron. 512 is way too much for most "simple" services, and it's way + too little for the ones mentioned above. Effective (and much stricter) + limits should instead be put into units individually. + (Closes: #823530, LP: #1578080) + * Split out udev rule to name USB network interfaces by MAC address into + 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025) + * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the + kernel command line, to be consistent with disabling the *.link files. + * 73-special-net-names.rule: Name the IBM integrated management module + virtual USB network card "ibmimm". Thanks Marco d'Itri! + + -- Martin Pitt <mpitt@debian.org> Thu, 12 May 2016 09:40:19 +0200 + +systemd (229-5) unstable; urgency=medium + + * debian/tests/unit-config: Call "daemon-reload" to clean up generated units + in between tests. + * debian/tests/unit-config: Check that enable/disable commands are + idempotent. + * debian/tests/unit-config: Detect if system units are in /usr/, so that the + test works on systems with merged /usr. + * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d + directly, so that the test works under Fedora too. + * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit, + and check "systemctl enable" on a unit with full path which is not in the + standard directories. + * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as + it is going to get rules for other devices. Also install it into the + initramfs. + * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based + naming schema for ibmveth devices. (LP: #1561096) + * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper + devices with "change" events, as this causes spurious unmounting with + multipath devices. (LP: #1565969) + * Fix bogus "No [Install] section" warning when enabling a unit with full + path. (LP: #1563590) + * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages + from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog + by default any more. + * Bump Standards-Version to 3.9.8 (no changes necessary). + * debian/tests/boot-smoke: Add some extra debugging if there are pending + jobs after 10s, to figure out why lightdm is sometimes "restarting". + (for LP #1571673) + * debian/tests/boot-smoke: Configure dummy X.org driver (like in the + boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673) + * Move Debian specific patches into debian/patches/debian (which translates + to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian + patches separated without the comments in debian/patches/series (which + always get removed by "pq export"). + * Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't + supported in Debian. (Closes: #822198) + * udev: Mark nbd as inactive until connected. (Closes: #812485) + * On shutdown, unmount /tmp before disabling swap. (Closes: #788303) + * debian/systemd-coredump.postinst: Do daemon-reload before starting + systemd-coredump, as the unit file may have changed on upgrades. + (Closes: #820325) + * Set MAC based name for USB network interfaces only for universally + administered (i. e. stable) MACs, not for locally administered (i. e. + randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link + (as link files don't currently support globs for MACAddress=) and replace + with an udev rule in /lib/udev/rules.d/73-special-net-names.rules. + (Closes: #812575, LP: #1574483) + + -- Martin Pitt <mpitt@debian.org> Mon, 25 Apr 2016 11:08:11 +0200 + +systemd (229-4) unstable; urgency=medium + + * Fix assertion crash when processing a (broken) device without a sysfs + path. (Closes: #819290, LP: #1560695) + * Fix crash when shutdown is issued from a non-tty. (LP: #1553040) + * networkd: Stay running while any non-loopback interface is up. + (Closes: #819414) + * Fix reading uint32 D-Bus properties on big-endian. + * Fix crash if an udev device has many tags or devlinks. (LP: #1564976) + * systemctl, loginctl, etc.: Don't start polkit agent when running as root. + (LP: #1565617) + * keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3. + * systemd.resource-control.5: Fix links to cgroup documentation on + kernel.org. (Closes: #819970) + * Install test-udev into libudev-dev, so that we have it available for + autopkgtests. + * Add "udev" autopkgtest for running the upstream test/udev-test.pl. + + -- Martin Pitt <mpitt@debian.org> Thu, 07 Apr 2016 08:11:10 +0200 + +systemd (229-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/timedated: Add tests for "timedatectl set-local-rtc". + * Be more tolerant in parsing /etc/adjtime. + * debian/systemd.postinst: Don't fail package installation if systemctl + daemon-reload trigger fails. This does not fix the root cause of the + reload failures, but at least causes fewer packages to be in a broken + state after upgrade, so that a reboot or apt-get -f install have a much + higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654) + * debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against + upstream as well. + * debian/tests/boot-and-services: Wait for units to stop with a "systemctl + is-active" loop instead of static sleeps. + * debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This + is an actual regression in networkd-229, to be investigated. But this + shouldn't hold up reverse dependencies. + * Fix assertion in add_random(). (LP: #1554861) + * debian/tests/boot-and-services: Don't assert on "Stopped Container c1" + message in NspawnTests.test_service(), this is sometimes not present. Just + check that the unit did not fail. + * Add "adduser" dependency to systemd-coredump, to quiesce lintian. + * Bump Standards-Version to 3.9.7 (no changes necessary). + * Fix timespec parsing by correctly initializing microseconds. + (Closes: #818698, LP: #1559038) + * networkd: Add fallback if FIONREAD is not supported. (Closes: #818488) + * Cherry-pick various fixes from upstream master. + - Fixes logout when changing the current target. (Closes: #805442) + + [ Evgeny Vereshchagin ] + * debian/tests/boot-and-services: Search systemd-coredump's output by + SYSLOG_IDENTIFIER. + * Add missing "Recommends: btrfs-tools" to systemd-container. + * Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket + without a reboot. (Closes: #816767) + + [ Felipe Sateler ] + * Set the paths of loadkeys and setfont via configure arguments, not a patch + + -- Martin Pitt <mpitt@debian.org> Mon, 21 Mar 2016 14:11:44 +0100 + +systemd (229-2) unstable; urgency=medium + + * time-util: map ALARM clockids to non-ALARM clockids in now(), to work on + architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on + many architectures. + * debian/systemd.postinst: Add missing newline to /etc/adjtime migration. + (See #699554) + * debian/systemd.postinst: Only try to enable tmp.mount if we actually + copied it to /etc. Don't try to enable a generated unit. (LP: #1545707) + * debian/tests/boot-and-services: Increase timeouts of test_bash_crash from + 5 to 10 seconds, and sync the journal after every iteration. + * debian/extra/checkout-upstream: Try again after one minute if git checkout + fails, to avoid failures from transient network errors. + * debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a + template for generating our custom one instead of 90-autopkgtest.cfg. The + latter does not exist on non-x86 architectures and is not relevant for + this test. + * debian/tests/boot-and-services: Skip journal test for test_bash_crash when + running against upstream, as this currently fails most of the time. To be + investigated. + * debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against + upstream, as this is brittle there. To be investigated. + * debian/tests/bootchart: Skip test if bootchart is not available or + testing in upstream mode. bootchart got removed from master and will be + moved to a separate repository. + * debian/tests/boot-and-services: Show verbose journal output on failure in + nspawn test, and sync journal before. + * Move systemd-coredump socket and service into systemd-coredump binary + package. + * Revert changing the default core dump ulimit and core_pattern. This + completely breaks core dumps without systemd-coredump. It's also + contradicting core(8). (Closes: #815020) + * Fix addresses for type "sit" tunnels. (Closes: #816132) + * networkd: Go back to letting the kernel handle IPv6 router advertisements, + as networkd's own currently has too many regressions. Thanks to Stefan + Lippers-Hollmann for investigating this! (Closes: #814566, + #814667, #815586, #815884, #815793) + + -- Martin Pitt <mpitt@debian.org> Sun, 28 Feb 2016 22:16:12 +0100 + +systemd (229-1) unstable; urgency=medium + + * New upstream release 229. + - Fix systemctl behaviour in chroots. (Closes: #802780) + - Fix SELinux context of /run/user/$UID. (Closes: #775651) + - Add option to optionally turn of color output. (Closes: #783692) + - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514) + - Do not warn about Wants depencencies on masked units. (LP: #1543282) + * debian/systemd.install: Ship the new systemd-resolve. + * libsystemd0.symbols: Add new symbols from this release. + * systemd-coredump.postinst: Create systemd-coredump system user. + * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth + unit, which is a race condition with plymouthd auto-stopping. + (LP: #1543144) + * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch. + initramfs-tools has mounted /usr since Jessie, and tzdata now creates + /etc/localtime as a symlink too (see #803144). + * Use-different-default-paths-for-various-binaries.patch: Drop path changes + for setcap (which is already a build dep and not used at all) and sulogin + (which is now in util-linux). + * Remove obsolete udev maintainer script checks: + - Drop check for kernel >= 2.6.32, which released in 2009. + - Drop restarting of some daemons due to the devtmpfs migration, which + happened before the above kernel even. + - Drop support for forcing upgrades on kernels known not to work via + /etc/udev/kernel-upgrade. Don't pretend that this would help, as users + could end up with a non-bootable system. Always fail early in preinst + when it's still possible to install a working kernel. + - Drop postinst test for "running in containers" -- it's actually possible + to run udev in containers if you mount /sys r/w and you know what you + are doing. Also, the init.d script and systemd service do that check + again. + - Keep the kernel feature and chroot checks, as these are still useful. + Simplify check_kernel_features() by eliminating some variables. + - Drop debconf templates. Two of them are obsolete, and having + CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant + the overhead and translator efforts. + * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the + test should go there too (see #814312). + * debian/tests/control: Reorder tests and add a comment which ones should + not be run for an upstream build. + * debian/tests/control: Rearrange tests and avoid removing test dependencies + to minimize testbed resets. + * Add debian/extra/checkout-upstream: Script to replace the current + source with a checkout of an upstream pull request, branch, or commit, + and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is + set. This will be used for upstream CI. + * Enable seccomp support on powerpc, ppc64el, and s390x. + + -- Martin Pitt <mpitt@debian.org> Thu, 11 Feb 2016 21:02:39 +0100 + +systemd (228-6) unstable; urgency=medium + + * Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from + tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of + /run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to + have 0755 permissions instead of 1777. (LP: #1541775) + + -- Martin Pitt <mpitt@debian.org> Thu, 04 Feb 2016 11:46:54 +0100 + +systemd (228-5) unstable; urgency=medium + + [ Martin Pitt ] + * Drop systemd-vconsole-setup.service: It has never been installed/used in + Debian and is not necessary for Ubuntu any more. + * Drop halt-local.service. This has never been documented/used in Debian. + (LP: #1532553) + * debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke" + again, it comes from klibc-utils. But fall back to "rm" if it does not + exist. + * systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run + if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already + provides time synchronization with the host. (Closes: #812522) + * Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago. + Thanks Michael for your great work in the past! + * Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The + rationale from #739679 still applies, but with the moving of + {invoke,update}-rc.d to init-system-helpers we don't actually need + anything from sysv-rc any more other than the assumption that SysV init + scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and + file-rc and openrc don't do that). + * debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the + /etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set. + * debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is + set. + * debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf + if $TEST_UPSTREAM is set. + * debian/tests/boot-and-services: Check for reaching graphical.target + instead of default.target, as the latter is a session systemd state only. + * debian/tests/boot-and-services: Skip tests which are known to fail/not + applicable with testing upstream builds. + * Drop Fix-up-tmpfiles.d-permissions-properly.patch: + - /run/lock is already created differently by + Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that. + - /run/lock/lockdev/ isn't being used anywhere and got dropped + upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch). + - Move dropping of "group:wheel" (which has never existed in Debian) into + debian/rules, to also catch occurrences in other parts of the file which + the static patch would overlook. + * Shorten persistent identifier for CCW network interfaces (on s390x only). + (LP: #1526808) + * debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream + master instead of distro packages), don't fail on non-installed new files + or new library symbols. + * Add systemd-sysv conflict to upstart-sysv, and version the upstart + conflict. This works with both Debian's and Ubuntu's upstart packages. + + [ Michael Biebl ] + * Drop support for the /etc/udev/disabled flag file. This was a workaround + for udev failing to install with debootstrap because it didn't use + invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742 + for further details. This is no longer the case, so supporting that file + only leads to confusion about its purpose. + * Retrigger cleanup of org.freedesktop.machine1.conf and + hwclock-save.service now that dpkg has been fixed to correctly pass the + old version to postinst on upgrade. (Closes: #802545) + * Only ship *.link files as part of the udev package. The *.network files + are solely used by systemd-networkd and should therefor be shipped by the + systemd package. (Closes: #808237) + * Cherry-pick a few fixes from upstream: + - Fix unaligned access in initialize_srand(). (Closes: #812928) + - Don't run kmod-static-nodes.service if module list is empty. This + requires kmod v23. (Closes: #810367) + - Fix typo in systemctl(1). (Closes: #807462) + - Fix systemd-nspawn --link-journal=host to not fail if the directory + already exists. (Closes: #808222) + - Fix a typo in logind-dbus.c. The polkit action is named + org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff. + - Don't log an EIO error in gpt-auto-generator if blkid finds something + which is not a partition table. (Closes: #765586) + - Apply ACLs to /var/log/journal and also set them explicitly for + system.journal. + * Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr + flag file exists. Otherwise we break booting with dracut which uses + systemd inside the initramfs. (Closes: #810748) + * Update the instructions in README.Debian for creating /var/log/journal. + They are now in line with the documentation in the systemd-journald(8) man + page and ensure that ACLs and group permissions are properly set. + (Closes: #800947, #805617) + * Drop "systemctl daemon-reload" from lsb init-functions hook. This is no + longer necessary as invoke-rc.d and init-system-helpers take care of this + nowadays. + + -- Martin Pitt <mpitt@debian.org> Wed, 03 Feb 2016 10:09:46 +0100 + +systemd (228-4) unstable; urgency=medium + + * debian/udev.README.Debian: Add alternative way of disabling ifnames. + (Closes: #809339) + * Put back /lib/udev/hotplug.functions, until the three remaining packages + that use it stop doing so. (Closes: #810114) + * debian/udev.README.Debian: Point out that any change to interface naming + rules requires an initrd update. + + -- Martin Pitt <mpitt@debian.org> Mon, 11 Jan 2016 07:12:40 +0100 + +systemd (228-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/rules: Remove temporary debug output from test failures again. All + Debian buildd kernels are recent enough now, but add a check for kernels + older than 3.13 and ignore test failures for those. + * debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so + that we can test against other implementations. + * debian/tests/networkd: Add router setup using an (isolated) networkd + process for configuring the veths and DHCP server. + * debian/tests/networkd: On failure, only show journal for current test. + * systemd-networkd-resolvconf-update.service: Wait for getting a name + server, not just for getting online. + * debian/tests/boot-and-services: Wait until bash crash stack trace is in + the journal before asserting on it. Also relax RE to work on non-x86 + architectures. + * debian/tests/networkd: If /etc/resolv.conf already has three nameservers, + accept that too (as then the additional test one can't be added any more). + * Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910) + * debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to + arrive; s-n-wait-online already exits after getting an IPv6 address, but + we verify both. + * debian/tests/boot-and-services: Don't check for "Requesting system + poweroff" log message in nspawn test, current upstream master does not + write that any more. Instead check for "Stopped Container c1". + * Add "storage" autopkgtest. Initially this covers some basic use cases with + LUKS cryptsetup devices. + * Add acl build dependency (for <!nocheck>). Current upstream master now + needs it for some test cases. + * debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf" + instead of "nuke". The latter does not exist any more in current + initramfs-tools. + * Ignore test failures during "make check" if /etc/machine-id is missing + (like in ancient local schroots). (Closes: #807884) + * debian/extra/rules/80-debian-compat.rules: Remember which device got the + "cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device + events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that + is already created in 60-cdrom_id.rules. + * Eliminate "hotplug.functions" udev helper and put the logging functions + directly into net.agent. This simplifies the migration of the latter to + ifupdown. + * Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*} + paths, only keep /lib/systemd/{system*,network}. (Closes: #808997) + * debian/udev.README.Debian: Fix typo and slight wording improvement. + (Closes: #809513) + * Drop net.agent, 80-networking.rules, and ifup@.service. These moved to + ifupdown 0.8.5 now. Add Breaks: to earlier versions. + + [ Michael Biebl ] + * Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac. + (Closes: #805631) + * Make sure all swap units are ordered before the swap target. This avoids + that swap devices are being stopped prematurely during shutdown. + (Closes: #805133) + * Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package + and clean up the conffile on upgrades. We have the dbus-user-session + package in Debian to properly enable the D-Bus user-session mode which + also takes care of updating the systemd --user environment. + (Closes: #795761) + * Stop testing for unknown arguments in udev maintainer scripts. + * Drop networking.service.d/systemd.conf. The ifupdown package now ships a + proper service file so this drop-in file is no longer necessary. + + [ Andreas Henriksson ] + * Fix LSB init hook to not reload masked services. (Closes: #804882) + + -- Martin Pitt <mpitt@debian.org> Sat, 02 Jan 2016 17:42:56 +0100 + +systemd (228-2) unstable; urgency=medium + + * Remove wrong endianness conversion in test-siphash24 to fix FTBFS on + big-endian machines. + * Bump libseccomp-dev build dependency to indicate required versions for + backporting to jessie. (Closes: #805497) + + -- Martin Pitt <mpitt@debian.org> Thu, 19 Nov 2015 11:37:45 +0100 + +systemd (228-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix journald killing by watchdog. (Closes: #805042) + - Drop check for /etc/mtab. (Closes: #802025) + - Follow unit file symlinks in /usr, but not /etc when looking for + [Install] data, to avoid getting confused by Aliases. (Closes: #719695) + - journalctl: introduce short options for --since and --until. + (Closes: #801390) + - journald: Never accept fds from file systems with mandatory locking. + (LP: #1514141) + - Put nspawn containers in correct slice. (LP: #1455828) + * Cherry-pick some networkd fixes from trunk to fix regressions from 228. + * debian/rules: Configure with --as-needed to avoid unnecessary binary + dependencies. + * systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as + this might be legitimately called several times in quick succession. If + that part of the "networkd" autopkgtest fails, show the journal log for + that service for easier debugging. + * debian/tests/boot-and-services: Add test case for systemd-coredump. + * Add systemd-coredump postinst/prerm to enable/disable this without a + reboot. + * debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as + well, for usage in other distros. + * debian/tests/logind: Skip suspend test if the kernel does not support + suspend. + * debian/tests/logind: Split tests into functions. + * debian/tests/boot-and-services: Ignore failures of console-setup.service, + to work around LP: #1516591. + * debian/tests/control: Restrict boot-smoke test to isolation-machine, it + does not currently work well in LXC. + * debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only, + disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which + will require a longer timeout due to waiting 12s for a potential IPv6 RA + reply), and "DHCP=ipv4" (with and without RA). + * debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale. + * debian/tests/networkd: Show networkctl and journal output on failure. + * debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling. + (LP: #1516009) + * debian/tests/networkd: Show contents of test .network file on failure. + * debian/tests/networkd: Skip if networkd is already running (safer when + running on real systems), and add copyright header. + * Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor + ignores /etc/mtab. + + [ Felipe Sateler ] + * Enable elfutils support for getting stack traces for systemd-coredump. + * libnss-my{machines,hostname}.postrm: do not remove entries from + nsswitch.conf if there are packages from other architectures remaining. + + [ Michael Biebl ] + * Drop systemd-setup-dgram-qlen.service. This has been made obsolete by + upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early + during boot. + * Various cleanups to the udev maintainer scripts: + - Remove unused tempdir() function. + - Properly stop udev daemon on remove. + - Stop killing udev daemon on failed upgrades and drop the corresponding + starts from preinst. + - Stop masking systemd-udevd.service and udev.service during upgrades. We + restart the udev daemon in postinst, so those masks seem unnecessary. + + -- Martin Pitt <mpitt@debian.org> Wed, 18 Nov 2015 16:11:59 +0100 + +systemd (227-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/logind: Add tests for scheduled shutdown with and without + wall message. + * Import upstream fix for not unmounting system mounts (#801361) and drop + our revert patch. + * debian/tests/boot-smoke: Apply check for failed unmounts only to user + systemd processes, i. e. not to pid 1. + * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough + initramfs-tools already, and this was just an error message, not breaking + the boot. + * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is + faster. + * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly + academic and only applies to the already known-broken situation that rcS + init.d scripts depend on $remote_fs. + * Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with + proper upstream fix to never block on sending messages on NOTIFY_SOCKET + socket. + * Drop check for missing /etc/machine-id on "make check" failure; this isn't + happening on current buildds any more. + * Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still + fails and needs fixing. On failure, show kernel version and /etc/hosts + to be able to debug them better. The next upload will make the necessary + adjustments to fix package builds again. + + [ Michael Biebl ] + * Drop dependency on udev from the systemd package. We don't need udev + within a container, so this allows us to trim down the footprint by not + installing the udev package. As the udev package has Priority: important, + it is still installed by default though. + * Include the status of the udev package when filing a bug report against + systemd, and vice versa. + * Use filter instead of findstring, since findstring also matches + substrings and we only want direct matches. + * systemd.bug-script: Fix typo. (Closes: #804512) + * Re-add bits which call SELinux in systemd-user pam service. + (Closes: #804565) + + [ Felipe Sateler ] + * Add libnss-resolve package. (Closes: #798905) + * Add systemd-coredump package. This Conflicts/Replaces/Provides a new + "core-dump-handler" virtual package. (Closes: #744964) + + -- Martin Pitt <mpitt@debian.org> Wed, 11 Nov 2015 15:04:26 +0100 + +systemd (227-2) unstable; urgency=medium + + * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes + connection errors from various services on boot. (Closes: #801354) + * debian/tests/boot-smoke: Check for failed unmounts. This reproduces + #801361 (but not in a minimal VM, just in a desktop one). + * Revert "core: add a "Requires=" dependency between units and the + slices they are located in". This causes user systemd instances to try and + unmount system mounts (and succeed if you login as root). + (Closes: #801361) + + -- Martin Pitt <mpitt@debian.org> Fri, 09 Oct 2015 12:34:27 +0200 + +systemd (227-1) unstable; urgency=medium + + * New upstream release. + - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460) + - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326) + - Fix group of RuntimeDirectory dirs. (Closes: #798391) + - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324) + - Bump util-linux/libmount-dev dependencies to >= 2.27. + * debian/libsystemd0.symbols: Add new symbols for this release. + * debian/extra/initramfs-tools/hooks/udev: Copy all + /etc/udev/rules.d/*.rules rules which are not merely overriding the one in + /lib/, not just 70-persistent-net.rules. They might contain network names + or other bits which are relevant for the initramfs. (Closes: #795494) + * ifup@.service: Drop PartOf=network.target; we don't want to stop these + units during shutdown. Stopping networking.service already shuts down the + interfaces, but contains the safeguard for NFS or other network file + systems. Isolating emergency.target still keeps working as before as well, + as this also stops networking.service. (Closes: #761909, LP: #1492546) + + -- Martin Pitt <mpitt@debian.org> Thu, 08 Oct 2015 11:34:35 +0200 + +systemd (226-4) unstable; urgency=medium + + * debian/tests/logind: Be more verbose on failures. + * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the + existing hooks are not relevant or even actively detrimental when running + with networkd. For the relevant ones, a lot of them should be fixed in the + projects themselves (using IP_FREEBIND etc.). (Closes: #798625) + * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS + server updates from networkd to resolvconf, if installed and enabled. + * Don't restart logind on upgrades any more. This kills X.org (#798097) + while logind doesn't save/restore its open fds (issue #1163), and also + gets confused about being idle in between (LP: #1473800) + + -- Martin Pitt <mpitt@debian.org> Fri, 02 Oct 2015 13:44:28 +0200 + +systemd (226-3) unstable; urgency=medium + + [ Martin Pitt ] + * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso. + (Closes: #798737) + + [ Michael Biebl ] + * Stop building the compat library packages and drop them for good. + * Update debian/copyright. + + -- Michael Biebl <biebl@debian.org> Sat, 19 Sep 2015 19:06:51 +0200 + +systemd (226-2) unstable; urgency=medium + + * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960) + * udev.postinst: udev 226 introduced predictable interface names for virtio. + Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to + disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances + and similar environments. (Closes: #799034) + + -- Martin Pitt <mpitt@debian.org> Tue, 15 Sep 2015 15:21:09 +0200 + +systemd (226-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix scheduled shutdown to not shut down immediately. (Closes: #797763) + - Fix description of CPE_NAME in os-release(5). (Closes: #797768) + * debian/libsystemd0.symbols: Add new symbols from this release. + * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403) + * debian/tests/networkd: Add hotplug tests. + * Make networkd call if-up.d/ scripts when it brings up interfaces, to + become compatible with ifupdown and NetworkManager for packages shipping + hooks. (LP: #1492129) + - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for + calling if-up.d/ or if-post-down.d/ hook scripts. Install it as + root:systemd-networkd 4754 so that only networkd can run it. + - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the + above wrapper when links go up/down. + - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts + get run for a networkd managed interface. + - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as + they are often not applicable for networkd (if-pre-up.d) and unreliable + (if-down.d). + * Drop udev-finish. We needed this for the autogenerated CD and network + interface names, but both are gone now. + * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has + been compiled into the kernel in both Debian and Ubuntu for a fair while, + this never had a systemd equivalent, and Debian never shipped the + accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY. + * debian/control: Remove some boilerplate from the long descriptions, to + more easily get to the point what a specific package actually does. + * debian/README.Debian: As systemd is the default init now, replace the + documentation how to switch to systemd with how to switch back + (temporarily or permanently) to SysV init. Also move that paragraph to the + bottom as it's now less important. + * debian/README.Debian: Add a hint why you may want to enable persistent + journal, and suggest to uninstall system-log-daemon to avoid duplicate + logging. + * debian/README.Debian: Add documentation about networkd integration. + * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes + easier to override. + * debian-fixup.service just has one purpose now (make /etc/mtab a symlink), + so drop the debian/extra/debian-fixup shell script and put the ln command + directly into debian-fixup.service. Update the description. + * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's + nameserver in case it is a symlink (i. e. dynamically managed by + systemd-resolved or resolvconf). + * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/ + as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as + expected. + * Drop debian/systemd-journal-remote.postrm: Removing system users is + potentially dangerous (there might be a leftover process after purging). + + [ Michael Biebl ] + * Drop libsystemd-login-dev. All reverse dependencies have been updated to + use libsystemd-dev directly. + * Update build instructions to use "gbp clone" instead of "gbp-clone" as all + gbp-* commands have been removed from git-buildpackage. + + -- Martin Pitt <mpitt@debian.org> Thu, 10 Sep 2015 16:53:53 +0200 + +systemd (225-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release. + - Fixes FTBFS on alpha. (Closes: #792551) + - Fixes machined state tracking logic. (Closes: #788269) + * Add better fix for "systemctl link/enable" breakage with full paths. + (LP: #1480310) + * debian/rules: Add missing $(dh_options) in overridden debhelper targets. + + [ Felipe Sateler ] + * Move conffile from systemd to systemd-container package (Closes: #797048) + + [ Michael Biebl ] + * Drop unnecessary Conflicts/Replaces from systemd-journal-remote. + None of the files in this package were previously shipped by systemd. + * Create system users for systemd-journal-{gateway,remote,upload} when + installing the systemd-journal-remote package. + * Explicitly turn off the features we don't want in a stage1 build. + Otherwise ./configure might enable them automatically if the build + dependencies are installed and "dh_install --fail-missing" will then fail + due to uninstalled files. + * Enable GnuTLS support as systemd-journal-remote makes sense mostly with + encryption enabled. + * Rely on build profiles to determine which packages should be skipped + during build and no longer specify that manually. + * Drop our patch which removes rc-local-generator. + rc-local.service acts as an ordering barrier even if its condition is + false, because conditions are evaluated when the service is about to be + started, not when it is enqueued. We don't want this ordering barrier on + systems that don't need/use /etc/rc.local. + + -- Michael Biebl <biebl@debian.org> Sun, 30 Aug 2015 21:18:59 +0200 + +systemd (224-2) unstable; urgency=medium + + [ Martin Pitt ] + * Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e. + the initramfs already ran fsck. + * Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552) + * Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310. + * Add a hack to unbreak "systemctl link". (LP: #1480310) + * debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and + rename to 40-vm-hotadd.rules. + * Fix networkd crash. (Closes: #796358) + * debian/rules: Remove all files/empty dirs in systemd which are already + shipped by systemd-* or udev, instead of an explicit list. + * Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability. + (Closes: #796389) + * Install /lib/systemd/network/* into udev instead of systemd, as it's + really udev which is evaluating these. + * Split out "systemd-container" package with machined and nspawn and enable + importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps. + (LP: #1448900) + * Move transitional libgcrypt11-dev build dep to libgcrypt20-dev. + * debian/rules: Limit check for libraries in /usr to systemd and udev + packages, as other packages like systemd-containers can (and do) link to + /usr. + * Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build + profiles support. + * Drop "display-managers" autopkgtest, obsolete with dropped + default-display-manager-generator. + * boot-and-services autopkgtest: Add systemd-container test dependency for + the nspawn tests. + * Don't enable audit support when building with "stage1" profile, to avoid + circular build dep. + + [ Helmut Grohne ] + * Improve support for cross-building and bootstrapping. + + [ Michael Biebl ] + * Drop default-display-manager-generator. All major desktops now use a + display manager which support the new scheme and setup the + /etc/systemd/system/display-manager.service symlink correctly. + * Add new binary package "systemd-journal-remote" with tools for + sending/receiving remote journal logs: + systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952) + + -- Martin Pitt <mpitt@debian.org> Tue, 25 Aug 2015 12:40:35 +0200 + +systemd (224-1) unstable; urgency=medium + + * New upstream release. + * boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by + default, but fails in most virtual envs. + + -- Martin Pitt <mpitt@debian.org> Sat, 01 Aug 2015 13:38:57 +0200 + +systemd (223-2) unstable; urgency=medium + + * Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as + there is no available hardware. + * debian/extra/initramfs-tools/hooks/udev: Don't fail if + /etc/systemd/network/ does not exist. (Closes: #794050) + + -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 08:25:51 +0200 + +systemd (223-1) unstable; urgency=medium + + * New upstream release: + - Fix systemd-bootchart crash. (Closes: #792403) + - Trim list of files in /usr/share/doc/systemd/. (Closes: #791839) + - Fix "Invalid argument" failure with some journal files. + (Closes: #792090) + - tmpfiles: Don't recursively descend into journal directories in /var. + (Closes: #791897) + - Don't frequently wake up on disabled TimeoutIdleSec=, in particular in + automount timers. (LP: #1470845) + - tmpfiles: Don't delete lost+found/. (Closes: #788193) + + [ Michael Biebl ] + * udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst. + The udev package is using dpkg-maintscripts-helper now to remove obsolete + conffiles. + * systemd: Remove obsolete conffile clean up from pre-wheezy. + * udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well. + + [ Martin Pitt ] + * Enable GNU EFI support and add gnu-efi build dep. This enables/ships the + systemd EFI boot loader. (Closes: #787720, LP: #1472283) + * networkd autopkgtest: More robust/forceful killing of dnsmasq. + * ifup@.service: Drop "oneshot" to run ifup in the background during boot. + This avoids blocking network.target on boot with unavailable hotplug + interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376) + * systemd.postinst: Avoid confusing error message about + /run/systemd/was-enabled not existing on reconfiguring. + * debian/extra/initramfs-tools/hooks/udev: Drop some redundant code. + * Fix networkd-wait-online -i to properly wait for the given interfaces + only. + * Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default + now, thus we don't need to copy 70-persistent-*.rules any more. + * debian/extra/start-udev: Run d-i's udevd with "notice" log level, just + like we did in the initramfs in 219-10. + * Fix size explosion of networkd (post-223 patch from trunk). + + [ Julian Wollrath ] + * Copy all .link interface naming definitions to initramfs. (Closes: #793374) + + [ Felipe Sateler ] + * nss-my*.postinst: configure at the end of the hosts line, not before + files. (Closes: #789006) + + -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 00:02:26 +0200 + +systemd (222-2) unstable; urgency=medium + + [ Adam Conrad ] + * debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542) + * debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools. + + [ Martin Pitt ] + * emergency.service: Wait for plymouth to shut down. Fixes invisible + emergency shell with plymouth running endlessly. (LP: #1471258) + * Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth + device. + + [ Michael Biebl ] + * Bump package priorities of systemd and systemd-sysv to important to match + what has been used in the Debian archive since Jessie. + * Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux + kernel module has been broken since 2.6.30 and as a result was removed in + 3.5. The Debian Jessie kernel no longer ships this module. + (Closes: #752775) + * Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no + reverse dependencies left and we want to avoid new packages picking up + a build dependency on those obsolete transitional packages. + + -- Michael Biebl <biebl@debian.org> Wed, 15 Jul 2015 23:51:15 +0200 + +systemd (222-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix reload killing BusName= units. (Closes: #746151) + - sysv-generator: detect invalid names and escape them. (Closes: #677075) + - Document removal of PIDFile on daemon shutdown. (Closes: #734006) + - Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend + rules now got dropped entirely. + * Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse + patches which alternately broke lightdm and gdm. + * debian/libsystemd0.symbols: Add new symbols from this release. + * Disable test-netlink during package build, fails on some buildds. + * udev.postinst: Don't call addgroup with --quiet, so that if the "input" + group already exists as a non-system group you get a sensible error + message. Some broken tutorials forget the --system option. + (Closes: #769948, LP: #1455956) + * systemd.postinst: Drop the --quiet from the addgroup calls as well, same + reason as above. (Closes: #762275) + * udev: Drop doc dir symlinking. It has caused too much trouble and only + marginally helps to avoid duplication. Such duplication should be dealt + with at the distro, not package level. + * debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in + the link check, to also avoid libeatmydata. (Closes: #790546) + * boot-and-services, display-managers autopkgtests: Install and configure + dummy X.org driver, so that these work in headless machines/VMs. + * systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check + that default.target is active. lightdm is prone to fail in test + environments, and fiddling with it in two other autopkgtests is + sufficient. + * debian/watch: Adjust to new upstream release model of only providing the + github tag tarballs. + * Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few + if any people actually use this, and this doesn't belong into udev. + + [ Michael Biebl ] + * Stop building the Python 3 bindings. They were split into a separate + source package upstream and are now built from src:python-systemd. See + http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html + * Remove obsolete --disable-chkconfig configure option. + * Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf + from systemd into the correct package. Move the zsh completion file for + udevadm into the udev package as well. Add Breaks/Replaces accordingly. + (Closes: #790879) + * Drop rules which remove pre-generated files before build. The upstream + tarball no longer ships any pre-generated files so this is no longer + necessary. + * Fix cleanup rule for Python byte code files. + + -- Michael Biebl <biebl@debian.org> Wed, 08 Jul 2015 18:56:07 +0200 + +systemd (221-1) unstable; urgency=medium + + * New upstream release 221: + - Fix persistent storage links for Xen devices. (LP: #1467151) + - Drop all backported patches and port the others to new upstream release. + - debian/rules: Drop workarounds for broken 220 tarball, 221 is fine. + + [ Michael Biebl ] + * initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules, + 60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules. + The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays + to make sure their udev rules files are installed into the initramfs. + Having the copy rules at two places is confusing and makes debugging + harder. + * Make it possible to skip building udeb packages via + DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing + and is benefical for derivatives that don't use d-i. + * Install API documentation for libudev and libsystemd in their respective + packages. Both libraries use man pages now, so we need to be explicit + about what is installed where. + + [ Martin Pitt ] + * ifupdown-hotplug autopkgtest: Different cloud/desktop environments have + different ways of including /etc/network/interfaces.d/, try to get along + wit either and skip the test if interfaces.d/ does not get included at + all. + * Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and + ./configure options. + * libudev-dev.install: Drop gtk-doc files, not built by upstream any more + and replaced with manpages. + * libsystemd0.symbols: Add new symbols for this release. + * debian/rules: Fix paths in manpages as we don't currently have a merged + /usr in Debian but have most systemd things in /lib. This replaces the + previous huge and maintenance-intense patch. + * Drop Accept-mountall-specific-fstab-options.patch. Replaced with + systemd.postinst migration code in Ubuntu. + * Revert overly aggressive USB autosuspend udev rules change which broke + various USB keyboards. (Closes: #789723) + * Have rc-local.service output also go to the console. /etc/rc.local often + contains status messages which users expect to see during boot. + (LP: #1468102) + * debian/rules: Install udev.NEWS into libudev1, to get along with Debian's + udev -> libudev1 doc dir symlinking. (Closes: #790042) + + -- Martin Pitt <mpitt@debian.org> Sun, 28 Jun 2015 12:05:36 +0200 + +systemd (220-7) unstable; urgency=medium + + [ Michael Biebl ] + * Enable seccomp support on arm64 as well. + * Replace the remainder of Fix-paths-in-man-pages.patch with an upstream + provided patch. + + [ Martin Pitt ] + * Switch to net.ifnames persistent network interfaces (on new + installations/for new hardware), and deprecate the old + 75-persistent-net-generator.rules. See the ML discussion for details: + https://lists.debian.org/debian-devel/2015/05/msg00170.html + https://lists.debian.org/debian-devel/2015/06/msg00018.html + - Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use + net.ifnames by default. + - Revert-udev-network-device-renaming-immediately-give.patch: Adjust + patch comment. + - Drop 75-persistent-net-generator.rules, write_net_rules helper and + rule_generator.functions. + - Adjust udev's README.Debian accordingly, and describe the migration. + This needs to happen manually as there is no robust way of doing this + automatically. + - Add udev NEWS file for announcing this change and pointing to udev's + README. + - udev.postinst: Drop write_interfaces_rules(). + - udev.postinst: Disable net.ifnames on systems which did not support + 75-persistent-net-generator.rules (most importantly, virtualized guests) + to avoid changing network interface names on upgrade. + - LP: #1454254 + * fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to + POTFILES.in. + * ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must + not have a suffix in Debian. Also clean up the file after the test. + * net.agent: When running under systemd, run everything in the foreground. + This avoids killing the forked child in the middle of its operation under + systemd when the parent exits. + * Check during build that systemd and systemd-journald don't link against + anything in /usr, to prevent bugs like #771652 and #788913 in the future. + * Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules + mostly just attach tags systemd specific properties which are harmless + under other init systems, and systemd-sysctl also works there. + * 80-networking.rules: Only call agents for add|remove, as they don't handle + other events. + * Restore udev watches on block device changes. (Closes: #789060, + LP: #1466081) + + -- Martin Pitt <mpitt@debian.org> Wed, 17 Jun 2015 22:48:53 +0200 + +systemd (220-6) unstable; urgency=medium + + * Enable seccomp support on the architectures that provide libseccomp. + (Closes: #760299) + * boot-and-services autopkgtest: Add SeccompTest for the above. + * boot-and-services autopkgtest: Check that we don't get an unwanted + tmp.mount unless /etc/fstab explicitly specifies it. + * Bump libcap-dev build dep to the version that provides libcap2-udeb. + (Closes: #787542) + * Stop installing tmp.mount by default; there are still situations where it + becomes active through dependencies from other units, which is surprising, + hides existing data in /tmp during runtime, and it isn't safe to have a + tmpfs /tmp on every install scenario. (Closes: #783509) + - d/rules: Ship tmp.mount in /usr/share/systemd/ instead of + /lib/systemd/systemd. + - systemd.postinst: When tmp.mount already was enabled, install tmp.mount + into /etc and keep it enabled. + - systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it + from /usr/share. + - Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and + PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more. + + -- Martin Pitt <mpitt@debian.org> Thu, 11 Jun 2015 09:25:49 +0200 + +systemd (220-5) unstable; urgency=medium + + * debian/README.source: Upstream repository moved to github, adjust + cherry-picking instructions accordingly. + * debian/control: Replace obsolete Python2 version header with + X-Python3-Version. + * dracut: Fix path to systemd-fsck. (Closes: #787553) + * Ignore test failures during build if /etc/machine-id is missing (which is + the case in a few buildd chroots still). (Closes: #787258) + * debian/udev.README.Debian: Move network interface hotplug documentation + into separate section. Point out that "lo" does not need to be configured + in ifupdown under systemd. + * debian/udev.README.Debian: Document net.ifnames, and how to write udev + rules for custom network names. + * Add debian/extra/01-mac-for-usb.link: Use MAC based names for network + interfaces which are (directly or indirectly) on USB. Path based names + are inadequate for dynamic buses like USB. + * Fix another escape parsing regression in Exec*= lines. (Closes: #787256) + * Disable EFI support for udeb build. + * Refine detection of touch screen devices. + + -- Martin Pitt <mpitt@debian.org> Sun, 07 Jun 2015 16:52:33 +0200 + +systemd (220-4) unstable; urgency=medium + + [ Martin Pitt ] + * debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait. + This does not concern udev in particular, but is handled by + initramfs-tools itself (scripts/local). The intention of this parameter is + not to statically wait for the given time, but wait *up to* that time for + the root device to appear. + * Add debian/extra/units/rc-local.service.d/wait-online.conf: Make + rc-local.service wait for network-online.target (if it gets started). This + not specified by LSB, but has been behaving that way in Debian under SysV + init and upstart. (LP: #1451797) + * Fix parsing of escape characters in Exec*= lines. (Closes: #787256) + * Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was + already not applied in 220-1). This needs to be re-thought and re-done + against the current code, and overlayfs in general. On overlayfs this + still reports false positives for files that changed in the upperdir, but + this does not break systemd-machine-id-commit any more. + * Add debian/extra/rules/80-debian-compat.rules, replacing three of our + patches. These are independent udev rules to change device permissions and + add CD/DVD symlinks for compatibility with earlier Debian releases. + + [ Michael Biebl ] + * Bump Depends on util-linux to make sure we have a sulogin implementation + which properly cleans up its children when emergency.service is restarted. + (Closes: #784238) + * Stop using /sbin/udevd and drop the compat symlink. + * Remove any vestiges of /dev/.udev/. This directory has been replaced by + /run/udev/ since wheezy. + * Drop udev migration code from pre-wheezy. + + -- Martin Pitt <mpitt@debian.org> Tue, 02 Jun 2015 08:16:36 +0200 + +systemd (220-3) unstable; urgency=medium + + * Fix ProtectSystem=yes to actually protect /usr, not /home. + (Closes: #787343) + * sd-device: fix device_get_properties_strv(). Fixes environment for + processes spawned by udev, in particular "allow-hoplug" ifupdown + interfaces via ifup@.service. (Closes: #787263) + * Ignore test failures on mipsel; the three failures are not reproducible on + the porter box (different kernel?). (See #787258) + * Add ifupdown-hotplug autopkgtest. Reproduces #787263. + * udev: Bring back persistent storage symlinks for bcache. Thanks David + Mohr! (Closes: #787367) + * sd-device: Fix invalid property strv pointers. This unbreaks the + environment of udev callouts. + + -- Martin Pitt <mpitt@debian.org> Mon, 01 Jun 2015 12:58:20 +0200 + +systemd (220-2) unstable; urgency=low + + * 220-1 was meant to go to experimental, but was accidentally uploaded to + unstable. This was planned for next week anyway, just not on a Friday; + we don't revert, but keep an RC bug open for a few days to get broader + testing. Reupload 220-1 with its changelog actually pointing to unstable + and with all versions in the .changes. + + -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 18:54:09 +0200 + +systemd (220-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650) + - Drop non-working "journalctl /dev/sda" example from manpage + (Closes: #781604) + - man systemd.network: Explain UseDomains a bit more (not used by + default). (Closes: #766413) + - Ignore comments in /etc/hostname (LP: #1053048) + - Drop all backported patches and port the others to new upstream release. + * Cherry-pick patch to fix udevd --daemon assertion regression. + * Cherry-pick patch to fix udevd worker hang. + * systemd.install: systemd.pc moved back into /usr/share/pkgconfig/. + * libsystemd0.symbols: Add new symbols from this release. + * Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version, + and it's not nearly as often updated any more as it used to be. + * debian/rules: Remove shipped audit_type-to-name.h and + keyboard-keys-from-name.gperf and regenerate them during build (bug in + upstream 220 tarball). + * autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the + 220 tarball. + * Add libnss-mymachines binary package. (Closes: #784858) + * Add libnss-myhostname binary package, taking over from the very old and + unmaintained standalone source package as per its maintainer's request. + (Closes: #760514) + * Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in + debian/rules on sparc only. This can be dropped entirely once we build + GUdev from a separate source. + * bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e. + the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this. + * systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust + was_running() for that. + * systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(), + fix plymouthd status check to work under both Debian and Ubuntu. + * Replace almost all of Fix-paths-in-man-pages.patch with upstreamed + patches. (The remainder is planned to get fixed upstream as well.) + * Remove our update-rc.d patches, replace them with upstream patches for + /lib/systemd/systemd-sysv-install abstraction, and provide one for + update-rc.d. Also implement "is-enabled" command by directly checking for + the presence of rcS or rc5 symlinks. (Closes: #760616) + * Fix path_is_mount_point for files (regression in 220). + * debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically. + * Use Ubuntu's default NTP server for timesyncd when building on Ubuntu. + + [ Michael Biebl ] + * Remove /var/run and /var/lock migration code from debian-fixup. The /run + migration was completed in wheezy so this is no longer necessary. + * Drop our versioned Depends on initscripts. This was initially added for + the /run migration and later to ensure we have a mountnfs hook which + doesn't cause a deadlock under systemd. The /run migration was completed + in wheezy and jessie ships a fixed mountnfs hook. In addition we now use + the ignore-dependencies job mode in our lsb init-functions hook, so it's + safe to drop this dependency. + * Stop building gudev packages. Upstream has moved the gudev code into a + separate repository which is now managed on gnome.org. The gudev packages + will be built from src:libgudev from now on. See also + http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html + + -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 10:37:40 +0200 + +systemd (219-10) experimental; urgency=medium + + * Fix assertion crash with empty Exec*= paths. (LP: #1454173) + * Drop Avoid-reload-and-re-start-requests-during-early-boot.patch + and Avoid-reloading-services-when-shutting-down.patch: This was fixed more + robustly in invoke-rc.d and service now, see #777113. + * debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down. + * Fix "tentative" state of devices which are not in /dev (mostly in + containers), and avoid overzealous cleanup unmounting of mounts from them. + (LP: #1444402) + * debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls. + * Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long + obsolete, CD ejection with the hardware button works properly without it. + * Re-enable-journal-forwarding-to-syslog.patch: Update patch description, + journal.conf.d/ exists now. + * journal: Gracefully handle failure to bind to audit socket, which is known + to fail in namespaces (containers) with current kernels. Also + conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ. + (LP: #1457054) + * Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping + of unit names, reduces the delta, and will make it easier to get a common + solution for integrating ifup.d/ scripts with networkd. + * When booting with "quiet", run the initramfs' udevd with "notice" log + level. (LP: #1432171) + * Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in + a container. This makes lxc-stop work for systemd containers. + (LP: #1457321) + * write_net_rules: Escape '{' and '}' characters as well, to make this work + with busybox grep. Thanks Faidon Liambotis! (Closes: #765577) + + -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 09:43:52 +0200 + +systemd (219-9) experimental; urgency=medium + + * 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver, + not a subsystem). (LP: #1437375) + * debian/tests/unit-config: Add tests for systemctl enable/disable on a + SysV-only unit. Reproduces LP #1447807. + * Fix systemctl enable for SysV scripts without a native unit. We must not + try and enable the nonexisting unit then. (LP: #1447807) + * Drop Add-env-variable-for-machine-ID-path.patch. systemd should always + be installed via the essential "init" in buildd schroots now. + * debian/README.source: Update git-buildpackage commands for the renames in + 0.6.24. + * Make apparmor run before networking, to ensure that profiles apply to + e. g. dhclient (LP: #1438249): + - Rename networking.service.d/network-pre.conf to systemd.conf, and add + After=apparmor.service. + - ifup@.service: Add After=apparmor.service. + - Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to + $remote_fs. + * Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and + login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only + needed for upgrades from wheezy to jessie. + * systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade + fixes. + * systemd-fsckd autopkgtest: Stop assuming that + /etc/default/grub.d/90-autopkgtest.cfg exists. + * systemd-fsckd autopkgtest: Add missing plymouth test dependency. + * Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump + util-linux dependency to the version which enables + --enable-libmount-force-mountinfo. + + -- Martin Pitt <mpitt@debian.org> Wed, 13 May 2015 12:27:21 +0200 + +systemd (219-8) experimental; urgency=medium + + [ Michael Biebl ] + * Skip filesystem check if already done by the initramfs. (Closes: #782522) + * Drop hard-coded versioned dependency on libapparmor1. Bump the + Build-Depends on libapparmor-dev instead. This ensures a proper versioned + dependency via Build-Depends-Package. + * Revert "Make apparmor run before networking". This causes dependency + cycles while apparmor still depends on $remote_fs. + * Cleanup hwclock-save.service symlinks when upgrading from the jessie + version. + + [ Martin Pitt ] + * cryptsetup: Implement offset and skip options. (Closes: #751707, + LP: #953875) + * logind autopkgtest: Add test for suspending on lid switch close. + This reproduces LP #1444166 (lid switch not working in the first few + minutes after boot). + * Reduce the initial suspend supression time from 3 minutes to 30 seconds, + and make it configurable. (LP: #1444166) + * Fix double free crash in "systemctl enable" when calling update-rc.d and + the latter fails. (Closes: #764613, LP: #1426588) + * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849) + * Fix assertion crash when reading a service file with missing ' and + trailing space. (LP: #1447243) + * ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not + shut down network interfaces. (Closes: #762953, LP: #1449380). + Add PartOf=network.target, so that stopping network.target also stops + network interfaces (so that isolating emergency.target and similar work as + before). + * Revert upstream commit 743970d which immediately SIGKILLs units during + shutdown. This leads to problems like bash not being able to write its + history, mosh not saving its state, and similar failed cleanup actions. + (Closes: #784720, LP: #1448259) + * Drop the reversion of "journald: allow restarting journald without losing + stream connections", and replace with proper upstream fix for + sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896) + + -- Martin Pitt <mpitt@debian.org> Wed, 29 Apr 2015 17:13:41 +0200 + +systemd (219-7) experimental; urgency=medium + + [ Martin Pitt ] + * Make systemd-sysv's dependency to systemd unversioned. The package just + contains 6 symlinks and thus isn't sensitive at all against version + mismatches. This avoids running into circular dependencies when testing + local debs. + * Revert "udev: Drop hwdb-update dependency" and replace with upstream patch + which moves it to systemd-udev-trigger.service. + * display-managers autopkgtest: Properly wait until all jobs are finished. + * display-managers autopkgtest: Reset failed units between tests, to avoid + running into restart limits and for better test isolation. + * Enable timesyncd in virtual machines. (Closes: #762343) + + [ Adam Conrad ] + * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload + when init scripts are installed or removed (Closes: #766429) + + [ Didier Roche ] + * Squash all fsckd patches in one (as fsckd and such will be removed + soon upstream), containing various fixes from upstream git and refactor + the connection flow to upstream's suggestion. Modify the man pages to match + those modifications as well. Amongst others, this suppresses "Couldn't + connect to plymouth" errors if plymouth is not running. + (Closes: #782265, LP: #1429171) + * Keep plymouth localized messages in a separate patch for easier updates in + the future and refresh to latest upstream. + * display-managers autopkgtest: Use ExecStart=sleep instead of the actual + lightdm binary, to avoid errors from lightdm startup. Drop the now + unnecessary "needs-recommends" to speed up the test. + + -- Martin Pitt <mpitt@debian.org> Fri, 10 Apr 2015 11:08:33 +0200 + +systemd (219-6) experimental; urgency=medium + + [ Martin Pitt ] + * Import patches from v219-stable branch (up to 85a6fab). + * boot-and-services autopkgtest: Add missing python3 test dependency. + * Make apparmor run before networking, to ensure that profiles apply to + e. g. dhclient (LP: #1438249): + - Rename networking.service.d/network-pre.conf to systemd.conf, and add + After=apparmor.service. + - ifup@.service: Add After=apparmor.service. + * udev: Drop hwdb-update dependency, which got introduced by the above + v219-stable branch. This causes udev and plymouth to start too late and + isn't really needed in Debian yet as we don't support stateless systems + yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301) + + [ Didier Roche ] + * Fix mount point detection on overlayfs and similar file systems without + name_to_handle_at() and st_dev support. (LP: #1411140) + + [ Christian Seiler ] + * Make the journald to syslog forwarding more robust by increasing the + maximum datagram queue length from 10 to 512. (Closes: #762700) + + [ Marco d'Itri ] + * Avoid writing duplicate entries in 70-persistent-net.rules by double + checking if the new udev rule has already been written for the given + interface. This happens if multiple add events are generated before the + write_net_rules script returns and udevd renames the interface. + (Closes: #765577) + + -- Martin Pitt <mpitt@debian.org> Thu, 02 Apr 2015 09:14:48 +0200 + +systemd (219-5) experimental; urgency=medium + + [ Didier Roche ] + * Add "systemd-fsckd" autopkgtest. (LP: #1427312) + * cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split + (test gets skipped on Debian while upstart-sysv does not yet exist there). + * Cherry-pick a couple of upstream commits for adding transient state, + fixing a race where mounts become available before the device being + available. + * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds + an After relationship. (Closes: #779902) + + [ Martin Pitt ] + * journald: Suppress expected cases of "Failed to set file attributes" + errors. (LP: #1427899) + * Add systemd-sysv.postinst: Update grub on first installation, so that the + alternative init system boot entries get updated. + * debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >= + 3.11.1. + * Check for correct architecture identifiers for SuperH. (Closes: #779710) + * Fix tmpfiles.d to only apply the first match again (regression in 219). + (LP: #1428540) + * /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit + dependencies in "degraded" mode. (LP: #1429734) + + [ Michael Biebl ] + * debian/udev.init: Recognize '!' flag with static device lists, to work + with kmod 20. (Closes: #780263) + + [ Craig Magina ] + * rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant + m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811) + + [ Scott Wakeling ] + * Rework package description to be more accurate. (Closes: #740372) + + -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 16:31:04 +0100 + +systemd (219-4) experimental; urgency=medium + + * tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean + them up on upgrade. (Closes: #778656) + * bootchart: Fix path to default init. (LP: #1423867) + * Add "bootchart" autopkgtest, to spot regressions like the above. + * autopkgtests: Factorize out "assert.sh" utility functions, and use them in + the tests for useful failure messages. + * Downgrade requirement for timedated, hostnamed, localed-locale, and + logind autopkgtests from machine to container isolation. + * boot-and-services and display-manager autopkgtest: Add systemd-sysv as + proper test dependency instead of apt-get installing it. This works now + also under Ubuntu 15.04. + * boot-and-services autopkgtest: Check cleanup of temporary files during + boot. Reproduces #779169. + * Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992) + + -- Martin Pitt <mpitt@debian.org> Fri, 27 Feb 2015 07:02:09 +0100 + +systemd (219-3) experimental; urgency=medium + + * sysv-generator: fix wrong "Overwriting existing symlink" warnings. + (Closes: #778700) + * Add systemd-fsckd multiplexer and feed its output to plymouth. This + provides an aggregate progress report of running file system checks and + also allows cancelling them with ^C, in both text mode and Plymouth. + (Closes: #775093, #758902; LP: #1316796) + * Revert "journald: allow restarting journald without losing stream + connections". This was a new feature in 219, but currently causes boot + failures due to logind and other services not starting up properly. + (Closes: #778970; LP: #1423811) + * Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and + that there are no connection timeouts or stalled jobs. This reproduces the + above regression. + * debian/tests/localed-locale: Set up locale and keyboard default files on a + minimal unconfigured testbed. + * Add missing python3 test dependency to cmdline-upstart-boot and + display-managers autopkgtests. + * debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not + enabled. + * debian/tests/boot-and-services: Reboot also if lightdm was just installed + but isn't running yet. + + -- Martin Pitt <mpitt@debian.org> Mon, 23 Feb 2015 09:52:12 +0100 + +systemd (219-2) experimental; urgency=medium + + * Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654) + * Disable new new test-sigbus, it fails on some buildds due to too old + kernels. (part of #778654) + * debian/README.Debian, debian/systemd.postinst: Drop setfacl call for + /var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf. + * Drop "acl" dependency, not necessary any more with the above. + * debian/tests/boot-and-services: Move to using /var/lib/machines/, + /var/lib/containers is deprecated. + + -- Martin Pitt <mpitt@debian.org> Wed, 18 Feb 2015 15:29:42 +0100 + +systemd (219-1) experimental; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix spelling mistake in systemd.unit(5). (Closes: #773302) + - Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012) + - Fix load/save of multiple rfkill states. (Closes: #759489) + - Non-persistent journal (/run/log/journal) is now readable by group adm. + (Closes: #771980) + - Read netdev user mount option to correctly order network mounts after + network.target. (Closes: #769186) + - Fix 60-keyboard.hwdb documentation and whitespace handling. + (Closes: #757367) + - Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930) + - Drop all backported patches and port the others to new upstream release. + * Bump libblkid-dev build dependency as per upstream configure.ac. + * debian/systemd.install: Add new language-fallback-map file. + * debian/udev.install: Add new systemd-hwdb tool. + * debian/libsystemd0.symbols: Add new symbols from this release. + * tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in + Debian) to make the ACL for "adm" actually work. + * debian/rules: Explicitly disable importd for now; it should still mature a + bit. Explicitly enable hwdb support. + * /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running + with --quiet. (LP: #1421058) + * debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target + enablement symlinks on purge. (Closes: #778499) + * Move all Debian specific units in the systemd package into + debian/extra/units/ and simplify debian/systemd.install. + * Enable timesyncd by default. Add a config drop-in to not start if ntp, + openntpd, or chrony is installed. (Closes: #755722) + * debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this + was dropped in wheezy's util-linux already. + * debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb. + + [ Michael Biebl ] + * Stop removing firstboot man pages. They are now installed conditionally. + + -- Martin Pitt <mpitt@debian.org> Tue, 17 Feb 2015 15:51:38 +0100 + +systemd (218-10) experimental; urgency=medium + + * Pull latest keymaps from upstream git. (LP: #1334968, #1409721) + * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids + kernel buffer I/O errors and timeouts. (LP: #1333140) + * Clean up stale mounts when ejecting CD drives with the hardware eject + button. (LP: #1168742) + * Document systemctl --failed option. (Closes: #767267) + * Quiesce confusing and irrelevant "failed to reset devices.list" warning. + (LP: #1413193) + * When booting with systemd-bootchart, default to run systemd rather than + /sbin/init (which might not be systemd). (LP: #1417059) + * boot-and-services autopkgtest: Add CgroupsTest to check cgroup + creation/cleanup behaviour. This reproduces #777601 and verifies the fix + for it. + + -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:25:06 +0100 + +systemd (218-9) experimental; urgency=medium + + [ Martin Pitt ] + * debian/tests/logind: With dropped systemd-logind-launch we don't have a + visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the + test to check /proc/self/cgroup instead. + * Add unit-config autopkgtest to check systemd unit/sysv init enabling and + disabling via systemctl. This also reproduces #777613. + * systemctl: Always install/enable/disable native units, even if there is a + corresponding SysV script and we call update-rc.d; while the latter + handles WantedBy=, it does not handle Alias=. (Closes: #777613) + * cgroup: Don't trim cgroup trees created by someone else, just the ones + that systemd itself created. This avoids cleaning up empty cgroups from + e.g. LXC. (Closes: #777601) + * Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the + former is a file, it's most likely outdated on boot, leading to race + conditions and unmounts during boot. (LP: #1419623) + + [ Michael Biebl ] + * Explicitly disable the features we don't want to build for those with + autodetection. This ensures reliable build results in dirty build + environments. + * Disable AppArmor support in the udeb build. + * core: Don't fail to run services in --user instances if $HOME is missing. + (Closes: #759320) + + [ Didier Roche ] + * default-display-manager-generator: Avoid unnecessary /dev/null symlink and + warning if there is no display-manager.service unit. + + -- Michael Biebl <biebl@debian.org> Thu, 12 Feb 2015 18:45:12 +0100 + +systemd (218-8) experimental; urgency=medium + + [ Martin Pitt ] + * boot-and-services autopkgtest: Ensure that there are no failed units, + except possibly systemd-modules-load.service (as that notoriously fails + with cruft in /etc/modules). + * Revert "input" system group creation in systemd.postinst from 218-7. It's + already done in udev.postinst. + * ifup@.service: Revert checking for existance of ifupdown config for that + interface, net.agent already does that. + * Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not + necessary any more with the current version (mangle_names() already takes + care of this). + * Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch: + - Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it + partially reverts the above, and is just fixing it. + - Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just + adding some missing functionality for the same purpose. + * Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into + Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former + is fixing the latter and is not an independent change. + * Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch + wrapper. The only remaining thing that we need from it is to create + /run/systemd/, move that into the D-BUS service file directly. + * /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and + shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo + reload" can easily cause deadlocks, since the synchronous wait plus + systemd's normal behaviour of transactionally processing all dependencies + first easily causes dependency loops. Thus during boot/shutdown operate + only on the unit and not on its dependencies, just like SysV behaves. + (Closes: #777115, LP: #1417010) + * Only start logind if dbus is installed. This fixes the noisy startup + failure in environments without dbus, such as LXC containers or servers. + (part of #772700) + * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if + dbus is not installed, and hence logind cannot auto-start them on demand. + (Closes: #772700) + + [ Michael Biebl ] + * Update insserv-generator and map $x-display-manager to + display-manager.service, following the recent change in sysv-generator. + This avoids creating references to a no longer existing + x-display-manager.target unit. + + -- Martin Pitt <mpitt@debian.org> Mon, 09 Feb 2015 18:07:22 +0100 + +systemd (218-7) experimental; urgency=medium + + [ Martin Pitt ] + * Don't attempt to mount the same swap partition twice through different + device node aliases. (Closes: #772182, LP: #1399595) + * logind: handle closing sessions over daemon restarts. (Closes: #759515, + LP: #1415104) + * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release + after log out actually work. + * debian/rules: Drop obsolete --disable-multi-seat-x and + --with-firmware-path configure options. + * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or + described in manpages. Only keep the Debian specific bits. + (Part of #776546) + * Actually install udev's README.Debian when building for Debian. + (Closes: #776546) + * Create system group "input" which was introduced in 215. (LP: #1414409) + * ifup@.service: Don't fail if the interface is not configured in + /etc/network/interfaces at all. (LP: #1414426) + + [ Michael Biebl ] + * Update Vcs-Browser URL to use cgit and https. + * Map $x-display-manager LSB facility to display-manager.service instead of + making it a target. Using a target had the downside that multiple display + managers could hook into it at the same time which could lead to several + failed start attempts for the non-default display manager. + + -- Martin Pitt <mpitt@debian.org> Sun, 01 Feb 2015 20:48:49 +0100 + +systemd (218-6) experimental; urgency=medium + + [ Martin Pitt ] + * initramfs hook: Install 61-persistent-storage-android.rules if it exists. + * Generate POT file during package build, for translators. + * Pull latest keymaps from upstream git. + * Order ifup@.service and networking.service after network-pre.target. + (Closes: #766938) + * Tone down "Network interface NamePolicy= disabled on kernel commandline, + ignoring" info message to debug, as we expect this while we disable + net.ifnames by default. (Closes: #762101, LP: #1411992) + + [ Michael Biebl ] + * Ship bash-completion for udevadm. (Closes: #776166) + * Drop rc-local generator in favor of statically enabling rc-local.service, + and drop halt-local.service which is unnecessary on Debian. + (Closes: #776170) + * Drop the obsolete libsystemd-* libraries, there are no reverse + dependencies left. + + -- Martin Pitt <mpitt@debian.org> Mon, 26 Jan 2015 15:45:45 +0100 + +systemd (218-5) experimental; urgency=medium + + * Drop logger.agent. It hasn't been called from any udev rule for a long + time, and looks obsolete. + * debian/rules: Configure with --disable-firstboot to replace some manual + file removals. + * debian/rules: Remove manual file installation, move them to + debian/*.install. Move all Debian specific installed files to + debian/extra/. + * Merge some changes from the Ubuntu package to reduce the delta; these only + apply when building on/for Ubuntu: + - Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466. + - Add 61-persistent-storage-android.rules to create persistent symlinks + for partitions with PARTNAME. By Ricardo Salveti. + - Add 71-power-switch-proliant.rules for supporting the power switches of + ProLiant Server Cartridges. By Dann Frazier. + - Add 78-graphics-card.rules: Mark KMS capable graphics devices as + PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth. + By Scott James Remnant. + - Don't install the Debian *.agent scripts. Instead, have Ubuntu's + 80-networking.rules directly pull in ifup@.service, which is much easier + and more efficient. + * Make EPERM/EACCESS when applying OOM adjustment for forked processes + non-fatal. This happens in user namespaces like unprivileged LXC + containers. + * Fix assertion failure due to /dev/urandom being unmounted when shutting + down unprivileged containers. Thanks Stéphane Graber. + * Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but + also provides a generator for auto-detecting the root and the /boot/efi + partition if they aren't in /etc/fstab. (Closes: #773533) + + -- Martin Pitt <mpitt@debian.org> Thu, 22 Jan 2015 16:13:46 +0100 + +systemd (218-4) experimental; urgency=medium + + [ Michael Biebl ] + * sysv-generator: handle Provides: for non-virtual facility names. + (Closes: #774335) + * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr + isn't mounted yet. This happens with initramfs-tools < 0.118 which we + might not get into Jessie any more. (Closes: #742048) + + [ Martin Pitt ] + * fstab-generator: Handle mountall's non-standard "nobootwait" and + "optional" options. ("bootwait" is already the systemd default behaviour, + and "showthrough" is irrelevant here, so both can be ignored). + * Add autopkgtest for one-time boot with upstart when systemd-sysv is + installed. This test only works under Ubuntu which has a split out + upstart-bin package, and will be skipped under Debian. + * debian/ifup@.service: Check if ifup succeeds by calling ifquery, to + work around ifup not failing on invalid interfaces (see #773539) + * debian/ifup@.service: Set proper service type (oneshot). + * sysv-generator: Handle .sh suffixes when translating Provides:. + (Closes: #775889) + * sysv-generator: Make real units overwrite symlinks generated by Provides: + from other units. Fixes failures due to presence of backup or old init.d + scripts. (Closes: #775404) + * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN. + (Closes: #775067) + * Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add + versioned dependency as long as this is still only in experimental. + (Closes: #775331) + * Add some missing dpkg and ucf temp files to the "hidden file" filter, to + e. g. avoid creating units for them through the sysv-generator. + (Closes: #775903) + * Silence useless warning about /etc/localtime not being a symlink. This is + deliberate in Debian with /usr (possibly) being on a separate partition. + (LP: #1409594) + + [ Christian Kastner ] + * Use common-session-noninteractive in systemd-user's PAM config, instead of + common-session. The latter can include PAM modules like libpam-mount which + expect to be called just once and/or interactively, which already happens + for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as + it's not included in -noninteractive, but is always required (and + idempotent). There is no net change on systemd which don't use manually + installed PAM modules. (Closes: #739676) + + [ Michael Biebl ] + * Make sure we run debian-fixup.service after /var has been mounted if /var + is on a separate partition. Otherwise we might end up creating the + /var/lock and /var/run symlink in the underlying root filesystem. + (Closes: #768644) + + -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 15:57:50 +0100 + +systemd (218-3) experimental; urgency=medium + + * build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds, + and restrict this test to isolation-container. (Reproduces LP #1400203) + * Bring back patch to make sd_login_monitor_new() work under other init + systems where /sys/fs/cgroup/systemd/machine does not exist. + (LP: #1400203) + * build-login autopkgtest: Build against libsystemd, not libsystemd-login + any more. + * Add debian/extra/systemd-vconsole-setup.service dependency shim for + the console-setup init script, to avoid breaking dependencies of + third-party packages. Install it for Ubuntu only for now, as in Debian + plymouth's unit got adjusted. (LP: #1392970, Debian #755194) + * Mark systemd{,-sysv} as M-A: foreign (thanks lintian). + * Quiesce maintainer-script-calls-systemctl lintian warning. + * Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's + wrong there (we are handling tmpfiles.d/ files which are not in a temp + dir). + * Use dh_installinit's --noscript instead of --no-start for the upstart + jobs without sysvinit scripts (thanks lintian). + * Put systemd.pc into arch specific pkgconfig dir, as it contains the arch + specific libdir value. + * Don't enable audit by default. It causes flooding of dmesg and syslog, + suppressing actually important messages. (Closes: #773528) + * Cherrypick various bug fixes in loopback device setup and netlink socket + communication. Fixes massive CPU usage due to tight retry loops in user + LXC containers. + + -- Martin Pitt <mpitt@debian.org> Mon, 29 Dec 2014 14:55:35 +0100 + +systemd (218-2) experimental; urgency=medium + + * boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is + racy as sometimes message bursts are suppressed. + * Fix crash in timedatectl with Etc/UTC. + * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong + copy&paste'd comment, fix log strings. Thanks Adam D. Barratt. + * boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output + on failure. + * Disable tests which fail on buildds, presumably due to too old kernels, + misconfigured /etc/hosts, and similar problems. Make failures of the test + suite fatal now. + + -- Martin Pitt <mpitt@debian.org> Tue, 16 Dec 2014 08:24:38 +0100 + +systemd (218-1) experimental; urgency=medium + + * New upstream release. Drop all cherry-picked patches and port the Debian + specific ones. + - Create /etc/machine-id on boot if missing. (LP: #1387090) + * Add new libmount-dev build dependency. + * Configure with --enable-split-usr. + * Merge some permanent Ubuntu changes, using dpkg-vendor: + - Don't symlink udev doc directories. + - Add epoch to gudev packages; Ubuntu packaged the standalone gudev before + it got merged into udev. + - Add Apport hooks for udev and systemd. + * udev-fallback-graphics upstart job: Guard the modprobe with || true to + avoid a failure when vesafb is compiled in. (LP: #1367241) + + -- Martin Pitt <mpitt@debian.org> Sun, 14 Dec 2014 13:58:39 +0100 + +systemd (217-4) experimental; urgency=medium + + [ Martin Pitt ] + * Reinstate a debian/extra/rules/50-firmware.rules which immediately tells + the kernel that userspace firmware loading failed. Otherwise it tries for a + minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is + enabled) in vain, which causes long delays with devices which have a range + of possible firmware versions. (LP: #1398458) + * debian/systemd.postinst: Don't always restart journald, as this currently + can't be done without losing the current journal and breaking attached + processes. So only restart it from upgrades < 215-3 (where the socket + location got moved) as an one-time upgrade path from wheezy. + (Closes: #771122) + * Revert "Modify insserv generator to mask sysvinit-only display managers". + This is still under dispute, a bit risky, and might get a different + implementation. Also, nodm really needs to be fixed properly, working + around it is both too risky and also too hard to get right. + + [ Didier Roche ] + * Add display managers autopkgtests. + * Reset display-manager symlink to match /e/X/d-d-m even if + display-manager.service was removed. Adapt the autopkgtests for it. + (LP: #1400680) + + -- Martin Pitt <mpitt@debian.org> Thu, 11 Dec 2014 18:06:54 +0200 + +systemd (217-3) experimental; urgency=medium + + [ Martin Pitt ] + * systemd.bug-script: Really capture stderr of systemd-delta. + (Closes: #771498) + * boot-and-services autopkgtest: Give test apparmor job some time to + actually finish. + + [ Didier Roche ] + * updated debian/patches/insserv.conf-generator.patch: + - if /etc/X11/default-display-manager doesn't match a systemd unit + (or doesn't exist), be less agressive about what to mask: we let + all sysvinit-only display-manager units enabled to fallback to previous + behavior and let them starting. (Closes: #771739) + + -- Martin Pitt <mpitt@debian.org> Tue, 02 Dec 2014 16:53:36 +0100 + +systemd (217-2) experimental; urgency=medium + + * Re-enable journal forwarding to syslog, until Debian's sysloggers + can/do all read from the journal directly. + * Fix hostnamectl exit code on success. + * Fix "diff failed with error code 1" spew with systemd-delta. + (Closes: #771397) + * Re-enable systemd-resolved. This wasn't meant to break the entire + networkd, just disable the new NSS module. Remove that one manually + instead. (Closes: #771423, LP: #1397361) + * Import v217-stable patches (up to commit bfb4c47 from 2014-11-07). + * Disable AppArmor again. This first requires moving libapparmor to /lib + (see #771667). (Closes: #771652) + * systemd.bug-script: Capture stderr of systemd-{delta,analyze}. + (Closes: #771498) + + -- Martin Pitt <mpitt@debian.org> Mon, 01 Dec 2014 15:09:09 +0100 + +systemd (217-1) experimental; urgency=medium + + [ Martin Pitt ] + * New upstream release. Drop all cherry-picked patches and port the Debian + specific ones. + * Disable systemd-resolved for now. It still needs to mature, and + integration into Debian should be discussed first. + * Bump util-linux dependency to >= 2.25 as per NEWS. + * Drop installation of 50-firmware.rules, not shipped upstream any more. + Firmware loading is now exclusively done by the kernel. + * Drop installation of readahead related services and code, readahead got + dropped in this version. + * Ship new networkctl CLI tool. + * debian/libsystemd0.symbols: Add new symbols from this release. + * debian/rules: Call dpkg-gensymbols with -c4 to immediately spot + changed/missing symbols during build. + * boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270) + * Create new "systemd-journal-remote" system group, for + systemd-tmpfiles-setup.service. + + [ Marc Deslauriers ] + * Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270) + + [ Didier Roche ] + * Handle display-manager transitions: (Closes: #748668) + - Add a generator to ensure /etc/X11/default-display-manager is controlling + which display-manager is started. + - Modify insserv generator to mask of sysvinit-only dms with insserv + $x-display-manager tag if they don't match + /etc/X11/default-display-manager. This avoids starting multiple dms at + boot. + * Cherry-pick Shared-add-readlink_value.patch as using that function in the + generator. + + -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 10:53:58 +0100 + +systemd (215-18) unstable; urgency=medium + + [ Michael Biebl ] + * manager: Pass correct errno to strerror(), have_ask_password contains + negative error values which have to be negated when being passed to + strerror(). + + [ Martin Pitt ] + * Revert upstream commit 743970d which immediately SIGKILLs units during + shutdown. This leads to problems like bash not being able to write its + history, mosh not saving its state, and similar failed cleanup actions. + (Closes: #784720, LP: #1448259) + * write_net_rules: Escape '{' and '}' characters as well, to make this work + with busybox grep. Thanks Faidon Liambotis! (Closes: #765577) + + -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 15:49:30 +0200 + +systemd (215-17) unstable; urgency=high + + * cryptsetup: Implement offset and skip options. (Closes: #751707, + LP: #953875) + + -- Martin Pitt <mpitt@debian.org> Thu, 16 Apr 2015 10:26:46 -0500 + +systemd (215-16) unstable; urgency=medium + + [ Christian Seiler ] + * Don't run hwclock-save.service in containers. (Closes: #782377) + + [ Michael Biebl ] + * Do not print anything while passwords are being queried. This should make + password prompts without plymouth more usable. (Closes: #765013) + * Skip filesystem check if already done by the initramfs. (Closes: #782522) + + -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2015 19:42:32 +0200 + +systemd (215-15) unstable; urgency=medium + + [ Adam Conrad ] + * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload + when init scripts are installed or removed (Closes: #766429) + + [ Martin Pitt ] + * Fix getty restart loop when PTS device is gone. (Closes: #780711) + * Run timesyncd in virtual machines. (Closes: #762343) + * Make logind work in environments without CAP_SYS_ADMIN (mostly + containers). Thanks Christian Seiler for the backporting! + (Closes: #778608) + * Check for correct signatures when setting properties. Fixes systemd + getting stuck on trying to set invalid property types. (Closes: #781602) + + -- Martin Pitt <mpitt@debian.org> Thu, 09 Apr 2015 10:12:37 +0200 + +systemd (215-14) unstable; urgency=medium + + [ Michael Biebl ] + * Map $x-display-manager LSB facility to display-manager.service instead of + making it a target. Using a target had the downside that multiple display + managers could hook into it at the same time which could lead to several + failed start attempts for the non-default display manager. + * Update insserv-generator and map $x-display-manager to + display-manager.service, following the recent change in sysv-generator. + This avoids creating references to a no longer existing + x-display-manager.target unit. + * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M. + + [ Martin Pitt ] + * scope: Make attachment of initial PIDs more robust. Fixes crash with + processes that get started by an init.d script with a different (aliased) + name when the cgroup becomes empty. (Closes: #781210) + * boot-and-services, display-managers autopkgtests: Add missing python3 test + dependency. + * Don't attempt to mount the same swap partition twice through different + device node aliases. (Closes: #772182, LP: #1399595) + + [ Christian Seiler ] + * Make the journald to syslog forwarding more robust by increasing the + maximum datagram queue length from 10 to 512. (Closes: #762700) + + [ Marco d'Itri ] + * Avoid writing duplicate entries in 70-persistent-net.rules by double + checking if the new udev rule has already been written for the given + interface. This happens if multiple add events are generated before the + write_net_rules script returns and udevd renames the interface. + (Closes: #765577) + + -- Michael Biebl <biebl@debian.org> Mon, 30 Mar 2015 13:26:52 +0200 + +systemd (215-13) unstable; urgency=medium + + [ Martin Pitt ] + * Add hwclock-save.service to sync the system clock to the hardware clock on + shutdown, to provide monotonic time for reboots. (Note: this is a hack for + jessie; the next Debian release will enable timesyncd by default). + (Closes: #755722) + * Check for correct architecture identifiers for SuperH. (Closes: #779710) + * networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks + Christos Trochalakis! (Closes: #779571) + * Fix segfault with units that depend on themselves. (Closes: #780675) + * tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device + creation. Fixes creation of static device nodes with kmod 20. + (Closes: #780263) + + [ Christian Seiler ] + * core: Don't migrate PIDs for units that may contain subcgroups. + This stops messing up lxc/libvirt/other custom cgroup layouts after + daemon-reload. (Closes: #777164) + * sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001) + + [ Michael Biebl ] + * debian/udev.init: Recognize '!' flag with static device lists, to work + with kmod 20. (Closes: #780263) + + [ Didier Roche ] + * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds + an After relationship. (Closes: #779902) + + -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 14:23:35 +0100 + +systemd (215-12) unstable; urgency=medium + + [ Martin Pitt ] + * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or + described in manpages. Only keep the Debian specific bits. + (Part of #776546) + * Actually install udev's README.Debian when building for Debian. + (Closes: #776546) + * Only start logind if dbus is installed. This fixes the noisy startup + failure in environments without dbus such as LXC containers or servers. + (part of #772700) + * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if + dbus is not installed, and hence logind cannot auto-start them on demand. + (Closes: #772700) + * Add unit-config autopkgtest to check systemd unit/sysv init enabling and + disabling via systemctl. This avoids bugs like #777613 (did not affect + unstable). + * cgroup: Don't trim cgroup trees created by someone else, just the ones + that systemd itself created. This avoids cleaning up empty cgroups from + e.g. LXC. (Closes: #777601) + * boot-and-services autopkgtest: Add CgroupsTest to check cgroup + creation/cleanup behaviour. This reproduces #777601 and verifies the fix + for it. + * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids + kernel buffer I/O errors and timeouts. (LP: #1333140) + * Document systemctl --failed option. (Closes: #767267) + + [ Michael Biebl ] + * core: Don't fail to run services in --user instances if $HOME is missing. + (Closes: #759320) + + [ Didier Roche ] + * default-display-manager-generator: Avoid unnecessary /dev/null symlink and + warning if there is no display-manager.service unit. + + -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:08:31 +0100 + +systemd (215-11) unstable; urgency=medium + + [ Martin Pitt ] + * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling + symlink, to work around regression in recent patch (see #776257). + * Order ifup@.service and networking.service after network-pre.target. + (Closes: #766938) + * Tone down "Network interface NamePolicy= disabled on kernel commandline, + ignoring" info message to debug, as we expect this while we disable + net.ifnames by default. (Closes: #762101, LP: #1411992) + * logind: handle closing sessions over daemon restarts. (Closes: #759515, + LP: #1415104) + * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release + after log out actually work. + * debian/patches/series: Move upstreamed patches into the appropriate + section. + + [ Michael Biebl ] + * Make sure we run debian-fixup.service after /var has been mounted if /var + is on a separate partition. Otherwise we might end up creating the + /var/lock and /var/run symlink in the underlying root filesystem. + (Closes: #768644) + + -- Martin Pitt <mpitt@debian.org> Thu, 29 Jan 2015 09:01:54 +0100 + +systemd (215-10) unstable; urgency=medium + + [ Martin Pitt ] + * sysv-generator: Handle .sh suffixes when translating Provides:. + (Closes: #775889) + * sysv-generator: Make real units overwrite symlinks generated by Provides: + from other units. Fixes failures due to presence of backup or old init.d + scripts. (Closes: #775404) + * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN. + (Closes: #775067) + + [ Christian Kastner ] + * Use common-session-noninteractive in systemd-user's PAM config, instead of + common-session. The latter can include PAM modules like libpam-mount which + expect to be called just once and/or interactively, which already happens + for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as + it's not included in -noninteractive, but is always required (and + idempotent). There is no net change on systemd which don't use manually + installed PAM modules. (Closes: #739676) + + -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 13:18:05 +0100 + +systemd (215-9) unstable; urgency=medium + + [ Didier Roche ] + * Add display managers autopkgtests. + * Reset display-manager symlink to match /e/X/d-d-m even if + display-manager.service was removed. Adapt the autopkgtests for it. + + [ Martin Pitt ] + * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong + copy&paste'd comment, fix log strings. Thanks Adam D. Barratt. + * Log all members of cyclic dependencies (loops) even with quiet on the + kernel cmdline. (Closes: #770504) + * Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to + clean /var/tmp/ automatically. (Closes: #773313) + + [ Michael Biebl ] + * sysv-generator: handle Provides: for non-virtual facility names. + (Closes: #774335) + * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr + isn't mounted yet. This happens with initramfs-tools < 0.118 which we + might not get into Jessie any more. (Closes: #742048) + + -- Martin Pitt <mpitt@debian.org> Tue, 13 Jan 2015 11:24:43 +0100 + +systemd (215-8) unstable; urgency=medium + + [ Didier Roche ] + * Cherry-pick shared-add-readlink_value.patch, we will use that function in + the generator. + * Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we + will use that function in the generator. + * Handle multiple display managers which don't ship a systemd unit or the + corresponding postinst logic for updating display-manager.service: Add a + generator to ensure /etc/X11/default-display-manager is controlling which + display-manager is started. (Closes: #771287) + + [ Sjoerd Simons ] + * d/p/core-Fix-bind-error-message.patch: + + Added. Fix error message on bind failure to print the full path + * d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch: + + Added. Be more robust when binding private unix sockets (Based on current + upstream logic) (Closes: #761306) + + [ Martin Pitt ] + * Clean up ...journal~ files from unclean shutdowns. (Closes: #771707) + * debian/systemd.postinst: Don't always restart journald, as this currently + can't be done without losing the current journal and breaking attached + processes. So only restart it from upgrades < 215-3 (where the socket + location got moved) as an one-time upgrade path from wheezy. + (Closes: #771122) + * journalctl: Fix help text for --until. (Closes: #766598) + * Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we + make sure that the udev package has appropriate Breaks:. In particular, + this avoids installing current udev with kmod << 14. (Closes: #771726) + + [ Michael Biebl ] + * systemd.postinst: Move unit enablement after restarting systemd, so that + we don't fail to enable units with keywords that wheezy's systemd does not + understand yet. Fixes enabling getty units on wheezy upgrades with + systemd. (Closes: #771204) + + -- Martin Pitt <mpitt@debian.org> Fri, 05 Dec 2014 10:01:24 +0100 + +systemd (215-7) unstable; urgency=medium + + [ Martin Pitt ] + * Add myself to Uploaders. + * Add boot-and-services autopkgtest: Check booting with systemd-sysv and + that the most crucial services behave as expected. + * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug. + * Add nspawn test to boot-and-services autopkgtest. + * Make systemd-nspawn@.service work out of the box: (Closes: #770275) + - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d. + - Add new try-{guest,host} modes for --link-journal to silently skip + setting up the guest journal if the host has no persistent journal. + - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service. + * Cherry-pick upstream patch to fix SELinux unit access check (regression + in 215). + * sysv-generator: Avoid wrong dependencies for failing units. Thanks to + Michael Biebl for the patch! (Closes: #771118) + * Cherry-pick patches to recognize and respect the "discard" mount option + for swap devices. Thanks to Aurelien Jarno for finding and testing! + (Closes: #769734) + + [ Jon Severinsson] + * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This + avoids breakage in Jessie for packages which still refer to /run/shm, and + while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official. + (LP: #1320534, Closes: #674755). + + -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 06:43:15 +0100 + +systemd (215-6) unstable; urgency=medium + + [ Martin Pitt ] + * Cherry-pick upstream patch to fix udev crash in link_config_get(). + * Cherry-pick upstream patch to fix tests in limited schroot environments. + * Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an + alternate /etc/machine-id location. This is necessary for running tests + as long as it isn't in our base images (see Debian #745876) + * Run tests during package build. For the first round don't make them fatal + for now (that will happen once we see results from all the architectures). + * Drop our Check-for-kmod-binary.patch as the upstream patch + units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it. + * Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as + our util-linux is now recent enough. Bump dependency to >= 2.21. + * Adjust timedated and hostnamed autopkgtests to current upstream version. + * Replace our Debian hwdb.bin location patch with what got committed + upstream. Run hwdb update with the new --usr option to keep current + behaviour. + * debian/README.Debian: Document how to debug boot or shutdown problems with + the debug shell. (Closes: #766039) + * Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id + under all init systems, to get consistent ID_PATH attributes. This is + required so that tools like systemd-rfkill can be used with SysVinit or + upstart scripts, too. (LP: #1387282) + * Switch libpam-systemd dependencies to prefer systemd-shim over + systemd-sysv, to implement the CTTE decision #746578. This is a no-op on + systems which already have systemd-sysv installed, but will prevent + installing that on upgrades. (Closes: #769747) + * Remove Tollef from Uploaders: as per his request. Thanks Tollef for all + you work! + * net.agent: Properly close stdout/err FDs, to avoid long hangs during udev + settle. Thanks to Ben Hutchings! (Closes: #754987) + * Bump Standards-Version to 3.9.6 (no changes necessary). + + [ Didier Roche ] + * debian/ifup@.service: add a ConditionPath on /run/network, to avoid + failing the unit if /etc/init.d/networking is disabled. (Closes: #769528) + + -- Martin Pitt <mpitt@debian.org> Tue, 18 Nov 2014 12:37:22 +0100 + +systemd (215-5) unstable; urgency=medium + + [ Martin Pitt ] + * Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V + platforms. Thanks Andy Whitcroft! (LP: #1359933) + * Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade. + (Closes: #761947) + + [ Sjoerd Simons ] + * d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch + + Fix compatibility between systemctl v215 and v208. Resolves issue when + reloads of services is requested before systemd is re-execed + (Closes: #762146) + + [ Michael Biebl ] + * Don't overmount existing /run/user/<UID> directories with a per-user tmpfs + on upgrades. (Closes: #762041) + * Re-enable mount propagation for udevd. This avoids that broken software + like laptop-mode-tools, which runs mount from within udev rules, causes + the root file system to end up read-only. (Closes: #762018) + + -- Michael Biebl <biebl@debian.org> Sat, 27 Sep 2014 17:49:47 +0200 + +systemd (215-4) unstable; urgency=medium + + * Upload to unstable. + + -- Michael Biebl <biebl@debian.org> Mon, 15 Sep 2014 17:38:30 +0200 + +systemd (215-3) experimental; urgency=medium + + [ Ben Howard ] + * 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272) + + [ Martin Pitt ] + * 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae. + (LP: #1367883) + + [ Michael Biebl ] + * Update upstream v215-stable patch series. + * The /dev/log socket and /dev/initctl FIFO have been moved to /run and + replaced by symlinks. Create the symlinks manually on upgrades as well. + (Closes: #761340) + * Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491) + * Make systemd recommend dbus so it is installed on upgrades. The dbus + system bus is required to run systemd-logind and the autovt feature relies + on logind. (Closes: #758111) + * Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version + which supports systemd >= 209. + * Rework bug-script to be more upfront about what kind of data is gathered + and ask the user for permission before attaching the information to the + bug report. (Closes: #756248) + + [ Sjoerd Simons ] + * d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch + + Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc + (Closes: #760879) + + -- Sjoerd Simons <sjoerd@debian.org> Sun, 14 Sep 2014 20:14:49 +0200 + +systemd (215-2) experimental; urgency=medium + + * debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch + + Added. Fix checking of system endianness. Fixes FTBFS on powerpc + * debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch: + + Let timesyncd go online even if networkd isn't running (from upstream + git) (Closes: #760087) + * debian/rules: add systemd-update-utmp-runlevel.service to + {poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger + the runlevel target to be loaded + + -- Sjoerd Simons <sjoerd@debian.org> Sun, 07 Sep 2014 23:46:02 +0200 + +systemd (215-1) experimental; urgency=medium + + * New upstream release. + * Import upstream v215-stable patch series. + * Rebase remaining Debian patches on top of v215-stable. + * Drop our Debian-specific run-user.mount unit as upstream now creates a + per-user tmpfs via logind. + * Don't rely on new mount from experimental for now and re-add the patch + which updates the documentation accordingly. + * Cherry-pick upstream fix to use correct versions for the new symbols that + were introduced in libudev. + * Update symbols files + - Add two new symbols for libudev1. + - Remove private symbol from libgudev-1.0-0. This symbol was never part of + the public API and not used anywhere so we don't need a soname bump. + * Cherry-pick upstream commit to not install busname units if kdbus support + is disabled. + * Make /run/lock tmpfs an API fs so it is available during early boot. + (Closes: #751392) + * Install new systemd-path and systemd-escape binaries. + * Cherry-pick upstream commit which fixes the references to the systemctl + man page. (Closes: #760613) + * Use the new systemd-escape utility to properly escape the network + interface name when starting an ifup@.service instance for hotplugged + network interfaces. Make sure a recent enough systemd version is installed + by bumping the versioned Breaks accordingly. (Closes: #747044) + * Order ifup@.service after networking.service so we don't need to setup the + runtime directory ourselves and we have a defined point during boot when + hotplugged network interfaces are started. + * Disable factory-reset feature and remove files associated with it. This + feature needs more integration work first before it can be enabled in + Debian. + * Cherry-pick upstream commit to fix ProtectSystem=full and make the + ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists) + on Debian systems. (Closes: #759689) + * Use adduser in quiet mode when creating the system users/groups to avoid + warning messages about the missing home directories. Those are created + dynamically during runtime. (Closes: #759175) + * Set the gecos field when creating the system users. + * Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop + its privileges. + * Re-exec systemd and restart services at the end of postinst. + * Cherry-pick upstream commit for sd-journal to properly convert + object->size on big endian which fixes a crash in journalctl --list-boots. + (Closes: #758392) + + -- Michael Biebl <biebl@debian.org> Sun, 07 Sep 2014 09:58:48 +0200 + +systemd (214-1) experimental; urgency=medium + + * New upstream release v214. + (Closes: #750793, #749268, #747939) + + [ Jon Severinsson ] + * Import upstream v214-stable patch series. + - Rebase remaining Debian patches on top of v214-stable. + - Drop modifications to the now-removed built-in sysvinit support. + * Install the new combined libsystemd0 library, this library combines all + functionality of the various libsystemd-* libraries. + - Deprecate the old libsystemd-* libraries as they've been bundled into + libsystemd0. The old -dev files now just carry a transitional .pc file. + - Add new symbols file for libsystemd0. + * Update symbols file for libgudev-1.0-0. + * Remove pre-generated rules and unit files in debian/rules clean target. + * Add new systemd service users in systemd postinst (systemd-timesync, + systemd-network, systemd-resolve) + * Add new system group "input" used by udev rules in udev postinst. + * Try-restart networkd, resolved, and timesyncd after an upgrade. + * Do not force-enable default-on services on every upgrade. + * Add support for rcS.d init scripts to the sysv-generator. + - Do not order rcS.d services after local-fs.target if they do not + explicitly depend on $local_fs. + - Map rcS.d init script dependencies to their systemd equivalent. + - Special-case some dependencies for sysv init scripts for better + backwards compatibility. (Closes: #726027, #738965). + * Add systemd depends on new mount. (Closes: #754411) + * Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf. + * Remove stored backlog state, rfkill state, random-seed and clock + information from /var/lib/systemd on systemd purge. + + [ Sjoerd Simons ] + * debian/patches/shared-include-stdbool.h-in-mkdir.h.patch + + Added. Include stdbool before using bool in function prototypes. Fixes + build of the insserv generator + * Add python-lxml to build-depends for python-systemd + * Turn on parallel build support + * Install the new busctl binary and translations + * Explicitly disable microhttp so the package build doesn't fail if the + required dependencies for it happen to be installed. + * debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths + assume udev implementation details that have changed slightly since v213 + * debian/control: Remove b-d on librwap0-dev + * debian/control: Bump libkmod-dev b-d to >= 15 + * debian/rules: Drop outdated --enable-tcpwrap + * debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved + for the udeb build + * debian/rules: Use the debian ntp pool as default ntp servers + * debian/rules: explicitely configure the maximum system uid/gids instead of + relying on autodetection + + -- Sjoerd Simons <sjoerd@debian.org> Sun, 24 Aug 2014 14:54:27 +0200 + +systemd (208-8) unstable; urgency=medium + + [ Martin Pitt ] + * Fix duplicate line in copyright. (Closes: #756899) + * Drop --disable-xattr configure option for udeb, does not exist any more. + * Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498) + * Backport fix for lazy session-activation on non-seat0 seats. + (LP: #1355331) + + [ Michael Biebl ] + * Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as + we can't rely on /dev/stdout to exist at this point during boot. + (Closes: #757830) + * Fix udev SysV init script and d-i start script to not write to + /sys/kernel/uevent_helper unconditionally to not fail on a kernel with + CONFIG_UEVENT_HELPER unset. (Closes: #756312) + * Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version + supporting the static-nodes command. + * Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev + versions rely on kmod-static-nodes.service being provided by systemd. + (Closes: #757777) + * Updated upstream v208-stable patch series to 53b1b6c. + * Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302) + * Make emergency.service conflict with rescue.service. + Otherwise if rescue mode is selected during boot and the emergency mode + is triggered (e.g. via a broken fstab entry), we have two sulogin + processes fighting over the tty. (Closes: #757072) + * Stop syslog.socket when entering emergency mode as otherwise every log + message triggers the start of the syslog service and its dependencies + which conflicts with emergency.target. (Closes: #755581) + + -- Michael Biebl <biebl@debian.org> Thu, 21 Aug 2014 00:14:21 +0200 + +systemd (208-7) unstable; urgency=medium + + [ Michael Biebl ] + * Mask remaining services provided by the initscripts package and document + in more detail why certain services have been masked. (Closes: #659264) + * Install zsh completions to the correct place. (Closes: #717540) + + [ Jon Severinsson ] + * Cherry-pick upstream fix for journal file permissions. (Closes: #755062) + * Map some rcS.d init script dependencies to their systemd equivalent. + * Update Depends on initscripts to the version with a systemd-compatible + mountnfs ifup hook. (Closes: #746358) + * Add Breaks on lvm2 versions without native systemd support. + (Closes: #678438, #692120) + * Do not fail udev upgrades if the udev service is already runtime-masked + when the preinst script is run. (Closes: #755746) + * Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the + sysv-compatible symlinks become dangling on a partial install. + * Ensure that systemctl is usable right after being unpacked, by adding the + required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589) + * Add support for TuxOnIce hibernation. (Closes: #746463) + + [ Martin Pitt ] + * Rename "api" autopkgtest to "build-login", and stop requiring that + sd_login_monitor_new() succeeds. It doesn't in many environments like + schroot or after upgrades from < 204, and the main point of the test is + to check that libsystemd-login-dev has correct contents and dependencies. + Drop "isolation-machine" requirement. + * Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with + latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build + dependency. (Closes: #756097) + * Build python3-systemd for Python 3 bindings. Drop python-systemd; it does + not have any reverse dependencies, and we want to encourage moving to + Python 3. (LP: #1258089) + * Add simple autopkgtest for python3-systemd. + * Add dbus dependency to libpam-systemd. (Closes: #755968) + * Fix /dev/cdrom symlink to appear for all types of drives, not just for + pure CD-ROM ones. Also, fix the symlinks to stay after change events. + (LP: #1323777) + * 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't + violate the assignment schema, they should just not be persistent. + Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776) + * Reinstate patches to make logind D-BUS activatable. + * Re-add systemd-shim alternative dependency to libpam-systemd. Version it + to ensure cgmanager support. (Closes: #754984, LP: #1343802) + * Convert udev-finish.upstart from a task to a job, to avoid hangs with + startpar. (Closes: #756631) + * Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git. + This makes it trivial to backport keymap fixes to stable releases. + (Closes: #657809; LP: #1322770, #1339998) + * udev.init: Create static device nodes, as this moved out of udevd. + Thanks to Michael Biebl for the script! (Closes: #749021) + + -- Martin Pitt <mpitt@debian.org> Wed, 06 Aug 2014 13:33:22 +0200 + +systemd (208-6) unstable; urgency=medium + + [ Jon Severinsson ] + * Add v208-stable patch series. + - Update Debian patches to apply on top of v208-stable. + - Move new manpages to libsystemd-*-dev as appropriate. + + [ Michael Biebl ] + * Upload to unstable. + + -- Michael Biebl <biebl@debian.org> Wed, 16 Jul 2014 00:44:15 +0200 + +systemd (208-5) experimental; urgency=medium + + * Merge changes from unstable branch. + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:41:32 +0200 + +systemd (208-4) experimental; urgency=medium + + * Merge changes from unstable branch. + * Drop alternative dependency on systemd-shim in libpam-systemd. The + systemd-shim package no longer provides an environment to run + systemd-logind standalone. See #752939 for further details. + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 01:22:11 +0200 + +systemd (208-3) experimental; urgency=medium + + * Merge changes from unstable branch. + + -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 11:29:07 +0200 + +systemd (208-2) experimental; urgency=medium + + [ Sjoerd Simons ] + * Don't stop a running user manager from garbage collecting the users. Fixes + long shutdown times when using a systemd user session + + [ Michael Stapelberg ] + * Fix bug-script: “systemctl dump” is now “systemd-analyze dump” + (Closes: #748311) + + [ Michael Biebl ] + * Merge changes from unstable branch. + * Cherry-pick upstream fixes to make sd_session_get_vt() actually work. + + -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:45:26 +0200 + +systemd (208-1) experimental; urgency=medium + + [ Michael Biebl ] + * New upstream release. (Closes: #729566) + * Update patches. + * Update symbols files for libsystemd-journal and libsystemd-login. + * Install new files and remove the ones we don't use. + * Install zsh completion files. (Closes: #717540) + * Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no + longer reads /etc/sysctl.conf. + * Bump Build-Depends on kmod to (>= 14). + * Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt + support. + * Make kmod-static-nodes.service check for the kmod binary since we don't + want a hard dependency on kmod e.g. for container installations. + * Disable various features which aren't required for the udeb build. + * Move new sd_pid_get_slice and sd_session_get_vt man pages into + libsystemd-login-dev. + * Make no-patch-numbers the default for gbp-pq. + * Adjust systemd-user pam config file for Debian. + This pam config file is used by libpam-systemd/systemd-logind when + launching systemd user instances. + * Drop patches to make logind D-Bus activatable. The cgroup handling has + been reworked in v205 and logind no longer creates cgroup hierarchies on + its own. That means that the standalone logind is no longer functional + without support from systemd (or an equivalent cgroup manager). + + [ Martin Pitt ] + * Explain patch management in debian/README.source. + + -- Michael Biebl <biebl@debian.org> Mon, 28 Apr 2014 00:22:57 +0200 + +systemd (204-14) unstable; urgency=medium + + * Fix SIGABRT in insserv generator caused by incorrect usage of strcat(). + (Closes: #752992) + * Mark -dev packages as Multi-Arch: same. (Closes: #720017) + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:22:43 +0200 + +systemd (204-13) unstable; urgency=medium + + * Switch back to load the sg module via the kmod builtin. The problem was + not that the kmod builtin is faster then modprobe but rather the incorrect + usage of the "=" assignment operator. We need to use "+=" here, so the sg + module is loaded in addition to other scsi modules, which are loaded via + the modalias rule. Thanks to Tommaso Colombo for the analysis. + * Cherry-pick upstream fix which prevents systemd from entering an infinite + loop when trying to break an ordering cycle. (Closes: #752259) + * Update insserv generator to not create any drop-in files for services + where the corresponding SysV init script does not exist. + * Drop the check for /sys/kernel/uevent_helper from postinst and the SysV + init script and do not unconditionally overwrite it in the initramfs hook. + Since a long time now udev has been using the netlink interface to + communicate with the kernel and with Linux 3.16 it is possible to disable + CONFIG_UEVENT_HELPER completely. (Closes: #752742) + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 00:01:16 +0200 + +systemd (204-12) unstable; urgency=medium + + [ Martin Pitt ] + * Change the sg loading rule (for Debian #657948) back to using modprobe. + kmod is too fast and then sg races with sd, causing the latter to not see + SCSI disks. (Closes: #752591, #752605) + + [ Michael Biebl ] + * Update udev bug-script to attach instead of paste extra info if a new + enough reportbug version is available. + + -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 10:55:12 +0200 + +systemd (204-11) unstable; urgency=medium + + [ Martin Pitt ] + * Explain patch management in debian/README.source. (Closes: #739113) + * Replace "Always probe cpu support drivers" patch with cherry-picked + upstream fix which is more general. + * Advertise hibernation only if there's enough free swap. Patches backported + from current upstream. (LP: #1313522) + * Fix typo in sg loading rule to make it actually work. + + [ Michael Biebl ] + * Make no-patch-numbers the default for gbp-pq. + * Cherry-pick upstream fix to properly handle multiline syslog messages. + (Closes: #746351) + * Cherry-pick upstream fix for libudev which fixes a memleak in + parent_add_child(). + * Drop "-b debian" from Vcs-Git since we use the master branch for + packaging now. + * Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this + breaks dist-upgrades from wheezy when switching from sysvinit to + systemd-sysv as default init. While downgrading the Pre-Depends in + sysvinit would have been an alternative, dropping the Conflicts and only + keeping the Replaces was deemed the lesser evil. (Closes: #748355) + * Use Conflicts instead of Breaks against sysvinit-core. This avoids + /sbin/init going missing when switching from systemd-sysv to sysvinit. + While at it, add a Replaces: upstart. (Closes: #751589) + * Make the SysV compat tools try both /run/initctl and /dev/initctl. This + makes them usable under sysvinit as PID 1 without requiring any symlinks. + * Various ifupdown integration fixes + - Use DefaultDependencies=no in ifup@.service so the service can be + started as early as possible. + - Create the ifupdown runtime directory in ifup@.service as we can no + longer rely on the networking service to do that for us. + - Don't stop ifup@.service on shutdown but let the networking service take + care of stopping all hotplugged interfaces. + - Only start ifup@.service for interfaces configured as allow-hotplug. + + [ Michael Stapelberg ] + * Clarify that “systemd” does not influence init whereas “systemd-sysv” does + (Closes: #747741) + + [ Ansgar Burchardt ] + * Don't use "set +e; set +u" unconditionally in the lsb init-functions hook + as this might change the behaviour of existing SysV init scripts. + (Closes: #751472) + + -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:03:43 +0200 + +systemd (204-10) unstable; urgency=medium + + * In the udeb's udev.startup, make sure that /dev/pts exists. + * systemd-logind-launch: Set the #files ulimit, for unprivileged LXC + containers. + * Drop udev.NEWS, it only applies to pre-squeeze. + * Remove /var/log/udev on purge. + * Always probe cpu support drivers. (LP #1207705) + * On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC + for management. Name this interface "idrac" to avoid confusion with "real" + network interfaces. + * Drop numerical prefixes from patches, to avoid future diff noise when + removing, cherry-picking, and merging patches. From now on, always use + "gbp-pq export --no-patch-numbers" to update them. + + -- Martin Pitt <mpitt@debian.org> Sun, 27 Apr 2014 11:53:52 +0200 + +systemd (204-9) unstable; urgency=medium + + * The "Flemish Beef and Beer Stew" release. + + [ Steve Langasek ] + * Do proper refcounting of the PAM module package on prerm, so that we + don't drop the module from the PAM config when uninstalling a + foreign-arch package. Related to Ubuntu bug #1295521. + + [ Martin Pitt ] + * debian/udev.udev-finish.upstart: Fix path to tmp-rules, + debian/extra/rule_generator.functions creates them in /run/udev/. + * rules: Remove the kernel-install bits; we don't want that in Debian and + thus it shouldn't appear in dh_install --list-missing output. + * Ship sd-shutdown.h in libsystemd-daemon-dev. + * Run dh_install with --fail-missing, to avoid forgetting files when we move + to new versions. + * Mount /dev/pts with the correct permissions in the udev, to avoid needing + pt_chown (not available on all architectures). Thanks Adam Conrad. + * Add new block of Windows Azure ethernet hardware address to + 75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018) + * Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the + upstream rules. They are compatible and do a superset of the + functionality. (Closes: #645466) + * Drop our Debian specific 80-drivers.rules and use the upstream rules with + a patch for the sg module (see #657948). These now stop calling modprobe + and use the kmod builtin, giving some nice boot speed improvement. + (Closes: #717404) + * Drop our Debian specific 50-udev-default.rules and 91-permissions.rules + and use the upstream rules with a patch for the remaining Debian specific + default device permissions. Many thanks to Marco d'Itri for researching + which Debian-specific rules are obsolete! Amongst other things, this now + also reads the hwdb info for USB devices (Closes: #717405) and gets rid of + some syntax errors (Closes: #706221) + * Set default polling interval on removable devices as well, for kernels + which have "block" built in instead of being a module. (Closes: #713877) + * Make sd_login_monitor_new() work for logind without systemd. + * Cherry-pick upstream fix for polkit permissions for rebooting with + multiple sessions. + * Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's + obsolete with devtmpfs (which is required now), and doesn't run with + systemd or upstart anyway. + * Drop unnecessary udev.dirs. + * Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed, + and a compile/link/run test against libsystemd-login-dev. + + [ Marco d'Itri ] + * preinst: check for all the system calls required by modern releases + of udev. (Closes: #648325) + * Updated fbdev-blacklist.conf for recent kernels. + * Do not blacklist viafb because it is required on the OLPC XO-1.5. + (Closes: #705792) + * Remove write_cd_rules and the associated rules which create "persistent" + symlinks for CD/DVD devices and replace them with more rules in + 60-cdrom_id, which will create symlinks for one at random among the + devices installed. Since the common case is having a single device + then everything will work out just fine most of the times... + (Closes: #655924) + * Fix write_net_rules for systemd and sysvinit users by copying the + temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563) + * Do not install sysctl.d/50-default.conf because the systemd package + should not change kernel policies, at least until it will become + the only supported init system. + + [ Michael Stapelberg ] + * Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724). + * Switch from gitpkg to git-buildpackage. Update README.source accordingly. + * Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that + need logind functionality should depend on libpam-systemd. + + [ Michael Biebl ] + * Do not send potentially private fstab information without prior user + confirmation. (Closes: #743158) + * Add support for LSB facilities defined by insserv. + Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate + systemd unit drop-in files to add corresponding dependencies. Also ship + targets for the Debian specific $x-display-manager and + $mail-transport-agent system facilities. (Closes: #690892) + * Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME + setting from /etc/default/rcS. Fix up existing broken configurations. + (Closes: #738862) + + -- Michael Biebl <biebl@debian.org> Sat, 26 Apr 2014 21:37:29 +0200 + +systemd (204-8) unstable; urgency=low + + [ Michael Stapelberg ] + * move manpages from systemd to libsystemd-*-dev as appropriate + (Closes: #738723) + * fix systemctl enable/disable/… error message “Failed to issue method call: + No such file or directory” (the previous upload did actually not contain + this fix due to a merge conflict) (Closes: #738843) + * add explicit “Depends: sysv-rc” so that initscript’s “Depends: sysv-rc | + file-rc” will not be satisfied with file-rc. We need the invoke-rc.d and + update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd. + (Closes: #739679) + * set capabilities cap_dac_override,cap_sys_ptrace=ep for + systemd-detect-virt, so that it works for unprivileged users. + (Closes: #739699) + * pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300) + * Ignore chkconfig headers entirely, they are often broken in Debian + (Closes: #634472) + + [ Michael Biebl ] + * do a one-time migration of RAMTMP= from /etc/default/rcS and + /etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687) + * Bump Standards-Version to 3.9.5. + + -- Michael Biebl <biebl@debian.org> Wed, 19 Mar 2014 18:57:35 +0100 + +systemd (204-7) unstable; urgency=low + + * fix systemctl enable/disable/… error message “Failed to issue method call: + No such file or directory” (Closes: #734809) + * bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0 + (Closes: #722530) + * add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel + Schepler) + * cherry-pick: + order remote mounts from mountinfo before remote-fs.target (77009452cfd) + (Closes: #719945) + Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156) + fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316) + + -- Michael Stapelberg <stapelberg@debian.org> Tue, 11 Feb 2014 23:34:42 +0100 + +systemd (204-6) unstable; urgency=low + + [ Michael Stapelberg ] + * Run update-rc.d defaults before update-rc.d <enable|disable> + (Closes: #722523) + * preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204 + (Closes: #723936) + * fstab-generator: don’t rely on /usr being mounted in the initrd + (Closes: #724797) + * systemctl: mangle names when avoiding dbus (Closes: #723855) + * allow group adm read access on /var/log/journal (Closes: #717386) + * add systemd-journal group (Thanks Guido Günther) (Closes: #724668) + * copy /etc/localtime instead of symlinking (Closes: #726256) + * don’t try to start autovt units when not running with systemd as pid 1 + (Closes: #726466) + * Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida) + (Closes: #733240) + * Add myself to uploaders + + [ Tollef Fog Heen ] + * Make 99-systemd.rules check for /run/systemd/systemd instead of the + ill-named cgroups directory. + + [ Martin Pitt ] + * debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink + should go away at some point. + * debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they + are potentially useful in a d-i environment. + * debian/shlibs.local: Drop libudev; this unnecessarily generates overly + strict dependencies, the libudev ABI is stable. + * debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems + (LP: #1099278) + + -- Michael Stapelberg <stapelberg@debian.org> Tue, 31 Dec 2013 14:39:44 +0100 + +systemd (204-5) unstable; urgency=high + + * Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit + by avoiding a race condition in scraping /proc (CVE-2013-4327). + Closes: #723713 + + -- Michael Biebl <biebl@debian.org> Mon, 23 Sep 2013 11:59:53 +0200 + +systemd (204-4) unstable; urgency=low + + * Add preinst check to abort udev upgrade if the currently running kernel + lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no + longer creates any device nodes itself. This only affects self-compiled + kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580 + * Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This + only affects users without an initramfs, which usually is responsible for + mounting the devtmpfs. Closes: #722604 + * Drop pre-squeeze upgrade code from maintainer scripts and simplify the + various upgrade checks. + * Suppress errors about unknown hwdb builtin. udev 196 introduced a new + "hwdb" builtin which is not understood by the old udev daemon. + * Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a + proper dependency on libudev1-udeb and not libudev1. Closes: #722939 + * Remove udev-udeb dependency from libudev1-udeb to avoid a circular + dependency between the two packages. This dependency was copied over from + the old udev-gtk-udeb package and no longer makes any sense since + libudev1-udeb only contains a library nowadays. + + -- Michael Biebl <biebl@debian.org> Wed, 18 Sep 2013 00:05:21 +0200 + +systemd (204-3) unstable; urgency=low + + [ Michael Biebl ] + * Upload to unstable. + * Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell. + * Only import net.ifaces cmdline property for network devices. + * Generate strict dependencies between the binary packages using a + shlibs.local file and add an explicit versioned dependency on + libsystemd-login0 to systemd to ensure packages are upgraded in sync. + Closes: #719444 + * Drop obsolete Replaces: libudev0 from udev package. + * Use correct paths for various binaries, like /sbin/quotaon, which are + installed in / and not /usr in Debian. Closes: #721347 + * Don't install kernel-install(8) man page since we don't install the + corresponding binary either. Closes: #722180 + * Cherry-pick upstream fixes to make switching runlevels and starting + reboot via ctrl-alt-del more robust. + * Cherry-pick upstream fix to properly apply ACLs to Journal files. + Closes: #717863 + + [ Michael Stapelberg ] + * Make systemctl enable|disable call update-rc.d for SysV init scripts. + Closes: #709780 + * Don't mount /tmp as tmpfs by default and make it possible to enable this + feature via "systemctl enable tmp.mount". Closes: #718906 + + [ Daniel Schaal ] + * Add bug-script to systemd and udev. Closes: #711245 + + [ Ondrej Balaz ] + * Recognize discard option in /etc/crypttab. Closes: #719167 + + -- Michael Biebl <biebl@debian.org> Thu, 12 Sep 2013 00:13:11 +0200 + +systemd (204-2) experimental; urgency=low + + [ Daniel Schaal ] + * Enable verbose build logs. Closes: #717465 + * Add handling of Message Catalog files to provide additional information + for log entries. Closes: #717427 + * Remove leftover symlink to debian-enable-units.service. Closes: #717349 + + [ Michael Stapelberg ] + * Install 50-firmware.rules in the initramfs and udeb. Closes: #717635 + + [ Michael Biebl ] + * Don't pass static start priorities to dh_installinit anymore. + * Switch the hwdb trigger to interest-noawait. + * Remove obsolete support for configurable udev root from initramfs. + * Bind ifup@.service to the network device. This ensures that ifdown is run + when the device is removed and the service is stopped. + Closes: #660861, #703033 + * Bump Standards-Version to 3.9.4. No further changes. + * Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385 + * Make all packages Priority: optional, with the exception of udev and + libudev1, which remain Priority: important, and systemd-sysv, which + remains Priority: extra due to the conflict with sysvinit. + Closes: #717365 + * Restart systemd-logind.service on upgrades due to changes in the + CreateSession D-Bus API between v44 and v204. Closes: #717403 + + -- Michael Biebl <biebl@debian.org> Wed, 24 Jul 2013 23:47:59 +0200 + +systemd (204-1) experimental; urgency=low + + * New upstream release. Closes: #675175, #675177 + - In v183 the udev sources have been merged into the systemd source tree. + As a result, the udev binary packages will now be built from the systemd + source package. To align the version numbers 139 releases were skipped. + - For a complete list of changes, please refer to the NEWS file. + * Add Marco to Uploaders. + * Drop Suggests on the various python packages from systemd. The + systemd-analyze tool has been reimplemented in C. + * Add binary packages as found in the udev 175-7.2 source package. + * Wrap dependencies for better readability. + * Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0. + * Drop old Conflicts, Replaces and Breaks, which are no longer necessary. + * Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject + introspection mini-policy. Closes: #691313 + * The hwdb builtin has replaced pci-db and usb-db in udev. Drop the + Recommends on pciutils and usbutils accordingly. + * Drop our faketime hack. Upstream uses a custom xsl style sheet now to + generate the man pages which no longer embeds the build date. + * Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are + using pam-auth-update. + * Explicitly set Section and Priority for the udev binary package. + * Update Build-Depends: + - Drop libudev-dev, no longer required. + - Add gtk-doc-tools and libglib2.0-doc for the API documentation in + libudev and libgudev. + - Add libgirepository1.0-dev and gobject-introspection for GObject + introspection support in libgudev. + - Add libgcrypt11-dev for encryption support in the journal. + - Add libblkid-dev for the blkid udev builtin. + * Use gir dh addon to ensure ${gir:Depends} is properly set. + * Rename libudev0 → libudev1 for the SONAME bump. + * Update symbols files. libudev now uses symbols versioning as the other + libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from + the old udev package. + * Run gtkdocize on autoreconf. + * Enable python bindings for the systemd libraries and ship them in a new + package named python-systemd. + * Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per + libsystemd-journal.pc. + * Remove obsolete bash-completion scripts on upgrades. Nowadays they are + installed in /usr/share/bash-completion/completions. + * Rename conffiles for logind and journald. + * Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents. + * Build two flavours: a regular build and one for the udev udebs with + reduced features/dependencies. + * Create a few compat symlinks for the udev package, most notably + /sbin/udevadm and /sbin/udevd. + * Remove the dpkg-triggered debian-enable-units script. This was a temporary + workaround for wheezy. Packages should use dh-systemd now to properly + integrate service files with systemd. + * Update debian/copyright using the machine-readable copyright format 1.0. + * Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2 + non-maintainer uploads. + * Keep the old persistent network interface naming scheme for now and make + the new one opt-in via net.ifnames=1 on the kernel command line. + * Drop the obsolete udev-mtab SysV init script and properly clean up on + upgrades. + * Simplify the udev SysV init script and remove experimental and obsolete + features. + * Revert upstream commits which dropped support for distro specific + features and config files. + * Make logind, hostnamed, localed and timedated D-Bus activatable and + usable when systemd is not running. + * Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on + install and upgrades. + * Provide a dpkg file trigger for hwdb, so the database is automatically + updated when packages install files into /lib/udev/hwdb.d. + + -- Michael Biebl <biebl@debian.org> Fri, 19 Jul 2013 00:32:36 +0200 + +systemd (44-12) unstable; urgency=low + + * Cherry-pick e17187 from upstream to fix build failures with newer glibc + where the clock_* symbols have been moved from librt to libc. + Closes: #701364 + * If the new init-system-helpers package is installed, make the + debian-enable-units script a no-op. The auto-enabler was meant as a + temporary workaround and will be removed once all packages use the new + helper. + * Update the checks which test if systemd is the active init. The + recommended check is [ -d /run/systemd/system ] as this will also work + with a standalone systemd-logind. + * Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add + Tollef and myself as Uploaders. + * Stop building the GUI bits. They have been split into a separate source + package called systemd-ui. + + -- Michael Biebl <biebl@debian.org> Thu, 20 Jun 2013 01:32:16 +0200 + +systemd (44-11) unstable; urgency=low + + * Team upload. + * Run debian-enable-units.service after sysinit.target to ensure our tmp + files aren't nuked by systemd-tmpfiles. + * The mountoverflowtmp SysV init script no longer exists so remove that + from remount-rootfs.service to avoid an unnecessary diff to upstream. + * Do not fail on purge if /var/lib/systemd is empty and has been removed + by dpkg. + + -- Michael Biebl <biebl@debian.org> Wed, 13 Mar 2013 08:03:06 +0100 + +systemd (44-10) unstable; urgency=low + + * Team upload. + * Using the return code of "systemctl is-enabled" to determine whether we + enable a service or not is unreliable since it also returns a non-zero + exit code for masked services. As we don't want to enable masked services, + grep for the string "disabled" instead. + + -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 17:01:24 +0100 + +systemd (44-9) unstable; urgency=low + + * Team upload. + * Fix typo in systemd.socket man page. Closes: #700038 + * Use color specification in "systemctl dot" which is actually + understood by dot. Closes: #643689 + * Fix mounting of remote filesystems like NFS. Closes: #673309 + * Use a file trigger to automatically enable service and socket units. A lot + of packages simply install systemd units but do not enable them. As a + result they will be inactive after the next boot. This is a workaround for + wheezy which will be removed again in jessie. Closes: #692150 + + -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 13:35:39 +0100 + +systemd (44-8) unstable; urgency=low + + * Team upload. + * Use comment=systemd.* syntax in systemd.mount man page. The + mount/util-linux version in wheezy is not recent enough to support the new + x-systemd* syntax. Closes: #697141 + * Don't enable persistent storage of journal log files. The journal in v44 + is not yet mature enough. + + -- Michael Biebl <biebl@debian.org> Sat, 19 Jan 2013 20:05:05 +0100 + +systemd (44-7) unstable; urgency=low + + * Fix a regression in the init-functions hook wrt reload handling that was + introduced when dropping the X-Interactive hack. Closes: #696355 + + -- Michael Biebl <biebl@debian.org> Fri, 21 Dec 2012 00:00:12 +0100 + +systemd (44-6) unstable; urgency=low + + [ Michael Biebl ] + * No longer ship the /sys directory in the systemd package since it is + provided by base-files nowadays. + * Don't run udev rules if systemd is not active. + * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time + migration so don't run the debian-fixup script on every boot. + + [ Tollef Fog Heen ] + * Prevent the systemd package from being removed if it's the active init + system, since that doesn't work. + + [ Michael Biebl ] + * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M). + Those directories are user-writable which could lead to DoS by filling up + /run. Closes: #635131 + + -- Michael Biebl <biebl@debian.org> Sun, 16 Dec 2012 21:58:37 +0100 + +systemd (44-5) unstable; urgency=low + + * Team upload. + + [ Tollef Fog Heen ] + * disable killing on entering START_PRE, START, thanks to Michael + Stapelberg for patch. This avoids killing VMs run through libvirt + when restarting libvirtd. Closes: #688635. + * Avoid reloading services when shutting down, since that won't work and + makes no sense. Thanks to Michael Stapelberg for the patch. + Closes: #635777. + * Try to determine which init scripts support the reload action + heuristically. Closes: #686115, #650382. + + [ Michael Biebl ] + * Update Vcs-* fields, the Git repository is hosted on alioth now. Set the + default branch to "debian". + * Avoid reload and (re)start requests during early boot which can lead to + deadlocks. Closes: #624599 + * Make systemd-cgroup work even if not all cgroup mounts are available on + startup. Closes: #690916 + * Fix typos in the systemd.path and systemd.unit man page. Closes: #668344 + * Add watch file to track new upstream releases. + + -- Michael Biebl <biebl@debian.org> Thu, 25 Oct 2012 21:41:23 +0200 + +systemd (44-4) unstable; urgency=low + + [ Michael Biebl ] + * Override timestamp for man page building, thereby avoiding skew + between architectures which caused problems for multi-arch. + Closes: #680011 + + [ Tollef Fog Heen ] + * Move diversion removal from postinst to preinst. Closes: #679728 + * Prevent the journal from crashing when running out of disk space. + This is 499fb21 from upstream. Closes: #668047. + * Stop mounting a tmpfs on /media. Closes: #665943 + + -- Tollef Fog Heen <tfheen@debian.org> Sun, 01 Jul 2012 08:17:50 +0200 + +systemd (44-3) unstable; urgency=low + + [ Michael Biebl ] + * Bump to debhelper 9. + * Convert to Multi-Arch: same where possible. Closes: #676615 + + [ Tollef Fog Heen ] + * Cherry-pick d384c7 from upstream to stop journald from leaking + memory. Thanks to Andreas Henriksson for testing. Closes: #677701 + * Ship lsb init script override/integration in /lib/lsb/init-functions.d + rather than diverting /lib/lsb/init-functions itself. Add appropriate + Breaks to ensure upgrades happen. + + -- Tollef Fog Heen <tfheen@debian.org> Fri, 29 Jun 2012 22:34:16 +0200 + +systemd (44-2) unstable; urgency=low + + [ Michael Biebl ] + * Tighten the versions in the maintscript file + * Ship the /sys directory in the package + * Re-add workaround for non-interactive PAM sessions + * Mask checkroot-bootclean (Closes: #670591) + * Don't ignore errores in systemd-sysv postinst + + [ Tollef Fog Heen ] + * Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422 + * Make sure /run/sensigs.omit.d exists. + * Add python-dbus and python-cairo to Suggests, for systemd-analyze. + Closes: #672965 + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 08 May 2012 18:04:22 +0200 + +systemd (44-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream version. + - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other + archs + - Backport 5a2a2a1: journal: react with immediate rotation to a couple + of more errors + - Backport 693ce21: util: never follow symlinks in rm_rf_children() + Fixes CVE-2012-1174, closes: #664364 + * Drop output message from init-functions hook, it's pointless. + * Only rmdir /lib/init/rw if it exists. + * Explicitly order debian-fixup before sysinit.target to prevent a + possible race condition with the creation of sockets. Thanks to + Michael Biebl for debugging this. + * Always restart the initctl socket on upgrades, to mask sysvinit + removing it. + + [ Michael Biebl ] + * Remove workaround for non-interactive sessions from pam config again. + * Create compat /dev/initctl symlink in case we are upgrading from a system + running a newer version of sysvinit (using /run/initctl) and sysvinit is + replaced with systemd-sysv during the upgrade. Closes: #663219 + * Install new man pages. + * Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323 + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 03 Apr 2012 19:59:17 +0200 + +systemd (43-1) experimental; urgency=low + + [ Tollef Fog Heen ] + * Target upload at experimental due to libkmod dependency + * New upstream release + - Update bash-completion for new verbs and arguments. Closes: #650739 + - Fixes local DoS (CVE-2012-1101). Closes: #662029 + - No longer complains if the kernel lacks audit support. Closes: #642503 + * Fix up git-to-source package conversion script which makes gitpkg + happier. + * Add libkmod-dev to build-depends + * Add symlink from /bin/systemd to /lib/systemd/systemd. + * Add --with-distro=debian to configure flags, due to no /etc/os-release + yet. + * Add new symbols for libsystemd-login0 to symbols file. + * Install a tmpfiles.d file for the /dev/initctl → /run/initctl + migration. Closes: #657979 + * Disable coredump handling, it's not ready yet. + * If /run is a symlink, don't try to do the /var/run → /run migration. + Ditto for /var/lock → /run/lock. Closes: #647495 + + [ Michael Biebl ] + * Add Build-Depends on liblzma-dev for journal log compression. + * Add Build-Depends on libgee-dev, required to build systemadm. + * Bump Standards-Version to 3.9.2. No further changes. + * Add versioned Build-Depends on automake and autoconf to ensure we have + recent enough versions. Closes: #657284 + * Add packages for libsystemd-journal and libsystemd-id128. + * Update symbols file for libsystemd-login. + * Update configure flags, use rootprefix instead of rootdir. + * Copy intltool files instead of symlinking them. + * Re-indent init-functions script. + * Remove workarounds for services using X-Interactive. The LSB X-Interactive + support turned out to be broken and has been removed upstream so we no + longer need any special handling for those type of services. + * Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries. + * Install /var/lib/systemd directory. + * Install /var/log/journal directory where the journal files are stored + persistently. + * Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no). + * Avoid error messages from systemctl in postinst if systemd is not running + by checking for /sys/fs/cgroup/systemd before executing systemctl. + Closes: #642749 + * Stop installing lib-init-rw (auto)mount units and try to cleanup + /lib/init/rw in postinst. Bump dependency on initscripts accordingly. + Closes: #643699 + * Disable pam_systemd for non-interactive sessions to work around an issue + with sudo. + * Use new dh_installdeb maintscript facility to handle obsolete conffiles. + Bump Build-Depends on debhelper accordingly. + * Rename bash completion file systemctl-bash-completion.sh → + systemd-bash-completion.sh. + * Update /sbin/init symlink. The systemd binary was moved to $pkglibdir. + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 07 Feb 2012 21:36:34 +0100 + +systemd (37-1.1) unstable; urgency=low + + * Non-maintainer upload with Tollef's consent. + * Remove --parallel to workaround a bug in automake 1.11.3 which doesn't + generate parallel-safe build rules. Closes: #661842 + * Create a compat symlink /run/initctl → /dev/initctl to work with newer + versions of sysvinit. Closes: #657979 + + -- Michael Biebl <biebl@debian.org> Sat, 03 Mar 2012 17:42:10 +0100 + +systemd (37-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream version + * Change the type of the debian-fixup service to oneshot. + Closes: #642961 + * Add ConditionPathIsDirectory to lib-init-rw.automount and + lib-init-rw.mount so we only activate the unit if the directory + exists. Closes: #633059 + * If a sysv service exists in both rcS and rcN.d runlevels, drop the + rcN.d ones to avoid loops. Closes: #637037 + * Blacklist fuse init script, we do the same work already internally. + Closes: #643700 + * Update README.Debian slightly for /run rather than /lib/init/rw + + [ Josh Triplett ] + * Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to + /etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of + "infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that + overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing + /tmp. Closes: #643698 + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 28 Sep 2011 20:04:13 +0200 + +systemd (36-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream release. Closes: #634618 + - Various man page fixes. Closes: #623521 + * Add debian-fixup service that symlinks mtab to /proc/mounts and + migrates /var/run and /var/lock to symlinks to /run + + [ Michael Biebl ] + * Build for libnotify 0.7. + * Bump Build-Depends on libudev to (>= 172). + * Add Build-Depends on libacl1-dev. Required for building systemd-logind + with ACL support. + * Split libsystemd-login and libsystemd-daemon into separate binary + packages. + * As autoreconf doesn't like intltool, override dh_autoreconf and call + intltoolize and autoreconf ourselves. + * Add Build-Depends on intltool. + * Do a one-time migration of the hwclock configuration. If UTC is set to + "no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting. + * Remove /cgroup cleanup code from postinst. + * Add Build-Depends on gperf. + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 14 Sep 2011 08:25:17 +0200 + +systemd (29-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream version, Closes: #630510 + - Includes typo fixes in documentation. Closes: #623520 + * Fall back to the init script reload function if a native .service file + doesn't know how to reload. Closes: #628186 + * Add hard dependency on udev. Closes: #627921 + + [ Michael Biebl ] + * hwclock-load.service is no longer installed, so we don't need to remove it + anymore in debian/rules. + * Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and + sysctl.d. + * Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files + are installed in /usr/lib/tmpfiles.d now. + * Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking + support in fsck and remove our revert patch. + * Don't choke when systemd was compiled with a different CAP_LAST_CAP then + what it is run with. Patch cherry-picked from upstream Git. + Closes: #628081 + * Enable dev-hugepages.automount and dev-mqueue.automount only when enabled + in kernel. Patch cherry-picked from upstream Git. Closes: #624522 + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 08 Jun 2011 16:14:31 +0200 + +systemd (25-2) experimental; urgency=low + + * Handle downgrades more gracefully by removing diversion of + /lib/lsb/init-functions on downgrades to << 25-1. + * Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream, + avoids assert when dumping properties. Closes: #624094 + * Remove "local" in non-function context in init-functions wrapper. + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 27 Apr 2011 22:20:04 +0200 + +systemd (25-1) experimental; urgency=low + + * New upstream release, target experimental due to initscripts + dependency. + - Fixes where to look for locale config. Closes: #619166 + * Depend on initscripts >= 2.88dsf-13.4 for /run transition. + * Add Conflicts on klogd, since it doesn't work correctly with the + kmg→/dev/log bridge. Closes: #622555 + * Add suggests on Python for systemd-analyze. + * Divert /lib/lsb/init-functions instead of (ab)using + /etc/lsb-base-logging.sh for diverting calls to /etc/init.d/* + * Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093 + * Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master: + mkdir /run/systemd/system when starting up + + -- Tollef Fog Heen <tfheen@debian.org> Sun, 24 Apr 2011 09:02:04 +0200 + +systemd (20-1) unstable; urgency=low + + * New upstream version + * Install systemd-machine-id-setup + * Call systemd-machine-id-setup in postinst + * Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to + prevent dbus assert error. + * Enable TCP wrapper support. Closes: #618409 + * Enable SELinux support. Closes: #618412 + * Make getty start after Apache2 and OpenVPN (which are the only two + known users of X-Interactive: yes). Closes: #618419 + + -- Tollef Fog Heen <tfheen@debian.org> Fri, 11 Mar 2011 19:14:21 +0100 + +systemd (19-1) experimental; urgency=low + + * New upstream release + * Add systemd-tmpfiles to systemd package. + * Add ifup@.service for handling hotplugged interfaces from + udev. Closes: #610871 + * Mask mtab.service and udev-mtab.service as they are pointless when + /etc/mtab is a symlink to /proc/mounts + * Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules + that don't work well with systemd causing delays on bootup. + + -- Tollef Fog Heen <tfheen@debian.org> Thu, 17 Feb 2011 07:36:22 +0100 + +systemd (17-1) experimental; urgency=low + + [ Tollef Fog Heen ] + * New upstream release + * Clarify ifupdown instructions in README.Debian somewhat. + Closes: #613320 + * Silently skip masked services in lsb-base-logging.sh instead of + failing. Initial implementation by Michael Biebl. Closes: #612551 + * Disable systemd-vconsole-setup.service for now. + + [ Michael Biebl ] + * Bump build dependency on valac-0.10 to (>= 0.10.3). + * Improve regex in lsb-base-logging.sh for X-Interactive scripts. + Closes: #613325 + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 16 Feb 2011 21:06:16 +0100 + +systemd (16-1) experimental; urgency=low + + [ Tollef Fog Heen ] + * New upstream release. Closes: #609611 + * Get rid of now obsolete patches that are upstream. + * Use the built-in cryptsetup support in systemd, build-depend on + libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib. + * Don't use systemctl redirect for init scripts with X-Interactive: true + + [ Michael Biebl ] + * Update package description + * Use v8 debhelper syntax + * Make single-user mode work + * Run hwclock-save.service on shutdown + * Remove dependencies on legacy sysv mount scripts, as we use native + mounting. + + -- Tollef Fog Heen <tfheen@debian.org> Sun, 16 Jan 2011 11:04:13 +0100 + +systemd (15-1) UNRELEASED; urgency=low + + [ Tollef Fog Heen ] + * New upstream version, thanks a lot to Michael Biebl for help with + preparing this version. + - This version handles cycle breaking better. Closes: #609225 + * Add libaudit-dev to build-depends + * /usr/share/systemd/session has been renamed to /usr/share/systemd/user + upstream, adjust build system accordingly. + * Remove -s from getty serial console invocation. + * Add dependency on new util-linux to make sure /sbin/agetty exists + * Don't mount /var/lock with gid=lock (Debian has no such group). + * Document problem with ifupdown's /etc/network/run being a normal + directory. + + [ Michael Biebl ] + * Revert upstream change which requires libnotify 0.7 (not yet available in + Debian). + * Use dh-autoreconf for updating the build system. + * Revert upstream commit which uses fsck -l (needs a newer version of + util-linux). + * Explicitly disable cryptsetup support to not accidentally pick up a + libcryptsetup dependency in a tainted build environment, as the library + is currently installed in /usr/lib. + * Remove autogenerated man pages and vala C sources, so they are rebuilt. + * Use native systemd mount support: + - Use MountAuto=yes and SwapAuto=yes (default) in system.conf + - Mask SysV init mount, check and cleanup scripts. + - Create an alias (symlink) for checkroot (→ remount-rootfs.service) as + synchronization point for SysV init scripts. + * Mask x11-common, rmnologin, hostname, bootmisc and bootlogd. + * Create an alias for procps (→ systemd-sysctl.service) and + urandom (→ systemd-random-seed-load.service). + * Create an alias for module-init-tools (→ systemd-modules-load.service) and + a symlink from /etc/modules-load.d/modules.conf → /etc/modules. + * Install lsb-base hook which redirects calls to SysV init scripts to + systemctl: /etc/init.d/<foo> <action> → systemctl <action> <foo.service> + * Install a (auto)mount unit to mount /lib/init/rw early during boot. + + -- Tollef Fog Heen <tfheen@debian.org> Sat, 20 Nov 2010 09:28:01 +0100 + +systemd (11-2) UNRELEASED; urgency=low + + * Tighten depends from systemd-* on systemd to ensure they're upgraded + in lockstep. Thanks to Michael Biebl for the patch. + * Add missing #DEBHELPER# token to libpam-systemd + * Stop messing with runlevel5/multi-user.target symlink, this is handled + correctly upstream. + * Stop shipping /cgroup in the package. + * Remove tmpwatch services, Debian doesn't have or use tmpwatch. + * Make sure to enable GTK bits. + * Ship password agent + * Clean up cgroups properly on upgrades, thanks to Michael Biebl for the + patch. Closes: #599577 + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 02 Nov 2010 21:47:10 +0100 + +systemd (11-1) experimental; urgency=low + + * New upstream version. Closes: #597284 + * Add pam-auth-update calls to libpam-systemd's postinst and prerm + * Make systemd-sysv depend on systemd + * Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966 + * Add libnotify-dev to build-depends (needed for systemadm) + + -- Tollef Fog Heen <tfheen@debian.org> Thu, 07 Oct 2010 22:01:19 +0200 + +systemd (8-2) experimental; urgency=low + + * Hardcode udev rules dir in configure call. + * Remove README.source as it's no longer accurate. + + -- Tollef Fog Heen <tfheen@debian.org> Mon, 30 Aug 2010 21:10:26 +0200 + +systemd (8-1) experimental; urgency=low + + * New upstream release + * Only ship the top /cgroup + * Pass --with-rootdir= to configure, to make it think / is / rather + than // + * Add PAM module package + * Fix up dependencies in local-fs.target. Closes: #594420 + * Move systemadm to its own package. Closes: #588451 + * Update standards-version (no changes needed) + * Update README.Debian to explain how to use systemd. + * Add systemd-sysv package that provides /sbin/init and friends. + + -- Tollef Fog Heen <tfheen@debian.org> Sat, 07 Aug 2010 07:31:38 +0200 + +systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low + + * Initial release, upload to experimental. Closes: #580814 + + -- Tollef Fog Heen <tfheen@debian.org> Fri, 30 Apr 2010 21:02:25 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..febab41 --- /dev/null +++ b/debian/control @@ -0,0 +1,398 @@ +Source: systemd +Section: admin +Priority: optional +Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org> +Uploaders: Michael Biebl <biebl@debian.org>, + Marco d'Itri <md@linux.it>, + Sjoerd Simons <sjoerd@debian.org>, + Martin Pitt <mpitt@debian.org>, + Felipe Sateler <fsateler@debian.org> +Standards-Version: 4.3.0 +Rules-Requires-Root: no +Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git +Vcs-Browser: https://salsa.debian.org/systemd-team/systemd +Homepage: https://www.freedesktop.org/wiki/Software/systemd +Build-Depends: debhelper (>= 10.4~), + pkg-config, + xsltproc, + docbook-xsl, + docbook-xml, + m4, + meson (>= 0.49), + gettext, + gperf, + gnu-efi [amd64 i386 arm64], + libcap-dev (>= 1:2.24-9~), + libpam0g-dev, + libapparmor-dev (>= 2.9.0-3+exp2) <!stage1>, + libidn11-dev <!stage1>, + libiptc-dev <!stage1>, + libaudit-dev <!stage1>, + libdbus-1-dev (>= 1.3.2) <!nocheck>, + libcryptsetup-dev (>= 2:1.6.0) <!stage1>, + libselinux1-dev (>= 2.1.9), + libacl1-dev, + liblzma-dev, + liblz4-dev (>= 0.0~r125), + liblz4-tool <!nocheck>, + libbz2-dev <!stage1>, + zlib1g-dev <!stage1> | libz-dev <!stage1>, + libcurl4-gnutls-dev <!stage1> | libcurl-dev <!stage1>, + libmicrohttpd-dev <!stage1>, + libgnutls28-dev <!stage1>, + libgcrypt20-dev, + libkmod-dev (>= 15), + libblkid-dev (>= 2.24), + libmount-dev (>= 2.30), + libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el s390x], + libdw-dev (>= 0.158) <!stage1>, + libpolkit-gobject-1-dev <!stage1>, + linux-base <!nocheck>, + acl <!nocheck>, + python3:native, + python3-lxml:native, + python3-pyparsing <!nocheck>, + python3-evdev <!nocheck>, + tzdata <!nocheck>, + libcap2-bin <!nocheck>, + iproute2 <!nocheck>, + +Package: systemd +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: important +Recommends: libpam-systemd, + dbus +Suggests: systemd-container, + policykit-1 +Pre-Depends: ${shlibs:Pre-Depends}, + ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libsystemd0 (= ${binary:Version}), + util-linux (>= 2.27.1), + mount (>= 2.26), + adduser, +Conflicts: consolekit, + libpam-ck-connector, +Breaks: apparmor (<< 2.9.2-1), + systemd-shim (<< 10-4~), + ifupdown (<< 0.8.5~), + udev (<< 228-5), + laptop-mode-tools (<< 1.68~), + python-dbusmock (<< 0.18), + python3-dbusmock (<< 0.18), +Replaces: udev (<< 228-5), +Description: system and service manager + systemd is a system and service manager for Linux. It provides aggressive + parallelization capabilities, uses socket and D-Bus activation for starting + services, offers on-demand starting of daemons, keeps track of processes using + Linux control groups, maintains mount and automount points and implements an + elaborate transactional dependency-based service control logic. + . + systemd is compatible with SysV and LSB init scripts and can work as a + drop-in replacement for sysvinit. + . + Installing the systemd package will not switch your init system unless you + boot with init=/bin/systemd or install systemd-sysv in addition. + +Package: systemd-sysv +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: important +Conflicts: sysvinit-core, + upstart (<< 1.13.2-0ubuntu10~), + upstart-sysv, + openrc (<< 0.20.4-2.1), + file-rc, + systemd-shim, +Replaces: sysvinit-core, + upstart (<< 1.13.2-0ubuntu10~), + upstart-sysv, +Pre-Depends: systemd +Depends: ${shlibs:Depends}, + ${misc:Depends} +Recommends: libnss-systemd +Description: system and service manager - SysV links + systemd is a system and service manager for Linux. It provides aggressive + parallelization capabilities, uses socket and D-Bus activation for starting + services, offers on-demand starting of daemons, keeps track of processes using + Linux control groups, maintains mount and automount points and implements an + elaborate transactional dependency-based service control logic. + . + systemd is compatible with SysV and LSB init scripts and can work as a + drop-in replacement for sysvinit. + . + This package provides the manual pages and links needed for systemd + to replace sysvinit. Installing systemd-sysv will overwrite /sbin/init with a + link to systemd. + +Package: systemd-container +Build-Profiles: <!stage1> +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd, + dbus +Recommends: btrfs-progs, + libnss-mymachines, +Breaks: systemd (<< 224-2) +Replaces: systemd (<< 224-2) +Description: systemd container/nspawn tools + This package provides systemd's tools for nspawn and container/VM management: + * systemd-nspawn + * systemd-machined and machinectl + * systemd-importd + +Package: systemd-journal-remote +Build-Profiles: <!stage1> +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd, + adduser +Breaks: systemd (<< 239-6) +Replaces: systemd (<< 239-6) +Description: tools for sending and receiving remote journal logs + This package provides tools for sending and receiving remote journal logs: + * systemd-journal-remote + * systemd-journal-upload + * systemd-journal-gatewayd + +Package: systemd-coredump +Build-Profiles: <!stage1> +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + adduser, + systemd +Conflicts: core-dump-handler +Replaces: core-dump-handler, systemd (<< 229-2) +Provides: core-dump-handler +Breaks: systemd (<< 229-2) +Description: tools for storing and retrieving coredumps + This package provides systemd tools for storing and retrieving coredumps: + * systemd-coredump + * coredumpctl + +Package: systemd-tests +Architecture: linux-any +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), + python3, +Description: tests for systemd + This package contains the test binaries. Those binaries are primarily used + for autopkgtest and not meant to be installed on regular user systems. + +Package: libpam-systemd +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: standard +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), + libpam-runtime (>= 1.0.1-6), + dbus, + systemd-sysv +Provides: logind (= ${binary:Version}), default-logind (= ${binary:Version}) +Description: system and service manager - PAM module + This package contains the PAM module which registers user sessions in + the systemd control group hierarchy for logind. + . + If in doubt, do install this package. + . + Packages that depend on logind functionality need to depend on libpam-systemd. + +Package: libnss-myhostname +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, +Breaks: systemd (<< 222-1) +Replaces: systemd (<< 222-1) +Description: nss module providing fallback resolution for the current hostname + This package contains a plugin for the Name Service Switch, providing host + name resolution for the locally configured system hostname as returned by + gethostname(2). It returns all locally configured public IP addresses or -- if + none are configured, the IPv4 address 127.0.1.1 (which is on the local + loopback) and the IPv6 address ::1 (which is the local host). + . + A lot of software relies on that the local host name is resolvable. This + package provides an alternative to the fragile and error-prone manual editing + of /etc/hosts. + . + Installing this package automatically adds myhostname to /etc/nsswitch.conf. + +Package: libnss-mymachines +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd-container (= ${binary:Version}), +Breaks: systemd (<< 222-1) +Replaces: systemd (<< 222-1) +Description: nss module to resolve hostnames for local container instances + nss-mymachines is a plugin for the GNU Name Service Switch (NSS) functionality + of the GNU C Library (glibc) providing hostname resolution for local containers + that are registered with systemd-machined.service(8). The container names are + resolved to IP addresses of the specific container, ordered by their scope. + . + Installing this package automatically adds mymachines to /etc/nsswitch.conf. + +Package: libnss-resolve +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), +Breaks: systemd (<< 227-3) +Replaces: systemd (<< 227-3) +Description: nss module to resolve names via systemd-resolved + nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality + of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via + the systemd-resolved daemon (provided in the systemd package). + . + Installing this package automatically adds resolve to /etc/nsswitch.conf. + +Package: libnss-systemd +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), +Description: nss module providing dynamic user and group name resolution + nss-systemd is a plug-in module for the GNU Name Service Switch (NSS) + functionality of the GNU C Library (glibc), providing UNIX user and group name + resolution for dynamic users and groups allocated through the DynamicUser= + option in systemd unit files. See systemd.exec(5) for details on this + option. + . + Installing this package automatically adds the module to /etc/nsswitch.conf. + +Package: libsystemd0 +Architecture: linux-any +Multi-Arch: same +Section: libs +Priority: optional +Pre-Depends: ${shlibs:Depends}, + ${misc:Pre-Depends} +Depends: ${misc:Depends} +Description: systemd utility library + The libsystemd0 library provides interfaces to various systemd components. + +Package: libsystemd-dev +Architecture: linux-any +Multi-Arch: same +Section: libdevel +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libsystemd0 (= ${binary:Version}) +Description: systemd utility library - development files + The libsystemd0 library provides interfaces to various systemd components. + . + This package contains the development files. + +Package: udev +Section: admin +Priority: important +Architecture: linux-any +Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + adduser, + dpkg (>= 1.19.3) | systemd-sysv, + libudev1 (= ${binary:Version}), + lsb-base (>= 3.0-6), + util-linux (>= 2.27.1), + s390-tools (>> 1.6.2) [s390], +Conflicts: hal +Breaks: systemd (<< 233-4), + ifupdown (<< 0.8.5~), + ifplugd (<< 0.28-19.1~), + joystick (<< 1:1.4.9-1~), +Replaces: systemd (<< 233-4) +Description: /dev/ and hotplug management daemon + udev is a daemon which dynamically creates and removes device nodes from + /dev/, handles hotplug events and loads drivers at boot time. + +Package: libudev1 +Section: libs +Priority: optional +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: libudev shared library + This library provides access to udev device information. + +Package: libudev-dev +Section: libdevel +Priority: optional +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libudev1 (= ${binary:Version}) +Description: libudev development files + This package contains the files needed for developing applications that + use libudev. + +Package: udev-udeb +Build-Profiles: <!noudeb> +Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: linux-any +Depends: ${shlibs:Depends}, + ${misc:Depends}, + util-linux-udeb +Description: /dev/ and hotplug management daemon + udev is a daemon which dynamically creates and removes device nodes from + /dev/, handles hotplug events and loads drivers at boot time. + . + This is a minimal version, only for use in the installation system. + +Package: libudev1-udeb +Build-Profiles: <!noudeb> +Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: linux-any +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: libudev shared library + This library provides access to udev device information. + . + This is a minimal version, only for use in the installation system. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..1f66c20 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,195 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: systemd +Upstream-Contact: systemd-devel@lists.freedesktop.org +Source: https://www.freedesktop.org/wiki/Software/systemd/ + +Files: * +Copyright: 2008-2015 Kay Sievers <kay@vrfy.org> + 2010-2015 Lennart Poettering + 2012-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> + 2013-2015 Tom Gundersen <teg@jklm.no> + 2013-2015 Daniel Mack + 2010-2015 Harald Hoyer + 2013-2015 David Herrmann + 2013, 2014 Thomas H.P. Andersen + 2013, 2014 Daniel Buch + 2014 Susant Sahani + 2009-2015 Intel Corporation + 2000, 2005 Red Hat, Inc. + 2009 Alan Jenkins <alan-jenkins@tuffmail.co.uk> + 2010 ProFUSION embedded systems + 2010 Maarten Lankhorst + 1995-2004 Miquel van Smoorenburg + 1999 Tom Tromey + 2011 Michal Schmidt + 2012 B. Poettering + 2012 Holger Hans Peter Freyther + 2012 Dan Walsh + 2012 Roberto Sassu + 2013 David Strauss + 2013 Marius Vollmer + 2013 Jan Janssen + 2013 Simon Peeters +License: LGPL-2.1+ + +Files: src/basic/siphash24.h + src/basic/siphash24.c +Copyright: 2012 Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> + 2012 Daniel J. Bernstein <djb@cr.yp.to> +License: CC0-1.0 + +Files: src/basic/securebits.h +Copyright: Linus Torvalds <torvalds@athlon.transmeta.com> +License: GPL-2 + +Files: src/basic/ioprio.h +Copyright: Jens Axboe <axboe@suse.de> +License: GPL-2 + +Files: src/shared/linux/auto_dev-ioctl.h +Copyright: 2008 Red Hat, Inc. + 2008 Ian Kent <raven@themaw.net> +License: GPL-2+ + +Files: src/basic/sparse-endian.h +Copyright: 2012 Josh Triplett <josh@joshtriplett.org> +License: Expat + +Files: src/journal/lookup3.c + src/journal/lookup3.h +Copyright: none +License: public-domain + You can use this free for any purpose. It's in the public domain. It has no + warranty. + +Files: src/udev/* +Copyright: 2003-2012 Kay Sievers <kay@vrfy.org> + 2003-2004 Greg Kroah-Hartman <greg@kroah.com> + 2004 Chris Friesen <chris_friesen@sympatico.ca> + 2004, 2009, 2010 David Zeuthen <david@fubar.dk> + 2005, 2006 SUSE Linux Products GmbH + 2003 IBM Corp. + 2007 Hannes Reinecke <hare@suse.de> + 2009 Canonical Ltd. + 2009 Scott James Remnant <scott@netsplit.com> + 2009 Martin Pitt <martin.pitt@ubuntu.com> + 2009 Piter Punk <piterpunk@slackware.com> + 2009, 2010 Lennart Poettering + 2009 Filippo Argiolas <filippo.argiolas@gmail.com> + 2010 Maxim Levitsky + 2011 ProFUSION embedded systems + 2011 Karel Zak <kzak@redhat.com> + 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> + 2014 David Herrmann <dh.herrmann@gmail.com> + 2014 Carlos Garnacho <carlosg@gnome.org> +License: GPL-2+ + +Files: src/udev/udev-ctrl.c + src/udev/udevadm-hwdb.c + src/udev/udev-builtin.c + src/udev/udev-builtin-net_id.c + src/udev/udev-builtin-net_setup_link.c + src/udev/udev-builtin-hwdb.c + src/udev/udev-builtin-btrfs.c + src/udev/udev-builtin-keyboard.c + src/udev/net/link-config.h + src/udev/net/link-config.c + src/udev/net/ethtool-util.c + src/udev/net/ethtool-util.h +Copyright: 2007-2013 Kay Sievers <kay@vrfy.org> + 2013 Tom Gundersen <teg@jklm.no> +License: LGPL-2.1+ + +Files: src/udev/scsi_id/scsi.h +Copyright: 2003 IBM Corp. +License: GPL-2 + +Files: debian/* +Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org> + 2013-2018 Michael Biebl <biebl@debian.org> + 2013 Michael Stapelberg <stapelberg@debian.org> +License: LGPL-2.1+ + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to + deal in the Software without restriction, including without limitation the + rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + IN THE SOFTWARE. + +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian and systems the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2` + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in ‘/usr/share/common-licenses/GPL-2’. + +License: LGPL-2.1+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1, or (at your option) + any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in ‘/usr/share/common-licenses/LGPL-2.1’. + +License: CC0-1.0 + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + . + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. + . + On Debian systems, the complete text of the CC0 1.0 Universal license can be + found in ‘/usr/share/common-licenses/CC0-1.0’. diff --git a/debian/extra/checkout-upstream b/debian/extra/checkout-upstream new file mode 100755 index 0000000..561082e --- /dev/null +++ b/debian/extra/checkout-upstream @@ -0,0 +1,61 @@ +#!/bin/sh +# Prepare systemd source package in current directory for testing an upstream +# commit, branch, or PR, without Debian patches. This replaces everything +# except the debian/ directory with an upstream checkout. +# NEVER run this in your actual packaging work directory! This is only meant +# for upstream CI. +# +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +set -eu +test -x debian/rules +if [ -z "${TEST_UPSTREAM:-}" ]; then + echo "Not in upstream testing mode. Do *not* run this script unless you know what you are doing." >&2 + exit 1 +fi +if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then + FETCH="git fetch -fu origin refs/pull/$UPSTREAM_PULL_REQUEST/head:pr" + CO='git checkout pr' + DESC="PR #$UPSTREAM_PULL_REQUEST" +elif [ -n "${UPSTREAM_HEAD:-}" ]; then + FETCH='' + CO="git checkout $UPSTREAM_HEAD" + DESC="$UPSTREAM_HEAD" +else + echo "WARNING: $0: Neither UPSTREAM_PULL_REQUEST nor UPSTREAM_HEAD set, ignoring" >&2 + exit 0 +fi + +mkdir -p debian/tmp +(cd debian/tmp + git clone https://github.com/systemd/systemd.git upstream || (rm -rf upstream; sleep 60; git clone https://github.com/systemd/systemd.git upstream) + cd upstream + $FETCH + $CO + git config user.email "invalid@example.com" + git config user.name "Merge dummy user" + git rebase master) +UPSTREAM_VER=$(cd debian/tmp/upstream; git describe | sed 's/^v//') + +# clean out original upstream sources and patches +find -mindepth 1 -maxdepth 1 -name debian -prune -o -print0 | xargs -0n1 rm -rf +rm -rf debian/patches + +# replace with checkout +mv debian/tmp/upstream/* . +rm -rf debian/tmp + +# craft changelog +cat << EOF > debian/changelog.new +systemd (${UPSTREAM_VER}-0) UNRELEASED; urgency=low + + * Automatic build from upstream $DESC + + -- systemd test <pkg-systemd-maintainers@lists.alioth.debian.org> $(date -R) + +EOF +cat debian/changelog >> debian/changelog.new +mv debian/changelog.new debian/changelog + +# disable tests which are not for upstream +sed -i '/# NOUPSTREAM/ q' debian/tests/control diff --git a/debian/extra/dhclient-exit-hooks.d/timesyncd b/debian/extra/dhclient-exit-hooks.d/timesyncd new file mode 100644 index 0000000..3cde992 --- /dev/null +++ b/debian/extra/dhclient-exit-hooks.d/timesyncd @@ -0,0 +1,42 @@ +TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf + +timesyncd_servers_setup_remove() { + if [ -e $TIMESYNCD_CONF ]; then + rm -f $TIMESYNCD_CONF + systemctl try-restart systemd-timesyncd.service || true + fi +} + +timesyncd_servers_setup_add() { + if [ ! -d /run/systemd/system ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then + return + fi + + if [ -z "$new_ntp_servers" ]; then + timesyncd_servers_setup_remove + return + fi + + mkdir -p $(dirname $TIMESYNCD_CONF) + cat <<EOF > ${TIMESYNCD_CONF}.new +# NTP server entries received from DHCP server +[Time] +NTP=$new_ntp_servers +EOF + mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF} + systemctl try-restart systemd-timesyncd.service || true +} + + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + timesyncd_servers_setup_add + ;; + EXPIRE|FAIL|RELEASE|STOP) + timesyncd_servers_setup_remove + ;; +esac diff --git a/debian/extra/fbdev-blacklist.conf b/debian/extra/fbdev-blacklist.conf new file mode 100644 index 0000000..00a9170 --- /dev/null +++ b/debian/extra/fbdev-blacklist.conf @@ -0,0 +1,20 @@ +# This file blacklists most old-style PCI framebuffer drivers. + +blacklist arkfb +blacklist aty128fb +blacklist atyfb +blacklist radeonfb +blacklist cirrusfb +blacklist cyber2000fb +blacklist kyrofb +blacklist matroxfb_base +blacklist mb862xxfb +blacklist neofb +blacklist pm2fb +blacklist pm3fb +blacklist s3fb +blacklist savagefb +blacklist sisfb +blacklist tdfxfb +blacklist tridentfb +blacklist vt8623fb diff --git a/debian/extra/init-functions.d/40-systemd b/debian/extra/init-functions.d/40-systemd new file mode 100644 index 0000000..e944acb --- /dev/null +++ b/debian/extra/init-functions.d/40-systemd @@ -0,0 +1,101 @@ +# -*-Shell-script-*- +# /lib/lsb/init-functions + +_use_systemctl=0 +if [ -d /run/systemd/system ]; then + + if [ -n "${__init_d_script_name:-}" ]; then # scripts run with new init-d-script + executable="$__init_d_script_name" + argument="$1" + elif [ "${0##*/}" = "init-d-script" ] || + [ "${0##*/}" = "${1:-}" ]; then # scripts run with old init-d-script + executable="$1" + argument="$2" + else # plain old scripts + executable="$0" + argument="${1:-}" + fi + + prog=${executable##*/} + service="${prog%.sh}.service" + + # Don't try to run masked services. systemctl <= 230 always succeeds here, + # but later systemctls fail on nonexisting units; be compatible with both + state=$(systemctl -p LoadState --value show $service 2>/dev/null) || state="not-found" + [ "$state" = "masked" ] && exit 0 + + # Redirect SysV init scripts when executed by the user + if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then + case $(readlink -f "$executable") in + /etc/init.d/*) + # If the state is not-found, this might be a newly installed SysV init + # script where systemd-sysv-generator has not been run yet. + [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload + + _use_systemctl=1 + # Some services can't reload through the .service file, + # but can through the init script. + if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then + _use_systemctl=0 + fi + ;; + esac + fi +fi + +systemctl_redirect () { + local s + local rc + local prog=${1##*/} + local command=$2 + + case "$command" in + start) + s="Starting $prog (via systemctl)" + ;; + stop) + s="Stopping $prog (via systemctl)" + ;; + reload|force-reload) + s="Reloading $prog configuration (via systemctl)" + ;; + try-restart) + s="Restarting $prog if running (via systemctl)" + ;; + restart) + s="Restarting $prog (via systemctl)" + ;; + esac + + service="${prog%.sh}.service" + + # avoid deadlocks during bootup and shutdown from units/hooks + # which call "invoke-rc.d service reload" and similar, since + # the synchronous wait plus systemd's normal behaviour of + # transactionally processing all dependencies first easily + # causes dependency loops + if ! OUT=$(systemctl is-system-running 2>/dev/null) && [ "$OUT" != "degraded" ]; then + sctl_args="--job-mode=ignore-dependencies" + fi + + [ "$command" = status ] || log_daemon_msg "$s" "$service" + /bin/systemctl --no-pager $sctl_args $command "$service" + rc=$? + [ "$command" = status ] || log_end_msg $rc + + return $rc +} + +if [ "$_use_systemctl" = "1" ]; then + # Some init scripts use "set -e" and "set -u", we don't want that + # here + set +e + set +u + + case "$argument" in + start|stop|restart|reload|force-reload|try-restart|status) + systemctl_redirect $executable $argument + exit $? + ;; + esac +fi diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev new file mode 100755 index 0000000..bbbd351 --- /dev/null +++ b/debian/extra/initramfs-tools/hooks/udev @@ -0,0 +1,55 @@ +#!/bin/sh -e + +PREREQS="" + +prereqs() { echo "$PREREQS"; } + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. /usr/share/initramfs-tools/hook-functions + +mkdir -p "$DESTDIR/lib/systemd" +copy_exec /lib/systemd/systemd-udevd /lib/systemd +copy_exec /bin/udevadm /bin + +mkdir -p "$DESTDIR/etc/udev" +cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/" + +# copy .link files containing interface naming definitions +mkdir -p "$DESTDIR/lib/systemd/network/" +find /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + +if [ -d /etc/systemd/network ]; then + find /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + +fi + +mkdir -p "$DESTDIR/lib/udev/rules.d/" +for rules in 50-firmware.rules 50-udev-default.rules \ + 60-block.rules 60-persistent-storage.rules \ + 61-persistent-storage-android.rules 71-seat.rules 73-special-net-names.rules \ + 73-usb-net-by-mac.rules 75-net-description.rules \ + 80-net-setup-link.rules 80-drivers.rules; do + if [ -e /etc/udev/rules.d/$rules ]; then + cp -p /etc/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/" + elif [ -e /lib/udev/rules.d/$rules ]; then + cp -p /lib/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/" + fi +done + +# now copy all custom udev rules which don't have an equivalent in /lib (e. g. +# 70-persistent-net.rules or similar); They might contain network names or +# other bits which are relevant for the initramfs. +for rules in /etc/udev/rules.d/*.rules; do + if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then + cp -p "$rules" "$DESTDIR/lib/udev/rules.d/" + fi +done + +for program in ata_id scsi_id; do + copy_exec /lib/udev/$program /lib/udev +done +copy_exec /sbin/blkid /sbin diff --git a/debian/extra/initramfs-tools/scripts/init-bottom/udev b/debian/extra/initramfs-tools/scripts/init-bottom/udev new file mode 100755 index 0000000..a69d492 --- /dev/null +++ b/debian/extra/initramfs-tools/scripts/init-bottom/udev @@ -0,0 +1,29 @@ +#!/bin/sh -e + +PREREQS="" + +prereqs() { echo "$PREREQS"; } + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +# Stop udevd, we'll miss a few events while we run init, but we catch up +udevadm control --exit + +# move the /dev tmpfs to the rootfs; fall back to util-linux mount that does +# not understand -o move +mount -n -o move /dev "${rootmnt:?}/dev" || mount -n --move /dev "${rootmnt}/dev" + +# create a temporary symlink to the final /dev for other initramfs scripts +if command -v nuke >/dev/null; then + nuke /dev +else + # shellcheck disable=SC2114 + rm -rf /dev +fi +ln -s "${rootmnt}/dev" /dev + diff --git a/debian/extra/initramfs-tools/scripts/init-top/udev b/debian/extra/initramfs-tools/scripts/init-top/udev new file mode 100755 index 0000000..9bdfe86 --- /dev/null +++ b/debian/extra/initramfs-tools/scripts/init-top/udev @@ -0,0 +1,31 @@ +#!/bin/sh -e + +PREREQS="" + +prereqs() { echo "$PREREQS"; } + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper +fi + +if [ "${quiet:-n}" = "y" ]; then + log_level=notice +else + log_level=info +fi + +SYSTEMD_LOG_LEVEL=$log_level /lib/systemd/systemd-udevd --daemon --resolve-names=never + +udevadm trigger --type=subsystems --action=add +udevadm trigger --type=devices --action=add +udevadm settle || true + +# Leave udev running to process events that come in out-of-band (like USB +# connections) diff --git a/debian/extra/kernel-install.d/85-initrd.install b/debian/extra/kernel-install.d/85-initrd.install new file mode 100755 index 0000000..ee6974d --- /dev/null +++ b/debian/extra/kernel-install.d/85-initrd.install @@ -0,0 +1,29 @@ +#!/bin/sh +set -eu +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" + +INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION" +INITRD_DEST="$BOOT_DIR_ABS/initrd" + +if [ "$COMMAND" = remove ]; then + rm -f "$INITRD_DEST" + exit 0 +fi + +if [ "$COMMAND" != add ]; then + echo "Invalid command $COMMAND" >&2 + exit 1 +fi + +if [ -e "$INITRD_SRC" ];then + cp "$INITRD_SRC" "$INITRD_DEST" +else + echo "$INITRD_SRC does not exist, not installing an initrd" +fi + +exit 0 diff --git a/debian/extra/make-fbdev-blacklist b/debian/extra/make-fbdev-blacklist new file mode 100644 index 0000000..826e2d5 --- /dev/null +++ b/debian/extra/make-fbdev-blacklist @@ -0,0 +1,48 @@ +#!/bin/sh +# This script should be run before building the package every time a new +# kernel is released. +# +# You should pass the name of the modules directory for a 486 flavour +# kernel, as that has the most framebuffer modules. +# +# Also, obsolete modules should not be removed from the list until after +# at least one stable release. + +set -e + +if [ $# = 0 ]; then + MODULES_DIR=/lib/modules/$(uname -r) +else + MODULES_DIR="$1" +fi + +BL='fbdev-blacklist.conf' + +if [ -e extra/$BL ]; then cd extra; fi + +{ +printf "# This file blacklists most old-style PCI framebuffer drivers.\n\n" + +find "$MODULES_DIR"/kernel/drivers/video -type f | sort | \ +while read file; do + name="$(basename $file .ko)" + case $name in + lxfb) + # This is needed for text consoles on OLPC XO-1, and it used to be + # built-in anyway. + ;; + viafb) ;; # Needed by OLPC XO-1.5 + *) + /sbin/modinfo $file | grep -q '^alias: *pci:' \ + && echo blacklist $name || true + ;; + esac +done +} > $BL.tmp + +if diff --unified=0 $BL $BL.tmp; then + rm $BL.tmp +else + printf "\n\n\n$BL.tmp has changes!\n\n\n\n" +fi + diff --git a/debian/extra/make-sysusers-basic b/debian/extra/make-sysusers-basic new file mode 100755 index 0000000..8ff1b15 --- /dev/null +++ b/debian/extra/make-sysusers-basic @@ -0,0 +1,18 @@ +#!/bin/sh +# generate a sysusers.d(5) file from Debian's static master passwd/group files +set -eu + +echo '# generated from /usr/share/base-passwd/{passwd,group}.master' + +# only take groups whose name+gid != the corresponding user in passwd.master +export IFS=: +while read name _ id _; do + if ! grep -q "^$name:\*:$id:$id:" /usr/share/base-passwd/passwd.master; then + printf "g %-10s %-5s -\n" $name $id + fi +done < /usr/share/base-passwd/group.master + +echo + +# treat "nobody:nogroup" specially: same ID, but different name, so prevent creating a "nobody" group +awk -F: '{ i = ($3 == $4 && $4 != 65534) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master diff --git a/debian/extra/pam-configs/systemd b/debian/extra/pam-configs/systemd new file mode 100644 index 0000000..5b56996 --- /dev/null +++ b/debian/extra/pam-configs/systemd @@ -0,0 +1,7 @@ +Name: Register user sessions in the systemd control group hierarchy +Default: yes +Priority: 0 +Session-Interactive-Only: yes +Session-Type: Additional +Session: + optional pam_systemd.so diff --git a/debian/extra/pam.d/systemd-user b/debian/extra/pam.d/systemd-user new file mode 100644 index 0000000..45b2e5e --- /dev/null +++ b/debian/extra/pam.d/systemd-user @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +@include common-account + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session required pam_limits.so +@include common-session-noninteractive +session optional pam_systemd.so diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules new file mode 100644 index 0000000..62a5a62 --- /dev/null +++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules @@ -0,0 +1,14 @@ +# On Hyper-V and Xen Virtual Machines we want to add memory and cpus as soon as they appear +ATTR{[dmi/id]sys_vendor}=="Microsoft Corporation", ATTR{[dmi/id]product_name}=="Virtual Machine", GOTO="vm_hotadd_apply" +ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply" +GOTO="vm_hotadd_end" + +LABEL="vm_hotadd_apply" + +# Memory hotadd request +SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}="online" + +# CPU hotadd request +SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}="1" + +LABEL="vm_hotadd_end" diff --git a/debian/extra/rules-ubuntu/61-persistent-storage-android.rules b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules new file mode 100644 index 0000000..6f4ac42 --- /dev/null +++ b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules @@ -0,0 +1,7 @@ +# Android based kernel exports the uevent property PARTNAME, which can be +# used to find out at run time the named partitions (e.g. boot) for the +# device. This is specially useful for the Touch based images and flash-kernel, +# to automatically update the kernel by writing at the correct partition +# (independently of the hardware revision). +ACTION!="remove", KERNEL=="mmcblk[0-9]p[0-9]", ENV{PARTNAME}=="?*", SYMLINK+="disk/by-partlabel/$env{PARTNAME}" + diff --git a/debian/extra/rules-ubuntu/71-power-switch-proliant.rules b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules new file mode 100644 index 0000000..022baeb --- /dev/null +++ b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules @@ -0,0 +1,2 @@ +ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.6|soc:gpio_keys", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m400 Server Cartridge", TAG+="power-switch" +ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.12", ATTRS{keys}=="116", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m800 Server Cartridge", TAG+="power-switch" diff --git a/debian/extra/rules-ubuntu/78-graphics-card.rules b/debian/extra/rules-ubuntu/78-graphics-card.rules new file mode 100644 index 0000000..b3b906c --- /dev/null +++ b/debian/extra/rules-ubuntu/78-graphics-card.rules @@ -0,0 +1,30 @@ +# do not edit this file, it will be overwritten on update + +ACTION!="add", GOTO="graphics_end" + +# Tag the drm device for KMS-supporting drivers as the primary device for +# the display; for non-KMS drivers tag the framebuffer device instead. + +SUBSYSTEM!="drm", GOTO="drm_end" +KERNEL!="card[0-9]*", GOTO="drm_end" +ENV{DEVTYPE}!="drm_minor", GOTO="drm_end" + +DRIVERS=="i915", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" +DRIVERS=="radeon", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" +DRIVERS=="nouveau", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" +DRIVERS=="vmwgfx", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" + +LABEL="drm_end" + +SUBSYSTEM!="graphics", GOTO="graphics_end" + +DRIVERS=="i915", GOTO="graphics_end" +DRIVERS=="radeon", GOTO="graphics_end" +DRIVERS=="nouveau", GOTO="graphics_end" +DRIVERS=="efifb", GOTO="graphics_end" +DRIVERS=="efi-framebuffer", GOTO="graphics_end" +DRIVERS=="vesa-framebuffer", GOTO="graphics_end" + +KERNEL=="fb[0-9]*", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" + +LABEL="graphics_end" diff --git a/debian/extra/rules/50-firmware.rules b/debian/extra/rules/50-firmware.rules new file mode 100644 index 0000000..f7a08ce --- /dev/null +++ b/debian/extra/rules/50-firmware.rules @@ -0,0 +1,3 @@ +# stub for immediately telling the kernel that userspace firmware loading +# failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y +SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1" diff --git a/debian/extra/rules/73-special-net-names.rules b/debian/extra/rules/73-special-net-names.rules new file mode 100644 index 0000000..5e470a3 --- /dev/null +++ b/debian/extra/rules/73-special-net-names.rules @@ -0,0 +1,14 @@ +# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC +# which terminates in the iDRAC. Help identify this with 'idrac' +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" + +# On IBM systems the Integrated Management Module is reachable using a +# # USB Virtual NIC. +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", \ + ATTRS{idVendor}=="04b3", ATTRS{idProduct}=="0325", NAME="ibmimm" + +# ibmveth devices' $DEVPATH number is tied to (virtual) hardware (slot id +# selected in the HMC), thus this provides a reliable naming (e. g. +# "/devices/vio/30000002/net/eth1"); we ignore the bus number, as +# there should only ever be one bus, and then remove leading zeros +ACTION=="add", SUBSYSTEM=="net", NAME=="", DRIVERS=="ibmveth", PROGRAM="/bin/sh -ec 'D=${DEVPATH#*/vio/}; D=${D%%%%/*}; D=${D#????}; D=${D#0}; D=${D#0}; D=${D#0}; D=${D#0}; echo ${D:-0}'", NAME="ibmveth$result" diff --git a/debian/extra/rules/73-usb-net-by-mac.rules b/debian/extra/rules/73-usb-net-by-mac.rules new file mode 100644 index 0000000..20c3e84 --- /dev/null +++ b/debian/extra/rules/73-usb-net-by-mac.rules @@ -0,0 +1,20 @@ +# Use MAC based names for network interfaces which are directly or indirectly +# on USB and have an universally administered (stable) MAC address (second bit +# is 0). Don't do this when ifnames is disabled via kernel command line or +# customizing/disabling 99-default.link (or previously 80-net-setup-link.rules) +# or if the interface name was provided by user-space. + +ACTION=="remove", GOTO="usb_net_by_mac_end" +SUBSYSTEM!="net", GOTO="usb_net_by_mac_end" +ATTR{name_assign_type}=="3", GOTO="usb_net_by_mac_end" + +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}=="0", GOTO="usb_net_by_mac_end" + +SUBSYSTEMS=="usb", NAME=="", \ + ATTR{address}=="?[014589cd]:*", \ + TEST!="/etc/udev/rules.d/80-net-setup-link.rules", \ + TEST!="/etc/systemd/network/99-default.link", \ + IMPORT{builtin}="net_id", NAME="$env{ID_NET_NAME_MAC}" + +LABEL="usb_net_by_mac_end" diff --git a/debian/extra/rules/80-debian-compat.rules b/debian/extra/rules/80-debian-compat.rules new file mode 100644 index 0000000..fb8477f --- /dev/null +++ b/debian/extra/rules/80-debian-compat.rules @@ -0,0 +1,30 @@ +# Debian specific udev rules for backwards compatibility + +# needed for old tape drivers, http://bugs.debian.org/657948 +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg" + +# device permissions +KERNEL=="mISDNtimer", GROUP="dialout" +KERNEL=="mwave", GROUP="dialout" +KERNEL=="nvram", GROUP="kmem", MODE="0640" +KERNEL=="pktcdvd", GROUP="cdrom", MODE="0644" +KERNEL=="lirc[0-9]*", GROUP="video" +KERNEL=="legousbtower*", MODE="0666" +KERNEL=="sonypi", MODE="0666" +KERNEL=="mmtimer", MODE="0644" +KERNEL=="sgi_*", MODE="0666" +KERNEL=="z90crypt", MODE="0666" + +# These rules will create symlinks for CD/DVD drives, to help old +# programs which are unable to automatically discover the devices. +# The first detected device gets the symlink, but this is not stable across +# reboots. +ENV{ID_CDROM_CD_RW}=="?*", \ + PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.cdrw 2>/dev/null; [ `readlink /run/udev/link.cdrw` = %k ]", \ + SYMLINK+="cdrw", OPTIONS+="link_priority=-100" +ENV{ID_CDROM_DVD}=="?*", \ + PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvd 2>/dev/null; [ `readlink /run/udev/link.dvd` = %k ]", \ + SYMLINK+="dvd", OPTIONS+="link_priority=-100" +ENV{ID_CDROM_DVD_RW}=="?*", \ + PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvdrw 2>/dev/null; [ `readlink /run/udev/link.dvdrw` = %k ]", \ + SYMLINK+="dvdrw", OPTIONS+="link_priority=-100" diff --git a/debian/extra/set-cpufreq b/debian/extra/set-cpufreq new file mode 100755 index 0000000..4ffe126 --- /dev/null +++ b/debian/extra/set-cpufreq @@ -0,0 +1,46 @@ +#! /bin/sh +# Set the CPU Frequency Scaling governor to "ondemand"/"powersave" where available +set -eu + +FIRSTCPU=`cut -f1 -d- /sys/devices/system/cpu/online` +AVAILABLE="/sys/devices/system/cpu/cpu$FIRSTCPU/cpufreq/scaling_available_governors" +DOWN_FACTOR="/sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor" + +[ -f $AVAILABLE ] || exit 0 + +read governors < $AVAILABLE +case $governors in + *interactive*) + GOVERNOR="interactive" + break + ;; + *ondemand*) + GOVERNOR="ondemand" + case $(uname -m) in + ppc64*) + SAMPLING=100 + ;; + esac + break + ;; + *powersave*) + GOVERNOR="powersave" + break + ;; + *) + exit 0 + ;; +esac + +[ -n "${GOVERNOR:-}" ] || exit 0 + +echo "Setting $GOVERNOR scheduler for all CPUs" + +for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor +do + [ -f $CPUFREQ ] || continue + echo -n $GOVERNOR > $CPUFREQ +done +if [ -n "${SAMPLING:-}" ] && [ -f $DOWN_FACTOR ]; then + echo -n $SAMPLING > $DOWN_FACTOR +fi diff --git a/debian/extra/start-udev b/debian/extra/start-udev new file mode 100755 index 0000000..6048925 --- /dev/null +++ b/debian/extra/start-udev @@ -0,0 +1,18 @@ +#!/bin/sh -e + +if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper +fi + +if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then + mount -n -o mode=0755 -t devtmpfs devtmpfs /dev +fi + +SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never + +udevadm trigger --action=add + +mkdir -p /dev/pts +mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts + +udevadm settle || true diff --git a/debian/extra/systemd-sysv-install b/debian/extra/systemd-sysv-install new file mode 100755 index 0000000..7e90dc2 --- /dev/null +++ b/debian/extra/systemd-sysv-install @@ -0,0 +1,56 @@ +#!/bin/sh +# This script is called by "systemctl enable/disable" when the given unit is a +# SysV init.d script. It needs to call the distribution's mechanism for +# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This +# can optionally take a --root argument for enabling a SysV init script +# in a chroot or similar. +set -eu + +usage() { + echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2 + exit 1 +} + +ROOT= + +# parse options +eval set -- "$(getopt -o r: --long root: -- "$@")" +while true; do + case "$1" in + -r|--root) + ROOT="$2" + shift 2 ;; + --) shift ; break ;; + *) usage ;; + esac +done + +NAME="${2:-}" + +run() { + if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then + _SKIP_SYSTEMD_NATIVE=1 chroot "$ROOT" /usr/sbin/update-rc.d "$@" + else + _SKIP_SYSTEMD_NATIVE=1 /usr/sbin/update-rc.d "$@" + fi +} + +[ -n "$NAME" ] || usage + +case "$1" in + enable) + # call the command to enable SysV init script $NAME here.. + run "$NAME" defaults + run "$NAME" enable + ;; + disable) + run "$NAME" defaults + run "$NAME" disable + ;; + is-enabled) + # exit with 0 if $NAME is enabled, non-zero if it is disabled + ls "$ROOT"/etc/rc[S5].d/S??"$NAME" >/dev/null 2>&1 + ;; + *) + usage ;; +esac diff --git a/debian/extra/systemd.py b/debian/extra/systemd.py new file mode 100644 index 0000000..108e896 --- /dev/null +++ b/debian/extra/systemd.py @@ -0,0 +1,29 @@ +'''apport package hook for systemd + +(c) 2014 Canonical Ltd. +Author: Martin Pitt <martin.pitt@ubuntu.com> +''' + +import os.path +import apport.hookutils + +def add_info(report): + apport.hookutils.attach_hardware(report) + + report['SystemdDelta'] = apport.hookutils.command_output(['systemd-delta']) + + if not os.path.exists('/run/systemd/system'): + return + + # Add details about all failed units, if any + out = apport.hookutils.command_output(['systemctl', '--state=failed', '--full', + '--no-legend']).strip() + if out: + failed = '' + for line in out.splitlines(): + unit = line.split()[0] + if failed: + failed += '------\n' + failed += apport.hookutils.command_output(['systemctl', 'status', '--full', unit]) + report['SystemdFailedUnits'] = failed + diff --git a/debian/extra/tmpfiles.d/debian.conf b/debian/extra/tmpfiles.d/debian.conf new file mode 100644 index 0000000..9061084 --- /dev/null +++ b/debian/extra/tmpfiles.d/debian.conf @@ -0,0 +1,14 @@ +# This file is part of the debianisation of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Type Path Mode UID GID Age Argument +L /run/shm - - - - /dev/shm +d /run/sendsigs.omit.d 0755 root root - + +L+ /etc/mtab - - - - ../proc/self/mounts diff --git a/debian/extra/udev.py b/debian/extra/udev.py new file mode 100644 index 0000000..d8bc76f --- /dev/null +++ b/debian/extra/udev.py @@ -0,0 +1,19 @@ +'''apport package hook for udev + +(c) 2009 Canonical Ltd. +Author: Martin Pitt <martin.pitt@ubuntu.com> +''' + +import os +import apport.hookutils + +def add_info(report): + apport.hookutils.attach_hardware(report) + + user_rules = [] + for f in os.listdir('/etc/udev/rules.d'): + if not f.startswith('70-persistent-') and f != 'README': + user_rules.append(f) + + if user_rules: + report['CustomUdevRuleFiles'] = ' '.join(user_rules) diff --git a/debian/extra/units-ubuntu/ondemand.service b/debian/extra/units-ubuntu/ondemand.service new file mode 100644 index 0000000..7edf840 --- /dev/null +++ b/debian/extra/units-ubuntu/ondemand.service @@ -0,0 +1,13 @@ +[Unit] +Description=Set the CPU Frequency Scaling governor +ConditionVirtualization=no +ConditionPathExists=/sys/devices/system/cpu/online +# Don't run if we're going to start an Android LXC container on Ubuntu Touch +ConditionPathExists=!/etc/init/lxc-android-config.conf + +[Service] +Type=idle +ExecStart=/lib/systemd/set-cpufreq + +[Install] +WantedBy=multi-user.target diff --git a/debian/extra/units-ubuntu/user@.service.d/timeout.conf b/debian/extra/units-ubuntu/user@.service.d/timeout.conf new file mode 100644 index 0000000..213eb65 --- /dev/null +++ b/debian/extra/units-ubuntu/user@.service.d/timeout.conf @@ -0,0 +1,4 @@ +# Avoid long hangs during shutdown if user services fail/hang due to X.org +# going away too early +[Service] +TimeoutStopSec=5 diff --git a/debian/extra/units/getty-static.service b/debian/extra/units/getty-static.service new file mode 100644 index 0000000..0a1203f --- /dev/null +++ b/debian/extra/units/getty-static.service @@ -0,0 +1,10 @@ +[Unit] +Description=getty on tty2-tty6 if dbus and logind are not available +ConditionPathExists=/dev/tty0 +ConditionPathExists=!/lib/systemd/system/dbus.service + +[Service] +Type=oneshot +ExecStart=/bin/systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service +RemainAfterExit=true + diff --git a/debian/extra/units/rc-local.service.d/debian.conf b/debian/extra/units/rc-local.service.d/debian.conf new file mode 100644 index 0000000..ec77220 --- /dev/null +++ b/debian/extra/units/rc-local.service.d/debian.conf @@ -0,0 +1,10 @@ +[Unit] +# not specified by LSB, but has been behaving that way in Debian under SysV +# init and upstart +After=network-online.target + +# Often contains status messages which users expect to see on the console +# during boot +[Service] +StandardOutput=journal+console +StandardError=journal+console diff --git a/debian/extra/units/systemd-resolved.service.d/resolvconf.conf b/debian/extra/units/systemd-resolved.service.d/resolvconf.conf new file mode 100644 index 0000000..98a7017 --- /dev/null +++ b/debian/extra/units/systemd-resolved.service.d/resolvconf.conf @@ -0,0 +1,8 @@ +# tell resolvconf about resolved's builtin DNS server, so that DNS servers +# picked up via networkd are respected when using resolvconf, and that software +# like Chrome that does not do NSS (libnss-resolve) still gets proper DNS +# resolution; do not remove the entry after stop though, as that leads to +# timeouts on shutdown via the resolvconf hooks (see LP: #1648068) +[Service] +ExecStartPost=+/bin/sh -c '[ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved' +ReadWritePaths=-/run/resolvconf diff --git a/debian/extra/units/systemd-timesyncd.service.d/disable-with-time-daemon.conf b/debian/extra/units/systemd-timesyncd.service.d/disable-with-time-daemon.conf new file mode 100644 index 0000000..8e4f853 --- /dev/null +++ b/debian/extra/units/systemd-timesyncd.service.d/disable-with-time-daemon.conf @@ -0,0 +1,6 @@ +[Unit] +# don't run timesyncd if we have another NTP daemon installed +ConditionFileIsExecutable=!/usr/sbin/ntpd +ConditionFileIsExecutable=!/usr/sbin/openntpd +ConditionFileIsExecutable=!/usr/sbin/chronyd +ConditionFileIsExecutable=!/usr/sbin/VBoxService diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..9591e25 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,9 @@ +[DEFAULT] +pristine-tar = True +patch-numbers = False +debian-branch = debian/buster +upstream-branch = upstream/latest + +[dch] +full = True +multimaint-merge = True diff --git a/debian/git-cherry-pick b/debian/git-cherry-pick new file mode 100755 index 0000000..bb39ce8 --- /dev/null +++ b/debian/git-cherry-pick @@ -0,0 +1,55 @@ +#!/bin/bash + +set -e + +if [ -z "$*" ] ; then + echo "Usage: $0 [commit [commit ..]]" + exit 1 +fi + + +curbranch=$(git rev-parse --abbrev-ref HEAD) + +# assert we got a branch +[ -n "$curbranch" ] + +if [ $curbranch = HEAD ] ; then + echo "You are not currently on a branch, cannot cherry-pick" + exit 1 +fi + +case $curbranch in + patch-queue/*) + debbranch=${curbranch/patch-queue\/} + pqbranch=$curbranch + ;; + *) + debbranch=$curbranch + pqbranch=patch-queue/$curbranch + ;; +esac + +commits=$(git rev-parse "$@") + +if git rev-parse $pqbranch &>/dev/null ; then + echo + echo "Will recreate patch-queue branch $pqbranch" + echo "It was pointing to" $(git rev-parse $pqbranch) + echo +fi + +gbp pq import --force + +echo "Cherry-picking the following commits:" +echo "$commits" + +picks=$(echo "$commits" | xargs echo exec git cherry-pick -x --no-edit --commit) + +# find the first debian commit +firstdebian=$(git log -i --grep "topic.*debian" --pretty=%h --reverse $debbranch..$pqbranch | head -1) + +sedexpr="/$firstdebian/i$picks" + +GIT_EDITOR="sed -i -e '$sedexpr'" git rebase --interactive --no-autosquash $debbranch + + diff --git a/debian/libnss-myhostname.install b/debian/libnss-myhostname.install new file mode 100644 index 0000000..3db9104 --- /dev/null +++ b/debian/libnss-myhostname.install @@ -0,0 +1,3 @@ +lib/*/libnss_myhostname*.so.* +usr/share/man/man8/libnss_myhostname.so.2.8 +usr/share/man/man8/nss-myhostname.8 diff --git a/debian/libnss-myhostname.lintian-overrides b/debian/libnss-myhostname.lintian-overrides new file mode 100644 index 0000000..ff4d266 --- /dev/null +++ b/debian/libnss-myhostname.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-myhostname: package-name-doesnt-match-sonames diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst new file mode 100644 index 0000000..9fec7a3 --- /dev/null +++ b/debian/libnss-myhostname.postinst @@ -0,0 +1,40 @@ +#!/bin/sh +set -e + +# This code was taken from libnss-myhostname + +# try to insert myhostname entries to the "hosts" line in /etc/nsswitch.conf to +# automatically enable libnss-myhostname support; do not change the +# configuration if the "hosts" line already references some myhostname lookups +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the "hosts" line already references + # myhostname + if (grep { $_ eq "myhostname"} @bits) { + return $line; + } + # add myhostname at the end + return $line . " myhostname"; + } + s/^(hosts:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains myhostname entries) + insert_nss_entry +fi + +#DEBHELPER# diff --git a/debian/libnss-myhostname.postrm b/debian/libnss-myhostname.postrm new file mode 100644 index 0000000..0a6d0f2 --- /dev/null +++ b/debian/libnss-myhostname.postrm @@ -0,0 +1,28 @@ +#!/bin/sh +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-myhostname myhostname +fi + +#DEBHELPER# diff --git a/debian/libnss-mymachines.install b/debian/libnss-mymachines.install new file mode 100644 index 0000000..5530114 --- /dev/null +++ b/debian/libnss-mymachines.install @@ -0,0 +1,3 @@ +lib/*/libnss_mymachines*.so.* +usr/share/man/man8/libnss_mymachines.so.2.8 +usr/share/man/man8/nss-mymachines.8 diff --git a/debian/libnss-mymachines.lintian-overrides b/debian/libnss-mymachines.lintian-overrides new file mode 100644 index 0000000..c9661e8 --- /dev/null +++ b/debian/libnss-mymachines.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-mymachines: package-name-doesnt-match-sonames diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst new file mode 100644 index 0000000..f4b3f5c --- /dev/null +++ b/debian/libnss-mymachines.postinst @@ -0,0 +1,40 @@ +#!/bin/sh +set -e + +# This code was taken from libnss-myhostname + +# try to insert mymachines entries to the "hosts" line in /etc/nsswitch.conf to +# automatically enable libnss-mymachines support; do not change the +# configuration if the "hosts" line already references some mymachines lookups +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the "hosts" line already references + # mymachines + if (grep { $_ eq "mymachines"} @bits) { + return $line; + } + # add mymachines at the end + return $line . " mymachines"; + } + s/^(hosts:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains mymachines entries) + insert_nss_entry +fi + +#DEBHELPER# diff --git a/debian/libnss-mymachines.postrm b/debian/libnss-mymachines.postrm new file mode 100644 index 0000000..1318f21 --- /dev/null +++ b/debian/libnss-mymachines.postrm @@ -0,0 +1,28 @@ +#!/bin/sh +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-mymachines mymachines +fi + +#DEBHELPER# diff --git a/debian/libnss-resolve.install b/debian/libnss-resolve.install new file mode 100644 index 0000000..3ecf834 --- /dev/null +++ b/debian/libnss-resolve.install @@ -0,0 +1,3 @@ +lib/*/libnss_resolve*.so.* +usr/share/man/man8/libnss_resolve.so.2.8 +usr/share/man/man8/nss-resolve.8 diff --git a/debian/libnss-resolve.lintian-overrides b/debian/libnss-resolve.lintian-overrides new file mode 100644 index 0000000..dfd9ec4 --- /dev/null +++ b/debian/libnss-resolve.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-resolve: package-name-doesnt-match-sonames diff --git a/debian/libnss-resolve.postinst b/debian/libnss-resolve.postinst new file mode 100644 index 0000000..21b19c8 --- /dev/null +++ b/debian/libnss-resolve.postinst @@ -0,0 +1,55 @@ +#!/bin/sh +set -e + +# This code was taken from libnss-myhostname + +# try to insert resolve entries to the "hosts" line in /etc/nsswitch.conf to +# automatically enable libnss-resolve support; do not change the +# configuration if the "hosts" line already references some resolve lookups +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the "hosts" line already references + # resolve + if (grep { $_ eq "resolve"} @bits) { + return $line; + } + # add resolve before dns + return join " ", map { + $_ eq "dns" ? ("resolve [!UNAVAIL=return]", "$_") : $_ + } @bits; + } + s/^(hosts:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains resolve entries) + insert_nss_entry + # ... and enable resolved + systemctl enable systemd-resolved.service + if [ -d /run/systemd/system ]; then + deb-systemd-invoke start systemd-resolved.service || true + fi +fi + +# Fix nsswitch action on upgrades +if [ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl "231-10"; then + if ! grep -q '^hosts:.*resolve[[:space:]]*\[' /etc/nsswitch.conf; then + echo "Adjusting 'resolv' entry in /etc/nsswitch.conf.." + sed -i '/^hosts:/ { s/resolve/& [!UNAVAIL=return]/}' /etc/nsswitch.conf + fi +fi + +#DEBHELPER# diff --git a/debian/libnss-resolve.postrm b/debian/libnss-resolve.postrm new file mode 100644 index 0000000..6f0f787 --- /dev/null +++ b/debian/libnss-resolve.postrm @@ -0,0 +1,32 @@ +#!/bin/sh +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve + systemctl disable systemd-resolved.service + if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop systemd-resolved.service || true + fi +fi + +#DEBHELPER# diff --git a/debian/libnss-systemd.install b/debian/libnss-systemd.install new file mode 100644 index 0000000..ade3da4 --- /dev/null +++ b/debian/libnss-systemd.install @@ -0,0 +1,3 @@ +lib/*/libnss_systemd*.so.* +usr/share/man/man8/libnss_systemd* +usr/share/man/man8/nss-systemd* diff --git a/debian/libnss-systemd.lintian-overrides b/debian/libnss-systemd.lintian-overrides new file mode 100644 index 0000000..8e9c4cb --- /dev/null +++ b/debian/libnss-systemd.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-systemd: package-name-doesnt-match-sonames diff --git a/debian/libnss-systemd.postinst b/debian/libnss-systemd.postinst new file mode 100644 index 0000000..1dc3c4f --- /dev/null +++ b/debian/libnss-systemd.postinst @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +# try to insert the systemd entry to the "passwd" and "group" lines in +# /etc/nsswitch.conf to automatically enable libnss-systemd support; do not +# change the configuration if the lines already contain "systemd" +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the line already references + # systemd + if (grep { $_ eq "systemd"} @bits) { + return $line; + } + # add systemd at the end + return $line . " systemd"; + } + s/^(passwd:\s+)(.*)/$1.insert($2)/e; + s/^(group:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration + insert_nss_entry +fi + +#DEBHELPER# diff --git a/debian/libnss-systemd.postrm b/debian/libnss-systemd.postrm new file mode 100644 index 0000000..744cc35 --- /dev/null +++ b/debian/libnss-systemd.postrm @@ -0,0 +1,28 @@ +#!/bin/sh +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-systemd systemd +fi + +#DEBHELPER# diff --git a/debian/libpam-systemd.install b/debian/libpam-systemd.install new file mode 100644 index 0000000..df749da --- /dev/null +++ b/debian/libpam-systemd.install @@ -0,0 +1,3 @@ +lib/*/security/pam_systemd.so +usr/share/man/man8/pam_systemd.8 +../../extra/pam-configs usr/share/ diff --git a/debian/libpam-systemd.postinst b/debian/libpam-systemd.postinst new file mode 100644 index 0000000..c6177d8 --- /dev/null +++ b/debian/libpam-systemd.postinst @@ -0,0 +1,7 @@ +#! /bin/sh + +set -e + +pam-auth-update --package + +#DEBHELPER# diff --git a/debian/libpam-systemd.prerm b/debian/libpam-systemd.prerm new file mode 100644 index 0000000..f51c108 --- /dev/null +++ b/debian/libpam-systemd.prerm @@ -0,0 +1,20 @@ +#! /bin/sh + +set -e + +# pam-auth-update --remove removes the named profile from the active config. +# It arguably should be called during deconfigure as well, but deconfigure +# can happen in some cases during a dist-upgrade and we don't want to +# deconfigure all PAM modules in the middle of a dist-upgrade by accident. +# +# More importantly, with the current implementation, --remove also removes +# all local preferences for the named config (such as whether it's enabled +# or disabled), which we don't want to do on deconfigure. +# +# This may need to change later as pam-auth-update evolves. + +if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then + pam-auth-update --package --remove systemd +fi + +#DEBHELPER# diff --git a/debian/libsystemd-dev.install b/debian/libsystemd-dev.install new file mode 100644 index 0000000..1ca8036 --- /dev/null +++ b/debian/libsystemd-dev.install @@ -0,0 +1,5 @@ +lib/*/libsystemd.so +usr/lib/*/pkgconfig/libsystemd.pc +usr/include/systemd/ +usr/share/man/man3/sd* +usr/share/man/man3/SD* diff --git a/debian/libsystemd0.install b/debian/libsystemd0.install new file mode 100644 index 0000000..9cd022d --- /dev/null +++ b/debian/libsystemd0.install @@ -0,0 +1 @@ +lib/*/libsystemd.so.* diff --git a/debian/libsystemd0.symbols b/debian/libsystemd0.symbols new file mode 100644 index 0000000..1e2d787 --- /dev/null +++ b/debian/libsystemd0.symbols @@ -0,0 +1,565 @@ +libsystemd.so.0 libsystemd0 #MINVER# +* Build-Depends-Package: libsystemd-dev + LIBSYSTEMD_209@LIBSYSTEMD_209 0 + LIBSYSTEMD_211@LIBSYSTEMD_211 211 + LIBSYSTEMD_213@LIBSYSTEMD_213 213 + LIBSYSTEMD_214@LIBSYSTEMD_214 214 + LIBSYSTEMD_216@LIBSYSTEMD_216 217 + LIBSYSTEMD_217@LIBSYSTEMD_217 217 + LIBSYSTEMD_219@LIBSYSTEMD_219 219 + LIBSYSTEMD_220@LIBSYSTEMD_220 220 + LIBSYSTEMD_221@LIBSYSTEMD_221 221 + LIBSYSTEMD_222@LIBSYSTEMD_222 222 + LIBSYSTEMD_226@LIBSYSTEMD_226 226 + LIBSYSTEMD_227@LIBSYSTEMD_227 227 + LIBSYSTEMD_229@LIBSYSTEMD_229 229 + LIBSYSTEMD_230@LIBSYSTEMD_230 230 + LIBSYSTEMD_231@LIBSYSTEMD_231 231 + LIBSYSTEMD_232@LIBSYSTEMD_232 232 + LIBSYSTEMD_233@LIBSYSTEMD_233 233 + LIBSYSTEMD_234@LIBSYSTEMD_234 234 + LIBSYSTEMD_236@LIBSYSTEMD_236 236 + LIBSYSTEMD_237@LIBSYSTEMD_237 237 + LIBSYSTEMD_238@LIBSYSTEMD_238 238 + LIBSYSTEMD_239@LIBSYSTEMD_239 239 + LIBSYSTEMD_240@LIBSYSTEMD_240 240 + LIBSYSTEMD_241@LIBSYSTEMD_241 241 + sd_booted@LIBSYSTEMD_209 0 + sd_bus_add_fallback@LIBSYSTEMD_221 221 + sd_bus_add_fallback_vtable@LIBSYSTEMD_221 221 + sd_bus_add_filter@LIBSYSTEMD_221 221 + sd_bus_add_match@LIBSYSTEMD_221 221 + sd_bus_add_match_async@LIBSYSTEMD_237 237 + sd_bus_add_node_enumerator@LIBSYSTEMD_221 221 + sd_bus_add_object@LIBSYSTEMD_221 221 + sd_bus_add_object_manager@LIBSYSTEMD_221 221 + sd_bus_add_object_vtable@LIBSYSTEMD_221 221 + sd_bus_attach_event@LIBSYSTEMD_221 221 + sd_bus_call@LIBSYSTEMD_221 221 + sd_bus_call_async@LIBSYSTEMD_221 221 + sd_bus_call_method@LIBSYSTEMD_221 221 + sd_bus_call_method_async@LIBSYSTEMD_221 221 + sd_bus_can_send@LIBSYSTEMD_221 221 + sd_bus_close@LIBSYSTEMD_221 221 + sd_bus_close_unref@LIBSYSTEMD_241 241 + sd_bus_creds_get_audit_login_uid@LIBSYSTEMD_221 221 + sd_bus_creds_get_audit_session_id@LIBSYSTEMD_221 221 + sd_bus_creds_get_augmented_mask@LIBSYSTEMD_221 221 + sd_bus_creds_get_cgroup@LIBSYSTEMD_221 221 + sd_bus_creds_get_cmdline@LIBSYSTEMD_221 221 + sd_bus_creds_get_comm@LIBSYSTEMD_221 221 + sd_bus_creds_get_description@LIBSYSTEMD_221 221 + sd_bus_creds_get_egid@LIBSYSTEMD_221 221 + sd_bus_creds_get_euid@LIBSYSTEMD_221 221 + sd_bus_creds_get_exe@LIBSYSTEMD_221 221 + sd_bus_creds_get_fsgid@LIBSYSTEMD_221 221 + sd_bus_creds_get_fsuid@LIBSYSTEMD_221 221 + sd_bus_creds_get_gid@LIBSYSTEMD_221 221 + sd_bus_creds_get_mask@LIBSYSTEMD_221 221 + sd_bus_creds_get_owner_uid@LIBSYSTEMD_221 221 + sd_bus_creds_get_pid@LIBSYSTEMD_221 221 + sd_bus_creds_get_ppid@LIBSYSTEMD_221 221 + sd_bus_creds_get_selinux_context@LIBSYSTEMD_221 221 + sd_bus_creds_get_session@LIBSYSTEMD_221 221 + sd_bus_creds_get_sgid@LIBSYSTEMD_221 221 + sd_bus_creds_get_slice@LIBSYSTEMD_221 221 + sd_bus_creds_get_suid@LIBSYSTEMD_221 221 + sd_bus_creds_get_supplementary_gids@LIBSYSTEMD_221 221 + sd_bus_creds_get_tid@LIBSYSTEMD_221 221 + sd_bus_creds_get_tid_comm@LIBSYSTEMD_221 221 + sd_bus_creds_get_tty@LIBSYSTEMD_221 221 + sd_bus_creds_get_uid@LIBSYSTEMD_221 221 + sd_bus_creds_get_unique_name@LIBSYSTEMD_221 221 + sd_bus_creds_get_unit@LIBSYSTEMD_221 221 + sd_bus_creds_get_user_slice@LIBSYSTEMD_221 221 + sd_bus_creds_get_user_unit@LIBSYSTEMD_221 221 + sd_bus_creds_get_well_known_names@LIBSYSTEMD_221 221 + sd_bus_creds_has_bounding_cap@LIBSYSTEMD_221 221 + sd_bus_creds_has_effective_cap@LIBSYSTEMD_221 221 + sd_bus_creds_has_inheritable_cap@LIBSYSTEMD_221 221 + sd_bus_creds_has_permitted_cap@LIBSYSTEMD_221 221 + sd_bus_creds_new_from_pid@LIBSYSTEMD_221 221 + sd_bus_creds_ref@LIBSYSTEMD_221 221 + sd_bus_creds_unref@LIBSYSTEMD_221 221 + sd_bus_default@LIBSYSTEMD_221 221 + sd_bus_default_flush_close@LIBSYSTEMD_227 227 + sd_bus_default_system@LIBSYSTEMD_221 221 + sd_bus_default_user@LIBSYSTEMD_221 221 + sd_bus_detach_event@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_added@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_added_strv@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_removed@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_removed_strv@LIBSYSTEMD_221 221 + sd_bus_emit_object_added@LIBSYSTEMD_222 222 + sd_bus_emit_object_removed@LIBSYSTEMD_222 222 + sd_bus_emit_properties_changed@LIBSYSTEMD_221 221 + sd_bus_emit_properties_changed_strv@LIBSYSTEMD_221 221 + sd_bus_emit_signal@LIBSYSTEMD_221 221 + sd_bus_error_add_map@LIBSYSTEMD_221 221 + sd_bus_error_copy@LIBSYSTEMD_221 221 + sd_bus_error_free@LIBSYSTEMD_221 221 + sd_bus_error_get_errno@LIBSYSTEMD_221 221 + sd_bus_error_has_name@LIBSYSTEMD_221 221 + sd_bus_error_is_set@LIBSYSTEMD_221 221 + sd_bus_error_move@LIBSYSTEMD_240 240 + sd_bus_error_set@LIBSYSTEMD_221 221 + sd_bus_error_set_const@LIBSYSTEMD_221 221 + sd_bus_error_set_errno@LIBSYSTEMD_221 221 + sd_bus_error_set_errnof@LIBSYSTEMD_221 221 + sd_bus_error_set_errnofv@LIBSYSTEMD_221 221 + sd_bus_error_setf@LIBSYSTEMD_221 221 + sd_bus_flush@LIBSYSTEMD_221 221 + sd_bus_flush_close_unref@LIBSYSTEMD_222 222 + sd_bus_get_address@LIBSYSTEMD_221 221 + sd_bus_get_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_get_bus_id@LIBSYSTEMD_221 221 + sd_bus_get_close_on_exit@LIBSYSTEMD_240 240 + sd_bus_get_connected_signal@LIBSYSTEMD_237 237 + sd_bus_get_creds_mask@LIBSYSTEMD_221 221 + sd_bus_get_current_handler@LIBSYSTEMD_221 221 + sd_bus_get_current_message@LIBSYSTEMD_221 221 + sd_bus_get_current_slot@LIBSYSTEMD_221 221 + sd_bus_get_current_userdata@LIBSYSTEMD_221 221 + sd_bus_get_description@LIBSYSTEMD_221 221 + sd_bus_get_event@LIBSYSTEMD_221 221 + sd_bus_get_events@LIBSYSTEMD_221 221 + sd_bus_get_exit_on_disconnect@LIBSYSTEMD_232 232 + sd_bus_get_fd@LIBSYSTEMD_221 221 + sd_bus_get_method_call_timeout@LIBSYSTEMD_240 240 + sd_bus_get_n_queued_read@LIBSYSTEMD_238 238 + sd_bus_get_n_queued_write@LIBSYSTEMD_238 238 + sd_bus_get_name_creds@LIBSYSTEMD_221 221 + sd_bus_get_name_machine_id@LIBSYSTEMD_221 221 + sd_bus_get_owner_creds@LIBSYSTEMD_221 221 + sd_bus_get_property@LIBSYSTEMD_221 221 + sd_bus_get_property_string@LIBSYSTEMD_221 221 + sd_bus_get_property_strv@LIBSYSTEMD_221 221 + sd_bus_get_property_trivial@LIBSYSTEMD_221 221 + sd_bus_get_scope@LIBSYSTEMD_221 221 + sd_bus_get_sender@LIBSYSTEMD_237 237 + sd_bus_get_tid@LIBSYSTEMD_221 221 + sd_bus_get_timeout@LIBSYSTEMD_221 221 + sd_bus_get_unique_name@LIBSYSTEMD_221 221 + sd_bus_get_watch_bind@LIBSYSTEMD_237 237 + sd_bus_is_anonymous@LIBSYSTEMD_221 221 + sd_bus_is_bus_client@LIBSYSTEMD_221 221 + sd_bus_is_monitor@LIBSYSTEMD_221 221 + sd_bus_is_open@LIBSYSTEMD_221 221 + sd_bus_is_ready@LIBSYSTEMD_237 237 + sd_bus_is_server@LIBSYSTEMD_221 221 + sd_bus_is_trusted@LIBSYSTEMD_221 221 + sd_bus_list_names@LIBSYSTEMD_221 221 + sd_bus_match_signal@LIBSYSTEMD_237 237 + sd_bus_match_signal_async@LIBSYSTEMD_237 237 + sd_bus_message_append@LIBSYSTEMD_221 221 + sd_bus_message_append_array@LIBSYSTEMD_221 221 + sd_bus_message_append_array_iovec@LIBSYSTEMD_221 221 + sd_bus_message_append_array_memfd@LIBSYSTEMD_221 221 + sd_bus_message_append_array_space@LIBSYSTEMD_221 221 + sd_bus_message_append_basic@LIBSYSTEMD_221 221 + sd_bus_message_append_string_iovec@LIBSYSTEMD_221 221 + sd_bus_message_append_string_memfd@LIBSYSTEMD_221 221 + sd_bus_message_append_string_space@LIBSYSTEMD_221 221 + sd_bus_message_append_strv@LIBSYSTEMD_221 221 + sd_bus_message_appendv@LIBSYSTEMD_234 234 + sd_bus_message_at_end@LIBSYSTEMD_221 221 + sd_bus_message_close_container@LIBSYSTEMD_221 221 + sd_bus_message_copy@LIBSYSTEMD_221 221 + sd_bus_message_enter_container@LIBSYSTEMD_221 221 + sd_bus_message_exit_container@LIBSYSTEMD_221 221 + sd_bus_message_get_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_message_get_auto_start@LIBSYSTEMD_221 221 + sd_bus_message_get_bus@LIBSYSTEMD_221 221 + sd_bus_message_get_cookie@LIBSYSTEMD_221 221 + sd_bus_message_get_creds@LIBSYSTEMD_221 221 + sd_bus_message_get_destination@LIBSYSTEMD_221 221 + sd_bus_message_get_errno@LIBSYSTEMD_221 221 + sd_bus_message_get_error@LIBSYSTEMD_221 221 + sd_bus_message_get_expect_reply@LIBSYSTEMD_221 221 + sd_bus_message_get_interface@LIBSYSTEMD_221 221 + sd_bus_message_get_member@LIBSYSTEMD_221 221 + sd_bus_message_get_monotonic_usec@LIBSYSTEMD_221 221 + sd_bus_message_get_path@LIBSYSTEMD_221 221 + sd_bus_message_get_priority@LIBSYSTEMD_221 221 + sd_bus_message_get_realtime_usec@LIBSYSTEMD_221 221 + sd_bus_message_get_reply_cookie@LIBSYSTEMD_221 221 + sd_bus_message_get_sender@LIBSYSTEMD_221 221 + sd_bus_message_get_seqnum@LIBSYSTEMD_221 221 + sd_bus_message_get_signature@LIBSYSTEMD_221 221 + sd_bus_message_get_type@LIBSYSTEMD_221 221 + sd_bus_message_has_signature@LIBSYSTEMD_221 221 + sd_bus_message_is_empty@LIBSYSTEMD_221 221 + sd_bus_message_is_method_call@LIBSYSTEMD_221 221 + sd_bus_message_is_method_error@LIBSYSTEMD_221 221 + sd_bus_message_is_signal@LIBSYSTEMD_221 221 + sd_bus_message_new@LIBSYSTEMD_236 236 + sd_bus_message_new_method_call@LIBSYSTEMD_221 221 + sd_bus_message_new_method_errno@LIBSYSTEMD_221 221 + sd_bus_message_new_method_errnof@LIBSYSTEMD_221 221 + sd_bus_message_new_method_error@LIBSYSTEMD_221 221 + sd_bus_message_new_method_errorf@LIBSYSTEMD_221 221 + sd_bus_message_new_method_return@LIBSYSTEMD_221 221 + sd_bus_message_new_signal@LIBSYSTEMD_221 221 + sd_bus_message_open_container@LIBSYSTEMD_221 221 + sd_bus_message_peek_type@LIBSYSTEMD_221 221 + sd_bus_message_read@LIBSYSTEMD_221 221 + sd_bus_message_read_array@LIBSYSTEMD_221 221 + sd_bus_message_read_basic@LIBSYSTEMD_221 221 + sd_bus_message_read_strv@LIBSYSTEMD_221 221 + sd_bus_message_readv@LIBSYSTEMD_240 240 + sd_bus_message_ref@LIBSYSTEMD_221 221 + sd_bus_message_rewind@LIBSYSTEMD_221 221 + sd_bus_message_seal@LIBSYSTEMD_236 236 + sd_bus_message_set_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_message_set_auto_start@LIBSYSTEMD_221 221 + sd_bus_message_set_destination@LIBSYSTEMD_221 221 + sd_bus_message_set_expect_reply@LIBSYSTEMD_221 221 + sd_bus_message_set_priority@LIBSYSTEMD_221 221 + sd_bus_message_set_sender@LIBSYSTEMD_237 237 + sd_bus_message_skip@LIBSYSTEMD_221 221 + sd_bus_message_unref@LIBSYSTEMD_221 221 + sd_bus_message_verify_type@LIBSYSTEMD_221 221 + sd_bus_negotiate_creds@LIBSYSTEMD_221 221 + sd_bus_negotiate_fds@LIBSYSTEMD_221 221 + sd_bus_negotiate_timestamp@LIBSYSTEMD_221 221 + sd_bus_new@LIBSYSTEMD_221 221 + sd_bus_open@LIBSYSTEMD_221 221 + sd_bus_open_system@LIBSYSTEMD_221 221 + sd_bus_open_system_machine@LIBSYSTEMD_221 221 + sd_bus_open_system_remote@LIBSYSTEMD_221 221 + sd_bus_open_system_with_description@LIBSYSTEMD_239 239 + sd_bus_open_user@LIBSYSTEMD_221 221 + sd_bus_open_user_with_description@LIBSYSTEMD_239 239 + sd_bus_open_with_description@LIBSYSTEMD_239 239 + sd_bus_path_decode@LIBSYSTEMD_221 221 + sd_bus_path_decode_many@LIBSYSTEMD_227 227 + sd_bus_path_encode@LIBSYSTEMD_221 221 + sd_bus_path_encode_many@LIBSYSTEMD_227 227 + sd_bus_process@LIBSYSTEMD_221 221 + sd_bus_process_priority@LIBSYSTEMD_221 221 + sd_bus_query_sender_creds@LIBSYSTEMD_221 221 + sd_bus_query_sender_privilege@LIBSYSTEMD_221 221 + sd_bus_ref@LIBSYSTEMD_221 221 + sd_bus_release_name@LIBSYSTEMD_221 221 + sd_bus_release_name_async@LIBSYSTEMD_237 237 + sd_bus_reply_method_errno@LIBSYSTEMD_221 221 + sd_bus_reply_method_errnof@LIBSYSTEMD_221 221 + sd_bus_reply_method_error@LIBSYSTEMD_221 221 + sd_bus_reply_method_errorf@LIBSYSTEMD_221 221 + sd_bus_reply_method_return@LIBSYSTEMD_221 221 + sd_bus_request_name@LIBSYSTEMD_221 221 + sd_bus_request_name_async@LIBSYSTEMD_237 237 + sd_bus_send@LIBSYSTEMD_221 221 + sd_bus_send_to@LIBSYSTEMD_221 221 + sd_bus_set_address@LIBSYSTEMD_221 221 + sd_bus_set_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_set_anonymous@LIBSYSTEMD_221 221 + sd_bus_set_bus_client@LIBSYSTEMD_221 221 + sd_bus_set_close_on_exit@LIBSYSTEMD_240 240 + sd_bus_set_connected_signal@LIBSYSTEMD_237 237 + sd_bus_set_description@LIBSYSTEMD_221 221 + sd_bus_set_exec@LIBSYSTEMD_221 221 + sd_bus_set_exit_on_disconnect@LIBSYSTEMD_232 232 + sd_bus_set_fd@LIBSYSTEMD_221 221 + sd_bus_set_method_call_timeout@LIBSYSTEMD_240 240 + sd_bus_set_monitor@LIBSYSTEMD_221 221 + sd_bus_set_property@LIBSYSTEMD_221 221 + sd_bus_set_sender@LIBSYSTEMD_237 237 + sd_bus_set_server@LIBSYSTEMD_221 221 + sd_bus_set_trusted@LIBSYSTEMD_221 221 + sd_bus_set_watch_bind@LIBSYSTEMD_237 237 + sd_bus_slot_get_bus@LIBSYSTEMD_221 221 + sd_bus_slot_get_current_handler@LIBSYSTEMD_221 221 + sd_bus_slot_get_current_message@LIBSYSTEMD_221 221 + sd_bus_slot_get_current_userdata@LIBSYSTEMD_221 221 + sd_bus_slot_get_description@LIBSYSTEMD_221 221 + sd_bus_slot_get_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_slot_get_floating@LIBSYSTEMD_239 239 + sd_bus_slot_get_userdata@LIBSYSTEMD_221 221 + sd_bus_slot_ref@LIBSYSTEMD_221 221 + sd_bus_slot_set_description@LIBSYSTEMD_221 221 + sd_bus_slot_set_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_slot_set_floating@LIBSYSTEMD_239 239 + sd_bus_slot_set_userdata@LIBSYSTEMD_221 221 + sd_bus_slot_unref@LIBSYSTEMD_221 221 + sd_bus_start@LIBSYSTEMD_221 221 + sd_bus_track_add_name@LIBSYSTEMD_221 221 + sd_bus_track_add_sender@LIBSYSTEMD_221 221 + sd_bus_track_contains@LIBSYSTEMD_221 221 + sd_bus_track_count@LIBSYSTEMD_221 221 + sd_bus_track_count_name@LIBSYSTEMD_232 232 + sd_bus_track_count_sender@LIBSYSTEMD_232 232 + sd_bus_track_first@LIBSYSTEMD_221 221 + sd_bus_track_get_bus@LIBSYSTEMD_221 221 + sd_bus_track_get_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_track_get_recursive@LIBSYSTEMD_232 232 + sd_bus_track_get_userdata@LIBSYSTEMD_221 221 + sd_bus_track_new@LIBSYSTEMD_221 221 + sd_bus_track_next@LIBSYSTEMD_221 221 + sd_bus_track_ref@LIBSYSTEMD_221 221 + sd_bus_track_remove_name@LIBSYSTEMD_221 221 + sd_bus_track_remove_sender@LIBSYSTEMD_221 221 + sd_bus_track_set_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_track_set_recursive@LIBSYSTEMD_232 232 + sd_bus_track_set_userdata@LIBSYSTEMD_221 221 + sd_bus_track_unref@LIBSYSTEMD_221 221 + sd_bus_try_close@LIBSYSTEMD_221 221 + sd_bus_unref@LIBSYSTEMD_221 221 + sd_bus_wait@LIBSYSTEMD_221 221 + sd_device_enumerator_add_match_parent@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_property@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_subsystem@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_sysattr@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_sysname@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_tag@LIBSYSTEMD_240 240 + sd_device_enumerator_allow_uninitialized@LIBSYSTEMD_240 240 + sd_device_enumerator_get_device_first@LIBSYSTEMD_240 240 + sd_device_enumerator_get_device_next@LIBSYSTEMD_240 240 + sd_device_enumerator_get_subsystem_first@LIBSYSTEMD_240 240 + sd_device_enumerator_get_subsystem_next@LIBSYSTEMD_240 240 + sd_device_enumerator_new@LIBSYSTEMD_240 240 + sd_device_enumerator_ref@LIBSYSTEMD_240 240 + sd_device_enumerator_unref@LIBSYSTEMD_240 240 + sd_device_get_devlink_first@LIBSYSTEMD_240 240 + sd_device_get_devlink_next@LIBSYSTEMD_240 240 + sd_device_get_devname@LIBSYSTEMD_240 240 + sd_device_get_devnum@LIBSYSTEMD_240 240 + sd_device_get_devpath@LIBSYSTEMD_240 240 + sd_device_get_devtype@LIBSYSTEMD_240 240 + sd_device_get_driver@LIBSYSTEMD_240 240 + sd_device_get_ifindex@LIBSYSTEMD_240 240 + sd_device_get_is_initialized@LIBSYSTEMD_240 240 + sd_device_get_parent@LIBSYSTEMD_240 240 + sd_device_get_parent_with_subsystem_devtype@LIBSYSTEMD_240 240 + sd_device_get_property_first@LIBSYSTEMD_240 240 + sd_device_get_property_next@LIBSYSTEMD_240 240 + sd_device_get_property_value@LIBSYSTEMD_240 240 + sd_device_get_subsystem@LIBSYSTEMD_240 240 + sd_device_get_sysattr_first@LIBSYSTEMD_240 240 + sd_device_get_sysattr_next@LIBSYSTEMD_240 240 + sd_device_get_sysattr_value@LIBSYSTEMD_240 240 + sd_device_get_sysname@LIBSYSTEMD_240 240 + sd_device_get_sysnum@LIBSYSTEMD_240 240 + sd_device_get_syspath@LIBSYSTEMD_240 240 + sd_device_get_tag_first@LIBSYSTEMD_240 240 + sd_device_get_tag_next@LIBSYSTEMD_240 240 + sd_device_get_usec_since_initialized@LIBSYSTEMD_240 240 + sd_device_has_tag@LIBSYSTEMD_240 240 + sd_device_monitor_attach_event@LIBSYSTEMD_240 240 + sd_device_monitor_detach_event@LIBSYSTEMD_240 240 + sd_device_monitor_filter_add_match_subsystem_devtype@LIBSYSTEMD_240 240 + sd_device_monitor_filter_add_match_tag@LIBSYSTEMD_240 240 + sd_device_monitor_filter_remove@LIBSYSTEMD_240 240 + sd_device_monitor_filter_update@LIBSYSTEMD_240 240 + sd_device_monitor_get_event@LIBSYSTEMD_240 240 + sd_device_monitor_get_event_source@LIBSYSTEMD_240 240 + sd_device_monitor_new@LIBSYSTEMD_240 240 + sd_device_monitor_ref@LIBSYSTEMD_240 240 + sd_device_monitor_set_receive_buffer_size@LIBSYSTEMD_240 240 + sd_device_monitor_start@LIBSYSTEMD_240 240 + sd_device_monitor_stop@LIBSYSTEMD_240 240 + sd_device_monitor_unref@LIBSYSTEMD_240 240 + sd_device_new_from_device_id@LIBSYSTEMD_240 240 + sd_device_new_from_devnum@LIBSYSTEMD_240 240 + sd_device_new_from_subsystem_sysname@LIBSYSTEMD_240 240 + sd_device_new_from_syspath@LIBSYSTEMD_240 240 + sd_device_ref@LIBSYSTEMD_240 240 + sd_device_set_sysattr_value@LIBSYSTEMD_240 240 + sd_device_unref@LIBSYSTEMD_240 240 + sd_event_add_child@LIBSYSTEMD_221 221 + sd_event_add_defer@LIBSYSTEMD_221 221 + sd_event_add_exit@LIBSYSTEMD_221 221 + sd_event_add_inotify@LIBSYSTEMD_239 239 + sd_event_add_io@LIBSYSTEMD_221 221 + sd_event_add_post@LIBSYSTEMD_221 221 + sd_event_add_signal@LIBSYSTEMD_221 221 + sd_event_add_time@LIBSYSTEMD_221 221 + sd_event_default@LIBSYSTEMD_221 221 + sd_event_dispatch@LIBSYSTEMD_221 221 + sd_event_exit@LIBSYSTEMD_221 221 + sd_event_get_exit_code@LIBSYSTEMD_221 221 + sd_event_get_fd@LIBSYSTEMD_221 221 + sd_event_get_iteration@LIBSYSTEMD_231 231 + sd_event_get_state@LIBSYSTEMD_221 221 + sd_event_get_tid@LIBSYSTEMD_221 221 + sd_event_get_watchdog@LIBSYSTEMD_221 221 + sd_event_loop@LIBSYSTEMD_221 221 + sd_event_new@LIBSYSTEMD_221 221 + sd_event_now@LIBSYSTEMD_221 221 + sd_event_prepare@LIBSYSTEMD_221 221 + sd_event_ref@LIBSYSTEMD_221 221 + sd_event_run@LIBSYSTEMD_221 221 + sd_event_set_watchdog@LIBSYSTEMD_221 221 + sd_event_source_get_child_pid@LIBSYSTEMD_221 221 + sd_event_source_get_description@LIBSYSTEMD_221 221 + sd_event_source_get_destroy_callback@LIBSYSTEMD_239 239 + sd_event_source_get_enabled@LIBSYSTEMD_221 221 + sd_event_source_get_event@LIBSYSTEMD_221 221 + sd_event_source_get_floating@LIBSYSTEMD_240 240 + sd_event_source_get_inotify_mask@LIBSYSTEMD_239 239 + sd_event_source_get_io_events@LIBSYSTEMD_221 221 + sd_event_source_get_io_fd@LIBSYSTEMD_221 221 + sd_event_source_get_io_fd_own@LIBSYSTEMD_237 237 + sd_event_source_get_io_revents@LIBSYSTEMD_221 221 + sd_event_source_get_pending@LIBSYSTEMD_221 221 + sd_event_source_get_priority@LIBSYSTEMD_221 221 + sd_event_source_get_signal@LIBSYSTEMD_221 221 + sd_event_source_get_time@LIBSYSTEMD_221 221 + sd_event_source_get_time_accuracy@LIBSYSTEMD_221 221 + sd_event_source_get_time_clock@LIBSYSTEMD_221 221 + sd_event_source_get_userdata@LIBSYSTEMD_221 221 + sd_event_source_ref@LIBSYSTEMD_221 221 + sd_event_source_set_description@LIBSYSTEMD_221 221 + sd_event_source_set_destroy_callback@LIBSYSTEMD_239 239 + sd_event_source_set_enabled@LIBSYSTEMD_221 221 + sd_event_source_set_floating@LIBSYSTEMD_240 240 + sd_event_source_set_io_events@LIBSYSTEMD_221 221 + sd_event_source_set_io_fd@LIBSYSTEMD_221 221 + sd_event_source_set_io_fd_own@LIBSYSTEMD_237 237 + sd_event_source_set_prepare@LIBSYSTEMD_221 221 + sd_event_source_set_priority@LIBSYSTEMD_221 221 + sd_event_source_set_time@LIBSYSTEMD_221 221 + sd_event_source_set_time_accuracy@LIBSYSTEMD_221 221 + sd_event_source_set_userdata@LIBSYSTEMD_221 221 + sd_event_source_unref@LIBSYSTEMD_221 221 + sd_event_unref@LIBSYSTEMD_221 221 + sd_event_wait@LIBSYSTEMD_221 221 + sd_get_machine_names@LIBSYSTEMD_209 0 + sd_get_seats@LIBSYSTEMD_209 0 + sd_get_sessions@LIBSYSTEMD_209 0 + sd_get_uids@LIBSYSTEMD_209 0 + sd_hwdb_enumerate@LIBSYSTEMD_240 240 + sd_hwdb_get@LIBSYSTEMD_240 240 + sd_hwdb_new@LIBSYSTEMD_240 240 + sd_hwdb_ref@LIBSYSTEMD_240 240 + sd_hwdb_seek@LIBSYSTEMD_240 240 + sd_hwdb_unref@LIBSYSTEMD_240 240 + sd_id128_from_string@LIBSYSTEMD_209 0 + sd_id128_get_boot@LIBSYSTEMD_209 0 + sd_id128_get_boot_app_specific@LIBSYSTEMD_240 240 + sd_id128_get_invocation@LIBSYSTEMD_232 232 + sd_id128_get_machine@LIBSYSTEMD_209 0 + sd_id128_get_machine_app_specific@LIBSYSTEMD_233 233 + sd_id128_randomize@LIBSYSTEMD_209 0 + sd_id128_to_string@LIBSYSTEMD_209 0 + sd_is_fifo@LIBSYSTEMD_209 0 + sd_is_mq@LIBSYSTEMD_209 0 + sd_is_socket@LIBSYSTEMD_209 0 + sd_is_socket_inet@LIBSYSTEMD_209 0 + sd_is_socket_sockaddr@LIBSYSTEMD_233 233 + sd_is_socket_unix@LIBSYSTEMD_209 0 + sd_is_special@LIBSYSTEMD_209 0 + sd_journal_add_conjunction@LIBSYSTEMD_209 0 + sd_journal_add_disjunction@LIBSYSTEMD_209 0 + sd_journal_add_match@LIBSYSTEMD_209 0 + sd_journal_close@LIBSYSTEMD_209 0 + sd_journal_enumerate_data@LIBSYSTEMD_209 0 + sd_journal_enumerate_fields@LIBSYSTEMD_229 229 + sd_journal_enumerate_unique@LIBSYSTEMD_209 0 + sd_journal_flush_matches@LIBSYSTEMD_209 0 + sd_journal_get_catalog@LIBSYSTEMD_209 0 + sd_journal_get_catalog_for_message_id@LIBSYSTEMD_209 0 + sd_journal_get_cursor@LIBSYSTEMD_209 0 + sd_journal_get_cutoff_monotonic_usec@LIBSYSTEMD_209 0 + sd_journal_get_cutoff_realtime_usec@LIBSYSTEMD_209 0 + sd_journal_get_data@LIBSYSTEMD_209 0 + sd_journal_get_data_threshold@LIBSYSTEMD_209 0 + sd_journal_get_events@LIBSYSTEMD_209 0 + sd_journal_get_fd@LIBSYSTEMD_209 0 + sd_journal_get_monotonic_usec@LIBSYSTEMD_209 0 + sd_journal_get_realtime_usec@LIBSYSTEMD_209 0 + sd_journal_get_timeout@LIBSYSTEMD_209 0 + sd_journal_get_usage@LIBSYSTEMD_209 0 + sd_journal_has_persistent_files@LIBSYSTEMD_229 229 + sd_journal_has_runtime_files@LIBSYSTEMD_229 229 + sd_journal_next@LIBSYSTEMD_209 0 + sd_journal_next_skip@LIBSYSTEMD_209 0 + sd_journal_open@LIBSYSTEMD_209 0 + sd_journal_open_container@LIBSYSTEMD_209 0 + sd_journal_open_directory@LIBSYSTEMD_209 0 + sd_journal_open_directory_fd@LIBSYSTEMD_230 230 + sd_journal_open_files@LIBSYSTEMD_209 0 + sd_journal_open_files_fd@LIBSYSTEMD_230 230 + sd_journal_perror@LIBSYSTEMD_209 0 + sd_journal_perror_with_location@LIBSYSTEMD_209 0 + sd_journal_previous@LIBSYSTEMD_209 0 + sd_journal_previous_skip@LIBSYSTEMD_209 0 + sd_journal_print@LIBSYSTEMD_209 0 + sd_journal_print_with_location@LIBSYSTEMD_209 0 + sd_journal_printv@LIBSYSTEMD_209 0 + sd_journal_printv_with_location@LIBSYSTEMD_209 0 + sd_journal_process@LIBSYSTEMD_209 0 + sd_journal_query_unique@LIBSYSTEMD_209 0 + sd_journal_reliable_fd@LIBSYSTEMD_209 0 + sd_journal_restart_data@LIBSYSTEMD_209 0 + sd_journal_restart_fields@LIBSYSTEMD_229 229 + sd_journal_restart_unique@LIBSYSTEMD_209 0 + sd_journal_seek_cursor@LIBSYSTEMD_209 0 + sd_journal_seek_head@LIBSYSTEMD_209 0 + sd_journal_seek_monotonic_usec@LIBSYSTEMD_209 0 + sd_journal_seek_realtime_usec@LIBSYSTEMD_209 0 + sd_journal_seek_tail@LIBSYSTEMD_209 0 + sd_journal_send@LIBSYSTEMD_209 0 + sd_journal_send_with_location@LIBSYSTEMD_209 0 + sd_journal_sendv@LIBSYSTEMD_209 0 + sd_journal_sendv_with_location@LIBSYSTEMD_209 0 + sd_journal_set_data_threshold@LIBSYSTEMD_209 0 + sd_journal_stream_fd@LIBSYSTEMD_209 0 + sd_journal_test_cursor@LIBSYSTEMD_209 0 + sd_journal_wait@LIBSYSTEMD_209 0 + sd_listen_fds@LIBSYSTEMD_209 0 + sd_listen_fds_with_names@LIBSYSTEMD_227 227 + sd_login_monitor_flush@LIBSYSTEMD_209 0 + sd_login_monitor_get_events@LIBSYSTEMD_209 0 + sd_login_monitor_get_fd@LIBSYSTEMD_209 0 + sd_login_monitor_get_timeout@LIBSYSTEMD_209 0 + sd_login_monitor_new@LIBSYSTEMD_209 0 + sd_login_monitor_unref@LIBSYSTEMD_209 0 + sd_machine_get_class@LIBSYSTEMD_211 211 + sd_machine_get_ifindices@LIBSYSTEMD_216 217 + sd_notify@LIBSYSTEMD_209 0 + sd_notifyf@LIBSYSTEMD_209 0 + sd_peer_get_cgroup@LIBSYSTEMD_226 226 + sd_peer_get_machine_name@LIBSYSTEMD_211 211 + sd_peer_get_owner_uid@LIBSYSTEMD_211 211 + sd_peer_get_session@LIBSYSTEMD_211 211 + sd_peer_get_slice@LIBSYSTEMD_211 211 + sd_peer_get_unit@LIBSYSTEMD_211 211 + sd_peer_get_user_slice@LIBSYSTEMD_220 220 + sd_peer_get_user_unit@LIBSYSTEMD_211 211 + sd_pid_get_cgroup@LIBSYSTEMD_226 226 + sd_pid_get_machine_name@LIBSYSTEMD_209 0 + sd_pid_get_owner_uid@LIBSYSTEMD_209 0 + sd_pid_get_session@LIBSYSTEMD_209 0 + sd_pid_get_slice@LIBSYSTEMD_209 0 + sd_pid_get_unit@LIBSYSTEMD_209 0 + sd_pid_get_user_slice@LIBSYSTEMD_220 220 + sd_pid_get_user_unit@LIBSYSTEMD_209 0 + sd_pid_notify@LIBSYSTEMD_214 214 + sd_pid_notify_with_fds@LIBSYSTEMD_219 219 + sd_pid_notifyf@LIBSYSTEMD_214 214 + sd_seat_can_graphical@LIBSYSTEMD_209 0 + sd_seat_can_multi_session@LIBSYSTEMD_209 0 + sd_seat_can_tty@LIBSYSTEMD_209 0 + sd_seat_get_active@LIBSYSTEMD_209 0 + sd_seat_get_sessions@LIBSYSTEMD_209 0 + sd_session_get_class@LIBSYSTEMD_209 0 + sd_session_get_desktop@LIBSYSTEMD_217 217 + sd_session_get_display@LIBSYSTEMD_209 0 + sd_session_get_remote_host@LIBSYSTEMD_209 0 + sd_session_get_remote_user@LIBSYSTEMD_209 0 + sd_session_get_seat@LIBSYSTEMD_209 0 + sd_session_get_service@LIBSYSTEMD_209 0 + sd_session_get_state@LIBSYSTEMD_209 0 + sd_session_get_tty@LIBSYSTEMD_209 0 + sd_session_get_type@LIBSYSTEMD_209 0 + sd_session_get_uid@LIBSYSTEMD_209 0 + sd_session_get_vt@LIBSYSTEMD_209 0 + sd_session_is_active@LIBSYSTEMD_209 0 + sd_session_is_remote@LIBSYSTEMD_209 0 + sd_uid_get_display@LIBSYSTEMD_213 213 + sd_uid_get_seats@LIBSYSTEMD_209 0 + sd_uid_get_sessions@LIBSYSTEMD_209 0 + sd_uid_get_state@LIBSYSTEMD_209 0 + sd_uid_is_on_seat@LIBSYSTEMD_209 0 + sd_watchdog_enabled@LIBSYSTEMD_209 0 diff --git a/debian/libudev-dev.install b/debian/libudev-dev.install new file mode 100644 index 0000000..4ce781e --- /dev/null +++ b/debian/libudev-dev.install @@ -0,0 +1,5 @@ +lib/*/libudev.so +usr/include/libudev.h +usr/lib/*/pkgconfig/libudev.pc +usr/share/man/man3/udev* +usr/share/man/man3/libudev* diff --git a/debian/libudev-dev.maintscript b/debian/libudev-dev.maintscript new file mode 100644 index 0000000..b2a4042 --- /dev/null +++ b/debian/libudev-dev.maintscript @@ -0,0 +1 @@ +symlink_to_dir /usr/share/doc/libudev-dev libudev1 221-2~ diff --git a/debian/libudev1-udeb.install b/debian/libudev1-udeb.install new file mode 100644 index 0000000..cead438 --- /dev/null +++ b/debian/libudev1-udeb.install @@ -0,0 +1 @@ +lib/*/libudev.so.* diff --git a/debian/libudev1.install b/debian/libudev1.install new file mode 100644 index 0000000..cead438 --- /dev/null +++ b/debian/libudev1.install @@ -0,0 +1 @@ +lib/*/libudev.so.* diff --git a/debian/libudev1.symbols b/debian/libudev1.symbols new file mode 100644 index 0000000..b197893 --- /dev/null +++ b/debian/libudev1.symbols @@ -0,0 +1,97 @@ +libudev.so.1 libudev1 #MINVER# +* Build-Depends-Package: libudev-dev + LIBUDEV_183@LIBUDEV_183 183 + LIBUDEV_189@LIBUDEV_189 189 + LIBUDEV_196@LIBUDEV_196 196 + LIBUDEV_199@LIBUDEV_199 199 + LIBUDEV_215@LIBUDEV_215 215 + udev_device_get_action@LIBUDEV_183 183 + udev_device_get_devlinks_list_entry@LIBUDEV_183 183 + udev_device_get_devnode@LIBUDEV_183 183 + udev_device_get_devnum@LIBUDEV_183 183 + udev_device_get_devpath@LIBUDEV_183 183 + udev_device_get_devtype@LIBUDEV_183 183 + udev_device_get_driver@LIBUDEV_183 183 + udev_device_get_is_initialized@LIBUDEV_183 183 + udev_device_get_parent@LIBUDEV_183 183 + udev_device_get_parent_with_subsystem_devtype@LIBUDEV_183 183 + udev_device_get_properties_list_entry@LIBUDEV_183 183 + udev_device_get_property_value@LIBUDEV_183 183 + udev_device_get_seqnum@LIBUDEV_183 183 + udev_device_get_subsystem@LIBUDEV_183 183 + udev_device_get_sysattr_list_entry@LIBUDEV_183 183 + udev_device_get_sysattr_value@LIBUDEV_183 183 + udev_device_get_sysname@LIBUDEV_183 183 + udev_device_get_sysnum@LIBUDEV_183 183 + udev_device_get_syspath@LIBUDEV_183 183 + udev_device_get_tags_list_entry@LIBUDEV_183 183 + udev_device_get_udev@LIBUDEV_183 183 + udev_device_get_usec_since_initialized@LIBUDEV_183 183 + udev_device_has_tag@LIBUDEV_183 183 + udev_device_new_from_device_id@LIBUDEV_189 189 + udev_device_new_from_devnum@LIBUDEV_183 183 + udev_device_new_from_environment@LIBUDEV_183 183 + udev_device_new_from_subsystem_sysname@LIBUDEV_183 183 + udev_device_new_from_syspath@LIBUDEV_183 183 + udev_device_ref@LIBUDEV_183 183 + udev_device_set_sysattr_value@LIBUDEV_199 199 + udev_device_unref@LIBUDEV_183 183 + udev_enumerate_add_match_is_initialized@LIBUDEV_183 183 + udev_enumerate_add_match_parent@LIBUDEV_183 183 + udev_enumerate_add_match_property@LIBUDEV_183 183 + udev_enumerate_add_match_subsystem@LIBUDEV_183 183 + udev_enumerate_add_match_sysattr@LIBUDEV_183 183 + udev_enumerate_add_match_sysname@LIBUDEV_183 183 + udev_enumerate_add_match_tag@LIBUDEV_183 183 + udev_enumerate_add_nomatch_subsystem@LIBUDEV_183 183 + udev_enumerate_add_nomatch_sysattr@LIBUDEV_183 183 + udev_enumerate_add_syspath@LIBUDEV_183 183 + udev_enumerate_get_list_entry@LIBUDEV_183 183 + udev_enumerate_get_udev@LIBUDEV_183 183 + udev_enumerate_new@LIBUDEV_183 183 + udev_enumerate_ref@LIBUDEV_183 183 + udev_enumerate_scan_devices@LIBUDEV_183 183 + udev_enumerate_scan_subsystems@LIBUDEV_183 183 + udev_enumerate_unref@LIBUDEV_183 183 + udev_get_log_priority@LIBUDEV_183 183 + udev_get_userdata@LIBUDEV_183 183 + udev_hwdb_get_properties_list_entry@LIBUDEV_196 196 + udev_hwdb_new@LIBUDEV_196 196 + udev_hwdb_ref@LIBUDEV_196 196 + udev_hwdb_unref@LIBUDEV_196 196 + udev_list_entry_get_by_name@LIBUDEV_183 183 + udev_list_entry_get_name@LIBUDEV_183 183 + udev_list_entry_get_next@LIBUDEV_183 183 + udev_list_entry_get_value@LIBUDEV_183 183 + udev_monitor_enable_receiving@LIBUDEV_183 183 + udev_monitor_filter_add_match_subsystem_devtype@LIBUDEV_183 183 + udev_monitor_filter_add_match_tag@LIBUDEV_183 183 + udev_monitor_filter_remove@LIBUDEV_183 183 + udev_monitor_filter_update@LIBUDEV_183 183 + udev_monitor_get_fd@LIBUDEV_183 183 + udev_monitor_get_udev@LIBUDEV_183 183 + udev_monitor_new_from_netlink@LIBUDEV_183 183 + udev_monitor_receive_device@LIBUDEV_183 183 + udev_monitor_ref@LIBUDEV_183 183 + udev_monitor_set_receive_buffer_size@LIBUDEV_183 183 + udev_monitor_unref@LIBUDEV_183 183 + udev_new@LIBUDEV_183 183 + udev_queue_flush@LIBUDEV_215 215 + udev_queue_get_fd@LIBUDEV_215 215 + udev_queue_get_kernel_seqnum@LIBUDEV_183 183 + udev_queue_get_queue_is_empty@LIBUDEV_183 183 + udev_queue_get_queued_list_entry@LIBUDEV_183 183 + udev_queue_get_seqnum_is_finished@LIBUDEV_183 183 + udev_queue_get_seqnum_sequence_is_finished@LIBUDEV_183 183 + udev_queue_get_udev@LIBUDEV_183 183 + udev_queue_get_udev_is_active@LIBUDEV_183 183 + udev_queue_get_udev_seqnum@LIBUDEV_183 183 + udev_queue_new@LIBUDEV_183 183 + udev_queue_ref@LIBUDEV_183 183 + udev_queue_unref@LIBUDEV_183 183 + udev_ref@LIBUDEV_183 183 + udev_set_log_fn@LIBUDEV_183 183 + udev_set_log_priority@LIBUDEV_183 183 + udev_set_userdata@LIBUDEV_183 183 + udev_unref@LIBUDEV_183 183 + udev_util_encode_string@LIBUDEV_183 183 diff --git a/debian/patches/Fix-typo-in-function-name.patch b/debian/patches/Fix-typo-in-function-name.patch new file mode 100644 index 0000000..4f3c521 --- /dev/null +++ b/debian/patches/Fix-typo-in-function-name.patch @@ -0,0 +1,77 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 4 Feb 2020 18:39:04 +0100 +Subject: Fix typo in function name + +(cherry picked from commit bc130b6858327b382b07b3985cf48e2aa9016b2d) +(cherry picked from commit b4eb8848240c3540180e4768216a0b884a5ed783) +(cherry picked from commit f14fa558ae9e139c94ee3af4a1ef1df313b2ff66) +(cherry picked from commit dd8aa0871d9cafa60a916d4ec01dd82d64edf7ed) +--- + TODO | 2 +- + src/libsystemd/sd-bus/bus-message.h | 2 +- + src/libsystemd/sd-bus/sd-bus.c | 8 ++++---- + src/shared/bus-polkit.c | 2 +- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/TODO b/TODO +index 462db57..327fead 100644 +--- a/TODO ++++ b/TODO +@@ -138,7 +138,7 @@ Features: + + * the a-posteriori stopping of units bound to units that disappeared logic + should be reworked: there should be a queue of units, and we should only +- enqeue stop jobs from a defer event that processes queue instead of ++ enqueue stop jobs from a defer event that processes queue instead of + right-away when we find a unit that is bound to one that doesn't exist + anymore. (similar to how the stop-unneeded queue has been reworked the same + way) +diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h +index 7fd3f11..849d638 100644 +--- a/src/libsystemd/sd-bus/bus-message.h ++++ b/src/libsystemd/sd-bus/bus-message.h +@@ -211,4 +211,4 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m); + + void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m); + void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m); +-int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m); ++int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m); +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 94380af..c20adcf 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -4145,7 +4145,7 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) { + return bus->close_on_exit; + } + +-int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { ++int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) { + int r; + + assert_return(bus, -EINVAL); +@@ -4157,9 +4157,9 @@ int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { + if (!BUS_IS_OPEN(bus->state)) + return -ENOTCONN; + +- /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication, +- * where we want accept a message, then determine we need to interactively authenticate the user, and +- * when we have that process the message again. */ ++ /* Re-enqueue a message for reading. This is primarily useful for PolicyKit-style authentication, ++ * where we accept a message, then determine we need to interactively authenticate the user, and then ++ * we want to process the message again. */ + + r = bus_rqueue_make_room(bus); + if (r < 0) +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index 02c11aa..d1d2456 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -236,7 +236,7 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e + if (r < 0) + goto fail; + +- r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request); ++ r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request); + if (r < 0) + goto fail; + diff --git a/debian/patches/Re-add-uaccess-tag-for-dev-dri-renderD.patch b/debian/patches/Re-add-uaccess-tag-for-dev-dri-renderD.patch new file mode 100644 index 0000000..58d2b5d --- /dev/null +++ b/debian/patches/Re-add-uaccess-tag-for-dev-dri-renderD.patch @@ -0,0 +1,49 @@ +From: Michael Biebl <biebl@debian.org> +Date: Wed, 13 Mar 2019 23:22:26 +0100 +Subject: Re-add uaccess tag for /dev/dri/renderD* + +Setting an access mode != 0666 is explicitly supported via -Dgroup-render-mode +In such a case, re-add the uaccess tag. + +This is basically the same change that was done for /dev/kvm in +commit fa53e24130af3a389573acb9585eadbf7192955f and +ace5e3111c0b8d8bfd84b32f2c689b0a4d92c061 +and partially reverts the changes from +4e15a7343cb389e97f3eb4f49699161862d8b8b2 + +(cherry picked from commit 055a083a47de968744c4988fe305592477118c86) +--- + meson.build | 4 +++- + src/login/70-uaccess.rules.m4 | 4 ++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 56c98b9..d340736 100644 +--- a/meson.build ++++ b/meson.build +@@ -818,7 +818,9 @@ conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group')) + dev_kvm_mode = get_option('dev-kvm-mode') + substs.set('DEV_KVM_MODE', dev_kvm_mode) + conf.set10('DEV_KVM_UACCESS', dev_kvm_mode != '0666') +-substs.set('GROUP_RENDER_MODE', get_option('group-render-mode')) ++group_render_mode = get_option('group-render-mode') ++substs.set('GROUP_RENDER_MODE', group_render_mode) ++conf.set10('GROUP_RENDER_UACCESS', group_render_mode != '0666') + + kill_user_processes = get_option('default-kill-user-processes') + conf.set10('KILL_USER_PROCESSES', kill_user_processes) +diff --git a/src/login/70-uaccess.rules.m4 b/src/login/70-uaccess.rules.m4 +index d55e5bf..4bb144a 100644 +--- a/src/login/70-uaccess.rules.m4 ++++ b/src/login/70-uaccess.rules.m4 +@@ -46,6 +46,10 @@ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess" + + # DRI video devices + SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess" ++m4_ifdef(`GROUP_RENDER_UACCESS',`` ++# DRI render nodes ++SUBSYSTEM=="drm", KERNEL=="renderD*", TAG+="uaccess"'' ++)m4_dnl + m4_ifdef(`DEV_KVM_UACCESS',`` + # KVM + SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"'' diff --git a/debian/patches/ask-password-prevent-buffer-overflow-when-reading-from-ke.patch b/debian/patches/ask-password-prevent-buffer-overflow-when-reading-from-ke.patch new file mode 100644 index 0000000..dc46353 --- /dev/null +++ b/debian/patches/ask-password-prevent-buffer-overflow-when-reading-from-ke.patch @@ -0,0 +1,32 @@ +From: Michael Biebl <biebl@debian.org> +Date: Thu, 27 Jun 2019 15:02:40 +0200 +Subject: ask-password: prevent buffer overflow when reading from keyring + +When we read from keyring, a temporary buffer is allocated in order to +determine the size needed for the entire data. However, when zeroing that area, +we use the data size returned by the read instead of the lesser size allocate +for the buffer. + +That will cause memory corruption that causes systemd-cryptsetup to crash +either when a single large password is used or when multiple passwords have +already been pushed to the keyring. + +Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693) +--- + src/shared/ask-password-api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c +index 072bf72..97a800f 100644 +--- a/src/shared/ask-password-api.c ++++ b/src/shared/ask-password-api.c +@@ -81,7 +81,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) { + if (n < m) + break; + +- explicit_bzero_safe(p, n); ++ explicit_bzero_safe(p, m); + free(p); + m *= 2; + } diff --git a/debian/patches/bash-completion-use-default-completion-for-redirect-opera.patch b/debian/patches/bash-completion-use-default-completion-for-redirect-opera.patch new file mode 100644 index 0000000..053ed73 --- /dev/null +++ b/debian/patches/bash-completion-use-default-completion-for-redirect-opera.patch @@ -0,0 +1,27 @@ +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Sat, 23 Mar 2019 21:49:17 +0100 +Subject: bash-completion: use default completion for redirect operators + +(cherry picked from commit 1413763ea540a897852494259cb949fe01e1e7e7) +--- + shell-completion/bash/journalctl | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/shell-completion/bash/journalctl b/shell-completion/bash/journalctl +index bcd4533..5a6a3da 100644 +--- a/shell-completion/bash/journalctl ++++ b/shell-completion/bash/journalctl +@@ -52,6 +52,13 @@ _journalctl() { + --vacuum-size --vacuum-time --vacuum-files --output-fields' + ) + ++ # Use the default completion for shell redirect operators ++ if __contains_word "$prev" '>' '>>' '&>'; then ++ compopt -o filenames ++ COMPREPLY=( $(compgen -f -- "$cur") ) ++ return 0; ++ fi ++ + if __contains_word "$prev" ${OPTS[ARG]} ${OPTS[ARGUNKNOWN]}; then + case $prev in + --boot|-b) diff --git a/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch b/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch new file mode 100644 index 0000000..3b9eb09 --- /dev/null +++ b/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch @@ -0,0 +1,87 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 9 Jul 2020 23:15:47 +0200 +Subject: basic/cap-list: parse/print numerical capabilities + +We would refuse to print capabilities which were didn't have a name +for. The kernel adds new capabilities from time to time, most recently +cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with +"Failed to parse bus message: Invalid argument" because +capability_set_to_string_alloc() would fail with -EINVAL. So let's +print such capabilities in hexadecimal: + +CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search + cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap + cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin + cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16 + 0x17 0x18 0x19 0x1a ... + +For symmetry, also allow capabilities that we don't know to be specified. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736. + +(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329) +--- + src/basic/cap-list.c | 10 +++++++--- + src/test/test-cap-list.c | 4 +++- + 2 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c +index 29a17d9..b72b037 100644 +--- a/src/basic/cap-list.c ++++ b/src/basic/cap-list.c +@@ -10,6 +10,7 @@ + #include "macro.h" + #include "missing.h" + #include "parse-util.h" ++#include "stdio-util.h" + #include "util.h" + + static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len); +@@ -37,7 +38,7 @@ int capability_from_name(const char *name) { + /* Try to parse numeric capability */ + r = safe_atoi(name, &i); + if (r >= 0) { +- if (i >= 0 && (size_t) i < ELEMENTSOF(capability_names)) ++ if (i >= 0 && i < 64) + return i; + else + return -EINVAL; +@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) { + for (i = 0; i < cap_last_cap(); i++) + if (set & (UINT64_C(1) << i)) { + const char *p; ++ char buf[2 + 16 + 1]; + size_t add; + + p = capability_to_name(i); +- if (!p) +- return -EINVAL; ++ if (!p) { ++ xsprintf(buf, "0x%lx", i); ++ p = buf; ++ } + + add = strlen(p); + +diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c +index de5fa72..84bbb7b 100644 +--- a/src/test/test-cap-list.c ++++ b/src/test/test-cap-list.c +@@ -30,6 +30,8 @@ static void test_cap_list(void) { + assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ); + assert_se(capability_from_name("0") == 0); + assert_se(capability_from_name("15") == 15); ++ assert_se(capability_from_name("63") == 63); ++ assert_se(capability_from_name("64") == -EINVAL); + assert_se(capability_from_name("-1") == -EINVAL); + + for (i = 0; i < capability_list_length(); i++) { +@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) { + + free(t1); + assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t, +- " hogehoge foobar 12345 3.14 -3 ", t)); ++ " hogehoge foobar 18446744073709551616 3.14 -3 ", t)); + assert_se(capability_set_from_string(t1, &c1) == 0); + assert_se(c1 == c_masked); + } diff --git a/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch b/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch new file mode 100644 index 0000000..0faa7d1 --- /dev/null +++ b/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch @@ -0,0 +1,64 @@ +From bae2f0d1109a8c75a7fb89ae6b8d1b6ef8dfab16 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 23 Jun 2021 11:46:41 +0200 +Subject: basic/unit-name: do not use strdupa() on a path + +The path may have unbounded length, for example through a fuse mount. + +CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and +ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo +and each mountpoint is passed to mount_setup_unit(), which calls +unit_name_path_escape() underneath. A local attacker who is able to mount a +filesystem with a very long path can crash systemd and the whole system. + +https://bugzilla.redhat.com/show_bug.cgi?id=1970887 + +The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we +can't easily check the length after simplification before doing the +simplification, which in turns uses a copy of the string we can write to. +So we can't reject paths that are too long before doing the duplication. +Hence the most obvious solution is to switch back to strdup(), as before +7410616cd9dbbec97cf98d75324da5cda2b2f7a2. +--- + src/basic/unit-name.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c +index 284a77348316..a22763443fdd 100644 +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { + } + + int unit_name_path_escape(const char *f, char **ret) { +- char *p, *s; ++ _cleanup_free_ char *p = NULL; ++ char *s; + + assert(f); + assert(ret); + +- p = strdupa(f); ++ p = strdup(f); + if (!p) + return -ENOMEM; + +@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { + if (!path_is_normalized(p)) + return -EINVAL; + +- /* Truncate trailing slashes */ ++ /* Truncate trailing slashes and skip leading slashes */ + delete_trailing_chars(p, "/"); +- +- /* Truncate leading slashes */ +- p = skip_leading_chars(p, "/"); +- +- s = unit_name_escape(p); ++ s = unit_name_escape(skip_leading_chars(p, "/")); + } + if (!s) + return -ENOMEM; +-- +2.32.0 + diff --git a/debian/patches/bus-polkit-rename-return-error-parameter-to-ret_error.patch b/debian/patches/bus-polkit-rename-return-error-parameter-to-ret_error.patch new file mode 100644 index 0000000..a7c9cc5 --- /dev/null +++ b/debian/patches/bus-polkit-rename-return-error-parameter-to-ret_error.patch @@ -0,0 +1,67 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 14:29:43 +0100 +Subject: bus-polkit: rename return error parameter to ret_error + +(cherry picked from commit 773b1a7916bfce3aa2a21ecf534d475032e8528e) +(cherry picked from commit 5b2442d5c3ec1c86a3a8d1c1abe3234a570ba5e6) +(cherry picked from commit 4441844d5889a39d9d059c30e5d94c916d9d6735) +(cherry picked from commit 816d5e2d6dd83a3bd0ff56a352295831cb937198) +--- + src/shared/bus-polkit.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index da4aee5..f93aa17 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -37,7 +37,7 @@ int bus_test_polkit( + const char **details, + uid_t good_user, + bool *_challenge, +- sd_bus_error *e) { ++ sd_bus_error *ret_error) { + + int r; + +@@ -102,11 +102,11 @@ int bus_test_polkit( + if (r < 0) + return r; + +- r = sd_bus_call(call->bus, request, 0, e, &reply); ++ r = sd_bus_call(call->bus, request, 0, ret_error, &reply); + if (r < 0) { + /* Treat no PK available as access denied */ +- if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) { +- sd_bus_error_free(e); ++ if (sd_bus_error_has_name(ret_error, SD_BUS_ERROR_SERVICE_UNKNOWN)) { ++ sd_bus_error_free(ret_error); + return -EACCES; + } + +@@ -196,7 +196,7 @@ int bus_verify_polkit_async( + bool interactive, + uid_t good_user, + Hashmap **registry, +- sd_bus_error *error) { ++ sd_bus_error *ret_error) { + + #if ENABLE_POLKIT + _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; +@@ -237,7 +237,7 @@ int bus_verify_polkit_async( + return -EACCES; + + /* Copy error from polkit reply */ +- sd_bus_error_copy(error, e); ++ sd_bus_error_copy(ret_error, e); + return -sd_bus_error_get_errno(e); + } + +@@ -251,7 +251,7 @@ int bus_verify_polkit_async( + return 1; + + if (challenge) +- return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); ++ return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); + + return -EACCES; + } diff --git a/debian/patches/bus-util-treat-org.freedesktop.DBus.Error.ServiceUnknown-.patch b/debian/patches/bus-util-treat-org.freedesktop.DBus.Error.ServiceUnknown-.patch new file mode 100644 index 0000000..ffd349f --- /dev/null +++ b/debian/patches/bus-util-treat-org.freedesktop.DBus.Error.ServiceUnknown-.patch @@ -0,0 +1,34 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 4 Apr 2019 13:35:29 +0900 +Subject: bus-util: treat org.freedesktop.DBus.Error.ServiceUnknown nicely + when polkit does not exist + +Fixes #12209. + +(cherry picked from commit 8c69fe79df6394f6b8b8d0bb536a265caf417868) +(cherry picked from commit 0bb488b22144aeb87d93e97123f71babe116261f) +--- + src/shared/bus-util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index 9d31fba..a406dd8 100644 +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -410,14 +410,14 @@ int bus_verify_polkit_async( + if (sd_bus_message_is_method_error(q->reply, NULL)) { + const sd_bus_error *e; + +- /* Copy error from polkit reply */ + e = sd_bus_message_get_error(q->reply); +- sd_bus_error_copy(error, e); + + /* Treat no PK available as access denied */ + if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) + return -EACCES; + ++ /* Copy error from polkit reply */ ++ sd_bus_error_copy(error, e); + return -sd_bus_error_get_errno(e); + } + diff --git a/debian/patches/cgtop-Fix-processing-of-controllers-other-than-CPU.patch b/debian/patches/cgtop-Fix-processing-of-controllers-other-than-CPU.patch new file mode 100644 index 0000000..f18ecb2 --- /dev/null +++ b/debian/patches/cgtop-Fix-processing-of-controllers-other-than-CPU.patch @@ -0,0 +1,169 @@ +From: Szabolcs Fruhwald <sfruhwald@google.com> +Date: Wed, 20 Feb 2019 12:38:50 -0800 +Subject: cgtop: Fix processing of controllers other than CPU + +After debugging the issue with gdb, I found that the following change + + 94ddb08 "cgtop: Still try to get CPU statistics if controller-free" + +has introduced a bug, which prevents process(..) method processing +memory and io controllers when cpu_accounting_is_cheap() is true. +The obvious fix is to move this branch to be the last one, keeping +the intended behavior of the above change, without having a negative +effect on the other controllers. + +Fixes #11773 [systemd-cgtop no longer shows memory (and io) usage] + +(cherry picked from commit 5fe74e893c7939a360dc4eb75dbf3f540526c968) +--- + src/cgtop/cgtop.c | 130 +++++++++++++++++++++++++++--------------------------- + 1 file changed, 65 insertions(+), 65 deletions(-) + +diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c +index b3bda30..ab3b979 100644 +--- a/src/cgtop/cgtop.c ++++ b/src/cgtop/cgtop.c +@@ -223,71 +223,6 @@ static int process( + if (g->n_tasks > 0) + g->n_tasks_valid = true; + +- } else if (STR_IN_SET(controller, "cpu", "cpuacct") || cpu_accounting_is_cheap()) { +- _cleanup_free_ char *p = NULL, *v = NULL; +- uint64_t new_usage; +- nsec_t timestamp; +- +- if (is_root_cgroup(path)) { +- r = procfs_cpu_get_usage(&new_usage); +- if (r < 0) +- return r; +- } else if (all_unified) { +- _cleanup_free_ char *val = NULL; +- +- if (!streq(controller, "cpu")) +- return 0; +- +- r = cg_get_keyed_attribute("cpu", path, "cpu.stat", STRV_MAKE("usage_usec"), &val); +- if (IN_SET(r, -ENOENT, -ENXIO)) +- return 0; +- if (r < 0) +- return r; +- +- r = safe_atou64(val, &new_usage); +- if (r < 0) +- return r; +- +- new_usage *= NSEC_PER_USEC; +- } else { +- if (!streq(controller, "cpuacct")) +- return 0; +- +- r = cg_get_path(controller, path, "cpuacct.usage", &p); +- if (r < 0) +- return r; +- +- r = read_one_line_file(p, &v); +- if (r == -ENOENT) +- return 0; +- if (r < 0) +- return r; +- +- r = safe_atou64(v, &new_usage); +- if (r < 0) +- return r; +- } +- +- timestamp = now_nsec(CLOCK_MONOTONIC); +- +- if (g->cpu_iteration == iteration - 1 && +- (nsec_t) new_usage > g->cpu_usage) { +- +- nsec_t x, y; +- +- x = timestamp - g->cpu_timestamp; +- if (x < 1) +- x = 1; +- +- y = (nsec_t) new_usage - g->cpu_usage; +- g->cpu_fraction = (double) y / (double) x; +- g->cpu_valid = true; +- } +- +- g->cpu_usage = (nsec_t) new_usage; +- g->cpu_timestamp = timestamp; +- g->cpu_iteration = iteration; +- + } else if (streq(controller, "memory")) { + + if (is_root_cgroup(path)) { +@@ -411,6 +346,71 @@ static int process( + g->io_output = wr; + g->io_timestamp = timestamp; + g->io_iteration = iteration; ++ } else if (STR_IN_SET(controller, "cpu", "cpuacct") || cpu_accounting_is_cheap()) { ++ _cleanup_free_ char *p = NULL, *v = NULL; ++ uint64_t new_usage; ++ nsec_t timestamp; ++ ++ if (is_root_cgroup(path)) { ++ r = procfs_cpu_get_usage(&new_usage); ++ if (r < 0) ++ return r; ++ } else if (all_unified) { ++ _cleanup_free_ char *val = NULL; ++ ++ if (!streq(controller, "cpu")) ++ return 0; ++ ++ r = cg_get_keyed_attribute("cpu", path, "cpu.stat", STRV_MAKE("usage_usec"), &val); ++ if (IN_SET(r, -ENOENT, -ENXIO)) ++ return 0; ++ if (r < 0) ++ return r; ++ ++ r = safe_atou64(val, &new_usage); ++ if (r < 0) ++ return r; ++ ++ new_usage *= NSEC_PER_USEC; ++ } else { ++ if (!streq(controller, "cpuacct")) ++ return 0; ++ ++ r = cg_get_path(controller, path, "cpuacct.usage", &p); ++ if (r < 0) ++ return r; ++ ++ r = read_one_line_file(p, &v); ++ if (r == -ENOENT) ++ return 0; ++ if (r < 0) ++ return r; ++ ++ r = safe_atou64(v, &new_usage); ++ if (r < 0) ++ return r; ++ } ++ ++ timestamp = now_nsec(CLOCK_MONOTONIC); ++ ++ if (g->cpu_iteration == iteration - 1 && ++ (nsec_t) new_usage > g->cpu_usage) { ++ ++ nsec_t x, y; ++ ++ x = timestamp - g->cpu_timestamp; ++ if (x < 1) ++ x = 1; ++ ++ y = (nsec_t) new_usage - g->cpu_usage; ++ g->cpu_fraction = (double) y / (double) x; ++ g->cpu_valid = true; ++ } ++ ++ g->cpu_usage = (nsec_t) new_usage; ++ g->cpu_timestamp = timestamp; ++ g->cpu_iteration = iteration; ++ + } + + if (ret) diff --git a/debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch b/debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch new file mode 100644 index 0000000..6f8b0fc --- /dev/null +++ b/debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch @@ -0,0 +1,85 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 14 Mar 2019 17:19:30 +0100 +Subject: core: change ownership/mode of the execution directories also for + static users + +It's probably unexpected if we do a recursive chown() when dynamic users +are used but not on static users. + +hence, let's tweak the logic slightly, and recursively chown in both +cases, except when operating on the configuration directory. + +Fixes: #11842 +(cherry picked from commit 206e9864de460dd79d9edd7bedb47dee168765e1) +--- + src/core/execute.c | 47 ++++++++++++++++++++++++++--------------------- + 1 file changed, 26 insertions(+), 21 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 5486e37..5c3930e 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2151,37 +2151,42 @@ static int setup_exec_directory( + if (r < 0) + goto fail; + +- /* Lock down the access mode */ +- if (chmod(pp, context->directories[type].mode) < 0) { +- r = -errno; +- goto fail; +- } + } else { + r = mkdir_label(p, context->directories[type].mode); + if (r < 0) { +- struct stat st; +- + if (r != -EEXIST) + goto fail; + +- if (stat(p, &st) < 0) { +- r = -errno; +- goto fail; +- } +- if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0) +- log_warning("%s \'%s\' already exists but the mode is different. " +- "(filesystem: %o %sMode: %o)", +- exec_directory_type_to_string(type), *rt, +- st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777); +- if (!context->dynamic_user) ++ if (type == EXEC_DIRECTORY_CONFIGURATION) { ++ struct stat st; ++ ++ /* Don't change the owner/access mode of the configuration directory, ++ * as in the common case it is not written to by a service, and shall ++ * not be writable. */ ++ ++ if (stat(p, &st) < 0) { ++ r = -errno; ++ goto fail; ++ } ++ ++ /* Still complain if the access mode doesn't match */ ++ if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0) ++ log_warning("%s \'%s\' already exists but the mode is different. " ++ "(File system: %o %sMode: %o)", ++ exec_directory_type_to_string(type), *rt, ++ st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777); ++ + continue; ++ } + } + } + +- /* Don't change the owner of the configuration directory, as in the common case it is not written to by +- * a service, and shall not be writable. */ +- if (type == EXEC_DIRECTORY_CONFIGURATION) +- continue; ++ /* Lock down the access mode (we use chmod_and_chown() to make this idempotent. We don't ++ * specifiy UID/GID here, so that path_chown_recursive() can optimize things depending on the ++ * current UID/GID ownership.) */ ++ r = chmod_and_chown(pp ?: p, context->directories[type].mode, UID_INVALID, GID_INVALID); ++ if (r < 0) ++ goto fail; + + /* Then, change the ownership of the whole tree, if necessary */ + r = path_chown_recursive(pp ?: p, uid, gid); diff --git a/debian/patches/core-factor-root_directory-application-out-of-apply_worki.patch b/debian/patches/core-factor-root_directory-application-out-of-apply_worki.patch new file mode 100644 index 0000000..3ee945a --- /dev/null +++ b/debian/patches/core-factor-root_directory-application-out-of-apply_worki.patch @@ -0,0 +1,89 @@ +From: Joerg Behrmann <behrmann@physik.fu-berlin.de> +Date: Fri, 21 Jun 2019 13:51:53 +0200 +Subject: core: factor root_directory application out of + apply_working_directory + +Fixes: #12498 +(cherry picked from commit fa97f63067a05b4e793fd4e0a2b54797459b4812) +--- + src/core/execute.c | 38 ++++++++++++++++++++++++++++---------- + 1 file changed, 28 insertions(+), 10 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index a708231..47518f4 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2480,7 +2480,6 @@ static int apply_working_directory( + const ExecContext *context, + const ExecParameters *params, + const char *home, +- const bool needs_mount_ns, + int *exit_status) { + + const char *d, *wd; +@@ -2502,15 +2501,9 @@ static int apply_working_directory( + else + wd = "/"; + +- if (params->flags & EXEC_APPLY_CHROOT) { +- if (!needs_mount_ns && context->root_directory) +- if (chroot(context->root_directory) < 0) { +- *exit_status = EXIT_CHROOT; +- return -errno; +- } +- ++ if (params->flags & EXEC_APPLY_CHROOT) + d = wd; +- } else ++ else + d = prefix_roota(context->root_directory, wd); + + if (chdir(d) < 0 && !context->working_directory_missing_ok) { +@@ -2521,6 +2514,26 @@ static int apply_working_directory( + return 0; + } + ++static int apply_root_directory( ++ const ExecContext *context, ++ const ExecParameters *params, ++ const bool needs_mount_ns, ++ int *exit_status) { ++ ++ assert(context); ++ assert(exit_status); ++ ++ if (params->flags & EXEC_APPLY_CHROOT) { ++ if (!needs_mount_ns && context->root_directory) ++ if (chroot(context->root_directory) < 0) { ++ *exit_status = EXIT_CHROOT; ++ return -errno; ++ } ++ } ++ ++ return 0; ++} ++ + static int setup_keyring( + const Unit *u, + const ExecContext *context, +@@ -3425,6 +3438,11 @@ static int exec_child( + } + } + ++ /* chroot to root directory first, before we lose the ability to chroot */ ++ r = apply_root_directory(context, params, needs_mount_namespace, exit_status); ++ if (r < 0) ++ return log_unit_error_errno(unit, r, "Chrooting to the requested root directory failed: %m"); ++ + if (needs_setuid) { + if (context->user) { + r = enforce_user(context, uid); +@@ -3457,7 +3475,7 @@ static int exec_child( + + /* Apply working directory here, because the working directory might be on NFS and only the user running + * this service might have the correct privilege to change to the working directory */ +- r = apply_working_directory(context, params, home, needs_mount_namespace, exit_status); ++ r = apply_working_directory(context, params, home, exit_status); + if (r < 0) + return log_unit_error_errno(unit, r, "Changing to the requested working directory failed: %m"); + diff --git a/debian/patches/core-make-sure-to-restore-the-control-command-id-too.patch b/debian/patches/core-make-sure-to-restore-the-control-command-id-too.patch new file mode 100644 index 0000000..5df25ac --- /dev/null +++ b/debian/patches/core-make-sure-to-restore-the-control-command-id-too.patch @@ -0,0 +1,27 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Apr 2020 20:34:02 +0200 +Subject: core: make sure to restore the control command id, too + +Fixes: #15356 +(cherry picked from commit e9da62b18af647bfa73807e1c7fc3bfa4bb4b2ac) +--- + src/core/service.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 5f5bcb3..eb66884 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2689,9 +2689,10 @@ static int service_deserialize_exec_command(Unit *u, const char *key, const char + break; + } + +- if (command && control) ++ if (command && control) { + s->control_command = command; +- else if (command) ++ s->control_command_id = id; ++ } else if (command) + s->main_command = command; + else + log_unit_warning(u, "Current command vanished from the unit file, execution of the command list won't be resumed."); diff --git a/debian/patches/core-never-propagate-reload-failure-to-service-result.patch b/debian/patches/core-never-propagate-reload-failure-to-service-result.patch new file mode 100644 index 0000000..062434d --- /dev/null +++ b/debian/patches/core-never-propagate-reload-failure-to-service-result.patch @@ -0,0 +1,23 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 17 Jul 2019 19:16:33 +0200 +Subject: core: never propagate reload failure to service result + +Fixes: #11238 +(cherry picked from commit d611cfa748aaf600832160132774074e808c82c7) +--- + src/core/service.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 324dcf2..5f5bcb3 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -3335,7 +3335,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { + service_exec_command_to_string(s->control_command_id), + code, status); + +- if (s->result == SERVICE_SUCCESS) ++ if (s->state != SERVICE_RELOAD && s->result == SERVICE_SUCCESS) + s->result = f; + + if (s->control_command && diff --git a/debian/patches/core-set-fs.file-max-sysctl-to-LONG_MAX-rather-than-ULONG.patch b/debian/patches/core-set-fs.file-max-sysctl-to-LONG_MAX-rather-than-ULONG.patch new file mode 100644 index 0000000..6465a1f --- /dev/null +++ b/debian/patches/core-set-fs.file-max-sysctl-to-LONG_MAX-rather-than-ULONG.patch @@ -0,0 +1,34 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 17 Jun 2019 10:51:25 +0200 +Subject: core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX + +Since kernel 5.2 the kernel thankfully returns proper errors when we +write a value out of range to the sysctl. Which however breaks writing +ULONG_MAX to request the maximum value. Hence let's write the new +maximum value instead, LONG_MAX. + +/cc @brauner + +Fixes: #12803 +(cherry picked from commit 6e2f78948403a4cce45b9e34311c9577c624f066) +--- + src/core/main.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index bc7fcc6..255e204 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1200,9 +1200,9 @@ static void bump_file_max_and_nr_open(void) { + #endif + + #if BUMP_PROC_SYS_FS_FILE_MAX +- /* I so wanted to use STRINGIFY(ULONG_MAX) here, but alas we can't as glibc/gcc define that as +- * "(0x7fffffffffffffffL * 2UL + 1UL)". Seriously. 😢 */ +- if (asprintf(&t, "%lu\n", ULONG_MAX) < 0) { ++ /* The maximum the kernel allows for this since 5.2 is LONG_MAX, use that. (Previously thing where ++ * different but the operation would fail silently.) */ ++ if (asprintf(&t, "%li\n", LONG_MAX) < 0) { + log_oom(); + return; + } diff --git a/debian/patches/core-unset-HOME-that-the-kernel-gives-us.patch b/debian/patches/core-unset-HOME-that-the-kernel-gives-us.patch new file mode 100644 index 0000000..8ef74c1 --- /dev/null +++ b/debian/patches/core-unset-HOME-that-the-kernel-gives-us.patch @@ -0,0 +1,30 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 21 May 2019 19:26:12 +0200 +Subject: core: unset HOME=/ that the kernel gives us + +Partially fixes #12389. + +%h would return "/" in a machine, but "/root" in a container. Let's fix +this by resetting $HOME to the expected value. + +(cherry picked from commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db) +--- + src/core/main.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/core/main.c b/src/core/main.c +index 561f956..bc7fcc6 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1503,6 +1503,11 @@ static int fixup_environment(void) { + if (setenv("TERM", t, 1) < 0) + return -errno; + ++ /* The kernels sets HOME=/ for init. Let's undo this. */ ++ if (path_equal_ptr(getenv("HOME"), "/") && ++ unsetenv("HOME") < 0) ++ log_warning_errno(errno, "Failed to unset $HOME: %m"); ++ + return 0; + } + diff --git a/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch new file mode 100644 index 0000000..06d83d5 --- /dev/null +++ b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch @@ -0,0 +1,77 @@ +From: Martin Pitt <mpitt@debian.org> +Date: Wed, 18 Jan 2017 11:21:35 +0100 +Subject: Add env variable for machine ID path + +During package build, in minimal chroots, or other systems which do not already +have an /etc/machine-id we get six test failures. Introduce a +$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location +other than /etc/machine-id, so that the unit tests are independent from the +environment. + +Also adjust test-fs-util to not assume that /etc/machine-id exists. Use +/etc/passwd instead which is created by base-files. + +Closes: #851445 + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344 +--- + src/libsystemd/sd-id128/sd-id128.c | 2 +- + src/test/test-fs-util.c | 11 +++++++---- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c +index e72af15..b194143 100644 +--- a/src/libsystemd/sd-id128/sd-id128.c ++++ b/src/libsystemd/sd-id128/sd-id128.c +@@ -88,7 +88,7 @@ _public_ int sd_id128_get_machine(sd_id128_t *ret) { + assert_return(ret, -EINVAL); + + if (sd_id128_is_null(saved_machine_id)) { +- r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id); ++ r = id128_read(getenv("SYSTEMD_MACHINE_ID_PATH") ?: "/etc/machine-id", ID128_PLAIN, &saved_machine_id); + if (r < 0) + return r; + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index e049abc..fef8515 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -185,7 +185,7 @@ static void test_chase_symlinks(void) { + assert_se(streq(result, "/test-chase.fsldajfl")); + result = mfree(result); + +- r = chase_symlinks("/etc/machine-id/foo", NULL, 0, &result); ++ r = chase_symlinks("/etc/passwd/foo", NULL, 0, &result); + assert_se(r == -ENOTDIR); + result = mfree(result); + +@@ -258,23 +258,26 @@ static void test_chase_symlinks(void) { + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0); + } + +- p = strjoina(temp, "/machine-id-test"); +- assert_se(symlink("/usr/../etc/./machine-id", p) >= 0); ++ p = strjoina(temp, "/passwd-test"); ++ assert_se(symlink("/usr/../etc/./passwd", p) >= 0); + + pfd = chase_symlinks(p, NULL, CHASE_OPEN, NULL); + if (pfd != -ENOENT) { + _cleanup_close_ int fd = -1; ++/* + sd_id128_t a, b; ++*/ + + assert_se(pfd >= 0); + + fd = fd_reopen(pfd, O_RDONLY|O_CLOEXEC); + assert_se(fd >= 0); + safe_close(pfd); +- ++/* + assert_se(id128_read_fd(fd, ID128_PLAIN, &a) >= 0); + assert_se(sd_id128_get_machine(&b) >= 0); + assert_se(sd_id128_equal(a, b)); ++*/ + } + + /* Test CHASE_NOFOLLOW */ diff --git a/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch new file mode 100644 index 0000000..6ac1c00 --- /dev/null +++ b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch @@ -0,0 +1,30 @@ +From: Julien Muchembled <jm@jmuchemb.eu> +Date: Tue, 29 Apr 2014 11:40:50 +0200 +Subject: Add support for TuxOnIce hibernation + +systemd does not support non-mainline kernel features so upstream rejected this +patch. +It is however required for systemd integration by tuxonice-userui package. + +Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html +--- + src/shared/sleep-config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c +index 2e22bd0..b5050ea 100644 +--- a/src/shared/sleep-config.c ++++ b/src/shared/sleep-config.c +@@ -267,6 +267,12 @@ static bool enough_swap_for_hibernation(void) { + if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0) + return true; + ++ /* TuxOnIce is an alternate implementation for hibernation. ++ * It can be configured to compress the image to a file or an inactive ++ * swap partition, so there's nothing more we can do here. */ ++ if (access("/sys/power/tuxonice", F_OK) == 0) ++ return true; ++ + r = find_hibernate_location(NULL, NULL, &size, &used); + if (r < 0) + return false; diff --git a/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch new file mode 100644 index 0000000..085bafd --- /dev/null +++ b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch @@ -0,0 +1,24 @@ +From: Tollef Fog Heen <tfheen@err.no> +Date: Tue, 5 Jun 2012 20:59:36 +0200 +Subject: Bring tmpfiles.d/tmp.conf in line with Debian defaults + +Closes: #675422 +--- + tmpfiles.d/tmp.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf +index 22555a0..8fb117f 100644 +--- a/tmpfiles.d/tmp.conf ++++ b/tmpfiles.d/tmp.conf +@@ -8,8 +8,8 @@ + # See tmpfiles.d(5) for details + + # Clear tmp directories separately, to make them easier to override +-q /tmp 1777 root root 10d +-q /var/tmp 1777 root root 30d ++D /tmp 1777 root root - ++#q /var/tmp 1777 root root 30d + + # Exclude namespace mountpoints created with PrivateTmp=yes + x /tmp/systemd-private-%b-* diff --git a/debian/patches/debian/Don-t-enable-audit-by-default.patch b/debian/patches/debian/Don-t-enable-audit-by-default.patch new file mode 100644 index 0000000..f58ce24 --- /dev/null +++ b/debian/patches/debian/Don-t-enable-audit-by-default.patch @@ -0,0 +1,30 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Sun, 28 Dec 2014 12:49:35 +0100 +Subject: Don't enable audit by default + +It causes flooding of dmesg and syslog, suppressing actually important +messages. + +Don't enable it for now, until a better solution is found: +http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html + +Bug-Debian: https://bugs.debian.org/773528 +--- + src/journal/journald-audit.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c +index accbad4..e62b1ee 100644 +--- a/src/journal/journald-audit.c ++++ b/src/journal/journald-audit.c +@@ -536,10 +536,5 @@ int server_open_audit(Server *s) { + if (r < 0) + return log_error_errno(r, "Failed to add audit fd to event loop: %m"); + +- /* We are listening now, try to enable audit */ +- r = enable_audit(s->audit_fd, true); +- if (r < 0) +- log_warning_errno(r, "Failed to issue audit enable call: %m"); +- + return 0; + } diff --git a/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch new file mode 100644 index 0000000..3ac8c83 --- /dev/null +++ b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch @@ -0,0 +1,31 @@ +From: Michael Biebl <biebl@debian.org> +Date: Wed, 18 Jul 2018 23:49:16 +0200 +Subject: Drop seccomp system call filter for udev + +The seccomp based system call whitelist requires at least systemd 239 to +be the active init and during a dist-upgrade we can't guarantee that +systemd has been fully configured before udev is restarted. + +This partially reverts upstream commit +ee8f26180d01e3ddd4e5f20b03b81e5e737657ae. + +Once buster is released, this patch can be dropped. + +Closes: #903224 +--- + units/systemd-udevd.service.in | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in +index 6a3814e..2b9fa69 100644 +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -29,8 +29,6 @@ PrivateMounts=yes + MemoryDenyWriteExecute=yes + RestrictRealtime=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +-SystemCallFilter=@system-service @module @raw-io +-SystemCallErrorNumber=EPERM + SystemCallArchitectures=native + LockPersonality=yes + IPAddressDeny=any diff --git a/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch new file mode 100644 index 0000000..d48d61c --- /dev/null +++ b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch @@ -0,0 +1,22 @@ +From: Iain Lane <iain@orangesquash.org.uk> +Date: Mon, 22 Aug 2016 07:03:27 +0200 +Subject: Let graphical-session-pre.target be manually started + +This is needed until https://github.com/systemd/systemd/issues/3750 is fixed. + +Forwarded: not-needed +Bug-Ubuntu: https://launchpad.net/bugs/1615341 +--- + units/user/graphical-session-pre.target | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target +index 3adfc5a..c4e1001 100644 +--- a/units/user/graphical-session-pre.target ++++ b/units/user/graphical-session-pre.target +@@ -12,5 +12,4 @@ Description=Session services which should run early before the graphical session + Documentation=man:systemd.special(7) + Requires=basic.target + Before=graphical-session.target +-RefuseManualStart=yes + StopWhenUnneeded=yes diff --git a/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch new file mode 100644 index 0000000..f53f723 --- /dev/null +++ b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch @@ -0,0 +1,42 @@ +From: Michael Biebl <biebl@debian.org> +Date: Fri, 5 Sep 2014 01:15:16 +0200 +Subject: Make /run/lock tmpfs an API fs + +The /run/lock directory is world-writable in Debian due to historic +reasons. To avoid user processes filling up /run, we mount a separate +tmpfs for /run/lock. As this directory needs to be available during +early boot, we make it an API fs. + +Drop it from tmpfiles.d/legacy.conf to not clobber the permissions. + +Closes: #751392 +--- + src/core/mount-setup.c | 2 ++ + tmpfiles.d/legacy.conf | 1 - + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index 3ce6164..3aae4c8 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -83,6 +83,8 @@ static const MountPoint mount_table[] = { + #endif + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, ++ { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NODEV|MS_NOEXEC, ++ NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, + cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "cgroup2", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, +diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf +index 62e2ae0..ea5e735 100644 +--- a/tmpfiles.d/legacy.conf ++++ b/tmpfiles.d/legacy.conf +@@ -10,7 +10,6 @@ + # These files are considered legacy and are unnecessary on legacy-free + # systems. + +-d /run/lock 0755 root root - + L /var/lock - - - - ../run/lock + + # /run/lock/subsys is used for serializing SysV service execution, and diff --git a/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch new file mode 100644 index 0000000..7b1103e --- /dev/null +++ b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch @@ -0,0 +1,24 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Mon, 9 Feb 2015 10:53:43 +0100 +Subject: Only start logind if dbus is installed + +logind fails to start in environments without dbus, such as LXC containers or +servers. Add a startup condition to avoid the very noisy startup failure. + +Part of #772700 +--- + units/systemd-logind.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in +index 38a7f26..16f1d9d 100644 +--- a/units/systemd-logind.service.in ++++ b/units/systemd-logind.service.in +@@ -14,6 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/logind + Documentation=https://www.freedesktop.org/wiki/Software/systemd/multiseat + Wants=user.slice + After=nss-user-lookup.target user.slice ++ConditionPathExists=/lib/systemd/system/dbus.service + + # Ask for the dbus socket. + Wants=dbus.socket diff --git a/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch new file mode 100644 index 0000000..78c2d01 --- /dev/null +++ b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch @@ -0,0 +1,56 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Fri, 28 Nov 2014 14:43:25 +0100 +Subject: Re-enable journal forwarding to syslog + +Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers +can/do all read from the journal directly. See + + http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html + +for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved +to pulling from the journal one by one and disable forwarding again in such a +conf.d snippet. +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 1 + + src/journal/journald.conf | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 2791678..3a9e20a 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -296,7 +296,7 @@ + the system console, or sent as wall messages to all logged-in users. These + options take boolean arguments. If forwarding to syslog is enabled but nothing + reads messages from the socket, forwarding to syslog has no effect. By default, +- only forwarding to wall is enabled. These settings may be overridden at boot time ++ only forwarding to syslog and wall is enabled. These settings may be overridden at boot time + with the kernel command line options + <literal>systemd.journald.forward_to_syslog</literal>, + <literal>systemd.journald.forward_to_kmsg</literal>, +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index ba0b35d..cd45212 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -1835,6 +1835,7 @@ int server_init(Server *s) { + s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL; + s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST; + ++ s->forward_to_syslog = true; + s->forward_to_wall = true; + + s->max_file_usec = DEFAULT_MAX_FILE_USEC; +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 2f1c661..8951d9e 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -29,7 +29,7 @@ + #RuntimeMaxFiles=100 + #MaxRetentionSec= + #MaxFileSec=1month +-#ForwardToSyslog=no ++#ForwardToSyslog=yes + #ForwardToKMsg=no + #ForwardToConsole=no + #ForwardToWall=yes diff --git a/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch b/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch new file mode 100644 index 0000000..b4e4027 --- /dev/null +++ b/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch @@ -0,0 +1,56 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Mon, 9 May 2016 21:24:38 +0200 +Subject: Revert "core: enable TasksMax= for all services by default, + and set it to 512" + +This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f. + +Introducing a default limit on number of threads broke a lot of software which +regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an +indefinite number of subtasks that are not in a scope, like LXC or cron. + +15% is way too much for most "simple" services, and it's too little for others +such as the ones mentioned above. There is also no particular rationale about +any particular global limit, so even if we'd bump it higher we'd just make the +limit even less useful while still breaking software. + +It is both much safer and also much more effective in terms of guarding against +berserk programs/bugs/unintended fork bombs etc. to set limits in units +individually. Once someone looks at one, this is then a great time to also flip +on the other resource and privilege limitations that systemd offers. + +Bug: https://github.com/systemd/systemd/issues/3211 +Bug-Debian: https://bugs.debian.org/823530 +Bug-Ubuntu: https://launchpad.net/bugs/1578080 +--- + man/systemd-system.conf.xml | 3 +-- + src/core/system.conf.in | 2 +- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml +index 27242b3..9ff7cc5 100644 +--- a/man/systemd-system.conf.xml ++++ b/man/systemd-system.conf.xml +@@ -320,8 +320,7 @@ + <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See + <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details. This setting applies to all unit types that support resource control settings, with the exception +- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller +- in OS containers.</para></listitem> ++ of slice units.</para></listitem> + </varlistentry> + + <varlistentry> +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 0a58737..97ecd75 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -45,7 +45,7 @@ + #DefaultBlockIOAccounting=no + #DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@ + #DefaultTasksAccounting=yes +-#DefaultTasksMax=15% ++#DefaultTasksMax= + #DefaultLimitCPU= + #DefaultLimitFSIZE= + #DefaultLimitDATA= diff --git a/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch new file mode 100644 index 0000000..7c1261e --- /dev/null +++ b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch @@ -0,0 +1,37 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Mon, 27 Apr 2015 15:29:13 +0200 +Subject: Revert "core: one step back again, + for nspawn we actually can't wait for cgroups running empty since systemd + will get exactly zero notifications about it" + +This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. + +Bug-Debian: https://bugs.debian.org/784720 +Bug-Ubuntu: https://launchpad.net/bugs/1448259 +Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137 +--- + src/core/unit.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 2a7359a..d55aba8 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4553,16 +4553,7 @@ int unit_kill_context( + + } else if (r > 0) { + +- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if +- * we are running in a container or if this is a delegation unit, simply because cgroup +- * notification is unreliable in these cases. It doesn't work at all in containers, and outside +- * of containers it can be confused easily by left-over directories in the cgroup — which +- * however should not exist in non-delegated units. On the unified hierarchy that's different, +- * there we get proper events. Hence rely on them. */ +- +- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 || +- (detect_container() == 0 && !unit_cgroup_delegate(u))) +- wait_for_exit = true; ++ wait_for_exit = true; + + if (send_sighup) { + set_free(pid_set); diff --git a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch new file mode 100644 index 0000000..9e1ab13 --- /dev/null +++ b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch @@ -0,0 +1,43 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Sat, 27 Feb 2016 12:27:06 +0100 +Subject: Revert "core: set RLIMIT_CORE to unlimited by default" + +Partially revert commit 15a900327ab as this completely breaks core dumps +without systemd-coredump. It's also contradicting core(8), and it's not +systemd's place to redefine the kernel definitions of core files. + +Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This +isn't what RLIMIT_CORE is supposed to do (it limits the size of the core +*file*, but the kernel deliberately ignores it for piping), so set a static +2^63 core size limit for systemd-coredump to go back to the previous behaviour +(otherwise the change above would break systemd-coredump). + +Bug-Debian: https://bugs.debian.org/815020 +--- + src/core/main.c | 2 -- + sysctl.d/50-coredump.conf.in | 2 +- + 2 files changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 255e204..7f8dfe4 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2459,8 +2459,6 @@ int main(int argc, char *argv[]) { + kernel_timestamp = DUAL_TIMESTAMP_NULL; + } + +- initialize_coredump(skip_setup); +- + r = fixup_environment(); + if (r < 0) { + log_emergency_errno(r, "Failed to fix up PID 1 environment: %m"); +diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in +index ccd5c2c..53e74a1 100644 +--- a/sysctl.d/50-coredump.conf.in ++++ b/sysctl.d/50-coredump.conf.in +@@ -9,4 +9,4 @@ + # and systemd-coredump(8) and core(5) for the explanation of the + # setting below. + +-kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e ++kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t 9223372036854775808 %h %e diff --git a/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch new file mode 100644 index 0000000..acd6fbd --- /dev/null +++ b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch @@ -0,0 +1,89 @@ +From: Michael Biebl <biebl@debian.org> +Date: Thu, 18 Jul 2013 01:04:07 +0200 +Subject: Revert "udev: network device renaming - immediately give up if the + target name isn't available" + +This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad. + +We need to keep supporting systems with 75-persistent-net-generator.rules +generated names for a while after switching to net.ifnames. Re-apply this old +hack to make the renaming less likely to fail. +--- + src/udev/udev-event.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 46 insertions(+), 5 deletions(-) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index faec4fc..0b295b8 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -680,6 +680,7 @@ static int rename_netif(UdevEvent *event) { + const char *action, *oldname; + char name[IFNAMSIZ]; + int ifindex, r; ++ int loop; + + if (!event->name) + return 0; /* No new name is requested. */ +@@ -705,17 +706,57 @@ static int rename_netif(UdevEvent *event) { + return log_device_error_errno(dev, r, "Failed to get ifindex: %m"); + + strscpy(name, IFNAMSIZ, event->name); ++ + r = rtnl_set_link_name(&event->rtnl, ifindex, name); +- if (r < 0) +- return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", ifindex, oldname, name); ++ if (r >= 0) { ++ r = device_rename(dev, event->name); ++ if (r < 0) ++ return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name); ++ ++ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name); ++ ++ return 1; ++ } ++ ++ /* keep trying if the destination interface name already exists */ ++ if (r != -EEXIST) ++ goto out; + +- r = device_rename(dev, event->name); ++ /* free our own name, another process may wait for us */ ++ snprintf(name, IFNAMSIZ, "rename%u", ifindex); ++ r = rtnl_set_link_name(&event->rtnl, ifindex, name); + if (r < 0) +- return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name); ++ goto out; + ++ /* log temporary name */ + log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name); + +- return 1; ++ /* wait a maximum of 90 seconds for our target to become available */ ++ strscpy(name, IFNAMSIZ, event->name); ++ loop = 90 * 20; ++ while (loop--) { ++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 }; ++ ++ nanosleep(&duration, NULL); ++ ++ r = rtnl_set_link_name(&event->rtnl, ifindex, name); ++ if (r >= 0) { ++ r = device_rename(dev, event->name); ++ if (r < 0) ++ return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name); ++ ++ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name); ++ ++ return 1; ++ } ++ if (r != -EEXIST) ++ goto out; ++ } ++ ++out: ++ if (r < 0) ++ return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", ifindex, oldname, name); ++ return r; + } + + static int update_devnode(UdevEvent *event) { diff --git a/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch new file mode 100644 index 0000000..d844cbe --- /dev/null +++ b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch @@ -0,0 +1,57 @@ +From: Nis Martensen <nis.martensen@web.de> +Date: Tue, 19 Jan 2016 22:01:43 +0100 +Subject: Skip filesystem check if already done by the initramfs + +Newer versions of initramfs-tools already fsck and mount / and /usr in +the initramfs. Skip the filesystem check in this case. + +Based on a previous patch by Michael Biebl <biebl@debian.org>. + +Closes: #782522 +Closes: #810748 +--- + src/fstab-generator/fstab-generator.c | 11 ++++++++--- + units/systemd-fsck-root.service.in | 1 + + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index 55a8242..777ae5f 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -310,6 +310,7 @@ static int add_mount( + *where_escaped = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; ++ struct stat sb; + + assert(what); + assert(where); +@@ -387,9 +388,13 @@ static int add_mount( + } + + if (passno != 0) { +- r = generator_write_fsck_deps(f, dest, what, where, fstype); +- if (r < 0) +- return r; ++ if (streq(where, "/usr") && stat("/run/initramfs/fsck-usr", &sb) == 0) ++ ; /* skip /usr fsck if it has already been checked in the initramfs */ ++ else { ++ r = generator_write_fsck_deps(f, dest, what, where, fstype); ++ if (r < 0) ++ return r; ++ } + } + + fprintf(f, "\n[Mount]\n"); +diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in +index bea6c16..49df031 100644 +--- a/units/systemd-fsck-root.service.in ++++ b/units/systemd-fsck-root.service.in +@@ -16,6 +16,7 @@ Before=local-fs.target shutdown.target + Wants=systemd-fsckd.socket + After=systemd-fsckd.socket + ConditionPathIsReadWrite=!/ ++ConditionPathExists=!/run/initramfs/fsck-root + + [Service] + Type=oneshot diff --git a/debian/patches/debian/Use-Debian-specific-config-files.patch b/debian/patches/debian/Use-Debian-specific-config-files.patch new file mode 100644 index 0000000..1ad2608 --- /dev/null +++ b/debian/patches/debian/Use-Debian-specific-config-files.patch @@ -0,0 +1,428 @@ +From: Michael Biebl <biebl@debian.org> +Date: Thu, 18 Jul 2013 20:11:02 +0200 +Subject: Use Debian specific config files + +Use /etc/default/locale instead of /etc/locale.conf for locale settings. + +Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for +keyboard configuration. + +Read/write /etc/timezone if /etc/localtime does not exist. +--- + src/basic/time-util.c | 21 ++++- + src/core/locale-setup.c | 21 +++++ + src/locale/keymap-util.c | 209 +++++++++++++++++++++++------------------------ + src/timedate/timedated.c | 10 +++ + 4 files changed, 154 insertions(+), 107 deletions(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 62cdc30..d66f506 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1381,8 +1381,25 @@ int get_timezone(char **tz) { + int r; + + r = readlink_malloc("/etc/localtime", &t); +- if (r < 0) +- return r; /* returns EINVAL if not a symlink */ ++ if (r < 0) { ++ if (r != -EINVAL) ++ return r; /* returns EINVAL if not a symlink */ ++ ++ r = read_one_line_file("/etc/timezone", &t); ++ if (r < 0) { ++ if (r != -ENOENT) ++ log_warning_errno(r, "Failed to read /etc/timezone: %m"); ++ return -EINVAL; ++ } ++ ++ if (!timezone_is_valid(t, LOG_DEBUG)) ++ return -EINVAL; ++ z = strdup(t); ++ if (!z) ++ return -ENOMEM; ++ *tz = z; ++ return 0; ++ } + + e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); + if (!e) +diff --git a/src/core/locale-setup.c b/src/core/locale-setup.c +index aa4a89c..8f36bbe 100644 +--- a/src/core/locale-setup.c ++++ b/src/core/locale-setup.c +@@ -59,6 +59,27 @@ int locale_setup(char ***environment) { + log_warning_errno(r, "Failed to read /etc/locale.conf: %m"); + } + ++ if (r <= 0) { ++ r = parse_env_file(NULL, "/etc/default/locale", ++ "LANG", &variables[VARIABLE_LANG], ++ "LANGUAGE", &variables[VARIABLE_LANGUAGE], ++ "LC_CTYPE", &variables[VARIABLE_LC_CTYPE], ++ "LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC], ++ "LC_TIME", &variables[VARIABLE_LC_TIME], ++ "LC_COLLATE", &variables[VARIABLE_LC_COLLATE], ++ "LC_MONETARY", &variables[VARIABLE_LC_MONETARY], ++ "LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES], ++ "LC_PAPER", &variables[VARIABLE_LC_PAPER], ++ "LC_NAME", &variables[VARIABLE_LC_NAME], ++ "LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS], ++ "LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE], ++ "LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT], ++ "LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION]); ++ ++ if (r < 0 && r != -ENOENT) ++ log_warning_errno(r, "Failed to read /etc/default/locale: %m"); ++ } ++ + for (i = 0; i < _VARIABLE_LC_MAX; i++) { + char *s; + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index c203c7a..f4ee123 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -97,6 +97,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) { + int locale_read_data(Context *c, sd_bus_message *m) { + struct stat st; + int r; ++ const char *path = "/etc/locale.conf"; + + /* Do not try to re-read the file within single bus operation. */ + if (m) { +@@ -107,7 +108,11 @@ int locale_read_data(Context *c, sd_bus_message *m) { + c->locale_cache = sd_bus_message_ref(m); + } + +- r = stat("/etc/locale.conf", &st); ++ r = stat(path, &st); ++ if (r < 0 && errno == ENOENT) { ++ path = "/etc/default/locale"; ++ r = stat(path, &st); ++ } + if (r < 0 && errno != ENOENT) + return -errno; + +@@ -122,7 +127,7 @@ int locale_read_data(Context *c, sd_bus_message *m) { + c->locale_mtime = t; + context_free_locale(c); + +- r = parse_env_file(NULL, "/etc/locale.conf", ++ r = parse_env_file(NULL, path, + "LANG", &c->locale[VARIABLE_LANG], + "LANGUAGE", &c->locale[VARIABLE_LANGUAGE], + "LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE], +@@ -203,8 +208,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) { + } + + int x11_read_data(Context *c, sd_bus_message *m) { +- _cleanup_fclose_ FILE *f = NULL; +- bool in_section = false; + struct stat st; + usec_t t; + int r; +@@ -218,7 +221,7 @@ int x11_read_data(Context *c, sd_bus_message *m) { + c->x11_cache = sd_bus_message_ref(m); + } + +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) { ++ if (stat("/etc/default/keyboard", &st) < 0) { + if (errno != ENOENT) + return -errno; + +@@ -235,61 +238,14 @@ int x11_read_data(Context *c, sd_bus_message *m) { + c->x11_mtime = t; + context_free_x11(c); + +- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re"); +- if (!f) +- return -errno; +- +- for (;;) { +- _cleanup_free_ char *line = NULL; +- char *l; +- +- r = read_line(f, LONG_LINE_MAX, &line); +- if (r < 0) +- return r; +- if (r == 0) +- break; +- +- l = strstrip(line); +- if (IN_SET(l[0], 0, '#')) +- continue; +- +- if (in_section && first_word(l, "Option")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES); +- if (r < 0) +- return r; +- +- if (strv_length(a) == 3) { +- char **p = NULL; +- +- if (streq(a[1], "XkbLayout")) +- p = &c->x11_layout; +- else if (streq(a[1], "XkbModel")) +- p = &c->x11_model; +- else if (streq(a[1], "XkbVariant")) +- p = &c->x11_variant; +- else if (streq(a[1], "XkbOptions")) +- p = &c->x11_options; +- +- if (p) { +- free_and_replace(*p, a[2]); +- } +- } ++ r = parse_env_file(NULL, "/etc/default/keyboard", ++ "XKBMODEL", &c->x11_model, ++ "XKBLAYOUT", &c->x11_layout, ++ "XKBVARIANT", &c->x11_variant, ++ "XKBOPTIONS", &c->x11_options); + +- } else if (!in_section && first_word(l, "Section")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES); +- if (r < 0) +- return -ENOMEM; +- +- if (strv_length(a) == 2 && streq(a[1], "InputClass")) +- in_section = true; +- +- } else if (in_section && first_word(l, "EndSection")) +- in_section = false; +- } ++ if (r < 0) ++ return r; + + return 0; + } +@@ -298,9 +254,18 @@ int locale_write_data(Context *c, char ***settings) { + _cleanup_strv_free_ char **l = NULL; + struct stat st; + int r, p; ++ const char *path = "/etc/locale.conf"; + + /* Set values will be returned as strv in *settings on success. */ + ++ r = load_env_file(NULL, path, &l); ++ if (r < 0 && r == -ENOENT) { ++ path = "/etc/default/locale"; ++ r = load_env_file(NULL, path, &l); ++ } ++ if (r < 0 && r != -ENOENT) ++ return r; ++ + for (p = 0; p < _VARIABLE_LC_MAX; p++) { + _cleanup_free_ char *t = NULL; + char **u; +@@ -323,20 +288,20 @@ int locale_write_data(Context *c, char ***settings) { + } + + if (strv_isempty(l)) { +- if (unlink("/etc/locale.conf") < 0) ++ if (unlink(path) < 0) + return errno == ENOENT ? 0 : -errno; + + c->locale_mtime = USEC_INFINITY; + return 0; + } + +- r = write_env_file_label("/etc/locale.conf", l); ++ r = write_env_file_label(path, l); + if (r < 0) + return r; + + *settings = TAKE_PTR(l); + +- if (stat("/etc/locale.conf", &st) >= 0) ++ if (stat(path, &st) >= 0) + c->locale_mtime = timespec_load(&st.st_mtim); + + return 0; +@@ -404,70 +369,104 @@ int vconsole_write_data(Context *c) { + } + + int x11_write_data(Context *c) { +- _cleanup_fclose_ FILE *f = NULL; +- _cleanup_free_ char *temp_path = NULL; + struct stat st; + int r; ++ char *t, **u, **l = NULL; + +- if (isempty(c->x11_layout) && +- isempty(c->x11_model) && +- isempty(c->x11_variant) && +- isempty(c->x11_options)) { ++ r = load_env_file(NULL, "/etc/default/keyboard", &l); ++ if (r < 0 && r != -ENOENT) ++ return r; + +- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) +- return errno == ENOENT ? 0 : -errno; ++ /* This could perhaps be done more elegantly using an array ++ * like we do for the locale, instead of struct ++ */ ++ if (isempty(c->x11_layout)) { ++ l = strv_env_unset(l, "XKBLAYOUT"); ++ } else { ++ if (asprintf(&t, "XKBLAYOUT=%s", c->x11_layout) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- c->vc_mtime = USEC_INFINITY; +- return 0; ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); ++ ++ if (!u) ++ return -ENOMEM; ++ ++ l = u; + } + +- mkdir_p_label("/etc/X11/xorg.conf.d", 0755); ++ if (isempty(c->x11_model)) { ++ l = strv_env_unset(l, "XKBMODEL"); ++ } else { ++ if (asprintf(&t, "XKBMODEL=%s", c->x11_model) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } ++ ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); + +- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path); +- if (r < 0) +- return r; ++ if (!u) ++ return -ENOMEM; + +- (void) __fsetlocking(f, FSETLOCKING_BYCALLER); +- (void) fchmod(fileno(f), 0644); ++ l = u; ++ } + +- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n" +- "# probably wise not to edit this file manually. Use localectl(1) to\n" +- "# instruct systemd-localed to update it.\n" +- "Section \"InputClass\"\n" +- " Identifier \"system-keyboard\"\n" +- " MatchIsKeyboard \"on\"\n", f); ++ if (isempty(c->x11_variant)) { ++ l = strv_env_unset(l, "XKBVARIANT"); ++ } else { ++ if (asprintf(&t, "XKBVARIANT=%s", c->x11_variant) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- if (!isempty(c->x11_layout)) +- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout); ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); + +- if (!isempty(c->x11_model)) +- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model); ++ if (!u) ++ return -ENOMEM; + +- if (!isempty(c->x11_variant)) +- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant); ++ l = u; ++ } + +- if (!isempty(c->x11_options)) +- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options); ++ if (isempty(c->x11_options)) { ++ l = strv_env_unset(l, "XKBOPTIONS"); ++ } else { ++ if (asprintf(&t, "XKBOPTIONS=%s", c->x11_options) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- fputs("EndSection\n", f); ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); + +- r = fflush_sync_and_check(f); +- if (r < 0) +- goto fail; ++ if (!u) ++ return -ENOMEM; + +- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) { +- r = -errno; +- goto fail; ++ l = u; + } + +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0) +- c->x11_mtime = timespec_load(&st.st_mtim); ++ if (strv_isempty(l)) { ++ strv_free(l); + +- return 0; ++ if (unlink("/etc/default/keyboard") < 0) ++ return errno == ENOENT ? 0 : -errno; + +-fail: +- if (temp_path) +- (void) unlink(temp_path); ++ c->vc_mtime = USEC_INFINITY; ++ return 0; ++ } ++ ++ r = write_env_file("/etc/default/keyboard", l); ++ strv_free(l); ++ ++ if (r >= 0 && stat("/etc/default/keyboard", &st) >= 0) ++ c->x11_mtime = timespec_load(&st.st_mtim); + + return r; + } +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 398d4f4..d681d58 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -215,6 +215,7 @@ static int context_read_data(Context *c) { + static int context_write_data_timezone(Context *c) { + _cleanup_free_ char *p = NULL; + int r = 0; ++ struct stat st; + + assert(c); + +@@ -222,6 +223,9 @@ static int context_write_data_timezone(Context *c) { + if (unlink("/etc/localtime") < 0 && errno != ENOENT) + r = -errno; + ++ if (unlink("/etc/timezone") < 0 && errno != ENOENT) ++ r = -errno; ++ + return r; + } + +@@ -233,6 +237,12 @@ static int context_write_data_timezone(Context *c) { + if (r < 0) + return r; + ++ if (stat("/etc/timezone", &st) == 0 && S_ISREG(st.st_mode)) { ++ r = write_string_file("/etc/timezone", c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); ++ if (r < 0) ++ return r; ++ } ++ + return 0; + } + diff --git a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch new file mode 100644 index 0000000..e4ca7b1 --- /dev/null +++ b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch @@ -0,0 +1,1055 @@ +From: Didier Roche <didrocks@ubuntu.com> +Date: Fri, 22 May 2015 13:04:38 +0200 +Subject: fsckd daemon for inter-fsckd communication + +Global logic: +Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's +/run/systemd/fsck.progress socket) fsck instances to connect to it and sends +progress report. systemd-fsckd then computes and writes to /dev/console the +number of devices currently being checked and the minimum fsck progress. + +Plymouth and user interaction: +Forward the progress to plymouth and support canellation of in progress fsck. +Try to connect and send to plymouth (if running) some checked report progress, +using direct plymouth protocole. + +Update message is the following: +fsckd:<num_devices>:<progress>:<string> +* num_devices corresponds to the current number of devices being checked (int) +* progress corresponds to the current minimum percentage of all devices being + checked (float, from 0 to 100) +* string is a translated message ready to be displayed by the plymouth theme + displaying the information above. It can be overridden by plymouth themes + supporting i18n. + +Grab in fsckd plymouth watch key Control+C, and propagate this cancel request +to systemd-fsck which will terminate fsck. + +Send a message to signal to user what key we are grabbing for fsck cancel. + +Message is: fsckd-cancel-msg:<string> +Where string is a translated string ready to be displayed by the plymouth theme +indicating that Control+C can be used to cancel current checks. It can be +overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n. + +Misc: +systemd-fsckd stops on idle when no fsck is connected. +Add man page explaining the plymouth theme protocol, usage of the daemon +as well as the socket activation part. Adapt existing fsck man page. + +Note that fsckd had lived in the upstream tree for a while, but was removed. +More information at +http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html +- +--- + man/rules/meson.build | 1 + + man/systemd-fsckd.service.xml | 162 +++++++++ + meson.build | 8 + + po/POTFILES.in | 1 + + src/fsckd/fsckd.c | 690 +++++++++++++++++++++++++++++++++++++ + units/meson.build | 2 + + units/systemd-fsck-root.service.in | 2 + + units/systemd-fsck@.service.in | 3 +- + units/systemd-fsckd.service.in | 17 + + units/systemd-fsckd.socket | 15 + + 10 files changed, 900 insertions(+), 1 deletion(-) + create mode 100644 man/systemd-fsckd.service.xml + create mode 100644 src/fsckd/fsckd.c + create mode 100644 units/systemd-fsckd.service.in + create mode 100644 units/systemd-fsckd.socket + +diff --git a/man/rules/meson.build b/man/rules/meson.build +index 0c990a0..dff5d2f 100644 +--- a/man/rules/meson.build ++++ b/man/rules/meson.build +@@ -657,6 +657,7 @@ manpages = [ + '8', + ['systemd-fsck', 'systemd-fsck-root.service'], + ''], ++ ['systemd-fsckd.service', '8', ['systemd-fsckd.socket', 'systemd-fsckd'], ''], + ['systemd-fstab-generator', '8', [], ''], + ['systemd-getty-generator', '8', [], ''], + ['systemd-gpt-auto-generator', '8', [], ''], +diff --git a/man/systemd-fsckd.service.xml b/man/systemd-fsckd.service.xml +new file mode 100644 +index 0000000..b7ad58d +--- /dev/null ++++ b/man/systemd-fsckd.service.xml +@@ -0,0 +1,162 @@ ++<?xml version="1.0"?> ++<!--*-nxml-*--> ++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> ++<!-- ++ This file is part of systemd. ++ ++ Copyright 2015 Canonical ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see <http://www.gnu.org/licenses/>. ++--> ++<refentry id="systemd-fsckd.service" xmlns:xi="http://www.w3.org/2001/XInclude"> ++ ++ <refentryinfo> ++ <title>systemd-fsckd.service</title> ++ <productname>systemd</productname> ++ ++ <authorgroup> ++ <author> ++ <contrib>Developer</contrib> ++ <firstname>Didier</firstname> ++ <surname>Roche</surname> ++ <email>didrocks@ubuntu.com</email> ++ </author> ++ </authorgroup> ++ </refentryinfo> ++ ++ <refmeta> ++ <refentrytitle>systemd-fsckd.service</refentrytitle> ++ <manvolnum>8</manvolnum> ++ </refmeta> ++ ++ <refnamediv> ++ <refname>systemd-fsckd.service</refname> ++ <refname>systemd-fsckd.socket</refname> ++ <refname>systemd-fsckd</refname> ++ <refpurpose>File system check progress reporting</refpurpose> ++ </refnamediv> ++ ++ <refsynopsisdiv> ++ <para><filename>systemd-fsckd.service</filename></para> ++ <para><filename>systemd-fsckd.socket</filename></para> ++ <para><filename>/usr/lib/systemd/systemd-fsckd</filename></para> ++ </refsynopsisdiv> ++ ++ <refsect1> ++ <title>Description</title> ++ ++ <para><filename>systemd-fsckd.service</filename> is a service responsible ++ for receiving file system check progress, and communicating some ++ consolidated data to console and plymouth (if running). It also handles ++ possible check cancellations.</para> ++ ++ <para><command>systemd-fsckd</command> receives messages about file ++ system check progress from <command>fsck</command> through an ++ UNIX domain socket. It can display the progress of the least advanced ++ fsck as well as the total number of devices being checked in parallel ++ to the console. It will also send progress messages to plymouth. ++ Both the raw data and translated messages are sent, so compiled ++ plymouth themes can use the raw data to display custom messages, and ++ scripted themes, not supporting i18n, can display the translated ++ versions.</para> ++ ++ <para><command>systemd-fsckd</command> will instruct plymouth to grab ++ Control+C keypresses. When the key is pressed, running checks will be ++ terminated. It will also cancel any newly connected fsck instances for ++ the lifetime of <filename>systemd-fsckd</filename>.</para> ++ </refsect1> ++ ++ <refsect1> ++ <title>Protocol for communication with plymouth</title> ++ ++ <para><filename>systemd-fsckd</filename> passes the ++ following messages to the theme:</para> ++ ++ <para>Progress update, sent as a plymouth update message: ++ <literal>fsckd:<num_devices>:<progress>:<string></literal> ++ <variablelist> ++ <varlistentry> ++ <term><literal><num_devices></literal></term> ++ <listitem><para>the current number of devices ++ being checked (int)</para></listitem> ++ </varlistentry> ++ <varlistentry> ++ <term><literal><progress></literal></term> ++ <listitem><para>the current minimum percentage of ++ all devices being checking (float, from 0 to 100)</para></listitem> ++ </varlistentry> ++ <varlistentry> ++ <term><literal><string></literal></term> ++ <listitem><para>a translated message ready to be displayed ++ by the plymouth theme displaying the data above. It can be overridden ++ by themes supporting i18n.</para></listitem> ++ </varlistentry> ++ </variablelist> ++ </para> ++ ++ <para>Cancel message, sent as a traditional plymouth message: ++ <literal>fsckd-cancel-msg:<string></literal> ++ <variablelist> ++ <varlistentry> ++ <term><literal><strings></literal></term> ++ <listitem><para>a translated string ready to be displayed ++ by the plymouth theme indicating that Control+C can be used to cancel ++ current checks. It can be overridden (matching only ++ <literal>fsckd-cancel-msg</literal> prefix) ++ by themes supporting i18n.</para></listitem> ++ </varlistentry> ++ </variablelist> ++ </para> ++ </refsect1> ++ ++ <refsect1> ++ <title>Options</title> ++ ++ <para>The following options are understood:</para> ++ ++ <variablelist> ++ <xi:include href="standard-options.xml" xpointer="help" /> ++ <xi:include href="standard-options.xml" xpointer="version" /> ++ </variablelist> ++ ++ </refsect1> ++ ++ <refsect1> ++ <title>Exit status</title> ++ ++ <para>On success, 0 is returned, a non-zero failure ++ code otherwise. Note that the daemon stays idle for ++ a while to accept new <filename>fsck</filename> ++ connections before exiting.</para> ++ </refsect1> ++ ++ <refsect1> ++ <title>See Also</title> ++ <para> ++ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>systemd-fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.cramfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.ext4</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.fat</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.hfsplus</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.minix</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.ntfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.xfs</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ </para> ++ </refsect1> ++ ++</refentry> +diff --git a/meson.build b/meson.build +index 3afe168..b340139 100644 +--- a/meson.build ++++ b/meson.build +@@ -2396,6 +2396,14 @@ executable('systemd-makefs', + install : true, + install_dir : rootlibexecdir) + ++executable('systemd-fsckd', ++ 'src/fsckd/fsckd.c', ++ include_directories : includes, ++ link_with : [libshared], ++ install_rpath : rootlibexecdir, ++ install : true, ++ install_dir : rootlibexecdir) ++ + executable('systemd-sleep', + 'src/sleep/sleep.c', + include_directories : includes, +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 029261c..d709ddb 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -8,3 +8,4 @@ src/portable/org.freedesktop.portable1.policy + src/resolve/org.freedesktop.resolve1.policy + src/timedate/org.freedesktop.timedate1.policy + src/core/dbus-unit.c ++src/fsckd/fsckd.c +diff --git a/src/fsckd/fsckd.c b/src/fsckd/fsckd.c +new file mode 100644 +index 0000000..fffea29 +--- /dev/null ++++ b/src/fsckd/fsckd.c +@@ -0,0 +1,690 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2015 Canonical ++ ++ Author: ++ Didier Roche <didrocks@ubuntu.com> ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see <http://www.gnu.org/licenses/>. ++***/ ++ ++#include <getopt.h> ++#include <errno.h> ++#include <libintl.h> ++#include <math.h> ++#include <stdbool.h> ++#include <stdlib.h> ++#include <stdio.h> ++#include <sys/socket.h> ++#include <sys/types.h> ++#include <sys/un.h> ++#include <unistd.h> ++ ++#include "sd-daemon.h" ++#include "build.h" ++#include "def.h" ++#include "sd-event.h" ++#include "log.h" ++#include "list.h" ++#include "macro.h" ++#include "socket-util.h" ++#include "fd-util.h" ++#include "string-util.h" ++#include "io-util.h" ++#include "util.h" ++#include "alloc-util.h" ++#include "locale-util.h" ++ ++#define FSCKD_SOCKET_PATH "/run/systemd/fsck.progress" ++#define IDLE_TIME_SECONDS 30 ++#define PLYMOUTH_REQUEST_KEY "K\2\2\3" ++#define CLIENTS_MAX 128 ++ ++struct Manager; ++ ++typedef struct Client { ++ struct Manager *manager; ++ char *device_name; ++ /* device id refers to "fd <fd>" until it gets a name as "device_name" */ ++ char *device_id; ++ ++ pid_t fsck_pid; ++ FILE *fsck_f; ++ ++ size_t cur; ++ size_t max; ++ int pass; ++ ++ double percent; ++ ++ bool cancelled; ++ bool bad_input; ++ ++ sd_event_source *event_source; ++ ++ LIST_FIELDS(struct Client, clients); ++} Client; ++ ++typedef struct Manager { ++ sd_event *event; ++ ++ LIST_HEAD(Client, clients); ++ unsigned n_clients; ++ ++ size_t clear; ++ ++ int connection_fd; ++ sd_event_source *connection_event_source; ++ ++ bool show_status_console; ++ ++ double percent; ++ int numdevices; ++ ++ int plymouth_fd; ++ sd_event_source *plymouth_event_source; ++ bool plymouth_cancel_sent; ++ ++ bool cancel_requested; ++} Manager; ++ ++static void client_free(Client *c); ++static void manager_free(Manager *m); ++ ++DEFINE_TRIVIAL_CLEANUP_FUNC(Client*, client_free); ++DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); ++ ++static int manager_write_console(Manager *m, const char *message) { ++ _cleanup_fclose_ FILE *console = NULL; ++ int l; ++ size_t j; ++ ++ assert(m); ++ ++ if (!m->show_status_console) ++ return 0; ++ ++ /* Reduce the SAK window by opening and closing console on every request */ ++ console = fopen("/dev/console", "we"); ++ if (!console) ++ return -errno; ++ ++ if (message) { ++ fprintf(console, "\r%s\r%n", message, &l); ++ if (m->clear < (size_t)l) ++ m->clear = (size_t)l; ++ } else { ++ fputc('\r', console); ++ for (j = 0; j < m->clear; j++) ++ fputc(' ', console); ++ fputc('\r', console); ++ } ++ fflush(console); ++ ++ return 0; ++} ++ ++static double compute_percent(int pass, size_t cur, size_t max) { ++ /* Values stolen from e2fsck */ ++ ++ static const double pass_table[] = { ++ 0, 70, 90, 92, 95, 100 ++ }; ++ ++ if (pass <= 0) ++ return 0.0; ++ ++ if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0) ++ return 100.0; ++ ++ return pass_table[pass-1] + ++ (pass_table[pass] - pass_table[pass-1]) * ++ (double) cur / max; ++} ++ ++static int client_request_cancel(Client *c) { ++ assert(c); ++ ++ if (c->cancelled) ++ return 0; ++ ++ log_info("Request to cancel fsck for %s from fsckd", c->device_id); ++ if (kill(c->fsck_pid, SIGTERM) < 0) { ++ /* ignore the error and consider that cancel was sent if fsck just exited */ ++ if (errno != ESRCH) ++ return log_error_errno(errno, "Cannot send cancel to fsck for %s: %m", c->device_id); ++ } ++ ++ c->cancelled = true; ++ return 1; ++} ++ ++static void client_free(Client *c) { ++ assert(c); ++ ++ if (c->manager) { ++ LIST_REMOVE(clients, c->manager->clients, c); ++ c->manager->n_clients--; ++ } ++ ++ sd_event_source_unref(c->event_source); ++ fclose(c->fsck_f); ++ if (c->device_name) ++ free(c->device_name); ++ if (c->device_id) ++ free(c->device_id); ++ free(c); ++} ++ ++static void manager_disconnect_plymouth(Manager *m) { ++ assert(m); ++ ++ m->plymouth_event_source = sd_event_source_unref(m->plymouth_event_source); ++ m->plymouth_fd = safe_close(m->plymouth_fd); ++ m->plymouth_cancel_sent = false; ++} ++ ++static int manager_plymouth_feedback_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { ++ Manager *m = userdata; ++ Client *current; ++ char buffer[6]; ++ ssize_t l; ++ ++ assert(m); ++ ++ l = read(m->plymouth_fd, buffer, sizeof(buffer)); ++ if (l < 0) { ++ log_warning_errno(errno, "Got error while reading from plymouth: %m"); ++ manager_disconnect_plymouth(m); ++ return -errno; ++ } ++ if (l == 0) { ++ manager_disconnect_plymouth(m); ++ return 0; ++ } ++ ++ if (l > 1 && buffer[0] == '\15') ++ log_error("Message update to plymouth wasn't delivered successfully"); ++ ++ /* the only answer support type we requested is a key interruption */ ++ if (l > 2 && buffer[0] == '\2' && buffer[5] == '\3') { ++ m->cancel_requested = true; ++ ++ /* cancel all connected clients */ ++ LIST_FOREACH(clients, current, m->clients) ++ client_request_cancel(current); ++ } ++ ++ return 0; ++} ++ ++static int manager_connect_plymouth(Manager *m) { ++ union sockaddr_union sa = PLYMOUTH_SOCKET; ++ int r; ++ ++ if (!plymouth_running()) ++ return 0; ++ ++ /* try to connect or reconnect if sending a message */ ++ if (m->plymouth_fd >= 0) ++ return 1; ++ ++ m->plymouth_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); ++ if (m->plymouth_fd < 0) ++ return log_warning_errno(errno, "Connection to plymouth socket failed: %m"); ++ ++ if (connect(m->plymouth_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) { ++ r = log_warning_errno(errno, "Couldn't connect to plymouth: %m"); ++ goto fail; ++ } ++ ++ r = sd_event_add_io(m->event, &m->plymouth_event_source, m->plymouth_fd, EPOLLIN, manager_plymouth_feedback_handler, m); ++ if (r < 0) { ++ log_warning_errno(r, "Can't listen to plymouth socket: %m"); ++ goto fail; ++ } ++ ++ return 1; ++ ++fail: ++ manager_disconnect_plymouth(m); ++ return r; ++} ++ ++static int plymouth_send_message(int plymouth_fd, const char *message, bool update) { ++ _cleanup_free_ char *packet = NULL; ++ int n; ++ char mode = 'M'; ++ ++ if (update) ++ mode = 'U'; ++ ++ if (asprintf(&packet, "%c\002%c%s%n", mode, (int) (strlen(message) + 1), message, &n) < 0) ++ return log_oom(); ++ ++ return loop_write(plymouth_fd, packet, n + 1, true); ++} ++ ++static int manager_send_plymouth_message(Manager *m, const char *message) { ++ const char *plymouth_cancel_message = NULL, *l10n_cancel_message = NULL; ++ int r; ++ ++ r = manager_connect_plymouth(m); ++ if (r < 0) ++ return r; ++ /* 0 means that plymouth isn't running, do not send any message yet */ ++ else if (r == 0) ++ return 0; ++ ++ if (!m->plymouth_cancel_sent) { ++ ++ /* Indicate to plymouth that we listen to Ctrl+C */ ++ r = loop_write(m->plymouth_fd, PLYMOUTH_REQUEST_KEY, sizeof(PLYMOUTH_REQUEST_KEY), true); ++ if (r < 0) ++ return log_warning_errno(r, "Can't send to plymouth cancel key: %m"); ++ ++ m->plymouth_cancel_sent = true; ++ ++ l10n_cancel_message = _("Press Ctrl+C to cancel all filesystem checks in progress"); ++ plymouth_cancel_message = strjoina("fsckd-cancel-msg:", l10n_cancel_message); ++ ++ r = plymouth_send_message(m->plymouth_fd, plymouth_cancel_message, false); ++ if (r < 0) ++ log_warning_errno(r, "Can't send filesystem cancel message to plymouth: %m"); ++ ++ } else if (m->numdevices == 0) { ++ ++ m->plymouth_cancel_sent = false; ++ ++ r = plymouth_send_message(m->plymouth_fd, "", false); ++ if (r < 0) ++ log_warning_errno(r, "Can't clear plymouth filesystem cancel message: %m"); ++ } ++ ++ r = plymouth_send_message(m->plymouth_fd, message, true); ++ if (r < 0) ++ return log_warning_errno(r, "Couldn't send \"%s\" to plymouth: %m", message); ++ ++ return 0; ++} ++ ++static int manager_update_global_progress(Manager *m) { ++ Client *current = NULL; ++ _cleanup_free_ char *console_message = NULL; ++ _cleanup_free_ char *fsck_message = NULL; ++ int current_numdevices = 0, r; ++ double current_percent = 100; ++ ++ /* get the overall percentage */ ++ LIST_FOREACH(clients, current, m->clients) { ++ current_numdevices++; ++ ++ /* right now, we only keep the minimum % of all fsckd processes. We could in the future trying to be ++ linear, but max changes and corresponds to the pass. We have all the informations into fsckd ++ already if we can treat that in a smarter way. */ ++ current_percent = MIN(current_percent, current->percent); ++ } ++ ++ /* update if there is anything user-visible to update */ ++ if (fabs(current_percent - m->percent) > 0.001 || current_numdevices != m->numdevices) { ++ m->numdevices = current_numdevices; ++ m->percent = current_percent; ++ ++ if (asprintf(&console_message, ++ ngettext("Checking in progress on %d disk (%3.1f%% complete)", ++ "Checking in progress on %d disks (%3.1f%% complete)", m->numdevices), ++ m->numdevices, m->percent) < 0) ++ return -ENOMEM; ++ ++ if (asprintf(&fsck_message, "fsckd:%d:%3.1f:%s", m->numdevices, m->percent, console_message) < 0) ++ return -ENOMEM; ++ ++ r = manager_write_console(m, console_message); ++ if (r < 0) ++ return r; ++ ++ /* try to connect to plymouth and send message */ ++ r = manager_send_plymouth_message(m, fsck_message); ++ if (r < 0) ++ return r; ++ } ++ return 0; ++} ++ ++static int client_progress_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { ++ Client *client = userdata; ++ char line[LINE_MAX]; ++ Manager *m; ++ ++ assert(client); ++ m = client->manager; ++ ++ /* check first if we need to cancel this client */ ++ if (m->cancel_requested) ++ client_request_cancel(client); ++ ++ while (fgets(line, sizeof(line), client->fsck_f) != NULL) { ++ int pass; ++ size_t cur, max; ++ _cleanup_free_ char *device = NULL, *old_device_id = NULL; ++ ++ if (sscanf(line, "%i %zu %zu %ms", &pass, &cur, &max, &device) == 4) { ++ if (!client->device_name) { ++ client->device_name = strdup(device); ++ if (!client->device_name) { ++ log_oom(); ++ continue; ++ } ++ old_device_id = client->device_id; ++ client->device_id = strdup(device); ++ if (!client->device_id) { ++ log_oom(); ++ client->device_id = old_device_id; ++ old_device_id = NULL; ++ continue; ++ } ++ } ++ client->pass = pass; ++ client->cur = cur; ++ client->max = max; ++ client->bad_input = false; ++ client->percent = compute_percent(client->pass, client->cur, client->max); ++ log_debug("Getting progress for %s (%zu, %zu, %d) : %3.1f%%", client->device_id, ++ client->cur, client->max, client->pass, client->percent); ++ } else { ++ if (errno == ENOMEM) { ++ log_oom(); ++ continue; ++ } ++ ++ /* if previous input was already garbage, kick it off from progress report */ ++ if (client->bad_input) { ++ log_warning("Closing connection on incorrect input of fsck connection for %s", client->device_id); ++ client_free(client); ++ manager_update_global_progress(m); ++ return 0; ++ } ++ client->bad_input = true; ++ } ++ ++ } ++ ++ if (feof(client->fsck_f)) { ++ log_debug("Fsck client %s disconnected", client->device_id); ++ client_free(client); ++ } ++ ++ manager_update_global_progress(m); ++ return 0; ++} ++ ++static int manager_new_connection_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { ++ _cleanup_(client_freep) Client *c = NULL; ++ _cleanup_close_ int new_fsck_fd = -1; ++ _cleanup_fclose_ FILE *new_fsck_f = NULL; ++ struct ucred ucred = {}; ++ Manager *m = userdata; ++ int r; ++ ++ assert(m); ++ ++ /* Initialize and list new clients */ ++ new_fsck_fd = accept4(m->connection_fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK); ++ if (new_fsck_fd < 0) { ++ log_error_errno(errno, "Couldn't accept a new connection: %m"); ++ return 0; ++ } ++ ++ if (m->n_clients >= CLIENTS_MAX) { ++ log_error("Too many clients, refusing connection."); ++ return 0; ++ } ++ ++ ++ new_fsck_f = fdopen(new_fsck_fd, "r"); ++ if (!new_fsck_f) { ++ log_error_errno(errno, "Couldn't fdopen new connection for fd %d: %m", new_fsck_fd); ++ return 0; ++ } ++ new_fsck_fd = -1; ++ ++ r = getpeercred(fileno(new_fsck_f), &ucred); ++ if (r < 0) { ++ log_error_errno(r, "Couldn't get credentials for fsck: %m"); ++ return 0; ++ } ++ ++ c = new0(Client, 1); ++ if (!c) { ++ log_oom(); ++ return 0; ++ } ++ ++ c->fsck_pid = ucred.pid; ++ c->fsck_f = new_fsck_f; ++ new_fsck_f = NULL; ++ ++ if (asprintf(&(c->device_id), "fd %d", fileno(c->fsck_f)) < 0) { ++ log_oom(); ++ return 0; ++ } ++ ++ r = sd_event_add_io(m->event, &c->event_source, fileno(c->fsck_f), EPOLLIN, client_progress_handler, c); ++ if (r < 0) { ++ log_oom(); ++ return 0; ++ } ++ ++ LIST_PREPEND(clients, m->clients, c); ++ m->n_clients++; ++ c->manager = m; ++ ++ log_debug("New fsck client connected: %s", c->device_id); ++ ++ /* only request the client to cancel now in case the request is dropped by the client (chance to recancel) */ ++ if (m->cancel_requested) ++ client_request_cancel(c); ++ ++ c = NULL; ++ return 0; ++} ++ ++static void manager_free(Manager *m) { ++ if (!m) ++ return; ++ ++ /* clear last line */ ++ manager_write_console(m, NULL); ++ ++ sd_event_source_unref(m->connection_event_source); ++ safe_close(m->connection_fd); ++ ++ while (m->clients) ++ client_free(m->clients); ++ ++ manager_disconnect_plymouth(m); ++ ++ sd_event_unref(m->event); ++ ++ free(m); ++} ++ ++static int manager_new(Manager **ret, int fd) { ++ _cleanup_(manager_freep) Manager *m = NULL; ++ int r; ++ ++ assert(ret); ++ ++ m = new0(Manager, 1); ++ if (!m) ++ return -ENOMEM; ++ ++ m->plymouth_fd = -1; ++ m->connection_fd = fd; ++ m->percent = 100; ++ ++ r = sd_event_default(&m->event); ++ if (r < 0) ++ return r; ++ ++ if (access("/run/systemd/show-status", F_OK) >= 0) ++ m->show_status_console = true; ++ ++ r = sd_event_add_io(m->event, &m->connection_event_source, fd, EPOLLIN, manager_new_connection_handler, m); ++ if (r < 0) ++ return r; ++ ++ *ret = m; ++ m = NULL; ++ ++ return 0; ++} ++ ++static int run_event_loop_with_timeout(Manager *m, usec_t timeout) { ++ int r, code; ++ sd_event *e = m->event; ++ ++ assert(e); ++ ++ for (;;) { ++ r = sd_event_get_state(e); ++ if (r < 0) ++ return r; ++ if (r == SD_EVENT_FINISHED) ++ break; ++ ++ r = sd_event_run(e, timeout); ++ if (r < 0) ++ return r; ++ ++ /* Exit if we reached the idle timeout and no more clients are ++ connected. If there is still an fsck process running but ++ simply slow to send us progress updates, exiting would mean ++ that this fsck process receives SIGPIPE resulting in an ++ aborted file system check. */ ++ if (r == 0 && m->n_clients == 0) { ++ sd_event_exit(e, 0); ++ break; ++ } ++ } ++ ++ r = sd_event_get_exit_code(e, &code); ++ if (r < 0) ++ return r; ++ ++ return code; ++} ++ ++static void help(void) { ++ printf("%s [OPTIONS...]\n\n" ++ "Capture fsck progress and forward one stream to plymouth\n\n" ++ " -h --help Show this help\n" ++ " --version Show package version\n", ++ program_invocation_short_name); ++} ++ ++static int parse_argv(int argc, char *argv[]) { ++ ++ enum { ++ ARG_VERSION = 0x100, ++ ARG_ROOT, ++ }; ++ ++ static const struct option options[] = { ++ { "help", no_argument, NULL, 'h' }, ++ { "version", no_argument, NULL, ARG_VERSION }, ++ {} ++ }; ++ ++ int c; ++ ++ assert(argc >= 0); ++ assert(argv); ++ ++ while ((c = getopt_long(argc, argv, "hv", options, NULL)) >= 0) ++ switch (c) { ++ ++ case 'h': ++ help(); ++ return 0; ++ ++ case ARG_VERSION: ++ puts("systemd " GIT_VERSION); ++ puts(SYSTEMD_FEATURES); ++ return 0; ++ ++ case '?': ++ return -EINVAL; ++ ++ default: ++ assert_not_reached("Unhandled option"); ++ } ++ ++ if (optind < argc) { ++ log_error("Extraneous arguments"); ++ return -EINVAL; ++ } ++ ++ return 1; ++} ++ ++int main(int argc, char *argv[]) { ++ _cleanup_(manager_freep) Manager *m = NULL; ++ int fd = -1; ++ int r, n; ++ ++ log_set_target(LOG_TARGET_AUTO); ++ log_parse_environment(); ++ log_open(); ++ init_gettext(); ++ ++ r = parse_argv(argc, argv); ++ if (r <= 0) ++ goto finish; ++ ++ n = sd_listen_fds(0); ++ if (n > 1) { ++ log_error("Too many file descriptors received."); ++ r = -EINVAL; ++ goto finish; ++ } else if (n == 1) ++ fd = SD_LISTEN_FDS_START + 0; ++ else { ++ fd = make_socket_fd(LOG_DEBUG, FSCKD_SOCKET_PATH, SOCK_STREAM, SOCK_CLOEXEC); ++ if (fd < 0) { ++ r = log_error_errno(fd, "Couldn't create listening socket fd on %s: %m", FSCKD_SOCKET_PATH); ++ goto finish; ++ } ++ } ++ ++ r = manager_new(&m, fd); ++ if (r < 0) { ++ log_error_errno(r, "Failed to allocate manager: %m"); ++ goto finish; ++ } ++ ++ r = run_event_loop_with_timeout(m, IDLE_TIME_SECONDS * USEC_PER_SEC); ++ if (r < 0) { ++ log_error_errno(r, "Failed to run event loop: %m"); ++ goto finish; ++ } ++ ++ sd_event_get_exit_code(m->event, &r); ++ ++finish: ++ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; ++} +diff --git a/units/meson.build b/units/meson.build +index d695084..ab489b3 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -87,6 +87,7 @@ units = [ + ['systemd-coredump.socket', 'ENABLE_COREDUMP', + 'sockets.target.wants/'], + ['systemd-exit.service', ''], ++ ['systemd-fsckd.socket', ''], + ['systemd-initctl.socket', '', + 'sockets.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], +@@ -143,6 +144,7 @@ in_units = [ + 'sysinit.target.wants/'], + ['systemd-fsck-root.service', ''], + ['systemd-fsck@.service', ''], ++ ['systemd-fsckd.service', ''], + ['systemd-halt.service', ''], + ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'], + ['systemd-hibernate.service', 'ENABLE_HIBERNATE'], +diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in +index 042081c..bea6c16 100644 +--- a/units/systemd-fsck-root.service.in ++++ b/units/systemd-fsck-root.service.in +@@ -13,6 +13,8 @@ Documentation=man:systemd-fsck-root.service(8) + DefaultDependencies=no + Conflicts=shutdown.target + Before=local-fs.target shutdown.target ++Wants=systemd-fsckd.socket ++After=systemd-fsckd.socket + ConditionPathIsReadWrite=!/ + + [Service] +diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in +index 3322083..bfa565b 100644 +--- a/units/systemd-fsck@.service.in ++++ b/units/systemd-fsck@.service.in +@@ -13,7 +13,8 @@ Documentation=man:systemd-fsck@.service(8) + DefaultDependencies=no + BindsTo=%i.device + Conflicts=shutdown.target +-After=%i.device systemd-fsck-root.service local-fs-pre.target ++Wants=systemd-fsckd.socket ++After=%i.device systemd-fsck-root.service local-fs-pre.target systemd-fsckd.socket + Before=systemd-quotacheck.service shutdown.target + + [Service] +diff --git a/units/systemd-fsckd.service.in b/units/systemd-fsckd.service.in +new file mode 100644 +index 0000000..9c7ed51 +--- /dev/null ++++ b/units/systemd-fsckd.service.in +@@ -0,0 +1,17 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=File System Check Daemon to report status ++Documentation=man:systemd-fsckd.service(8) ++DefaultDependencies=no ++Requires=systemd-fsckd.socket ++Before=shutdown.target ++ ++[Service] ++ExecStart=@rootlibexecdir@/systemd-fsckd ++StandardOutput=journal+console +diff --git a/units/systemd-fsckd.socket b/units/systemd-fsckd.socket +new file mode 100644 +index 0000000..61fec97 +--- /dev/null ++++ b/units/systemd-fsckd.socket +@@ -0,0 +1,15 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=fsck to fsckd communication Socket ++Documentation=man:systemd-fsckd.service(8) man:systemd-fsck@.service(8) man:systemd-fsck-root.service(8) ++DefaultDependencies=no ++ ++[Socket] ++ListenStream=/run/systemd/fsck.progress ++SocketMode=0600 diff --git a/debian/patches/execute-remove-one-redundant-comparison-check.patch b/debian/patches/execute-remove-one-redundant-comparison-check.patch new file mode 100644 index 0000000..d29ece3 --- /dev/null +++ b/debian/patches/execute-remove-one-redundant-comparison-check.patch @@ -0,0 +1,29 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 14 Mar 2019 17:01:46 +0100 +Subject: execute: remove one redundant comparison check + +(cherry picked from commit d484580ca6f0e79abe6f3f5c677323a22d9e22d7) +--- + src/core/execute.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index f2a4c54..5486e37 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2158,11 +2158,12 @@ static int setup_exec_directory( + } + } else { + r = mkdir_label(p, context->directories[type].mode); +- if (r < 0 && r != -EEXIST) +- goto fail; +- if (r == -EEXIST) { ++ if (r < 0) { + struct stat st; + ++ if (r != -EEXIST) ++ goto fail; ++ + if (stat(p, &st) < 0) { + r = -errno; + goto fail; diff --git a/debian/patches/journal-do-not-trigger-assertion-when-journal_file_close-.patch b/debian/patches/journal-do-not-trigger-assertion-when-journal_file_close-.patch new file mode 100644 index 0000000..9cb536b --- /dev/null +++ b/debian/patches/journal-do-not-trigger-assertion-when-journal_file_close-.patch @@ -0,0 +1,46 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 28 May 2019 12:40:17 +0900 +Subject: journal: do not trigger assertion when journal_file_close() get NULL + +We generally expect destructors to not complain if a NULL argument is passed. + +Closes #12400. + +(cherry picked from commit c377a6f3ad3d9bed4ce7e873e8e9ec6b1650c57d) +--- + src/journal/journal-file.c | 3 ++- + src/journal/journald-server.c | 7 ++----- + 2 files changed, 4 insertions(+), 6 deletions(-) + +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index 56827f9..04cf1ef 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -335,7 +335,8 @@ bool journal_file_is_offlining(JournalFile *f) { + } + + JournalFile* journal_file_close(JournalFile *f) { +- assert(f); ++ if (!f) ++ return NULL; + + #if HAVE_GCRYPT + /* Write the final tag */ +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 2a960eb..ba0b35d 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2037,11 +2037,8 @@ void server_done(Server *s) { + + client_context_flush_all(s); + +- if (s->system_journal) +- (void) journal_file_close(s->system_journal); +- +- if (s->runtime_journal) +- (void) journal_file_close(s->runtime_journal); ++ (void) journal_file_close(s->system_journal); ++ (void) journal_file_close(s->runtime_journal); + + ordered_hashmap_free_with_destructor(s->user_journals, journal_file_close); + diff --git a/debian/patches/journal-remote-do-not-request-Content-Length-if-Transfer-.patch b/debian/patches/journal-remote-do-not-request-Content-Length-if-Transfer-.patch new file mode 100644 index 0000000..a8ab578 --- /dev/null +++ b/debian/patches/journal-remote-do-not-request-Content-Length-if-Transfer-.patch @@ -0,0 +1,74 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 11 Mar 2019 12:27:18 +0900 +Subject: journal-remote: do not request Content-Length if Transfer-Encoding + is chunked + +This fixes a bug introduced by 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd. + +Closes #11571. + +(cherry picked from commit a289dfd69b3ff4bccdde93e84b67c947bafa27e1) +--- + src/journal-remote/journal-remote-main.c | 41 +++++++++++++++++++++----------- + 1 file changed, 27 insertions(+), 14 deletions(-) + +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index 802c3ea..2321a91 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -265,6 +265,7 @@ static int request_handler( + const char *header; + int r, code, fd; + _cleanup_free_ char *hostname = NULL; ++ bool chunked = false; + size_t len; + + assert(connection); +@@ -290,21 +291,33 @@ static int request_handler( + return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE, + "Content-Type: application/vnd.fdo.journal is required."); + ++ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Transfer-Encoding"); ++ if (header) { ++ if (!strcaseeq(header, "chunked")) ++ return mhd_respondf(connection, 0, MHD_HTTP_BAD_REQUEST, ++ "Unsupported Transfer-Encoding type: %s", header); ++ ++ chunked = true; ++ } ++ + header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Length"); +- if (!header) +- return mhd_respond(connection, MHD_HTTP_LENGTH_REQUIRED, +- "Content-Length header is required."); +- r = safe_atozu(header, &len); +- if (r < 0) +- return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED, +- "Content-Length: %s cannot be parsed: %m", header); +- +- if (len > ENTRY_SIZE_MAX) +- /* When serialized, an entry of maximum size might be slightly larger, +- * so this does not correspond exactly to the limit in journald. Oh well. +- */ +- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE, +- "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX); ++ if (header) { ++ if (chunked) ++ return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, ++ "Content-Length must not specified when Transfer-Encoding type is 'chuncked'"); ++ ++ r = safe_atozu(header, &len); ++ if (r < 0) ++ return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED, ++ "Content-Length: %s cannot be parsed: %m", header); ++ ++ if (len > ENTRY_SIZE_MAX) ++ /* When serialized, an entry of maximum size might be slightly larger, ++ * so this does not correspond exactly to the limit in journald. Oh well. ++ */ ++ return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE, ++ "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX); ++ } + + { + const union MHD_ConnectionInfo *ci; diff --git a/debian/patches/login-add-a-missing-error-check-for-session_set_leader.patch b/debian/patches/login-add-a-missing-error-check-for-session_set_leader.patch new file mode 100644 index 0000000..ba8bfa9 --- /dev/null +++ b/debian/patches/login-add-a-missing-error-check-for-session_set_leader.patch @@ -0,0 +1,29 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 14 Feb 2019 10:59:13 +0900 +Subject: login: add a missing error check for session_set_leader() + +session_set_leader() may fail. If it fails, then manager_start_scope() +will trigger assertion. + +This may be related to RHBZ#1663704. + +(cherry picked from commit fe3ab8458b9c0ead4b3e14ac25b342d8c34376fe) +--- + src/login/logind-dbus.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 8ab498f..b9ea370 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -790,7 +790,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus + goto fail; + + session_set_user(session, user); +- session_set_leader(session, leader); ++ r = session_set_leader(session, leader); ++ if (r < 0) ++ goto fail; + + session->type = t; + session->class = c; diff --git a/debian/patches/man-add-note-that-h-u-U-are-mostly-useless.patch b/debian/patches/man-add-note-that-h-u-U-are-mostly-useless.patch new file mode 100644 index 0000000..31a95da --- /dev/null +++ b/debian/patches/man-add-note-that-h-u-U-are-mostly-useless.patch @@ -0,0 +1,45 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 21 May 2019 19:31:49 +0200 +Subject: man: add note that %h/%u/%U are mostly useless + +Fixes #12389. + +(cherry picked from commit b4e2407716731d1ce099bad1c2778f7a4424ed2e) +--- + man/systemd.unit.xml | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml +index f21f9ea..be6355d 100644 +--- a/man/systemd.unit.xml ++++ b/man/systemd.unit.xml +@@ -1580,7 +1580,9 @@ + <row> + <entry><literal>%h</literal></entry> + <entry>User home directory</entry> +- <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry> ++ <entry>This is the home directory of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>/root</literal>. ++ ++Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry> + </row> + <row> + <entry><literal>%H</literal></entry> +@@ -1670,12 +1672,16 @@ + <row> + <entry><literal>%u</literal></entry> + <entry>User name</entry> +- <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> ++ <entry>This is the name of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>root</literal>. ++ ++Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry> + </row> + <row> + <entry><literal>%U</literal></entry> + <entry>User UID</entry> +- <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> ++ <entry>This is the numeric UID of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>0</literal>. ++ ++Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry> + </row> + <row> + <entry><literal>%v</literal></entry> diff --git a/debian/patches/meson-make-nologin-path-build-time-configurable.patch b/debian/patches/meson-make-nologin-path-build-time-configurable.patch new file mode 100644 index 0000000..38c91d7 --- /dev/null +++ b/debian/patches/meson-make-nologin-path-build-time-configurable.patch @@ -0,0 +1,354 @@ +From: Michael Biebl <biebl@debian.org> +Date: Thu, 18 Jul 2019 01:24:00 +0200 +Subject: meson: make nologin path build time configurable + +Some distros install nologin as /usr/sbin/nologin, others as +/sbin/nologin. +Since we can't really on merged-usr everywhere (where the path wouldn't +matter), make the path build time configurable via -Dnologin-path=. + +Closes #13028 + +(cherry picked from commit 6db904625d413739c480ddbe7667d3f40acc4ae0) +--- + man/nss-mymachines.xml | 4 ++-- + man/sysusers.d.xml | 4 ++-- + meson.build | 1 + + meson_options.txt | 1 + + src/basic/user-util.c | 4 ++-- + src/nss-mymachines/nss-mymachines.c | 4 ++-- + src/nss-systemd/nss-systemd.c | 4 ++-- + src/sysusers/sysusers.c | 2 +- + src/test/test-user-util.c | 4 ++-- + test/TEST-21-SYSUSERS/test-1.expected-passwd | 2 +- + test/TEST-21-SYSUSERS/test-10.expected-passwd | 4 ++-- + test/TEST-21-SYSUSERS/test-11.expected-passwd | 2 +- + test/TEST-21-SYSUSERS/test-12.expected-passwd | 2 +- + test/TEST-21-SYSUSERS/test-2.expected-passwd | 2 +- + test/TEST-21-SYSUSERS/test-3.expected-passwd | 8 +++---- + test/TEST-21-SYSUSERS/test-4.expected-passwd | 4 ++-- + test/TEST-21-SYSUSERS/test-5.expected-passwd | 34 +++++++++++++-------------- + test/TEST-21-SYSUSERS/test-6.expected-passwd | 2 +- + test/TEST-21-SYSUSERS/test-7.expected-passwd | 10 ++++---- + test/TEST-21-SYSUSERS/test-8.expected-passwd | 2 +- + test/TEST-21-SYSUSERS/test-9.expected-passwd | 4 ++-- + test/TEST-21-SYSUSERS/test.sh | 9 ++++++- + 22 files changed, 61 insertions(+), 52 deletions(-) + +diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml +index 5742d89..5100cd0 100644 +--- a/man/nss-mymachines.xml ++++ b/man/nss-mymachines.xml +@@ -101,8 +101,8 @@ MACHINE CLASS SERVICE OS VERSION ADDRESSES + rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9 + + $ getent passwd vu-rawhide-0 vu-rawhide-81 +-vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/sbin/nologin +-vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/sbin/nologin ++vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin ++vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin + + $ getent group vg-rawhide-0 vg-rawhide-81 + vg-rawhide-0:*:20119552: +diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml +index e47d36c..b470532 100644 +--- a/man/sysusers.d.xml ++++ b/man/sysusers.d.xml +@@ -207,12 +207,12 @@ u root 0 "Superuser" /root /bin/zsh</pro + <title>Shell</title> + + <para>The login shell of the user. If not specified, this will be set to +- <filename>/sbin/nologin</filename>, except if the UID of the user is 0, in ++ <filename>/usr/sbin/nologin</filename>, except if the UID of the user is 0, in + which case <filename>/bin/sh</filename> will be used.</para> + + <para>Only applies to lines of type <varname>u</varname> and should otherwise + be left unset (or <literal>-</literal>). It is recommended to omit this, unless +- a shell different <filename>/sbin/nologin</filename> must be used.</para> ++ a shell different <filename>/usr/sbin/nologin</filename> must be used.</para> + </refsect2> + </refsect1> + +diff --git a/meson.build b/meson.build +index d340736..3afe168 100644 +--- a/meson.build ++++ b/meson.build +@@ -611,6 +611,7 @@ progs = [['quotaon', '/usr/sbin/quotaon' ], + ['umount', '/usr/bin/umount', 'UMOUNT_PATH'], + ['loadkeys', '/usr/bin/loadkeys', 'KBD_LOADKEYS'], + ['setfont', '/usr/bin/setfont', 'KBD_SETFONT'], ++ ['nologin', '/usr/sbin/nologin', ], + ] + foreach prog : progs + path = get_option(prog[0] + '-path') +diff --git a/meson_options.txt b/meson_options.txt +index 044bb79..6304511 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -43,6 +43,7 @@ option('mount-path', type : 'string', description : 'path to mount') + option('umount-path', type : 'string', description : 'path to umount') + option('loadkeys-path', type : 'string', description : 'path to loadkeys') + option('setfont-path', type : 'string', description : 'path to setfont') ++option('nologin-path', type : 'string', description : 'path to nologin') + + option('debug-shell', type : 'string', value : '/bin/sh', + description : 'path to debug shell binary') +diff --git a/src/basic/user-util.c b/src/basic/user-util.c +index 260f3d2..78656d9 100644 +--- a/src/basic/user-util.c ++++ b/src/basic/user-util.c +@@ -146,7 +146,7 @@ static int synthesize_user_creds( + *home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/"; + + if (shell) +- *shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/sbin/nologin"; ++ *shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN; + + return 0; + } +@@ -522,7 +522,7 @@ int get_shell(char **_s) { + } + if (synthesize_nobody() && + u == UID_NOBODY) { +- s = strdup("/sbin/nologin"); ++ s = strdup(NOLOGIN); + if (!s) + return -ENOMEM; + +diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c +index 486a658..d576e69 100644 +--- a/src/nss-mymachines/nss-mymachines.c ++++ b/src/nss-mymachines/nss-mymachines.c +@@ -501,7 +501,7 @@ enum nss_status _nss_mymachines_getpwnam_r( + pwd->pw_gecos = buffer; + pwd->pw_passwd = (char*) "*"; /* locked */ + pwd->pw_dir = (char*) "/"; +- pwd->pw_shell = (char*) "/sbin/nologin"; ++ pwd->pw_shell = (char*) NOLOGIN; + + return NSS_STATUS_SUCCESS; + +@@ -581,7 +581,7 @@ enum nss_status _nss_mymachines_getpwuid_r( + pwd->pw_gecos = buffer; + pwd->pw_passwd = (char*) "*"; /* locked */ + pwd->pw_dir = (char*) "/"; +- pwd->pw_shell = (char*) "/sbin/nologin"; ++ pwd->pw_shell = (char*) NOLOGIN; + + return NSS_STATUS_SUCCESS; + +diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c +index f8db27a..0ca0e8d 100644 +--- a/src/nss-systemd/nss-systemd.c ++++ b/src/nss-systemd/nss-systemd.c +@@ -23,7 +23,7 @@ + #define DYNAMIC_USER_GECOS "Dynamic User" + #define DYNAMIC_USER_PASSWD "*" /* locked */ + #define DYNAMIC_USER_DIR "/" +-#define DYNAMIC_USER_SHELL "/sbin/nologin" ++#define DYNAMIC_USER_SHELL NOLOGIN + + static const struct passwd root_passwd = { + .pw_name = (char*) "root", +@@ -42,7 +42,7 @@ static const struct passwd nobody_passwd = { + .pw_gid = GID_NOBODY, + .pw_gecos = (char*) "User Nobody", + .pw_dir = (char*) "/", +- .pw_shell = (char*) "/sbin/nologin", ++ .pw_shell = (char*) NOLOGIN, + }; + + static const struct group root_group = { +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index df28bcf..91d46a7 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -361,7 +361,7 @@ static int rename_and_apply_smack(const char *temp_path, const char *dest_path) + } + + static const char* default_shell(uid_t uid) { +- return uid == 0 ? "/bin/sh" : "/sbin/nologin"; ++ return uid == 0 ? "/bin/sh" : NOLOGIN; + } + + static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char **tmpfile_path) { +diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c +index 801824a..2e303ad 100644 +--- a/src/test/test-user-util.c ++++ b/src/test/test-user-util.c +@@ -205,8 +205,8 @@ int main(int argc, char *argv[]) { + + test_get_user_creds_one("root", "root", 0, 0, "/root", "/bin/sh"); + test_get_user_creds_one("0", "root", 0, 0, "/root", "/bin/sh"); +- test_get_user_creds_one(NOBODY_USER_NAME, NOBODY_USER_NAME, UID_NOBODY, GID_NOBODY, "/", "/sbin/nologin"); +- test_get_user_creds_one("65534", NOBODY_USER_NAME, UID_NOBODY, GID_NOBODY, "/", "/sbin/nologin"); ++ test_get_user_creds_one(NOBODY_USER_NAME, NOBODY_USER_NAME, UID_NOBODY, GID_NOBODY, "/", NOLOGIN); ++ test_get_user_creds_one("65534", NOBODY_USER_NAME, UID_NOBODY, GID_NOBODY, "/", NOLOGIN); + + test_get_group_creds_one("root", "root", 0); + test_get_group_creds_one("0", "root", 0); +diff --git a/test/TEST-21-SYSUSERS/test-1.expected-passwd b/test/TEST-21-SYSUSERS/test-1.expected-passwd +index 8d0bfff..f59303b 100644 +--- a/test/TEST-21-SYSUSERS/test-1.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-1.expected-passwd +@@ -1 +1 @@ +-u1:x:222:222::/:/sbin/nologin ++u1:x:222:222::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-10.expected-passwd b/test/TEST-21-SYSUSERS/test-10.expected-passwd +index 222334b..ca2d764 100644 +--- a/test/TEST-21-SYSUSERS/test-10.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-10.expected-passwd +@@ -1,2 +1,2 @@ +-u1:x:300:300::/:/sbin/nologin +-u2:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX::/:/sbin/nologin ++u1:x:300:300::/:NOLOGIN ++u2:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-11.expected-passwd b/test/TEST-21-SYSUSERS/test-11.expected-passwd +index 3f9ab39..737e43b 100644 +--- a/test/TEST-21-SYSUSERS/test-11.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-11.expected-passwd +@@ -2,5 +2,5 @@ root:x:0:0:root:/root:/bin/bash + systemd-network:x:492:492:Systemd Network Management:/:/usr/sbin/nologin + systemd-resolve:x:491:491:Systemd Resolver:/:/usr/sbin/nologin + systemd-timesync:x:493:493:Systemd Time Synchronization:/:/usr/sbin/nologin +-u1:x:222:222::/:/sbin/nologin ++u1:x:222:222::/:NOLOGIN + +:::::: +diff --git a/test/TEST-21-SYSUSERS/test-12.expected-passwd b/test/TEST-21-SYSUSERS/test-12.expected-passwd +index 75fe9b4..f076f3d 100644 +--- a/test/TEST-21-SYSUSERS/test-12.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-12.expected-passwd +@@ -1,2 +1,2 @@ + root:x:0:0:root:/root:/bin/bash +-systemd-coredump:x:1:1:systemd Core Dumper:/:/sbin/nologin ++systemd-coredump:x:1:1:systemd Core Dumper:/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-2.expected-passwd b/test/TEST-21-SYSUSERS/test-2.expected-passwd +index 9eeee5d..af80688 100644 +--- a/test/TEST-21-SYSUSERS/test-2.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-2.expected-passwd +@@ -1,4 +1,4 @@ +-u1:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX:some gecos:/random/dir:/sbin/nologin ++u1:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX:some gecos:/random/dir:NOLOGIN + u2:x:777:777:some gecos:/random/dir:/bin/zsh + u3:x:778:778::/random/dir2:/bin/bash + u4:x:779:779::/:/bin/csh +diff --git a/test/TEST-21-SYSUSERS/test-3.expected-passwd b/test/TEST-21-SYSUSERS/test-3.expected-passwd +index a86954f..946303f 100644 +--- a/test/TEST-21-SYSUSERS/test-3.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-3.expected-passwd +@@ -1,4 +1,4 @@ +-foo:x:301:301::/:/sbin/nologin +-aaa:x:303:302::/:/sbin/nologin +-bbb:x:304:302::/:/sbin/nologin +-ccc:x:305:305::/:/sbin/nologin ++foo:x:301:301::/:NOLOGIN ++aaa:x:303:302::/:NOLOGIN ++bbb:x:304:302::/:NOLOGIN ++ccc:x:305:305::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-4.expected-passwd b/test/TEST-21-SYSUSERS/test-4.expected-passwd +index e0370a4..99d1048 100644 +--- a/test/TEST-21-SYSUSERS/test-4.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-4.expected-passwd +@@ -1,2 +1,2 @@ +-yyy:x:311:310::/:/sbin/nologin +-xxx:x:312:310::/:/sbin/nologin ++yyy:x:311:310::/:NOLOGIN ++xxx:x:312:310::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-5.expected-passwd b/test/TEST-21-SYSUSERS/test-5.expected-passwd +index 116b126..a83d566 100644 +--- a/test/TEST-21-SYSUSERS/test-5.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-5.expected-passwd +@@ -1,18 +1,18 @@ + root:x:0:0::/root:/bin/sh +-daemon:x:1:1::/usr/sbin:/sbin/nologin +-bin:x:2:2::/bin:/sbin/nologin +-sys:x:3:3::/dev:/sbin/nologin +-sync:x:4:65534::/bin:/sbin/nologin +-games:x:5:60::/usr/games:/sbin/nologin +-man:x:6:12::/var/cache/man:/sbin/nologin +-lp:x:7:7::/var/spool/lpd:/sbin/nologin +-mail:x:8:8::/var/mail:/sbin/nologin +-news:x:9:9::/var/spool/news:/sbin/nologin +-uucp:x:10:10::/var/spool/uucp:/sbin/nologin +-proxy:x:13:13::/bin:/sbin/nologin +-www-data:x:33:33::/var/www:/sbin/nologin +-backup:x:34:34::/var/backups:/sbin/nologin +-list:x:38:38::/var/list:/sbin/nologin +-irc:x:39:39::/var/run/ircd:/sbin/nologin +-gnats:x:41:41::/var/lib/gnats:/sbin/nologin +-nobody:x:65534:65534::/nonexistent:/sbin/nologin ++daemon:x:1:1::/usr/sbin:NOLOGIN ++bin:x:2:2::/bin:NOLOGIN ++sys:x:3:3::/dev:NOLOGIN ++sync:x:4:65534::/bin:NOLOGIN ++games:x:5:60::/usr/games:NOLOGIN ++man:x:6:12::/var/cache/man:NOLOGIN ++lp:x:7:7::/var/spool/lpd:NOLOGIN ++mail:x:8:8::/var/mail:NOLOGIN ++news:x:9:9::/var/spool/news:NOLOGIN ++uucp:x:10:10::/var/spool/uucp:NOLOGIN ++proxy:x:13:13::/bin:NOLOGIN ++www-data:x:33:33::/var/www:NOLOGIN ++backup:x:34:34::/var/backups:NOLOGIN ++list:x:38:38::/var/list:NOLOGIN ++irc:x:39:39::/var/run/ircd:NOLOGIN ++gnats:x:41:41::/var/lib/gnats:NOLOGIN ++nobody:x:65534:65534::/nonexistent:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-6.expected-passwd b/test/TEST-21-SYSUSERS/test-6.expected-passwd +index 5af9d11..ba55a13 100644 +--- a/test/TEST-21-SYSUSERS/test-6.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-6.expected-passwd +@@ -1 +1 @@ +-u1:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX::/:/sbin/nologin ++u1:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-7.expected-passwd b/test/TEST-21-SYSUSERS/test-7.expected-passwd +index 79668c0..0c5d370 100644 +--- a/test/TEST-21-SYSUSERS/test-7.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-7.expected-passwd +@@ -1,5 +1,5 @@ +-bin:x:1:1::/:/sbin/nologin +-daemon:x:2:2::/:/sbin/nologin +-mail:x:8:12::/var/spool/mail:/sbin/nologin +-ftp:x:14:11::/srv/ftp:/sbin/nologin +-http:x:33:33::/srv/http:/sbin/nologin ++bin:x:1:1::/:NOLOGIN ++daemon:x:2:2::/:NOLOGIN ++mail:x:8:12::/var/spool/mail:NOLOGIN ++ftp:x:14:11::/srv/ftp:NOLOGIN ++http:x:33:33::/srv/http:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-8.expected-passwd b/test/TEST-21-SYSUSERS/test-8.expected-passwd +index 727b819..23e99f0 100644 +--- a/test/TEST-21-SYSUSERS/test-8.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-8.expected-passwd +@@ -1 +1 @@ +-username:x:SYSTEM_UID_MAX:300::/:/sbin/nologin ++username:x:SYSTEM_UID_MAX:300::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test-9.expected-passwd b/test/TEST-21-SYSUSERS/test-9.expected-passwd +index a23260f..0bffbcd 100644 +--- a/test/TEST-21-SYSUSERS/test-9.expected-passwd ++++ b/test/TEST-21-SYSUSERS/test-9.expected-passwd +@@ -1,2 +1,2 @@ +-user1:x:300:300::/:/sbin/nologin +-user2:x:SYSTEM_UID_MAX:300::/:/sbin/nologin ++user1:x:300:300::/:NOLOGIN ++user2:x:SYSTEM_UID_MAX:300::/:NOLOGIN +diff --git a/test/TEST-21-SYSUSERS/test.sh b/test/TEST-21-SYSUSERS/test.sh +index b1049e7..809653c 100755 +--- a/test/TEST-21-SYSUSERS/test.sh ++++ b/test/TEST-21-SYSUSERS/test.sh +@@ -25,7 +25,14 @@ preprocess() { + # get this value from config.h, however the autopkgtest fails with + # it + SYSTEM_UID_MAX=$(awk 'BEGIN { uid=999 } /^\s*SYS_UID_MAX\s+/ { uid=$2 } END { print uid }' /etc/login.defs) +- sed "s/SYSTEM_UID_MAX/${SYSTEM_UID_MAX}/g" "$in" ++ ++ # we can't rely on config.h to get the nologin path, as autopkgtest ++ # uses pre-compiled binaries, so extract it from the systemd-sysusers ++ # binary which we are about to execute ++ NOLOGIN=$(strings $(type -p systemd-sysusers) | grep nologin) ++ ++ sed -e "s/SYSTEM_UID_MAX/${SYSTEM_UID_MAX}/g" \ ++ -e "s#NOLOGIN#${NOLOGIN}#g" "$in" + } + + compare() { diff --git a/debian/patches/missing-Add-new-Linux-capabilities.patch b/debian/patches/missing-Add-new-Linux-capabilities.patch new file mode 100644 index 0000000..324e024 --- /dev/null +++ b/debian/patches/missing-Add-new-Linux-capabilities.patch @@ -0,0 +1,36 @@ +From: =?utf-8?q?Michal_Koutn=C3=BD?= <mkoutny@suse.com> +Date: Wed, 24 Jun 2020 12:43:22 +0200 +Subject: missing: Add new Linux capabilities + +Linux kernel v5.8 adds two new capabilities. Make sure we can recognize +them even when built with an older kernel. + +(cherry picked from commit e41de5e491942b5391b1efb71c82ffd329b3d23d) +--- + src/basic/missing_capability.h | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/basic/missing_capability.h b/src/basic/missing_capability.h +index 1308a3d..dd6bccd 100644 +--- a/src/basic/missing_capability.h ++++ b/src/basic/missing_capability.h +@@ -10,3 +10,19 @@ + #undef CAP_LAST_CAP + #define CAP_LAST_CAP CAP_AUDIT_READ + #endif ++ ++/* 980737282232b752bb14dab96d77665c15889c36 (5.8) */ ++#ifndef CAP_PERFMON ++#define CAP_PERFMON 38 ++ ++#undef CAP_LAST_CAP ++#define CAP_LAST_CAP CAP_PERFMON ++#endif ++ ++/* a17b53c4a4b55ec322c132b6670743612229ee9c (5.8) */ ++#ifndef CAP_BPF ++#define CAP_BPF 39 ++ ++#undef CAP_LAST_CAP ++#define CAP_LAST_CAP CAP_BPF ++#endif diff --git a/debian/patches/mount-generators-do-not-make-unit-wanted-by-its-device-un.patch b/debian/patches/mount-generators-do-not-make-unit-wanted-by-its-device-un.patch new file mode 100644 index 0000000..d38962f --- /dev/null +++ b/debian/patches/mount-generators-do-not-make-unit-wanted-by-its-device-un.patch @@ -0,0 +1,58 @@ +From: Tom Yan <tom.ty89@gmail.com> +Date: Wed, 9 Jan 2019 23:35:24 +0800 +Subject: mount/generators: do not make unit wanted by its device unit + +As device units will be reloaded by systemd whenever the corresponding device generates a "changed" event, if the mount unit / cryptsetup service is wanted by its device unit, the former can be restarted by systemd unexpectedly after the user stopped them explicitly. It is not sensible at all and can be considered dangerous. Neither is the behaviour conventional (as `auto` in fstab should only affect behaviour on boot and `mount -a`) or ever documented at all (not even in systemd, see systemd.mount(5) and crypttab(5)). + +(cherry picked from commit 142b8142d7bb84f07ac33fc00527a4d48ac8ef9f) +--- + src/core/mount.c | 6 +----- + src/cryptsetup/cryptsetup-generator.c | 4 ---- + 2 files changed, 1 insertion(+), 9 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index c31cad6..7064fa1 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -338,7 +338,6 @@ static int mount_add_mount_dependencies(Mount *m) { + } + + static int mount_add_device_dependencies(Mount *m) { +- bool device_wants_mount; + UnitDependencyMask mask; + MountParameters *p; + UnitDependency dep; +@@ -368,9 +367,6 @@ static int mount_add_device_dependencies(Mount *m) { + if (path_equal(m->where, "/")) + return 0; + +- device_wants_mount = +- mount_is_auto(p) && !mount_is_automount(p) && MANAGER_IS_SYSTEM(UNIT(m)->manager); +- + /* Mount units from /proc/self/mountinfo are not bound to devices + * by default since they're subject to races when devices are + * unplugged. But the user can still force this dep with an +@@ -381,7 +377,7 @@ static int mount_add_device_dependencies(Mount *m) { + /* We always use 'what' from /proc/self/mountinfo if mounted */ + mask = m->from_proc_self_mountinfo ? UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT : UNIT_DEPENDENCY_FILE; + +- r = unit_add_node_dependency(UNIT(m), p->what, device_wants_mount, dep, mask); ++ r = unit_add_node_dependency(UNIT(m), p->what, false, dep, mask); + if (r < 0) + return r; + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 8759a26..ea18e84 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -287,10 +287,6 @@ static int create_disk( + return log_error_errno(r, "Failed to write unit file %s: %m", n); + + if (!noauto) { +- r = generator_add_symlink(arg_dest, d, "wants", n); +- if (r < 0) +- return r; +- + r = generator_add_symlink(arg_dest, + netdev ? "remote-cryptsetup.target" : "cryptsetup.target", + nofail ? "wants" : "requires", n); diff --git a/debian/patches/mount-remove-unused-mount_is_auto-and-mount_is_automount.patch b/debian/patches/mount-remove-unused-mount_is_auto-and-mount_is_automount.patch new file mode 100644 index 0000000..58acfc8 --- /dev/null +++ b/debian/patches/mount-remove-unused-mount_is_auto-and-mount_is_automount.patch @@ -0,0 +1,34 @@ +From: Tom Yan <tom.ty89@gmail.com> +Date: Thu, 10 Jan 2019 00:19:43 +0800 +Subject: mount: remove unused mount_is_auto and mount_is_automount + +(cherry picked from commit d0fe45cb151774827a3aca4ea5a19856dec9f600) +--- + src/core/mount.c | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 7064fa1..8da818b 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -101,20 +101,6 @@ static bool mount_is_bind(const MountParameters *p) { + return false; + } + +-static bool mount_is_auto(const MountParameters *p) { +- assert(p); +- +- return !fstab_test_option(p->options, "noauto\0"); +-} +- +-static bool mount_is_automount(const MountParameters *p) { +- assert(p); +- +- return fstab_test_option(p->options, +- "comment=systemd.automount\0" +- "x-systemd.automount\0"); +-} +- + static bool mount_is_bound_to_device(const Mount *m) { + const MountParameters *p; + diff --git a/debian/patches/namespace-make-MountFlags-shared-work-again.patch b/debian/patches/namespace-make-MountFlags-shared-work-again.patch new file mode 100644 index 0000000..2954e67 --- /dev/null +++ b/debian/patches/namespace-make-MountFlags-shared-work-again.patch @@ -0,0 +1,58 @@ +From: Franck Bui <fbui@suse.com> +Date: Wed, 13 Feb 2019 18:45:36 +0100 +Subject: namespace: make MountFlags=shared work again + +Since commit 0722b359342d2a9f9e0d453875624387a0ba1be2, the root mountpoint is +unconditionnally turned to slave which breaks units that are using explicitly +MountFlags=shared (and no other options that would implicitly require a slave +root mountpoint). + +Here is a test case: + + $ systemctl cat test-shared-mount-flag.service + # /etc/systemd/system/test-shared-mount-flag.service + [Service] + Type=simple + ExecStartPre=/usr/bin/mkdir -p /mnt/tmp + ExecStart=/bin/sh -c "/usr/bin/mount -t tmpfs -o size=10M none /mnt/tmp && sleep infinity" + ExecStop=-/bin/sh -c "/usr/bin/umount /mnt/tmp" + MountFlags=shared + + $ systemctl start test-shared-mount-flag.service + $ findmnt /mnt/tmp + $ + +Mount on /mnt/tmp is not visible from the host although MountFlags=shared was +used. + +This patch fixes that and turns the root mountpoint to slave when it's really +required. + +(cherry picked from commit 37ed15d7edaf59a1fc7c9e3552cd93a83f3814ef) +--- + src/core/execute.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 47518f4..f2a4c54 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1839,7 +1839,7 @@ static bool exec_needs_mount_namespace( + if (context->n_temporary_filesystems > 0) + return true; + +- if (context->mount_flags != 0) ++ if (!IN_SET(context->mount_flags, 0, MS_SHARED)) + return true; + + if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) +@@ -2435,6 +2435,9 @@ static int apply_mount_namespace( + else + ns_info = (NamespaceInfo) {}; + ++ if (context->mount_flags == MS_SHARED) ++ log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring"); ++ + r = setup_namespace(root_dir, root_image, + &ns_info, context->read_write_paths, + needs_sandboxing ? context->read_only_paths : NULL, diff --git a/debian/patches/network-check-whether-ipv6-is-enabled-in-sysctl.patch b/debian/patches/network-check-whether-ipv6-is-enabled-in-sysctl.patch new file mode 100644 index 0000000..2b65530 --- /dev/null +++ b/debian/patches/network-check-whether-ipv6-is-enabled-in-sysctl.patch @@ -0,0 +1,119 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 18 Feb 2019 15:00:15 +0900 +Subject: network: check whether ipv6 is enabled in sysctl + +Currently, the value is read only once. + +Fixes #11711. + +(cherry picked from commit 4b600505dda8af6c43496f9e93e420a192d9a38b) +--- + src/network/networkd-link.c | 12 ++++++++++++ + src/network/networkd-manager.c | 18 ++++++++++++++++++ + src/network/networkd-manager.h | 4 ++++ + 3 files changed, 34 insertions(+) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 22392d7..322e701 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -51,6 +51,9 @@ static bool link_dhcp6_enabled(Link *link) { + if (!link->network) + return false; + ++ if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ return false; ++ + return link->network->dhcp & ADDRESS_FAMILY_IPV6; + } + +@@ -108,6 +111,9 @@ static bool link_ipv6ll_enabled(Link *link) { + if (streq_ptr(link->kind, "wireguard")) + return false; + ++ if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ return false; ++ + return link->network->link_local & ADDRESS_FAMILY_IPV6; + } + +@@ -120,6 +126,9 @@ static bool link_ipv6_enabled(Link *link) { + if (link->network->bridge) + return false; + ++ if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ return false; ++ + /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */ + return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network); + } +@@ -199,6 +208,9 @@ static bool link_ipv6_forward_enabled(Link *link) { + if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID) + return false; + ++ if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ return false; ++ + return link->network->ip_forward & ADDRESS_FAMILY_IPV6; + } + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index c8d369e..f32bc7f 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -23,6 +23,7 @@ + #include "path-util.h" + #include "set.h" + #include "strv.h" ++#include "sysctl-util.h" + #include "tmpfile-util.h" + #include "virt.h" + +@@ -1360,6 +1361,8 @@ int manager_new(Manager **ret) { + if (!m->state_file) + return -ENOMEM; + ++ m->sysctl_ipv6_enabled = -1; ++ + r = sd_event_default(&m->event); + if (r < 0) + return r; +@@ -1858,3 +1861,18 @@ int manager_request_product_uuid(Manager *m, Link *link) { + + return 0; + } ++ ++int manager_sysctl_ipv6_enabled(Manager *manager) { ++ _cleanup_free_ char *value = NULL; ++ int r; ++ ++ if (manager->sysctl_ipv6_enabled >= 0) ++ return manager->sysctl_ipv6_enabled; ++ ++ r = sysctl_read_ip_property(AF_INET6, "all", "disable_ipv6", &value); ++ if (r < 0) ++ return log_warning_errno(r, "Failed to read net.ipv6.conf.all.disable_ipv6 sysctl property: %m"); ++ ++ manager->sysctl_ipv6_enabled = value[0] == '0'; ++ return manager->sysctl_ipv6_enabled; ++} +diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h +index 289ca96..d292d76 100644 +--- a/src/network/networkd-manager.h ++++ b/src/network/networkd-manager.h +@@ -58,6 +58,8 @@ struct Manager { + Set *rules; + Set *rules_foreign; + Set *rules_saved; ++ ++ int sysctl_ipv6_enabled; + }; + + extern const sd_bus_vtable manager_vtable[]; +@@ -95,4 +97,6 @@ Link *manager_dhcp6_prefix_get(Manager *m, struct in6_addr *addr); + int manager_dhcp6_prefix_add(Manager *m, struct in6_addr *addr, Link *link); + int manager_dhcp6_prefix_remove_all(Manager *m, Link *link); + ++int manager_sysctl_ipv6_enabled(Manager *manager); ++ + DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); diff --git a/debian/patches/network-do-not-remove-rule-when-it-is-requested-by-existi.patch b/debian/patches/network-do-not-remove-rule-when-it-is-requested-by-existi.patch new file mode 100644 index 0000000..19cabfe --- /dev/null +++ b/debian/patches/network-do-not-remove-rule-when-it-is-requested-by-existi.patch @@ -0,0 +1,56 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 22 Feb 2019 13:32:47 +0900 +Subject: network: do not remove rule when it is requested by existing links + +Otherwise, the first link once removes all saved rules in the foreign +rule database, and the second or later links create again... + +(cherry picked from commit 031fb59a984e5b51f3c72aa8125ecc50b08011fe) +--- + src/network/networkd-routing-policy-rule.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index 21a40fa..65a9af2 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -1250,6 +1250,26 @@ int routing_policy_load_rules(const char *state_file, Set **rules) { + return 0; + } + ++static bool manager_links_have_routing_policy_rule(Manager *m, RoutingPolicyRule *rule) { ++ RoutingPolicyRule *link_rule; ++ Iterator i; ++ Link *link; ++ ++ assert(m); ++ assert(rule); ++ ++ HASHMAP_FOREACH(link, m->links, i) { ++ if (!link->network) ++ continue; ++ ++ LIST_FOREACH(rules, link_rule, link->network->rules) ++ if (routing_policy_rule_compare_func(link_rule, rule) == 0) ++ return true; ++ } ++ ++ return false; ++} ++ + void routing_policy_rule_purge(Manager *m, Link *link) { + RoutingPolicyRule *rule, *existing; + Iterator i; +@@ -1263,6 +1283,12 @@ void routing_policy_rule_purge(Manager *m, Link *link) { + if (!existing) + continue; /* Saved rule does not exist anymore. */ + ++ if (manager_links_have_routing_policy_rule(m, existing)) ++ continue; /* Existing links have the saved rule. */ ++ ++ /* Existing links do not have the saved rule. Let's drop the rule now, and re-configure it ++ * later when it is requested. */ ++ + r = routing_policy_rule_remove(existing, link, NULL); + if (r < 0) { + log_warning_errno(r, "Could not remove routing policy rules: %m"); diff --git a/debian/patches/network-do-not-send-ipv6-token-to-kernel.patch b/debian/patches/network-do-not-send-ipv6-token-to-kernel.patch new file mode 100644 index 0000000..766d470 --- /dev/null +++ b/debian/patches/network-do-not-send-ipv6-token-to-kernel.patch @@ -0,0 +1,92 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 9 May 2019 14:39:46 +0900 +Subject: network: do not send ipv6 token to kernel + +We disabled kernel RA support. Then, we should not send +IFLA_INET6_TOKEN. +Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice. + +Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and +4eb086a38712ea98faf41e075b84555b11b54362. + +(cherry picked from commit 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f) +--- + src/network/networkd-link.c | 51 ++++++--------------------------------------- + 1 file changed, 6 insertions(+), 45 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 6445b94..ac76c86 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1816,6 +1816,9 @@ static int link_configure_addrgen_mode(Link *link) { + assert(link->manager); + assert(link->manager->rtnl); + ++ if (!socket_ipv6_is_supported()) ++ return 0; ++ + log_link_debug(link, "Setting address genmode for link"); + + r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); +@@ -1917,46 +1920,6 @@ static int link_up(Link *link) { + return log_link_error_errno(link, r, "Could not set MAC address: %m"); + } + +- if (link_ipv6_enabled(link)) { +- uint8_t ipv6ll_mode; +- +- r = sd_netlink_message_open_container(req, IFLA_AF_SPEC); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m"); +- +- /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */ +- r = sd_netlink_message_open_container(req, AF_INET6); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m"); +- +- if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) { +- r = sd_netlink_message_append_in6_addr(req, IFLA_INET6_TOKEN, &link->network->ipv6_token.in6); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m"); +- } +- +- if (!link_ipv6ll_enabled(link)) +- ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE; +- else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0) +- /* The file may not exist. And event if it exists, when stable_secret is unset, +- * reading the file fails with EIO. */ +- ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64; +- else +- ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; +- +- r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m"); +- +- r = sd_netlink_message_close_container(req); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m"); +- +- r = sd_netlink_message_close_container(req); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m"); +- } +- + r = netlink_call_async(link->manager->rtnl, NULL, req, link_up_handler, + link_netlink_destroy_callback, link); + if (r < 0) +@@ -3044,11 +3007,9 @@ static int link_configure(Link *link) { + return r; + } + +- if (socket_ipv6_is_supported()) { +- r = link_configure_addrgen_mode(link); +- if (r < 0) +- return r; +- } ++ r = link_configure_addrgen_mode(link); ++ if (r < 0) ++ return r; + + return link_configure_after_setting_mtu(link); + } diff --git a/debian/patches/network-ignore-requested-ipv6-addresses-when-ipv6-is-disa.patch b/debian/patches/network-ignore-requested-ipv6-addresses-when-ipv6-is-disa.patch new file mode 100644 index 0000000..5b6ea17 --- /dev/null +++ b/debian/patches/network-ignore-requested-ipv6-addresses-when-ipv6-is-disa.patch @@ -0,0 +1,67 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 11 Jun 2019 23:20:56 +0900 +Subject: network: ignore requested ipv6 addresses when ipv6 is disabled by + sysctl + +(cherry picked from commit 54a1a535bd60f13964bbddd8f381601e33e8e56f) +--- + src/network/networkd-address.c | 7 ++++++- + src/network/networkd-link.c | 4 ++-- + src/network/networkd-ndisc.c | 4 ++-- + 3 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 3cdbd9e..a9f65e5 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -565,6 +565,11 @@ int address_configure( + assert(link->manager->rtnl); + assert(callback); + ++ if (address->family == AF_INET6 && manager_sysctl_ipv6_enabled(link->manager) == 0) { ++ log_link_warning(link, "An IPv6 address is requested, but IPv6 is disabled by sysctl, ignoring."); ++ return 0; ++ } ++ + /* If this is a new address, then refuse adding more than the limit */ + if (address_get(link, address->family, &address->in_addr, address->prefixlen, NULL) <= 0 && + set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX) +@@ -669,7 +674,7 @@ int address_configure( + return log_error_errno(r, "Could not add address: %m"); + } + +- return 0; ++ return 1; + } + + int config_parse_broadcast( +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 322e701..638aae0 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1123,8 +1123,8 @@ static int link_request_set_addresses(Link *link) { + link_enter_failed(link); + return r; + } +- +- link->address_messages++; ++ if (r > 0) ++ link->address_messages++; + } + + LIST_FOREACH(labels, label, link->network->address_labels) { +diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c +index e5b8d11..78c98a0 100644 +--- a/src/network/networkd-ndisc.c ++++ b/src/network/networkd-ndisc.c +@@ -205,8 +205,8 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r + link_enter_failed(link); + return r; + } +- +- link->ndisc_messages++; ++ if (r > 0) ++ link->ndisc_messages++; + + return 0; + } diff --git a/debian/patches/network-ignore-requested-ipv6-route-when-ipv6-is-disabled.patch b/debian/patches/network-ignore-requested-ipv6-route-when-ipv6-is-disabled.patch new file mode 100644 index 0000000..0960802 --- /dev/null +++ b/debian/patches/network-ignore-requested-ipv6-route-when-ipv6-is-disabled.patch @@ -0,0 +1,88 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 11 Jun 2019 23:26:11 +0900 +Subject: network: ignore requested ipv6 route when ipv6 is disabled by sysctl + +(cherry picked from commit c442331750a2a9711036080f7590e190b9b0eb54) +--- + src/network/networkd-link.c | 4 ++-- + src/network/networkd-ndisc.c | 12 ++++++------ + src/network/networkd-route.c | 7 ++++++- + 3 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 638aae0..5a181c2 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -840,8 +840,8 @@ static int link_request_set_routes(Link *link) { + link_enter_failed(link); + return r; + } +- +- link->route_messages++; ++ if (r > 0) ++ link->route_messages++; + } + + if (link->route_messages == 0) { +diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c +index 78c98a0..36fbe29 100644 +--- a/src/network/networkd-ndisc.c ++++ b/src/network/networkd-ndisc.c +@@ -117,8 +117,8 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { + link_enter_failed(link); + return r; + } +- +- link->ndisc_messages++; ++ if (r > 0) ++ link->ndisc_messages++; + + return 0; + } +@@ -255,8 +255,8 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) { + link_enter_failed(link); + return r; + } +- +- link->ndisc_messages++; ++ if (r > 0) ++ link->ndisc_messages++; + + return 0; + } +@@ -316,8 +316,8 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { + link_enter_failed(link); + return r; + } +- +- link->ndisc_messages++; ++ if (r > 0) ++ link->ndisc_messages++; + + return 0; + } +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 5553a7e..5b7e019 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -509,6 +509,11 @@ int route_configure( + assert(IN_SET(route->family, AF_INET, AF_INET6)); + assert(callback); + ++ if (route->family == AF_INET6 && manager_sysctl_ipv6_enabled(link->manager) == 0) { ++ log_link_warning(link, "An IPv6 route is requested, but IPv6 is disabled by sysctl, ignoring."); ++ return 0; ++ } ++ + if (route_get(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, NULL) <= 0 && + set_size(link->routes) >= routes_max()) + return -E2BIG; +@@ -675,7 +680,7 @@ int route_configure( + sd_event_source_unref(route->expire); + route->expire = TAKE_PTR(expire); + +- return 0; ++ return 1; + } + + int config_parse_gateway( diff --git a/debian/patches/network-ignore-requested-ipv6-routing-policy-rule-when-ip.patch b/debian/patches/network-ignore-requested-ipv6-routing-policy-rule-when-ip.patch new file mode 100644 index 0000000..270af9c --- /dev/null +++ b/debian/patches/network-ignore-requested-ipv6-routing-policy-rule-when-ip.patch @@ -0,0 +1,51 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 11 Jun 2019 23:29:57 +0900 +Subject: network: ignore requested ipv6 routing policy rule when ipv6 is + disabled by sysctl + +(cherry picked from commit 7ef7e5509b637e660e89ba8a938930ec01de6e54) +--- + src/network/networkd-link.c | 4 ++-- + src/network/networkd-routing-policy-rule.c | 7 ++++++- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 5a181c2..13852af 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -765,8 +765,8 @@ static int link_request_set_routing_policy_rule(Link *link) { + link_enter_failed(link); + return r; + } +- +- link->routing_policy_rule_messages++; ++ if (r > 0) ++ link->routing_policy_rule_messages++; + } + + routing_policy_rule_purge(link->manager, link); +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index 65a9af2..0b62a0e 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -492,6 +492,11 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl + assert(link->manager); + assert(link->manager->rtnl); + ++ if (rule->family == AF_INET6 && manager_sysctl_ipv6_enabled(link->manager) == 0) { ++ log_link_warning(link, "An IPv6 routing policy rule is requested, but IPv6 is disabled by sysctl, ignoring."); ++ return 0; ++ } ++ + r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_NEWRULE, rule->family); + if (r < 0) + return log_error_errno(r, "Could not allocate RTM_NEWRULE message: %m"); +@@ -609,7 +614,7 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl + if (r < 0) + return log_error_errno(r, "Could not add rule: %m"); + +- return 0; ++ return 1; + } + + static int parse_fwmark_fwmask(const char *s, uint32_t *fwmark, uint32_t *fwmask) { diff --git a/debian/patches/network-read-link-specific-sysctl-value.patch b/debian/patches/network-read-link-specific-sysctl-value.patch new file mode 100644 index 0000000..aaa29a6 --- /dev/null +++ b/debian/patches/network-read-link-specific-sysctl-value.patch @@ -0,0 +1,208 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 14 Jun 2019 09:42:51 +0900 +Subject: network: read link specific sysctl value + +This introduce link_sysctl_ipv6_enabled() and replaces +manager_sysctl_ipv6_enabled() with it. + +(cherry picked from commit bafa9641446852f7fa15ca12d08a223d345c78ea) +--- + src/network/networkd-address.c | 2 +- + src/network/networkd-link.c | 24 ++++++++++++++++++++---- + src/network/networkd-link.h | 4 ++++ + src/network/networkd-manager.c | 17 ----------------- + src/network/networkd-manager.h | 4 ---- + src/network/networkd-route.c | 2 +- + src/network/networkd-routing-policy-rule.c | 2 +- + 7 files changed, 27 insertions(+), 28 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index a9f65e5..e0ee896 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -565,7 +565,7 @@ int address_configure( + assert(link->manager->rtnl); + assert(callback); + +- if (address->family == AF_INET6 && manager_sysctl_ipv6_enabled(link->manager) == 0) { ++ if (address->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { + log_link_warning(link, "An IPv6 address is requested, but IPv6 is disabled by sysctl, ignoring."); + return 0; + } +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 13852af..3cfdf4a 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -28,6 +28,7 @@ + #include "stdio-util.h" + #include "string-table.h" + #include "strv.h" ++#include "sysctl-util.h" + #include "tmpfile-util.h" + #include "util.h" + #include "virt.h" +@@ -39,6 +40,20 @@ DUID* link_get_duid(Link *link) { + return &link->manager->duid; + } + ++int link_sysctl_ipv6_enabled(Link *link) { ++ _cleanup_free_ char *value = NULL; ++ int r; ++ ++ r = sysctl_read_ip_property(AF_INET6, link->ifname, "disable_ipv6", &value); ++ if (r < 0) ++ return log_link_warning_errno(link, r, ++ "Failed to read net.ipv6.conf.%s.disable_ipv6 sysctl property: %m", ++ link->ifname); ++ ++ link->sysctl_ipv6_enabled = value[0] == '0'; ++ return link->sysctl_ipv6_enabled; ++} ++ + static bool link_dhcp6_enabled(Link *link) { + assert(link); + +@@ -51,7 +66,7 @@ static bool link_dhcp6_enabled(Link *link) { + if (!link->network) + return false; + +- if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ if (link_sysctl_ipv6_enabled(link) == 0) + return false; + + return link->network->dhcp & ADDRESS_FAMILY_IPV6; +@@ -111,7 +126,7 @@ static bool link_ipv6ll_enabled(Link *link) { + if (streq_ptr(link->kind, "wireguard")) + return false; + +- if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ if (link_sysctl_ipv6_enabled(link) == 0) + return false; + + return link->network->link_local & ADDRESS_FAMILY_IPV6; +@@ -126,7 +141,7 @@ static bool link_ipv6_enabled(Link *link) { + if (link->network->bridge) + return false; + +- if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ if (link_sysctl_ipv6_enabled(link) == 0) + return false; + + /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */ +@@ -208,7 +223,7 @@ static bool link_ipv6_forward_enabled(Link *link) { + if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID) + return false; + +- if (manager_sysctl_ipv6_enabled(link->manager) == 0) ++ if (link_sysctl_ipv6_enabled(link) == 0) + return false; + + return link->network->ip_forward & ADDRESS_FAMILY_IPV6; +@@ -476,6 +491,7 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { + .rtnl_extended_attrs = true, + .ifindex = ifindex, + .iftype = iftype, ++ .sysctl_ipv6_enabled = -1, + }; + + link->ifname = strdup(ifname); +diff --git a/src/network/networkd-link.h b/src/network/networkd-link.h +index dcb1ea6..6adea64 100644 +--- a/src/network/networkd-link.h ++++ b/src/network/networkd-link.h +@@ -128,6 +128,8 @@ typedef struct Link { + + Hashmap *bound_by_links; + Hashmap *bound_to_links; ++ ++ int sysctl_ipv6_enabled; + } Link; + + typedef int (*link_netlink_message_handler_t)(sd_netlink*, sd_netlink_message*, Link*); +@@ -209,6 +211,8 @@ int link_send_changed(Link *link, const char *property, ...) _sentinel_; + #define LOG_LINK_MESSAGE(link, fmt, ...) "MESSAGE=%s: " fmt, (link)->ifname, ##__VA_ARGS__ + #define LOG_LINK_INTERFACE(link) "INTERFACE=%s", (link)->ifname + ++int link_sysctl_ipv6_enabled(Link *link); ++ + #define ADDRESS_FMT_VAL(address) \ + be32toh((address).s_addr) >> 24, \ + (be32toh((address).s_addr) >> 16) & 0xFFu, \ +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index f32bc7f..acb9a75 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -1361,8 +1361,6 @@ int manager_new(Manager **ret) { + if (!m->state_file) + return -ENOMEM; + +- m->sysctl_ipv6_enabled = -1; +- + r = sd_event_default(&m->event); + if (r < 0) + return r; +@@ -1861,18 +1859,3 @@ int manager_request_product_uuid(Manager *m, Link *link) { + + return 0; + } +- +-int manager_sysctl_ipv6_enabled(Manager *manager) { +- _cleanup_free_ char *value = NULL; +- int r; +- +- if (manager->sysctl_ipv6_enabled >= 0) +- return manager->sysctl_ipv6_enabled; +- +- r = sysctl_read_ip_property(AF_INET6, "all", "disable_ipv6", &value); +- if (r < 0) +- return log_warning_errno(r, "Failed to read net.ipv6.conf.all.disable_ipv6 sysctl property: %m"); +- +- manager->sysctl_ipv6_enabled = value[0] == '0'; +- return manager->sysctl_ipv6_enabled; +-} +diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h +index d292d76..289ca96 100644 +--- a/src/network/networkd-manager.h ++++ b/src/network/networkd-manager.h +@@ -58,8 +58,6 @@ struct Manager { + Set *rules; + Set *rules_foreign; + Set *rules_saved; +- +- int sysctl_ipv6_enabled; + }; + + extern const sd_bus_vtable manager_vtable[]; +@@ -97,6 +95,4 @@ Link *manager_dhcp6_prefix_get(Manager *m, struct in6_addr *addr); + int manager_dhcp6_prefix_add(Manager *m, struct in6_addr *addr, Link *link); + int manager_dhcp6_prefix_remove_all(Manager *m, Link *link); + +-int manager_sysctl_ipv6_enabled(Manager *manager); +- + DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 5b7e019..67b0ab4 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -509,7 +509,7 @@ int route_configure( + assert(IN_SET(route->family, AF_INET, AF_INET6)); + assert(callback); + +- if (route->family == AF_INET6 && manager_sysctl_ipv6_enabled(link->manager) == 0) { ++ if (route->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { + log_link_warning(link, "An IPv6 route is requested, but IPv6 is disabled by sysctl, ignoring."); + return 0; + } +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index 0b62a0e..2378ed2 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -492,7 +492,7 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl + assert(link->manager); + assert(link->manager->rtnl); + +- if (rule->family == AF_INET6 && manager_sysctl_ipv6_enabled(link->manager) == 0) { ++ if (rule->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { + log_link_warning(link, "An IPv6 routing policy rule is requested, but IPv6 is disabled by sysctl, ignoring."); + return 0; + } diff --git a/debian/patches/network-remove-routing-policy-rule-from-foreign-rule-data.patch b/debian/patches/network-remove-routing-policy-rule-from-foreign-rule-data.patch new file mode 100644 index 0000000..b19e588 --- /dev/null +++ b/debian/patches/network-remove-routing-policy-rule-from-foreign-rule-data.patch @@ -0,0 +1,52 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 22 Feb 2019 13:27:44 +0900 +Subject: network: remove routing policy rule from foreign rule database when + it is removed + +Previously, When the first link configures rules, it removes all saved +rules, which were configured by networkd previously, in the foreign rule +database, but the rules themselves are still in the database. +Thus, when the second or later link configures rules, it errnously +treats the rules already exist. +This is the root of issue #11280. + +This removes rules from the foreign database when they are removed. + +Fixes #11280. + +(cherry picked from commit 92cd00b9749141907a1110044cc7d1f01caff545) +--- + src/network/networkd-routing-policy-rule.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index 2dc7862..21a40fa 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -1260,15 +1260,18 @@ void routing_policy_rule_purge(Manager *m, Link *link) { + + SET_FOREACH(rule, m->rules_saved, i) { + existing = set_get(m->rules_foreign, rule); +- if (existing) { ++ if (!existing) ++ continue; /* Saved rule does not exist anymore. */ + +- r = routing_policy_rule_remove(rule, link, NULL); +- if (r < 0) { +- log_warning_errno(r, "Could not remove routing policy rules: %m"); +- continue; +- } +- +- link->routing_policy_rule_remove_messages++; ++ r = routing_policy_rule_remove(existing, link, NULL); ++ if (r < 0) { ++ log_warning_errno(r, "Could not remove routing policy rules: %m"); ++ continue; + } ++ ++ link->routing_policy_rule_remove_messages++; ++ ++ assert_se(set_remove(m->rules_foreign, existing) == existing); ++ routing_policy_rule_free(existing); + } + } diff --git a/debian/patches/networkd-clarify-that-IPv6-RA-uses-our-own-stack-no-the-k.patch b/debian/patches/networkd-clarify-that-IPv6-RA-uses-our-own-stack-no-the-k.patch new file mode 100644 index 0000000..8b7b4d8 --- /dev/null +++ b/debian/patches/networkd-clarify-that-IPv6-RA-uses-our-own-stack-no-the-k.patch @@ -0,0 +1,26 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 13 Mar 2019 17:00:56 +0100 +Subject: networkd: clarify that IPv6 RA uses our own stack, no the kernel's + +Fixes: #8906 +(cherry picked from commit c4a05aa1a8338013108d099de805f3262a871c0f) +--- + man/systemd.network.xml | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index ee464ff..12be72a 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -632,6 +632,11 @@ + url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel + documentation regarding <literal>accept_ra</literal>, but note that systemd's setting of + <constant>1</constant> (i.e. true) corresponds to kernel's setting of <constant>2</constant>.</para> ++ ++ <para>Note that if this option is enabled a userspace implementation of the IPv6 RA protocol is ++ used, and the kernel's own implementation remains disabled, since `networkd` needs to know all ++ details supplied in the advertisements, and these are not available from the kernel if the kernel's ++ own implemenation is used.</para> + </listitem> + </varlistentry> + <varlistentry> diff --git a/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch b/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch new file mode 100644 index 0000000..b8788fb --- /dev/null +++ b/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch @@ -0,0 +1,24 @@ +From: Susant Sahani <ssahani@gmail.com> +Date: Tue, 14 May 2019 11:45:23 +0200 +Subject: networkd: do not generate MAC for bridge device. + +closes https://github.com/systemd/systemd/issues/12558 + +(cherry picked from commit deb2cfa4c6885d448eb1f17e5ef1b139106b7e86) +--- + src/network/netdev/netdev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c +index ecd6cf4..6ef1631 100644 +--- a/src/network/netdev/netdev.c ++++ b/src/network/netdev/netdev.c +@@ -720,7 +720,7 @@ int netdev_load_one(Manager *manager, const char *filename) { + if (!netdev->filename) + return log_oom(); + +- if (!netdev->mac && netdev->kind != NETDEV_KIND_VLAN) { ++ if (!netdev->mac && !IN_SET(netdev->kind, NETDEV_KIND_VLAN, NETDEV_KIND_BRIDGE)) { + r = netdev_get_mac(netdev->ifname, &netdev->mac); + if (r < 0) + return log_error_errno(r, "Failed to generate predictable MAC address for %s: %m", netdev->ifname); diff --git a/debian/patches/networkd-fix-link_up-12505.patch b/debian/patches/networkd-fix-link_up-12505.patch new file mode 100644 index 0000000..a801d61 --- /dev/null +++ b/debian/patches/networkd-fix-link_up-12505.patch @@ -0,0 +1,62 @@ +From: Susant Sahani <ssahani@gmail.com> +Date: Thu, 9 May 2019 07:35:35 +0530 +Subject: networkd: fix link_up() (#12505) + +Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up. + +Fixes the following error: +``` +dummy-test: Could not bring up interface: Invalid argument +``` + +After reading the kernel code when we do a link up +``` +net/core/rtnetlink.c +IFLA_AF_SPEC + af_ops->set_link_af(dev, af); + inet6_set_link_af + if (tb[IFLA_INET6_ADDR_GEN_MODE]) + Here it looks for IFLA_INET6_ADDR_GEN_MODE +``` +Since link up we didn't filling up that it's failing. + +Closes #12504. + +(cherry picked from commit 4eb086a38712ea98faf41e075b84555b11b54362) +--- + src/network/networkd-link.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 3cfdf4a..6445b94 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1918,6 +1918,8 @@ static int link_up(Link *link) { + } + + if (link_ipv6_enabled(link)) { ++ uint8_t ipv6ll_mode; ++ + r = sd_netlink_message_open_container(req, IFLA_AF_SPEC); + if (r < 0) + return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m"); +@@ -1933,6 +1935,19 @@ static int link_up(Link *link) { + return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m"); + } + ++ if (!link_ipv6ll_enabled(link)) ++ ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE; ++ else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0) ++ /* The file may not exist. And event if it exists, when stable_secret is unset, ++ * reading the file fails with EIO. */ ++ ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64; ++ else ++ ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; ++ ++ r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode); ++ if (r < 0) ++ return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m"); ++ + r = sd_netlink_message_close_container(req); + if (r < 0) + return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m"); diff --git a/debian/patches/networkd-test-disable-DNSSEC-in-domain-restricted-DNS-tes.patch b/debian/patches/networkd-test-disable-DNSSEC-in-domain-restricted-DNS-tes.patch new file mode 100644 index 0000000..8813a4a --- /dev/null +++ b/debian/patches/networkd-test-disable-DNSSEC-in-domain-restricted-DNS-tes.patch @@ -0,0 +1,33 @@ +From: Martin Pitt <martin@piware.de> +Date: Thu, 21 Feb 2019 12:24:16 +0100 +Subject: networkd-test: disable DNSSEC in domain-restricted DNS test + +dnsmasq 2.80 changed behaviour when being queried by resolved with +enabled DNSSEC: It returns errors for SOA and DS queries which cause the +entire query to fail. As we don't configure DNSSEC in this test anyway, +just disable it so that we retain compatibility with old and new dnsmasq +versions. + +(cherry picked from commit 6592c9c850675fb20236271efc4f65acbe3bfa00) +--- + test/networkd-test.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/test/networkd-test.py b/test/networkd-test.py +index 7011abc..71ee06f 100755 +--- a/test/networkd-test.py ++++ b/test/networkd-test.py +@@ -575,6 +575,13 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): + def test_resolved_domain_restricted_dns(self): + '''resolved: domain-restricted DNS servers''' + ++ # FIXME: resolvectl query fails with enabled DNSSEC against our dnsmasq ++ conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf' ++ os.makedirs(os.path.dirname(conf), exist_ok=True) ++ with open(conf, 'w') as f: ++ f.write('[Resolve]\nDNSSEC=no\n') ++ self.addCleanup(os.remove, conf) ++ + # create interface for generic connections; this will map all DNS names + # to 192.168.42.1 + self.create_iface(dnsmasq_opts=['--address=/#/192.168.42.1']) diff --git a/debian/patches/networkd-test-fix-test_dropin.patch b/debian/patches/networkd-test-fix-test_dropin.patch new file mode 100644 index 0000000..1e17745 --- /dev/null +++ b/debian/patches/networkd-test-fix-test_dropin.patch @@ -0,0 +1,34 @@ +From: Martin Pitt <martin@piware.de> +Date: Thu, 21 Feb 2019 12:34:23 +0100 +Subject: networkd-test: fix test_dropin() + + - This test needs resolved, so make sure it is started. In some Debian + environments it is not. + - It was an unnecessary, and now failing assumption that name servers + get atomically written to the resolved's resolv.conf. Wait until both + expected name servers are in the file. + +(cherry picked from commit f5cf985e9cc6fff747ca17acadb1b4751076103b) +--- + test/networkd-test.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/networkd-test.py b/test/networkd-test.py +index c03e760..9487910 100755 +--- a/test/networkd-test.py ++++ b/test/networkd-test.py +@@ -950,12 +950,12 @@ DNS=192.168.42.1''') + [Network] + DNS=127.0.0.1''') + +- subprocess.check_call(['systemctl', 'start', 'systemd-networkd']) ++ subprocess.check_call(['systemctl', 'start', 'systemd-resolved', 'systemd-networkd']) + + for timeout in range(50): + with open(RESOLV_CONF) as f: + contents = f.read() +- if ' 127.0.0.1' in contents: ++ if ' 127.0.0.1' in contents and '192.168.42.1' in contents: + break + time.sleep(0.1) + self.assertIn('nameserver 192.168.42.1\n', contents) diff --git a/debian/patches/networkd-test-ignore-failures-of-test_route_only_dns-in-c.patch b/debian/patches/networkd-test-ignore-failures-of-test_route_only_dns-in-c.patch new file mode 100644 index 0000000..72e5042 --- /dev/null +++ b/debian/patches/networkd-test-ignore-failures-of-test_route_only_dns-in-c.patch @@ -0,0 +1,61 @@ +From: Martin Pitt <martin@piware.de> +Date: Wed, 27 Feb 2019 23:15:31 +0100 +Subject: networkd-test: ignore failures of test_route_only_dns* in containers + +This test exposes a race condition when running in LXC, see issue #11848 +for details. Until that is understood and fixed, skip the test as it's +not a recent regression. + +(cherry picked from commit 09b8826ea371e027c76a573a226bfd8f8c5652a2) +--- + test/networkd-test.py | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/test/networkd-test.py b/test/networkd-test.py +index 9487910..6efeef9 100755 +--- a/test/networkd-test.py ++++ b/test/networkd-test.py +@@ -29,6 +29,7 @@ import time + import unittest + + HAVE_DNSMASQ = shutil.which('dnsmasq') is not None ++IS_CONTAINER = subprocess.call(['systemd-detect-virt', '--quiet', '--container']) == 0 + + NETWORK_UNITDIR = '/run/systemd/network' + +@@ -476,8 +477,15 @@ Address=192.168.42.100 + DNS=192.168.42.1 + Domains= ~company''') + +- self.do_test(coldplug=True, ipv6=False, +- extra_opts='IPv6AcceptRouterAdvertisements=False') ++ try: ++ self.do_test(coldplug=True, ipv6=False, ++ extra_opts='IPv6AcceptRouterAdvertisements=False') ++ except subprocess.CalledProcessError as e: ++ # networkd often fails to start in LXC: https://github.com/systemd/systemd/issues/11848 ++ if IS_CONTAINER and e.cmd == ['systemctl', 'start', 'systemd-networkd']: ++ raise unittest.SkipTest('https://github.com/systemd/systemd/issues/11848') ++ else: ++ raise + + with open(RESOLV_CONF) as f: + contents = f.read() +@@ -500,8 +508,15 @@ Address=192.168.42.100 + DNS=192.168.42.1 + Domains= ~company ~.''') + +- self.do_test(coldplug=True, ipv6=False, +- extra_opts='IPv6AcceptRouterAdvertisements=False') ++ try: ++ self.do_test(coldplug=True, ipv6=False, ++ extra_opts='IPv6AcceptRouterAdvertisements=False') ++ except subprocess.CalledProcessError as e: ++ # networkd often fails to start in LXC: https://github.com/systemd/systemd/issues/11848 ++ if IS_CONTAINER and e.cmd == ['systemctl', 'start', 'systemd-networkd']: ++ raise unittest.SkipTest('https://github.com/systemd/systemd/issues/11848') ++ else: ++ raise + + with open(RESOLV_CONF) as f: + contents = f.read() diff --git a/debian/patches/networkd-test-use-a-complete-domain-name-in-test_route_on.patch b/debian/patches/networkd-test-use-a-complete-domain-name-in-test_route_on.patch new file mode 100644 index 0000000..a37980b --- /dev/null +++ b/debian/patches/networkd-test-use-a-complete-domain-name-in-test_route_on.patch @@ -0,0 +1,87 @@ +From: Martin Pitt <martin@piware.de> +Date: Thu, 21 Feb 2019 12:26:44 +0100 +Subject: networkd-test: use a complete domain name in test_route_only_dns() + +Since version 241 (commit ea4678?), querying MX type records for +single-label domains does not actually forward the query to the DNS +server any more. Use "example.com" instead, which is the recommended +test domain anyway. + +(cherry picked from commit ca56805c8de43fc21ab4657cf5ebd1e0248527ac) +--- + test/networkd-test.py | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) + +diff --git a/test/networkd-test.py b/test/networkd-test.py +index 71ee06f..c03e760 100755 +--- a/test/networkd-test.py ++++ b/test/networkd-test.py +@@ -655,52 +655,52 @@ Domains= ~company ~lab''') + '''resolved queries to /etc/hosts''' + + # FIXME: -t MX query fails with enabled DNSSEC (even when using +- # the known negative trust anchor .internal instead of .example) ++ # the known negative trust anchor .internal instead of .example.com) + conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf' + os.makedirs(os.path.dirname(conf), exist_ok=True) + with open(conf, 'w') as f: + f.write('[Resolve]\nDNSSEC=no\nLLMNR=no\nMulticastDNS=no\n') + self.addCleanup(os.remove, conf) + +- # create /etc/hosts bind mount which resolves my.example for IPv4 ++ # create /etc/hosts bind mount which resolves my.example.com for IPv4 + hosts = os.path.join(self.workdir, 'hosts') + with open(hosts, 'w') as f: +- f.write('172.16.99.99 my.example\n') ++ f.write('172.16.99.99 my.example.com\n') + subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts']) + self.addCleanup(subprocess.call, ['umount', '/etc/hosts']) + subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service']) + + # note: different IPv4 address here, so that it's easy to tell apart + # what resolved the query +- self.create_iface(dnsmasq_opts=['--host-record=my.example,172.16.99.1,2600::99:99', +- '--host-record=other.example,172.16.0.42,2600::42', +- '--mx-host=example,mail.example'], ++ self.create_iface(dnsmasq_opts=['--host-record=my.example.com,172.16.99.1,2600::99:99', ++ '--host-record=other.example.com,172.16.0.42,2600::42', ++ '--mx-host=example.com,mail.example.com'], + ipv6=True) + self.do_test(coldplug=None, ipv6=True) + + try: + # family specific queries +- out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example']) +- self.assertIn(b'my.example: 172.16.99.99', out) ++ out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example.com']) ++ self.assertIn(b'my.example.com: 172.16.99.99', out) + # we don't expect an IPv6 answer; if /etc/hosts has any IP address, + # it's considered a sufficient source +- self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example']), 0) ++ self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example.com']), 0) + # "any family" query; IPv4 should come from /etc/hosts +- out = subprocess.check_output(['resolvectl', 'query', 'my.example']) +- self.assertIn(b'my.example: 172.16.99.99', out) ++ out = subprocess.check_output(['resolvectl', 'query', 'my.example.com']) ++ self.assertIn(b'my.example.com: 172.16.99.99', out) + # IP → name lookup; again, takes the /etc/hosts one + out = subprocess.check_output(['resolvectl', 'query', '172.16.99.99']) +- self.assertIn(b'172.16.99.99: my.example', out) ++ self.assertIn(b'172.16.99.99: my.example.com', out) + + # non-address RRs should fall back to DNS +- out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example']) +- self.assertIn(b'example IN MX 1 mail.example', out) ++ out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example.com']) ++ self.assertIn(b'example.com IN MX 1 mail.example.com', out) + + # other domains query DNS +- out = subprocess.check_output(['resolvectl', 'query', 'other.example']) ++ out = subprocess.check_output(['resolvectl', 'query', 'other.example.com']) + self.assertIn(b'172.16.0.42', out) + out = subprocess.check_output(['resolvectl', 'query', '172.16.0.42']) +- self.assertIn(b'172.16.0.42: other.example', out) ++ self.assertIn(b'172.16.0.42: other.example.com', out) + except (AssertionError, subprocess.CalledProcessError): + self.show_journal('systemd-resolved.service') + self.print_server_log() diff --git a/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch b/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch new file mode 100644 index 0000000..b966fe3 --- /dev/null +++ b/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch @@ -0,0 +1,40 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 4 Feb 2019 10:23:43 +0100 +Subject: pam-systemd: use secure_getenv() rather than getenv() + +And explain why in a comment. + +(cherry picked from commit 83d4ab55336ff8a0643c6aa627b31e351a24040a) +--- + src/login/pam_systemd.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c +index 997b74e..ea245c8 100644 +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -316,14 +316,21 @@ static const char* getenv_harder(pam_handle_t *handle, const char *key, const ch + assert(handle); + assert(key); + +- /* Looks for an environment variable, preferrably in the environment block associated with the specified PAM +- * handle, falling back to the process' block instead. */ ++ /* Looks for an environment variable, preferrably in the environment block associated with the ++ * specified PAM handle, falling back to the process' block instead. Why check both? Because we want ++ * to permit configuration of session properties from unit files that invoke PAM services, so that ++ * PAM services don't have to be reworked to set systemd-specific properties, but these properties ++ * can still be set from the unit file Environment= block. */ + + v = pam_getenv(handle, key); + if (!isempty(v)) + return v; + +- v = getenv(key); ++ /* We use secure_getenv() here, since we might get loaded into su/sudo, which are SUID. Ideally ++ * they'd clean up the environment before invoking foreign code (such as PAM modules), but alas they ++ * currently don't (to be precise, they clean up the environment they pass to their children, but ++ * not their own environ[]). */ ++ v = secure_getenv(key); + if (!isempty(v)) + return v; + diff --git a/debian/patches/polkit-on-async-pk-requests-re-validate-action-details.patch b/debian/patches/polkit-on-async-pk-requests-re-validate-action-details.patch new file mode 100644 index 0000000..c6ffacf --- /dev/null +++ b/debian/patches/polkit-on-async-pk-requests-re-validate-action-details.patch @@ -0,0 +1,81 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 16:52:10 +0100 +Subject: polkit: on async pk requests, re-validate action/details + +When we do an async pk request, let's store which action/details we used +for the original request, and when we are called for the second time, +let's compare. If the action/details changed, let's not allow the access +to go through. + +(cherry picked from commit 7f56982289275ce84e20f0554475864953e6aaab) +(cherry picked from commit 0697d0d972c8d91395eb539a8e87e4aec8b37b75) +(cherry picked from commit 54791aff01aa93a8b621808d80ab506b54f245c8) +(cherry picked from commit 70d0f5ea5952a0cedd84c352070613df4ba5fc8f) +--- + src/shared/bus-polkit.c | 30 +++++++++++++++++++++++++++--- + 1 file changed, 27 insertions(+), 3 deletions(-) + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index 81193b8..6343dd6 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -155,6 +155,9 @@ int bus_test_polkit( + #if ENABLE_POLKIT + + typedef struct AsyncPolkitQuery { ++ char *action; ++ char **details; ++ + sd_bus_message *request, *reply; + sd_bus_message_handler_t callback; + void *userdata; +@@ -175,6 +178,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { + sd_bus_message_unref(q->request); + sd_bus_message_unref(q->reply); + ++ free(q->action); ++ strv_free(q->details); ++ + free(q); + } + +@@ -239,11 +245,17 @@ int bus_verify_polkit_async( + if (q) { + int authorized, challenge; + +- /* This is the second invocation of this function, and +- * there's already a response from polkit, let's +- * process it */ ++ /* This is the second invocation of this function, and there's already a response from ++ * polkit, let's process it */ + assert(q->reply); + ++ /* If the operation we want to authenticate changed between the first and the second time, ++ * let's not use this authentication, it might be out of date as the object and context we ++ * operate on might have changed. */ ++ if (!streq(q->action, action) || ++ !strv_equal(q->details, (char**) details)) ++ return -ESTALE; ++ + if (sd_bus_message_is_method_error(q->reply, NULL)) { + const sd_bus_error *e; + +@@ -339,6 +351,18 @@ int bus_verify_polkit_async( + q->callback = callback; + q->userdata = userdata; + ++ q->action = strdup(action); ++ if (!q->action) { ++ async_polkit_query_free(q); ++ return -ENOMEM; ++ } ++ ++ q->details = strv_copy((char**) details); ++ if (!q->details) { ++ async_polkit_query_free(q); ++ return -ENOMEM; ++ } ++ + r = hashmap_put(*registry, call, q); + if (r < 0) { + async_polkit_query_free(q); diff --git a/debian/patches/polkit-reuse-some-common-bus-message-appending-code.patch b/debian/patches/polkit-reuse-some-common-bus-message-appending-code.patch new file mode 100644 index 0000000..98e43ca --- /dev/null +++ b/debian/patches/polkit-reuse-some-common-bus-message-appending-code.patch @@ -0,0 +1,107 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 16:44:43 +0100 +Subject: polkit: reuse some common bus message appending code + +(cherry picked from commit 95f82ae9d774f3508ce89dcbdd0714ef7385df59) +(cherry picked from commit 2589995acdb297a073270b54d8fff54b98fa57e9) +(cherry picked from commit 81532beddcc3b7946a573e15641742c452c66db7) +(cherry picked from commit 18b7b7fe307f03928bfea3ef0663048b7be6e4fb) +--- + src/shared/bus-polkit.c | 56 ++++++++++++++++++++++++++++--------------------- + 1 file changed, 32 insertions(+), 24 deletions(-) + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index f93aa17..81193b8 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -30,6 +30,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) { + return sender_uid == good_user; + } + ++#if ENABLE_POLKIT ++static int bus_message_append_strv_key_value( ++ sd_bus_message *m, ++ const char **l) { ++ ++ const char **k, **v; ++ int r; ++ ++ assert(m); ++ ++ r = sd_bus_message_open_container(m, 'a', "{ss}"); ++ if (r < 0) ++ return r; ++ ++ STRV_FOREACH_PAIR(k, v, l) { ++ r = sd_bus_message_append(m, "{ss}", *k, *v); ++ if (r < 0) ++ return r; ++ } ++ ++ r = sd_bus_message_close_container(m); ++ if (r < 0) ++ return r; ++ ++ return r; ++} ++#endif ++ + int bus_test_polkit( + sd_bus_message *call, + int capability, +@@ -60,7 +88,7 @@ int bus_test_polkit( + _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL; + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + int authorized = false, challenge = false; +- const char *sender, **k, **v; ++ const char *sender; + + sender = sd_bus_message_get_sender(call); + if (!sender) +@@ -84,17 +112,7 @@ int bus_test_polkit( + if (r < 0) + return r; + +- r = sd_bus_message_open_container(request, 'a', "{ss}"); +- if (r < 0) +- return r; +- +- STRV_FOREACH_PAIR(k, v, details) { +- r = sd_bus_message_append(request, "{ss}", *k, *v); +- if (r < 0) +- return r; +- } +- +- r = sd_bus_message_close_container(request); ++ r = bus_message_append_strv_key_value(request, details); + if (r < 0) + return r; + +@@ -201,7 +219,7 @@ int bus_verify_polkit_async( + #if ENABLE_POLKIT + _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; + AsyncPolkitQuery *q; +- const char *sender, **k, **v; ++ const char *sender; + sd_bus_message_handler_t callback; + void *userdata; + int c; +@@ -305,17 +323,7 @@ int bus_verify_polkit_async( + if (r < 0) + return r; + +- r = sd_bus_message_open_container(pk, 'a', "{ss}"); +- if (r < 0) +- return r; +- +- STRV_FOREACH_PAIR(k, v, details) { +- r = sd_bus_message_append(pk, "{ss}", *k, *v); +- if (r < 0) +- return r; +- } +- +- r = sd_bus_message_close_container(pk); ++ r = bus_message_append_strv_key_value(pk, details); + if (r < 0) + return r; + diff --git a/debian/patches/polkit-use-structured-initialization.patch b/debian/patches/polkit-use-structured-initialization.patch new file mode 100644 index 0000000..683fb3b --- /dev/null +++ b/debian/patches/polkit-use-structured-initialization.patch @@ -0,0 +1,36 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 16:53:59 +0100 +Subject: polkit: use structured initialization + +(cherry picked from commit f4425c72c7395ec93ae00052916a66e2f60f200b) +(cherry picked from commit 5926f9f1723fd753a0c524ed96a13538c851395e) +(cherry picked from commit 4d80c8f158333117dabb0e6f7592059cddb1d6d0) +(cherry picked from commit 9131bb3d45e6384309eea42affd1aa757ef28cd7) +--- + src/shared/bus-polkit.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index 6343dd6..c42c39a 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -343,13 +343,15 @@ int bus_verify_polkit_async( + if (r < 0) + return r; + +- q = new0(AsyncPolkitQuery, 1); ++ q = new(AsyncPolkitQuery, 1); + if (!q) + return -ENOMEM; + +- q->request = sd_bus_message_ref(call); +- q->callback = callback; +- q->userdata = userdata; ++ *q = (AsyncPolkitQuery) { ++ .request = sd_bus_message_ref(call), ++ .callback = callback, ++ .userdata = userdata, ++ }; + + q->action = strdup(action); + if (!q->action) { diff --git a/debian/patches/polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch b/debian/patches/polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch new file mode 100644 index 0000000..2175b78 --- /dev/null +++ b/debian/patches/polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch @@ -0,0 +1,166 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 17:07:47 +0100 +Subject: polkit: when authorizing via PK let's re-resolve callback/userdata + instead of caching it + +Previously, when doing an async PK query we'd store the original +callback/userdata pair and call it again after the PK request is +complete. This is problematic, since PK queries might be slow and in the +meantime the userdata might be released and re-acquired. Let's avoid +this by always traversing through the message handlers so that we always +re-resolve the callback and userdata pair and thus can be sure it's +up-to-date and properly valid. + +(cherry picked from commit 637486261528e8aa3da9f26a4487dc254f4b7abb) +(cherry picked from commit e2d4cb9843c50eff76e9104fec6b448c0d7c8814) +(cherry picked from commit fb21e13e8ecbe25d80c1219b14e6495795df18ef) +(cherry picked from commit c3141774dfb84b1526c4991bb775457c739eb179) +--- + src/shared/bus-polkit.c | 78 ++++++++++++++++++++++++++++++++----------------- + 1 file changed, 52 insertions(+), 26 deletions(-) + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index c42c39a..02c11aa 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -159,14 +159,13 @@ typedef struct AsyncPolkitQuery { + char **details; + + sd_bus_message *request, *reply; +- sd_bus_message_handler_t callback; +- void *userdata; + sd_bus_slot *slot; ++ + Hashmap *registry; ++ sd_event_source *defer_event_source; + } AsyncPolkitQuery; + + static void async_polkit_query_free(AsyncPolkitQuery *q) { +- + if (!q) + return; + +@@ -181,9 +180,24 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { + free(q->action); + strv_free(q->details); + ++ if (q->defer_event_source) ++ (void) sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_OFF); ++ sd_event_source_unref(q->defer_event_source); + free(q); + } + ++static int async_polkit_defer(sd_event_source *s, void *userdata) { ++ AsyncPolkitQuery *q = userdata; ++ ++ assert(s); ++ ++ /* This is called as idle event source after we processed the async polkit reply, hopefully after the ++ * method call we re-enqueued has been properly processed. */ ++ ++ async_polkit_query_free(q); ++ return 0; ++} ++ + static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { + _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; + AsyncPolkitQuery *q = userdata; +@@ -192,21 +206,46 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e + assert(reply); + assert(q); + ++ assert(q->slot); + q->slot = sd_bus_slot_unref(q->slot); ++ ++ assert(!q->reply); + q->reply = sd_bus_message_ref(reply); + ++ /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the ++ * whole message processing again, and thus re-validating and re-retrieving the "userdata" field ++ * again. ++ * ++ * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again, ++ * i.e. after the second time the message is processed is complete. */ ++ ++ assert(!q->defer_event_source); ++ r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); ++ if (r < 0) ++ goto fail; ++ ++ r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); ++ if (r < 0) ++ goto fail; ++ ++ r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); ++ if (r < 0) ++ goto fail; ++ + r = sd_bus_message_rewind(q->request, true); +- if (r < 0) { +- r = sd_bus_reply_method_errno(q->request, r, NULL); +- goto finish; +- } ++ if (r < 0) ++ goto fail; ++ ++ r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request); ++ if (r < 0) ++ goto fail; + +- r = q->callback(q->request, q->userdata, &error_buffer); +- r = bus_maybe_reply_error(q->request, r, &error_buffer); ++ return 1; + +-finish: ++fail: ++ log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); ++ (void) sd_bus_reply_method_errno(q->request, r, NULL); + async_polkit_query_free(q); +- + return r; + } + +@@ -225,11 +264,9 @@ int bus_verify_polkit_async( + #if ENABLE_POLKIT + _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; + AsyncPolkitQuery *q; +- const char *sender; +- sd_bus_message_handler_t callback; +- void *userdata; + int c; + #endif ++ const char *sender; + int r; + + assert(call); +@@ -293,20 +330,11 @@ int bus_verify_polkit_async( + else if (r > 0) + return 1; + +-#if ENABLE_POLKIT +- if (sd_bus_get_current_message(call->bus) != call) +- return -EINVAL; +- +- callback = sd_bus_get_current_handler(call->bus); +- if (!callback) +- return -EINVAL; +- +- userdata = sd_bus_get_current_userdata(call->bus); +- + sender = sd_bus_message_get_sender(call); + if (!sender) + return -EBADMSG; + ++#if ENABLE_POLKIT + c = sd_bus_message_get_allow_interactive_authorization(call); + if (c < 0) + return c; +@@ -349,8 +377,6 @@ int bus_verify_polkit_async( + + *q = (AsyncPolkitQuery) { + .request = sd_bus_message_ref(call), +- .callback = callback, +- .userdata = userdata, + }; + + q->action = strdup(action); diff --git a/debian/patches/random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch b/debian/patches/random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch new file mode 100644 index 0000000..5c464ad --- /dev/null +++ b/debian/patches/random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch @@ -0,0 +1,54 @@ +From: Michael Biebl <biebl@debian.org> +Date: Tue, 14 May 2019 13:12:35 +0200 +Subject: random-util: eat up bad RDRAND values seen on AMD CPUs + +An ugly, ugly work-around for #11810. And no, we shouldn't have to do +this. This is something for AMD, the firmware or the kernel to +fix/work-around, not us. But nonetheless, this should do it for now. + +Fixes: #11810 +(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077) +--- + src/basic/random-util.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/basic/random-util.c b/src/basic/random-util.c +index f7decf6..38f8180 100644 +--- a/src/basic/random-util.c ++++ b/src/basic/random-util.c +@@ -37,6 +37,7 @@ int rdrand(unsigned long *ret) { + + #if defined(__i386__) || defined(__x86_64__) + static int have_rdrand = -1; ++ unsigned long v; + unsigned char err; + + if (have_rdrand < 0) { +@@ -56,7 +57,7 @@ int rdrand(unsigned long *ret) { + + asm volatile("rdrand %0;" + "setc %1" +- : "=r" (*ret), ++ : "=r" (v), + "=qm" (err)); + + #if HAS_FEATURE_MEMORY_SANITIZER +@@ -66,6 +67,18 @@ int rdrand(unsigned long *ret) { + if (!err) + return -EAGAIN; + ++ /* Apparently on some AMD CPUs RDRAND will sometimes (after a suspend/resume cycle?) report success ++ * via the carry flag but nonetheless return the same fixed value -1 in all cases. This appears to be ++ * a bad bug in the CPU or firmware. Let's deal with that and work-around this by explicitly checking ++ * for this special value (and also 0, just to be sure) and filtering it out. This is a work-around ++ * only however and something AMD really should fix properly. The Linux kernel should probably work ++ * around this issue by turning off RDRAND altogether on those CPUs. See: ++ * https://github.com/systemd/systemd/issues/11810 */ ++ if (v == 0 || v == ULONG_MAX) ++ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN), ++ "RDRAND returned suspicious value %lx, assuming bad hardware RNG, not using value.", v); ++ ++ *ret = v; + return 0; + #else + return -EOPNOTSUPP; diff --git a/debian/patches/remove-.-path-components-from-required-mount-paths.patch b/debian/patches/remove-.-path-components-from-required-mount-paths.patch new file mode 100644 index 0000000..3cb5b6a --- /dev/null +++ b/debian/patches/remove-.-path-components-from-required-mount-paths.patch @@ -0,0 +1,30 @@ +From: Stephane Chazelas <stephane.chazelas@gmail.com> +Date: Wed, 6 Mar 2019 22:16:55 +0000 +Subject: remove "." path components from required mount paths + +unit_require_mounts_for may be passed path arguments that contain "." +components like for user's home directories where "." is sometimes used +to specify some form of anchor point. + +This change stops considering such path as an error and removes the "." +components instead. + +Closes: #11910 +(cherry picked from commit 106bf8e445a797f9d9c88b827ed42193f2f6b838) +--- + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 24b14fb..2a7359a 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4607,7 +4607,7 @@ int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) + if (!p) + return -ENOMEM; + +- path = path_simplify(p, false); ++ path = path_simplify(p, true); + + if (!path_is_normalized(path)) + return -EPERM; diff --git a/debian/patches/resolve-fix-memleak.patch b/debian/patches/resolve-fix-memleak.patch new file mode 100644 index 0000000..f37f322 --- /dev/null +++ b/debian/patches/resolve-fix-memleak.patch @@ -0,0 +1,32 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 12 Jul 2019 14:19:36 +0900 +Subject: resolve: fix memleak + +(cherry picked from commit 2400ae29a55aab8659fa778f02d1884b86a95062) +(cherry picked from commit 7727e6c0ae1769ba7ea9959aa721236c025adbdf) +(cherry picked from commit 9755ac0744f858cfa952033552ac6f2401e0f2d0) +--- + src/resolve/resolved-manager.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index b3d35c8..2017b0e 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -11,6 +11,7 @@ + + #include "af-list.h" + #include "alloc-util.h" ++#include "bus-util.h" + #include "dirent-util.h" + #include "dns-domain.h" + #include "fd-util.h" +@@ -689,6 +690,8 @@ Manager *manager_free(Manager *m) { + manager_mdns_stop(m); + manager_dns_stub_stop(m); + ++ bus_verify_polkit_async_registry_free(m->polkit_registry); ++ + sd_bus_flush_close_unref(m->bus); + + sd_event_source_unref(m->sigusr1_event_source); diff --git a/debian/patches/sd-bus-enforce-a-size-limit-on-D-Bus-object-paths.patch b/debian/patches/sd-bus-enforce-a-size-limit-on-D-Bus-object-paths.patch new file mode 100644 index 0000000..335fccc --- /dev/null +++ b/debian/patches/sd-bus-enforce-a-size-limit-on-D-Bus-object-paths.patch @@ -0,0 +1,215 @@ +From: Martin Pitt <martin@piware.de> +Date: Sun, 17 Feb 2019 10:17:45 +0100 +Subject: sd-bus: enforce a size limit on D-Bus object paths + +Replace stack with heap allocation. This avoids accessing/modifying +memory outside of the allocated stack region by sending specially +crafted D-Bus messages with very large object paths. + +Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>, +patch provided by Riccardo Schirone <rschiron@redhat.com>. + +CVE-2019-6454 +--- + src/libsystemd/sd-bus/bus-internal.c | 2 +- + src/libsystemd/sd-bus/bus-internal.h | 4 +++ + src/libsystemd/sd-bus/bus-objects.c | 64 ++++++++++++++++++++++++++++-------- + 3 files changed, 55 insertions(+), 15 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c +index 40acae2..598b7f1 100644 +--- a/src/libsystemd/sd-bus/bus-internal.c ++++ b/src/libsystemd/sd-bus/bus-internal.c +@@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) { + if (slash) + return false; + +- return true; ++ return (q - p) <= BUS_PATH_SIZE_MAX; + } + + char* object_path_startswith(const char *a, const char *b) { +diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h +index f208b29..a8d61bf 100644 +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -332,6 +332,10 @@ struct sd_bus { + + #define BUS_MESSAGE_SIZE_MAX (128*1024*1024) + #define BUS_AUTH_SIZE_MAX (64*1024) ++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one ++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, ++ * to not clash unnecessarily with real-life applications. */ ++#define BUS_PATH_SIZE_MAX (64*1024) + + #define BUS_CONTAINER_DEPTH 128 + +diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c +index 58329f3..983921d 100644 +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -1133,7 +1133,8 @@ static int object_manager_serialize_path_and_fallbacks( + const char *path, + sd_bus_error *error) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -1149,7 +1150,11 @@ static int object_manager_serialize_path_and_fallbacks( + return 0; + + /* Second, add fallback vtables registered for any of the prefixes */ +- prefix = newa(char, strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_manager_serialize_path(bus, reply, prefix, path, true, error); + if (r < 0) +@@ -1345,6 +1350,7 @@ static int object_find_and_run( + } + + int bus_process_object(sd_bus *bus, sd_bus_message *m) { ++ _cleanup_free_ char *prefix = NULL; + int r; + size_t pl; + bool found_object = false; +@@ -1369,9 +1375,12 @@ int bus_process_object(sd_bus *bus, sd_bus_message *m) { + assert(m->member); + + pl = strlen(m->path); +- do { +- char prefix[pl+1]; ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + ++ do { + bus->nodes_modified = false; + + r = object_find_and_run(bus, m, m->path, false, &found_object); +@@ -1498,9 +1507,14 @@ static int bus_find_parent_object_manager(sd_bus *bus, struct node **out, const + + n = hashmap_get(bus->nodes, path); + if (!n) { +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + +- prefix = newa(char, strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + n = hashmap_get(bus->nodes, prefix); + if (n) +@@ -2083,8 +2097,9 @@ _public_ int sd_bus_emit_properties_changed_strv( + const char *interface, + char **names) { + ++ _cleanup_free_ char *prefix = NULL; + bool found_interface = false; +- char *prefix; ++ size_t pl; + int r; + + assert_return(bus, -EINVAL); +@@ -2105,6 +2120,12 @@ _public_ int sd_bus_emit_properties_changed_strv( + + BUS_DONT_DESTROY(bus); + ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + do { + bus->nodes_modified = false; + +@@ -2114,7 +2135,6 @@ _public_ int sd_bus_emit_properties_changed_strv( + if (bus->nodes_modified) + continue; + +- prefix = newa(char, strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names); + if (r != 0) +@@ -2246,7 +2266,8 @@ static int object_added_append_all_prefix( + + static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2291,7 +2312,11 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p + if (bus->nodes_modified) + return 0; + +- prefix = newa(char, strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_added_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2430,7 +2455,8 @@ static int object_removed_append_all_prefix( + + static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2462,7 +2488,11 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char + if (bus->nodes_modified) + return 0; + +- prefix = newa(char, strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2612,7 +2642,8 @@ static int interfaces_added_append_one( + const char *path, + const char *interface) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2626,7 +2657,12 @@ static int interfaces_added_append_one( + if (bus->nodes_modified) + return 0; + +- prefix = newa(char, strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); + if (r != 0) diff --git a/debian/patches/sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch b/debian/patches/sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch new file mode 100644 index 0000000..b19d8fc --- /dev/null +++ b/debian/patches/sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch @@ -0,0 +1,65 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 17:05:17 +0100 +Subject: sd-bus: introduce API for re-enqueuing incoming messages + +When authorizing via PolicyKit we want to process incoming method calls +twice: once to process and figure out that we need PK authentication, +and a second time after we acquired PK authentication to actually execute +the operation. With this new call sd_bus_enqueue_for_read() we have a +way to put an incoming message back into the read queue for this +purpose. + +This might have other uses too, for example debugging. + +(cherry picked from commit 1068447e6954dc6ce52f099ed174c442cb89ed54) + +zjs: patch modified to not make the function public +(cherry picked from commit 83bfc0d8dd026814d23e3fdfa46806394f775526) +(cherry picked from commit 2e504c92d195d407cec3ba9ed156b195c31a5f3f) +(cherry picked from commit 351627d4bfa39dd05f28d889967383af2372de6d) +--- + src/libsystemd/sd-bus/bus-message.h | 1 + + src/libsystemd/sd-bus/sd-bus.c | 24 ++++++++++++++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h +index 0115437..7fd3f11 100644 +--- a/src/libsystemd/sd-bus/bus-message.h ++++ b/src/libsystemd/sd-bus/bus-message.h +@@ -211,3 +211,4 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m); + + void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m); + void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m); ++int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m); +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 1ff858f..94380af 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -4144,3 +4144,27 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) { + + return bus->close_on_exit; + } ++ ++int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { ++ int r; ++ ++ assert_return(bus, -EINVAL); ++ assert_return(bus = bus_resolve(bus), -ENOPKG); ++ assert_return(m, -EINVAL); ++ assert_return(m->sealed, -EINVAL); ++ assert_return(!bus_pid_changed(bus), -ECHILD); ++ ++ if (!BUS_IS_OPEN(bus->state)) ++ return -ENOTCONN; ++ ++ /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication, ++ * where we want accept a message, then determine we need to interactively authenticate the user, and ++ * when we have that process the message again. */ ++ ++ r = bus_rqueue_make_room(bus); ++ if (r < 0) ++ return r; ++ ++ bus->rqueue[bus->rqueue_size++] = sd_bus_message_ref(m); ++ return 0; ++} diff --git a/debian/patches/sd-device-also-store-properties-read-from-udev-database-t.patch b/debian/patches/sd-device-also-store-properties-read-from-udev-database-t.patch new file mode 100644 index 0000000..1684698 --- /dev/null +++ b/debian/patches/sd-device-also-store-properties-read-from-udev-database-t.patch @@ -0,0 +1,51 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 16 Feb 2019 05:21:59 +0900 +Subject: sd-device: also store properties read from udev database to + sd_device::properties_db + +Follow-up for a3ce813697bcc1c4644e097a2f1cd0459326d6ee and +5ce41697bd3ddc19cd6e1e6834751082ca0c8b02. + +Before a3ce813697bcc1c4644e097a2f1cd0459326d6ee, all properties in +src->properties and src->properties_db are mixed and copied to +dst->properties_db by device_copy_properties(). +So, it is not necessary to store data from udev database file to +sd_device::properties_db before copying properties. + +But now, properties are not mixed. So, the read data need to be +stored to also ::properties_db. + +Fixes #11721. + +(cherry picked from commit 03dd7b7ddec1b0e06f254972a2e05f516a05edaf) +--- + src/libsystemd/sd-device/sd-device.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 2a69f2e..9137a93 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -1110,6 +1110,7 @@ int device_add_devlink(sd_device *device, const char *devlink) { + static int device_add_property_internal_from_string(sd_device *device, const char *str) { + _cleanup_free_ char *key = NULL; + char *value; ++ int r; + + assert(device); + assert(str); +@@ -1127,7 +1128,13 @@ static int device_add_property_internal_from_string(sd_device *device, const cha + if (isempty(++value)) + value = NULL; + +- return device_add_property_internal(device, key, value); ++ /* Add the property to both sd_device::properties and sd_device::properties_db, ++ * as this is called by only handle_db_line(). */ ++ r = device_add_property_aux(device, key, value, false); ++ if (r < 0) ++ return r; ++ ++ return device_add_property_aux(device, key, value, true); + } + + int device_set_usec_initialized(sd_device *device, usec_t when) { diff --git a/debian/patches/seccomp-allow-turning-off-of-seccomp-filtering-via-env-va.patch b/debian/patches/seccomp-allow-turning-off-of-seccomp-filtering-via-env-va.patch new file mode 100644 index 0000000..12d823f --- /dev/null +++ b/debian/patches/seccomp-allow-turning-off-of-seccomp-filtering-via-env-va.patch @@ -0,0 +1,79 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 2 Nov 2020 14:51:10 +0100 +Subject: seccomp: allow turning off of seccomp filtering via env var + +Fixes: #17504 + +Also suggested in: https://github.com/systemd/systemd/issues/17245#issuecomment-704773603 + +(cherry picked from commit ce8f6d478e3f6c6a313fb19615aa5029bb18f86d) +--- + docs/ENVIRONMENT.md | 3 +++ + src/nspawn/nspawn-seccomp.c | 2 +- + src/shared/seccomp-util.c | 19 +++++++++++++++---- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md +index 99b5b03..286a5e2 100644 +--- a/docs/ENVIRONMENT.md ++++ b/docs/ENVIRONMENT.md +@@ -58,6 +58,9 @@ All tools: + this only controls use of Unicode emoji glyphs, and has no effect on other + Unicode glyphs. + ++* `$SYSTEMD_SECCOMP=0` – if set, seccomp filters will not be enforced, even if ++ support for it is compiled in and available in the kernel. ++ + systemctl: + + * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus +diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c +index e7ef80f..17abfce 100644 +--- a/src/nspawn/nspawn-seccomp.c ++++ b/src/nspawn/nspawn-seccomp.c +@@ -168,7 +168,7 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys + int r; + + if (!is_seccomp_available()) { +- log_debug("SECCOMP features not detected in the kernel, disabling SECCOMP filterering"); ++ log_debug("SECCOMP features not detected in the kernel or disabled at runtime, disabling SECCOMP filtering"); + return 0; + } + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 958128c..cbab63c 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -19,6 +19,7 @@ + #include "strv.h" + #include "util.h" + #include "errno-list.h" ++#include "env-util.h" + + const uint32_t seccomp_local_archs[] = { + +@@ -242,10 +243,20 @@ static bool is_seccomp_filter_available(void) { + bool is_seccomp_available(void) { + static int cached_enabled = -1; + +- if (cached_enabled < 0) +- cached_enabled = +- is_basic_seccomp_available() && +- is_seccomp_filter_available(); ++ if (cached_enabled < 0) { ++ int b; ++ ++ b = getenv_bool_secure("SYSTEMD_SECCOMP"); ++ if (b != 0) { ++ if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */ ++ log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring."); ++ ++ cached_enabled = ++ is_basic_seccomp_available() && ++ is_seccomp_filter_available(); ++ } else ++ cached_enabled = false; ++ } + + return cached_enabled; + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..3952047 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,79 @@ +sd-bus-enforce-a-size-limit-on-D-Bus-object-paths.patch +udev-network-drop-unused-parent_driver-argument-from-net_.patch +sd-device-also-store-properties-read-from-udev-database-t.patch +networkd-test-disable-DNSSEC-in-domain-restricted-DNS-tes.patch +networkd-test-use-a-complete-domain-name-in-test_route_on.patch +networkd-test-fix-test_dropin.patch +networkd-test-ignore-failures-of-test_route_only_dns-in-c.patch +timedate-fix-emitted-value-when-ntp-client-is-enabled-dis.patch +cgtop-Fix-processing-of-controllers-other-than-CPU.patch +udev-restore-debug-level-when-logging-a-failure-in-the-ex.patch +remove-.-path-components-from-required-mount-paths.patch +Re-add-uaccess-tag-for-dev-dri-renderD.patch +udev-run-programs-in-the-specified-order.patch +bash-completion-use-default-completion-for-redirect-opera.patch +networkd-clarify-that-IPv6-RA-uses-our-own-stack-no-the-k.patch +network-remove-routing-policy-rule-from-foreign-rule-data.patch +network-do-not-remove-rule-when-it-is-requested-by-existi.patch +pam-systemd-use-secure_getenv-rather-than-getenv.patch +journal-remote-do-not-request-Content-Length-if-Transfer-.patch +systemctl-restore-systemctl-reboot-ARG-functionality.patch +random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch +ask-password-prevent-buffer-overflow-when-reading-from-ke.patch +core-unset-HOME-that-the-kernel-gives-us.patch +man-add-note-that-h-u-U-are-mostly-useless.patch +sysctl-util-add-sysctl_read_ip_property.patch +network-check-whether-ipv6-is-enabled-in-sysctl.patch +network-ignore-requested-ipv6-addresses-when-ipv6-is-disa.patch +network-ignore-requested-ipv6-route-when-ipv6-is-disabled.patch +network-ignore-requested-ipv6-routing-policy-rule-when-ip.patch +network-read-link-specific-sysctl-value.patch +networkd-fix-link_up-12505.patch +network-do-not-send-ipv6-token-to-kernel.patch +meson-make-nologin-path-build-time-configurable.patch +core-never-propagate-reload-failure-to-service-result.patch +shared-seccomp-add-sync_file_range2.patch +core-factor-root_directory-application-out-of-apply_worki.patch +shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch +login-add-a-missing-error-check-for-session_set_leader.patch +namespace-make-MountFlags-shared-work-again.patch +mount-generators-do-not-make-unit-wanted-by-its-device-un.patch +mount-remove-unused-mount_is_auto-and-mount_is_automount.patch +core-set-fs.file-max-sysctl-to-LONG_MAX-rather-than-ULONG.patch +execute-remove-one-redundant-comparison-check.patch +core-change-ownership-mode-of-the-execution-directories-a.patch +bus-util-treat-org.freedesktop.DBus.Error.ServiceUnknown-.patch +resolve-fix-memleak.patch +shared-split-out-polkit-stuff-from-bus-util.c-bus-polkit..patch +bus-polkit-rename-return-error-parameter-to-ret_error.patch +polkit-reuse-some-common-bus-message-appending-code.patch +polkit-on-async-pk-requests-re-validate-action-details.patch +polkit-use-structured-initialization.patch +sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch +polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch +Fix-typo-in-function-name.patch +basic-cap-list-parse-print-numerical-capabilities.patch +missing-Add-new-Linux-capabilities.patch +networkd-do-not-generate-MAC-for-bridge-device.patch +journal-do-not-trigger-assertion-when-journal_file_close-.patch +test-bpf-skip-test-when-run-inside-containers.patch +tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch +core-make-sure-to-restore-the-control-command-id-too.patch +seccomp-allow-turning-off-of-seccomp-filtering-via-env-va.patch +basic-unit-name-do-not-use-strdupa-on-a-path.patch +debian/Use-Debian-specific-config-files.patch +debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch +debian/Make-run-lock-tmpfs-an-API-fs.patch +debian/Revert-udev-network-device-renaming-immediately-give.patch +debian/Add-support-for-TuxOnIce-hibernation.patch +debian/Re-enable-journal-forwarding-to-syslog.patch +debian/Don-t-enable-audit-by-default.patch +debian/Only-start-logind-if-dbus-is-installed.patch +debian/fsckd-daemon-for-inter-fsckd-communication.patch +debian/Skip-filesystem-check-if-already-done-by-the-initram.patch +debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch +debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch +debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch +debian/Let-graphical-session-pre.target-be-manually-started.patch +debian/Add-env-variable-for-machine-ID-path.patch +debian/Drop-seccomp-system-call-filter-for-udev.patch diff --git a/debian/patches/shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch b/debian/patches/shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch new file mode 100644 index 0000000..bd736b6 --- /dev/null +++ b/debian/patches/shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 27 Aug 2019 19:00:34 +0200 +Subject: shared/bus-util: drop trusted annotation from + bus_open_system_watch_bind_with_description() + +https://bugzilla.redhat.com/show_bug.cgi?id=1746057 + +This only affects systemd-resolved. bus_open_system_watch_bind_with_description() +is also used in timesyncd, but it has no methods, only read-only properties, and +in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does +polkit checks. + +(cherry picked from commit 35e528018f315798d3bffcb592b32a0d8f5162bd) +--- + src/shared/bus-util.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index cbcf698..9d31fba 100644 +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -1696,10 +1696,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri + if (r < 0) + return r; + +- r = sd_bus_set_trusted(bus, true); +- if (r < 0) +- return r; +- + r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS); + if (r < 0) + return r; diff --git a/debian/patches/shared-seccomp-add-sync_file_range2.patch b/debian/patches/shared-seccomp-add-sync_file_range2.patch new file mode 100644 index 0000000..eb4f839 --- /dev/null +++ b/debian/patches/shared-seccomp-add-sync_file_range2.patch @@ -0,0 +1,24 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 19 Aug 2019 08:51:39 +0200 +Subject: shared/seccomp: add sync_file_range2 + +Some architectures need the arguments to be reordered because of alignment +issues. Otherwise, it's the same as sync_file_range. + +(cherry picked from commit a8fb09f57395613d472d7b555db6e0ce802a8c84) +--- + src/shared/seccomp-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index cc58b3c..958128c 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -756,6 +756,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { + "msync\0" + "sync\0" + "sync_file_range\0" ++ "sync_file_range2\0" + "syncfs\0" + }, + [SYSCALL_FILTER_SET_SYSTEM_SERVICE] = { diff --git a/debian/patches/shared-split-out-polkit-stuff-from-bus-util.c-bus-polkit..patch b/debian/patches/shared-split-out-polkit-stuff-from-bus-util.c-bus-polkit..patch new file mode 100644 index 0000000..3a14551 --- /dev/null +++ b/debian/patches/shared-split-out-polkit-stuff-from-bus-util.c-bus-polkit..patch @@ -0,0 +1,1190 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 22 Jan 2020 11:39:22 +0100 +Subject: =?utf-8?q?shared=3A_split_out_polkit_stuff_from_bus-util=2Ec_?= + =?utf-8?q?=E2=86=92_bus-polkit=2Ec?= + +It's enough, complex stuff to warrant its own source file. + +No other changes, just splitting out. + +(cherry picked from commit 269e4d2d6b75329ae39a71ebe2c14500e03cda95) +(cherry picked from commit 0a19ff7004e4a567566a0a7be6b050cf34c0bfe5) +(cherry picked from commit 31a1d569db43af04669ec487f3e741ddc6d12969) +(cherry picked from commit a4722a8df23f6612c47f1bb848a6a7c81dcbdccb) +--- + src/core/dbus-unit.c | 1 + + src/core/dbus.c | 2 +- + src/hostname/hostnamed.c | 2 +- + src/import/importd.c | 2 +- + src/locale/keymap-util.c | 2 + + src/locale/localed.c | 2 +- + src/login/logind-dbus.c | 1 + + src/login/logind-seat-dbus.c | 1 + + src/login/logind-session-dbus.c | 1 + + src/login/logind-user-dbus.c | 1 + + src/login/logind.c | 2 +- + src/machine/image-dbus.c | 1 + + src/machine/machine-dbus.c | 1 + + src/machine/machined-dbus.c | 1 + + src/machine/machined.c | 2 +- + src/network/networkd-link-bus.c | 2 + + src/network/networkd-manager-bus.c | 3 + + src/network/networkd-manager.c | 1 + + src/portable/portabled-bus.c | 2 +- + src/portable/portabled-image-bus.c | 1 + + src/portable/portabled.c | 2 +- + src/resolve/resolved-bus.c | 1 + + src/resolve/resolved-dnssd-bus.c | 5 +- + src/resolve/resolved-link-bus.c | 1 + + src/resolve/resolved-manager.c | 2 +- + src/shared/bus-polkit.c | 358 +++++++++++++++++++++++++++++++++++++ + src/shared/bus-polkit.h | 11 ++ + src/shared/bus-util.c | 357 +----------------------------------- + src/shared/bus-util.h | 7 +- + src/shared/meson.build | 2 + + src/timedate/timedated.c | 2 +- + 31 files changed, 406 insertions(+), 373 deletions(-) + create mode 100644 src/shared/bus-polkit.c + create mode 100644 src/shared/bus-polkit.h + +diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c +index 17c2003..ce0fbdb 100644 +--- a/src/core/dbus-unit.c ++++ b/src/core/dbus-unit.c +@@ -5,6 +5,7 @@ + #include "alloc-util.h" + #include "bpf-firewall.h" + #include "bus-common-errors.h" ++#include "bus-polkit.h" + #include "cgroup-util.h" + #include "condition.h" + #include "dbus-job.h" +diff --git a/src/core/dbus.c b/src/core/dbus.c +index 255b86e..91c06ce 100644 +--- a/src/core/dbus.c ++++ b/src/core/dbus.c +@@ -10,7 +10,7 @@ + #include "bus-common-errors.h" + #include "bus-error.h" + #include "bus-internal.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "dbus-automount.h" + #include "dbus-cgroup.h" + #include "dbus-device.h" +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index 7777450..9b98f32 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -7,7 +7,7 @@ + + #include "alloc-util.h" + #include "bus-common-errors.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "def.h" + #include "env-file-label.h" + #include "env-file.h" +diff --git a/src/import/importd.c b/src/import/importd.c +index 2426933..15430d8 100644 +--- a/src/import/importd.c ++++ b/src/import/importd.c +@@ -7,7 +7,7 @@ + + #include "alloc-util.h" + #include "bus-common-errors.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "def.h" + #include "fd-util.h" + #include "float.h" +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index 6b6b32a..c203c7a 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -6,7 +6,9 @@ + #include <unistd.h> + + #include "bus-util.h" ++#include "bus-polkit.h" + #include "def.h" ++#include "env-file-label.h" + #include "env-file.h" + #include "env-file-label.h" + #include "env-util.h" +diff --git a/src/locale/localed.c b/src/locale/localed.c +index f851d35..0bc02a0 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -14,7 +14,7 @@ + #include "alloc-util.h" + #include "bus-error.h" + #include "bus-message.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "def.h" + #include "keymap-util.h" + #include "locale-util.h" +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index b9ea370..91350fd 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -12,6 +12,7 @@ + #include "audit-util.h" + #include "bus-common-errors.h" + #include "bus-error.h" ++#include "bus-polkit.h" + #include "bus-unit-util.h" + #include "bus-util.h" + #include "cgroup-util.h" +diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c +index 6ee5a1c..28ea5b7 100644 +--- a/src/login/logind-seat-dbus.c ++++ b/src/login/logind-seat-dbus.c +@@ -6,6 +6,7 @@ + #include "alloc-util.h" + #include "bus-common-errors.h" + #include "bus-label.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "logind-seat.h" + #include "logind.h" +diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c +index df5bfba..bd5c1fe 100644 +--- a/src/login/logind-session-dbus.c ++++ b/src/login/logind-session-dbus.c +@@ -6,6 +6,7 @@ + #include "alloc-util.h" + #include "bus-common-errors.h" + #include "bus-label.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "fd-util.h" + #include "logind-session-device.h" +diff --git a/src/login/logind-user-dbus.c b/src/login/logind-user-dbus.c +index fcaeba1..129696e 100644 +--- a/src/login/logind-user-dbus.c ++++ b/src/login/logind-user-dbus.c +@@ -4,6 +4,7 @@ + #include <string.h> + + #include "alloc-util.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "format-util.h" + #include "logind-user.h" +diff --git a/src/login/logind.c b/src/login/logind.c +index 95ec0a5..171b898 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -10,7 +10,7 @@ + + #include "alloc-util.h" + #include "bus-error.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "cgroup-util.h" + #include "def.h" + #include "device-util.h" +diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c +index 7e7f0d5..1322f3e 100644 +--- a/src/machine/image-dbus.c ++++ b/src/machine/image-dbus.c +@@ -5,6 +5,7 @@ + + #include "alloc-util.h" + #include "bus-label.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "copy.h" + #include "dissect-image.h" +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index 7a558df..39905e5 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -15,6 +15,7 @@ + #include "bus-common-errors.h" + #include "bus-internal.h" + #include "bus-label.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "copy.h" + #include "env-file.h" +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index fea9cc2..f00be23 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -9,6 +9,7 @@ + #include "alloc-util.h" + #include "btrfs-util.h" + #include "bus-common-errors.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "cgroup-util.h" + #include "fd-util.h" +diff --git a/src/machine/machined.c b/src/machine/machined.c +index 0b92b1c..e3456d8 100644 +--- a/src/machine/machined.c ++++ b/src/machine/machined.c +@@ -8,7 +8,7 @@ + + #include "alloc-util.h" + #include "bus-error.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "cgroup-util.h" + #include "dirent-util.h" + #include "fd-util.h" +diff --git a/src/network/networkd-link-bus.c b/src/network/networkd-link-bus.c +index 0dbcd86..beee910 100644 +--- a/src/network/networkd-link-bus.c ++++ b/src/network/networkd-link-bus.c +@@ -1,6 +1,8 @@ + /* SPDX-License-Identifier: LGPL-2.1+ */ + + #include "alloc-util.h" ++#include "bus-common-errors.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "networkd-link.h" + #include "networkd-manager.h" +diff --git a/src/network/networkd-manager-bus.c b/src/network/networkd-manager-bus.c +index 8c52783..7628878 100644 +--- a/src/network/networkd-manager-bus.c ++++ b/src/network/networkd-manager-bus.c +@@ -1,7 +1,10 @@ + /* SPDX-License-Identifier: LGPL-2.1+ */ + + #include "alloc-util.h" ++#include "bus-common-errors.h" ++#include "bus-polkit.h" + #include "bus-util.h" ++#include "networkd-link.h" + #include "networkd-manager.h" + #include "strv.h" + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index acb9a75..bd29fd0 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -9,6 +9,7 @@ + #include "sd-netlink.h" + + #include "alloc-util.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "conf-parser.h" + #include "def.h" +diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c +index 3cbdb0b..708ec94 100644 +--- a/src/portable/portabled-bus.c ++++ b/src/portable/portabled-bus.c +@@ -3,7 +3,7 @@ + #include "alloc-util.h" + #include "btrfs-util.h" + #include "bus-common-errors.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "fd-util.h" + #include "io-util.h" + #include "machine-image.h" +diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c +index 3605598..beebcf8 100644 +--- a/src/portable/portabled-image-bus.c ++++ b/src/portable/portabled-image-bus.c +@@ -3,6 +3,7 @@ + #include "alloc-util.h" + #include "bus-common-errors.h" + #include "bus-label.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "fd-util.h" + #include "fileio.h" +diff --git a/src/portable/portabled.c b/src/portable/portabled.c +index 49a359f..f5a34ff 100644 +--- a/src/portable/portabled.c ++++ b/src/portable/portabled.c +@@ -4,7 +4,7 @@ + #include "sd-daemon.h" + + #include "alloc-util.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "def.h" + #include "main-func.h" + #include "portabled-bus.h" +diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c +index 5b547ba..1638d3b 100644 +--- a/src/resolve/resolved-bus.c ++++ b/src/resolve/resolved-bus.c +@@ -2,6 +2,7 @@ + + #include "alloc-util.h" + #include "bus-common-errors.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "dns-domain.h" + #include "missing_capability.h" +diff --git a/src/resolve/resolved-dnssd-bus.c b/src/resolve/resolved-dnssd-bus.c +index 24bb37b..f7dcb3b 100644 +--- a/src/resolve/resolved-dnssd-bus.c ++++ b/src/resolve/resolved-dnssd-bus.c +@@ -1,9 +1,10 @@ ++/* SPDX-License-Identifier: LGPL-2.1+ */ + + #include "alloc-util.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "missing_capability.h" +-#include "resolved-dnssd.h" + #include "resolved-dnssd-bus.h" ++#include "resolved-dnssd.h" + #include "resolved-link.h" + #include "strv.h" + #include "user-util.h" +diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c +index 96093ff..53f017c 100644 +--- a/src/resolve/resolved-link-bus.c ++++ b/src/resolve/resolved-link-bus.c +@@ -2,6 +2,7 @@ + + #include "alloc-util.h" + #include "bus-common-errors.h" ++#include "bus-polkit.h" + #include "bus-util.h" + #include "parse-util.h" + #include "resolve-util.h" +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index 2017b0e..422ec23 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -11,7 +11,7 @@ + + #include "af-list.h" + #include "alloc-util.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "dirent-util.h" + #include "dns-domain.h" + #include "fd-util.h" +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +new file mode 100644 +index 0000000..da4aee5 +--- /dev/null ++++ b/src/shared/bus-polkit.c +@@ -0,0 +1,358 @@ ++/* SPDX-License-Identifier: LGPL-2.1+ */ ++ ++#include "bus-internal.h" ++#include "bus-message.h" ++#include "bus-polkit.h" ++#include "strv.h" ++#include "user-util.h" ++ ++static int check_good_user(sd_bus_message *m, uid_t good_user) { ++ _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; ++ uid_t sender_uid; ++ int r; ++ ++ assert(m); ++ ++ if (good_user == UID_INVALID) ++ return 0; ++ ++ r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_EUID, &creds); ++ if (r < 0) ++ return r; ++ ++ /* Don't trust augmented credentials for authorization */ ++ assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM); ++ ++ r = sd_bus_creds_get_euid(creds, &sender_uid); ++ if (r < 0) ++ return r; ++ ++ return sender_uid == good_user; ++} ++ ++int bus_test_polkit( ++ sd_bus_message *call, ++ int capability, ++ const char *action, ++ const char **details, ++ uid_t good_user, ++ bool *_challenge, ++ sd_bus_error *e) { ++ ++ int r; ++ ++ assert(call); ++ assert(action); ++ ++ /* Tests non-interactively! */ ++ ++ r = check_good_user(call, good_user); ++ if (r != 0) ++ return r; ++ ++ r = sd_bus_query_sender_privilege(call, capability); ++ if (r < 0) ++ return r; ++ else if (r > 0) ++ return 1; ++#if ENABLE_POLKIT ++ else { ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL; ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ int authorized = false, challenge = false; ++ const char *sender, **k, **v; ++ ++ sender = sd_bus_message_get_sender(call); ++ if (!sender) ++ return -EBADMSG; ++ ++ r = sd_bus_message_new_method_call( ++ call->bus, ++ &request, ++ "org.freedesktop.PolicyKit1", ++ "/org/freedesktop/PolicyKit1/Authority", ++ "org.freedesktop.PolicyKit1.Authority", ++ "CheckAuthorization"); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_append( ++ request, ++ "(sa{sv})s", ++ "system-bus-name", 1, "name", "s", sender, ++ action); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_open_container(request, 'a', "{ss}"); ++ if (r < 0) ++ return r; ++ ++ STRV_FOREACH_PAIR(k, v, details) { ++ r = sd_bus_message_append(request, "{ss}", *k, *v); ++ if (r < 0) ++ return r; ++ } ++ ++ r = sd_bus_message_close_container(request); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_append(request, "us", 0, NULL); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_call(call->bus, request, 0, e, &reply); ++ if (r < 0) { ++ /* Treat no PK available as access denied */ ++ if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) { ++ sd_bus_error_free(e); ++ return -EACCES; ++ } ++ ++ return r; ++ } ++ ++ r = sd_bus_message_enter_container(reply, 'r', "bba{ss}"); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_read(reply, "bb", &authorized, &challenge); ++ if (r < 0) ++ return r; ++ ++ if (authorized) ++ return 1; ++ ++ if (_challenge) { ++ *_challenge = challenge; ++ return 0; ++ } ++ } ++#endif ++ ++ return -EACCES; ++} ++ ++#if ENABLE_POLKIT ++ ++typedef struct AsyncPolkitQuery { ++ sd_bus_message *request, *reply; ++ sd_bus_message_handler_t callback; ++ void *userdata; ++ sd_bus_slot *slot; ++ Hashmap *registry; ++} AsyncPolkitQuery; ++ ++static void async_polkit_query_free(AsyncPolkitQuery *q) { ++ ++ if (!q) ++ return; ++ ++ sd_bus_slot_unref(q->slot); ++ ++ if (q->registry && q->request) ++ hashmap_remove(q->registry, q->request); ++ ++ sd_bus_message_unref(q->request); ++ sd_bus_message_unref(q->reply); ++ ++ free(q); ++} ++ ++static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { ++ _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; ++ AsyncPolkitQuery *q = userdata; ++ int r; ++ ++ assert(reply); ++ assert(q); ++ ++ q->slot = sd_bus_slot_unref(q->slot); ++ q->reply = sd_bus_message_ref(reply); ++ ++ r = sd_bus_message_rewind(q->request, true); ++ if (r < 0) { ++ r = sd_bus_reply_method_errno(q->request, r, NULL); ++ goto finish; ++ } ++ ++ r = q->callback(q->request, q->userdata, &error_buffer); ++ r = bus_maybe_reply_error(q->request, r, &error_buffer); ++ ++finish: ++ async_polkit_query_free(q); ++ ++ return r; ++} ++ ++#endif ++ ++int bus_verify_polkit_async( ++ sd_bus_message *call, ++ int capability, ++ const char *action, ++ const char **details, ++ bool interactive, ++ uid_t good_user, ++ Hashmap **registry, ++ sd_bus_error *error) { ++ ++#if ENABLE_POLKIT ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; ++ AsyncPolkitQuery *q; ++ const char *sender, **k, **v; ++ sd_bus_message_handler_t callback; ++ void *userdata; ++ int c; ++#endif ++ int r; ++ ++ assert(call); ++ assert(action); ++ assert(registry); ++ ++ r = check_good_user(call, good_user); ++ if (r != 0) ++ return r; ++ ++#if ENABLE_POLKIT ++ q = hashmap_get(*registry, call); ++ if (q) { ++ int authorized, challenge; ++ ++ /* This is the second invocation of this function, and ++ * there's already a response from polkit, let's ++ * process it */ ++ assert(q->reply); ++ ++ if (sd_bus_message_is_method_error(q->reply, NULL)) { ++ const sd_bus_error *e; ++ ++ e = sd_bus_message_get_error(q->reply); ++ ++ /* Treat no PK available as access denied */ ++ if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) || ++ sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER)) ++ return -EACCES; ++ ++ /* Copy error from polkit reply */ ++ sd_bus_error_copy(error, e); ++ return -sd_bus_error_get_errno(e); ++ } ++ ++ r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}"); ++ if (r >= 0) ++ r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge); ++ if (r < 0) ++ return r; ++ ++ if (authorized) ++ return 1; ++ ++ if (challenge) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); ++ ++ return -EACCES; ++ } ++#endif ++ ++ r = sd_bus_query_sender_privilege(call, capability); ++ if (r < 0) ++ return r; ++ else if (r > 0) ++ return 1; ++ ++#if ENABLE_POLKIT ++ if (sd_bus_get_current_message(call->bus) != call) ++ return -EINVAL; ++ ++ callback = sd_bus_get_current_handler(call->bus); ++ if (!callback) ++ return -EINVAL; ++ ++ userdata = sd_bus_get_current_userdata(call->bus); ++ ++ sender = sd_bus_message_get_sender(call); ++ if (!sender) ++ return -EBADMSG; ++ ++ c = sd_bus_message_get_allow_interactive_authorization(call); ++ if (c < 0) ++ return c; ++ if (c > 0) ++ interactive = true; ++ ++ r = hashmap_ensure_allocated(registry, NULL); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_new_method_call( ++ call->bus, ++ &pk, ++ "org.freedesktop.PolicyKit1", ++ "/org/freedesktop/PolicyKit1/Authority", ++ "org.freedesktop.PolicyKit1.Authority", ++ "CheckAuthorization"); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_append( ++ pk, ++ "(sa{sv})s", ++ "system-bus-name", 1, "name", "s", sender, ++ action); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_open_container(pk, 'a', "{ss}"); ++ if (r < 0) ++ return r; ++ ++ STRV_FOREACH_PAIR(k, v, details) { ++ r = sd_bus_message_append(pk, "{ss}", *k, *v); ++ if (r < 0) ++ return r; ++ } ++ ++ r = sd_bus_message_close_container(pk); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_append(pk, "us", interactive, NULL); ++ if (r < 0) ++ return r; ++ ++ q = new0(AsyncPolkitQuery, 1); ++ if (!q) ++ return -ENOMEM; ++ ++ q->request = sd_bus_message_ref(call); ++ q->callback = callback; ++ q->userdata = userdata; ++ ++ r = hashmap_put(*registry, call, q); ++ if (r < 0) { ++ async_polkit_query_free(q); ++ return r; ++ } ++ ++ q->registry = *registry; ++ ++ r = sd_bus_call_async(call->bus, &q->slot, pk, async_polkit_callback, q, 0); ++ if (r < 0) { ++ async_polkit_query_free(q); ++ return r; ++ } ++ ++ return 0; ++#endif ++ ++ return -EACCES; ++} ++ ++void bus_verify_polkit_async_registry_free(Hashmap *registry) { ++#if ENABLE_POLKIT ++ hashmap_free_with_destructor(registry, async_polkit_query_free); ++#endif ++} +diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h +new file mode 100644 +index 0000000..29b3923 +--- /dev/null ++++ b/src/shared/bus-polkit.h +@@ -0,0 +1,11 @@ ++/* SPDX-License-Identifier: LGPL-2.1+ */ ++#pragma once ++ ++#include "sd-bus.h" ++ ++#include "hashmap.h" ++ ++int bus_test_polkit(sd_bus_message *call, int capability, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); ++ ++int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error); ++void bus_verify_polkit_async_registry_free(Hashmap *registry); +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index a406dd8..c9d7e76 100644 +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -11,7 +11,6 @@ + #include <sys/socket.h> + #include <unistd.h> + +-#include "sd-bus-protocol.h" + #include "sd-bus.h" + #include "sd-daemon.h" + #include "sd-event.h" +@@ -24,15 +23,14 @@ + #include "bus-util.h" + #include "cap-list.h" + #include "cgroup-util.h" +-#include "def.h" +-#include "escape.h" +-#include "fd-util.h" + #include "missing.h" + #include "mountpoint-util.h" + #include "nsflags.h" + #include "parse-util.h" + #include "proc-cmdline.h" ++#include "path-util.h" + #include "rlimit-util.h" ++#include "socket-util.h" + #include "stdio-util.h" + #include "strv.h" + #include "user-util.h" +@@ -187,357 +185,6 @@ int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error) { + return has_owner; + } + +-static int check_good_user(sd_bus_message *m, uid_t good_user) { +- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; +- uid_t sender_uid; +- int r; +- +- assert(m); +- +- if (good_user == UID_INVALID) +- return 0; +- +- r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_EUID, &creds); +- if (r < 0) +- return r; +- +- /* Don't trust augmented credentials for authorization */ +- assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM); +- +- r = sd_bus_creds_get_euid(creds, &sender_uid); +- if (r < 0) +- return r; +- +- return sender_uid == good_user; +-} +- +-int bus_test_polkit( +- sd_bus_message *call, +- int capability, +- const char *action, +- const char **details, +- uid_t good_user, +- bool *_challenge, +- sd_bus_error *e) { +- +- int r; +- +- assert(call); +- assert(action); +- +- /* Tests non-interactively! */ +- +- r = check_good_user(call, good_user); +- if (r != 0) +- return r; +- +- r = sd_bus_query_sender_privilege(call, capability); +- if (r < 0) +- return r; +- else if (r > 0) +- return 1; +-#if ENABLE_POLKIT +- else { +- _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL; +- _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; +- int authorized = false, challenge = false; +- const char *sender, **k, **v; +- +- sender = sd_bus_message_get_sender(call); +- if (!sender) +- return -EBADMSG; +- +- r = sd_bus_message_new_method_call( +- call->bus, +- &request, +- "org.freedesktop.PolicyKit1", +- "/org/freedesktop/PolicyKit1/Authority", +- "org.freedesktop.PolicyKit1.Authority", +- "CheckAuthorization"); +- if (r < 0) +- return r; +- +- r = sd_bus_message_append( +- request, +- "(sa{sv})s", +- "system-bus-name", 1, "name", "s", sender, +- action); +- if (r < 0) +- return r; +- +- r = sd_bus_message_open_container(request, 'a', "{ss}"); +- if (r < 0) +- return r; +- +- STRV_FOREACH_PAIR(k, v, details) { +- r = sd_bus_message_append(request, "{ss}", *k, *v); +- if (r < 0) +- return r; +- } +- +- r = sd_bus_message_close_container(request); +- if (r < 0) +- return r; +- +- r = sd_bus_message_append(request, "us", 0, NULL); +- if (r < 0) +- return r; +- +- r = sd_bus_call(call->bus, request, 0, e, &reply); +- if (r < 0) { +- /* Treat no PK available as access denied */ +- if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) { +- sd_bus_error_free(e); +- return -EACCES; +- } +- +- return r; +- } +- +- r = sd_bus_message_enter_container(reply, 'r', "bba{ss}"); +- if (r < 0) +- return r; +- +- r = sd_bus_message_read(reply, "bb", &authorized, &challenge); +- if (r < 0) +- return r; +- +- if (authorized) +- return 1; +- +- if (_challenge) { +- *_challenge = challenge; +- return 0; +- } +- } +-#endif +- +- return -EACCES; +-} +- +-#if ENABLE_POLKIT +- +-typedef struct AsyncPolkitQuery { +- sd_bus_message *request, *reply; +- sd_bus_message_handler_t callback; +- void *userdata; +- sd_bus_slot *slot; +- Hashmap *registry; +-} AsyncPolkitQuery; +- +-static void async_polkit_query_free(AsyncPolkitQuery *q) { +- +- if (!q) +- return; +- +- sd_bus_slot_unref(q->slot); +- +- if (q->registry && q->request) +- hashmap_remove(q->registry, q->request); +- +- sd_bus_message_unref(q->request); +- sd_bus_message_unref(q->reply); +- +- free(q); +-} +- +-static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { +- _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; +- AsyncPolkitQuery *q = userdata; +- int r; +- +- assert(reply); +- assert(q); +- +- q->slot = sd_bus_slot_unref(q->slot); +- q->reply = sd_bus_message_ref(reply); +- +- r = sd_bus_message_rewind(q->request, true); +- if (r < 0) { +- r = sd_bus_reply_method_errno(q->request, r, NULL); +- goto finish; +- } +- +- r = q->callback(q->request, q->userdata, &error_buffer); +- r = bus_maybe_reply_error(q->request, r, &error_buffer); +- +-finish: +- async_polkit_query_free(q); +- +- return r; +-} +- +-#endif +- +-int bus_verify_polkit_async( +- sd_bus_message *call, +- int capability, +- const char *action, +- const char **details, +- bool interactive, +- uid_t good_user, +- Hashmap **registry, +- sd_bus_error *error) { +- +-#if ENABLE_POLKIT +- _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; +- AsyncPolkitQuery *q; +- const char *sender, **k, **v; +- sd_bus_message_handler_t callback; +- void *userdata; +- int c; +-#endif +- int r; +- +- assert(call); +- assert(action); +- assert(registry); +- +- r = check_good_user(call, good_user); +- if (r != 0) +- return r; +- +-#if ENABLE_POLKIT +- q = hashmap_get(*registry, call); +- if (q) { +- int authorized, challenge; +- +- /* This is the second invocation of this function, and +- * there's already a response from polkit, let's +- * process it */ +- assert(q->reply); +- +- if (sd_bus_message_is_method_error(q->reply, NULL)) { +- const sd_bus_error *e; +- +- e = sd_bus_message_get_error(q->reply); +- +- /* Treat no PK available as access denied */ +- if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) +- return -EACCES; +- +- /* Copy error from polkit reply */ +- sd_bus_error_copy(error, e); +- return -sd_bus_error_get_errno(e); +- } +- +- r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}"); +- if (r >= 0) +- r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge); +- +- if (r < 0) +- return r; +- +- if (authorized) +- return 1; +- +- if (challenge) +- return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); +- +- return -EACCES; +- } +-#endif +- +- r = sd_bus_query_sender_privilege(call, capability); +- if (r < 0) +- return r; +- else if (r > 0) +- return 1; +- +-#if ENABLE_POLKIT +- if (sd_bus_get_current_message(call->bus) != call) +- return -EINVAL; +- +- callback = sd_bus_get_current_handler(call->bus); +- if (!callback) +- return -EINVAL; +- +- userdata = sd_bus_get_current_userdata(call->bus); +- +- sender = sd_bus_message_get_sender(call); +- if (!sender) +- return -EBADMSG; +- +- c = sd_bus_message_get_allow_interactive_authorization(call); +- if (c < 0) +- return c; +- if (c > 0) +- interactive = true; +- +- r = hashmap_ensure_allocated(registry, NULL); +- if (r < 0) +- return r; +- +- r = sd_bus_message_new_method_call( +- call->bus, +- &pk, +- "org.freedesktop.PolicyKit1", +- "/org/freedesktop/PolicyKit1/Authority", +- "org.freedesktop.PolicyKit1.Authority", +- "CheckAuthorization"); +- if (r < 0) +- return r; +- +- r = sd_bus_message_append( +- pk, +- "(sa{sv})s", +- "system-bus-name", 1, "name", "s", sender, +- action); +- if (r < 0) +- return r; +- +- r = sd_bus_message_open_container(pk, 'a', "{ss}"); +- if (r < 0) +- return r; +- +- STRV_FOREACH_PAIR(k, v, details) { +- r = sd_bus_message_append(pk, "{ss}", *k, *v); +- if (r < 0) +- return r; +- } +- +- r = sd_bus_message_close_container(pk); +- if (r < 0) +- return r; +- +- r = sd_bus_message_append(pk, "us", interactive, NULL); +- if (r < 0) +- return r; +- +- q = new0(AsyncPolkitQuery, 1); +- if (!q) +- return -ENOMEM; +- +- q->request = sd_bus_message_ref(call); +- q->callback = callback; +- q->userdata = userdata; +- +- r = hashmap_put(*registry, call, q); +- if (r < 0) { +- async_polkit_query_free(q); +- return r; +- } +- +- q->registry = *registry; +- +- r = sd_bus_call_async(call->bus, &q->slot, pk, async_polkit_callback, q, 0); +- if (r < 0) { +- async_polkit_query_free(q); +- return r; +- } +- +- return 0; +-#endif +- +- return -EACCES; +-} +- +-void bus_verify_polkit_async_registry_free(Hashmap *registry) { +-#if ENABLE_POLKIT +- hashmap_free_with_destructor(registry, async_polkit_query_free); +-#endif +-} +- + int bus_check_peercred(sd_bus *c) { + struct ucred ucred; + int fd, r; +diff --git a/src/shared/bus-util.h b/src/shared/bus-util.h +index 71c248f..c9cbf76 100644 +--- a/src/shared/bus-util.h ++++ b/src/shared/bus-util.h +@@ -9,8 +9,8 @@ + #include "sd-bus.h" + #include "sd-event.h" + +-#include "hashmap.h" + #include "macro.h" ++#include "set.h" + #include "string-util.h" + + typedef enum BusTransport { +@@ -51,11 +51,6 @@ int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error); + + int bus_check_peercred(sd_bus *c); + +-int bus_test_polkit(sd_bus_message *call, int capability, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); +- +-int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error); +-void bus_verify_polkit_async_registry_free(Hashmap *registry); +- + int bus_connect_system_systemd(sd_bus **_bus); + int bus_connect_user_systemd(sd_bus **_bus); + +diff --git a/src/shared/meson.build b/src/shared/meson.build +index 99d6ba1..f6d1092 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -25,6 +25,8 @@ shared_sources = files(''' + bus-unit-util.h + bus-util.c + bus-util.h ++ bus-polkit.c ++ bus-polkit.h + calendarspec.c + calendarspec.h + cgroup-show.c +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 324d4a4..398d4f4 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -11,7 +11,7 @@ + #include "alloc-util.h" + #include "bus-common-errors.h" + #include "bus-error.h" +-#include "bus-util.h" ++#include "bus-polkit.h" + #include "clock-util.h" + #include "def.h" + #include "fileio-label.h" diff --git a/debian/patches/sysctl-util-add-sysctl_read_ip_property.patch b/debian/patches/sysctl-util-add-sysctl_read_ip_property.patch new file mode 100644 index 0000000..b6adfb6 --- /dev/null +++ b/debian/patches/sysctl-util-add-sysctl_read_ip_property.patch @@ -0,0 +1,49 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 18 Feb 2019 14:41:43 +0900 +Subject: sysctl-util: add sysctl_read_ip_property() + +(cherry picked from commit a6b3b0aace152b77682d68d99b3e41580c955efb) +--- + src/shared/sysctl-util.c | 22 ++++++++++++++++++++++ + src/shared/sysctl-util.h | 1 + + 2 files changed, 23 insertions(+) + +diff --git a/src/shared/sysctl-util.c b/src/shared/sysctl-util.c +index 480e6c3..ba89489 100644 +--- a/src/shared/sysctl-util.c ++++ b/src/shared/sysctl-util.c +@@ -69,3 +69,25 @@ int sysctl_read(const char *property, char **content) { + p = strjoina("/proc/sys/", property); + return read_full_file(p, content, NULL); + } ++ ++int sysctl_read_ip_property(int af, const char *ifname, const char *property, char **ret) { ++ _cleanup_free_ char *value = NULL; ++ const char *p; ++ int r; ++ ++ assert(IN_SET(af, AF_INET, AF_INET6)); ++ assert(property); ++ ++ p = strjoina("/proc/sys/net/ipv", af == AF_INET ? "4" : "6", ++ ifname ? "/conf/" : "", strempty(ifname), ++ property[0] == '/' ? "" : "/", property); ++ ++ r = read_one_line_file(p, &value); ++ if (r < 0) ++ return r; ++ ++ if (ret) ++ *ret = TAKE_PTR(value); ++ ++ return r; ++} +diff --git a/src/shared/sysctl-util.h b/src/shared/sysctl-util.h +index fd7c78b..22f52f8 100644 +--- a/src/shared/sysctl-util.h ++++ b/src/shared/sysctl-util.h +@@ -5,3 +5,4 @@ char *sysctl_normalize(char *s); + int sysctl_read(const char *property, char **value); + int sysctl_write(const char *property, const char *value); + ++int sysctl_read_ip_property(int af, const char *ifname, const char *property, char **ret); diff --git a/debian/patches/systemctl-restore-systemctl-reboot-ARG-functionality.patch b/debian/patches/systemctl-restore-systemctl-reboot-ARG-functionality.patch new file mode 100644 index 0000000..b10ee8b --- /dev/null +++ b/debian/patches/systemctl-restore-systemctl-reboot-ARG-functionality.patch @@ -0,0 +1,108 @@ +From: =?utf-8?b?VmVzYSBKw6TDpHNrZWzDpGluZW4=?= + <vesa.jaaskelainen@vaisala.com> +Date: Sat, 9 Mar 2019 22:30:45 +0200 +Subject: systemctl: restore "systemctl reboot ARG" functionality + +Commit d85515edcf9700dc068201ab9f7103f04f3b25b2 changed logic how reboot is +executed. That commit changed behavior to use emergency action reboot code path +to perform the reboot. + +This inadvertently broke rebooting with argument: +$ systemctl reboot custom-reason + +Restore original behavior so that if reboot service unit similar to +systemd-reboot.service is executed it is possible to override reboot reason +with "systemctl reboot ARG". + +When "systemctl reboot ARG" is executed ARG is placed in file +/run/systemd/reboot-param and reboot is issued using logind's Reboot +dbus-service. + +If RebootArgument is specified in systemd-reboot.service it takes precedence +over what systemctl sets. + +Fixes: #11828 +(cherry picked from commit 77defcf5382a557189350f928967d676510e362c) +--- + src/core/emergency-action.c | 4 ++-- + src/shared/reboot-util.c | 5 ++++- + src/shared/reboot-util.h | 2 +- + src/systemctl/systemctl.c | 4 ++-- + 4 files changed, 9 insertions(+), 6 deletions(-) + +diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c +index f98b0de..52edec0 100644 +--- a/src/core/emergency-action.c ++++ b/src/core/emergency-action.c +@@ -47,7 +47,7 @@ int emergency_action( + case EMERGENCY_ACTION_REBOOT: + log_and_status(m, warn, "Rebooting", reason); + +- (void) update_reboot_parameter_and_warn(reboot_arg); ++ (void) update_reboot_parameter_and_warn(reboot_arg, true); + (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL); + + break; +@@ -55,7 +55,7 @@ int emergency_action( + case EMERGENCY_ACTION_REBOOT_FORCE: + log_and_status(m, warn, "Forcibly rebooting", reason); + +- (void) update_reboot_parameter_and_warn(reboot_arg); ++ (void) update_reboot_parameter_and_warn(reboot_arg, true); + m->objective = MANAGER_REBOOT; + + break; +diff --git a/src/shared/reboot-util.c b/src/shared/reboot-util.c +index ca40159..6d5eee0 100644 +--- a/src/shared/reboot-util.c ++++ b/src/shared/reboot-util.c +@@ -12,10 +12,13 @@ + #include "umask-util.h" + #include "virt.h" + +-int update_reboot_parameter_and_warn(const char *parameter) { ++int update_reboot_parameter_and_warn(const char *parameter, bool keep) { + int r; + + if (isempty(parameter)) { ++ if (keep) ++ return 0; ++ + if (unlink("/run/systemd/reboot-param") < 0) { + if (errno == ENOENT) + return 0; +diff --git a/src/shared/reboot-util.h b/src/shared/reboot-util.h +index d459333..ac59b7d 100644 +--- a/src/shared/reboot-util.h ++++ b/src/shared/reboot-util.h +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1+ */ + #pragma once + +-int update_reboot_parameter_and_warn(const char *parameter); ++int update_reboot_parameter_and_warn(const char *parameter, bool keep); + + typedef enum RebootFlags { + REBOOT_LOG = 1 << 0, /* log about what we are going to do and all errors */ +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 63dae2c..d05219d 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -3634,7 +3634,7 @@ static int start_special(int argc, char *argv[], void *userdata) { + return r; + + if (a == ACTION_REBOOT && argc > 1) { +- r = update_reboot_parameter_and_warn(argv[1]); ++ r = update_reboot_parameter_and_warn(argv[1], false); + if (r < 0) + return r; + +@@ -8005,7 +8005,7 @@ static int halt_parse_argv(int argc, char *argv[]) { + } + + if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) { +- r = update_reboot_parameter_and_warn(argc == optind + 1 ? argv[optind] : NULL); ++ r = update_reboot_parameter_and_warn(argc == optind + 1 ? argv[optind] : NULL, false); + if (r < 0) + return r; + } else if (optind < argc) diff --git a/debian/patches/test-bpf-skip-test-when-run-inside-containers.patch b/debian/patches/test-bpf-skip-test-when-run-inside-containers.patch new file mode 100644 index 0000000..874daa2 --- /dev/null +++ b/debian/patches/test-bpf-skip-test-when-run-inside-containers.patch @@ -0,0 +1,41 @@ +From: Michael Biebl <biebl@debian.org> +Date: Sun, 19 May 2019 20:57:07 +0200 +Subject: test-bpf: skip test when run inside containers + +The test reliably fails inside LXC and Docker when run on a new enough +kernel. It's unclear whether this is a kernel, LXC/Docker or systemd +issue and apparently there is no real interest to get this fixed, so +let's skip this test. +As this also covers Travis CI, there is no need for this additional +check anymore. + +See https://github.com/systemd/systemd/issues/9666 + +(cherry picked from commit 98a3c188a1511caae422b2c891f3cc016824eb81) +--- + src/test/test-bpf.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c +index cd8d68f..eb1d8d7 100644 +--- a/src/test/test-bpf.c ++++ b/src/test/test-bpf.c +@@ -14,6 +14,7 @@ + #include "test-helper.h" + #include "tests.h" + #include "unit.h" ++#include "virt.h" + + /* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */ + #define CAN_MEMLOCK_SIZE (64U*1024U*1024U) +@@ -56,8 +57,8 @@ int main(int argc, char *argv[]) { + + test_setup_logging(LOG_DEBUG); + +- if (is_run_on_travis_ci()) +- return log_tests_skipped("test-bpf fails on Travis CI: https://github.com/systemd/systemd/issues/9666"); ++ if (detect_container()) ++ return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666"); + + assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0); + rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE); diff --git a/debian/patches/tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch b/debian/patches/tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch new file mode 100644 index 0000000..c7a9bc8 --- /dev/null +++ b/debian/patches/tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch @@ -0,0 +1,25 @@ +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Thu, 30 May 2019 03:29:50 +0200 +Subject: tests: skip test-bpf only when we're 100% sure it's run in + containers + +This is just a follow-up to https://github.com/systemd/systemd/pull/12617. + +(cherry picked from commit 6bd1457afe396864cc4b9884157a6126027ed85e) +--- + src/test/test-bpf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c +index eb1d8d7..9252c60 100644 +--- a/src/test/test-bpf.c ++++ b/src/test/test-bpf.c +@@ -57,7 +57,7 @@ int main(int argc, char *argv[]) { + + test_setup_logging(LOG_DEBUG); + +- if (detect_container()) ++ if (detect_container() > 0) + return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666"); + + assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0); diff --git a/debian/patches/timedate-fix-emitted-value-when-ntp-client-is-enabled-dis.patch b/debian/patches/timedate-fix-emitted-value-when-ntp-client-is-enabled-dis.patch new file mode 100644 index 0000000..4ae8684 --- /dev/null +++ b/debian/patches/timedate-fix-emitted-value-when-ntp-client-is-enabled-dis.patch @@ -0,0 +1,31 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 11 Mar 2019 04:44:21 +0900 +Subject: timedate: fix emitted value when ntp client is enabled/disabled + (#11951) + +This fixes a regression originall caused by cf3872bd2 and +triggered by b4356b5720a. + +Fixes #11944 + +(cherry picked from commit 49942d6b1eac12f3157c628ee6249c3bbb3602aa) +--- + src/timedate/timedated.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index eeb17b6..324d4a4 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -377,9 +377,9 @@ static int match_job_removed(sd_bus_message *m, void *userdata, sd_bus_error *er + n += !!u->path; + + if (n == 0) { +- (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "NTP", NULL); +- + c->slot_job_removed = sd_bus_slot_unref(c->slot_job_removed); ++ ++ (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "NTP", NULL); + } + + return 0; diff --git a/debian/patches/udev-network-drop-unused-parent_driver-argument-from-net_.patch b/debian/patches/udev-network-drop-unused-parent_driver-argument-from-net_.patch new file mode 100644 index 0000000..92a74a5 --- /dev/null +++ b/debian/patches/udev-network-drop-unused-parent_driver-argument-from-net_.patch @@ -0,0 +1,114 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 17 Feb 2019 00:47:45 +0900 +Subject: udev,network: drop unused parent_driver argument from + net_match_config() + +The argument has never been used. + +(cherry picked from commit 4f4daf418f2e750caae6bc26cd49daafc23ad4de) +--- + src/libsystemd-network/network-internal.c | 1 - + src/libsystemd-network/network-internal.h | 1 - + src/network/netdev/netdev.c | 2 +- + src/network/networkd-network.c | 9 ++------- + src/udev/net/link-config.c | 6 +----- + 5 files changed, 4 insertions(+), 15 deletions(-) + +diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c +index 0348e7f..34fac34 100644 +--- a/src/libsystemd-network/network-internal.c ++++ b/src/libsystemd-network/network-internal.c +@@ -102,7 +102,6 @@ bool net_match_config(Set *match_mac, + Condition *match_arch, + const struct ether_addr *dev_mac, + const char *dev_path, +- const char *dev_parent_driver, + const char *dev_driver, + const char *dev_type, + const char *dev_name) { +diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h +index 0c8da84..944fd2c 100644 +--- a/src/libsystemd-network/network-internal.h ++++ b/src/libsystemd-network/network-internal.h +@@ -25,7 +25,6 @@ bool net_match_config(Set *match_mac, + Condition *match_arch, + const struct ether_addr *dev_mac, + const char *dev_path, +- const char *dev_parent_driver, + const char *dev_driver, + const char *dev_type, + const char *dev_name); +diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c +index 0263917..ecd6cf4 100644 +--- a/src/network/netdev/netdev.c ++++ b/src/network/netdev/netdev.c +@@ -673,7 +673,7 @@ int netdev_load_one(Manager *manager, const char *filename) { + netdev_raw->match_host, netdev_raw->match_virt, + netdev_raw->match_kernel_cmdline, netdev_raw->match_kernel_version, + netdev_raw->match_arch, +- NULL, NULL, NULL, NULL, NULL, NULL) <= 0) ++ NULL, NULL, NULL, NULL, NULL) <= 0) + return 0; + + if (netdev_raw->kind == _NETDEV_KIND_INVALID) { +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 12344ec..9d08874 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -424,8 +424,7 @@ int network_get_by_name(Manager *manager, const char *name, Network **ret) { + int network_get(Manager *manager, sd_device *device, + const char *ifname, const struct ether_addr *address, + Network **ret) { +- const char *path = NULL, *parent_driver = NULL, *driver = NULL, *devtype = NULL; +- sd_device *parent; ++ const char *path = NULL, *driver = NULL, *devtype = NULL; + Network *network; + + assert(manager); +@@ -434,9 +433,6 @@ int network_get(Manager *manager, sd_device *device, + if (device) { + (void) sd_device_get_property_value(device, "ID_PATH", &path); + +- if (sd_device_get_parent(device, &parent) >= 0) +- (void) sd_device_get_driver(parent, &parent_driver); +- + (void) sd_device_get_property_value(device, "ID_NET_DRIVER", &driver); + + (void) sd_device_get_devtype(device, &devtype); +@@ -448,8 +444,7 @@ int network_get(Manager *manager, sd_device *device, + network->match_name, network->match_host, + network->match_virt, network->match_kernel_cmdline, + network->match_kernel_version, network->match_arch, +- address, path, parent_driver, driver, +- devtype, ifname)) { ++ address, path, driver, devtype, ifname)) { + if (network->match_name && device) { + const char *attr; + uint8_t name_assign_type = NET_NAME_UNKNOWN; +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index eb2477c..62830ae 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -243,13 +243,10 @@ int link_config_get(link_config_ctx *ctx, sd_device *device, link_config **ret) + assert(ret); + + LIST_FOREACH(links, link, ctx->links) { +- const char *address = NULL, *id_path = NULL, *parent_driver = NULL, *id_net_driver = NULL, *devtype = NULL, *sysname = NULL; +- sd_device *parent; ++ const char *address = NULL, *id_path = NULL, *id_net_driver = NULL, *devtype = NULL, *sysname = NULL; + + (void) sd_device_get_sysattr_value(device, "address", &address); + (void) sd_device_get_property_value(device, "ID_PATH", &id_path); +- if (sd_device_get_parent(device, &parent) >= 0) +- (void) sd_device_get_driver(parent, &parent_driver); + (void) sd_device_get_property_value(device, "ID_NET_DRIVER", &id_net_driver); + (void) sd_device_get_devtype(device, &devtype); + (void) sd_device_get_sysname(device, &sysname); +@@ -260,7 +257,6 @@ int link_config_get(link_config_ctx *ctx, sd_device *device, link_config **ret) + link->match_kernel_version, link->match_arch, + address ? ether_aton(address) : NULL, + id_path, +- parent_driver, + id_net_driver, + devtype, + sysname)) { diff --git a/debian/patches/udev-restore-debug-level-when-logging-a-failure-in-the-ex.patch b/debian/patches/udev-restore-debug-level-when-logging-a-failure-in-the-ex.patch new file mode 100644 index 0000000..63cc83a --- /dev/null +++ b/debian/patches/udev-restore-debug-level-when-logging-a-failure-in-the-ex.patch @@ -0,0 +1,29 @@ +From: Franck Bui <fbui@suse.com> +Date: Tue, 5 Mar 2019 11:03:07 +0100 +Subject: udev: restore debug level when logging a failure in the external + prog called by IMPORT{program} + +It was already the case before commit a75211421fc9366068e6d9446e8e567246c72feb, +which upgraded the log to warning. + +This seems an unintended side effect as the commit message doesn't mention it +and the old behavior looks more appropriate. + +(cherry picked from commit 3c37dadf627677eef62fcfc0c0f07cc67c748a9e) +--- + src/udev/udev-rules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index bc9c6c2..7fa4fd4 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -647,7 +647,7 @@ static int import_program_into_properties(UdevEvent *event, + char *line; + int r; + +- r = udev_event_spawn(event, timeout_usec, false, program, result, sizeof result); ++ r = udev_event_spawn(event, timeout_usec, true, program, result, sizeof result); + if (r < 0) + return r; + if (r > 0) diff --git a/debian/patches/udev-run-programs-in-the-specified-order.patch b/debian/patches/udev-run-programs-in-the-specified-order.patch new file mode 100644 index 0000000..95c8f15 --- /dev/null +++ b/debian/patches/udev-run-programs-in-the-specified-order.patch @@ -0,0 +1,161 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 5 Mar 2019 04:01:34 +0900 +Subject: udev: run programs in the specified order + +This fixes bugs introduced by 29448498c724da7ade1b5efb20d7472c1b128d2c +and d838e14515c82b05a07f2bf393cce057b45b2b53. + +Previously, RUN and SECLABEL keys are stored in udev_list with its unique +flag is false. If the flag is false, then udev_list is just a linked +list and new entries are always added in the last. +So, we should use OrderedHashmap instead of Hashmap. + +Fixes #11368. + +(cherry picked from commit 39a15c8a8dad26deda140867f03e44a535b7bd8d) +--- + src/udev/udev-event.c | 6 +++--- + src/udev/udev-node.c | 6 +++--- + src/udev/udev-node.h | 2 +- + src/udev/udev-rules.c | 12 ++++++------ + src/udev/udev.h | 4 ++-- + src/udev/udevadm-test.c | 2 +- + 6 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index 07b7365..faec4fc 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -71,8 +71,8 @@ UdevEvent *udev_event_free(UdevEvent *event) { + sd_device_unref(event->dev); + sd_device_unref(event->dev_db_clone); + sd_netlink_unref(event->rtnl); +- hashmap_free_free_key(event->run_list); +- hashmap_free_free_free(event->seclabel_list); ++ ordered_hashmap_free_free_key(event->run_list); ++ ordered_hashmap_free_free_free(event->seclabel_list); + free(event->program_result); + free(event->name); + +@@ -873,7 +873,7 @@ void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec) { + void *val; + Iterator i; + +- HASHMAP_FOREACH_KEY(val, cmd, event->run_list, i) { ++ ORDERED_HASHMAP_FOREACH_KEY(val, cmd, event->run_list, i) { + enum udev_builtin_cmd builtin_cmd = PTR_TO_INT(val); + char command[UTIL_PATH_SIZE]; + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 1c00dd1..cfbbd7b 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -272,7 +272,7 @@ int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { + + static int node_permissions_apply(sd_device *dev, bool apply, + mode_t mode, uid_t uid, gid_t gid, +- Hashmap *seclabel_list) { ++ OrderedHashmap *seclabel_list) { + const char *devnode, *subsystem, *id_filename = NULL; + struct stat stats; + dev_t devnum; +@@ -318,7 +318,7 @@ static int node_permissions_apply(sd_device *dev, bool apply, + log_device_debug(dev, "Preserve permissions of %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid); + + /* apply SECLABEL{$module}=$label */ +- HASHMAP_FOREACH_KEY(label, name, seclabel_list, i) { ++ ORDERED_HASHMAP_FOREACH_KEY(label, name, seclabel_list, i) { + int q; + + if (streq(name, "selinux")) { +@@ -386,7 +386,7 @@ static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) { + + int udev_node_add(sd_device *dev, bool apply, + mode_t mode, uid_t uid, gid_t gid, +- Hashmap *seclabel_list) { ++ OrderedHashmap *seclabel_list) { + const char *devnode, *devlink; + _cleanup_free_ char *filename = NULL; + int r; +diff --git a/src/udev/udev-node.h b/src/udev/udev-node.h +index 223c8f0..5ae816d 100644 +--- a/src/udev/udev-node.h ++++ b/src/udev/udev-node.h +@@ -10,6 +10,6 @@ + + int udev_node_add(sd_device *dev, bool apply, + mode_t mode, uid_t uid, gid_t gid, +- Hashmap *seclabel_list); ++ OrderedHashmap *seclabel_list); + int udev_node_remove(sd_device *dev); + int udev_node_update_old_links(sd_device *dev, sd_device *dev_old); +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 7fa4fd4..93709cc 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -2291,13 +2291,13 @@ int udev_rules_apply_to_event( + return log_oom(); + + if (IN_SET(cur->key.op, OP_ASSIGN, OP_ASSIGN_FINAL)) +- hashmap_clear_free_free(event->seclabel_list); ++ ordered_hashmap_clear_free_free(event->seclabel_list); + +- r = hashmap_ensure_allocated(&event->seclabel_list, NULL); ++ r = ordered_hashmap_ensure_allocated(&event->seclabel_list, NULL); + if (r < 0) + return log_oom(); + +- r = hashmap_put(event->seclabel_list, name, label); ++ r = ordered_hashmap_put(event->seclabel_list, name, label); + if (r < 0) + return log_oom(); + log_device_debug(dev, "SECLABEL{%s}='%s' %s:%u", +@@ -2474,9 +2474,9 @@ int udev_rules_apply_to_event( + _cleanup_free_ char *cmd = NULL; + + if (IN_SET(cur->key.op, OP_ASSIGN, OP_ASSIGN_FINAL)) +- hashmap_clear_free_key(event->run_list); ++ ordered_hashmap_clear_free_key(event->run_list); + +- r = hashmap_ensure_allocated(&event->run_list, NULL); ++ r = ordered_hashmap_ensure_allocated(&event->run_list, NULL); + if (r < 0) + return log_oom(); + +@@ -2484,7 +2484,7 @@ int udev_rules_apply_to_event( + if (!cmd) + return log_oom(); + +- r = hashmap_put(event->run_list, cmd, INT_TO_PTR(cur->key.builtin_cmd)); ++ r = ordered_hashmap_put(event->run_list, cmd, INT_TO_PTR(cur->key.builtin_cmd)); + if (r < 0) + return log_oom(); + +diff --git a/src/udev/udev.h b/src/udev/udev.h +index 3bc69ff..2fb49dc 100644 +--- a/src/udev/udev.h ++++ b/src/udev/udev.h +@@ -25,8 +25,8 @@ typedef struct UdevEvent { + mode_t mode; + uid_t uid; + gid_t gid; +- Hashmap *seclabel_list; +- Hashmap *run_list; ++ OrderedHashmap *seclabel_list; ++ OrderedHashmap *run_list; + usec_t exec_delay_usec; + usec_t birth_usec; + sd_netlink *rtnl; +diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c +index 54c525e..9c17844 100644 +--- a/src/udev/udevadm-test.c ++++ b/src/udev/udevadm-test.c +@@ -135,7 +135,7 @@ int test_main(int argc, char *argv[], void *userdata) { + FOREACH_DEVICE_PROPERTY(dev, key, value) + printf("%s=%s\n", key, value); + +- HASHMAP_FOREACH_KEY(val, cmd, event->run_list, i) { ++ ORDERED_HASHMAP_FOREACH_KEY(val, cmd, event->run_list, i) { + char program[UTIL_PATH_SIZE]; + + udev_event_apply_format(event, cmd, program, sizeof(program), false); diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..96ae117 --- /dev/null +++ b/debian/rules @@ -0,0 +1,305 @@ +#! /usr/bin/make -f + +#export DH_VERBOSE = 1 +#export DEB_BUILD_OPTIONS = nostrip + +export LC_ALL = C.UTF-8 + +include /usr/share/dpkg/default.mk + +ifeq ($(DEB_VENDOR),Ubuntu) + DEFAULT_NTP_SERVERS = ntp.ubuntu.com + SUPPORT_URL = http://www.ubuntu.com/support + CONFFLAGS_DISTRO = +else + DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org + SUPPORT_URL = https://www.debian.org/support + CONFFLAGS_DISTRO = +endif + +ifneq (, $(filter $(DEB_BUILD_ARCH), riscv64)) + TEST_TIMEOUT_MULTIPLIER = "-t 10" +endif + +# fail on missing files and symbols changes on distro builds, but not if we +# build/test upstream master +ifeq ($(TEST_UPSTREAM),) + DH_MISSING = --fail-missing + GENSYMBOLS_LEVEL = 4 +else + DH_MISSING = --list-missing + GENSYMBOLS_LEVEL = 1 +endif + +ifneq (, $(filter noudeb, $(DEB_BUILD_OPTIONS))) +export DEB_BUILD_PROFILES += noudeb +endif + +CONFFLAGS = \ + -Db_lto=true \ + -Db_pie=true \ + -Drootlibdir=/lib/$(DEB_HOST_MULTIARCH) \ + -Dsplit-usr=true \ + -Dquotaon-path=/sbin/quotaon \ + -Dquotacheck-path=/sbin/quotacheck \ + -Dkmod-path=/bin/kmod \ + -Dkexec-path=/sbin/kexec \ + -Dsulogin-path=/sbin/sulogin \ + -Dmount-path=/bin/mount \ + -Dumount-path=/bin/umount \ + -Dloadkeys-path=/bin/loadkeys \ + -Dsetfont-path=/bin/setfont \ + -Dnologin-path=/usr/sbin/nologin \ + -Dtelinit-path=/lib/sysvinit/telinit \ + -Dsysvinit-path=/etc/init.d \ + -Dsysvrcnd-path=/etc \ + -Ddebug-shell=/bin/bash \ + -Dzshcompletiondir=/usr/share/zsh/vendor-completions \ + -Ddbuspolicydir=/usr/share/dbus-1/system.d/ \ + -Dsupport-url=$(SUPPORT_URL) \ + -Ddefault-kill-user-processes=false \ + -Dpamconfdir=no \ + -Drpmmacrosdir=no \ + -Dqrencode=false \ + -Dvconsole=false \ + -Dfirstboot=false \ + -Dxkbcommon=false \ + -Dportabled=false \ + -Dwheel-group=false \ + -Dntp-servers="$(DEFAULT_NTP_SERVERS)" \ + -Ddns-servers='' \ + -Dlink-udev-shared=false \ + -Dsystem-uid-max=999 \ + -Dsystem-gid-max=999 \ + -Dnobody-user=nobody \ + -Dnobody-group=nogroup \ + -Dbump-proc-sys-fs-nr-open=false \ + -Ddev-kvm-mode=0660 \ + -Dgroup-render-mode=0660 + +# resolved's DNSSEC support is still not mature enough, don't enable it by +# default on stable Debian or any Ubuntu releases +CONFFLAGS += $(shell grep -qE 'stretch|ubuntu' /etc/os-release && echo -Ddefault-dnssec=no) + +CONFFLAGS_deb = \ + -Dselinux=true \ + -Dhwdb=true \ + -Dsysusers=true \ + -Dinstall-tests=true \ + -Defi=true \ + -Dnss-myhostname=true \ + -Dnss-mymachines=true \ + -Dnss-resolve=true \ + -Dnss-systemd=true \ + -Dresolve=true \ + -Dlink-systemctl-shared=false + +ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES))) +CONFFLAGS_deb += \ + -Daudit=true \ + -Dlibcryptsetup=true \ + -Dcoredump=true \ + -Delfutils=true \ + -Dapparmor=true \ + -Dlibidn=true \ + -Dlibiptc=true \ + -Dlibcurl=true \ + -Dimportd=true \ + -Dmicrohttpd=true \ + -Dgnutls=true +else +CONFFLAGS_deb += \ + -Daudit=false \ + -Dlibcryptsetup=false \ + -Dcoredump=false \ + -Delfutils=false \ + -Dapparmor=false \ + -Dlibidn=false \ + -Dlibiptc=false \ + -Dlibcurl=false \ + -Dimportd=false \ + -Dmicrohttpd=false \ + -Dgnutls=false +endif + +CONFFLAGS_udeb = \ + -Dlibcryptsetup=false \ + -Dcoredump=false \ + -Delfutils=false \ + -Dpam=false \ + -Daudit=false \ + -Dselinux=false\ + -Dapparmor=false \ + -Dlibidn=false \ + -Dlibiptc=false \ + -Dsmack=false \ + -Dima=false \ + -Dbinfmt=false \ + -Dquotacheck=false \ + -Dtmpfiles=false \ + -Drandomseed=false \ + -Dbacklight=false \ + -Dlogind=false \ + -Dmachined=false \ + -Dlibcurl=false \ + -Dimportd=false \ + -Dmicrohttpd=false \ + -Dgnutls=false \ + -Dhostnamed=false \ + -Dtimedated=false \ + -Dnetworkd=false \ + -Dtimesyncd=false \ + -Dlocaled=false \ + -Dnss-myhostname=false \ + -Dnss-mymachines=false \ + -Dnss-resolve=false \ + -Dnss-systemd=false \ + -Dresolve=false \ + -Dpolkit=false \ + -Dacl=false \ + -Dgcrypt=false \ + -Drfkill=false \ + -Dhwdb=false \ + -Dman=false \ + -Defi=false \ + -Dseccomp=false \ + -Dsysusers=false + +override_dh_auto_configure: + dh_auto_configure --builddirectory=build-deb \ + -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_deb) +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_configure --builddirectory=build-udeb \ + -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_udeb) +endif + +override_dh_auto_build: + dh_auto_build --builddirectory=build-deb +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_build --builddirectory=build-udeb +endif + # generate POT file for translators + ninja -C build-deb/ systemd-pot + +override_dh_auto_install: + dh_auto_install --builddirectory=build-deb \ + --destdir=debian/install/deb +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_install --builddirectory=build-udeb \ + --destdir=debian/install/udeb +endif + # fix paths in manpages; manually check the remaining /usr occurrences + # occasionally, with filtering out paths which are known to be in /usr: + # grep -r /usr debian/install/deb/usr/share/man/|egrep -v '/usr/local|os.*release|factory|zoneinfo|tmpfiles|kernel|foo|machines|sysctl|dbus|include|binfmt' + find debian/install/deb/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g' + +override_dh_auto_clean: +ifneq (, $(TEST_UPSTREAM)) + debian/extra/checkout-upstream +endif + dh_auto_clean --builddirectory=build-deb +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_clean --builddirectory=build-udeb +endif + rm -rf debian/install/ debian/shlibs.local + # remove Python byte code files + rm -rf tools/__pycache__/ + rm -f po/systemd.pot + +override_dh_install: + # remove unnecessary / unused files + rm -f debian/install/*/usr/share/doc/systemd/LICENSE.* + rm -f debian/install/*/var/log/README + rm -f debian/install/*/etc/init.d/README + rm -f debian/install/*/usr/lib/sysctl.d/50-default.conf + rm -f debian/install/*/etc/X11/xinit/xinitrc.d/50-systemd-user.sh + rmdir -p --ignore-fail-on-non-empty debian/install/*/etc/X11/xinit/xinitrc.d/ + rm -f debian/install/*/lib/systemd/system/halt-local.service + # remove files related to factory-reset feature + find debian/install/ \( -name 'systemd-update-done*' -o \ + -name systemd-journal-catalog-update.service -o \ + -name systemd-udev-hwdb-update.service -o \ + -name ldconfig.service -o \ + -name etc.conf \) -delete + rm -rf debian/install/*/usr/share/factory/ + # remove symlinks enabling default-on services + rm -rf debian/install/*/etc/systemd/system/*.target.wants/ + # remove aliases + find debian/install/*/etc/systemd/system/ -type l -delete + # replace upstream sysusers.d/basic.conf with proper users for Debian + debian/extra/make-sysusers-basic > debian/install/deb/usr/lib/sysusers.d/basic.conf + # remove resolvconf compat symlink + rm -f debian/install/*/sbin/resolvconf +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_install -pudev-udeb -plibudev1-udeb --sourcedir=debian/install/udeb +endif + + dh_install --remaining-packages --sourcedir=debian/install/deb + + # we don't want /tmp to be a tmpfs by default + mv debian/systemd/lib/systemd/system/tmp.mount debian/systemd/usr/share/systemd/ + printf '\n[Install]\nWantedBy=local-fs.target\n' >> debian/systemd/usr/share/systemd/tmp.mount + rm debian/systemd/lib/systemd/system/local-fs.target.wants/tmp.mount + + # files shipped by cryptsetup +ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES))) + rm debian/systemd/usr/share/man/man5/crypttab.5 +endif + + # files shipped by systemd + rm debian/udev/lib/udev/rules.d/70-uaccess.rules + rm debian/udev/lib/udev/rules.d/73-seat-late.rules + rm debian/udev/lib/udev/rules.d/71-seat.rules + rm debian/udev/lib/udev/rules.d/99-systemd.rules + + # remove duplicate files shipped by systemd-*/udev + echo "Removing duplicate files in systemd package:" + set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd); do \ + echo "... from $$pkg..."; \ + (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \ + (cd debian/$$pkg; find -mindepth 1 -type d | sort -r) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \ + done + + # Ubuntu specific files +ifeq ($(DEB_VENDOR),Ubuntu) + install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py + install -D --mode=644 debian/extra/systemd.py debian/systemd/usr/share/apport/package-hooks/systemd.py + install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/lib/udev/rules.d/ + cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/ + install --mode=755 debian/extra/set-cpufreq debian/systemd/lib/systemd/ +endif + +override_dh_missing: + dh_missing --sourcedir debian/install/deb $(DH_MISSING) + +override_dh_installinit: + dh_installinit --no-start + +PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' build-deb/config.h | tr -d \") + +# The SysV compat tools (which are symlinks to systemctl) are +# quasi-essential, so add their dependencies to Pre-Depends +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589 +override_dh_shlibdeps: + dh_shlibdeps -psystemd -- -dPre-Depends \ + -edebian/systemd/bin/systemctl \ + -dDepends + dh_shlibdeps --remaining-packages -Lsystemd + +override_dh_makeshlibs: + sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local + dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL) + dh_makeshlibs -psystemd -Xlibsystemd-shared -- -c$(GENSYMBOLS_LEVEL) + dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL) + +override_dh_auto_test: +ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS))) + echo "01234567890123456789012345678901" > build-deb/machine-id + # some tests hang under fakeroot, so disable fakeroot + env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/build-deb/machine-id meson test -C build-deb $(TEST_TIMEOUT_MULTIPLIER) || ( \ + cat build-deb/meson-logs/testlog.txt; \ + exit 1) +endif + +%: + dh $@ --without autoreconf,systemd --buildsystem=meson diff --git a/debian/shlibs.local.in b/debian/shlibs.local.in new file mode 100644 index 0000000..432b726 --- /dev/null +++ b/debian/shlibs.local.in @@ -0,0 +1,3 @@ +udeb: libudev 1 libudev1-udeb +libsystemd 0 libsystemd0 (= ${binary:Version}) +libsystemd-shared SHARED_LIB_VERSION systemd (= ${binary:Version}) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/systemd-container.install b/debian/systemd-container.install new file mode 100644 index 0000000..4d805b3 --- /dev/null +++ b/debian/systemd-container.install @@ -0,0 +1,30 @@ +bin/machinectl +lib/systemd/import-pubring.gpg +lib/systemd/systemd-machined +lib/systemd/systemd-export +lib/systemd/systemd-import* +lib/systemd/systemd-pull +lib/systemd/system/systemd-nspawn@.service +lib/systemd/system/systemd-importd.service +lib/systemd/system/systemd-machined.service +lib/systemd/system/var-lib-machines.mount +lib/systemd/system/machines.target +lib/systemd/system/*.target.wants/var-lib-machines.mount +lib/systemd/system/dbus-org.freedesktop.import1.service +lib/systemd/system/dbus-org.freedesktop.machine1.service +usr/bin/systemd-nspawn +usr/lib/tmpfiles.d/systemd-nspawn.conf +usr/share/dbus-1/system.d/org.freedesktop.import1.conf +usr/share/dbus-1/system.d/org.freedesktop.machine1.conf +usr/share/dbus-1/system-services/org.freedesktop.import1.service +usr/share/dbus-1/system-services/org.freedesktop.machine1.service +usr/share/man/man*/*nspawn* +usr/share/man/man*/machinectl* +usr/share/man/man*/systemd-machined* +usr/share/polkit-1/actions/org.freedesktop.import1.policy +usr/share/polkit-1/actions/org.freedesktop.machine1.policy +usr/share/zsh/vendor-completions/_systemd-nspawn +usr/share/zsh/vendor-completions/_sd_machines +usr/share/zsh/vendor-completions/_machinectl +usr/share/bash-completion/completions/machinectl +usr/share/bash-completion/completions/systemd-nspawn diff --git a/debian/systemd-container.maintscript b/debian/systemd-container.maintscript new file mode 100644 index 0000000..470978c --- /dev/null +++ b/debian/systemd-container.maintscript @@ -0,0 +1,2 @@ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.import1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 233-3~ diff --git a/debian/systemd-container.postinst b/debian/systemd-container.postinst new file mode 100644 index 0000000..a65319b --- /dev/null +++ b/debian/systemd-container.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +# Enable machines.target by default on new installs and upgrades +if dpkg --compare-versions "$2" lt "232-4~"; then + systemctl enable machines.target || true +fi + +#DEBHELPER# diff --git a/debian/systemd-container.postrm b/debian/systemd-container.postrm new file mode 100644 index 0000000..2140680 --- /dev/null +++ b/debian/systemd-container.postrm @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + # clean up after manually enabled units in postinst + rm -f /etc/systemd/system/multi-user.target.wants/machines.target + ;; +esac + +#DEBHELPER# diff --git a/debian/systemd-coredump.install b/debian/systemd-coredump.install new file mode 100644 index 0000000..3efcecb --- /dev/null +++ b/debian/systemd-coredump.install @@ -0,0 +1,11 @@ +usr/bin/coredumpctl +lib/systemd/systemd-coredump +lib/systemd/system/systemd-coredump* +lib/systemd/system/*/systemd-coredump* +usr/share/man/man1/coredumpctl* +usr/share/man/man5/coredump.conf* +usr/share/man/man8/systemd-coredump* +usr/share/bash-completion/completions/coredumpctl +usr/share/zsh/vendor-completions/_coredumpctl +usr/lib/sysctl.d/50-coredump.conf +etc/systemd/coredump.conf diff --git a/debian/systemd-coredump.postinst b/debian/systemd-coredump.postinst new file mode 100644 index 0000000..49e755e --- /dev/null +++ b/debian/systemd-coredump.postinst @@ -0,0 +1,15 @@ +#!/bin/sh +set -e + +if [ "$1" = configure ]; then + adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd core dump processing" systemd-coredump + + # enable systemd-coredump right after package installation + if [ -d /run/systemd/system ]; then + systemctl daemon-reload && systemctl start systemd-coredump.socket || true + fi + /lib/systemd/systemd-sysctl /usr/lib/sysctl.d/50-coredump.conf || true +fi + +#DEBHELPER# diff --git a/debian/systemd-coredump.prerm b/debian/systemd-coredump.prerm new file mode 100644 index 0000000..89cf954 --- /dev/null +++ b/debian/systemd-coredump.prerm @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +if [ "$1" = remove ]; then + # disable systemd-coredump on removal + if [ -w /proc/sys/kernel/core_pattern ] && grep -q '^|.*systemd-coredump' /proc/sys/kernel/core_pattern; then + echo core > /proc/sys/kernel/core_pattern + fi + if [ -d /run/systemd/system ]; then + systemctl stop systemd-coredump.socket || true + fi +fi + +#DEBHELPER# diff --git a/debian/systemd-journal-remote.install b/debian/systemd-journal-remote.install new file mode 100644 index 0000000..188628b --- /dev/null +++ b/debian/systemd-journal-remote.install @@ -0,0 +1,29 @@ +# systemd-journal-upload +etc/systemd/journal-upload.conf +lib/systemd/systemd-journal-upload +lib/systemd/system/systemd-journal-upload.service +usr/share/man/man5/journal-upload.conf.d.5 +usr/share/man/man5/journal-upload.conf.5 +usr/share/man/man8/systemd-journal-upload.8 +usr/share/man/man8/systemd-journal-upload.service.8 + +# systemd-journal-remote +etc/systemd/journal-remote.conf +lib/systemd/systemd-journal-remote +lib/systemd/system/systemd-journal-remote.service +lib/systemd/system/systemd-journal-remote.socket +usr/lib/sysusers.d/systemd-remote.conf +usr/share/man/man5/journal-remote.conf.d.5 +usr/share/man/man5/journal-remote.conf.5 +usr/share/man/man8/systemd-journal-remote.service.8 +usr/share/man/man8/systemd-journal-remote.socket.8 +usr/share/man/man8/systemd-journal-remote.8 + +# systemd-journal-gatewayd +lib/systemd/systemd-journal-gatewayd +lib/systemd/system/systemd-journal-gatewayd.service +lib/systemd/system/systemd-journal-gatewayd.socket +usr/share/systemd/gatewayd/ +usr/share/man/man8/systemd-journal-gatewayd.service.8 +usr/share/man/man8/systemd-journal-gatewayd.socket.8 +usr/share/man/man8/systemd-journal-gatewayd.8 diff --git a/debian/systemd-journal-remote.postinst b/debian/systemd-journal-remote.postinst new file mode 100644 index 0000000..8ef91ad --- /dev/null +++ b/debian/systemd-journal-remote.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +adduser --quiet --system \ + --home /run/systemd --no-create-home \ + --gecos "systemd Journal Remote" \ + --group systemd-journal-remote + +#DEBHELPER# diff --git a/debian/systemd-sysv.install b/debian/systemd-sysv.install new file mode 100644 index 0000000..9c104a9 --- /dev/null +++ b/debian/systemd-sysv.install @@ -0,0 +1,14 @@ +usr/share/man/man1/init.1 +usr/share/man/man8/telinit.8 +usr/share/man/man8/runlevel.8 +usr/share/man/man8/shutdown.8 +usr/share/man/man8/poweroff.8 +usr/share/man/man8/reboot.8 +usr/share/man/man8/halt.8 +sbin/init +sbin/telinit +sbin/runlevel +sbin/shutdown +sbin/poweroff +sbin/reboot +sbin/halt diff --git a/debian/systemd-sysv.postinst b/debian/systemd-sysv.postinst new file mode 100644 index 0000000..e2fd036 --- /dev/null +++ b/debian/systemd-sysv.postinst @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +# update grub on first install, so that the alternative init system boot +# entries get updated +if [ "$1" = configure ] && [ -z "$2" ] && [ -e /boot/grub/grub.cfg ] && which update-grub >/dev/null 2>&1; then + update-grub || true +fi + +#DEBHELPER# diff --git a/debian/systemd-tests.install b/debian/systemd-tests.install new file mode 100644 index 0000000..28b745c --- /dev/null +++ b/debian/systemd-tests.install @@ -0,0 +1 @@ +usr/lib/systemd/tests diff --git a/debian/systemd-tests.lintian-overrides b/debian/systemd-tests.lintian-overrides new file mode 100644 index 0000000..9784f46 --- /dev/null +++ b/debian/systemd-tests.lintian-overrides @@ -0,0 +1,2 @@ +# test programs only, need to link against internal library +systemd-tests: binary-or-shlib-defines-rpath usr/lib/systemd/tests/* diff --git a/debian/systemd.NEWS b/debian/systemd.NEWS new file mode 100644 index 0000000..3f90a34 --- /dev/null +++ b/debian/systemd.NEWS @@ -0,0 +1,28 @@ +systemd (236-1) unstable; urgency=medium + + DynamicUser=yes has been enabled for systemd-journal-upload.service and + systemd-journal-gatewayd.service. + This means we no longer need to statically allocate a systemd-journal-upload + and systemd-journal-gateway user and you can now safely remove those system + users along with their associated groups. + + -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:17:32 +0100 + +systemd (231-1) unstable; urgency=low + + This version drops support for running /etc/rcS.d SysV init scripts. + These are prone to cause dependency loops, and almost all Debian packages + with rcS scripts now ship a native systemd service. If you have custom or + third-party rcS scripts you need to convert them or change them to run + in rc2.d/ - rc5.d/; see this page for details: + <https://wiki.debian.org/Teams/pkg-systemd/rcSMigration>. + + -- Martin Pitt <mpitt@debian.org> Thu, 14 Jul 2016 12:54:34 +0200 + +systemd (224-2) unstable; urgency=medium + + This version splits out systemd-nspawn, systemd-machined, and machinectl + into the new "systemd-container" package. That now also enables + systemd-importd. + + -- Martin Pitt <mpitt@debian.org> Sat, 22 Aug 2015 15:58:43 +0200 diff --git a/debian/systemd.bug-control b/debian/systemd.bug-control new file mode 100644 index 0000000..03c8d6b --- /dev/null +++ b/debian/systemd.bug-control @@ -0,0 +1 @@ +package-status: udev dracut initramfs-tools diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script new file mode 100644 index 0000000..b1099e7 --- /dev/null +++ b/debian/systemd.bug-script @@ -0,0 +1,43 @@ +#!/bin/bash + +cat <<EOF + +Providing additional information can help diagnose problems with systemd. +Specifically, this would include: +- fstab configuration (copy of /etc/fstab). +- local modifications of unit files (output of systemd-delta). +- state of running services and units (output of systemd-analyze dump). +- enabled/disabled state of installed services. +If this information is not relevant for your bug report or you have privacy +concerns, please choose no. + +EOF + +yesno "Do you want to provide additional information [Y|n]? " yep +[ "$REPLY" = yep ] || exit 0 + +# We don’t clean up this directory because there is no way to know when +# reportbug finished running, and reportbug needs the files around. +# Given that those are just a couple of kilobytes in size and people +# generally don’t file a lot of bugs, I don’t think it’s a big deal. +DIR=$(mktemp -d) + +echo "-- BEGIN ATTACHMENTS --" >&3 + +# remove highlighting escape codes from systemd-delta output +systemd-delta --no-pager 2>&1 |sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt +echo "$DIR/systemd-delta.txt" >&3 + +if [ -d /run/systemd/system ]; then + systemd-analyze --no-pager dump >$DIR/systemd-analyze-dump.txt 2>&1 + echo "$DIR/systemd-analyze-dump.txt" >&3 +fi + +if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then + head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >$DIR/dsh-enabled.txt + echo "$DIR/dsh-enabled.txt" >&3 +fi + +echo "/etc/fstab" >&3 + +echo "-- END ATTACHMENTS --" >&3 diff --git a/debian/systemd.dirs b/debian/systemd.dirs new file mode 100644 index 0000000..fac35d6 --- /dev/null +++ b/debian/systemd.dirs @@ -0,0 +1 @@ +var/lib/systemd diff --git a/debian/systemd.install b/debian/systemd.install new file mode 100644 index 0000000..f0fa42c --- /dev/null +++ b/debian/systemd.install @@ -0,0 +1,72 @@ +etc/ +bin/systemctl +bin/journalctl +bin/loginctl +bin/machinectl +bin/networkctl +bin/systemd-notify +bin/systemd-tty-ask-password-agent +bin/systemd-ask-password +bin/systemd-machine-id-setup +bin/systemd-tmpfiles +bin/systemd-inhibit +bin/systemd-escape +bin/systemd-sysusers +lib/modprobe.d/ +lib/systemd/ +lib/udev/rules.d/70-uaccess.rules +lib/udev/rules.d/73-seat-late.rules +lib/udev/rules.d/71-seat.rules +lib/udev/rules.d/99-systemd.rules +usr/bin/systemd-cgls +usr/bin/systemd-cgtop +usr/bin/systemd-nspawn +usr/bin/systemd-stdio-bridge +usr/bin/systemd-analyze +usr/bin/systemd-cat +usr/bin/systemd-detect-virt +usr/bin/systemd-delta +usr/bin/systemd-run +usr/bin/systemd-path +usr/bin/systemd-socket-activate +usr/bin/systemd-mount +usr/bin/systemd-umount +usr/bin/systemd-id128 +usr/bin/kernel-install +usr/bin/bootctl +usr/bin/busctl +usr/bin/timedatectl +usr/bin/localectl +usr/bin/hostnamectl +usr/bin/resolvectl +usr/bin/systemd-resolve +usr/share/man/man1/ +usr/share/man/man5/ +usr/share/man/man7/ +usr/share/man/man8/ +usr/share/bash-completion/ +usr/share/zsh/vendor-completions/ +usr/share/dbus-1/ +usr/share/doc/ +usr/share/pkgconfig/systemd.pc +usr/share/polkit-1/ +usr/share/systemd/kbd-model-map +usr/share/systemd/language-fallback-map +usr/lib/binfmt.d/ +usr/lib/environment.d/ +usr/lib/modules-load.d/ +usr/lib/sysctl.d/ +usr/lib/sysusers.d/basic.conf +usr/lib/sysusers.d/systemd.conf +usr/lib/systemd/ +usr/lib/tmpfiles.d/ +usr/lib/kernel +usr/share/locale/ +var/lib +../../extra/init-functions.d lib/lsb/ +../../extra/tmpfiles.d/*.conf usr/lib/tmpfiles.d/ +../../extra/systemd-sysv-install lib/systemd/ +../../extra/units/* lib/systemd/system/ +../../extra/dhclient-exit-hooks.d/ etc/dhcp/ +../../extra/kernel-install.d/* usr/lib/kernel/install.d +../../extra/pam.d etc/ diff --git a/debian/systemd.links b/debian/systemd.links new file mode 100644 index 0000000..484b8f9 --- /dev/null +++ b/debian/systemd.links @@ -0,0 +1,84 @@ +# These are all services which have native implementations +# So we mask them by linking against /dev/null or create an alias +/lib/systemd/system/systemd-random-seed.service /lib/systemd/system/urandom.service +/lib/systemd/system/systemd-sysctl.service /lib/systemd/system/procps.service + +/lib/systemd/system/rc-local.service /lib/systemd/system/rc.local.service + +/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/module-init-tools.service +/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/kmod.service +/etc/modules /etc/modules-load.d/modules.conf + +# X server and ICE socket directories are created by /usr/lib/tmpfiles.d/x11.conf +/dev/null /lib/systemd/system/x11-common.service + +# systemd sets the hostname internally during early boot +/dev/null /lib/systemd/system/hostname.service + +# /run/nologin is handled by systemd-user-sessions.service +/dev/null /lib/systemd/system/rmnologin.service +/dev/null /lib/systemd/system/bootmisc.service + +# Although bootlogd is disabled by default (via /etc/default/bootlogd) +# by masking them we avoid spawning a shell uselessly thrice during boot. +# Besides, bootlogd doesn't look particularly useful in a systemd world. +/dev/null /lib/systemd/system/bootlogd.service +/dev/null /lib/systemd/system/stop-bootlogd-single.service +/dev/null /lib/systemd/system/stop-bootlogd.service + +# Don't set the hwclock, as the kernel does that on its own when using NTP +# Without NTP, we shouldn't store the time either +# https://github.com/systemd/systemd/commit/da2617378523e007ec0c6efe99d0cebb2be994e1 +/dev/null /lib/systemd/system/hwclock.service + +# We use native mount support so mask those services +# TODO: check if any SysV init scripts depend on those facilities +/dev/null /lib/systemd/system/mountkernfs.service +/dev/null /lib/systemd/system/mountdevsubfs.service +/dev/null /lib/systemd/system/mountall.service +/dev/null /lib/systemd/system/mountall-bootclean.service +/dev/null /lib/systemd/system/mountnfs.service +/dev/null /lib/systemd/system/mountnfs-bootclean.service +/dev/null /lib/systemd/system/umountfs.service +/dev/null /lib/systemd/system/umountnfs.service +/dev/null /lib/systemd/system/umountroot.service +/dev/null /lib/systemd/system/checkfs.service +/dev/null /lib/systemd/system/checkroot.service +/dev/null /lib/systemd/system/checkroot-bootclean.service + +# We use the built-in cryptsetup support +/dev/null /lib/systemd/system/cryptdisks.service +/dev/null /lib/systemd/system/cryptdisks-early.service + +# Single user mode is implemented natively, don't use legacy SysV init scripts +# to avoid spawning sulogin twice. +/dev/null /lib/systemd/system/single.service +/dev/null /lib/systemd/system/killprocs.service + +# Those services are useless under systemd. Mask them so they can't +# be run manually by accident. +/dev/null /lib/systemd/system/sendsigs.service +/dev/null /lib/systemd/system/halt.service +/dev/null /lib/systemd/system/reboot.service +/dev/null /lib/systemd/system/rc.service +/dev/null /lib/systemd/system/rcS.service + +# The motd SysV init script is no longer required to create the dynamic part of +# /etc/motd to display the uname information as pam_exec is used for that now. +# An explicit Breaks against older versions of login, which still use +# /run/motd.dynamic, is not necessary, as pam_motd will silently ignore it if +# that file is missing and simply display nothing. +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735521 +/dev/null /lib/systemd/system/motd.service + +# We have the journal to handle kernel messages from early boot +/dev/null /lib/systemd/system/bootlogs.service + +# Enable Debian specific units +/lib/systemd/system/getty-static.service /lib/systemd/system/getty.target.wants/getty-static.service + +# Compat symlink +/lib/systemd/systemd /bin/systemd + +# Create a compat symlink as systemd-sysctl no longer reads /etc/sysctl.conf +/etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf diff --git a/debian/systemd.lintian-overrides b/debian/systemd.lintian-overrides new file mode 100644 index 0000000..f47d5b7 --- /dev/null +++ b/debian/systemd.lintian-overrides @@ -0,0 +1,2 @@ +systemd: maintainer-script-calls-systemctl +systemd: possibly-insecure-handling-of-tmp-files-in-maintainer-script diff --git a/debian/systemd.maintscript b/debian/systemd.maintscript new file mode 100644 index 0000000..ab7bca2 --- /dev/null +++ b/debian/systemd.maintscript @@ -0,0 +1,11 @@ +rm_conffile /etc/X11/xinit/xinitrc.d/50-systemd-user.sh 228-3~ +rm_conffile /etc/systemd/bootchart.conf 230-1~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.hostname1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.locale1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.login1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 228-5~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.network1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.resolve1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.timedate1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf 239-15~ systemd-shim diff --git a/debian/systemd.postinst b/debian/systemd.postinst new file mode 100644 index 0000000..15d4fd5 --- /dev/null +++ b/debian/systemd.postinst @@ -0,0 +1,173 @@ +#! /bin/sh + +set -e + +_systemctl() { + if [ -d /run/systemd/system ]; then + systemctl "$@" + fi +} + +_update_catalog() { + journalctl --update-catalog || true +} + +# Update Message Catalogs database and reload in response to dpkg triggers +if [ "$1" = "triggered" ]; then + shift + for trigger in "$@"; do + case $trigger in + /usr/lib/systemd/catalog) + _update_catalog + ;; + /etc/init.d) + _systemctl daemon-reload || true + ;; + esac + done + exit 0 +fi + +# Enable getty and remote-fs.target by default on new installs +if [ -z "$2" ]; then + systemctl enable getty@tty1.service || true + systemctl enable remote-fs.target || true +fi + +# Enable timesyncd by default on new installs installs and upgrades +if dpkg --compare-versions "$2" lt "218-11~"; then + systemctl enable systemd-timesyncd.service || true +fi + +# Enable ondemand by default on new installs installs and upgrades +if [ -e /lib/systemd/system/ondemand.service ] && dpkg --compare-versions "$2" lt "231-7~"; then + systemctl enable ondemand.service || true +fi + +# Do a one-time migration of the local time setting +if [ -z "$2" ]; then + if [ -f /etc/default/rcS ]; then + . /etc/default/rcS + fi + if [ "$UTC" = "no" ] && [ ! -e /etc/adjtime ]; then + printf "0.0 0 0.0\n0\nLOCAL\n" > /etc/adjtime + fi +fi + +# Do a one-time migration of the TMPTIME setting +if [ -z "$2" ]; then + if [ -f /etc/default/rcS ]; then + . /etc/default/rcS + fi + if [ ! -e /etc/tmpfiles.d/tmp.conf ]; then + case "$TMPTIME" in + -*|infinite|infinity) + cat > /etc/tmpfiles.d/tmp.conf <<EOF +# Avoid clearing /tmp by shipping an empty /etc/tmpfiles.d/tmp.conf file +# which overrides /usr/lib/tmpfiles.d/tmp.conf. +# This file was automatically created because of local modifications in +# /etc/default/rcS where TMPTIME was set to infinite. +EOF + ;; + esac + fi +fi + +# Do a one-time migration of the RAMTMP setting +if [ -z "$2" ]; then + if [ -f /etc/default/rcS ]; then + . /etc/default/rcS + fi + if [ -f /etc/default/tmpfs ]; then + . /etc/default/tmpfs + fi + if [ "$RAMTMP" = "yes" ]; then + # systemctl enable will work even when systemd is not the active PID 1. + if [ ! -e /etc/systemd/system/tmp.mount ]; then + cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount + systemctl enable tmp.mount || true + fi + fi +fi + +# Create /etc/machine-id +systemd-machine-id-setup + +# Setup system users and groups +addgroup --quiet --system systemd-journal + +# We need to stop running services before we call adduser +RESTART="" +if dpkg --compare-versions "$2" lt-nl "239-6"; then + for s in systemd-networkd systemd-timesyncd systemd-resolved ; do + if _systemctl -q is-active $s; then + _systemctl stop $s + RESTART="$s $RESTART" + fi + done +fi + +adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Time Synchronization" systemd-timesync +adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Network Management" systemd-network +adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Resolver" systemd-resolve + +# Remove old state directory of systemd-timesyncd +if dpkg --compare-versions "$2" lt-nl "240-3~"; then + if [ -L /var/lib/systemd/timesync ] ; then + rm /var/lib/systemd/timesync + rm -rf /var/lib/private/systemd/timesync + fi +fi + +# Initial update of the Message Catalogs database +_update_catalog + +if [ -n "$2" ]; then + _systemctl daemon-reexec || true + # don't restart logind; this can be done again once this gets implemented: + # https://github.com/systemd/systemd/issues/1163 + _systemctl try-restart systemd-networkd.service || true + _systemctl try-restart systemd-resolved.service || true + _systemctl try-restart systemd-timesyncd.service || true + _systemctl try-restart systemd-journald.service || true +fi + +# Restart services which we stopped earlier +# This needs to run after daemon-rexec +if dpkg --compare-versions "$2" lt-nl "239-6"; then + for s in $RESTART ; do + _systemctl start $s + done +fi + +# Cleanup hwclock-save.service, which was shipped in jessie. +if dpkg --compare-versions "$2" lt-nl "228-5~"; then + for t in reboot halt poweroff ; do + rm -f /etc/systemd/system/${t}.target.wants/hwclock-save.service + rmdir --ignore-fail-on-non-empty /etc/systemd/system/${t}.target.wants 2> /dev/null || true + done +fi + +if dpkg --compare-versions "$2" lt-nl "235-3~"; then + # systemd-bus-proxyd got dropped before stretch, and never created any file + deluser --system systemd-bus-proxy || true +fi + +if dpkg --compare-versions "$2" lt-nl "236-1~"; then + # Clean up old /var/lib/systemd/clock on upgrade. + # The clock file used by systemd-timesyncd is now stored in + # StateDirectory=systemd/timesync. + rm -f /var/lib/systemd/clock +fi + +if dpkg --compare-versions "$2" lt-nl "239-12~"; then + # clean up bogus "nobody" group from #912525; ensure that it's a system group + if getent group nobody >/dev/null; then + delgroup --system nobody || true + fi +fi + +#DEBHELPER# diff --git a/debian/systemd.postrm b/debian/systemd.postrm new file mode 100644 index 0000000..94d77b4 --- /dev/null +++ b/debian/systemd.postrm @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + # clean up after manually enabled units in postinst + rm -f /etc/systemd/system/getty.target.wants/getty@tty1.service + rm -f /etc/systemd/system/multi-user.target.wants/remote-fs.target + rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service + rm -f /etc/systemd/system/dbus-org.freedesktop.timesync1.service + rmdir --ignore-fail-on-non-empty /etc/systemd/system/getty.target.wants 2> /dev/null || true + rmdir --ignore-fail-on-non-empty /etc/systemd/system/multi-user.target.wants 2> /dev/null || true + rmdir --ignore-fail-on-non-empty /etc/systemd/system/sysinit.target.wants 2> /dev/null || true + + rm -f /var/lib/systemd/catalog/database + rmdir --ignore-fail-on-non-empty /var/lib/systemd/catalog 2> /dev/null || true + + rm -rf /var/lib/systemd/backlight/ + rm -rf /var/lib/systemd/rfkill/ + + rm -f /var/lib/systemd/clock + rm -f /var/lib/systemd/random-seed + ;; +esac + +#DEBHELPER# diff --git a/debian/systemd.prerm b/debian/systemd.prerm new file mode 100644 index 0000000..aedbf58 --- /dev/null +++ b/debian/systemd.prerm @@ -0,0 +1,15 @@ +#! /bin/sh + +set -e + +# +# Prevent systemd from being removed if it's the active init. That +# will not work. +# + +if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then + echo "systemd is the active init system, please switch to another before removing systemd." + exit 1 +fi + +#DEBHELPER# diff --git a/debian/systemd.triggers b/debian/systemd.triggers new file mode 100644 index 0000000..299a3f9 --- /dev/null +++ b/debian/systemd.triggers @@ -0,0 +1,2 @@ +interest-noawait /usr/lib/systemd/catalog +interest-noawait /etc/init.d diff --git a/debian/tests/assert.sh b/debian/tests/assert.sh new file mode 100644 index 0000000..1d47bf4 --- /dev/null +++ b/debian/tests/assert.sh @@ -0,0 +1,34 @@ +# utility functions for shell tests + +assert_true() { + if ! $1; then + echo "FAIL: command '$1' failed with exit code $?" >&2 + exit 1 + fi +} + + +assert_eq() { + if [ "$1" != "$2" ]; then + echo "FAIL: expected: '$2' actual: '$1'" >&2 + exit 1 + fi +} + +assert_in() { + if ! echo "$2" | grep -q "$1"; then + echo "FAIL: '$1' not found in:" >&2 + echo "$2" >&2 + exit 1 + fi +} + +assert_rc() { + local exp=$1 + shift + set +e + $@ + RC=$? + set -e + assert_eq $RC $exp +} diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services new file mode 100755 index 0000000..fe2cdfb --- /dev/null +++ b/debian/tests/boot-and-services @@ -0,0 +1,555 @@ +#!/usr/bin/python3 +# autopkgtest check: Boot with systemd and check critical desktop services +# (C) 2014 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +import sys +import os +import unittest +import subprocess +import tempfile +import shutil +import time +import re +from glob import glob + +is_container = subprocess.call(['systemd-detect-virt', '--container']) == 0 + + +def wait_unit_stop(unit, timeout=10): + '''Wait until given unit is not running any more + + Raise RuntimeError on timeout. + ''' + for i in range(timeout): + if subprocess.call(['systemctl', 'is-active', '--quiet', unit]) != 0: + return + time.sleep(1) + + raise RuntimeError('Timed out waiting for %s to stop' % unit) + + +class ServicesTest(unittest.TestCase): + '''Check that expected services are running''' + + def test_0_init(self): + '''Verify that init is systemd''' + + self.assertIn('systemd', os.readlink('/proc/1/exe')) + + def test_no_failed(self): + '''No failed units''' + + out = subprocess.check_output(['systemctl', '--state=failed', '--no-legend'], + universal_newlines=True) + failed = out.splitlines() + # ignore /etc/modules failure as stuff that we put there by default + # often fails + failed = [f for f in failed if 'systemd-modules-load' not in f] + # apparmor fails if not enabled in the kernel + if not os.path.exists('/sys/kernel/security/apparmor'): + failed = [f for f in failed if 'apparmor.service' not in f] + # ignore thermald as it doesn't start in most virtual envs + failed = [f for f in failed if 'thermald' not in f] + # console-setup.service fails on devices without keyboard (LP: #1516591) + failed = [f for f in failed if 'console-setup' not in f] + # cpi.service fails on s390x + failed = [f for f in failed if 'cpi.service' not in f] + # https://bugs.debian.org/926138 + if is_container: + failed = [f for f in failed if 'e2scrub_reap.service' not in f] + if failed: + for f in failed: + f = f.split()[0] + print('-------- journal for failed service %s -----------' % f) + sys.stdout.flush() + subprocess.call(['journalctl', '-b', '-u', f]) + self.assertEqual(failed, []) + + @unittest.skipUnless(shutil.which('gdm3') is not None, 'gdm3 not found') + def test_gdm3(self): + subprocess.check_call(['pgrep', '-af', '/gdm[-3]']) + self.active_unit('gdm') + + def test_dbus(self): + out = subprocess.check_output( + ['dbus-send', '--print-reply', '--system', + '--dest=org.freedesktop.DBus', '/', 'org.freedesktop.DBus.GetId']) + self.assertIn(b'string "', out) + self.active_unit('dbus') + + def test_network_manager(self): + # 0.9.10 changed the command name + _help = subprocess.check_output(['nmcli', '--help'], + stderr=subprocess.STDOUT) + if b' g[eneral]' in _help: + out = subprocess.check_output(['nmcli', 'general']) + else: + out = subprocess.check_output(['nmcli', 'nm']) + self.assertIn(b'enabled', out) + self.active_unit('network-manager') + + def test_cron(self): + out = subprocess.check_output(['ps', 'u', '-C', 'cron']) + self.assertIn(b'root', out) + self.active_unit('cron') + + def test_logind(self): + out = subprocess.check_output(['loginctl']) + self.assertNotEqual(b'', out) + self.active_unit('systemd-logind') + + @unittest.skipIf('TEST_UPSTREAM' in os.environ, + 'Forwarding to rsyslog is a Debian patch') + def test_rsyslog(self): + out = subprocess.check_output(['ps', 'u', '-C', 'rsyslogd']) + self.assertIn(b'bin/rsyslogd', out) + self.active_unit('rsyslog') + with open('/var/log/syslog') as f: + log = f.read() + if not is_container: + # has kernel messages + self.assertRegex(log, 'kernel:.*[cC]ommand line:') + # has init messages + self.assertRegex(log, 'systemd.*Reached target Graphical Interface') + # has other services + self.assertRegex(log, 'NetworkManager.*:') + + @unittest.skipIf(is_container, 'udev does not work in containers') + def test_udev(self): + out = subprocess.check_output(['udevadm', 'info', '--export-db']) + self.assertIn(b'\nP: /devices/', out) + self.active_unit('systemd-udevd') + + def test_tmp_mount(self): + # check if we want to mount /tmp in fstab + want_tmp_mount = False + with open('/etc/fstab') as f: + for l in f: + try: + if not l.startswith('#') and l.split()[1] in ('/tmp', '/tmp/'): + want_tmp_mount = True + break + except IndexError: + pass + + # ensure that we actually do/don't have a /tmp mount + (status, status_out) = subprocess.getstatusoutput('systemctl status tmp.mount') + findmnt = subprocess.call(['findmnt', '-n', '/tmp'], stdout=subprocess.PIPE) + if want_tmp_mount: + self.assertEqual(status, 0, status_out) + self.assertEqual(findmnt, 0) + else: + # 4 is correct (since upstream commit ca473d57), accept 3 for systemd <= 230 + self.assertIn(status, [3, 4], status_out) + self.assertNotEqual(findmnt, 0) + + @unittest.skipIf('TEST_UPSTREAM' in os.environ, + 'Debian specific configuration, N/A for upstream') + def test_tmp_cleanup(self): + # systemd-tmpfiles-clean.timer only runs 15 mins after boot, shortcut + # it + self.assertEqual(subprocess.call( + ['systemctl', 'status', 'systemd-tmpfiles-clean.timer'], + stdout=subprocess.PIPE), 0) + subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean']) + if not is_container: + # all files in /tmp/ should get cleaned up on boot + self.assertFalse(os.path.exists('/tmp/oldfile.test')) + self.assertFalse(os.path.exists('/tmp/newfile.test')) + # files in /var/tmp/ older than 30d should get cleaned up + # XXX FIXME: /var/tmp/ cleanup was disabled in #675422 + # if not is_container: + # self.assertFalse(os.path.exists('/var/tmp/oldfile.test')) + self.assertTrue(os.path.exists('/var/tmp/newfile.test')) + + # next run should leave the recent ones + os.close(os.open('/tmp/newfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean']) + wait_unit_stop('systemd-tmpfiles-clean') + self.assertTrue(os.path.exists('/tmp/newfile.test')) + + # Helper methods + + def active_unit(self, unit): + '''Check that given unit is active''' + + out = subprocess.check_output(['systemctl', 'status', unit]) + self.assertIn(b'active (running)', out) + + +class JournalTest(unittest.TestCase): + '''Check journal functionality''' + + def test_no_options(self): + out = subprocess.check_output(['journalctl']) + if not is_container: + # has kernel messages + self.assertRegex(out, b'kernel:.*[cC]ommand line:') + # has init messages + self.assertRegex(out, b'systemd.*Reached target Graphical Interface') + # has other services + self.assertRegex(out, b'NetworkManager.*:.*starting') + + def test_log_for_service(self): + out = subprocess.check_output( + ['journalctl', '_SYSTEMD_UNIT=NetworkManager.service']) + self.assertRegex(out, b'NetworkManager.*:.*starting') + self.assertNotIn(b'kernel:', out) + self.assertNotIn(b'systemd:', out) + + +@unittest.skipIf(is_container, 'nspawn does not work in most containers') +class NspawnTest(unittest.TestCase): + '''Check nspawn''' + + @classmethod + def setUpClass(kls): + '''Build a bootable busybox mini-container''' + + kls.td_c_busybox = tempfile.TemporaryDirectory(prefix='c_busybox.') + kls.c_busybox = kls.td_c_busybox.name + for d in ['etc/init.d', 'bin', 'sbin']: + os.makedirs(os.path.join(kls.c_busybox, d)) + shutil.copy('/bin/busybox', os.path.join(kls.c_busybox, 'bin')) + shutil.copy('/etc/os-release', os.path.join(kls.c_busybox, 'etc')) + os.symlink('busybox', os.path.join(kls.c_busybox, 'bin', 'sh')) + os.symlink('../bin/busybox', os.path.join(kls.c_busybox, 'sbin/init')) + with open(os.path.join(kls.c_busybox, 'etc/init.d/rcS'), 'w') as f: + f.write('''#!/bin/sh +echo fake container started +ps aux +poweroff\n''') + os.fchmod(f.fileno(), 0o755) + subprocess.check_call(['systemd-machine-id-setup', '--root', + kls.c_busybox], stderr=subprocess.PIPE) + + def setUp(self): + self.workdir = tempfile.TemporaryDirectory() + + def test_boot(self): + cont = os.path.join(self.workdir.name, 'c1') + shutil.copytree(self.c_busybox, cont, symlinks=True) + os.sync() + nspawn = subprocess.Popen(['systemd-nspawn', '-D', cont, '-b'], + stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + out = nspawn.communicate(timeout=60)[0] + self.assertIn(b'Spawning container c1', out) + self.assertIn(b'fake container started', out) + self.assertRegex(out, b'\n\s+1\s+0\s+init[\r\n]') + self.assertRegex(out, b'\n\s+2+\s+0\s.*rcS[\r\n]') + self.assertRegex(out, b'Container c1.*shut down') + self.assertEqual(nspawn.returncode, 0) + + def test_service(self): + self.assertTrue(os.path.isdir('/var/lib/machines')) + cont = '/var/lib/machines/c1' + shutil.copytree(self.c_busybox, cont, symlinks=True) + self.addCleanup(shutil.rmtree, cont) + os.sync() + subprocess.check_call(['systemctl', 'start', 'systemd-nspawn@c1']) + wait_unit_stop('systemd-nspawn@c1') + + subprocess.call(['journalctl', '--sync']) + systemctl = subprocess.Popen( + ['systemctl', 'status', '-overbose', '-l', 'systemd-nspawn@c1'], + stdout=subprocess.PIPE) + out = systemctl.communicate()[0].decode('UTF-8', 'replace') + self.assertEqual(systemctl.returncode, 3, out) + self.assertNotIn('failed', out) + + +@unittest.skipUnless(os.path.exists('/sys/kernel/security/apparmor'), + 'AppArmor not enabled') +class AppArmorTest(unittest.TestCase): + def test_profile(self): + '''AppArmor confined unit''' + + # create AppArmor profile + aa_profile = tempfile.NamedTemporaryFile(prefix='aa_violator.') + aa_profile.write(b'''#include <tunables/global> + +profile "violator-test" { + #include <abstractions/base> + + /{usr/,}bin/** rix, + /etc/machine-id r, +} +''') + aa_profile.flush() + subprocess.check_call(['apparmor_parser', '-r', '-v', aa_profile.name]) + + # create confined unit + with open('/run/systemd/system/violator.service', 'w') as f: + f.write('''[Unit] +Description=AppArmor test + +[Service] +ExecStart=/bin/sh -euc 'echo CP1; cat /etc/machine-id; echo CP2; if cat /etc/passwd; then exit 1; fi; echo CP3' +AppArmorProfile=violator-test +''') + self.addCleanup(os.unlink, '/run/systemd/system/violator.service') + + # launch + subprocess.check_call(['systemctl', 'daemon-reload']) + subprocess.check_call(['systemctl', 'start', 'violator.service']) + wait_unit_stop('violator.service') + + # check status + st = subprocess.Popen(['systemctl', 'status', '-l', + 'violator.service'], stdout=subprocess.PIPE, + universal_newlines=True) + out = st.communicate()[0] + # unit should be stopped + self.assertEqual(st.returncode, 3) + + self.assertIn('inactive', out) + self.assertIn('CP1', out) + self.assertIn('CP2', out) + self.assertIn('CP3', out) + with open('/etc/machine-id') as f: + self.assertIn(f.read().strip(), out) + self.assertNotIn('root:x', out, 'unit can read /etc/passwd') + + +@unittest.skipIf(os.path.exists('/sys/fs/cgroup/cgroup.controllers'), + 'test needs to be reworked on unified cgroup hierarchy') +class CgroupsTest(unittest.TestCase): + '''Check cgroup setup''' + + @classmethod + def setUpClass(kls): + kls.controllers = [] + for controller in glob('/sys/fs/cgroup/*'): + if not os.path.islink(controller): + kls.controllers.append(controller) + + def setUp(self): + self.service = 'testsrv.service' + self.service_file = '/run/systemd/system/' + self.service + + def tearDown(self): + subprocess.call(['systemctl', 'stop', self.service], + stderr=subprocess.PIPE) + try: + os.unlink(self.service_file) + except OSError: + pass + subprocess.check_call(['systemctl', 'daemon-reload']) + + def create_service(self, extra_service=''): + '''Create test service unit''' + + with open(self.service_file, 'w') as f: + f.write('''[Unit] +Description=test service +[Service] +ExecStart=/bin/sleep 500 +%s +''' % extra_service) + subprocess.check_call(['systemctl', 'daemon-reload']) + + def assertNoControllers(self): + '''Assert that no cgroup controllers exist for test service''' + + cs = glob('/sys/fs/cgroup/*/system.slice/%s' % self.service) + self.assertEqual(cs, []) + + def assertController(self, name): + '''Assert that cgroup controller exists for test service''' + + c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service) + self.assertTrue(os.path.isdir(c)) + + def assertNoController(self, name): + '''Assert that cgroup controller does not exist for test service''' + + c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service) + self.assertFalse(os.path.isdir(c)) + + def test_simple(self): + '''simple service''' + + self.create_service() + self.assertNoControllers() + subprocess.check_call(['systemctl', 'start', self.service]) + self.assertController('systemd') + subprocess.check_call(['systemctl', 'stop', self.service]) + self.assertNoControllers() + + def test_cpushares(self): + '''service with CPUShares''' + + self.create_service('CPUShares=1000') + self.assertNoControllers() + subprocess.check_call(['systemctl', 'start', self.service]) + self.assertController('systemd') + self.assertController('cpu,cpuacct') + subprocess.check_call(['systemctl', 'stop', self.service]) + self.assertNoControllers() + + +class SeccompTest(unittest.TestCase): + '''Check seccomp syscall filtering''' + + def test_failing(self): + with open('/run/systemd/system/scfail.service', 'w') as f: + f.write('''[Unit] +Description=seccomp test +[Service] +ExecStart=/bin/cat /etc/machine-id +SystemCallFilter=access +''') + self.addCleanup(os.unlink, '/run/systemd/system/scfail.service') + + # launch + subprocess.check_call(['systemctl', 'daemon-reload']) + subprocess.check_call(['systemctl', 'start', 'scfail.service']) + wait_unit_stop('scfail.service') + + # check status + st = subprocess.Popen(['systemctl', 'status', '-l', + 'scfail.service'], stdout=subprocess.PIPE) + out = st.communicate()[0] + # unit should be stopped + self.assertEqual(st.returncode, 3) + + subprocess.check_call(['systemctl', 'reset-failed', 'scfail.service']) + + self.assertIn(b'failed', out) + self.assertIn(b'code=killed, signal=SYS', out) + with open('/etc/machine-id') as f: + self.assertNotIn(f.read().strip().encode('ASCII'), out) + + +@unittest.skipIf(is_container, 'systemd-coredump does not work in containers') +class CoredumpTest(unittest.TestCase): + '''Check systemd-coredump''' + + def test_bash_crash(self): + subprocess.call("ulimit -c unlimited; bash -c 'kill -SEGV $$'", shell=True, + cwd='/tmp', stderr=subprocess.DEVNULL) + + # with systemd-coredump installed we should get the core dumps in + # systemd's dir + for timeout in range(50): + cores = glob('/var/lib/systemd/coredump/core.bash.*') + if cores: + break + time.sleep(1) + self.assertNotEqual(cores, []) + self.assertEqual(glob('/tmp/core*'), []) + + # we should also get a message and stack trace in journal + for timeout in range(10): + subprocess.call(['journalctl', '--sync']) + journal = subprocess.check_output(['journalctl', '-t', 'systemd-coredump']) + if re.search(b'Process.*bash.*dumped core', journal) and \ + re.search(b'#[0-9] .*bash', journal): + break + time.sleep(1) + self.assertRegex(journal, b'Process.*bash.*dumped core') + self.assertIn(b'Stack trace', journal) + self.assertRegex(journal, b'#[0-9] .*bash') + + +class CLITest(unittest.TestCase): + def setUp(self): + self.programs = [] + for line in subprocess.check_output(['dpkg', '-L', 'systemd', 'systemd-container', 'systemd-coredump', 'udev'], + universal_newlines=True).splitlines(): + if '/bin/' in line: + self.programs.append(line.strip()) + + def test_help(self): + '--help works and succeeds''' + + for program in self.programs: + p = subprocess.Popen([program, '--help'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) + (out, err) = p.communicate() + try: + self.assertEqual(err, '') + self.assertEqual(p.returncode, 0) + self.assertIn(os.path.basename(program), out) + self.assertTrue('--help' in out or 'Usage' in out, out) + except AssertionError: + print('Failed program: %s' % program) + raise + + def test_version(self): + '--version works and succeeds''' + + version = subprocess.check_output(['pkg-config', '--modversion', 'systemd'], + universal_newlines=True).strip() + + for program in self.programs: + # known to not respond to --version + if os.path.basename(program) in ['kernel-install', 'systemd-ask-password', 'systemd-stdio-bridge']: + continue + p = subprocess.Popen([program, '--version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) + (out, err) = p.communicate() + try: + self.assertEqual(err, '') + self.assertEqual(p.returncode, 0) + self.assertIn(version, out) + except AssertionError: + print('Failed program: %s' % program) + raise + + def test_invalid_option(self): + '''Calling with invalid option fails''' + + for program in self.programs: + p = subprocess.Popen([program, '--invalid-option'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) + (out, err) = p.communicate() + try: + # kernel-install is an unique snowflake + if not program.endswith('/kernel-install'): + self.assertIn('--invalid-option', err) + self.assertNotEqual(p.returncode, 0) + except AssertionError: + print('Failed program: %s' % program) + raise + + +def pre_boot_setup(): + '''Test setup before rebooting testbed''' + + subprocess.check_call(['systemctl', 'set-default', 'graphical.target'], + stderr=subprocess.STDOUT) + + # create a few temporary files to ensure that they get cleaned up on boot + os.close(os.open('/tmp/newfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + os.close(os.open('/var/tmp/newfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + # we can't use utime() here, as systemd looks for ctime + if not is_container: + cur_time = time.clock_gettime(time.CLOCK_REALTIME) + time.clock_settime(time.CLOCK_REALTIME, cur_time - 2 * 30 * 86400) + try: + os.close(os.open('/tmp/oldfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + os.close(os.open('/var/tmp/oldfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + finally: + time.clock_settime(time.CLOCK_REALTIME, cur_time) + + # allow X to start even on headless machines + os.makedirs('/etc/X11/xorg.conf.d/', exist_ok=True) + with open('/etc/X11/xorg.conf.d/dummy.conf', 'w') as f: + f.write('''Section "Device" + Identifier "test" + Driver "dummy" +EndSection''') + + +if __name__ == '__main__': + if not os.getenv('AUTOPKGTEST_REBOOT_MARK'): + pre_boot_setup() + print('Rebooting...') + subprocess.check_call(['/tmp/autopkgtest-reboot', 'boot1']) + + unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, + verbosity=2)) diff --git a/debian/tests/boot-smoke b/debian/tests/boot-smoke new file mode 100755 index 0000000..ed52bf6 --- /dev/null +++ b/debian/tests/boot-smoke @@ -0,0 +1,71 @@ +#!/bin/sh +# test 20 successful reboots in a row +# Author: Martin Pitt <martin.pitt@ubuntu.com> +# For bisecting/testing you can replace individual binaries in /lib/systemd +# with --copy /host/path/systemd-foo:/tmp/systemd-replace/systemd-foo +set -e + +. `dirname $0`/assert.sh + +fail() { + journalctl --sync + journalctl -a > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-journal.txt" + udevadm info --export-db > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-udevdb.txt" + exit 1 +} + +if [ -z "$AUTOPKGTEST_REBOOT_MARK" ]; then + # enable persistent journal + mkdir -p /var/log/journal + # allow X to start even on headless machines + mkdir -p /etc/X11/xorg.conf.d/ + cat << EOF > /etc/X11/xorg.conf.d/dummy.conf +Section "Device" + Identifier "test" + Driver "dummy" +EndSection +EOF + + + AUTOPKGTEST_REBOOT_MARK=0 + if [ -d /tmp/systemd-replace/ ]; then + for f in /tmp/systemd-replace/*; do + echo "Installing $f..." + rm -f /lib/systemd/$(basename $f) + cp $f /lib/systemd/ + done + fi +else + echo "checking for failed unmounts for user systemd" + # grep complete journal to catch shutdown messages + if journalctl | grep -E "systemd\[([2-9]|[1-9][0-9]+)\].*Failed unmounting"; then + fail + fi + # grep only this boot's journal, earlier ones complain about missing "render" group + echo "checking for connection timeouts" + if journalctl -b | grep "Connection timed out"; then + fail + fi + + echo "checking that polkitd runs" + pidof polkitd + + echo "checking that there are no running jobs" + TIMEOUT=10 + while [ $TIMEOUT -ge 0 ]; do + running="$(systemctl --no-pager --no-legend list-jobs || true)" + [ -n "$running" ] || break + TIMEOUT=$((TIMEOUT - 1)) + done + if [ -n "$running" ]; then + echo "running jobs after remaining timeout $TIMEOUT: $running" + fail + fi +fi + +if [ "$AUTOPKGTEST_REBOOT_MARK" -ge 5 ]; then + exit 0 +fi + +echo "reboot #$AUTOPKGTEST_REBOOT_MARK" +/tmp/autopkgtest-reboot $(($AUTOPKGTEST_REBOOT_MARK + 1)) diff --git a/debian/tests/build-login b/debian/tests/build-login new file mode 100755 index 0000000..def83b1 --- /dev/null +++ b/debian/tests/build-login @@ -0,0 +1,38 @@ +#!/bin/sh +# autopkgtest check: Test build against libsystemd-login-dev +# (C) 2014 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +set -e + +WORKDIR=$(mktemp -d) +trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM +cd $WORKDIR +cat <<EOF > loginmonitor.c +#include <assert.h> +#include <stdio.h> +#include <systemd/sd-login.h> + +int main(int argc, char **argv) +{ + sd_login_monitor* mon = NULL; + int res; + + res = sd_login_monitor_new(NULL, &mon); + if (res < 0) { + fprintf(stderr, "sd_login_monitor_new failed with value %i\n", res); + return 1; + } + + assert(sd_login_monitor_get_fd(mon) > 0); + sd_login_monitor_unref(mon); + + return 0; +} +EOF + +gcc -Wall -Werror -o loginmonitor loginmonitor.c `pkg-config --cflags --libs libsystemd` +echo "build: OK" +[ -x loginmonitor ] +./loginmonitor +echo "run: OK" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..f7ea7cd --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,192 @@ +Tests: timedated, hostnamed, localed-locale, localed-x11-keymap +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, +Restrictions: needs-root, isolation-container + +Tests: logind +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, +Restrictions: needs-root, isolation-container + +Tests: unit-config +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, +Restrictions: needs-root, allow-stderr + +Tests: storage +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, + cryptsetup-bin, +Restrictions: needs-root, isolation-machine + +Tests: networkd-test.py +Tests-Directory: test +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, + cryptsetup-bin, + systemd-sysv, + policykit-1, + dnsmasq-base +Restrictions: needs-root, isolation-container, flaky + +Tests: build-login +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, + cryptsetup-bin, + systemd-sysv, + policykit-1, + dnsmasq-base, + build-essential, + libsystemd-dev, +Restrictions: isolation-container + +Tests: boot-and-services +Depends: systemd-sysv, + systemd-container, + systemd-coredump, + libpam-systemd, + xserver-xorg-video-dummy, + xserver-xorg, + gdm3 [!s390x], + cron, + network-manager, + busybox-static, + rsyslog, + apparmor, + pkg-config, + python3 +Restrictions: needs-root, isolation-container, breaks-testbed + +Tests: udev +Depends: systemd-tests, + python3, + tree, + perl, + xz-utils, +Restrictions: needs-root, allow-stderr, isolation-container + +Tests: root-unittests +Depends: systemd-tests, + libpam-systemd, + tree, + perl, + xz-utils, + libcap2-bin, + iproute2, + liblz4-tool, + acl, + iputils-ping, + dbus-user-session, +Restrictions: needs-root, allow-stderr, isolation-container + +Tests: upstream +Depends: libsystemd-dev, + tree, + perl, + xz-utils, + libcap2-bin, + iproute2, + liblz4-tool, + acl, + kbd, + cryptsetup-bin, + net-tools, + isc-dhcp-client, + iputils-ping, + strace, + qemu-system-x86 [amd64 i386], + qemu-system-arm [arm64 armhf], + qemu-system-s390x [s390x], + less, + pkg-config, + gcc, + libc6-dev | libc-dev, + make, + quota, + systemd-journal-remote, + systemd-container, + systemd-coredump, + fdisk | util-linux (<< 2.29.2-3~), + netcat-openbsd, + socat, + busybox-static, + plymouth, + e2fsprogs, +Restrictions: needs-root, allow-stderr, isolation-machine + +Tests: boot-smoke +Depends: libsystemd-dev, + tree, + perl, + xz-utils, + libcap2-bin, + iproute2, + liblz4-tool, + acl, + kbd, + cryptsetup-bin, + net-tools, + isc-dhcp-client, + iputils-ping, + strace, + qemu-system-x86 [amd64 i386], + qemu-system-arm [arm64 armhf], + qemu-system-s390x [s390x], + less, + pkg-config, + gcc, + libc6-dev | libc-dev, + make, + quota, + systemd-journal-remote, + systemd-container, + systemd-coredump, + systemd-sysv, + fdisk | util-linux (<< 2.29.2-3~), + netcat-openbsd, + busybox-static, + plymouth, + network-manager, + policykit-1, + gdm3 [!s390x], + xserver-xorg-video-dummy, +Restrictions: needs-root, isolation-container, allow-stderr, breaks-testbed + +# NOUPSTREAM: Do not run these tests for upstream builds + +Tests: systemd-fsckd +Depends: systemd-sysv, + python3, + plymouth +Restrictions: needs-root, isolation-machine, breaks-testbed diff --git a/debian/tests/fsck b/debian/tests/fsck new file mode 100755 index 0000000..77b50d7 --- /dev/null +++ b/debian/tests/fsck @@ -0,0 +1,27 @@ +#!/bin/bash +fd=0 + +OPTIND=1 +while getopts "C:aTlM" opt; do + case "$opt" in + C) + fd=$OPTARG + ;; + \?);; + esac +done + +shift "$((OPTIND-1))" +device=$1 + +echo "Running fake fsck on $device" + +declare -a maxpass=(30 5 2 30 60) + +for pass in {1..5}; do + maxprogress=${maxpass[$((pass-1))]} + for (( current=0; current<=${maxprogress}; current++)); do + echo "$pass $current $maxprogress $device">&$fd + sleep 0.1 + done +done diff --git a/debian/tests/hostnamed b/debian/tests/hostnamed new file mode 100755 index 0000000..1b22869 --- /dev/null +++ b/debian/tests/hostnamed @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +ORIG_HOST=`cat /etc/hostname` +echo "original hostname: $ORIG_HOST" + +# should activate daemon and work +STATUS="`hostnamectl`" +assert_in "Static hostname: $ORIG_HOST" "$STATUS" +assert_in "Kernel:.* `uname -r`" "$STATUS" + +# change hostname +assert_eq "`hostnamectl set-hostname testhost 2>&1`" "" +assert_eq "`cat /etc/hostname`" "testhost" +assert_in "Static hostname: testhost" "`hostnamectl`" + +# reset to original +assert_eq "`hostnamectl set-hostname $ORIG_HOST 2>&1`" "" +assert_eq "`cat /etc/hostname`" "$ORIG_HOST" +assert_in "Static hostname: $ORIG_HOST" "`hostnamectl`" diff --git a/debian/tests/lidswitch.evemu b/debian/tests/lidswitch.evemu new file mode 100644 index 0000000..de1d590 --- /dev/null +++ b/debian/tests/lidswitch.evemu @@ -0,0 +1,34 @@ +# EVEMU 1.2 +# Input device name: "Lid Switch" +# Input device ID: bus 0x19 vendor 0000 product 0x05 version 0000 +# Supported events: +# Event type 0 (EV_SYN) +# Event code 0 (SYN_REPORT) +# Event code 5 (FF_STATUS_MAX) +# Event type 5 (EV_SW) +# Event code 0 (SW_LID) +# Properties: +N: Fake Lid Switch +I: 0019 0000 0005 0000 +P: 00 00 00 00 00 00 00 00 +B: 00 21 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 02 00 00 00 00 00 00 00 00 +B: 03 00 00 00 00 00 00 00 00 +B: 04 00 00 00 00 00 00 00 00 +B: 05 01 00 00 00 00 00 00 00 +B: 11 00 00 00 00 00 00 00 00 +B: 12 00 00 00 00 00 00 00 00 +B: 15 00 00 00 00 00 00 00 00 +B: 15 00 00 00 00 00 00 00 00 diff --git a/debian/tests/localed-locale b/debian/tests/localed-locale new file mode 100755 index 0000000..468258d --- /dev/null +++ b/debian/tests/localed-locale @@ -0,0 +1,42 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +if [ -n "$TEST_UPSTREAM" ]; then + LOCALE_CONF=/etc/locale.conf +else + LOCALE_CONF=/etc/default/locale +fi + +if ! ORIG_LOC=`grep -v '^#' $LOCALE_CONF 2>/dev/null`; then + # set up for a minimal unconfigured system + if [ -e /etc/locale.gen ]; then + echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen + fi + locale-gen en_US.UTF-8 + ORIG_LOC='LANG="en_US.UTF-8"' + echo "$ORIG_LOC" > $LOCALE_CONF +fi + +if ! [ -e /etc/default/keyboard ]; then + /bin/echo -e 'XKBMODEL=us\nXKBLAYOUT=pc105' > /etc/default/keyboard +fi + +# should activate daemon and work +assert_in "System Locale:" "`localectl --no-pager`" + +# change locale +assert_eq "`localectl --no-pager set-locale LANG=C LC_CTYPE=en_US.UTF-8 2>&1`" "" +sync +assert_eq "`cat $LOCALE_CONF`" "LANG=C +LC_CTYPE=en_US.UTF-8" + +! [ -f /etc/locale.conf ] + +STATUS=`localectl` +assert_in "System Locale: LANG=C" "$STATUS" +assert_in "LC_CTYPE=en_US.UTF-8" "$STATUS" + +# reset locale to original +echo "$ORIG_LOC" > $LOCALE_CONF diff --git a/debian/tests/localed-x11-keymap b/debian/tests/localed-x11-keymap new file mode 100755 index 0000000..34f4808 --- /dev/null +++ b/debian/tests/localed-x11-keymap @@ -0,0 +1,52 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +if [ -f /etc/default/keyboard ]; then + ORIG_KBD=`cat /etc/default/keyboard` +else + ORIG_KBD="" +fi + +cleanup() { + # reset locale to original + if [ -n "ORIG_KBD" ]; then + echo "$ORIG_KBD" > /etc/default/keyboard + else + rm -f /etc/default/keyboard + fi + rm -f /etc/X11/xorg.conf.d/00-keyboard.conf +} +trap cleanup EXIT INT QUIT PIPE + +# should activate daemon and work +STATUS=`localectl` +assert_in "X11 Layout:" "`localectl --no-pager`" + +# change layout +assert_eq "`localectl --no-pager set-x11-keymap et pc101 2>&1`" "" +sync + +if [ -n "$TEST_UPSTREAM" ]; then + # Upstream writes xorg.conf.d file + assert_in 'Option "XkbLayout" "et' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`" + assert_in 'Option "XkbModel" "pc101"' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`" +else + # Debian console-setup config file + assert_in 'XKBLAYOUT="\?et"\?' "`cat /etc/default/keyboard`" + assert_in 'XKBMODEL="\?pc101"\?' "`cat /etc/default/keyboard`" + + ! [ -f /etc/X11/xorg.conf.d/00-keyboard.conf ] +fi + +STATUS=`localectl --no-pager` +assert_in "X11 Layout: et" "$STATUS" +assert_in "X11 Model: pc101" "$STATUS" + +# gets along without config file +if [ -z "$TEST_UPSTREAM" ]; then + rm /etc/default/keyboard + systemctl stop systemd-localed + assert_in "X11 Layout: n/a" "`localectl --no-pager`" +fi diff --git a/debian/tests/logind b/debian/tests/logind new file mode 100755 index 0000000..07a658b --- /dev/null +++ b/debian/tests/logind @@ -0,0 +1,204 @@ +#!/bin/sh +set -e + +test_started() { + # ensure the *old* logind from before the upgrade isn't running + echo " * try-restarting systemd-logind" + systemctl try-restart systemd-logind + + echo " * daemon is started" + # should start at boot, not with D-BUS activation + LOGINDPID=$(pidof systemd-logind) + + # loginctl should succeed + echo " * loginctl succeeds" + LOGINCTL_OUT=`loginctl` +} + +test_properties() { + # Default KillUserProcesses should be off for debian/ubuntu builds + r=$(busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager KillUserProcesses) + [ "$r" = "b false" ] +} + +# args: <timeout> +wait_suspend() { + timeout=$1 + while [ $timeout -gt 0 ] && [ ! -e /run/suspend.flag ]; do + sleep 1 + timeout=$((timeout - 1)) + [ $(($timeout % 5)) -ne 0 ] || echo " waiting for suspend, ${timeout}s remaining..." + done + if [ ! -e /run/suspend.flag ]; then + echo "closing lid did not cause suspend" >&2 + exit 1 + fi + rm /run/suspend.flag + echo " * closing lid caused suspend" +} + +test_suspend_on_lid() { + if systemd-detect-virt --quiet --container; then + echo " * Skipping suspend test in container" + return + fi + if ! grep -q mem /sys/power/state; then + echo " * suspend not supported on this testbed, skipping" + return + fi + + # cleanup handler + trap 'rm -f /run/udev/rules.d/70-logindtest-*.rules; udevadm control --reload; + kill $KILL_PID; + rm /run/systemd/system/systemd-suspend.service; + if [ -d /sys/module/scsi_debug ]; then rmmod scsi_debug 2>/dev/null || (sleep 2; rmmod scsi_debug ) || true; fi' \ + EXIT INT QUIT TERM PIPE + + # watch what's going on + journalctl -f -u systemd-logind.service & + KILL_PID="$KILL_PID $!" + + # create fake suspend + UNIT=$(systemctl show -pFragmentPath --value systemd-suspend.service) + sed '/^ExecStart=/ s_=.*$_=/bin/touch /run/suspend.flag_' $UNIT > /run/systemd/system/systemd-suspend.service + sync + systemctl daemon-reload + + # create fake lid switch + mkdir -p /run/udev/rules.d + echo 'SUBSYSTEM=="input", KERNEL=="event*", ATTRS{name}=="Fake Lid Switch", TAG+="power-switch"' \ + > /run/udev/rules.d/70-logindtest-lid.rules + sync + udevadm control --reload + evemu-device $(dirname $0)/lidswitch.evemu & + KILL_PID="$KILL_PID $!" + while [ -z "$O" ]; do + sleep 0.1 + O=$(grep -l '^Fake Lid Switch' /sys/class/input/*/device/name) + done + O=${O%/device/name} + LID_DEV=/dev/${O#/sys/class/} + + # close lid + evemu-event $LID_DEV --sync --type 5 --code 0 --value 1 + # need to wait for 30s suspend inhibition after boot + wait_suspend 31 + # open lid again + evemu-event $LID_DEV --sync --type 5 --code 0 --value 0 + + echo " * waiting for 30s inhibition time between suspends" + sleep 30 + + # now closing lid should cause instant suspend + evemu-event $LID_DEV --sync --type 5 --code 0 --value 1 + wait_suspend 2 + evemu-event $LID_DEV --sync --type 5 --code 0 --value 0 + + P=$(pidof systemd-logind) + [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; } +} + +test_shutdown() { + echo " * scheduled shutdown with wall message" + shutdown 2>&1 + sleep 5 + shutdown -c || true + # logind should still be running + P=$(pidof systemd-logind) + [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; } + + echo " * scheduled shutdown without wall message" + shutdown --no-wall 2>&1 + sleep 5 + shutdown -c --no-wall || true + P=$(pidof systemd-logind) + [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; } +} + +test_in_logind_session() { + echo " * XDG_SESSION_ID=$XDG_SESSION_ID" + # cgroup v1: "1:name=systemd:/user.slice/..."; unified hierarchy: "0::/user.slice" + if grep -E '(name=systemd|^0:):.*session.*scope' /proc/self/cgroup; then + echo " * process is in session cgroup" + else + echo "FAIL: process is not in session cgroup" + echo "/proc/self/cgroup:" + cat /proc/self/cgroup + loginctl + loginctl show-session "$XDG_SESSION_ID" + exit 1 + fi +} + +test_acl() { + # ACL tests + if ! echo "$LOGINCTL_OUT" | grep -q "seat0"; then + echo " * Skipping ACL tests, as there is no seat" + return + fi + if systemd-detect-virt --quiet --container; then + echo " * Skipping ACL tests in container" + return + fi + + # determine user + USER=`echo "$OUT" | grep seat0 | awk '{print $3}'` + echo "seat user: $USER" + + # scsi_debug should not be loaded yet + ! test -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block + + # we use scsi_debug to create new devices which we can put ACLs on + # tell udev about the tagging, so that logind can pick it up + cat <<EOF > /run/udev/rules.d/70-logindtest-scsi_debug-user.rules +SUBSYSTEM=="block", ATTRS{model}=="scsi_debug*", TAG+="uaccess" +EOF + sync + udevadm control --reload + + echo " * coldplug: logind started with existing device" + killall systemd-logind + modprobe scsi_debug + while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block 2>/dev/null`; do sleep 0.1; done + test -b $dev + echo "got block device $dev" + udevadm settle + # trigger logind + loginctl > /dev/null + sleep 1 + if getfacl -p $dev | grep -q "user:$USER:rw-"; then + echo "$dev has ACL for user $USER" + else + echo "$dev has no ACL for user $USER:" >&2 + getfacl -p $dev >&2 + exit 1 + fi + + rmmod scsi_debug + + echo " * hotplug: new device appears while logind is running" + modprobe scsi_debug + while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block`; do sleep 0.1; done + test -b $dev + echo "got block device $dev" + udevadm settle + sleep 1 + if getfacl -p $dev | grep -q "user:$USER:rw-"; then + echo "$dev has ACL for user $USER" + else + echo "$dev has no ACL for user $USER:" >&2 + getfacl -p $dev >&2 + exit 1 + fi +} + +# +# main +# + +test_started +test_properties +test_in_logind_session +test_suspend_on_lid +test_shutdown +test_acl diff --git a/debian/tests/process-killer b/debian/tests/process-killer new file mode 100755 index 0000000..6ca10b8 --- /dev/null +++ b/debian/tests/process-killer @@ -0,0 +1,9 @@ +#!/bin/sh +# loop until we can kill the process given in arg + +while : +do + /usr/bin/pkill -x $* + [ $? -eq 0 ] && break + sleep 1 +done diff --git a/debian/tests/root-unittests b/debian/tests/root-unittests new file mode 100644 index 0000000..96416e2 --- /dev/null +++ b/debian/tests/root-unittests @@ -0,0 +1,26 @@ +#!/bin/sh +set -eu + +EXFAIL="" + +res=0 +for t in /usr/lib/systemd/tests/test-*; do + tname=$(basename $t) + # test-udev needs special prep and has its own test + [ "$tname" != test-udev ] || continue + echo "====== $tname =======" + # exit code 77 means "skip" + rc=0 + $t || rc=$? + if [ "$rc" = 0 ]; then + echo "PASS: $tname" + elif [ "$rc" = 77 ]; then + echo "SKIP: $tname" + elif [ "${EXFAIL%$tname*}" != "$EXFAIL" ]; then + echo "EXFAIL: $tname" + else + echo "FAIL: $tname (code: $rc)" + res=$rc + fi +done +exit $res diff --git a/debian/tests/storage b/debian/tests/storage new file mode 100755 index 0000000..a8403e0 --- /dev/null +++ b/debian/tests/storage @@ -0,0 +1,248 @@ +#!/usr/bin/env python3 +# systemd integration test: Handling of storage devices +# (C) 2015 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +import os +import sys +import unittest +import subprocess +import time +import random +from glob import glob + + +@unittest.skipIf(os.path.isdir('/sys/module/scsi_debug'), + 'The scsi_debug module is already loaded') +class FakeDriveTestBase(unittest.TestCase): + @classmethod + def setUpClass(klass): + # create a fake SCSI hard drive + subprocess.check_call(['modprobe', 'scsi_debug', 'dev_size_mb=32']) + # wait until drive got created + sys_dirs = [] + while not sys_dirs: + sys_dirs = glob('/sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block') + time.sleep(0.1) + assert len(sys_dirs) == 1 + devs = os.listdir(sys_dirs[0]) + assert len(devs) == 1 + klass.device = '/dev/' + devs[0] + + @classmethod + def tearDownClass(klass): + # create a fake SCSI hard drive + subprocess.check_call(['rmmod', 'scsi_debug']) + + def tearDown(self): + # clear drive + with open(self.device, 'wb') as f: + block = b'0' * 1048576 + try: + while True: + f.write(block) + except OSError: + pass + subprocess.check_call(['udevadm', 'settle']) + subprocess.check_call(['systemctl', 'daemon-reload']) + + +class CryptsetupTest(FakeDriveTestBase): + def setUp(self): + self.plaintext_name = 'testcrypt1' + self.plaintext_dev = '/dev/mapper/' + self.plaintext_name + if os.path.exists(self.plaintext_dev): + self.fail('%s exists already' % self.plaintext_dev) + + super().setUp() + + if os.path.exists('/etc/crypttab'): + os.rename('/etc/crypttab', '/etc/crypttab.systemdtest') + self.password = 'pwd%i' % random.randint(1000, 10000) + self.password_agent = None + + def tearDown(self): + if self.password_agent: + os.kill(self.password_agent, 9) + os.waitpid(self.password_agent, 0) + self.password_agent = None + subprocess.call(['umount', self.plaintext_dev], stderr=subprocess.DEVNULL) + subprocess.call(['systemctl', 'start', '--no-ask-password', 'systemd-cryptsetup@%s.service' % self.plaintext_name], + stderr=subprocess.STDOUT) + subprocess.call(['systemctl', 'stop', 'systemd-cryptsetup@%s.service' % self.plaintext_name], + stderr=subprocess.STDOUT) + if os.path.exists('/etc/crypttab'): + os.unlink('/etc/crypttab') + if os.path.exists('/etc/crypttab.systemdtest'): + os.rename('/etc/crypttab.systemdtest', '/etc/crypttab') + if os.path.exists(self.plaintext_dev): + subprocess.call(['dmsetup', 'remove', self.plaintext_dev], + stderr=subprocess.STDOUT) + + super().tearDown() + + def format_luks(self): + '''Format test device with LUKS''' + + p = subprocess.Popen(['cryptsetup', '--batch-mode', 'luksFormat', self.device, '-'], + stdin=subprocess.PIPE) + p.communicate(self.password.encode()) + self.assertEqual(p.returncode, 0) + os.sync() + subprocess.check_call(['udevadm', 'settle']) + + def start_password_agent(self): + '''Run password agent to answer passphrase request for crypt device''' + + pid = os.fork() + if pid > 0: + self.password_agent = pid + return + + # wait for incoming request + found = False + while not found: + for ask in glob('/run/systemd/ask-password/ask.*'): + with open(ask) as f: + contents = f.read() + if 'disk scsi_debug' in contents and self.plaintext_name in contents: + found = True + break + if not found: + time.sleep(0.5) + + # parse Socket= + for line in contents.splitlines(): + if line.startswith('Socket='): + socket = line.split('=', 1)[1] + break + + # send reply + p = subprocess.Popen(['/lib/systemd/systemd-reply-password', '1', socket], + stdin=subprocess.PIPE) + p.communicate(self.password.encode()) + assert p.returncode == 0 + + os._exit(0) + + def apply(self, target): + '''Tell systemd to generate and run the cryptsetup units''' + + subprocess.check_call(['systemctl', 'daemon-reload']) + + self.start_password_agent() + subprocess.check_call(['systemctl', '--no-ask-password', 'restart', target]) + for timeout in range(50): + if os.path.exists(self.plaintext_dev): + break + time.sleep(0.1) + else: + self.fail('timed out for %s to appear' % self.plaintext_dev) + + def test_luks_by_devname(self): + '''LUKS device by plain device name, empty''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks\n' % (self.plaintext_name, self.device)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should not have anything on it + p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE) + out = p.communicate()[0] + self.assertEqual(out, b'') + self.assertNotEqual(p.returncode, 0) + + def test_luks_by_uuid(self): + '''LUKS device by UUID, empty''' + + self.format_luks() + uuid = subprocess.check_output(['blkid', '-ovalue', '-sUUID', self.device], + universal_newlines=True).strip() + with open('/etc/crypttab', 'w') as f: + f.write('%s UUID=%s none luks\n' % (self.plaintext_name, uuid)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should not have anything on it + p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE) + out = p.communicate()[0] + self.assertEqual(out, b'') + self.assertNotEqual(p.returncode, 0) + + def test_luks_swap(self): + '''LUKS device with "swap" option''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks,swap\n' % (self.plaintext_name, self.device)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should be formatted with swap + out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev]) + self.assertEqual(out, b'swap\n') + + def test_luks_tmp(self): + '''LUKS device with "tmp" option''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should be formatted with ext2 + out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev]) + self.assertEqual(out, b'ext2\n') + + def test_luks_fstab(self): + '''LUKS device in /etc/fstab''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device)) + + mountpoint = '/run/crypt1.systemdtest' + os.mkdir(mountpoint) + self.addCleanup(os.rmdir, mountpoint) + os.rename('/etc/fstab', '/etc/fstab.systemdtest') + self.addCleanup(os.rename, '/etc/fstab.systemdtest', '/etc/fstab') + with open('/etc/fstab', 'a') as f: + with open('/etc/fstab.systemdtest') as forig: + f.write(forig.read()) + f.write('%s %s ext2 defaults 0 0\n' % (self.plaintext_dev, mountpoint)) + + # this should now be a requirement of local-fs.target + self.apply('local-fs.target') + + # should be mounted + found = False + with open('/proc/mounts') as f: + for line in f: + fields = line.split() + if fields[0] == self.plaintext_dev: + self.assertEqual(fields[1], mountpoint) + self.assertEqual(fields[2], 'ext2') + found = True + break + if not found: + self.fail('%s is not mounted' % self.plaintext_dev) + + +if __name__ == '__main__': + unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, + verbosity=2)) diff --git a/debian/tests/systemd-fsckd b/debian/tests/systemd-fsckd new file mode 100755 index 0000000..09d68f5 --- /dev/null +++ b/debian/tests/systemd-fsckd @@ -0,0 +1,297 @@ +#!/usr/bin/python3 +# autopkgtest check: Ensure that systemd-fsckd can report progress and cancel +# (C) 2015 Canonical Ltd. +# Author: Didier Roche <didrocks@ubuntu.com> + +from contextlib import suppress +import inspect +import fileinput +import os +import subprocess +import shutil +import stat +import sys +import unittest +from time import sleep, time + +GRUB_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/50-cloudimg-settings.cfg" +TEST_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/99-fsckdtest.cfg" + +SYSTEMD_ETC_SYSTEM_UNIT_DIR = "/etc/systemd/system/" +SYSTEMD_PROCESS_KILLER_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, "process-killer.service") + +SYSTEMD_FSCK_ROOT_PATH = "/lib/systemd/system/systemd-fsck-root.service" +SYSTEMD_FSCK_ROOT_ENABLE_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, 'local-fs.target.wants/systemd-fsck-root.service') + +SYSTEM_FSCK_PATH = '/sbin/fsck' +PROCESS_KILLER_PATH = '/sbin/process-killer' +SAVED_FSCK_PATH = "{}.real".format(SYSTEM_FSCK_PATH) + +FSCKD_TIMEOUT = 30 + + +class FsckdTest(unittest.TestCase): + '''Check that we run, report and can cancel fsck''' + + def __init__(self, test_name, after_reboot, return_code): + super().__init__(test_name) + self._test_name = test_name + self._after_reboot = after_reboot + self._return_code = return_code + + def setUp(self): + super().setUp() + # ensure we have our root fsck enabled by default (it detects it runs in a vm and doesn't pull the target) + # note that it can already exists in case of a reboot (as there was no tearDown as we wanted) + os.makedirs(os.path.dirname(SYSTEMD_FSCK_ROOT_ENABLE_PATH), exist_ok=True) + with suppress(FileExistsError): + os.symlink(SYSTEMD_FSCK_ROOT_PATH, SYSTEMD_FSCK_ROOT_ENABLE_PATH) + enable_plymouth() + + # note that the saved real fsck can still exists in case of a reboot (as there was no tearDown as we wanted) + if not os.path.isfile(SAVED_FSCK_PATH): + os.rename(SYSTEM_FSCK_PATH, SAVED_FSCK_PATH) + + # install mock fsck and killer + self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'fsck'), + SYSTEM_FSCK_PATH) + self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'process-killer'), + PROCESS_KILLER_PATH) + + self.files_to_clean = [SYSTEMD_FSCK_ROOT_ENABLE_PATH, SYSTEM_FSCK_PATH, SYSTEMD_PROCESS_KILLER_PATH, PROCESS_KILLER_PATH] + + def tearDown(self): + # tearDown is only called once the test really ended (not while rebooting during tests) + for f in self.files_to_clean: + with suppress(FileNotFoundError): + os.remove(f) + os.rename(SAVED_FSCK_PATH, SYSTEM_FSCK_PATH) + super().tearDown() + + def test_fsckd_run(self): + '''Ensure we can reboot after a fsck was processed''' + if not self._after_reboot: + self.reboot() + else: + self.assertFsckdStop() + self.assertFsckProceeded() + self.assertSystemRunning() + + def test_fsckd_run_without_plymouth(self): + '''Ensure we can reboot without plymouth after a fsck was processed''' + if not self._after_reboot: + enable_plymouth(enable=False) + self.reboot() + else: + self.assertFsckdStop() + self.assertFsckProceeded(with_plymouth=False) + self.assertSystemRunning() + + def test_fsck_with_failure(self): + '''Ensure that a failing fsck doesn't prevent fsckd to stop''' + if not self._after_reboot: + self.install_process_killer_unit('fsck') + self.reboot() + else: + self.assertFsckdStop() + self.assertWasRunning('process-killer') + self.assertFalse(self.is_failed_unit('process-killer')) + self.assertFsckProceeded() + self.assertSystemRunning() + + def test_systemd_fsck_with_failure(self): + '''Ensure that a failing systemd-fsck doesn't prevent fsckd to stop''' + if not self._after_reboot: + self.install_process_killer_unit('systemd-fsck', kill=True) + self.reboot() + else: + self.assertFsckdStop() + self.assertProcessKilled() + self.assertTrue(self.is_failed_unit('systemd-fsck-root')) + self.assertWasRunning('systemd-fsckd') + self.assertWasRunning('plymouth-start') + self.assertSystemRunning() + + def test_systemd_fsckd_with_failure(self): + '''Ensure that a failing systemd-fsckd doesn't prevent system to boot''' + if not self._after_reboot: + self.install_process_killer_unit('systemd-fsckd', kill=True) + self.reboot() + else: + self.assertFsckdStop() + self.assertProcessKilled() + self.assertFalse(self.is_failed_unit('systemd-fsck-root')) + self.assertTrue(self.is_failed_unit('systemd-fsckd')) + self.assertWasRunning('plymouth-start') + self.assertSystemRunning() + + def test_systemd_fsck_with_plymouth_failure(self): + '''Ensure that a failing plymouth doesn't prevent fsckd to reconnect/exit''' + if not self._after_reboot: + self.install_process_killer_unit('plymouthd', kill=True) + self.reboot() + else: + self.assertFsckdStop() + self.assertWasRunning('process-killer') + self.assertFsckProceeded() + self.assertFalse(self.is_active_unit('plymouth-start')) + self.assertSystemRunning() + + def install_bin(self, source, dest): + '''install mock fsck''' + shutil.copy2(source, dest) + st = os.stat(dest) + os.chmod(dest, st.st_mode | stat.S_IEXEC) + + def is_active_unit(self, unit): + '''Check that given unit is active''' + + return subprocess.call(['systemctl', 'status', unit], + stdout=subprocess.PIPE) == 0 + + def is_failed_unit(self, unit): + '''Check that given unit failed''' + + p = subprocess.Popen(['systemctl', 'is-active', unit], stdout=subprocess.PIPE) + out, err = p.communicate() + if b'failed' in out: + return True + return False + + def assertWasRunning(self, unit, expect_running=True): + '''Assert that a given unit has been running''' + p = subprocess.Popen(['systemctl', 'status', '--no-pager', unit], + stdout=subprocess.PIPE, universal_newlines=True) + out = p.communicate()[0].strip() + if expect_running: + self.assertRegex(out, 'Active:.*since') + else: + self.assertNotRegex(out, 'Active:.*since') + self.assertIn(p.returncode, (0, 3)) + + def assertFsckdStop(self): + '''Ensure systemd-fsckd stops, which indicates no more fsck activity''' + timeout = time() + FSCKD_TIMEOUT + while time() < timeout: + if not self.is_active_unit('systemd-fsckd'): + return + sleep(1) + raise Exception("systemd-fsckd still active after {}s".format(FSCKD_TIMEOUT)) + + def assertFsckProceeded(self, with_plymouth=True): + '''Assert we executed most of the fsck-related services successfully''' + self.assertWasRunning('systemd-fsckd') + self.assertFalse(self.is_failed_unit('systemd-fsckd')) + self.assertTrue(self.is_active_unit('systemd-fsck-root')) # remains active after exit + if with_plymouth: + self.assertWasRunning('plymouth-start') + else: + self.assertWasRunning('plymouth-start', expect_running=False) + + def assertSystemRunning(self): + '''Assert that the system is running''' + + self.assertTrue(self.is_active_unit('default.target')) + + def assertProcessKilled(self): + '''Assert the targeted process was killed successfully''' + self.assertWasRunning('process-killer') + self.assertFalse(self.is_failed_unit('process-killer')) + + def reboot(self): + '''Reboot the system with the current test marker''' + subprocess.check_call(['/tmp/autopkgtest-reboot', "{}:{}".format(self._test_name, self._return_code)]) + + def install_process_killer_unit(self, process_name, kill=False): + '''Create a systemd unit which will kill process_name''' + with open(SYSTEMD_PROCESS_KILLER_PATH, 'w') as f: + f.write('''[Unit] +DefaultDependencies=no + +[Service] +Type=simple +ExecStart=/usr/bin/timeout 10 {} {} + +[Install] +WantedBy=systemd-fsck-root.service'''.format(PROCESS_KILLER_PATH, + '--signal SIGKILL {}'.format(process_name) if kill else process_name)) + subprocess.check_call(['systemctl', 'daemon-reload']) + subprocess.check_call(['systemctl', 'enable', 'process-killer'], stderr=subprocess.DEVNULL) + + +def enable_plymouth(enable=True): + '''ensure plymouth is enabled in grub config (doesn't reboot)''' + plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read() + if enable and not plymouth_enabled: + if os.path.exists(GRUB_AUTOPKGTEST_CONFIG_PATH): + shutil.copy2(GRUB_AUTOPKGTEST_CONFIG_PATH, TEST_AUTOPKGTEST_CONFIG_PATH) + for line in fileinput.input([TEST_AUTOPKGTEST_CONFIG_PATH], inplace=True): + if line.startswith("GRUB_CMDLINE_LINUX_DEFAULT"): + print(line[:line.rfind('"')] + ' splash quiet"\n') + else: + os.makedirs(os.path.dirname(TEST_AUTOPKGTEST_CONFIG_PATH), exist_ok=True) + with open(TEST_AUTOPKGTEST_CONFIG_PATH, 'w') as f: + f.write('GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 splash quiet"\n') + elif not enable and plymouth_enabled: + with suppress(FileNotFoundError): + os.remove(TEST_AUTOPKGTEST_CONFIG_PATH) + subprocess.check_call(['update-grub'], stderr=subprocess.DEVNULL) + + +def boot_with_systemd_distro(): + '''Reboot with systemd as init and distro setup for grub''' + enable_plymouth() + subprocess.check_call(['/tmp/autopkgtest-reboot', 'systemd-started']) + + +def getAllTests(unitTestClass): + '''get all test names in predictable sorted order from unitTestClass''' + return sorted([test[0] for test in inspect.getmembers(unitTestClass, predicate=inspect.isfunction) + if test[0].startswith('test_')]) + + +# AUTOPKGTEST_REBOOT_MARK contains the test name to pursue after reboot +# (to check results and states after reboot, mostly). +# we append the previous global return code (0 or 1) to it. +# Example: AUTOPKGTEST_REBOOT_MARK=test_foo:0 +if __name__ == '__main__': + if os.path.exists('/run/initramfs/fsck-root'): + print('SKIP: root file system is being checked by initramfs already') + sys.exit(0) + + all_tests = getAllTests(FsckdTest) + reboot_marker = os.getenv('AUTOPKGTEST_REBOOT_MARK') + + current_test_after_reboot = "" + if not reboot_marker: + boot_with_systemd_distro() + + # first test + if reboot_marker == "systemd-started": + current_test = all_tests[0] + return_code = 0 + else: + (current_test_after_reboot, return_code) = reboot_marker.split(':') + current_test = current_test_after_reboot + return_code = int(return_code) + + # loop on remaining tests to run + try: + remaining_tests = all_tests[all_tests.index(current_test):] + except ValueError: + print("Invalid value for AUTOPKGTEST_REBOOT_MARK, {} is not a valid test name".format(reboot_marker)) + sys.exit(2) + + # run all remaining tests + for test_name in remaining_tests: + after_reboot = False + # if this tests needed a reboot (and it has been performed), executes second part of it + if test_name == current_test_after_reboot: + after_reboot = True + suite = unittest.TestSuite() + suite.addTest(FsckdTest(test_name, after_reboot, return_code)) + result = unittest.TextTestRunner(stream=sys.stdout, verbosity=2).run(suite) + if len(result.failures) != 0 or len(result.errors) != 0: + return_code = 1 + + sys.exit(return_code) diff --git a/debian/tests/timedated b/debian/tests/timedated new file mode 100755 index 0000000..fe90e13 --- /dev/null +++ b/debian/tests/timedated @@ -0,0 +1,188 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +ORIG_TZ=`grep -v '^#' /etc/timezone` +echo "original tz: $ORIG_TZ" + +echo 'timedatectl works' +assert_in "Local time:" "`timedatectl --no-pager`" + +echo 'change timezone' +assert_eq "`timedatectl --no-pager set-timezone Europe/Moscow 2>&1`" "" +assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "Europe/Moscow" +[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "Europe/Moscow" +assert_in "Time.*zone: Europe/Moscow (MSK, +" "`timedatectl --no-pager`" + +echo 'reset timezone to original' +assert_eq "`timedatectl --no-pager set-timezone $ORIG_TZ 2>&1`" "" +assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "$ORIG_TZ" +[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "$ORIG_TZ" + +# test setting UTC vs. LOCAL in /etc/adjtime +if [ -e /etc/adjtime ]; then + ORIG_ADJTIME=`cat /etc/adjtime` + trap "echo '$ORIG_ADJTIME' > /etc/adjtime" EXIT INT QUIT PIPE +else + trap "rm -f /etc/adjtime" EXIT INT QUIT PIPE +fi + +echo 'no adjtime file' +rm -f /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' + +echo 'UTC set in adjtime file' +printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +UTC" +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'non-zero values in adjtime file' +printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_eq "`cat /etc/adjtime`" "0.1 123 0 +0 +UTC" +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.1 123 0 +0 +LOCAL" + +echo 'fourth line adjtime file' +printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +UTC +somethingelse" +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL +somethingelse" + +echo 'no final newline in adjtime file' +printf '0.0 0 0\n0\nUTC' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0\nUTC' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'only one line in adjtime file' +printf '0.0 0 0\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'only one line in adjtime file, no final newline' +printf '0.0 0 0' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'only two lines in adjtime file' +printf '0.0 0 0\n0\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0\n' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + + +echo 'only two lines in adjtime file, no final newline' +printf '0.0 0 0\n0' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'unknown value in 3rd line of adjtime file' +printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +# timesyncd has ConditionVirtualization=!container by default; drop/mock that for testing +if systemd-detect-virt --container --quiet; then + systemctl disable --quiet --now systemd-timesyncd + mkdir -p /run/systemd/system/systemd-timesyncd.service.d + printf '[Unit]\nConditionVirtualization=\n[Service]\nType=simple\nAmbientCapabilities=\nExecStart=\nExecStart=/bin/sleep infinity' > /run/systemd/system/systemd-timesyncd.service.d/container.conf + systemctl daemon-reload +fi + +mon=$(mktemp -t dbusmon.XXXXXX) +trap "rm -f $mon" EXIT INT QUIT PIPE + +assert_ntp() { + V=$(busctl get-property org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 NTP) + assert_eq "$V" "b $1" +} + +start_mon() { + dbus-monitor --system "type='signal', member='PropertiesChanged', path='/org/freedesktop/timedate1'" > $mon & + MONPID=$! +} + +wait_mon() { + for retry in $(seq 10); do + grep -q "$1" $mon && break + sleep 1 + done + assert_in "$2" "$(cat $mon)" + kill $MONPID + wait +} + +echo 'disable NTP' +timedatectl set-ntp false +while systemctl is-active --quiet systemd-timesyncd; do sleep 1; done +assert_ntp false +assert_rc 3 systemctl is-active --quiet systemd-timesyncd + +echo 'enable NTP' +start_mon +timedatectl set-ntp true +wait_mon "NTP" "boolean true" +assert_ntp true +while [ "$(systemctl is-active systemd-timesyncd)" = "activating" ]; do sleep 1; done +assert_rc 0 systemctl is-active --quiet systemd-timesyncd + +echo 're-disable NTP' +start_mon +timedatectl set-ntp false +wait_mon "NTP" "boolean false" +assert_ntp false +assert_rc 3 systemctl is-active --quiet systemd-timesyncd diff --git a/debian/tests/udev b/debian/tests/udev new file mode 100755 index 0000000..9ef5384 --- /dev/null +++ b/debian/tests/udev @@ -0,0 +1,13 @@ +#!/bin/sh +# autopkgtest check: Run upstream udev test script +# (C) 2016 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> +set -euC + +TEST_DIR=${ADTTMP:=$(mktemp -d)} +mkdir -p $TEST_DIR/test +test/sys-script.py $TEST_DIR/test +cp test/udev-test.pl $TEST_DIR +cp /usr/lib/systemd/tests/manual/test-udev $TEST_DIR +cd $TEST_DIR +./udev-test.pl diff --git a/debian/tests/unit-config b/debian/tests/unit-config new file mode 100755 index 0000000..1cfa4d4 --- /dev/null +++ b/debian/tests/unit-config @@ -0,0 +1,369 @@ +#!/usr/bin/python3 +# autopkgtest check: enable/disable/configure units +# (C) 2015 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +import unittest +import subprocess +import os +import sys +import tempfile +from glob import glob + +system_unit_dir = subprocess.check_output( + ['pkg-config', '--variable=systemdsystemunitdir', 'systemd'], + universal_newlines=True).strip() +systemd_sysv_install = os.path.join(os.path.dirname(system_unit_dir), + 'systemd-sysv-install') + + +class EnableTests(unittest.TestCase): + def tearDown(self): + # remove all traces from our test unit + f = glob(system_unit_dir + '/test_enable*.service') + f += glob(system_unit_dir + '/*/test_enable*.service') + f += glob('/etc/systemd/system/test_enable*.service') + f += glob('/etc/systemd/system/*/test_enable*.service') + f += glob('/etc/init.d/test_enable*') + f += glob('/etc/rc?.d/???test_enable*') + [os.unlink(i) for i in f] + subprocess.check_call(['systemctl', 'daemon-reload']) + + def create_unit(self, suffix='', enable=False): + '''Create a test unit''' + + unit = os.path.join(system_unit_dir, + 'test_enable%s.service' % suffix) + with open(unit, 'w') as f: + f.write('''[Unit] +Description=Testsuite unit %s +[Service] +ExecStart=/bin/echo hello +[Install] +WantedBy=multi-user.target +''' % suffix) + + if enable: + os.symlink(unit, '/etc/systemd/system/multi-user.target.wants/' + + os.path.basename(unit)) + + return unit + + def create_sysv(self, suffix='', enable=False): + '''Create a test SysV script''' + + script = '/etc/init.d/test_enable%s' % suffix + with open(script, 'w') as f: + f.write('''/bin/sh +### BEGIN INIT INFO +# Provides: test_enable%s +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Testsuite script%s +### END INIT INFO + +echo hello +''' % (suffix, suffix)) + os.chmod(script, 0o755) + + if enable: + subprocess.check_call( + [systemd_sysv_install, 'enable', os.path.basename(script)]) + + def assertEnabled(self, enabled, unit='test_enable.service'): + '''assert that given unit has expected state''' + + systemctl = subprocess.Popen(['systemctl', 'is-enabled', unit], + stdout=subprocess.PIPE, + universal_newlines=True) + out = systemctl.communicate()[0].strip() + if enabled: + self.assertEqual(systemctl.returncode, 0) + self.assertEqual(out, 'enabled') + else: + self.assertEqual(systemctl.returncode, 1) + self.assertEqual(out, 'disabled') + + def test_unit_enable(self): + '''no sysv: enable unit''' + + self.create_unit() + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # enable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable.service']) + self.assertEnabled(True) + + def test_unit_disable(self): + '''no sysv: disable unit''' + + self.create_unit(enable=True) + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # disable should be idempotent + subprocess.check_call(['systemctl', 'disable', 'test_enable.service']) + self.assertEnabled(False) + + def test_unit_sysv_enable(self): + '''with sysv: enable unit''' + + self.create_unit() + self.create_sysv() + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # enabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l)) + self.assertEqual(os.readlink(l[0]), '../init.d/test_enable') + + # enable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable.service']) + self.assertEnabled(True) + + def test_unit_sysv_disable(self): + '''with sysv: disable unit''' + + self.create_unit(enable=True) + self.create_sysv(enable=True) + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # disabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(l, []) + + # disable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable.service']) + self.assertEnabled(True) + + def test_unit_alias_enable(self): + '''no sysv: enable unit with an alias''' + + u = self.create_unit() + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + + self.assertEnabled(False) + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + self.assertEnabled(True) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + def test_unit_alias_disable(self): + '''no sysv: disable unit with an alias''' + + u = self.create_unit() + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + os.symlink(system_unit_dir + '/test_enable.service', + '/etc/systemd/system/test_enablea.service') + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + self.assertEnabled(False) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertFalse(os.path.islink(l)) + + def test_unit_sysv_alias_enable(self): + '''with sysv: enable unit with an alias''' + + u = self.create_unit() + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + self.create_sysv() + + self.assertEnabled(False) + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # enabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l)) + self.assertEqual(os.readlink(l[0]), '../init.d/test_enable') + + self.assertEnabled(True) + + def test_unit_sysv_alias_disable(self): + '''with sysv: disable unit with an alias''' + + u = self.create_unit(enable=True) + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + os.symlink(system_unit_dir + '/test_enable.service', + '/etc/systemd/system/test_enablea.service') + self.create_sysv(enable=True) + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertFalse(os.path.islink(l)) + + # disabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(l, []) + + self.assertEnabled(False) + + def test_sysv_enable(self): + '''only sysv: enable''' + + self.create_sysv() + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + # enabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l)) + self.assertEqual(os.readlink(l[0]), '../init.d/test_enable') + + # enable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + self.assertEnabled(True) + + def test_sysv_disable(self): + '''only sysv: disable''' + + self.create_sysv(enable=True) + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + # disabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(l, []) + + # disable should be idempotent + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + self.assertEnabled(False) + + def test_unit_link(self): + '''systemctl link''' + + with tempfile.NamedTemporaryFile(suffix='.service') as f: + f.write(b'[Unit]\n') + f.flush() + subprocess.check_call(['systemctl', 'link', f.name]) + + unit = os.path.basename(f.name) + l = os.path.join('/etc/systemd/system', unit) + self.assertEqual(os.readlink(l), f.name) + + # disable it again + subprocess.check_call(['systemctl', 'disable', unit]) + # this should also remove the unit symlink + self.assertFalse(os.path.islink(l)) + + def test_unit_enable_full_path(self): + '''systemctl enable a unit in a non-default path''' + + with tempfile.NamedTemporaryFile(suffix='.service') as f: + f.write(b'''[Unit] +Description=test +[Service] +ExecStart=/bin/true +[Install] +WantedBy=multi-user.target''') + f.flush() + unit = os.path.basename(f.name) + + # now enable it + subprocess.check_call(['systemctl', 'enable', f.name]) + self.assertEnabled(True, unit=unit) + l = os.path.join('/etc/systemd/system', unit) + self.assertEqual(os.readlink(l), f.name) + enable_l = '/etc/systemd/system/multi-user.target.wants/' + unit + self.assertEqual(os.readlink(enable_l), f.name) + + # disable it again + subprocess.check_call(['systemctl', 'disable', unit]) + # self.assertEnabled(False) does not work as now systemd does not + # know about the unit at all any more + self.assertFalse(os.path.islink(enable_l)) + # this should also remove the unit symlink + self.assertFalse(os.path.islink(l)) + + +if __name__ == '__main__': + unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, + verbosity=2)) diff --git a/debian/tests/upstream b/debian/tests/upstream new file mode 100755 index 0000000..4e434c7 --- /dev/null +++ b/debian/tests/upstream @@ -0,0 +1,53 @@ +#!/bin/sh +# run upstream system integration tests +# Author: Martin Pitt <martin.pitt@ubuntu.com> +set -e + +# even after installing policycoreutils this fails with +# "Failed to install /usr/libexec/selinux/hll/pp" +BLACKLIST="TEST-06-SELINUX" + +# some tests are flaky +BLACKLIST="$BLACKLIST +TEST-02-CRYPTSETUP +TEST-10-ISSUE-2467 +TEST-13-NSPAWN-SMOKE +TEST-16-EXTEND-TIMEOUT +TEST-17-UDEV-WANTS +" + +# quiesce Makefile.guess; not really relevant as systemd/nspawn run from +# installed packages +export BUILD_DIR=. + +# modify the image build scripts to install systemd from the debs instead of +# from a "make/ninja install" as we don't have a built tree here. Also call +# systemd-nspawn from the system. +sed -i '/DESTDIR.* install/ s%^.*$% for p in `grep ^Package: '`pwd`'/debian/control | cut -f2 -d\\ |grep -Ev -- "-(udeb|dev)"`; do (cd /tmp; apt-get download $p \&\& dpkg-deb --fsys-tarfile ${p}[._]*deb | tar -C $initdir --dereference -x); done%; s_[^" ]*/systemd-nspawn_systemd-nspawn_g; s/\(_ninja_bin=\).*/\1dummy-ninja/' test/test-functions + +# adjust path +sed -i 's_/usr/libexec/selinux/hll/pp_/usr/lib/selinux/hll/pp_' test/TEST-06-SELINUX/test.sh + +FAILED="" + +for t in test/TEST*; do + echo "$BLACKLIST" | grep -q "$(basename $t)" && continue + echo "========== `basename $t` ==========" + rm -rf /var/tmp/systemd-test.* + if ! make -C $t setup run clean; then + for j in /var/tmp/systemd-test.*/journal/*; do + [ -e "$j" ] || continue + # keep the entire journal in artifacts, in case one needs the debug messages + cp -r "$j" "$AUTOPKGTEST_ARTIFACTS/$(basename $t)-$(basename $j)" + echo "---- $j ----" + journalctl --priority=warning --directory=$j + done + FAILED="$FAILED $t" + fi + echo +done + +if [ -n "$FAILED" ]; then + echo FAILED TESTS: "$FAILED" + exit 1 +fi diff --git a/debian/udev-udeb.dirs b/debian/udev-udeb.dirs new file mode 100644 index 0000000..eeba23d --- /dev/null +++ b/debian/udev-udeb.dirs @@ -0,0 +1 @@ +/etc/udev/rules.d/ diff --git a/debian/udev-udeb.install b/debian/udev-udeb.install new file mode 100644 index 0000000..478276b --- /dev/null +++ b/debian/udev-udeb.install @@ -0,0 +1,21 @@ +lib/systemd/network/99-default.link +lib/systemd/systemd-udevd +bin/udevadm +lib/udev/ata_id +lib/udev/scsi_id +lib/udev/cdrom_id +lib/udev/rules.d/50-udev-default.rules +lib/udev/rules.d/60-block.rules +lib/udev/rules.d/60-cdrom_id.rules +lib/udev/rules.d/60-input-id.rules +lib/udev/rules.d/60-persistent-input.rules +lib/udev/rules.d/60-persistent-storage.rules +lib/udev/rules.d/64-btrfs.rules +lib/udev/rules.d/75-net-description.rules +lib/udev/rules.d/75-probe_mtd.rules +lib/udev/rules.d/80-drivers.rules +lib/udev/rules.d/80-net-setup-link.rules +../../extra/rules/50-firmware.rules lib/udev/rules.d/ +../../extra/rules/73-special-net-names.rules lib/udev/rules.d/ +../../extra/rules/73-usb-net-by-mac.rules lib/udev/rules.d/ +../../extra/start-udev lib/debian-installer/ diff --git a/debian/udev.NEWS b/debian/udev.NEWS new file mode 100644 index 0000000..5a0194e --- /dev/null +++ b/debian/udev.NEWS @@ -0,0 +1,25 @@ +systemd (241-4) unstable; urgency=medium + + DRM render nodes (/dev/dri/renderD*) are now owned by group "render" + (previously group "video"). Dynamic ACLs via the "uaccess" udev tag are still + applied, so in the common case things should just continue to work. + If you rely on static permissions to access those devices, you need to update + group memberships accordingly to use group "render" now. + + -- Michael Biebl <biebl@debian.org> Fri, 17 May 2019 19:15:32 +0200 + +systemd (220-7) unstable; urgency=medium + + The mechanism for providing stable network interface names changed. + Previously they were kept in /etc/udev/rules.d/70-persistent-net.rules + which mapped device MAC addresses to the (arbitrary) name they got when + they first appeared (i. e. mostly at the time of installation). As this + had several problems and is not supported any more, this is deprecated in + favor of the "net.ifnames" mechanism. With this most of your network + interfaces will get location-based names. If you have ifupdown, firewall, + or other configuration that relies on the old names, you need to update + these by Debian 10/Ubuntu 18.04 LTS, and then remove + /etc/udev/rules.d/70-persistent-net.rules. Please see + /usr/share/doc/udev/README.Debian.gz for details about this. + + -- Martin Pitt <mpitt@debian.org> Mon, 15 Jun 2015 15:30:29 +0200 diff --git a/debian/udev.README.Debian b/debian/udev.README.Debian new file mode 100644 index 0000000..b008fe1 --- /dev/null +++ b/debian/udev.README.Debian @@ -0,0 +1,149 @@ +This documents udev integration Debian specifics. Please see man udev(7) and +its referenced manpages for general documentation. + +Network interface naming +~~~~~~~~~~~~~~~~~~~~~~~~ +Since version 197 udev has a builtin persistent name generator which checks +firmware/BIOS provided index numbers or slot names (similar to biosdevname), +falls back to slot names (PCI numbers, etc., in the spirit of +/dev/disks/by-path/), and then optionally falls back to MAC address, and +generates names based on these properties. This provides "location oriented" +names for PCI cards such as "enp0s1" for ethernet, or wlp1s0" for a WIFI card +so that replacing a broken network card does not change the name (as long +as the new card is fitted into the bus in the old card's slot.) As location +based naming does not work well for USB devices, these use a MAC based naming +schema (see /lib/udev/rules.d/73-usb-net-by-mac.rules). + +This has been enabled by default since udev 220-7, which affects new +installations/hardware. Existing installations/hardware which already got +covered by the old 75-persistent-net-generator.rules may keep their existing +interface names until the release of Debian 10 / Ubuntu 18.04 LTS; see +below. + +You can disable these stable names and go back to the kernel-provided ones +(which don't have a stable order) in one of two ways: + + - Put "net.ifnames=0" into the kernel command line (e. g. in + /etc/default/grub's GRUB_CMDLINE_LINUX_DEFAULT, then run "update-grub"). + + - Disable the default *.link rules with + "ln -s /dev/null /etc/systemd/network/99-default.link" + and rebuild the initrd with "update-initramfs -u". + +See this page for more information: +http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ + +Legacy persistent network interface naming +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Debian releases up to 8 ("Jessie") and Ubuntu up to 15.04 had an udev rule +/lib/udev/rules.d/75-persistent-net-generator.rules which fixed the name of a +network interface that it got when its MAC address first appeared in a +dynamically created /etc/udev/rules.d/70-persistent-net.rules file. + +This had inherent race conditions (which sometimes caused collisions and +interface names like "rename1"), required having to write state into /etc +(which isn't possible for read-only root), and did not work in virtualized +environments. + +This old schema is deprecated in Debian 9 ("Stretch"), and will not +be supported any more in Debian 10. + +Migration to the current network interface naming scheme +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Interface names must be be manually migrated to the new naming scheme before +upgrading to Debian 10 / Ubuntu 18.04 LTS. If you rely on the old names in +custom ifupdown stanzas, firewall scripts, or other networking configuration, +these will eventually need to be updated to the new names. + +WARNING: This process may render your machine inaccessible through ssh. Be sure +to have physical or serial console access to the machine or a way to revert to +your existing configuration. + +First, determine all relevant network interface names: those in +/etc/udev/rules.d/70-persistent-net.rules, or if that does not exist (in +the case of virtual machines), in "ip link" or /sys/class/net/. + +Then for every interface name use a command like + + grep -r eth0 /etc + +to find out where it is being used. + +Then on "real hardware" machines, rename the file to +70-persistent-net.rules.old; alternately, if you have multiple interfaces, +instead of renaming you may wish to comment out specific lines to convert a +single interface at a time. + +On VMs remove the files /etc/systemd/network/99-default.link and +/etc/systemd/network/50-virtio-kernel-names.link (the latter only exists on VMs +that use virtio network devices). + +Rebuild the initrd with + + update-initramfs -u + +and reboot. Then your system should have a new network interface name (or +names). Adjust configuration files as discovered with the grep above, and test +your system. + +Repeat for each network interface name, as necessary. + +Custom net interface naming +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +In some cases it is convenient to define your own specific names for network +interfaces. These can be customized in two different ways: + + * You can create your own names via *.link files (see systemd.link(5)) based + on hardware properties. For example, /etc/systemd/network/10-dmz.link: + + ------------ snip ------------ + [Match] + MACAddress=11:22:aa:bb:cc:33 + + [Link] + Name=eth-dmz + ------------ snip ------------ + + * If you need attributes that link files don't expose, or you need more + powerful pattern matching, you can create udev rules (see udev(7)) + like /etc/udev/rules.d/76-netnames.rules: + + ------------ snip ------------ + # identify by vendor/model ID + SUBSYSTEM=="net", ACTION=="add", ENV{ID_VENDOR_ID}=="0x8086", \ + ENV{ID_MODEL_ID}=="0x1502", NAME="eth-intel-gb" + + # USB device by path + # get ID_PATH if not present yet + ENV{ID_PATH}=="", IMPORT{builtin}="path_id" + SUBSYSTEM=="net", ACTION=="add", ENV{ID_PATH}=="*-usb-0:3:1*", NAME="eth-blue-hub" + ------------ snip ---------- + + The name of the rules file needs to have a prefix smaller than "80" so that + it runs before /lib/udev/rules.d/80-net-setup-link.rules, and should have a + prefix bigger than "75" so that it runs after 75-net-description.rules and + thus you can use matches on ID_VENDOR and similar properties. + + * Unless you disabled net.ifnames, you can change the policy + (kernel/bios/path/MAC based naming) in an /etc/systemd/network/*.link file, + for individual devices or entire device classes. See man systemd.link(5) for + details about this. /lib/systemd/network/99-default.link is the default + policy. Note that /lib/udev/rules.d/73-usb-net-by-mac.rules uses MAC based + names for USB devices. + +Any of the above changes require an initrd update with "update-initramfs -u" to +get effective. + +Using udev with LDAP or NIS +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +If the rules files reference usernames or groups not present in the +/etc/{passwd,group} files and the system is configured to use a +network-based database like LDAP or NIS then udev may fail at boot time +because users and groups are looked up well before the network has been +initialized. +A possible solution is to configure /etc/nsswitch.conf like this: + + passwd: files ldap [UNAVAIL=return] + group: files ldap [UNAVAIL=return] + +The nsswitch.conf syntax is documented in the glibc manual. diff --git a/debian/udev.bug-control b/debian/udev.bug-control new file mode 100644 index 0000000..3134261 --- /dev/null +++ b/debian/udev.bug-control @@ -0,0 +1 @@ +package-status: systemd diff --git a/debian/udev.bug-script b/debian/udev.bug-script new file mode 100644 index 0000000..97f56f1 --- /dev/null +++ b/debian/udev.bug-script @@ -0,0 +1,14 @@ +#!/bin/sh + +# We don’t clean up this directory because there is no way to know when +# reportbug finished running, and reportbug needs the files around. +# Given that those are just a couple of kilobytes in size and people +# generally don’t file a lot of bugs, I don’t think it’s a big deal. +DIR=$(mktemp -d) + +echo "-- BEGIN ATTACHMENTS --" >&3 + +udevadm info --export-db >$DIR/udev-database.txt +echo "$DIR/udev-database.txt" >&3 + +echo "-- END ATTACHMENTS --" >&3 diff --git a/debian/udev.init b/debian/udev.init new file mode 100644 index 0000000..a10a586 --- /dev/null +++ b/debian/udev.init @@ -0,0 +1,256 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: udev +# Required-Start: mountkernfs +# Required-Stop: umountroot +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Start systemd-udevd, populate /dev and load drivers. +### END INIT INFO + +PATH="/sbin:/bin" +NAME="systemd-udevd" +DAEMON="/lib/systemd/systemd-udevd" +DESC="hotplug events dispatcher" +PIDFILE="/run/udev.pid" +CTRLFILE="/run/udev/control" +OMITDIR="/run/sendsigs.omit.d" + +# we need to unmount /dev/pts/ and remount it later over the devtmpfs +unmount_devpts() { + if mountpoint -q /dev/pts/; then + umount -n -l /dev/pts/ + fi + + if mountpoint -q /dev/shm/; then + umount -n -l /dev/shm/ + fi +} + +# mount a devtmpfs over /dev, if somebody did not already do it +mount_devtmpfs() { + if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then + mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev + return + fi + + if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then + log_failure_msg "udev requires devtmpfs support, not started" + log_end_msg 1 + fi + + return 0 +} + +create_dev_makedev() { + if [ -e /sbin/MAKEDEV ]; then + ln -sf /sbin/MAKEDEV /dev/MAKEDEV + else + ln -sf /bin/true /dev/MAKEDEV + fi +} + +# shell version of /usr/bin/tty +my_tty() { + [ -x /bin/readlink ] || return 0 + [ -e /proc/self/fd/0 ] || return 0 + readlink --silent /proc/self/fd/0 || true +} + +warn_if_interactive() { + if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then + return + fi + + TTY=$(my_tty) + if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then + return + fi + + printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n" + printf "has been run from an interactive shell.\n" + printf "It will probably not do what you expect, so this script will wait\n" + printf "60 seconds before continuing. Press ^C to stop it.\n" + printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n" + sleep 60 +} + +make_static_nodes() { + [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0 + [ -x /bin/kmod ] || return 0 + + /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \ + while read type name mode uid gid age arg; do + [ -e $name ] && continue + case "$type" in + c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;; + d|d!) mkdir $name ;; + *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;; + esac + + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $name + fi + done +} + + +############################################################################## + + +[ -x $DAEMON ] || exit 0 + +# defaults +tmpfs_size="10M" + +if [ -e /etc/udev/udev.conf ]; then + . /etc/udev/udev.conf +fi + +. /lib/lsb/init-functions + +if [ ! -e /proc/filesystems ]; then + log_failure_msg "udev requires a mounted procfs, not started" + log_end_msg 1 +fi + +if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then + log_failure_msg "udev requires devtmpfs support, not started" + log_end_msg 1 +fi + +if [ ! -d /sys/class/ ]; then + log_failure_msg "udev requires a mounted sysfs, not started" + log_end_msg 1 +fi + +if [ ! -w /sys ]; then + log_warning_msg "udev does not support containers, not started" + exit 0 +fi + +if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \ + [ -e /sys/block -a ! -e /sys/class/block ]; then + log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected" + log_warning_msg "Booting will continue in 30 seconds but many things will be broken" + sleep 30 +fi + +# When modifying this script, do not forget that between the time that the +# new /dev has been mounted and udevadm trigger has been run there will be +# no /dev/null. This also means that you cannot use the "&" shell command. + +case "$1" in + start) + if [ ! -e "/run/udev/" ]; then + warn_if_interactive + fi + + if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper + fi + + if ! mountpoint -q /dev/; then + unmount_devpts + mount_devtmpfs + [ -d /proc/1 ] || mount -n /proc + fi + + make_static_nodes + + # clean up parts of the database created by the initramfs udev + udevadm info --cleanup-db + + # set the SELinux context for devices created in the initramfs + [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev + + log_daemon_msg "Starting $DESC" "$NAME" + if start-stop-daemon --start --name $NAME --user root --quiet \ + --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \ + --notify-await; then + # prevents udevd to be killed by sendsigs (see #791944) + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/$NAME + log_end_msg $? + else + log_warning_msg $? + log_warning_msg "Waiting 15 seconds and trying to continue anyway" + sleep 15 + fi + + log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)" + if udevadm trigger --type=subsystems --action=add; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + log_action_begin_msg "Synthesizing the initial hotplug events (devices)" + if udevadm trigger --type=devices --action=add; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + + create_dev_makedev + + # wait for the systemd-udevd childs to finish + log_action_begin_msg "Waiting for /dev to be fully populated" + if udevadm settle; then + log_action_end_msg 0 + else + log_action_end_msg 0 'timeout' + fi + ;; + + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if start-stop-daemon --stop --name $NAME --user root --quiet \ + --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then + # prevents cryptsetup/dmsetup hangs (see #791944) + rm -f $CTRLFILE + log_end_msg $? + else + log_end_msg $? + fi + ;; + + restart) + log_daemon_msg "Stopping $DESC" "$NAME" + if start-stop-daemon --stop --name $NAME --user root --quiet \ + --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then + # prevents cryptsetup/dmsetup hangs (see #791944) + rm -f $CTRLFILE + log_end_msg $? + else + log_end_msg $? || true + fi + + log_daemon_msg "Starting $DESC" "$NAME" + if start-stop-daemon --start --name $NAME --user root --quiet \ + --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \ + --notify-await; then + # prevents udevd to be killed by sendsigs (see #791944) + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/$NAME + log_end_msg $? + else + log_end_msg $? + fi + ;; + + reload|force-reload) + udevadm control --reload-rules + ;; + + status) + status_of_proc $DAEMON $NAME && exit 0 || exit $? + ;; + + *) + echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/debian/udev.install b/debian/udev.install new file mode 100644 index 0000000..b0ab649 --- /dev/null +++ b/debian/udev.install @@ -0,0 +1,24 @@ +etc/udev/ +lib/udev/* +lib/systemd/network/*.link +lib/systemd/system/systemd-udev* +lib/systemd/system/systemd-hwdb* +lib/systemd/system/*.target.wants/systemd-udev* +lib/systemd/system/*.target.wants/*hwdb* +lib/systemd/systemd-udevd +bin/udevadm +bin/systemd-hwdb +usr/share/man/man5/udev.conf.5 +usr/share/man/man5/systemd.link.5 +usr/share/man/man7/hwdb.7 +usr/share/man/man7/udev.7 +usr/share/man/man8/systemd-hwdb* +usr/share/man/man8/systemd-udevd* +usr/share/man/man8/udevadm.8 +usr/share/bash-completion/completions/udevadm +usr/share/zsh/vendor-completions/_udevadm +usr/share/pkgconfig/udev.pc +../../extra/initramfs-tools usr/share/ +../../extra/rules/*.rules lib/udev/rules.d/ +#../../extra/*.hwdb lib/udev/hwdb.d/ +../../extra/fbdev-blacklist.conf lib/modprobe.d/ diff --git a/debian/udev.links b/debian/udev.links new file mode 100644 index 0000000..d0ac5ee --- /dev/null +++ b/debian/udev.links @@ -0,0 +1,2 @@ +/lib/systemd/system/systemd-udevd.service /lib/systemd/system/udev.service +/bin/udevadm /sbin/udevadm diff --git a/debian/udev.maintscript b/debian/udev.maintscript new file mode 100644 index 0000000..da7cfb6 --- /dev/null +++ b/debian/udev.maintscript @@ -0,0 +1,8 @@ +rm_conffile /etc/init.d/udev-finish 226-1~ +rm_conffile /etc/init/udev-finish.conf 226-1~ +rm_conffile /etc/init/udev-fallback-graphics.conf 226-1~ +symlink_to_dir /usr/share/doc/udev libudev1 221-2~ +rm_conffile /etc/modprobe.d/fbdev-blacklist.conf 229-6~ +rm_conffile /etc/init/udev.conf 233-1~ +rm_conffile /etc/init/udevmonitor.conf 233-1~ +rm_conffile /etc/init/udevtrigger.conf 233-1~ diff --git a/debian/udev.postinst b/debian/udev.postinst new file mode 100644 index 0000000..7a78ede --- /dev/null +++ b/debian/udev.postinst @@ -0,0 +1,139 @@ +#!/bin/sh -e + +chrooted() { + if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]; + then + # the devicenumber/inode pair of / is the same as that of /sbin/init's + # root, so we're *not* in a chroot and hence return false. + return 1 + fi + echo "A chroot environment has been detected, udev not started." + return 0 +} + +in_debootstrap() { + # debootstrap --second-stage may be run in an emulator instead of a chroot, + # we need to check for this special case because start-stop-daemon would + # not be available. (#520742) + if [ -d /debootstrap/ ]; then + echo "Being installed by debootstrap, udev not started." + return 0 + fi + return 1 +} + +can_start_udevd() { + if [ ! -d /sys/class/ ]; then + echo "udev requires a mounted sysfs, not started." + return 1 + fi + return 0 +} + +enable_udev() { + can_start_udevd || return 0 + invoke-rc.d udev start +} + +update_initramfs() { + [ -x /usr/sbin/update-initramfs -a -e /etc/initramfs-tools/initramfs.conf ] \ + || return 0 + update-initramfs -u +} + +upgrade_fixes() { + if dpkg --compare-versions "$2" lt "226-1"; then + update-rc.d udev-finish remove + fi + + # we enabled net.ifnames in 220-7 by default; don't change iface names in + # virtualized envs (where 75-persistent-net-generator.rules didn't work) + if dpkg --compare-versions "$2" lt-nl "220-7~" && + [ ! -e /etc/udev/rules.d/70-persistent-net.rules ] && + [ ! -e /etc/udev/rules.d/80-net-setup-link.rules ] && + [ ! -e /etc/systemd/network/99-default.link ] && + [ ! -L /etc/systemd/network/99-default.link ] && + ! grep -q net.ifnames /proc/cmdline && ! chrooted; then + mkdir -p /etc/systemd/network + cat <<EOF > /etc/systemd/network/99-default.link +# This machine is most likely a virtualized guest, where the old persistent +# network interface mechanism (75-persistent-net-generator.rules) did not work. +# This file disables /lib/systemd/network/99-default.link to avoid +# changing network interface names on upgrade. Please read +# /usr/share/doc/udev/README.Debian.gz about how to migrate to the currently +# supported mechanism. +EOF + fi + + # 226 introduced predictable interface names for virtio + # (https://github.com/systemd/systemd/pull/1119); disable for upgrades + if dpkg --compare-versions "$2" lt-nl "226-2~" && + [ ! -e /etc/systemd/network/50-virtio-kernel-names.link ] && + ls -d /sys/bus/virtio/drivers/virtio_net/virt* >/dev/null 2>&1; then + echo "virtio network devices detected, disabling predictable interface names in /etc/systemd/network/50-virtio-kernel-names.link" + mkdir -p /etc/systemd/network/ + cat <<EOF > /etc/systemd/network/50-virtio-kernel-names.link +# udev 226 introduced predictable interface names for virtio; +# disable this for upgrades. You can remove this file if you update your +# network configuration to move to the ens* names instead. +# See /usr/share/doc/udev/README.Debian.gz for details about predictable +# network interface names. +[Match] +Driver=virtio_net + +[Link] +NamePolicy=onboard kernel +EOF + fi + + # new Default-Stop (see #791944) + if dpkg --compare-versions "$2" lt-nl "239-8"; then + update-rc.d -f udev remove + fi +} + +update_hwdb() { + systemd-hwdb --usr update || true +} + +case "$1" in + configure) + # update/create hwdb before we (re)start udev + update_hwdb + + # Add new system group used by udev rules + addgroup --quiet --system input + + # Make /dev/kvm accessible to kvm group + addgroup --quiet --system kvm + + # Make /dev/dri/renderD* accessible to render group + addgroup --quiet --system render + + if [ -z "$2" ]; then # first install + if ! chrooted && ! in_debootstrap; then + enable_udev + fi + else # upgrades + upgrade_fixes "$@" + if ! chrooted; then + if can_start_udevd; then + if [ -d /run/systemd/system ] ; then + systemctl daemon-reload || true + fi + invoke-rc.d udev restart + fi + fi + fi + + update_initramfs + ;; + + triggered) + update_hwdb + exit 0 + ;; +esac + +#DEBHELPER# + diff --git a/debian/udev.postrm b/debian/udev.postrm new file mode 100644 index 0000000..8658f76 --- /dev/null +++ b/debian/udev.postrm @@ -0,0 +1,12 @@ +#!/bin/sh -e + +case "$1" in + purge) + rm -f /etc/udev/rules.d/70-persistent-*.rules + rmdir --ignore-fail-on-non-empty /etc/udev/rules.d/ 2> /dev/null || true + rm -f /lib/udev/hwdb.bin + rm -f /var/log/udev + ;; +esac + +#DEBHELPER# diff --git a/debian/udev.preinst b/debian/udev.preinst new file mode 100644 index 0000000..b24d9da --- /dev/null +++ b/debian/udev.preinst @@ -0,0 +1,81 @@ +#!/bin/sh -e + +# adapted from postinst +chrooted() { + if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]; + then + return 1 + fi + return 0 +} + +check_kernel_features() { + # skip the check if udev is not already active + [ -d /run/udev/ ] || return 0 + + if [ -e /proc/kallsyms ]; then + + local needed_symbols='inotify_init signalfd accept4 open_by_handle_at timerfd_create epoll_create' + for symbol in $needed_symbols; do + if ! egrep -q "^[a-fA-F0-9]+ T \.?sys_${symbol}$" /proc/kallsyms; then + cat <<END +Since release 198, udev requires support for the following features in +the running kernel: + +- inotify(2) (CONFIG_INOTIFY_USER) +- signalfd(2) (CONFIG_SIGNALFD) +- accept4(2) +- open_by_handle_at(2) (CONFIG_FHANDLE) +- timerfd_create(2) (CONFIG_TIMERFD) +- epoll_create(2) (CONFIG_EPOLL) +END + exit 1 + fi + done + + fi + + if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then + cat <<END +Since release 176, udev requires support for the following features in +the running kernel: + +- devtmpfs (CONFIG_DEVTMPFS) +END + exit 1 + fi + + if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || + [ -e /sys/block -a ! -e /sys/class/block ]; then + cat <<END +The currently running kernel has the CONFIG_SYSFS_DEPRECATED option +enabled, which is incompatible with udev. +END + exit 1 + fi +} + +check_version() { + # $2 is non-empty when installing from the "config-files" state + [ -n "$2" ] || return 0 + + if dpkg --compare-versions $2 lt 204-4; then + # these must be checked first to allow aborting before changing anything + if chrooted; then + echo 'Running in a chroot, skipping the kernel versions checks!' + else + check_kernel_features + # suppress errors when the new rules files contain options not supported by + # the old daemon + udevadm control --log-priority=0 || true + fi + fi # 204-4 +} + +case "$1" in + install|upgrade|abort-upgrade) + check_version "$@" + ;; +esac + +#DEBHELPER# diff --git a/debian/udev.prerm b/debian/udev.prerm new file mode 100644 index 0000000..7eac286 --- /dev/null +++ b/debian/udev.prerm @@ -0,0 +1,30 @@ +#!/bin/sh -e + +# adapted from postinst +chrooted() { + if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]; + then + return 1 + fi + return 0 +} + +kill_udevd() { + if [ -d /run/systemd/system ]; then + systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket + systemctl stop systemd-udevd.service + else + invoke-rc.d udev stop + fi +} + +case "$1" in + remove) + if ! chrooted; then + kill_udevd + fi + ;; +esac + +#DEBHELPER# + diff --git a/debian/udev.triggers b/debian/udev.triggers new file mode 100644 index 0000000..7f814f0 --- /dev/null +++ b/debian/udev.triggers @@ -0,0 +1 @@ +interest-noawait /lib/udev/hwdb.d diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..a1403d8 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=uversionmangle=s/-rc/~rc/,filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/systemd-$1\.tar\.gz/ \ + https://github.com/systemd/systemd/tags .*/v?(\d\S*)\.tar\.gz |