diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 13:00:48 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 13:00:48 +0000 |
commit | f542925b701989ba6eed7b08b5226d4021b9b85f (patch) | |
tree | 57e14731f21a6d663326d30b7b88736e9d51c420 /debian | |
parent | Adding upstream version 247.3. (diff) | |
download | systemd-debian/247.3-7+deb11u4.tar.xz systemd-debian/247.3-7+deb11u4.zip |
Adding debian version 247.3-7+deb11u4.debian/247.3-7+deb11u4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
199 files changed, 21176 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..11f5e32 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,112 @@ +Enabling persistent logging in journald +======================================= + +To enable persistent logging, create /var/log/journal: + + mkdir -p /var/log/journal + systemd-tmpfiles --create --prefix /var/log/journal + +systemd will make the journal files owned by the "systemd-journal" group and +add an ACL for read permissions for users in the "adm" group. +To grant a user read access to the system journal, add them to one of the two +groups. + +This will allow you to look at previous boot logs with e. g. +"journalctl -b -1". + +If you enable persistent logging, consider uninstalling rsyslog or any other +system-log-daemon, to avoid logging everything twice. + +Debugging boot/shutdown problems +================================ + +The "debug-shell" service starts a root shell on VT 9 which is available very +early during boot and very late during shutdown. You can temporarily enable +this when booting the system does not get sufficiently far to get a desktop or +even the text console logins (getty), or when shutdown hangs eternally. + +For boot problems the recommended way is to append "systemd.debug-shell" to the +kernel command line in the bootloader. +For shutdown problems, run "systemctl start debug-shell" as root, then shut +down. + +WARNING: Please avoid "systemctl enable debug-shell" as this will start the +debug shell permanently which is a SECURITY HOLE as it allows unauthenticated +and unrestricted root access to your computer if you forget to disable it! +Please only enable it if you cannot pass "systemd.debug-shell" to the boot +loader for some reason, and then immediately run "systemctl disable debug-shell" +after booting. + +Once the boot/shutdown problem happened, switch to VT9 (Ctrl+Alt+F9). There you +can use the usual systemctl or journalctl commands, or any other Linux shell +command to list or kill processes. For example, run "systemctl list-jobs" to +see what's currently being run, or "systemctl" to find units which are not in +the expected state (e. g. "failed" for boot or still "active" during shutdown), +and then get more detailed information with "systemctl status -l foo.service" +to get a service "foo"'s status and recent logging. + +In situations where the debug shell is not available, you can generate a +/shutdown-log.txt file instead: +1. Boot with these kernel command line options: + systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M +2. Save the following script as /lib/systemd/system-shutdown/debug.sh and make it executable: + #!/bin/sh + mount -o remount,rw / + dmesg > /shutdown-log.txt + mount -o remount,ro / +3. Reboot + +Enable and use networkd +======================= +networkd is a small and lean service to configure network interfaces, designed +mostly for server use cases in a world with hotplugged and virtualized +networking. Its configuration is similar in spirit and abstraction level to +ifupdown, but you don't need any extra packages to configure bridges, bonds, +vlan etc. It is not very suitable for managing WLANs yet; NetworkManager is +still much more appropriate for such Desktop use cases. + +networkd is not enabled by default; run + + systemctl enable systemd-networkd + +if you want to use it. After that you need to create some *.network +configuration files. In the simplest case you just want to run DHCP on all +available Ethernet interfaces: + +--- /etc/systemd/network/all-eth.network --- +[Match] +Name=e* +[Network] +DHCP=yes + +This will match on both the kernel "ethN" as well as the predictable interface +names "en*". Please see man systemd.network(5) for all available configuration +options and examples. + +You need to make sure that interfaces handled by networkd are not handled by +ifupdown (/etc/network/interfaces) and NetworkManager. + +Note that interfaces brought up/down will *not* run hooks in +/etc/network/if-*.d/. + +It is recommended to use networkd together with systemd-resolved(8) to +dynamically manage /etc/resolv.conf: + + systemctl enable systemd-resolved + ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf + +Debian's networkd has been modified to also work with the resolvconf package. + +KillUserProcesses behavior in Debian +==================================== + +If KillUserProcesses=yes is configured in logind.conf(5), the session scope +will be terminated when the user logs out of that session. + +See logind.conf(5): + +| Note that setting KillUserProcesses=yes will break tools like screen(1) and +| tmux(1), unless they are moved out of the session scope. + +The default for KillUserProcesses in /etc/systemd/logind.conf is set +to "yes" in upstream systemd, though Debian defaults to "no" (see #825394). diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..e3ba8cf --- /dev/null +++ b/debian/README.source @@ -0,0 +1,103 @@ +Building from source +-------------------- +Install “git-buildpackage” and run the following steps: + + gbp clone git+ssh://git.debian.org/git/pkg-systemd/systemd.git + cd systemd + gbp buildpackage + +We recommend you use pbuilder to make sure you build in a clean environment: + + gbp buildpackage --git-pbuilder + +Changelog +--------- +The systemd package uses gbp dch for automatically generating +debian/changelog entries from the corresponding git commits. This makes +cherry-picking, merging, and rebasing much simpler. + +Thus, for any packaging change *don't* modify debian/changelog, just write a +meaningful git commit log with proper bug references (such as "Closes: #12345" +on the last line). For doing a release, run + + gbp dch --auto + +then beautify the generated debian/changelog, then run the usual "dch -r" and +"debcommit -ar --sign-tags". + +Patch handling +-------------- +The systemd package uses gbp pq for maintaining patches with a git-like +workflow in a "patch-queue/<branch>" local branch and then exporting them as +quilt series. For working on patches you run + + gbp pq import --force + +Then you are in the patch-queue branch and can git log, commit, cherry-pick +upstream commits, rebase, etc. there. After you are done, run + + gbp pq export + +which will put you back into master and update debian/patches/ (including +series). You need to git add etc. new patches, possibly other +packaging changes, and then git commit as usual. + +systemd uses gbp pq's "topic" branches for organizing patches; for simplicity +(as this is the most common operation), upstream cherry-picks go into the +"empty" topic (i. e. directly into debian/patches/), while Debian specific +patches go into "Gbp-Pq: Topic debian" (i. e. debian/patches/debian/). + +Rebasing patches to a new upstream version +------------------------------------------ +gbp pq's "rebase" command does not work very conveniently as it fails on merge +conflicts. First, ensure you are in the master branch: + + git checkout master # in case you aren't already + +Now, do one of + + (1) To import a new upstream release into the existing master branch for unstable, +do: + + gbp pq import --force + gbp pq switch # switch back to master from patch-queue/master + gbp import-orig [...] + gbp pq switch # switch to patch-queue/master + git rebase master + + (2) To import a new upstream release into a new branch for Debian experimental, do: + + git branch experimental + git checkout experimental + editor debian/gbp.conf # set "debian-branch=experimental" + gbp import-orig [...] + git branch patch-queue/experimental patch-queue/master + git checkout patch-queue/experimental + git rebase experimental + +Now resolve all the conflicts, skip obsolete patches, etc. When you are done, run + + gbp pq export + +Note that our debian/gbp.conf disables patch numbers. + +Cherry-picking upstream patches +------------------------------- +You can add the systemd upstream branch as an additional remote to the Debian +packaging branch. Call it "github" or similar to avoid confusing it with the +already existing "upstream" branch from git-buildpackage: + + git remote add github https://github.com/systemd/systemd.git + git fetch github -n + +Now you can look at the upstream log and cherry-pick patches into the +patch-queue branch: + + gbp pq import --force + git log github/master + git cherry-pick 123DEADBEEF + +debian/git-cherry-pick is a nice tool to automate all that: + + debian/git-cherry-pick 123DEADBEEF 987654 AFFE99 + git checkout master # switch back from patch-queue branch diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..7314dfc --- /dev/null +++ b/debian/changelog @@ -0,0 +1,6860 @@ +systemd (247.3-7+deb11u4) bullseye; urgency=medium + + * backport patches to fix a calendar spec calculation hang on DST change + if TZ=Europe/Dublin (Closes: #1033540) + + -- Luca Boccassi <bluca@debian.org> Sun, 18 Jun 2023 15:55:54 +0100 + +systemd (247.3-7+deb11u3) bullseye; urgency=medium + + * udev: fix creating /dev/serial/by-id/ symlinks for USB devices. + (Closes: #1035094) + * Fix memory leak on daemon-reload + + -- Luca Boccassi <bluca@debian.org> Sun, 30 Apr 2023 13:56:31 +0100 + +systemd (247.3-7+deb11u2) bullseye; urgency=medium + + [ Michael Biebl ] + * ata_id: fix getting Response Code from SCSI Sense Data. + (Closes: #1021579) + * logind: fix getting property OnExternalPower via D-Bus (Closes: + #1021644) + + [ Luca Boccassi ] + * Backport patch to fix CVE-2022-4415 (Closes: #1026831) + * Backport patch to fix CVE-2022-3821 + * Backport patch to fix crash in systemd-machined (Closes: #1023567) + + -- Luca Boccassi <bluca@debian.org> Thu, 22 Dec 2022 12:55:42 +0100 + +systemd (247.3-7+deb11u1) bullseye; urgency=medium + + * Drop bundled copy of linux/if_arp.h. + Fixes build failures with newer kernel headers. + * virt: support detection for ARM64 Hyper-V guests (Closes: #1013342) + * virt: detect OpenStack instance as KVM on arm (Closes: #1016157) + + -- Michael Biebl <biebl@debian.org> Sun, 07 Aug 2022 15:25:09 +0200 + +systemd (247.3-7) bullseye; urgency=medium + + * Switch debian-branch to debian/bullseye + * udevadm-trigger: do not return immediately on EACCES. + Fixes a regression when using systemd-networkd in an unprivileged LXD + container. (Closes: #997006) + * Revert multipath symlink race fix. + Revert upstream commits which caused a regression in udev resulting in + long delays when processing partitions with the same label. + (Closes: #993738) + * shared/rm-rf: loop over nested directories instead of recursing. + Fixes uncontrolled recursion in systemd-tmpfiles. + (CVE-2021-3997, Closes: #1003467) + * Demote systemd-timesyncd from Depends to Recommends. + This avoids a dependency cycle between systemd and systemd-timesyncd and + thus makes dist upgrades more predictable and robust. + It also allows minimal, systemd based containers where no NTP client is + strictly necessary. + To ensure that systemd-timesyncd is installed in a default installation + created by d-i, bump its priority to standard. + (Closes: #986651, #993947) + * autopktest: Fix timedated test dependencies. + Add an explicit systemd-timesyncd dependency as it is required by the + timedated test. + * machine: enter target PID namespace when adding a live mount. + Fixes failure to bind mount a directory into a container using + machinectl. (Closes: #993248) + + -- Michael Biebl <biebl@debian.org> Sun, 20 Mar 2022 20:55:25 +0100 + +systemd (247.3-6) unstable; urgency=high + + * Non-maintainer upload (acked by maintainers) + * unit-name: generate a clear error code when converting an overly long fs + path to a unit name + * basic/unit-name: do not use strdupa() on a path (CVE-2021-33910) + * basic/unit-name: adjust comments + + -- Salvatore Bonaccorso <carnil@debian.org> Tue, 13 Jul 2021 19:29:24 +0200 + +systemd (247.3-5) unstable; urgency=medium + + * udev-udeb: setup /dev/fd, /dev/std{in,out,err} symlinks. + As systemd-udevd no longer sets them up itself, we create them manually + after mounting devtmpfs. This avoids breaking applications which expect + those symlinks. (Closes: #975018) + + -- Michael Biebl <biebl@debian.org> Mon, 12 Apr 2021 20:21:24 +0200 + +systemd (247.3-4) unstable; urgency=medium + + [ Luca Boccassi ] + * Backport patch to fix assert with invalid LoadCredentials= + Regression introduced in v247, fixed in v249, see: + https://github.com/systemd/systemd/issues/19178 + (Closes: #986302) + + [ Michael Biebl ] + * network: Delay addition of IPv6 Proxy NDP addresses. + Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after + networkd adds them". (Closes: #985510) + + -- Michael Biebl <biebl@debian.org> Sun, 11 Apr 2021 16:06:46 +0200 + +systemd (247.3-3) unstable; urgency=medium + + * pkg-config: make prefix overridable again (Closes: #984763) + * Revert "units: turn off DNSSEC validation when timesyncd resolves + hostnames" + Support for SYSTEMD_NSS_RESOLVE_VALIDATE=0 requires the changes from + https://github.com/systemd/systemd/pull/17823 for the dnssec bypass + logic. Those are rather invasive changes and not suitable for a stable + backport. + + -- Michael Biebl <biebl@debian.org> Thu, 11 Mar 2021 18:09:35 +0100 + +systemd (247.3-2) unstable; urgency=medium + + * Downgrade a couple of warnings to debug. + If a package still ships only a SysV init script or if a service file or + tmpfile uses /var/run, downgrade those messages to debug. We can use + lintian to detect those issues. + For service files and tmpfiles in /etc, keep the warning, as those files + are typically added locally and aren't checked by lintian. + (Closes: #981407) + * core: fix mtime calculation of dropin files + (Closes: #975289) + * analyze: slightly reword PrivateTmp= message + (Closes: #931753) + * rules: move ID_SMARTCARD_READER definition to a <70 configuration + (Closes: #978011) + * units: turn off DNSSEC validation when timesyncd resolves hostnames + (Closes: #898530) + * table: drop trailing white spaces of the last cell in row + (Closes: #980820) + + -- Michael Biebl <biebl@debian.org> Sat, 06 Mar 2021 22:32:14 +0100 + +systemd (247.3-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 247.3 + * Rebase patches + + [ Ioanna Alifieraki ] + * systemctl: return error code when scheduled shutdown fails + + -- Michael Biebl <biebl@debian.org> Wed, 03 Feb 2021 17:11:39 +0100 + +systemd (247.2-5) unstable; urgency=medium + + [ Matthias Klumpp ] + * Configure localed to run locale-gen to generate missing locale. + This applies an (upstreamed) patch to permit systemd-localed to run + locale-gen to generate missing locale when requested to switch the + system locale. + This makes localectl usable on Debian for changing locale without + breaking system localization or even prevent certain applications from + running at all after switching to a non-generated locale. + + [ Michael Biebl ] + * systemctl: do not shutdown immediately on scheduled shutdown. + When, for whatever reason, a scheduled shutdown fails to be set, systemd + will proceed with immediate shutdown without allowing the user to react. + This is counterintuitive because when a scheduled shutdown is issued, + it means the user wants to shutdown at a specified time in the future, + not immediately. (Closes: #931235) + * test: disable DnsmasqClientTest.test_resolved_etc_hosts in + networkd-test.py. + This test appears to be flaky. + See: #979716 + * Bump Standards-Version to 4.5.1 + * Set upstream metadata fields: Bug-Submit, Bug-Database, Repository, + Repository-Browse + + -- Michael Biebl <biebl@debian.org> Mon, 18 Jan 2021 13:45:15 +0100 + +systemd (247.2-4) unstable; urgency=medium + + * Move libraries and NSS modules from /lib to /usr/lib. + Keep libpam_systemd.so installed in /lib, as PAM doesn't support + loading PAM modules from /usr/lib on a split-usr system. + + -- Michael Biebl <biebl@debian.org> Sat, 02 Jan 2021 17:06:01 +0100 + +systemd (247.2-3) unstable; urgency=medium + + * test: use modern qemu numa arguments + This fixes TEST-36-NUMAPOLICY from the upstream autopkgtest when using + qemu >= 5.2. + * Increase timeout when running unit tests. + The default timeout for individual unit tests is 30s. On slower + architectures and environments like reproducible-builds, this sometimes + is not enough. + Instead of fine-tuning the timeout for each individual test, we instead + increase the timeouts by a factor of 10. + * init-functions, getty-static.service: Don't hard-code path to systemctl + binary. + This should simplify an eventual move of systemctl from /bin to + /usr/bin. + * getty-static.service: Skip if dbus-broker is installed. + Check for the binary in /usr/bin as this makes it easier to move the + service files from /lib/systemd to /usr/lib/systemd. + + -- Michael Biebl <biebl@debian.org> Sat, 26 Dec 2020 13:33:41 +0100 + +systemd (247.2-2) unstable; urgency=medium + + * Switch to "unified" cgroup hierarchy (i.e. cgroupv2) (Closes: #943981) + + -- Michael Biebl <biebl@debian.org> Mon, 21 Dec 2020 20:06:49 +0100 + +systemd (247.2-1) unstable; urgency=medium + + [ Balint Reczey ] + * debian/systemd.NEWS: Mention udev rules changes in 247 + + [ Michael Biebl ] + * New upstream version 247.2 + * Rebase patches + * test: fix fd_is_mount_point() check + + -- Michael Biebl <biebl@debian.org> Sun, 20 Dec 2020 20:44:31 +0100 + +systemd (247.1-4) unstable; urgency=medium + + [ наб ] + * debian/extra/kernel-install.d/85-initrd.install: Don't install initrd when + an explicit path was passed (Closes: #970213) + * debian/extra/kernel-install.d/85-initrd.install: Match initrd installation + messages and uninstallation to 90-loaderentry.install + + [ Michael Biebl ] + * sd-device: keep escaped strings in DEVLINK= property (Closes: #976699) + + -- Michael Biebl <biebl@debian.org> Fri, 11 Dec 2020 20:25:31 +0100 + +systemd (247.1-3) unstable; urgency=medium + + * d/t/timedated: Ignore return code of dbus-monitor in wait_mon() + We are not really interested in the return code and error messages from + dbus-monitor after killing it, so ignore them to avoid undesired + autopkgtest failures. + + -- Michael Biebl <biebl@debian.org> Thu, 03 Dec 2020 23:53:29 +0100 + +systemd (247.1-2) unstable; urgency=medium + + [ Michael Biebl ] + * Upload to unstable + * Revert "d/t/timedated: use /bin/bash to work around job handling issue in + dash" + + [ Balint Reczey ] + * debian/tests/timedated: Wait for the killed child only. + There may be other children of the script due to autopkgtest machinery + and they exit after the script exited. (LP: #1904406) + + -- Michael Biebl <biebl@debian.org> Wed, 02 Dec 2020 23:25:32 +0100 + +systemd (247.1-1) experimental; urgency=medium + + * New upstream version 247.1 + + -- Michael Biebl <biebl@debian.org> Tue, 01 Dec 2020 17:17:28 +0100 + +systemd (247-1) experimental; urgency=medium + + * New upstream version 247 + * Rebase patches + * Update symbol versions for the v247 release + + -- Michael Biebl <biebl@debian.org> Thu, 26 Nov 2020 19:46:41 +0100 + +systemd (247~rc2-3) experimental; urgency=medium + + * Merge changes from unstable + * sd-device: make sd_device_has_current_tag() compatible with udev database + generated by older udevd + (Closes: #974730) + * Add Breaks: udev (<< 247~) to systemd. + This ensures that udev is upgraded alongside systemd and both support + the new udev tags concept introduced in v247. (Closes: #975554) + + -- Michael Biebl <biebl@debian.org> Thu, 26 Nov 2020 18:18:53 +0100 + +systemd (247~rc2-2) experimental; urgency=medium + + * missing: define several syscall numbers for MIPS arch (Closes: #974619) + + -- Michael Biebl <biebl@debian.org> Fri, 13 Nov 2020 19:22:04 +0100 + +systemd (247~rc2-1) experimental; urgency=medium + + [ Michael Biebl ] + * New upstream version 247~rc2 + - tmpfiles: Handle filesystems without ACL support in more cases + (Closes: #972135) + * Rebase patches + * Explicitly disable oomd + * Use -Dmode=release as we want a release, not developer, build + * Update symbols file for libudev1 and libsystemd0 + + [ Luca Boccassi ] + * systemd-container: install systemd-dissect binary. + Required for TEST-50-DISSECT since: + https://github.com/systemd/systemd/pull/16046 + * d/t/control: install squashfs-tools for upstream test. + Required by TEST-50-DISSECT since upstream PR: + https://github.com/systemd/systemd/pull/16046 + + [ Dan Streetman ] + * d/control: update meson minimum version + https://github.com/systemd/systemd/pull/13842#issuecomment-601105975 + * d/t/upstream: convert 'blacklist' term to 'deny-list' + Support transition for upstream-ci from + https://github.com/systemd/systemd/pull/16262 + + -- Michael Biebl <biebl@debian.org> Thu, 12 Nov 2020 21:23:22 +0100 + +systemd (246.6-5) unstable; urgency=medium + + * Drop non-functional DefaultTasksMax patch. + This patch was supposed to remove the DefaultTasksMax limit, but lost + its actual logic over 4 years ago, when the patches were rebased for the + v231 release. Since nobody has complained so far, we can assume it is + safe to drop this patch. (Closes: #975335) + * test-seccomp: accept ENOSYS from sysctl(2) too. + It seems that kernel 5.9 started returning that. + * test/test-functions: copy /usr/lib/pam.d into $initdir. + The systemd-user file has been moved from /etc/pam.d into /usr/lib/pam.d, + so test-functions needs to copy it from /usr/lib/pam.d instead. + + -- Michael Biebl <biebl@debian.org> Tue, 24 Nov 2020 21:53:25 +0100 + +systemd (246.6-4) unstable; urgency=medium + + * Revert "Trigger a systemctl daemon-reload when init scripts are installed + or removed" + Remove the dpkg file trigger which called systemctl daemon-reload whenever + a SysV init script was installed. We have proper support in debhelper + nowadays which makes this superfluous and we want to avoid unnecessary + systemctl daemon-reload calls. + + -- Michael Biebl <biebl@debian.org> Thu, 19 Nov 2020 22:35:48 +0100 + +systemd (246.6-3) unstable; urgency=medium + + * pam: include pam_keyinit session module in systemd-user. + We want that systemd --user gets its own keyring, not the basic keyring + set up by systemd --system. + * pam: move systemd-user PAM config from /etc/pam.d to /usr/lib/pam.d. + This is supported since PAM 1.2 and we want as little files in /etc as + possible. + * init-functions: update LSB hook to not use ignore-dependencies + job-mode=ignore-dependencies, as currently used in the LSB hook during + bootup and shutdown, can have undesired side-effects, like changing the + ordering of services and ultimately causing them to fail, due to unmet + dependencies. + So simplify that, and only apply --no-block on reload requests during + bootup and shutdown. (Closes: #960594) + * d/t/timedated: use /bin/bash to work around job handling issue in dash. + See: #975010 + + -- Michael Biebl <biebl@debian.org> Tue, 17 Nov 2020 23:34:07 +0100 + +systemd (246.6-2) unstable; urgency=medium + + * XDG autostart improvements + - Add support for Path= in XDG Desktop File + - Ignore more common XDG Desktop Entry fields + - Lower most info messages to debug level (Closes: #968116) + * Re-enable seccomp support on riscv64. + This should be safe now, as the code has fallbacks for systems with + older libseccomp versions. + * Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr. + In Debian, late mounting of /usr is no longer supported, so it is safe + to install those files in /usr. + We want those facilities in /usr, not /, as this will make an eventual + switch to a merged-usr setup easier. (Closes: #971282) + * units: update serial-getty@.service to support 57600 baud rate + (Closes: #969144) + * bootspec: don't fail with EIO if searching for ESP and finding one without + an enveloping partition table + (Closes: #970534) + + -- Michael Biebl <biebl@debian.org> Thu, 15 Oct 2020 23:48:34 +0200 + +systemd (246.6-1) unstable; urgency=medium + + * New upstream version 246.6 + * Rebase patches + + -- Michael Biebl <biebl@debian.org> Mon, 21 Sep 2020 20:28:36 +0200 + +systemd (246.5-1) unstable; urgency=medium + + * New upstream version 246.5 + - network: fix NDisc handling for the case when multiple routers exist + (Closes: #969599) + - core/socket: we may get ENOTCONN from socket_instantiate_service() + (Closes: #970156) + * Rebase patches + + -- Michael Biebl <biebl@debian.org> Mon, 14 Sep 2020 08:04:39 +0200 + +systemd (246.4-1) unstable; urgency=medium + + * New upstream version 246.4 + * Rebase patches + + -- Michael Biebl <biebl@debian.org> Wed, 02 Sep 2020 13:30:52 +0200 + +systemd (246.3-1) unstable; urgency=medium + + * New upstream version 246.3 + * Rebase patches + + -- Michael Biebl <biebl@debian.org> Sat, 29 Aug 2020 18:39:32 +0200 + +systemd (246.2-2) unstable; urgency=medium + + [ Balint Reczey ] + * debian/systemd.postinst: Restart systemd-networkd.socket on incompatible + change. + PassCredentials=yes is replaced with PassPacketInfo=yes and extra padding is + dropped, too. + (Closes: #968589, LP: #1891716) + + [ Michael Biebl ] + * Fix restart of systemd-networkd.socket. + We can't restart the socket while systemd-networkd.service is still + active. Instead we stop the socket and ensure, that a try-restart of + systemd-networkd.service also starts the socket. + * seccomp: Add support for riscv64 (Closes: #954312) + * Support missing conditions/asserts everywhere (Closes: #968612) + * path: Skip directories when finalising $PATH search (Closes: #969006) + + -- Michael Biebl <biebl@debian.org> Sat, 29 Aug 2020 16:24:49 +0200 + +systemd (246.2-1) unstable; urgency=medium + + * New upstream version 246.2 + * Remove resolvconf.conf drop-in, resolved integration moved to resolvconf + package + * Rebase patches + * Add versioned Breaks against resolvconf (<< 1.83~) to systemd. + The PathExists= directive was changed in v246 to match the documented + behaviour but now causes resolvconf-pull-resolved.service to be + continuously triggered by resolvconf-pull-resolved.path. + This requires a fix in the resolvconf package, see #968015. + (Closes: #967906) + * Keep journal files compatible with older versions. + Disable the KEYED-HASH journal feature by default and keep LZ4 (instead + of ZSTD) as default compression for new journal files. Otherwise journal + files are incompatible and can't be read by older journalctl + implementations. + This patch can be dropped in bullseye+1, as journalctl from bullseye + will then be able to read journal files with those features. + (Closes: #968055) + + -- Michael Biebl <biebl@debian.org> Mon, 17 Aug 2020 22:28:09 +0200 + +systemd (246.1-1) unstable; urgency=medium + + * New upstream version 246.1 + * Rebase patches + + -- Michael Biebl <biebl@debian.org> Sun, 16 Aug 2020 13:14:46 +0200 + +systemd (246-2) unstable; urgency=medium + + * Upload to unstable + + -- Michael Biebl <biebl@debian.org> Mon, 03 Aug 2020 09:46:27 +0200 + +systemd (246-1) experimental; urgency=medium + + * New upstream version 246 + * Rebase patches + * Update symbols file for libsystemd0 + * Bump libapparmor-dev Build-Depends to (>= 2.13) + * Disable libfido2 support. + This is only used by homed which we don't enable. + + -- Michael Biebl <biebl@debian.org> Thu, 30 Jul 2020 22:22:24 +0200 + +systemd (245.7-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 245.7 + - resolve: enable RES_TRUSTAD towards the 127.0.0.53 stub resolver + (Closes: #965371) + - basic/cap-list: parse/print numerical capabilities + (Closes: #964926) + * Rebase patches + + [ Dan Streetman ] + * Add libzstd-dev and zstd as build and test deps. + https://github.com/systemd/systemd/pull/15422 + + -- Michael Biebl <biebl@debian.org> Mon, 27 Jul 2020 23:24:47 +0200 + +systemd (245.6-3) unstable; urgency=medium + + [ Dan Streetman ] + * d/t/upstream: capture new merged 'system.journal' from tests. + https://github.com/systemd/systemd/pull/15281 + * d/t/upstream: use --directory or --file param for journalctl. + Properly tell journalctl if the journal to parse is a dir or file. + * d/t/storage: check for ext2 or ext4 fs when using crypttab 'tmp' option. + https://github.com/systemd/systemd/pull/15853 + + [ Martin Pitt ] + * debian/tests/localed-locale: Fix for environments without en_US.UTF-8. + Unconditionally back up/restore locale configuration files and generate + en_US.UTF-8. Previously the test failed in environments which have some + locale other than en_US.UTF-8 in /etc/default/locale. + Also fix the assertion of /etc/locale.conf not being present after + localectl. This only applies to Debian/Ubuntu tests, not upstream ones. + + [ Dimitri John Ledkov ] + * Enable EFI/bootctl on armhf. + + -- Michael Biebl <biebl@debian.org> Tue, 14 Jul 2020 18:16:57 +0200 + +systemd (245.6-2) unstable; urgency=medium + + [ Dan Streetman ] + * 40-vm-hotadd.rules: check offline before onlining memory/cpus. + The kernel will return EINVAL if the memory or cpu is already online, + which is harmless, but adds a confusing error to the log. Avoid the error + message by only onlining if the memory or cpu is currently offline. + (LP: #1876018) + + [ Michael Biebl ] + * d/t/boot-and-services: use canonical name for NetworkManager service + * Fix build with libmicrohttpd 0.9.71. + The return type of callbacks was changed from int to an enum. + + [ Youfu Zhang ] + * fsckd: avoid useless CR displayed on console (LP: #1692353) + + [ Balint Reczey ] + * dhclient-exit-hooks.d/timesyncd: Act only when systemd-timesyncd is available. + Otherwise the hook script might trigger an error if the + systemd-timesyncd package is uninstalled but not purged. (LP: #1873031) + + -- Michael Biebl <biebl@debian.org> Sun, 05 Jul 2020 11:44:39 +0200 + +systemd (245.6-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 245.6 + * Rebase patches + + [ Balint Reczey ] + * debian/tests/boot-and-services: Handle missing fstab (LP: #1877078) + + -- Michael Biebl <biebl@debian.org> Mon, 08 Jun 2020 00:56:37 +0200 + +systemd (245.5-3) unstable; urgency=medium + + [ Michael Biebl ] + * Bump priority of libnss-systemd to standard + * logind: avoid shadow lookups when doing userdb client side + * Disable DNSSEC support by default in resolved. + The upstream default, DNSSEC=allow-downgrade can lead to compatibility + issues with certain network access points. Previously, DNSSEC support + was only turned off when built for a stable Debian release, but it is + safer and more consistent to just generally change the default to + DNSSEC=no. (Closes: #959996) + * Bump debhelper compatibility level to 13. + Use the debhelper-compat package to declare the compatibility level and + drop debian/compat. + * Convert to dh_installsystemd and disable dh_installsystemduser + * Drop custom initramfs update code. + Now handled by dh_installinitramfs which is enabled by default in compat + level 12 and above. + + [ Dan Streetman ] + * Cherry-pick fix from upstream master to adjust UseGateway= default + - network: change UseGateway= default to UseRoutes= setting + - network: honor SetDNSRoutes= even if UseGateway=False + (LP: #1867375) + + [ Topi Miettinen ] + * Delete empty lines at end of file. + Upstream commit hooks don't allow empty lines and of course they serve no + purpose. + + -- Michael Biebl <biebl@debian.org> Sun, 17 May 2020 19:28:49 +0200 + +systemd (245.5-2) unstable; urgency=medium + + * Cherry-pick various fixes from upstream master + - network: add a flag to ignore gateway provided by DHCP server + - userdb: when doing client-side NSS look-ups optionally avoid shadow + look-ups + - nss-systemd: don't synthesize root/nobody when iterating + - core: make sure we don't get confused when setting TERM for a tty fd + - core: make sure to restore the control command id, too + * Install 60-block.rules in udev-udeb and initramfs-tools. + The block device rules were split out from 60-persistent-storage.rules + into its own rules file in v220. Those rules ensure that change events + are emitted and the udev db is updated after metadata changes. + Thanks to Pascal Hambourg (Closes: #958397) + + -- Michael Biebl <biebl@debian.org> Mon, 27 Apr 2020 17:38:44 +0200 + +systemd (245.5-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 245.5 + * Rebase patches + + [ Dan Streetman ] + * Follow symlinks when finding link files to copy into initramfs. + If the /{etc,lib}/systemd/network directory itself is a symlink, the find + command will not actually find any of the files in the dir it links to. + Use the find -L param to follow symlinks. + (LP: #1868892) + * Remove Ubuntu-specific ondemand.service. + New processors handle scaling/throttling in internal firmware + (e.g. intel_pstate), and do not require OS config. + Additionally, nobody else does this, not even Debian. + + -- Michael Biebl <biebl@debian.org> Sat, 18 Apr 2020 20:41:18 +0200 + +systemd (245.4-4) unstable; urgency=medium + + * Drop Conflicts: virtualbox-guest-utils from systemd-timesyncd. + Otherwise this could lead to virtualbox-guest-utils being uninstalled on + upgrades which is not intended. (Closes: #956436) + * pid1: automatically generate systemd-remount-fs.service deps, plus enable + systemd-pstore from sysinit.target + * Fix systemd-pstore.service enablement symlink on upgrades. + It is now started via sysinit.target. Also clean up the symlink on + purge. + + -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2020 11:34:31 +0200 + +systemd (245.4-3) unstable; urgency=medium + + [ Dan Streetman ] + * d/rules: in dh_auto_test, include meson param --print-errorlogs. + Also, don't cat testlog.txt; it's noisy and not very helpful. + Upstream request: + https://github.com/systemd/systemd/pull/14338#issuecomment-603432989 + + [ Michael Biebl ] + * pid1: by default make user units inherit their umask from the user manager + (Closes: #945000) + * user-util: rework how we validate user names. + This reworks the user validation infrastructure. There are now two + modes. In regular mode we are strict and test against a strict set of + valid chars. And in "relaxed" mode we just filter out some really + obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but + "relaxed" is blacklisting what is really not OK. + The idea is that we use strict mode whenever we allocate a new user, + while "relaxed" mode is used when we process users registered elsewhere. + (Closes: #955541) + + -- Michael Biebl <biebl@debian.org> Fri, 10 Apr 2020 11:55:15 +0200 + +systemd (245.4-2) unstable; urgency=medium + + [ Balint Reczey ] + * Ship systemd-timesyncd in a separate package. + The new systemd-timesyncd package conflicting with other NTP-related + packages resolves the problems arising when running systemd-timesyncd + and other NTP servers on the same system. + (LP: #1849156, Closes: #805927, #947936) + + -- Michael Biebl <biebl@debian.org> Sat, 04 Apr 2020 08:59:50 +0200 + +systemd (245.4-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 245.4 + - Allow names starting with a digit (Closes: #954174) + - Recognize davfs as network file system (Closes: #954755) + * Enable systemd-pstore.service by default on new installs and upgrades + (Closes: #952767) + * Revert "Enable seccomp support on riscv64" + This requires further changes to the source code and a newer, not yet + officially released, libseccomp. Since this complicates backports revert + this change for the time being. + + [ Dan Streetman ] + * d/t/logind: use grep -s when checking /sys/power/state. + Some kernels in Ubuntu (e.g. linux-kvm) do not enable CONFIG_PM, which + results in stderr output when the logind test tries to grep the power + state file, causing the test to fail. The test already handles skipping + the test if suspend isn't supported, so just use -s to suppress grep + from printing to stderr if the file doesn't exist. + + -- Michael Biebl <biebl@debian.org> Thu, 02 Apr 2020 11:58:18 +0200 + +systemd (245.2-1) unstable; urgency=medium + + * New upstream version 245.2 + * Rebase patches + * Enable seccomp support on riscv64 (Closes: #954077) + * Drop migration code for the switch from DynamicUser=yes to no. + This code is no longer needed as it only affected systems between 239-1 + and 239-5, i.e. it never affected a stable release. + + -- Michael Biebl <biebl@debian.org> Wed, 18 Mar 2020 23:32:08 +0100 + +systemd (245-2) unstable; urgency=medium + + * Revert "job: Don't mark as redundant if deps are relevant" + This change negatively affects plymouth which was no longer properly + stopped after the system has completed booting. The running plymouth + daemon can trigger a VT switch (to tty1). (Closes: #953670) + + -- Michael Biebl <biebl@debian.org> Thu, 12 Mar 2020 13:55:26 +0100 + +systemd (245-1) unstable; urgency=medium + + [ Balint Reczey ] + * New upstream version 245 + * Refresh patches + * Update symbols + + [ Michael Biebl ] + * Disable repart, userdb, homed, fdisk, pwquality, p11kit feature. + Those are new features which drag in new dependencies and need further + review first. + * analyze: Fix table time output + * execute: Fix migration from DynamicUser=yes to no + * Drop manual clean up of /var/lib/private/systemd/timesync. + This is now done properly by systemd itself when a service switches from + DynamicUser=yes to no. + + -- Michael Biebl <biebl@debian.org> Wed, 11 Mar 2020 13:33:37 +0100 + +systemd (244.3-1) unstable; urgency=medium + + * New upstream version 244.3 + - Revert "Support Plugable UD-PRO8 dock" + Unfortunately the same usb hub is used in other places, and causes + numerous regressions. (Closes: #951330) + + -- Michael Biebl <biebl@debian.org> Sat, 15 Feb 2020 15:44:45 +0100 + +systemd (244.2-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 244.2 + - polkit: when authorizing via PolicyKit re-resolve callback/userdata + instead of caching it (CVE-2020-1712, Closes: #950732) + * Rebase patches + * Bump Standards-Version to 4.5.0 + + [ Balint Reczey ] + * Remove empty /var/log/journal/ on purge + + -- Michael Biebl <biebl@debian.org> Fri, 07 Feb 2020 19:24:20 +0100 + +systemd (244.1-3) unstable; urgency=medium + + * Update documentation regarding network interface naming. + Document that 73-usb-net-by-mac.link needs to be masked together with + 99-default.link if one wants to disable the systemd naming scheme and keep + the kernel-provided names. (Closes: #946196) + * Update debian/rules clean target to remove all Python bytecode + * Update systemd package description. + Recommend init=/lib/systemd/systemd instead of init=/bin/systemd. + The latter is just a compat symlink which might go away eventually. + * shared/dropin: fix assert for invalid drop-in. + Fixes an assertion when running systemctl cat on inexistent + unit templates. (Closes: #950489) + * core: call dynamic_user_acquire() only when 'group' is non-null. + Fixes an assertion in systemd which could happen if a unit is reloaded + and the unit is in bad-setting state. (Closes: #950409) + * Don't fail upgrade if /proc is not mounted. + Applying ACLs on /var/log/journal via systemd-tmpfiles requires a + mounted /proc. Skip this step if /proc is not available, e.g. in a + chroot. (Closes: #950533) + + -- Michael Biebl <biebl@debian.org> Tue, 04 Feb 2020 00:11:55 +0100 + +systemd (244.1-2) unstable; urgency=medium + + * Report status of libpam-systemd and libnss-systemd in systemd reportbug + template. + Since the libpam-systemd Recommends was moved from systemd to + systemd-sysv we no longer get this information automatically, so request + it explicitly. + * Drop btrfs-progs Recommends from systemd-container. + Upstream has dropped the logic of setting up /var/lib/machines as btrfs + loopback mount so this Recommends is no longer necessary. + * Fix processing of dpkg triggers in systemd. + We need to use $@ instead of "$@" so we can iterate through the + individual trigger names which are passed as a space separated list in + the second argument. + * Fix cleanup of timesyncd state directory + * Enable persistent journal. + Create /var/log/journal on upgrades and new installs. This enables + persistent journal in auto mode. (Closes: #717388) + + -- Michael Biebl <biebl@debian.org> Sat, 01 Feb 2020 02:59:12 +0100 + +systemd (244.1-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 244.1 + - network: fix segfault in parsing SendOption= (Closes: #946475) + * core: don't allow perpetual units to be masked (Closes: #948710) + + [ Balint Reczey ] + * debian/watch: Switch to watch tags at github.com/systemd/systemd-stable. + Upstream point releases appear there. + + [ Helmut Grohne ] + * Add basic support for the noinsttest build profile + * Annotate dbus build dependency with <!noinsttest> + The dbus library is needed for building tests. As such it must be + present unless we disable both build time and installed tests. + Previously, building with the nocheck profile worked, but it didn't + reproduce a regular build. + + -- Michael Biebl <biebl@debian.org> Sat, 25 Jan 2020 18:53:23 +0100 + +systemd (244-3) unstable; urgency=medium + + * Update udev-udeb to use 73-usb-net-by-mac.link + + -- Michael Biebl <biebl@debian.org> Mon, 02 Dec 2019 23:44:52 +0100 + +systemd (244-2) unstable; urgency=medium + + * Add lintian override for udev. + 60-autosuspend-chromiumos.rules triggers a udev-rule-missing-subsystem + warning. This is a false positive, as SUBSYSTEM is tested at the + beginning of the rules file. + * Add lintian override for systemd-container + systemd-nspawn@.service triggers a + systemd-service-file-refers-to-unusual-wantedby-target warning but + nspawn containers are supposed to be started via machines.target. + * Make it easier to override MAC based name policy for USB network adapters. + Replace 73-usb-net-by-mac.rules with 73-usb-net-by-mac.link. The .link + file provides the same functionality but makes it easier to set a custom + name for USB network adapters via the systemd.link mechanism. + Thanks to Benjamin Poirier (Closes: #941636) + * Move libpam-systemd Recommends from systemd to systemd-sysv. + libpam-systemd is only really useful if systemd is PID 1 and the systemd + package should be installable without affecting another installed init + system. (Closes: #926316) + * Upload to unstable + + -- Michael Biebl <biebl@debian.org> Mon, 02 Dec 2019 17:57:55 +0100 + +systemd (244-1) experimental; urgency=medium + + * New upstream version 244 + - udev: do not propagate error when executing PROGRAM and IMPORT{program} + (Closes: #944675) + - sd-event: don't invalidate source type on disconnect + (Closes: #945332) + * Rebase patches + + -- Michael Biebl <biebl@debian.org> Sat, 30 Nov 2019 16:39:57 +0100 + +systemd (243-9) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * resolved: fix connection failures with TLS 1.3 and GnuTLS (Closes: #945507) + + -- Michael Biebl <biebl@debian.org> Fri, 29 Nov 2019 21:33:19 +0100 + +systemd (243-8) unstable; urgency=medium + + * udevadm: ignore EROFS and return earlier. + Fixes failures of "udevadm trigger" in containers with a readonly /sys. + (Closes: #944860) + * udev: silence warning about PROGRAM+= or IMPORT+= rules (Closes: #944917) + * man: add entry about SpeedMeter= (Closes: #944597) + * udev: drop SystemCallArchitectures=native from systemd-udevd.service. + We can't really control what helper programs are run from other udev + rules. E.g. running i386 binaries under amd64 is a valid use case and + should not trigger a SIGSYS failure. (Closes: #869719) + + -- Michael Biebl <biebl@debian.org> Tue, 19 Nov 2019 09:17:12 +0100 + +systemd (243-7) unstable; urgency=medium + + * Fix build failure on arm64 with libseccomp >= 2.4.2 + + -- Michael Biebl <biebl@debian.org> Fri, 15 Nov 2019 22:01:17 +0100 + +systemd (243-6) unstable; urgency=medium + + * Revert "sysusers: properly mark generated accounts as locked" + We shouldn't lock the accounts because people actually need to use them, and + if they are locked, various tools will refuse. + * udev: ignore error caused by device disconnection. + During an add or change event, the device may be disconnected. + (Closes: #944586) + * udev: do not append newline when writing attributes + + -- Michael Biebl <biebl@debian.org> Thu, 14 Nov 2019 14:09:49 +0100 + +systemd (243-5) unstable; urgency=medium + + * Switch default hierarchy (back) to hybrid. + Since v243, the new upstream default is unified, but this still causes + regressions in important packages, like LXC or Docker, so switch the + default back to hybrid for now. + * Drop masks for SysV init scripts that have been dropped + * Drop masks for SysV init scripts provided by initscripts and bootlogd + * logind: fix emission of PropertiesChanged signal for users and seats + * Bump Standards Version to 4.4.1 + * Upload to unstable + + -- Michael Biebl <biebl@debian.org> Mon, 11 Nov 2019 00:58:41 +0100 + +systemd (243-4) experimental; urgency=medium + + * Merge changes from unstable branch + + -- Michael Biebl <biebl@debian.org> Sat, 09 Nov 2019 01:15:08 +0100 + +systemd (243-3) experimental; urgency=medium + + * Import patches from v243-stable branch (up to ef677436aa) + + -- Michael Biebl <biebl@debian.org> Mon, 14 Oct 2019 15:26:01 +0200 + +systemd (243-2) experimental; urgency=medium + + * Import patches from v243-stable branch (up to fab6f010ac) + + -- Michael Biebl <biebl@debian.org> Sun, 22 Sep 2019 12:46:02 +0200 + +systemd (243-1) experimental; urgency=medium + + * New upstream version 243 + * Merge changes from unstable branch + + -- Michael Biebl <biebl@debian.org> Thu, 05 Sep 2019 01:21:49 +0200 + +systemd (243~rc2-1) experimental; urgency=medium + + * New upstream version 243~rc2 + - man: document that "systemd-analyze blame/critical-chain" is not useful + to track down job latency. (Closes: #920234) + - systemctl: process all units matched by a glob in the cat verb by + default. (Closes: #904913) + - units: automatically revert to /run logging on shutdown if necessary. + Prevents /var staying busy on shutdown due to journald. + (Closes: #851402) + - bash-completion: don't sort syslog priorities. (Closes: #913222) + - man: add example for setting multiple properties at once. + (Closes: #807464) + * Rebase patches + * Update symbols file for libsystemd0 + * core: stop removing non-existent and duplicate lookup paths + * Install static-nodes-permissions.conf tmpfile in udev + + -- Michael Biebl <biebl@debian.org> Sat, 31 Aug 2019 00:20:41 +0200 + +systemd (242-8) unstable; urgency=medium + + [ Dan Streetman ] + * d/extra/rules/73-special-net-names.rules: use $$ instead of $ in PROGRAM= + value. + Fixes incorrect variable substitution. + * Rework and improve blacklist handling in debian/tests/upstream + + [ Balint Reczey ] + * Various improvements to debian/extra/checkout-upstream making it more + straightforward to override the default behaviour + * Use package version as systemd's reported version (LP: #1849158) + + [ Michael Biebl] + * debiant/tests/udev: replace deprecated ADTTMP with AUTOPKGTEST_TMP + + -- Michael Biebl <biebl@debian.org> Fri, 08 Nov 2019 23:18:00 +0100 + +systemd (242-7) unstable; urgency=medium + + * sleep: properly pass verb to sleep script + * core: factor root_directory application out of apply_working_directory. + Fixes RootDirectory not working when used in combination with User. + (Closes: #939408) + * shared/bus-util: drop trusted annotation from + bus_open_system_watch_bind_with_description(). + This ensures that access controls on systemd-resolved's D-Bus interface + are enforced properly. + (CVE-2019-15718, Closes: #939353) + + -- Michael Biebl <biebl@debian.org> Wed, 04 Sep 2019 19:34:17 +0200 + +systemd (242-6) unstable; urgency=medium + + [ Dan Streetman ] + * d/t/control: upstream test requires qemu-system-ppc on ppc64el + * d/t/control: install seabios for upstream test. + Some archs (at least arm64) qemu implementation require the vga bios. + + [ Michael Biebl ] + * Drop unused lintian override + * network: fix ListenPort= in [WireGuard] section (Closes: #936198) + * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices + (Closes: #934589) + * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by + user-space + * Drop dbus activation stub service. + Since dbus 1.11.0, a dbus-daemon that is run with --systemd-activation + automatically assumes that o.fd.systemd1 is an activatable service. + As a result, with a new enough dbus version, + /usr/share/dbus-1/services/org.freedesktop.systemd1.service and + /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service + become unnecessary and can be removed. (Closes: #914015) + * Revert "core: check start limit on condition checks too" + If a unit was referenced too often, it hit the restart limit and the + unit was marked as failed. Fixes a regression introduced in v242. + (Closes: #935829) + + [ Michael Prokop ] + * README.Debian: document KillUserProcesses behavior in Debian + + -- Michael Biebl <biebl@debian.org> Tue, 03 Sep 2019 11:09:07 +0200 + +systemd (242-5) unstable; urgency=medium + + [ Dan Streetman ] + * d/rules: add CONFFGLAGS_UPSTREAM to dh_auto_configure -- params + + [ Michael Biebl ] + * core: never propagate reload failure to service result. + Fixes a regression introduced in v239 where the main process of a + service unit gets killed on reload if ExecReload fails. (Closes: #936032) + * shared/seccomp: add sync_file_range2. + Some architectures need the arguments to be reordered because of alignment + issues. Otherwise, it's the same as sync_file_range. + Fixes sync_file_range failures in nspawn containers on arm, ppc. + (Closes: #935091) + * bash-completion: don't sort syslog priorities. + By default, the available completions are sorted alphabetically, which + is counterproductive in case of syslog priorities. Override the default + behavior using the `nosort` option. (Closes: #913222) + * test-bpf: skip test when run inside containers + + -- Michael Biebl <biebl@debian.org> Thu, 29 Aug 2019 16:18:18 +0200 + +systemd (242-4) unstable; urgency=medium + + * Upload to unstable + + -- Michael Biebl <biebl@debian.org> Wed, 21 Aug 2019 22:09:13 +0200 + +systemd (242-3) experimental; urgency=medium + + [ Dan Streetman ] + * d/t/boot-and-services: fix test_failing() + * d/t/boot-and-services: check for any kernel message, not just first kernel + message (Closes: #929730) + * d/t/upstream: add TEST-30, TEST-34 to blacklist + * d/t/timedated: replace systemctl is-active with systemctl show + * d/t/control: root-unittests can break networking, add breaks-testbed + * d/t/control: mark udev test skippable + * d/t/upstream: always cleanup after (and before) each test + * d/t/control: upstream test requires dmeventd + * d/e/checkout-upstream: don't remove .git + * d/e/checkout-upstream: move change to debian/ files above other changes + * d/e/checkout-upstream: add UPSTREAM_KEEP_CHANGELOG param + * d/e/checkout-upstream: create git commits for each change + * d/e/checkout-upstream: switch from 'quilt' to 'native' format + * d/e/checkout-upstream: set user.name, user.email if unset + * d/t/storage: change plaintext_name to include testname + * d/t/storage: increase wait for plaintext_dev from 5 to 30 seconds + * d/t/storage: wait for service to start, only stop if active + * d/t/storage: don't search for 'scsi_debug' in ask_password + * d/t/storage: manage scsi_debug using add_hosts (Closes: #929728) + * d/t/storage: use short timeout waiting for scsi_debug block dev to appear + * d/t/storage: convert password agent into normal Thread + * d/t/storage: fail if socket info not in ask_password contents + * d/t/boot-smoke: pass failure reason to fail() to print instead of separate + echo + * d/t/boot-smoke: in fail() set +e so errors are ignored while gathering + data + * d/t/boot-smoke: gather still running jobs in fail() + * d/t/boot-smoke: wait for is-system-running + * d/t/boot-smoke: call fail if pidof polkitd fails + * d/t/boot-smoke: remove check for running jobs + + [ Michael Biebl ] + * d/t/boot-smoke: check for NetworkManager instead of D-Bus activated + polkitd (Closes: #934992) + + -- Michael Biebl <biebl@debian.org> Wed, 21 Aug 2019 00:12:22 +0200 + +systemd (242-2) experimental; urgency=medium + + [ Michael Biebl ] + * Drop dependency on lsb-base. + It is only needed when booting with sysvinit and initscripts, but + initscripts already Depends on lsb-base (see #864999). + * Stop removing enablement symlinks in /etc/systemd/system. + With v242 this is no longer necessary as `ninja install` will no longer + create those symlinks. + * Replace manual removal of halt-local.service with upstream patch + + [ Dimitri John Ledkov ] + * Build manpages in .deb variant. + Upstream snapshots are switching to building manpages off by default. + + [ Luca Boccassi ] + * Enable portabled and install related files in systemd-container. + Keep disabled for the udeb profile. (Closes: #918606) + + -- Michael Biebl <biebl@debian.org> Fri, 07 Jun 2019 22:41:50 +0200 + +systemd (242-1) experimental; urgency=medium + + * New upstream version 242 + - Change ownership/mode of the execution directories also for static users + (Closes: #919231) + - A new boolean sandboxing option RestrictSUIDSGID= has been added that is + built on seccomp. When turned on, creation of SUID/SGID files is + prohibited. The NoNewPrivileges= and the new RestrictSUIDSGID= options + are now implied if DynamicUser= is turned on for a service. + (Closes: #928102, CVE-2019-3843, CVE-2019-3844) + * Drop Revert-udev-network-device-renaming-immediately-give.patch. + This patch needs ongoing maintenance work to be adapted to new releases + and fails to apply with v242. Instead of investing more time into it we + are going to drop the patch as it was a hack anyway. + * Rebase patches + * Drop pre-stretch migration code + * Drop /sbin/udevadm compat symlink (Closes: #852580) + * socket-util: Make sure flush_accept() doesn't hang on unexpected + EOPNOTSUPP + * Enable regexp matching support in journalctl using pcre2 (Closes: #898892) + * Switch from libidn to libidn2 (Closes: #928615) + + -- Michael Biebl <biebl@debian.org> Wed, 08 May 2019 01:33:56 +0200 + +systemd (241-7) unstable; urgency=medium + + [ Michael Biebl ] + * network: Fix failure to bring up interface with Linux kernel 5.2. + Backport two patches from systemd master in order to fix a bug with 5.2 + kernels where the network interface fails to come up with the following + error: "enp3s0: Could not bring up interface: Invalid argument" + (Closes: #931636) + * Use /usr/sbin/nologin as nologin shell. + In Debian the nologin shell is installed in /usr/sbin, not /sbin. + (Closes: #931850) + + [ Mert Dirik ] + * 40-systemd: Don't fail if SysV init script uses set -u and $1 is unset + (Closes: #931719) + + -- Michael Biebl <biebl@debian.org> Thu, 18 Jul 2019 19:38:23 +0200 + +systemd (241-6) unstable; urgency=medium + + * ask-password: Prevent buffer overflow when reading from keyring. + Fixes a possible memory corruption that causes systemd-cryptsetup to + crash either when a single large password is used or when multiple + passwords have already been pushed to the keyring. (Closes: #929726) + * Clarify documentation regarding %h/%u/%U specifiers. + Make it clear, that setting "User=" has no effect on those specifiers. + Also ensure that "%h" is actually resolved to "/root" for the system + manager instance as documented in the systemd.unit man page. + (Closes: #927911) + * network: Behave more gracefully when IPv6 has been disabled. + Ignore any configured IPv6 settings when IPv6 has been disabled in the + kernel via sysctl. Instead of failing completely, continue and log a + warning instead. (Closes: #929469) + + -- Michael Biebl <biebl@debian.org> Mon, 08 Jul 2019 11:27:51 +0200 + +systemd (241-5) unstable; urgency=medium + + * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" + This change left the keyboard in an unusable state when exiting an X + session. (Closes: #929229) + + -- Michael Biebl <biebl@debian.org> Fri, 24 May 2019 22:58:59 +0200 + +systemd (241-4) unstable; urgency=medium + + * journal-remote: Do not request Content-Length if Transfer-Encoding is + chunked (Closes: #927008) + * systemctl: Restore "systemctl reboot ARG" functionality. + Fixes a regression introduced in v240. (Closes: #928659) + * random-util: Eat up bad RDRAND values seen on AMD CPUs. + Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle + while still reporting success via the carry flag. + Filter out invalid data like -1 (and also 0, just to be sure). + (Closes: #921267) + * Add check to switch VTs only between K_XLATE or K_UNICODE. + Switching to K_UNICODE from other than L_XLATE can make the keyboard + unusable and possibly leak keypresses from X. + (CVE-2018-20839, Closes: #929116) + * Document that DRM render nodes are now owned by group "render" + (Closes: #926886) + + -- Michael Biebl <biebl@debian.org> Fri, 17 May 2019 21:16:33 +0200 + +systemd (241-3) unstable; urgency=high + + [ Michael Biebl ] + * Drop systemd-shim alternative from libpam-systemd. + A fixed systemd-shim package which works with newer versions of systemd + is unlikely to happen given that the systemd-shim package has been + removed from the archive. Drop the alternative dependency from + libpam-systemd accordingly. + * Properly remove duplicate directories from systemd package. + When removing duplicate directories from the systemd package, sort the + list of directories in reverse order so we properly delete nested + directories. + * udev: Run programs in the specified order (Closes: #925190) + * bash-completion: Use default completion for redirect operators + (Closes: #924541) + * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's + (Closes: #815582) + * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf" + Apparently Conflicts= are not a reliable mechanism to ensure alternative + NTP implementations take precedence over systemd-timesyncd. + (Closes: #902026) + * network: Fix routing policy rule issue. + When multiple links request a routing policy, make sure they are all + applied correctly. (Closes: #924406) + * pam-systemd: Use secure_getenv() rather than getenv() + Fixes a vulnerability in the systemd PAM module which insecurely uses + the environment and lacks seat verification permitting spoofing an + active session to PolicyKit. (CVE-2019-3842) + + [ Martin Pitt ] + * Enable udev autopkgtest in containers. + This test doesn't actually need udev.service (which is disabled in + containers) and works fine in LXC. + * Enable boot-and-service autopkgtest in containers + - Skip tests which can't work in containers. + - Add missing rsyslog test dependency. + - e2scrub_reap.service fails in containers, ignore (filed as #926138) + - Relax pgrep pattern for gdm, as there's no wayland session in + containers. + + -- Michael Biebl <biebl@debian.org> Mon, 08 Apr 2019 12:59:32 +0200 + +systemd (241-2) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-smoke: Create journal and udevdb artifacts on all + failures + * autopkgtests: Replace obsolete $ADT_* variables + * networkd-test: Ignore failures of test_route_only_dns* in containers. + This test exposes a race condition when running in LXC, see issue #11848 + for details. Until that is understood and fixed, skip the test as it's + not a recent regression. (Closes: #924539) + * Bump Standards-Version to 4.3.0. + No changes necessary. + * debian/tests/boot-smoke: Only check current boot for connection timeouts. + Otherwise we'll catch some + Failed to resolve group 'render': Connection timed out + messages that happen in earlier boots during VM setup, before the + "render" group is created. + Fixes https://github.com/systemd/systemd/issues/11875 + * timedated: Fix emitted value when ntp client is enabled/disabled. + Fixes a regression introduced in 241. + * debian/tests/timedated: Check enabling/disabling NTP. + Assert that `timedatectl set-ntp` correctly controls the service, sets + the `org.freedesktop.timedate1 NTP` property, and sends the right + `PropertiesChanged` signal. + This reproduces <https://github.com/systemd/systemd/issues/11944> and + also the earlier <https://github.com/systemd/systemd/issues/9672>. + + [ Michael Biebl ] + * Disable fallback DNS servers in resolved (Closes: #923081) + * cgtop: Fix processing of controllers other than CPU (Closes: #921280) + * udev: Restore debug level when logging a failure in the external prog + called by IMPORT{program} (Closes: #924199) + * core: Remove "." path components from required mount paths. + Fixes mount related failures when a user's home directory contains "/./" + (Closes: #923881) + * udev.init: Use new s-s-d --notify-await to start udev daemon. + Fixes a race condition during startup under SysV init. + Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version + of start-stop-daemon which supports --notify-await is installed. + (Closes: #908796) + * Make /dev/dri/renderD* accessible to group "render" + Follow upstream and make render nodes available to a dedicated system + group "render" instead of "video". Keep the uaccess tag for local, + active users. + + -- Michael Biebl <biebl@debian.org> Fri, 15 Mar 2019 18:33:54 +0100 + +systemd (241-1) unstable; urgency=medium + + [ Adam Borowski ] + * Make libpam-systemd Provide: logind, default-logind. + This allows alternate logind implementations such as elogind, without + having to recompile every dependent package -- as long as the client API + remains compatible. + These new virtual packages got policy-approved in #917431. (Closes: #915407) + + [ Felipe Sateler ] + * New upstream version 241 + - Refresh patches + - Backport upstream fix for Driver= matches in .network files + + [ Martin Pitt ] + * debian/libsystemd0.symbols: Add new symbol from release 241 + * Fix various bugs and races in networkd tests. + This should get the autopkgtest back to green, which regressed with + dnsmasq 2.80. + + -- Felipe Sateler <fsateler@debian.org> Thu, 21 Feb 2019 20:10:15 -0300 + +systemd (240-6) unstable; urgency=high + + * High urgency as this fixes a vulnerability. + + [ Felipe Sateler ] + * Reenable pristine-tar in gbp.conf. + The pristine-tar bug has been fixed, so we can use it again. + This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e. + * d/watch: add version mangle to transform -rc to ~rc. + Upstream has started releasing rcs, so let's account for that + * Fix comment about why we disable hwclock.service. + Systemd nowadays doesn't do it itself because the kernel does it on its + own when necessary, and when not, it is not safe to save the hwclock (eg, + there is no certainty the system clock + is correct) + * udev: Backport upstream preventing mass killings when not running under + systemd (Closes: #918764) + + [ Dimitri John Ledkov ] + * debian/tests/storage: improve cleanups. + On fast ppc64el machines, cryptsetup start job may not complete by the + time tearDown is executed. In that case stop, causes to simply cancel the + start job without actually cleaning up the dmsetup node. This leads to + failing subsequent test as it no longer starts with a clean device. Thus + ensure the systemd-cryptsetup unit is started, before stopping it. + Also rmmod scsi_debug module at the end, to allow re-running the test in a + loop. + * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey. + * debian/tests/control: add socat to upstream tests for pull #11591 + * Blacklist TEST-10-ISSUE-2467 #11706 + * debian/tests/storage: fix for LUKS2 and avoid interactive password + prompts. + + [ Martin Pitt ] + * udevadm: Fix segfault with subsystem-match containing '/' + (Closes: #919206) + * sd-bus: if we receive an invalid dbus message, ignore and proceed + * sd-bus: enforce a size limit on D-Bus object paths. + This avoids accessing/modifying memory outside of the allocated stack + region by sending specially crafted D-Bus messages with very large object + paths. + Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>, + patch provided by Riccardo Schirone <rschiron@redhat.com>. + (CVE-2019-6454) + + -- Martin Pitt <mpitt@debian.org> Mon, 18 Feb 2019 13:54:04 +0000 + +systemd (240-5) unstable; urgency=medium + + [ Felipe Sateler ] + * Revert interface renaming changes. (Closes: #919390) + + [ Martin Pitt ] + * process-util: Fix memory leak (Closes: #920018) + + -- Martin Pitt <mpitt@debian.org> Sun, 27 Jan 2019 21:33:07 +0000 + +systemd (240-4) unstable; urgency=medium + + [ Benjamin Drung ] + * Fix shellcheck issues in initramfs-tools scripts + + [ Michael Biebl ] + * Import patches from v240-stable branch (up to f02b5472c6) + - Fixes a problem in logind closing the controlling terminal when using + startx. (Closes: #918927) + - Fixes various journald vulnerabilities via attacker controlled alloca. + (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848) + * sd-device-monitor: Fix ordering of setting buffer size. + Fixes an issue with uevents not being processed properly during coldplug + stage and some kernel modules not being loaded via "udevadm trigger". + (Closes: #917607) + * meson: Stop setting -fPIE globally. + Setting -fPIE globally can lead to miscompilations on certain + architectures. Instead use the b_pie=true build option, which was + introduced in meson 0.49. Bump the Build-Depends accordingly. + (Closes: #909396) + + -- Michael Biebl <biebl@debian.org> Sat, 12 Jan 2019 21:49:44 +0100 + +systemd (240-3) unstable; urgency=medium + + * udev.init: Trigger add events for subsystems. + Update the SysV init script and mimic the behaviour of the initramfs and + systemd-udev-trigger.service which first trigger subsystems and then + devices during the coldplug stage. + * udevadm: Refuse to run trigger, control, settle and monitor commands in + chroot (Closes: #917633) + * network: Set link state configuring before setting addresses. + Fixes a crash in systemd-networkd caused by an assertion failure. + (Closes: #918658) + * libudev-util: Make util_replace_whitespace() read only len characters. + Fixes a regression where /dev/disk/by-id/ names had additional + underscores. + * man: Update color of journal logs in DEBUG level (Closes: #917948) + * Remove old state directory of systemd-timesyncd on upgrades. + Otherwise timesyncd will fail to update the clock file if it was created + as /var/lib/private/systemd/timesync/clock. + This was the case when the service was using DynamicUser=yes which it no + longer does in v240. (Closes: #918190) + + -- Michael Biebl <biebl@debian.org> Wed, 09 Jan 2019 18:40:57 +0100 + +systemd (240-2) unstable; urgency=medium + + * Pass separate dev_t var to device_path_parse_major_minor. + Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195) + * test-json: Check absolute and relative difference in floating point test. + Fixes FTBFS due to test-suite failures on armel, armhf and hppa. + (Closes: #917215) + * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}() + Fixes a segfault in systemd-udevd when debug logging is enabled. + * udev-event: Do not read stdout or stderr if the pipefd is not created. + This fixes problems with device-mapper symlinks no longer being created + or certain devices not being marked as ready. (Closes: #917124) + * Don't bump fs.nr_open in PID 1. + In v240, systemd bumped fs.nr_open in PID 1 to the highest possible + value. Processes that are spawned directly by systemd, will have + RLIMIT_NOFILE be set to 512K (hard). + pam_limits in Debian defaults to "set_all", i.e. for limits which are + not explicitly configured in /etc/security/limits.conf, the value from + PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to + the highest possible value instead of 512K. Not every software is able + to deal with such an RLIMIT_NOFILE properly. + While this is arguably a questionable default in Debian's pam_limit, + work around this problem by not bumping fs.nr_open in PID 1. + (Closes: #917167) + + -- Michael Biebl <biebl@debian.org> Thu, 27 Dec 2018 14:03:57 +0100 + +systemd (240-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 240 + - core: Skip cgroup_subtree_mask_valid update if UNIT_STUB + (Closes: #903011) + - machined: Rework referencing of machine scopes from machined + (Closes: #903288) + - timesync: Fix serialization of IP address + (Closes: #916516) + - core: Don't track jobs-finishing-during-reload explicitly + (Closes: #916678) + * Rebase patches + * Install new systemd-id128 binary + * Update symbols file for libsystemd0 + * Update nss build options + + [ Martin Pitt ] + * tests: Disable some flaky upstream tests. + See https://github.com/systemd/systemd/issues/11195 + * tests: Disable flaky TEST-17-UDEV-WANTS upstream test. + See https://github.com/systemd/systemd/issues/11195 + + -- Michael Biebl <biebl@debian.org> Sat, 22 Dec 2018 16:01:43 +0100 + +systemd (239-15) unstable; urgency=medium + + [ Felipe Sateler ] + * Fix container check in udev init script. + Udev needs writable /sys, so the init script tried to check before + starting. Unfortunately, the check was inverted. Let's add the missing + '!' to negate the check. + (Closes: #915261) + * Add myself to uploaders + + [ Michael Biebl ] + * Remove obsolete systemd-shim conffile on upgrades. + The D-Bus policy file was dropped from the systemd-shim package in + version 8-4, but apparently there are cases where users removed the + package before that cleanup happened. The D-Bus policy file that was + shipped by systemd-shim was much more restrictive and now prevents + calling GetDynamicUsers() and other recent APIs on systemd Manager. + (Closes: #914285) + + -- Felipe Sateler <fsateler@debian.org> Wed, 05 Dec 2018 21:03:34 -0300 + +systemd (239-14) unstable; urgency=medium + + [ Michael Biebl ] + * autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services + * resolved: Increase size of TCP stub replies (Closes: #915049) + * meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE. + Fixes a build failure with glibc 2.28. + * Drop procps dependency from systemd. + The systemd-exit.service user service no longer uses the "kill" binary. + * Simplify container check in udev SysV init script. + Instead of using "ps" to detect a container environment, simply test if + /sys is writable. This matches what's used in systemd-udevd.service via + ConditionPathIsReadWrite=/sys and follows + https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ + This means we no longer need procps, so drop that dependency from the + udev package. (Closes: #915095) + + [ Mert Dirik ] + * 40-systemd: Honour __init_d_script_name. + Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name + (if available) to figure out real script name. (Closes: #826214) + * 40-systemd: Improve heuristics for init-d-script. + Improve heuristics for scripts run via init-d-script so that the + redirection works even for older init-d-script versions without the + __init_d_script_name variable. + + -- Michael Biebl <biebl@debian.org> Sun, 02 Dec 2018 01:00:01 +0100 + +systemd (239-13) unstable; urgency=medium + + * autopktest: Add e2fsprogs dependency to upstream test. + Some of the upstream tests require mkfs.ext4. (Closes: #887250) + * systemctl: Tell update-rc.d to skip creating any systemd symlinks. + When calling update-rc.d via systemd-sysv-install, tell it to skip + creating any systemd symlinks as we want to handle those directly in + systemctl. Older update-rc.d versions will ignore that request, but + that's ok. This means we don't need a versioned dependency against + init-system-helpers. (Closes: #743217) + * pam_systemd: Suppress LOG_DEBUG log messages if debugging is off + (Closes: #825949) + * Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch. + The patch is no longer necessary as lxc.service now uses Delegate=yes. + * Remove obsolete Replaces from pre-jessie + + -- Michael Biebl <biebl@debian.org> Tue, 20 Nov 2018 19:44:39 +0100 + +systemd (239-12) unstable; urgency=high + + [ Martin Pitt ] + * Enable QEMU on more architectures in "upstream" autopkgtest. + Taken from the Ubuntu package, so apparently QEMU works well enough on + these architectures now. + * autopkgtest: Avoid test bed reset for boot-smoke. + Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so + that autopkgtest doesn't have to provide a new testbed. + * Fix wrong "nobody" group from sysusers.d. + Fix our make-sysusers-basic sysusers.d generator to special-case the + nobody group. "nobody" user and "nogroup" group both have the same ID + 65534, which is the only special case for Debian's static users/groups. + So specify the gid explicitly, to avoid systemd-sysusers creating a + dynamic system group for "nobody". + Also clean up the group on upgrades. + Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525) + + [ Michael Biebl ] + * autopkgtest: Use shutil.which() which is provided by Python 3 + * Drop non-existing gnuefi=false build option. + This was mistakenly added when converting from autotools to meson. + * core: When deserializing state always use read_line(…, LONG_LINE_MAX, …) + Fixes a vulnerability in unit_deserialize which allows an attacker to + supply arbitrary state across systemd re-execution via NotifyAccess. + (CVE-2018-15686, Closes: #912005) + * meson: Use the host architecture compiler/linker for src/boot/efi. + Fixes cross build failure for arm64. (Closes: #905381) + * systemd: Do not pass .wants fragment path to manager_load_unit. + Fixes an issue with overridden units in /etc not being used due to a + .wants/ symlink pointing to /lib. (Closes: #907054) + * machined: When reading os-release file, join PID namespace too. + This ensures that we properly acquire the os-release file from containers. + (Closes: #911231) + + -- Michael Biebl <biebl@debian.org> Sat, 17 Nov 2018 18:39:21 +0100 + +systemd (239-11) unstable; urgency=high + + [ Michael Biebl ] + * debian/tests/upstream: Clean up after each test run. + Otherwise the loopback images used by qemu are not properly released and + we might run out of disk space. + * dhcp6: Make sure we have enough space for the DHCP6 option header. + Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option + handling. + (CVE-2018-15688, LP: #1795921, Closes: #912008) + * chown-recursive: Rework the recursive logic to use O_PATH. + Fixes a race condition in chown_one() which allows an attacker to cause + systemd to set arbitrary permissions on arbitrary files. + (CVE-2018-15687, LP: #1796692, Closes: #912007) + + [ Martin Pitt ] + * debian/tests/boot-and-services: Use gdm instead of lightdm. + This seems to work more reliably, on Ubuntu CI's i386 instances lightdm + fails. + + [ Manuel A. Fernandez Montecelo ] + * Run "meson test" instead of "ninja test" + Upstream developers of meson recommend to run it in this way, because + "ninja test" just calls "meson test", and by using meson directly and + using extra command line arguments it is possible to control aspects of + how the tests are run. + * Increase timeout for test in riscv64. + The buildds for the riscv64 arch used at the moment are slow, so increase + the timeouts for this arch by a factor of 10, for good measure. + (Closes: #906429) + + -- Michael Biebl <biebl@debian.org> Sun, 28 Oct 2018 13:02:18 +0100 + +systemd (239-10) unstable; urgency=medium + + [ Michael Biebl ] + * meson: Rename -Ddebug to -Ddebug-extra. + Meson added -Doptimization and -Ddebug options, which obviously causes + a conflict with our -Ddebug options. Let's rename it. + (Closes: #909455) + * Add conflicts against consolekit. + Letting both ConsoleKit and logind manage dynamic device permissions + will only lead to inconsistent and unexpected results. + + [ Felipe Sateler ] + * Link systemctl binary statically against libshared. + This reduces the Pre-Depends list considerably, and is more resilient + against borked installs. + + -- Michael Biebl <biebl@debian.org> Tue, 25 Sep 2018 16:11:12 +0200 + +systemd (239-9) unstable; urgency=medium + + * autopkgtest: Remove needs-recommends runtime restriction. + This restriction has been deprecated and there are plans to remove it + altogether. The tests pass withouth needs-recommends, so it seems safe + to remove. + * test: Use installed catalogs when test-catalog is not located at build + dir. + This makes it possible to run test-catalog as installed test, so we no + longer need to mark it as EXFAIL in our root-unittests autopkgtest. + * test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and + $SYSTEMD_CATALOG_DIR. + This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and + the test binaries and should make the build reproducible. + (Closes: #908365) + + -- Michael Biebl <biebl@debian.org> Wed, 12 Sep 2018 19:07:38 +0200 + +systemd (239-8) unstable; urgency=medium + + [ Michael Biebl ] + * Clean up dbus-org.freedesktop.timesync1.service Alias on purge + (Closes: #904290) + * user-runtime-dir: Fix wrong SELinux context (Closes: #908026) + * core: Fix gid when DynamicUser=yes with static user (Closes: #904335) + * Remove udev control socket on shutdown under sysvinit. + The udev control socket is no longer removed automatically when the + daemon is stopped. As this can confuse other software, update the SysV + init script to remove the control socket manually and make sure the init + script is executed on shutdown (runlevel 0) and reboot (runlevel 6). + (Closes: #791944) + * Bump Standards-Version to 4.2.1 + + [ Martin Pitt ] + * timedated: Fix wrong PropertyChanged values and refcounting + + -- Michael Biebl <biebl@debian.org> Fri, 07 Sep 2018 08:41:12 +0200 + +systemd (239-7) unstable; urgency=medium + + * autopkgtest: Add iputils-ping dependency to root-unittests. + The ping binary is required by test-bpf. + * autopkgtest: Add dbus-user-session and libpam-systemd dependency to + root-unittests. + Without a working D-Bus user session, a lot of the test-bus-* tests are + skipped. + * network/link: Fix logic error in matching devices by MAC (Closes: #904198) + + -- Michael Biebl <biebl@debian.org> Sun, 22 Jul 2018 13:40:15 +0200 + +systemd (239-6) unstable; urgency=medium + + [ Martin Pitt ] + * autopkgtest: Install libnss-systemd. + Make sure that dynamic users can be resolved. This e. g. prevents a + startup failure for systemd-resolved. + * autopkgtest: Add missing python3 test dependency for udev test + + [ Michael Biebl ] + * autopkgtest: Make AppArmor violator test work with merged-usr + * Make /dev/kvm accessible to local users and group kvm. + Re-add the uaccess tag to /dev/kvm to make it accessible to local + users. Access is also granted via group kvm, so create that in + udev.postinst. (Closes: #887852) + * Move a few man pages from systemd to systemd-journal-remote. + The systemd package shipped a few systemd-journal-remote and + systemd-journal-upload related man pages which really belong into the + systemd-journal-remote package. Move those man pages into the correct + package and add a Breaks/Replaces against systemd accordingly. + (Closes: #903557) + * autopkgtest: Drop no-longer needed workaround from upstream test + * Go back to statically allocate system users for timesyncd, networkd and + resolved. + There are currently too many open issues related to D-Bus and the usage + of DynamicUser. (Closes: #902971) + * Change python3-minimal dependency to python3. + While we strictly only need python3-minimal, the usage of + python3-minimal triggers a lintian error: depends-on-python-minimal + * test: Drop SKIP_INITRD for QEMU-based tests. + The Debian Linux kernel ships ext4 support as a module, so we require an + initrd to successfully start the QEMU images. + * debian/tests/localed-x11-keymap: Deal with absence of + /etc/default/keyboard more gracefully + * autopkgtest: Add various dependencies to make upstream test pass on Debian + - netcat-openbsd: Required by TEST-12-ISSUE-3171. + - busybox-static: Required by TEST-13-NSPAWN-SMOKE. + - plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES. + * Drop seccomp system call filter for udev. + The seccomp based system call whitelist requires at least systemd 239 to + be the active init and during a dist-upgrade we can't guarantee that + systemd has been fully configured before udev is restarted. + The versioned systemd Breaks that was added to udev for #902185 didn't + really fix this issue, so revert that change again. (Closes: #903224) + + -- Michael Biebl <biebl@debian.org> Thu, 19 Jul 2018 00:04:54 +0200 + +systemd (239-5) unstable; urgency=medium + + * Add inverse version restriction of the Breaks to the systemd-shim + alternative in libpam-systemd. + Otherwise apt will fail to find an installation path for libpam-systemd + in cases where libpam-systemd is an indirect dependency. (Closes: #902998) + + -- Michael Biebl <biebl@debian.org> Thu, 05 Jul 2018 11:50:10 +0200 + +systemd (239-4) unstable; urgency=medium + + [ Michael Biebl ] + * Drop outdated section from README.Debian about switching back to SysV init + * sleep: Fix one more printf format of a fiemap field + * basic: Add missing comma in raw_clone assembly for sparc + * bus-util: Make log level lower in request_name_destroy_callback() + * tmpfiles: Specify access mode for /run/systemd/netif + * Add Breaks against python-dbusmock (<< 0.18) to systemd. + The logind and timedated tests in python-dbusmock were broken by the + latest systemd release and had to be adjusted to work with systemd 239. + See #902602 + * Drop patches which try to support running systemd services without systemd + as pid 1. + No one is currently actively maintaining systemd-shim, which means that + e.g. running systemd-logind no longer works when systemd is not pid 1. + Thus drop our no longer working patches. Bump the Breaks against + systemd-shim accordingly. + See #895292, #901404, #901405 + + [ Martin Pitt ] + * test: fix networkd-test.py rate limiting and dynamic user + + -- Michael Biebl <biebl@debian.org> Tue, 03 Jul 2018 23:36:28 +0200 + +systemd (239-3) unstable; urgency=medium + + * Revert "systemctl: when removing enablement or mask symlinks, cover both + /run and /etc" + We currently have packages in the archive which use + "systemctl --runtime unmask" and are broken by this change. + This is a intermediate step until it is clear whether upstream will + revert this commit or whether we will have to update affected packages + to deal with this changed behaviour. + See #902287 and https://github.com/systemd/systemd/issues/9393 + + -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 14:46:06 +0200 + +systemd (239-2) unstable; urgency=medium + + * sleep: Fix printf format of fiemap fields. + This should fix a FTBFS on ia64. + * timesync: Change type of drift_freq to int64_t. + This should fix a FTBFS on x32. + * Bump systemd Breaks to ensure it is upgraded in lockstep with udev. + The hardening features used by systemd-udevd.service require systemd 239 + and udev will fail to start with older versions. (Closes: #902185) + + -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 13:59:24 +0200 + +systemd (239-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 239 + * Drop alternative iptables-dev Build-Depends. + It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in + their latest stable (LTS) release. + * Drop alternative btrfs-tools Recommends. + It is no longer needed as btrfs-progs is now available in both Debian + and Ubuntu and keeping the alternative around prevents the transitional + package from being autoremoved. + * Disable installation of RPM macros. + This avoids having to remove them manually later on. + * Drop cleanup rules for libtool .la files. + With the switch to Meson, libtool is no longer used. + * Drop fallback for older kernels when running the test suite. + We now assume that we have a kernel newer then 3.13. + * Stop cleaning up .busname units. + Those are gone upstream, so we no longer need to remove them manually. + * Update symbols file for libsystemd0 + * Rebase patches + * Install new resolvectl tool. + Don't ship the /sbin/resolvconf compat symlink in the systemd package, + as this would cause a file conflict with the resolvconf and openresolv + package. + * Disable support for "Portable Services" + This is still an experimental feature. + * Disable pristine-tar in gbp.conf. + It is currently not possible to import the systemd v239 tarball using + pristine-tar due to #902115. + * Bump Build-Depends on meson to (>= 0.44) + * Stop setting the path for the kill binary, no longer necessary + * Stop creating systemd-network and systemd-resolve system user + systemd-networkd.service and systemd-resolved.service now use + DynamicUser=yes. + + [ Dimitri John Ledkov ] + * Run all upstream tests, and then report all that failed. + + -- Michael Biebl <biebl@debian.org> Sat, 23 Jun 2018 00:18:08 +0200 + +systemd (238-5) unstable; urgency=medium + + [ Evgeny Vereshchagin ] + * upstream autopkgtest: Copy journal subdirectories. + Otherwise logs are missing on failures. + + [ Martin Pitt ] + * debian/tests/boot-and-services: Ignore cpi.service failure. + This is apparently a regression in Ubuntu 18.04, not in systemd, so + ignore it. + + [ Michael Biebl ] + * sd-bus: Do not try to close already closed fd (Closes: #896781) + * Use dh_missing to act on uninstalled files. + The usage of dh_install --fail-missing has been deprecated. + * meson: Avoid warning about comparison of bool and string. + The result of this is undefined and will become a hard error in a future + Meson release. + * login: Respect --no-wall when cancelling a shutdown request + (Closes: #897938) + * Add dependencies of libsystemd-shared to Pre-Depends. + This is necessary so systemctl is functional at all times during a + dist-upgrade. (Closes: #897986) + * Drop dh_strip override, the dbgsym migration is done + + [ Felipe Sateler ] + * Don't include libmount.h in a header file. + Kernel and glibc headers both use MS_* constants, but are not in sync, so + only one of them can be used at a time. Thus, only import them where + needed. Works around #898743. + + -- Michael Biebl <biebl@debian.org> Sat, 26 May 2018 10:31:29 +0200 + +systemd (238-4) unstable; urgency=medium + + [ Michael Biebl ] + * udev/net-id: Fix check for address to keep interface names stable + * debian/copyright: Move global wildcard section to the top + + [ Martin Pitt ] + * Fix daemon reload failures + + [ Laurent Bigonville ] + * Fix /sys/fs/cgroup mount when using SELinux. + Since v236, all cgroups except /sys/fs/cgroup/systemd and + /sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in + permissive mode). Disabling SELinux completely restores these cgroups. + This patch fixes that issue by no longer making the assumption that those + cgroups are mounted by initrd/dracut before systemd is started. + + -- Michael Biebl <biebl@debian.org> Sun, 01 Apr 2018 13:02:57 +0200 + +systemd (238-3) unstable; urgency=medium + + [ Martin Pitt ] + * Enable systemd-sysusers unit and provide correct Debian static u/gids. + Add a helper script debian/extra/make-sysusers-basic which generates a + sysusers.d(5) file from Debian's static master passwd/group files. + systemd 238 now supports specifying different uid and gid and a + non-default login shell, so this is possible now. (Closes: #888126) + * udev README.Debian: Include initrd rebuild and some clarifications in + migration. + While initrd update is already being mentioned in the introductory + section, it is easy to miss when going through the migration steps, so + explicitly mention it again. Also add a warning about keeping a fallback + on misconfigurations, and the possibility to migrate one interface at a + time. + Thanks to Karl O. Pinc for the suggestions! (Closes: #881769) + + [ Michael Biebl ] + * basic/macros: Rename noreturn into _noreturn_. + "noreturn" is reserved and can be used in other header files we include. + (Closes: #893426) + * units: Fix SuccessAction that belongs to [Unit] section not [Service] + section (Closes: #893282) + + -- Michael Biebl <biebl@debian.org> Tue, 20 Mar 2018 23:22:57 +0100 + +systemd (238-2) unstable; urgency=medium + + [ Alf Gaida ] + * core: do not free stack-allocated strings. + Fixes a crash in systemd when the cpuacct cgroup controller is not + available. (Closes: #892360) + + -- Michael Biebl <biebl@debian.org> Sat, 10 Mar 2018 01:12:47 +0100 + +systemd (238-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 238 + - Fixes systemd-tmpfiles to correctly handle symlinks present in + non-terminal path components. (CVE-2018-6954, Closes: #890779) + * Rebase patches + * Use compat symlinks as provided by upstream. + As the upstream build system now creates those symlinks for us, we no + longer have to create them manually. + * Update symbols file for libsystemd0 + * test-cgroup-util: bail out when running under a buildd environment + + [ Dimitri John Ledkov ] + * systemd-sysv-install: Fix name initialisation. + Only initialise NAME after --root optional argument has been parsed, + otherwise NAME is initialized to e.g. `enable`, instead of to the + `unit-name`, resulting in failures. (LP: #1752882) + + -- Michael Biebl <biebl@debian.org> Wed, 07 Mar 2018 23:21:53 +0100 + +systemd (237-4) unstable; urgency=medium + + [ Gunnar Hjalmarsson ] + * Fix PO template creation. + Cherry-pick upstream patches to build a correct systemd.pot including + the polkit policy files even without policykit-1 being installed. + (LP: #1707898) + + [ Michael Biebl ] + * Drop mask for fuse SysV init script. + The fuse package has removed its SysV init script a long time ago, so + the mask is no longer needed. + * Replace two Debian specific patches which cherry-picks from upstream + master + + -- Michael Biebl <biebl@debian.org> Wed, 28 Feb 2018 19:18:34 +0100 + +systemd (237-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-smoke: More robust journal checking. + Also fail the test if calling journalctl fails, and avoid calling it + twice. See https://github.com/systemd/systemd/pull/8032 + * Simplify PO template creation. + Use the existing upstream build system instead of a manual call to + `intltool-update` and `xgettext` to build systemd.pot. Remove the now + obsolete intltool build dependency, but still explicitly keep gettext. + (LP: #1707898) + * Make systemd-sysv-install robust against existing $ROOT. + Always initialize `$ROOT`, to avoid the script getting confused by an + existing outside env variable. Also fix the `--root` option to actually + work, the previous approach was conceptually broken due to how shell + quoting works. Make the work with `set -u`. (Closes: #890436) + + [ Felipe Sateler ] + * Backport upstream patch fixing a wrong assert() call (Closes: #890423) + + -- Michael Biebl <biebl@debian.org> Wed, 14 Feb 2018 23:07:17 +0100 + +systemd (237-2) unstable; urgency=medium + + * Drop debian/extra/rules/70-debian-uaccess.rules. + Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays. + (Closes: #889665) + * service: relax PID file symlink chain checks a bit. + Let's read the PID file after all if there's a potentially unsafe symlink + chain in place. But if we do, then refuse taking the PID if its outside of + the cgroup. (Closes: #889144) + + -- Michael Biebl <biebl@debian.org> Fri, 09 Feb 2018 23:35:31 +0100 + +systemd (237-1) unstable; urgency=medium + + * New upstream version 237 + * Rebase patches + * Update symbols file for libsystemd0 + * Update Vcs-* to point to https://salsa.debian.org + * Bump Standards-Version to 4.1.3 + * Set Rules-Requires-Root to no + + -- Michael Biebl <biebl@debian.org> Tue, 30 Jan 2018 01:55:24 +0100 + +systemd (236-4) unstable; urgency=medium + + [ Felipe Sateler ] + * Allow systemd-timesyncd to start when libnss-systemd is not installed. + Pick upstream patch requiring the existence of the systemd-timesync user + only when running as root, which is not the case for the system unit. + (Closes: #887343) + + [ Nicolas Braud-Santoni ] + * debian/copyright: Refer to the CC0 license file (Closes: #882629) + + [ Michael Biebl ] + * Add Build-Depends on python3-evdev <!nocheck> + This is used by hwdb/parse_hwdb.py to perform additional validation on + hwdb files. + + -- Michael Biebl <biebl@debian.org> Sun, 28 Jan 2018 22:29:32 +0100 + +systemd (236-3) unstable; urgency=medium + + * Revert "core/execute: RuntimeDirectory= or friends requires mount + namespace" + This was making mounts from SSH sessions invisible to the system. + (Closes: #885325) + + -- Michael Biebl <biebl@debian.org> Thu, 11 Jan 2018 16:46:04 +0100 + +systemd (236-2) unstable; urgency=medium + + * Downgrade priority of libudev1 to optional. + This makes it compliant with recent versions of debian-policy which + recommends to use priority optional for library packages. + * Clarify NEWS entry about removal of system users. + Mention in the recent NEWS entry that the associated system groups + should be removed as well. (Closes: #885061) + * cryptsetup-generator: Don't mistake NULL input as OOM. + Fixes systemd-cryptsetup-generator failing to run during boot. + (Closes: #885201) + * analyze: Use normal bus connection for "plot" verb. + Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506) + * Stop re-enabling systemd services on every upgrade. + This was done so changes to the [Install] section would be applied on + upgrades. Forcefully re-enabling a service might overwrite local + modifications though and thus far, none of the affected services did + actually change its [Install] section. So remove this code from the + maintainer scripts as it was apparently doing more harm then good. + (Closes: #869354) + + -- Michael Biebl <biebl@debian.org> Tue, 02 Jan 2018 00:35:14 +0100 + +systemd (236-1) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/upstream: Only show ≥ warning in journal dumps. + Showing the entire debug log is too hard to scan visually, and most of + the time the warnings and errors are sufficient to explain a failure. + Put the journal files into the artifacts though, in case the debug + information is necessary. + + [ Michael Biebl ] + * New upstream version 236 + - nspawn: Adjust path to static resolv.conf to support split usr. + (Closes: #881310) + - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel. + (Closes: #881823) + - core: Fix segfault in compile_bind_mounts() when BindPaths= or + BindReadOnlyPaths= is set. (Closes: #883380) + - meson: Link NSS modules with -z nodelete to fix memory leak in + nss-systemd. (Closes: #883407) + - logind: Make sure we don't acces m->action_what if it's not initialized. + (Closes: #882270) + - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245) + - core: Be more defensive if we can't determine per-connection socket + peer. (Closes: #879603) + - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether + cgroup/bpf is available. (Closes: #878965) + * Rebase patches + * Update symbols file for libsystemd0 + * Bump Standards-Version to 4.1.2 + * Clean up old /var/lib/systemd/clock on upgrade. + The clock file used by systemd-timesyncd is now stored in + StateDirectory=systemd/timesync. (Closes: #883605) + * Stop creating systemd-timesync system user. + DynamicUser=yes has been enabled for systemd-timesyncd.service so + allocating a system user statically is no longer necessary. + * Document removal of systemd-{timesync,journal-gateway,journal-upload} user. + We no longer create those system users as the corresponding services now + use DynamicUser=yes. Removing those system users automatically is tricky, + as the relevant services might be running during upgrade. Add a NEWS + entry instead which documents this change. + * Revert "udev-rules: Permission changes for /dev/dri/renderD*" + This would introduce a new system group "render". As the name is rather + generic, this needs further discussion first, so revert this change for + now. + + -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:45:51 +0100 + +systemd (235-3) unstable; urgency=medium + + [ Michael Biebl ] + * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7 + Package-Type is recognized as an official field name. + * Install modprobe configuration file to /lib/modprobe.d. + Otherwise it is not read by kmod. (Closes: #879191) + + [ Felipe Sateler ] + * Backport upstream (partial) fix for combined DynamicUser= + User= + UID was not allowed to be different to GID, which is normally the case in + debian, due to the group users being allocated the GID 100 without an + equivalent UID 100 being allocated. + * Backport upstream patches to fully make DynamicUser=yes + static, + pre-existing User= work. + + [ Martin Pitt ] + * Add missing python3-minimal dependency to systemd-tests + * Drop long-obsolete systemd-bus-proxy system user + systemd-bus-proxy hasn't been shipped since before stretch and never + created any files. Thus clean up the obsolete system user on upgrades. + (Closes: #878182) + * Drop static systemd-journal-gateway system user + systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need + to create this statically any more. Don't remove the user on upgrades + though, as there is likely still be a running process. (Closes: #878183) + * Use DynamicUser= for systemd-journal-upload.service. + * Add Recommends: libnss-systemd to systemd-sysv. + This is useful to actually be able to resolve dynamically created system + users with DynamicUser=true. This concept is going to be used much more + in future versions and (hopefully) third-party .services, so pulling it + into the default installation seems prudent now. + * resolved: Fix loop on packets with pseudo dns types. + (CVE-2017-15908, Closes: #880026, LP: #1725351) + * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps. + Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965) + * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348) + + -- Martin Pitt <mpitt@debian.org> Wed, 15 Nov 2017 09:34:00 +0100 + +systemd (235-2) unstable; urgency=medium + + * Revert "tests: when running a manager object in a test, migrate to private + cgroup subroot first" + This was causing test suite failures when running inside a chroot. + + -- Michael Biebl <biebl@debian.org> Wed, 11 Oct 2017 00:46:07 +0200 + +systemd (235-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 235 + - cryptsetup-generator: use remote-cryptsetup.target when _netdev is + present (Closes: #852534) + - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638) + - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready + (Closes: #869995) + - exec-util,conf-files: skip non-executable files in execute_directories() + (Closes: #867902) + - man: update udevadm -y/--sysname-match documentation (Closes: #865081) + - tmpfiles: silently ignore any path that passes through autofs + (Closes: #805553) + - shared: end string with % if one was found at the end of a expandible + string (Closes: #865450) + * Refresh patches + * Bump Build-Depends on libmount-dev to (>= 2.30) + * Install new modprobe.d config file + * Bump Standards-Version to 4.1.1 + + [ Martin Pitt ] + * Merge logind-kill-off autopkgtest into logind test. + This was horribly inefficient as a separate test (from commit + 6bd0dab41e), as that cost two VM resets plus accompanying boots; and + this does not change any state thus does not require this kind of + isolation. + + -- Michael Biebl <biebl@debian.org> Tue, 10 Oct 2017 18:29:28 +0200 + +systemd (234-3) unstable; urgency=medium + + [ Martin Pitt ] + * Various fixes for the upstream autopkgtest. + + [ Felipe Sateler ] + * Add fdisk to the dependencies of the upstream autopkgtest. + The upstream autopkgtest uses sfdisk, which is now in the non-essential + fdisk package. (Closes: #872119) + * Disable nss-systemd on udeb builds + * Correctly disable resolved on udeb builds + * Help fix collisions in libsystemd-shared symbols by versioning them. + Backport upstream patch to version the symbols provided in the private + library, so that they cannot confuse unversioned pam modules or libraries + linked into them. (Closes: #873708) + + [ Dimitri John Ledkov ] + * Cherrypick upstream networkd-test.py assertion/check fixes. + This resolves ADT test suite failures, when running tests under lxc/lxd + providers. + * Cherrypick arm* seccomp fixes. + This should resolve ADT test failures, on arm64, when running as root. + * Disable KillUserProcesses, yet again, with meson this time. + * initramfs-tools: trigger udevadm add actions with subsystems first. + This updates the initramfs-tools init-top udev script to trigger udevadm + actions with type specified. This mimics the systemd-udev-trigger.service. + Without type specified only devices are triggered, but triggering + subsystems may also be required and should happen before triggering the + devices. This is the case for example on s390x with zdev generated udev + rules. (LP: #1713536) + + [ Michael Biebl ] + * (Re)add --quiet flag to addgroup calls. + This is now safe with adduser having been fixed to no longer suppress + fatal error messages if --quiet is used. (Closes: #837871) + * Switch back to default GCC (Closes: #873661) + * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf. + All major NTP implementations ship a native service file nowadays with a + Conflicts=systemd-timesyncd.service so this drop-in is no longer + necessary. (Closes: #873185) + + -- Michael Biebl <biebl@debian.org> Mon, 04 Sep 2017 00:17:00 +0200 + +systemd (234-2.3) unstable; urgency=high + + * Non-maintainer upload. + * Also switch to g++-6 temporarily (needed for some tests): + - Add g++-6 to Build-Depends + - Export CXX = g++-6 + + -- Cyril Brulebois <kibi@debian.org> Thu, 24 Aug 2017 02:40:53 +0200 + +systemd (234-2.2) unstable; urgency=high + + * Non-maintainer upload. + * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el, + apparently due to a gcc-7 bug (See: #871514): + - Add gcc-6 to Build-Depends in debian/control + - Export CC = gcc-6 in debian/rules + + -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 22:53:09 +0000 + +systemd (234-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical + version of the Debian Installer, as no key presses or mouse events get + processed (Closes: #872598). + + -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 20:41:33 +0200 + +systemd (234-2) unstable; urgency=medium + + [ Martin Pitt ] + * udev README.Debian: Fix name of example *.link file + + [ Felipe Sateler ] + * test-condition: Don't assume that all non-root users are normal users. + Automated builders may run under a dedicated system user, and this test + would fail that. + + [ Michael Biebl ] + * Revert "units: Tell login to preserve environment" + Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is + not unsetting the variables but instead sets it to an empty var. Passing + that environment to login messes up the system locale settings and + breaks programs like gpg-agent. + (Closes: #868695) + + -- Michael Biebl <biebl@debian.org> Thu, 20 Jul 2017 15:13:42 +0200 + +systemd (234-1) unstable; urgency=medium + + [ Michael Biebl ] + * New upstream version 234 + - tmpfiles: Create /var/log/lastlog if it does not exist. + (Closes: #866313) + - network: Bridge vlan without PVID. (Closes: #859941) + * Rebase patches + * Switch build system from autotools to meson. + Update the Build-Depends accordingly. + * Update fsckd patch for meson + * udev autopkgtest: no longer install test-udev binary manually. + This is now done by the upstream build system. + * Update symbols file for libsystemd0 + * Update lintian override for systemd-tests. + Upstream now installs manual and unsafe tests in subdirectories of + /usr/lib/systemd/tests/, so ignore those as well. + * Bump Standards-Version to 4.0.0 + * Change priority of libnss-* packages from extra to optional. + * Use UTF-8 locale when building the package. + Otherwise meson will be pretty unhappy when trying to process files with + unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed + to be available everywhere. + * Mark test-timesync as manual. + The test tries to setup inotify watches for /run/systemd/netif/links + which fails in a buildd environment where systemd is not active. + * Do not link udev against libsystemd-shared. + We ship udev in a separate binary package, so can't use + libsystemd-shared, which is part of the systemd binary package. + * Avoid requiring a "kvm" system group. + This group is not universally available and as a result generates a + warning during boot. As kvm is only really useful if the qemu package is + installed and this package already takes care of setting up the proper + permissions for /dev/kvm, drop this rule from 50-udev-default.rules. + + [ Martin Pitt ] + * udev README.Debian: Update transitional rules and mention *.link files. + - 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules + - /etc/systemd/network/50-virtio-kernel-names.link is an upgrade + transition for VMs with virtio + - Describe *.link files as a simpler/less error prone (but also less + flexible) way of customizing interface names. (Closes: #868002) + + -- Michael Biebl <biebl@debian.org> Thu, 13 Jul 2017 17:38:28 +0200 + +systemd (233-10) unstable; urgency=medium + + [ Martin Pitt ] + * Adjust var-lib-machines.mount target. + Upstream PR #6095 changed the location to + {remote-fs,machines}.target.wants, so just install all available ones. + + [ Dimitri John Ledkov ] + * Fix out-of-bounds write in systemd-resolved. + CVE-2017-9445 (Closes: #866147, LP: #1695546) + + [ Michael Biebl ] + * Be truly quiet in systemctl -q is-enabled (Closes: #866579) + * Improve RLIMIT_NOFILE handling. + Use /proc/sys/fs/nr_open to find the current limit of open files + compiled into the kernel instead of using a hard-coded value of 65536 + for RLIMIT_NOFILE. (Closes: #865449) + + [ Nicolas Braud-Santoni ] + * debian/extra/rules: Use updated U2F ruleset. + This ruleset comes from Yubico's libu2f-host. (Closes: #824532) + + -- Michael Biebl <biebl@debian.org> Mon, 03 Jul 2017 18:51:58 +0200 + +systemd (233-9) unstable; urgency=medium + + * hwdb: Use path_join() to generate the hwdb_bin path. + This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having + double slashes in the path makes selabel_lookup_raw() return the wrong + context. (Closes: #851933) + * Drop no longer needed Breaks against usb-modeswitch + * Drop Breaks for packages shipping rcS init scripts. + This transition was completed in stretch. + + -- Michael Biebl <biebl@debian.org> Mon, 19 Jun 2017 15:10:14 +0200 + +systemd (233-8) experimental; urgency=medium + + * Bump debhelper compatibility level to 10 + * Drop versioned Build-Depends on dpkg-dev. + It's no longer necessary as even Jessie ships a new enough version. + * timesyncd: don't use compiled-in list if FallbackNTP has been configured + explicitly (Closes: #861769) + * resolved: fix null pointer p->question dereferencing. + This fixes a bug which allowed a remote DoS (daemon crash) via a crafted + DNS response with an empty question section. + Fixes: CVE-2017-9217 (Closes: #863277) + + -- Michael Biebl <biebl@debian.org> Mon, 29 May 2017 14:12:08 +0200 + +systemd (233-7) experimental; urgency=medium + + [ Michael Biebl ] + * basic/journal-importer: Fix unaligned access in get_data_size() + (Closes: #862062) + * ima: Ensure policy exists before asking the kernel to load it + (Closes: #863111) + * Add Depends: procps to systemd. + It's required by /usr/lib/systemd/user/systemd-exit.service which calls + /bin/kill to stop the systemd --user instance. (Closes: #862292) + * service: Serialize information about currently executing command + (Closes: #861157) + * seccomp: Add clone syscall definitions for mips (Closes: #861171) + + [ Dimitri John Ledkov ] + * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605) + + [ Felipe Sateler ] + * Specify nobody user and group. + Otherwise nss-systemd will translate to group 'nobody', which doesn't + exist on debian systems. + + -- Michael Biebl <biebl@debian.org> Wed, 24 May 2017 12:26:18 +0200 + +systemd (233-6) experimental; urgency=medium + + [ Felipe Sateler ] + * Backport upstream PR #5531. + This delays opening the mdns and llmnr sockets until a network has enabled + them. This silences annoying messages when networkd receives such packets + without expecting them: Got mDNS UDP packet on unknown scope. + + [ Martin Pitt ] + * resolved: Disable DNSSEC by default on stretch and zesty. + Both Debian stretch and Ubuntu zesty are close to releasing, switch to + DNSSEC=off by default for those. Users can still turn it back on with + DNSSEC=allow-downgrade (or even "yes"). + + [ Michael Biebl ] + * Add Conflicts against hal. + Since v183, udev no longer supports RUN+="socket:". This feature is + still used by hal, but now generates vast amounts of errors in the + journal. Thus force the removal of hal by adding a Conflicts to the udev + package. This is safe, as hal is long dead and no longer useful. + * Drop systemd-ui Suggests + systemd-ui is unmaintained upstream and not particularly useful anymore. + * journal: fix up syslog facility when forwarding native messages. + Native journal messages (_TRANSPORT=journal) typically don't have a + syslog facility attached to it. As a result when forwarding the + messages to syslog they ended up with facility 0 (LOG_KERN). + Apply syslog_fixup_facility() so we use LOG_USER instead. + (Closes: #837893) + * Split upstream tests into systemd-tests binary package (Closes: #859152) + * Get PACKAGE_VERSION from config.h. + This also works with meson and is not autotools specific. + + [ Sjoerd Simons ] + * init-functions Only call daemon-reload when planning to redirect + systemctl daemon-reload is a quite a heavy operation, it will re-parse + all configuration and re-run all generators. This should only be done + when strictly needed. (Closes: #861158) + + -- Michael Biebl <biebl@debian.org> Fri, 28 Apr 2017 21:47:14 +0200 + +systemd (233-5) experimental; urgency=medium + + * Do not throw a warning in emergency and rescue mode if plymouth is not + installed. + Ideally, plymouth should only be referenced via dependencies, not + ExecStartPre. This at least avoids the confusing error message on + minimal installations that do not carry plymouth. + * rules: Allow SPARC vdisk devices when identifying CD drives + (Closes: #858014) + + -- Michael Biebl <biebl@debian.org> Tue, 21 Mar 2017 21:00:08 +0100 + +systemd (233-4) experimental; urgency=medium + + [ Martin Pitt ] + * udev autopkgtest: Drop obsolete sys.tar.xz fallback. + This was only necessary for supporting 232 as well. + * root-unittest: Drop obsolete FIXME comment. + * Add libpolkit-gobject-1-dev build dep for polkit version detection. + * Move systemd.link(5) to udev package. + .link files are being handled by udev, so it should ship the + corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270) + + [ Michael Biebl ] + * Restart journald on upgrades (Closes: #851438) + * Avoid strict DM API versioning. + Compiling against the dm-ioctl.h header as provided by the Linux kernel + will embed the DM interface version number. Running an older kernel can + lead to errors on shutdown when trying to detach DM devices. + As a workaround, build against a local copy of dm-ioctl.h based on 3.13, + which is the minimum required version to support DM_DEFERRED_REMOVE. + (Closes: #856337) + + -- Michael Biebl <biebl@debian.org> Thu, 16 Mar 2017 18:40:16 +0100 + +systemd (233-3) experimental; urgency=medium + + [ Michael Biebl ] + * Install D-Bus policy files in /usr + * Drop no longer needed maintainer scripts migration code and simplify + various version checks + * Fix location of installed tests + * Override package-name-doesnt-match-sonames lintian warning for libnss-* + * Don't ship any symlinks in /etc/systemd/system. + Those should be created dynamically via "systemctl enable". + + [ Martin Pitt ] + * root-unittests autopkgtest: Skip test-udev. + It has its own autopkgtest and needs some special preparation. At some + point that should be merged into root-unittests, but let's quickfix this + to unbreak upstream CI. + + -- Michael Biebl <biebl@debian.org> Fri, 03 Mar 2017 19:49:44 +0100 + +systemd (233-2) experimental; urgency=medium + + * test: skip instead of fail if crypto kmods are not available. + The Debian buildds have module loading disabled, thus AF_ALG sockets are + not available during build. Skip the tests that cover those (khash and + id128) instead of failing them in this case. + https://github.com/systemd/systemd/issues/5524 + + -- Martin Pitt <mpitt@debian.org> Fri, 03 Mar 2017 11:51:25 +0100 + +systemd (233-1) experimental; urgency=medium + + [ Martin Pitt ] + * New upstream release 233: + - udev: Remove /run/udev/control on stop to avoid sendsigs to kill + udevd. (Closes: #791944) + - nspawn: Handle container directory symlinks. (Closes: #805785) + - Fix mount units to not become "active" when NFS mounts time out. + (Closes: #835810) + - hwdb: Rework path/priority comparison when loading files from /etc/ + vs. /lib. (Closes: #845442) + - machinectl: Fix "list" command when failing to determine OS version. + (Closes: #849316) + - Support tilegx architecture. (Closes: #856306) + - systemd-sleep(8): Point out inhibitor interface as better alternative + for suspend integration. (Closes: #758279) + - journalctl: Improve error message wording when specifying boot + offset with ephemeral journal. (Closes: #839291) + * Install new systemd-umount and /usr/lib/environment.d/ + * Use "make install-tests" for shipped unit tests + * Switch back to gold linker on mips* + Bug #851736 got fixed now. + * debian/rules: Drop obsolete SETCAP path + + [ Michael Biebl ] + * Drop upstart jobs for udev + * Drop /sbin/udevadm compat symlink from udev-udeb and initramfs + * Drop Breaks and Replaces from pre-jessie + + -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 17:10:09 +0100 + +systemd (232-19) unstable; urgency=medium + + [ Martin Pitt ] + * debian/README.source: Update patch and changelog handling to current + reality. + * root-unittests autopkgtest: Blacklist test-journal-importer. + This got added in a recent PR, but running this requires using "make + install-tests" which hasn't landed yet. + * fsckd: Fix format specifiers on 32 bit architectures. + * resolved: Fix NSEC proofs for missing TLDs (Closes: #855479) + * boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy. + * boot-smoke autopkgtest: Run in containers, too. + * logind autopkgtest: Adjust to work in containers. + + [ Dimitri John Ledkov ] + * Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031) + * Fix emitting change signals with a sessions property in logind + (LP: #1661568) + + [ Michael Biebl ] + * If an automount unit is masked, don't react to activation anymore. + Otherwise we'll hit an assert sooner or later. (Closes: #856035) + + [ Felipe Sateler ] + * resolved: add the new KSK to the built-in resolved trust anchor. + The old root key will be discarded in early 2018, so get this into + stretch. + * Backport some zsh completion fixes from upstream (Closes: #847203) + + -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 09:21:12 +0100 + +systemd (232-18) unstable; urgency=medium + + * udev autopkgtest: Adjust to script-based test /sys creation. + PR #5250 changes from the static sys.tar.xz to creating the test /sys + directory with a script. Get along with both cases until 233 gets + released and packaged. + * systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is + not installed. ReadWritePaths= fails by default if the referenced + directory does not exist. This happens if resolvconf is not installed, so + use '-' to ignore the absence. (Closes: #854814) + * Fix two more seccomp issues. + * Permit seeing process list of units whose unit files are missing. + * Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set. + (Closes: #855050) + + -- Martin Pitt <mpitt@debian.org> Mon, 13 Feb 2017 17:36:12 +0100 + +systemd (232-17) unstable; urgency=medium + + * Add libcap2-bin build dependency for tests. This will make + test_exec_capabilityboundingset() actually run. (Closes: #854394) + * Add iproute2 build dependency for tests. This will make + test_exec_privatenetwork() actually run; it skips if "ip" is not present. + (Closes: #854396) + * autopkgtest: Run all upstream unit tests as root. + Ship all upstream unit tests in libsystemd-dev, and run them all as root + in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp + architectures. + * systemd-resolved.service.d/resolvconf.conf: Allow writing to + /run/resolvconf. Upstream PR #5283 will introduce permission restrictions + for systemd-resolved.service, including the lockdown to writing + /run/systemd/. This will then cause the resolvconf call in our drop-in to + fail as that needs to write to /run/resolvconf/. Add this to + ReadWritePaths=. (This is a no-op with the current unrestricted unit). + + -- Martin Pitt <mpitt@debian.org> Fri, 10 Feb 2017 11:52:46 +0100 + +systemd (232-16) unstable; urgency=medium + + [ Martin Pitt ] + * Add autopkgtest for test-seccomp + * udev: Fix by-id symlinks for devices whose IDs contain whitespace + (Closes: #851164, LP: #1647485) + * Add lintian overrides for binary-or-shlib-defines-rpath on shipped test + programs. This is apparently a new lintian warning on which uploads get + rejected. These are only test programs, not in $PATH, and they need to + link against systemd's internal library. + + [ Michael Biebl ] + * Fix seccomp filtering. (Closes: #852811) + * Do not crash on daemon-reexec when /run is full (Closes: #850074) + + -- Martin Pitt <mpitt@debian.org> Thu, 09 Feb 2017 16:22:43 +0100 + +systemd (232-15) unstable; urgency=medium + + * Add missing Build-Depends on tzdata. + It is required to successfully run the test suite. (Closes: #852883) + * Bump systemd Breaks to ensure it is upgraded in lockstep with udev. + The sandboxing features used by systemd-udevd.service require systemd + (>= 232-11). (Closes: #853078) + * Bump priority of libpam-systemd to standard. + This reflects the changes that have been made in the archive a while + ago. See #803184 + + -- Michael Biebl <biebl@debian.org> Wed, 01 Feb 2017 22:45:35 +0100 + +systemd (232-14) unstable; urgency=medium + + * Deal with NULL pointers more gracefully in unit_free() (Closes: #852202) + * Fix issues in journald during startup + + -- Michael Biebl <biebl@debian.org> Mon, 23 Jan 2017 14:52:46 +0100 + +systemd (232-13) unstable; urgency=medium + + * Re-add versioned Conflicts/Replaces against upstart. + In Debian the upstart package was never split into upstart and + upstart-sysv, so we need to keep that for switching from upstart to + systemd-sysv. (Closes: #852156) + * Update Vcs-* according to the latest recommendation + * Update Homepage and the URLs in debian/copyright to use https + + -- Michael Biebl <biebl@debian.org> Sun, 22 Jan 2017 08:19:28 +0100 + +systemd (232-12) unstable; urgency=medium + + * Fix build if seccomp support is disabled + * Enable seccomp support on ppc64 + + -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 19:43:51 +0100 + +systemd (232-11) unstable; urgency=medium + + [ Martin Pitt ] + * Fix RestrictAddressFamilies= + Backport upstream fix for setting up seccomp filters to fix + RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from + debian/rules to remove this property from unit files. + See #843160 + * Use local machine-id for running tests during package build. + Since "init" and thus "systemd" are not part of debootstrap any more, + some buildd chroots don't have an /etc/machine-id any more. Port the old + Add-env-variable-for-machine-ID-path.patch to the current code, use a + local machine-id again, and always make test suite failures fatal. + (Closes: #851445) + + [ Michael Biebl ] + * gpt-auto-generator: support LUKS encrypted root partitions + (Closes: #851475) + * Switch to bfd linker on mips* + The gold linker is currently producing broken libraries on mips* + resulting in segfaults for users of libsystemd. Switch to bfd until + binutils has been fixed. (Closes: #851412) + * Revert "core: turn on specifier expansion for more unit file settings" + The expansion of the % character broke the fstab-generator and + specifying the tmpfs size as percentage of physical RAM resulted in the + size being set to 4k. (Closes: #851492) + * Drop obsolete Conflicts, Breaks and Replaces + * Require systemd-shim version which supports v232. + See #844785 + + [ Ondřej Nový ] + * Redirect try-restart in init-functions hook (Closes: #851688) + + -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 12:38:54 +0100 + +systemd (232-10) unstable; urgency=medium + + * Add NULL sentinel to strjoin. + We haven't cherry-picked upstream commit 605405c6c which introduced a + strjoin macro that adds the NULL sentinel automatically so we need to do + it manually. (Closes: #851210) + + -- Michael Biebl <biebl@debian.org> Fri, 13 Jan 2017 05:08:55 +0100 + +systemd (232-9) unstable; urgency=medium + + * Use --disable-wheel-group configure switch. + Instead of mangling the tmpfiles via sed to remove the wheel group, use + the configure switch which was added upstream in v230. + See https://github.com/systemd/systemd/issues/2492 + * Update debian/copyright. + Bob Jenkins released the lookup3.[ch] files as public domain which means + there is no copyright holder. + * Drop fallback for older reportbug versions when attaching files + * debian/extra/init-functions.d/40-systemd: Stop checking for init env var. + This env variable is no longer set when systemd executes a service so + it's pointless to check for it. + * debian/extra/init-functions.d/40-systemd: Stop setting + _SYSTEMCTL_SKIP_REDIRECT=true. + It seems we don't actually need it to detect recursive loops (PPID is + sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into + the runtime environment of the service. (Closes: #802018) + * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT. + Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more + consistent with other environment variables which are used internally by + systemd, like SYSTEMCTL_SKIP_SYSV. + * Various specifier resolution fixes. + Turn on specifier expansion for more unit file settings. + See https://github.com/systemd/systemd/pull/4835 (Closes: #781730) + + -- Michael Biebl <biebl@debian.org> Thu, 12 Jan 2017 16:59:22 +0100 + +systemd (232-8) unstable; urgency=medium + + [ Martin Pitt ] + * Drop systemd dependency from libnss-myhostname again. + This NSS module is completely independent from systemd, unlike the other + three. + * Install 71-seat.rules into the initrd. + This helps plymouth to detect applicable devices. (Closes: #756109) + * networkd: Fix crash when setting routes. + * resolved: Drop removal of resolvconf entry on stop. + This leads to timeouts on shutdown via the resolvconf hooks and does not + actually help much -- /etc/resolv.conf would then just be empty instead of + having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved + in a running system is broken either way. (LP: #1648068) + * Keep RestrictAddressFamilies on amd64. + This option and libseccomp currently work on amd64 at least, so let's make + sure it does not break there as well, and benefit from the additional + protection at least on this architecture. + * Explicitly set D-Bus policy dir. + This is about to change upstream in + https://github.com/systemd/systemd/pull/4892, but as explained in commit + 2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1. + + [ Michael Biebl ] + * doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604) + * core: Rework logic to determine when we decide to add automatic deps for + mounts. This adds a concept of "extrinsic" mounts. If mounts are + extrinsic we consider them managed by something else and do not add + automatic ordering against umount.target, local-fs.target, + remote-fs.target. (Closes: #818978) + * rules: Add persistent links for nbd devices. (Closes: #837999) + + -- Michael Biebl <biebl@debian.org> Sat, 17 Dec 2016 01:54:18 +0100 + +systemd (232-7) unstable; urgency=medium + + [ Michael Biebl ] + * Mark liblz4-tool build dependency as <!nocheck> + * udev: Try mount -n -o move first + initramfs-tools is not actually using util-linux mount (yet), so making + mount -n --move the first alternative would trigger an error message if + users have built their initramfs without busybox support. + + [ Alexander Kurtz ] + * debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary + variable. (Closes: #845977) + + [ Martin Pitt ] + * Drop systemd-networkd's "After=dbus.service" ordering, so that it can + start during early boot (for cloud-init.service). It will auto-connect to + D-Bus once it becomes available later, and transient (from DHCP) hostname + and timezone setting do not currently work anyway. (LP: #1636912) + * Run hwdb/parse_hwdb.py during package build. + * Package libnss-systemd + * Make libnss-* depend on the same systemd package version. + + -- Martin Pitt <mpitt@debian.org> Wed, 30 Nov 2016 14:38:36 +0100 + +systemd (232-6) unstable; urgency=medium + + * Add policykit-1 test dependency for networkd-test.py. + * debian/rules: Don't destroy unit symlinks with sed -i. + Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies= + from units. This also caused unit symlinks to get turned into real files, + causing D-Bus activated services like timedated to fail ("two units with + the same D-Bus name"). + * Fall back to "mount -o move" in udev initramfs script + klibc's mount does not understand --move, so for the time being we need to + support both variants. (Closes: #845161) + * debian/README.Debian: Document how to generate a shutdown log. + Thanks 積丹尼 Dan Jacobson. (Closes: #826297) + + -- Martin Pitt <mpitt@debian.org> Mon, 21 Nov 2016 10:39:57 +0100 + +systemd (232-5) unstable; urgency=medium + + * Add missing liblz4-tool build dependency. + Fixes test-compress failure during package build. + * systemd: Ship /var/lib. + This will soon contain a polkit pkla file. + + -- Martin Pitt <mpitt@debian.org> Sun, 20 Nov 2016 12:22:52 +0100 + +systemd (232-4) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/unit-config: Query pkg-config for system unit dir. + This fixes confusion on merged-/usr systems where both /usr/lib/systemd and + /lib/systemd exist. It's actually useful to verify that systemd.pc says the + truth. + * debian/tests/upstream: Fix clobbering of merged-/usr symlinks + * debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary + * debian/rules: Drop check for linking to libs in /usr. + This was just an approximation, as booting without an initrd could still be + broken by library updates (e. g. #828991). With merged /usr now being the + default this is now completely moot. + * Move kernel-install initrd script to a later prefix. + 60- does not leave much room for scripts that want to run before initrd + building (which is usually one of the latest things to do), so bump to 85. + Thanks to Sjoerd Simons for the suggestion. + * Disable 99-default.link instead of the udev rule for disabling persistent + interface names. + Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be + set any more, which breaks 80-container-ve.network and matching on driver + name in general. So disable the actual default link policy instead. Still + keep testing for 80-net-setup-link.rules in the upgrade fix and + 73-usb-net-by-mac.rules to keep the desired behaviour on systems which + already disabled ifnames via that udev rule. + See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html + * debian/tests/boot-and-services: Always run seccomp test + seccomp is now available on all architectures on which Debian and Ubuntu + run tests, so stop making this test silently skip if seccomp is disabled. + * Bump libseccomp build dependency as per configure.ac. + * Replace "Drop RestrictAddressFamilies=" patch with sed call. + With that it will also apply to upstream builds/CI, and it is structurally + simpler. + * Rebuild against libseccomp with fixed shlibs. (Closes: #844497) + + [ Michael Biebl ] + * fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989) + * build-sys: do not install ctrl-alt-del.target symlink twice. + (Closes: #844039) + * Enable lz4 support. + While the compression rate is not as good as XZ, it is much faster, so a + better default for the journal and especially systemd-coredump. + (Closes: #832010) + + [ Felipe Sateler ] + * Enable machines.target by default. (Closes: #806787) + + [ Evgeny Vereshchagin ] + * debian/tests/upstream: Print all journal files. + We don't print all journal files. This is misleading a bit: + https://github.com/systemd/systemd/pull/4331#issuecomment-252830790 + https://github.com/systemd/systemd/pull/4395#discussion_r87948836 + + [ Luca Boccassi ] + * Use mount --move in initramfs-tools udev script. + Due to recent changes in busybox and initramfs-tools the mount + utility is no longer the one from busybox but from util-linux. + The latter does not support mount -o move. + The former supports both -o move and --move, so use it instead to be + compatible with both. + See this discussion for more details: + https://bugs.debian.org/823856 (Closes: #844775) + + -- Michael Biebl <biebl@debian.org> Sun, 20 Nov 2016 03:34:58 +0100 + +systemd (232-3) unstable; urgency=medium + + [ Felipe Sateler ] + * Make systemd-delta less confused on merged-usr systems. (Closes: #843070) + * Fix wrong paths for /bin/mount when compiled on merged-usr system. + Then the build system finds /usr/bin/mount which won't exist on a + split-/usr system. Set the paths explicitly in debian/rules and drop + Use-different-default-paths-for-various-binaries.patch. (Closes: #843433) + + [ Martin Pitt ] + * debian/tests/logind: Split out "pid in logind session" test + * debian/tests/logind: Adjust "in logind session" test for unified cgroup + hierarchy + * debian/tests/boot-and-services: Check common properties of CLI programs. + Verify that CLI programs have a sane behaviour and exit code when being + called with --help, --version, or an invalid option. + * nspawn: Fix exit code for --help and --version (Closes: #843544) + * core: Revert using the unified hierarchy for the systemd cgroup. + Too many things don't get along with it yet, like docker, LXC, or runc. + (Closes: #843509) + + -- Martin Pitt <mpitt@debian.org> Wed, 09 Nov 2016 09:34:45 +0100 + +systemd (232-2) unstable; urgency=medium + + * Drop RestrictAddressFamilies from service files. + RestrictAddressFamilies= is broken on 32bit architectures and causes + various services to fail with a timeout, including + systemd-udevd.service. + While this might actually be a libseccomp issue, remove this option for + now until a proper solution is found. (Closes: #843160) + + -- Michael Biebl <biebl@debian.org> Sat, 05 Nov 2016 22:43:27 +0100 + +systemd (232-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release 232: + - Fix "systemctl start" when ReadWriteDirectories is a symlink + (Closes: ##792187) + - Fix "journalctl --setup-keys" output (Closes: #839097) + - Run run sysctl service if /proc/sys/net is writable, for containers + (Closes: #840529) + - resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors + (Closes: #834453) + * debian/tests/logind: Copy the current on-disk unit instead of the + on-memory one. + * Build sd-boot on arm64. gnu-efi is available on arm64 now. + (Closes: #842617) + * Link test-seccomp against seccomp libs to fix FTBFS + * debian/rules: Remove nss-systemd (until we package it) + * Install new systemd-mount + + [ Michael Biebl ] + * Install new journal-upload.conf man pages in systemd-journal-remote + + -- Martin Pitt <mpitt@debian.org> Fri, 04 Nov 2016 07:18:10 +0200 + +systemd (231-10) unstable; urgency=medium + + [ Martin Pitt ] + * systemctl: Add --wait option to wait until started units terminate again. + * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors. + This makes it possible to configure a fallback to "dns" without breaking + DNSSEC, with "resolve [!UNAVAIL=return] dns". + * libnss-resolve.postinst: Skip dns fallback if resolve is present. + Only fall back to "dns" if nss-resolve is not installed (for the + architecture of the calling program). Once it is, we never want to fall + back to "dns" as that breaks enforcing DNSSEC verification and also + pointlessly retries NXDOMAIN failures. (LP: #1624071) + * unit: sent change signal before removing the unit if necessary + (LP: #1632964) + * networkd: Fix assertion crash on adding VTI with IPv6 addresses + (LP: #1633274) + * debian/tests/upstream: Stop specifying initrd, it is autodetected now. + * debian/tests/upstream: Add gcc/libc-dev/make test dependencies, + so that the tests can build helper binaries. + + [ Felipe Sateler ] + * Explicitly disable installing the upstream-provided PAM configuration. + * Register interest in the status of dracut and initramfs-tools in reportbug + template + + [ Michael Biebl ] + * Stop creating systemd-update-utmp-runlevel.service symlinks manually + + -- Martin Pitt <mpitt@debian.org> Wed, 26 Oct 2016 13:24:37 +0200 + +systemd (231-9) unstable; urgency=medium + + * pid1: process zero-length notification messages again. + Just remove the assertion, the "n" value was not used anyway. This fixes + a local DoS due to unprocessed/unclosed fds which got introduced by the + previous fix. (Closes: #839171) (LP: #1628687) + * pid1: Robustify manager_dispatch_notify_fd() + * test/networkd-test.py: Add missing writeConfig() helper function. + + -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 23:39:24 +0200 + +systemd (231-8) unstable; urgency=medium + + [ Martin Pitt ] + * Replace remaining systemctl --failed with --state=failed + "--failed" is deprecated in favor of --state. + * debian/shlibs.local.in: More precisely define version of internal shared + lib. + * debian/tests/upstream: Drop blacklisting + These tests now work fine without qemu. + * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737) + * upstream build system: Install libudev, libsystemd, and nss modules to + ${rootlibdir}. Drop downstream workaround from debian/rules. + * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release. + Resolved's DNSSEC support is still not mature enough, and upstream + recommends to disable it in stable distro releases still. + * Fix abort/DoS on zero-length notify message triggers (LP: #1628687) + * resolved: don't query domain-limited DNS servers for other domains + (LP: #1588230) + + [ Antonio Ospite ] + * Update systemd-user pam config to require pam_limits.so. + (Closes: #838191) + + -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 13:40:21 +0200 + +systemd (231-7) unstable; urgency=medium + + [ Michael Biebl ] + * fsckd: Do not exit on idle timeout if there are still clients connected + (Closes: #788050, LP: #1547844) + + [ Martin Pitt ] + * 73-usb-net-by-mac.rules: Split kernel command line import line. + Reportedly this makes the rule actually work on some platforms. Thanks Alp + Toker! (LP: #1593379) + * debian/tests/boot-smoke: Only run 5 iterations + * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt. + Drop corresponding libcap2-bin dependency. + * debian/tests/systemd-fsckd: Robustify check for "unit was running" + (LP: #1624406) + * debian/extra/set-cpufreq: Use powersave with intel_pstate. + This is what we did on xenial, and apparently powersave is still actually + better than performance. Thanks to Doug Smythies for the measurements! + (LP: #1579278) + * Ubuntu: Move ondemand.service from static to runtime enablement. + This makes it easier to keep performance, by disabling ondemand.service. + Side issue in LP: #1579278 + * Revert "networkd: remove route if carrier is lost" + This causes networkd to drop addresses from unmanaged interfaces in some + cases. (Closes: #837759) + * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service + * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well. + (LP: #1625584) + + -- Martin Pitt <mpitt@debian.org> Tue, 20 Sep 2016 15:03:06 +0200 + +systemd (231-6) unstable; urgency=medium + + [ Martin Pitt ] + * Add alternative iptables-dev build dependencies + libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases. + Add it as a fallback build dependency for backports and upstream tests. + * Detect if seccomp is enabled but seccomp filtering is disabled + (Closes: #832713) + * resolved: recognize DNS names with more than one trailing dot as invalid + (LP: #1600000) + * debian/tests/smoke: Store udev db dump artifact on failure + * networkd: limit the number of routes to the kernel limit + * systemctl: consider service running only when it is in active or reloading state + * networkd: remove route if carrier is lost + * Add Ref()/Unref() bus calls for units + + [ Felipe Sateler ] + * git-cherry-pick: always recreate the patch-queue branch. + + [ Dimitri John Ledkov ] + * Use idiomatic variables from dpkg include. + + -- Martin Pitt <mpitt@debian.org> Sun, 11 Sep 2016 15:00:55 +0200 + +systemd (231-5) unstable; urgency=medium + + [ Iain Lane ] + * Let graphical-session-pre.target be manually started (LP: #1615341) + + [ Felipe Sateler ] + * Add basic version of git-cherry-pick + * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream + patch + * sysv-generator: better error reporting. (Closes: #830257) + + [ Martin Pitt ] + * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more + efficiently. Stop calling readlink at all and just test if + /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to + disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e. + empty file), and if the rule is customized we cannot really predict anyway + if the user wants MAC-based USB net names or not. (LP: #1615021) + * Ship kernel-install (Closes: #744301) + * Add debian/extra/kernel-install.d/60-initrd.install. + This kernel-install drop-in copies the initrd of the selected kernel to + the EFI partition. + * bootctl: Automatically detect ESP partition. + This makes bootctl work with Debian's /boot/efi/ mountpoint without having + to explicitly specify --path. + Patches cherry-picked from upstream master. + * systemd.NEWS: Point out that alternatively rcS scripts can be moved to + rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion! + + [ Michael Biebl ] + * Enable iptables support (Closes: #787480) + * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf" + The special 'key handling' inhibitors should always work regardless of + any *IgnoreInhibited settings – otherwise they're nearly useless. + Update man pages to clarify that *KeyIgnoreInhibited only apply to a + subset of locks (Closes: #834148) + + -- Martin Pitt <mpitt@debian.org> Fri, 26 Aug 2016 10:58:07 +0200 + +systemd (231-4) unstable; urgency=medium + + * Revert "pid1: reconnect to the console before being re-executed" + This unbreaks consoles after "daemon-reexec". (Closes: #834367) + + -- Martin Pitt <mpitt@debian.org> Thu, 18 Aug 2016 07:03:13 +0200 + +systemd (231-3) unstable; urgency=medium + + * resolved resolvconf integration: Run resolvconf without privilege + restrictions. On some architectures (at least ppc64el), running resolvconf + does not work with MemoryDenyWriteExecute=yes. (LP: #1609740) + * Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented + through seccomp as well. (Closes: #832713) + + -- Martin Pitt <mpitt@debian.org> Mon, 15 Aug 2016 09:58:09 +0200 + +systemd (231-2) unstable; urgency=medium + + [ Martin Pitt ] + * debian/rules: Fix UPSTREAM_VERSION for upstream master builds + * Limit "link against /usr" check to some critical binaries only and add + generators + * debian/rules: Put back cleanup of *.busname (Closes: #833487) + * debian/tests/localed-x11-keymap: Robustify cleanup + * debian/tests/localed-x11-keymap: Check that localed works without + /etc/default/keyboard. This reproduces #833849. + * Revert "units: add a basic SystemCallFilter (#3471)" + This causes fatal failures on kernels that don't have seccomp enabled. + This can be reactivated once + https://github.com/systemd/systemd/issues/3882 is fixed. + (Closes: #832713, #832893) + + [ Simon McVittie ] + * localed: tolerate absence of /etc/default/keyboard. + The debian-specific patch to read Debian config files was not tolerating + the absence of /etc/default/keyboard. This causes systemd-localed to + fail to start on systems where that file isn't populated (like embedded + systems without keyboards). (Closes: #833849) + + -- Martin Pitt <mpitt@debian.org> Sun, 14 Aug 2016 10:54:57 +0200 + +systemd (231-1) unstable; urgency=low + + [ Martin Pitt ] + * New upstream release 231: + - Fix "Failed to create directory /str/sys/fs/selinux: Read-only file + system" warning. (Closes: #830693) + * systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal + leftover. (Closes: #830778) + * Drop support for rcS.d SysV init scripts. + These are prone to cause dependency loops, and almost all packages with + rcS scripts now ship a native systemd service. + * networkd: Handle router advertisements in userspace again. + Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch. + Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793 + are unreproducible and need more reporter feedback. + * debian/gbp.conf: Enable dch options "full" and "multimaint-merge" + * systemd-sysv: Add Conflicts: systemd-shim. + To avoid shim trying to claim the D-Bus interfaces. + * Add graphical-session.target user unit. + * Add graphical-session-pre.target user unit + * Add debian/extra/units-ubuntu/user@.service.d/timeout.conf. + This avoids long hangs during shutdown if user services fail/hang due to + X.org going away too early. This is mostly a workaround, so only install + for Ubuntu for now. + * Dynamically add upstream version to debian/shlibs.local + * Set Debian/Ubuntu downstream support URL in journal catalogs + (Closes: #769187) + + [ Michael Biebl ] + * Restrict Conflicts: openrc to << 0.20.4-2.1. + Newer versions of openrc no longer ship conflicting implementations of + update-rc.d/invoke-rc.d. + * Add Depends: dbus to systemd-container. + This is required for systemd-machined and systemd-nspawn to work + properly. (Closes: #830575) + * Drop insserv.conf generator. + We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and + augment services with that dependency information via runtime drop-in + files. Services which want to provide certain system facilities need to + pull in the corresponding targets themselves. Either directly in the + native service unit or by shipping a drop-in snippet for SysV init + scripts. (Closes: #825858) + * getty-static.service: Only start if we have a working VC subsystem. + Use ConditionPathExists=/dev/tty0, the same check as in getty@.service, + to determine whether we have a functional VC subsystem and we should + start any gettys. (Closes: #824779) + * Stop mentioning snapshot and restore in the package description. + Support for the .snapshot unit type has been removed upstream. + * Drop sigpwr-container-shutdown.service. + This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3 + to shut down systemd based LXC containers. + https://github.com/lxc/lxc/pull/1086 + https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ + + [ Felipe Sateler ] + * Add versioned breaks for packages shipping rcS init scripts + + -- Martin Pitt <mpitt@debian.org> Tue, 26 Jul 2016 12:17:14 +0200 + +systemd (230-7) unstable; urgency=medium + + * Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise + dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a + shlibs file for it. + * Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols. + This ensures proper dependencies when a package has a Build-Depends on a + higher version of libudev-dev or libsystemd-dev then what it gets from the + used symbols. + + -- Michael Biebl <biebl@debian.org> Fri, 08 Jul 2016 13:04:33 +0200 + +systemd (230-6) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-smoke: Stop running in containers again, too unreliable + on Ubuntu s390x right now. + + [ Michael Biebl ] + * Bump Build-Depends on debhelper to (>= 9.20160114), required for + --dbgsym-migration support. + * Install test-udev binary into $libdir/udev/ not $libdir. Only libraries + should be installed directly into $libdir. + * Exclude libsystemd-shared from dh_makeshlibs. + + [ Felipe Sateler ] + * Do not install libsystemd-shared.so symlink + * {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144) + + [ Michael Prokop ] + * debian/tests/logind: Ensure correct version of logind is running. + + -- Michael Biebl <biebl@debian.org> Thu, 07 Jul 2016 15:22:16 +0200 + +systemd (230-5) unstable; urgency=medium + + [ Martin Pitt ] + * Sync test/networkd-test.py with current upstream master, and remove our + debian/tests/networkd copy. Directly run test/networkd-test.py in + autopkgtest. + * debian/extra/rules/73-usb-net-by-mac.rules: Disable when + /etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be + consistent with the documented way to disable ifnames. (Closes: #824491, + LP: #1593379) + * debian/rules: Ignore libcap-ng.so in the "does anything link against /usr" + check, to work around libaudit1 recently gaining a new dependency against + that library (#828991). We have no influence on that ourselves. This fixes + the FTBFS in the meantime. + + [ Felipe Sateler ] + * Convert common code into a private shared library. This saves about 9 MB + of installed size in the systemd package, and some more in systemd-*. + + -- Martin Pitt <mpitt@debian.org> Fri, 01 Jul 2016 09:15:12 +0200 + +systemd (230-4) unstable; urgency=medium + + [ Martin Pitt ] + * tmp.mount: Add nosuid and nodev mount options. This restores compatibility + with the original SysV int RAMTMP defaults. (Closes: #826377) + * debian/tests/upstream: Some tests fail on platforms without QEMU at the + moment due to upstream PR#3587; blacklist these for now if QEMU is not + available. + * debian/rules: Don't run the "anything links against /usr" check for + upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have + libidn moved to /lib. + * debian/tests/upstream: Clean up old journals before running a test, to + avoid printing a wrong one on failure. + * debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on + i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the + only place where these actually run. + * resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to + disable local caching. + * resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489) + * resolved: Update resolv.conf when calling SetLinkDNS(). + * debian/tests/storage: Sync and settle udev after luksFormat, to reduce the + chance of seeing some half-written signatures. + * debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression + seems to have been fixed now. + * resolved: respond to local resolver requests on 127.0.0.53:53. This + provides compatibility with clients that don't use NSS but do DNS queries + directly, such as Chrome. + * resolved: Don't add route-only domains to /etc/resolv.conf. + * systemd-resolve: Add --flush-caches and --status commands. + * Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell + resolvconf about resolved's builtin DNS server on 127.0.0.53. With that, + DNS servers picked up via networkd are respected when using resolvconf, + and software like Chrome that does not do NSS (libnss-resolve) still gets + proper DNS resolution. Drop the brittle and ugly + systemd-networkd-resolvconf-update.{path,service} hack instead. + * debian/tests/boot-smoke: Run in containers as well. + + [ Laurent Bigonville ] + * Build with IDN support. (Closes: #814528) + + -- Martin Pitt <mpitt@debian.org> Wed, 29 Jun 2016 15:23:32 +0200 + +systemd (230-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed + systemctl exit code for "unit not found" in upstream commit ca473d57. + * debian/tests/boot-and-services, test_no_failed(): Show journal of failed + units. + * debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl + show behaviour in 231: now this fails for nonexisting units instead of + succeeding with "not-found". Make the code compatible to both for now. + * Fix networkd integration with resolvconf for domain-limited DNS servers, + so that these don't appear as global nameservers in resolv.conf. Thanks + Andy Whitcroft for the initial fix! Add corresponding test case to + debian/tests/networkd. (LP: #1587762) + * resolved: Fix comments in resolve.conf for search domain overflows. + (LP: #1588229) + * On Ubuntu, provide an "ondemand.service" that replaces + /etc/init.d/ondemand. The latter does not exist any more when + "initscripts" falls out of the default installation. (LP: #1584124) This + now does not do a fixed one-minute wait but uses "Type=idle" instead. This + also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old), + as on these the ondemand/powersave schedulers are actually detrimental. + (LP: #1579278) + * debian/systemd-container.install: Drop *.busname installation, they are + going away upstream. + * debian/extra/init-functions.d/40-systemd: Do not call systemctl + daemon-reload if the script is called as user (like reportbug does). Also + make sure that daemon-reload will not invoke polkit. + * Install test-udeb from .libs, to avoid installing the automake shell + wrapper. + * Fix transaction restarting in resolved to avoid async processing of + free'd transactions. + (Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740) + * Add "upstream" autopkgtest that runs the test/TEST* upstream integration + tests in QEMU and nspawn. + * Build systemd-sysusers binary, for using in rkt. Do not ship the + corresponding unit and sysusers.d/ files yet, as these need some + Debianization and an autopkgtest. (Closes: #823322) + * debian/tests/systemd-fsckd: Adjust was_running() to also work for version + 230. + + [ Michael Biebl ] + * Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState + of a service is "not-found". This will run systemd-sysv-generator, so SysV + init scripts that aren't installed by the package manager should be picked + up automatically. (Closes: #825913) + * automount: handle expire_tokens when the mount unit changes its state. + (Closes: #826512) + * debian/systemd.preinst: Correctly determine whether a service is enabled. + Testing for the return code alone is not sufficient as we need to + differentiate between "generated" and "enabled" services. + (Closes: #825981) + + [ Felipe Sateler ] + * Drop configure option --disable-compat-libs. It no longer exists. + * Add policykit-1 to Suggests. It is used to allow unprivileged users to + execute certain commands. (Closes: #827756) + + -- Martin Pitt <mpitt@debian.org> Tue, 21 Jun 2016 23:51:07 +0200 + +systemd (230-2) unstable; urgency=medium + + [ Martin Pitt ] + * Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there + it does not use hotplug.functions and is a lower version. + * boot-and-services autopkgtest: Add missing xserver-xorg and + lightdm-greeter test dependencies, so that lightdm can start. + (See LP #1581106) + * Re-disable logind's KillUserProcesses option by default. (Closes: #825394) + + [ Michael Biebl ] + * Drop --disable-silent-rules from debian/rules. This is now handled by dh + directly depending on whether the DH_QUIET environment variable is set. + + -- Martin Pitt <mpitt@debian.org> Tue, 31 May 2016 12:02:14 +0200 + +systemd (230-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release 230. + - Fix rare assertion failure in hashmaps. (Closes: #816612) + - Fix leaking scope units. (Closes: #805477) + - Fix wrong socket ownership after daemon-reload. (LP: #1577001) + - udev: Fix touch screen detection. (LP: #1530384) + * Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu + 16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu + now. + * udev: Drop hotplug.functions, now that the last remaining user of this got + fixed. Add appropriate versioned Breaks:. + * debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices + from different vendors. Thanks Atoyama Tokanawa. + * Remove "bootchart" autopkgtest, this upstream version does not ship + bootchart any more. It will be packaged separately. + + [ Michael Biebl ] + * Drop obsolete --disable-bootchart configure switch from udeb build. + * Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades. + + -- Martin Pitt <mpitt@debian.org> Mon, 23 May 2016 09:42:51 +0200 + +systemd (229-6) unstable; urgency=medium + + * systemd-container: Prefer renamed "btrfs-progs" package name over + "btrfs-tools". (Closes: #822629) + * systemd-container: Recommend libnss-mymachines. (Closes: #822615) + * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages. + * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't + need $x-display-manager any more as most/all DMs ship native services, and + $mail-transport-agent is not widely used (not even by our default MTA + exim4). + * Unify our two patches for Debian specific configuration files. + * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in + its own slave mount name space again. laptop-mode-tools 1.68 fixed the + original bug (#762018), thus add a Breaks: to earlier versions. + * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/; + remove the conffile on upgrades. + * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got + committed upstream. + * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch + that got committed upstream. + * debian/udev.README.Debian: Adjust documentation of MAC based naming for + USB network cards to the udev rule, where this was moved to in 229-5. + * debian/extra/init-functions.d/40-systemd: Invoke status command with + --no-pager, to avoid blocking scripts that call an init.d script with + "status" with an unexpected pager process. (Closes: #765175, LP: #1576409) + * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles + accessible to the user session. This avoids having to install libu2f-host0 + (which isn't discoverable at all) to make those devices work. + (LP: #1387908) + * libnss-resolve: Enable systemd-resolved.service on package installation, + as this package makes little sense without resolved. + * Add a DHCP exit hook for pushing received NTP servers into timesyncd. + (LP: #1578663) + * debian/udev.postinst: Fix migration check from the old persistent-net + generator to not apply to chroots. (Closes: #813141) + * Revert "enable TasksMax= for all services by default, and set it to 512". + Introducing a default limit on number of threads broke a lot of software + which regularly needs more, such as MySQL and RabbitMQ, or services that + spawn off an indefinite number of subtasks that are not in a scope, like + LXC or cron. 512 is way too much for most "simple" services, and it's way + too little for the ones mentioned above. Effective (and much stricter) + limits should instead be put into units individually. + (Closes: #823530, LP: #1578080) + * Split out udev rule to name USB network interfaces by MAC address into + 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025) + * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the + kernel command line, to be consistent with disabling the *.link files. + * 73-special-net-names.rule: Name the IBM integrated management module + virtual USB network card "ibmimm". Thanks Marco d'Itri! + + -- Martin Pitt <mpitt@debian.org> Thu, 12 May 2016 09:40:19 +0200 + +systemd (229-5) unstable; urgency=medium + + * debian/tests/unit-config: Call "daemon-reload" to clean up generated units + in between tests. + * debian/tests/unit-config: Check that enable/disable commands are + idempotent. + * debian/tests/unit-config: Detect if system units are in /usr/, so that the + test works on systems with merged /usr. + * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d + directly, so that the test works under Fedora too. + * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit, + and check "systemctl enable" on a unit with full path which is not in the + standard directories. + * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as + it is going to get rules for other devices. Also install it into the + initramfs. + * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based + naming schema for ibmveth devices. (LP: #1561096) + * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper + devices with "change" events, as this causes spurious unmounting with + multipath devices. (LP: #1565969) + * Fix bogus "No [Install] section" warning when enabling a unit with full + path. (LP: #1563590) + * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages + from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog + by default any more. + * Bump Standards-Version to 3.9.8 (no changes necessary). + * debian/tests/boot-smoke: Add some extra debugging if there are pending + jobs after 10s, to figure out why lightdm is sometimes "restarting". + (for LP #1571673) + * debian/tests/boot-smoke: Configure dummy X.org driver (like in the + boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673) + * Move Debian specific patches into debian/patches/debian (which translates + to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian + patches separated without the comments in debian/patches/series (which + always get removed by "pq export"). + * Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't + supported in Debian. (Closes: #822198) + * udev: Mark nbd as inactive until connected. (Closes: #812485) + * On shutdown, unmount /tmp before disabling swap. (Closes: #788303) + * debian/systemd-coredump.postinst: Do daemon-reload before starting + systemd-coredump, as the unit file may have changed on upgrades. + (Closes: #820325) + * Set MAC based name for USB network interfaces only for universally + administered (i. e. stable) MACs, not for locally administered (i. e. + randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link + (as link files don't currently support globs for MACAddress=) and replace + with an udev rule in /lib/udev/rules.d/73-special-net-names.rules. + (Closes: #812575, LP: #1574483) + + -- Martin Pitt <mpitt@debian.org> Mon, 25 Apr 2016 11:08:11 +0200 + +systemd (229-4) unstable; urgency=medium + + * Fix assertion crash when processing a (broken) device without a sysfs + path. (Closes: #819290, LP: #1560695) + * Fix crash when shutdown is issued from a non-tty. (LP: #1553040) + * networkd: Stay running while any non-loopback interface is up. + (Closes: #819414) + * Fix reading uint32 D-Bus properties on big-endian. + * Fix crash if an udev device has many tags or devlinks. (LP: #1564976) + * systemctl, loginctl, etc.: Don't start polkit agent when running as root. + (LP: #1565617) + * keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3. + * systemd.resource-control.5: Fix links to cgroup documentation on + kernel.org. (Closes: #819970) + * Install test-udev into libudev-dev, so that we have it available for + autopkgtests. + * Add "udev" autopkgtest for running the upstream test/udev-test.pl. + + -- Martin Pitt <mpitt@debian.org> Thu, 07 Apr 2016 08:11:10 +0200 + +systemd (229-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/timedated: Add tests for "timedatectl set-local-rtc". + * Be more tolerant in parsing /etc/adjtime. + * debian/systemd.postinst: Don't fail package installation if systemctl + daemon-reload trigger fails. This does not fix the root cause of the + reload failures, but at least causes fewer packages to be in a broken + state after upgrade, so that a reboot or apt-get -f install have a much + higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654) + * debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against + upstream as well. + * debian/tests/boot-and-services: Wait for units to stop with a "systemctl + is-active" loop instead of static sleeps. + * debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This + is an actual regression in networkd-229, to be investigated. But this + shouldn't hold up reverse dependencies. + * Fix assertion in add_random(). (LP: #1554861) + * debian/tests/boot-and-services: Don't assert on "Stopped Container c1" + message in NspawnTests.test_service(), this is sometimes not present. Just + check that the unit did not fail. + * Add "adduser" dependency to systemd-coredump, to quiesce lintian. + * Bump Standards-Version to 3.9.7 (no changes necessary). + * Fix timespec parsing by correctly initializing microseconds. + (Closes: #818698, LP: #1559038) + * networkd: Add fallback if FIONREAD is not supported. (Closes: #818488) + * Cherry-pick various fixes from upstream master. + - Fixes logout when changing the current target. (Closes: #805442) + + [ Evgeny Vereshchagin ] + * debian/tests/boot-and-services: Search systemd-coredump's output by + SYSLOG_IDENTIFIER. + * Add missing "Recommends: btrfs-tools" to systemd-container. + * Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket + without a reboot. (Closes: #816767) + + [ Felipe Sateler ] + * Set the paths of loadkeys and setfont via configure arguments, not a patch + + -- Martin Pitt <mpitt@debian.org> Mon, 21 Mar 2016 14:11:44 +0100 + +systemd (229-2) unstable; urgency=medium + + * time-util: map ALARM clockids to non-ALARM clockids in now(), to work on + architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on + many architectures. + * debian/systemd.postinst: Add missing newline to /etc/adjtime migration. + (See #699554) + * debian/systemd.postinst: Only try to enable tmp.mount if we actually + copied it to /etc. Don't try to enable a generated unit. (LP: #1545707) + * debian/tests/boot-and-services: Increase timeouts of test_bash_crash from + 5 to 10 seconds, and sync the journal after every iteration. + * debian/extra/checkout-upstream: Try again after one minute if git checkout + fails, to avoid failures from transient network errors. + * debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a + template for generating our custom one instead of 90-autopkgtest.cfg. The + latter does not exist on non-x86 architectures and is not relevant for + this test. + * debian/tests/boot-and-services: Skip journal test for test_bash_crash when + running against upstream, as this currently fails most of the time. To be + investigated. + * debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against + upstream, as this is brittle there. To be investigated. + * debian/tests/bootchart: Skip test if bootchart is not available or + testing in upstream mode. bootchart got removed from master and will be + moved to a separate repository. + * debian/tests/boot-and-services: Show verbose journal output on failure in + nspawn test, and sync journal before. + * Move systemd-coredump socket and service into systemd-coredump binary + package. + * Revert changing the default core dump ulimit and core_pattern. This + completely breaks core dumps without systemd-coredump. It's also + contradicting core(8). (Closes: #815020) + * Fix addresses for type "sit" tunnels. (Closes: #816132) + * networkd: Go back to letting the kernel handle IPv6 router advertisements, + as networkd's own currently has too many regressions. Thanks to Stefan + Lippers-Hollmann for investigating this! (Closes: #814566, + #814667, #815586, #815884, #815793) + + -- Martin Pitt <mpitt@debian.org> Sun, 28 Feb 2016 22:16:12 +0100 + +systemd (229-1) unstable; urgency=medium + + * New upstream release 229. + - Fix systemctl behaviour in chroots. (Closes: #802780) + - Fix SELinux context of /run/user/$UID. (Closes: #775651) + - Add option to optionally turn of color output. (Closes: #783692) + - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514) + - Do not warn about Wants depencencies on masked units. (LP: #1543282) + * debian/systemd.install: Ship the new systemd-resolve. + * libsystemd0.symbols: Add new symbols from this release. + * systemd-coredump.postinst: Create systemd-coredump system user. + * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth + unit, which is a race condition with plymouthd auto-stopping. + (LP: #1543144) + * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch. + initramfs-tools has mounted /usr since Jessie, and tzdata now creates + /etc/localtime as a symlink too (see #803144). + * Use-different-default-paths-for-various-binaries.patch: Drop path changes + for setcap (which is already a build dep and not used at all) and sulogin + (which is now in util-linux). + * Remove obsolete udev maintainer script checks: + - Drop check for kernel >= 2.6.32, which released in 2009. + - Drop restarting of some daemons due to the devtmpfs migration, which + happened before the above kernel even. + - Drop support for forcing upgrades on kernels known not to work via + /etc/udev/kernel-upgrade. Don't pretend that this would help, as users + could end up with a non-bootable system. Always fail early in preinst + when it's still possible to install a working kernel. + - Drop postinst test for "running in containers" -- it's actually possible + to run udev in containers if you mount /sys r/w and you know what you + are doing. Also, the init.d script and systemd service do that check + again. + - Keep the kernel feature and chroot checks, as these are still useful. + Simplify check_kernel_features() by eliminating some variables. + - Drop debconf templates. Two of them are obsolete, and having + CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant + the overhead and translator efforts. + * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the + test should go there too (see #814312). + * debian/tests/control: Reorder tests and add a comment which ones should + not be run for an upstream build. + * debian/tests/control: Rearrange tests and avoid removing test dependencies + to minimize testbed resets. + * Add debian/extra/checkout-upstream: Script to replace the current + source with a checkout of an upstream pull request, branch, or commit, + and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is + set. This will be used for upstream CI. + * Enable seccomp support on powerpc, ppc64el, and s390x. + + -- Martin Pitt <mpitt@debian.org> Thu, 11 Feb 2016 21:02:39 +0100 + +systemd (228-6) unstable; urgency=medium + + * Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from + tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of + /run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to + have 0755 permissions instead of 1777. (LP: #1541775) + + -- Martin Pitt <mpitt@debian.org> Thu, 04 Feb 2016 11:46:54 +0100 + +systemd (228-5) unstable; urgency=medium + + [ Martin Pitt ] + * Drop systemd-vconsole-setup.service: It has never been installed/used in + Debian and is not necessary for Ubuntu any more. + * Drop halt-local.service. This has never been documented/used in Debian. + (LP: #1532553) + * debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke" + again, it comes from klibc-utils. But fall back to "rm" if it does not + exist. + * systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run + if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already + provides time synchronization with the host. (Closes: #812522) + * Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago. + Thanks Michael for your great work in the past! + * Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The + rationale from #739679 still applies, but with the moving of + {invoke,update}-rc.d to init-system-helpers we don't actually need + anything from sysv-rc any more other than the assumption that SysV init + scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and + file-rc and openrc don't do that). + * debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the + /etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set. + * debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is + set. + * debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf + if $TEST_UPSTREAM is set. + * debian/tests/boot-and-services: Check for reaching graphical.target + instead of default.target, as the latter is a session systemd state only. + * debian/tests/boot-and-services: Skip tests which are known to fail/not + applicable with testing upstream builds. + * Drop Fix-up-tmpfiles.d-permissions-properly.patch: + - /run/lock is already created differently by + Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that. + - /run/lock/lockdev/ isn't being used anywhere and got dropped + upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch). + - Move dropping of "group:wheel" (which has never existed in Debian) into + debian/rules, to also catch occurrences in other parts of the file which + the static patch would overlook. + * Shorten persistent identifier for CCW network interfaces (on s390x only). + (LP: #1526808) + * debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream + master instead of distro packages), don't fail on non-installed new files + or new library symbols. + * Add systemd-sysv conflict to upstart-sysv, and version the upstart + conflict. This works with both Debian's and Ubuntu's upstart packages. + + [ Michael Biebl ] + * Drop support for the /etc/udev/disabled flag file. This was a workaround + for udev failing to install with debootstrap because it didn't use + invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742 + for further details. This is no longer the case, so supporting that file + only leads to confusion about its purpose. + * Retrigger cleanup of org.freedesktop.machine1.conf and + hwclock-save.service now that dpkg has been fixed to correctly pass the + old version to postinst on upgrade. (Closes: #802545) + * Only ship *.link files as part of the udev package. The *.network files + are solely used by systemd-networkd and should therefor be shipped by the + systemd package. (Closes: #808237) + * Cherry-pick a few fixes from upstream: + - Fix unaligned access in initialize_srand(). (Closes: #812928) + - Don't run kmod-static-nodes.service if module list is empty. This + requires kmod v23. (Closes: #810367) + - Fix typo in systemctl(1). (Closes: #807462) + - Fix systemd-nspawn --link-journal=host to not fail if the directory + already exists. (Closes: #808222) + - Fix a typo in logind-dbus.c. The polkit action is named + org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff. + - Don't log an EIO error in gpt-auto-generator if blkid finds something + which is not a partition table. (Closes: #765586) + - Apply ACLs to /var/log/journal and also set them explicitly for + system.journal. + * Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr + flag file exists. Otherwise we break booting with dracut which uses + systemd inside the initramfs. (Closes: #810748) + * Update the instructions in README.Debian for creating /var/log/journal. + They are now in line with the documentation in the systemd-journald(8) man + page and ensure that ACLs and group permissions are properly set. + (Closes: #800947, #805617) + * Drop "systemctl daemon-reload" from lsb init-functions hook. This is no + longer necessary as invoke-rc.d and init-system-helpers take care of this + nowadays. + + -- Martin Pitt <mpitt@debian.org> Wed, 03 Feb 2016 10:09:46 +0100 + +systemd (228-4) unstable; urgency=medium + + * debian/udev.README.Debian: Add alternative way of disabling ifnames. + (Closes: #809339) + * Put back /lib/udev/hotplug.functions, until the three remaining packages + that use it stop doing so. (Closes: #810114) + * debian/udev.README.Debian: Point out that any change to interface naming + rules requires an initrd update. + + -- Martin Pitt <mpitt@debian.org> Mon, 11 Jan 2016 07:12:40 +0100 + +systemd (228-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/rules: Remove temporary debug output from test failures again. All + Debian buildd kernels are recent enough now, but add a check for kernels + older than 3.13 and ignore test failures for those. + * debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so + that we can test against other implementations. + * debian/tests/networkd: Add router setup using an (isolated) networkd + process for configuring the veths and DHCP server. + * debian/tests/networkd: On failure, only show journal for current test. + * systemd-networkd-resolvconf-update.service: Wait for getting a name + server, not just for getting online. + * debian/tests/boot-and-services: Wait until bash crash stack trace is in + the journal before asserting on it. Also relax RE to work on non-x86 + architectures. + * debian/tests/networkd: If /etc/resolv.conf already has three nameservers, + accept that too (as then the additional test one can't be added any more). + * Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910) + * debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to + arrive; s-n-wait-online already exits after getting an IPv6 address, but + we verify both. + * debian/tests/boot-and-services: Don't check for "Requesting system + poweroff" log message in nspawn test, current upstream master does not + write that any more. Instead check for "Stopped Container c1". + * Add "storage" autopkgtest. Initially this covers some basic use cases with + LUKS cryptsetup devices. + * Add acl build dependency (for <!nocheck>). Current upstream master now + needs it for some test cases. + * debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf" + instead of "nuke". The latter does not exist any more in current + initramfs-tools. + * Ignore test failures during "make check" if /etc/machine-id is missing + (like in ancient local schroots). (Closes: #807884) + * debian/extra/rules/80-debian-compat.rules: Remember which device got the + "cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device + events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that + is already created in 60-cdrom_id.rules. + * Eliminate "hotplug.functions" udev helper and put the logging functions + directly into net.agent. This simplifies the migration of the latter to + ifupdown. + * Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*} + paths, only keep /lib/systemd/{system*,network}. (Closes: #808997) + * debian/udev.README.Debian: Fix typo and slight wording improvement. + (Closes: #809513) + * Drop net.agent, 80-networking.rules, and ifup@.service. These moved to + ifupdown 0.8.5 now. Add Breaks: to earlier versions. + + [ Michael Biebl ] + * Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac. + (Closes: #805631) + * Make sure all swap units are ordered before the swap target. This avoids + that swap devices are being stopped prematurely during shutdown. + (Closes: #805133) + * Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package + and clean up the conffile on upgrades. We have the dbus-user-session + package in Debian to properly enable the D-Bus user-session mode which + also takes care of updating the systemd --user environment. + (Closes: #795761) + * Stop testing for unknown arguments in udev maintainer scripts. + * Drop networking.service.d/systemd.conf. The ifupdown package now ships a + proper service file so this drop-in file is no longer necessary. + + [ Andreas Henriksson ] + * Fix LSB init hook to not reload masked services. (Closes: #804882) + + -- Martin Pitt <mpitt@debian.org> Sat, 02 Jan 2016 17:42:56 +0100 + +systemd (228-2) unstable; urgency=medium + + * Remove wrong endianness conversion in test-siphash24 to fix FTBFS on + big-endian machines. + * Bump libseccomp-dev build dependency to indicate required versions for + backporting to jessie. (Closes: #805497) + + -- Martin Pitt <mpitt@debian.org> Thu, 19 Nov 2015 11:37:45 +0100 + +systemd (228-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix journald killing by watchdog. (Closes: #805042) + - Drop check for /etc/mtab. (Closes: #802025) + - Follow unit file symlinks in /usr, but not /etc when looking for + [Install] data, to avoid getting confused by Aliases. (Closes: #719695) + - journalctl: introduce short options for --since and --until. + (Closes: #801390) + - journald: Never accept fds from file systems with mandatory locking. + (LP: #1514141) + - Put nspawn containers in correct slice. (LP: #1455828) + * Cherry-pick some networkd fixes from trunk to fix regressions from 228. + * debian/rules: Configure with --as-needed to avoid unnecessary binary + dependencies. + * systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as + this might be legitimately called several times in quick succession. If + that part of the "networkd" autopkgtest fails, show the journal log for + that service for easier debugging. + * debian/tests/boot-and-services: Add test case for systemd-coredump. + * Add systemd-coredump postinst/prerm to enable/disable this without a + reboot. + * debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as + well, for usage in other distros. + * debian/tests/logind: Skip suspend test if the kernel does not support + suspend. + * debian/tests/logind: Split tests into functions. + * debian/tests/boot-and-services: Ignore failures of console-setup.service, + to work around LP: #1516591. + * debian/tests/control: Restrict boot-smoke test to isolation-machine, it + does not currently work well in LXC. + * debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only, + disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which + will require a longer timeout due to waiting 12s for a potential IPv6 RA + reply), and "DHCP=ipv4" (with and without RA). + * debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale. + * debian/tests/networkd: Show networkctl and journal output on failure. + * debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling. + (LP: #1516009) + * debian/tests/networkd: Show contents of test .network file on failure. + * debian/tests/networkd: Skip if networkd is already running (safer when + running on real systems), and add copyright header. + * Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor + ignores /etc/mtab. + + [ Felipe Sateler ] + * Enable elfutils support for getting stack traces for systemd-coredump. + * libnss-my{machines,hostname}.postrm: do not remove entries from + nsswitch.conf if there are packages from other architectures remaining. + + [ Michael Biebl ] + * Drop systemd-setup-dgram-qlen.service. This has been made obsolete by + upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early + during boot. + * Various cleanups to the udev maintainer scripts: + - Remove unused tempdir() function. + - Properly stop udev daemon on remove. + - Stop killing udev daemon on failed upgrades and drop the corresponding + starts from preinst. + - Stop masking systemd-udevd.service and udev.service during upgrades. We + restart the udev daemon in postinst, so those masks seem unnecessary. + + -- Martin Pitt <mpitt@debian.org> Wed, 18 Nov 2015 16:11:59 +0100 + +systemd (227-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/tests/logind: Add tests for scheduled shutdown with and without + wall message. + * Import upstream fix for not unmounting system mounts (#801361) and drop + our revert patch. + * debian/tests/boot-smoke: Apply check for failed unmounts only to user + systemd processes, i. e. not to pid 1. + * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough + initramfs-tools already, and this was just an error message, not breaking + the boot. + * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is + faster. + * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly + academic and only applies to the already known-broken situation that rcS + init.d scripts depend on $remote_fs. + * Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with + proper upstream fix to never block on sending messages on NOTIFY_SOCKET + socket. + * Drop check for missing /etc/machine-id on "make check" failure; this isn't + happening on current buildds any more. + * Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still + fails and needs fixing. On failure, show kernel version and /etc/hosts + to be able to debug them better. The next upload will make the necessary + adjustments to fix package builds again. + + [ Michael Biebl ] + * Drop dependency on udev from the systemd package. We don't need udev + within a container, so this allows us to trim down the footprint by not + installing the udev package. As the udev package has Priority: important, + it is still installed by default though. + * Include the status of the udev package when filing a bug report against + systemd, and vice versa. + * Use filter instead of findstring, since findstring also matches + substrings and we only want direct matches. + * systemd.bug-script: Fix typo. (Closes: #804512) + * Re-add bits which call SELinux in systemd-user pam service. + (Closes: #804565) + + [ Felipe Sateler ] + * Add libnss-resolve package. (Closes: #798905) + * Add systemd-coredump package. This Conflicts/Replaces/Provides a new + "core-dump-handler" virtual package. (Closes: #744964) + + -- Martin Pitt <mpitt@debian.org> Wed, 11 Nov 2015 15:04:26 +0100 + +systemd (227-2) unstable; urgency=medium + + * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes + connection errors from various services on boot. (Closes: #801354) + * debian/tests/boot-smoke: Check for failed unmounts. This reproduces + #801361 (but not in a minimal VM, just in a desktop one). + * Revert "core: add a "Requires=" dependency between units and the + slices they are located in". This causes user systemd instances to try and + unmount system mounts (and succeed if you login as root). + (Closes: #801361) + + -- Martin Pitt <mpitt@debian.org> Fri, 09 Oct 2015 12:34:27 +0200 + +systemd (227-1) unstable; urgency=medium + + * New upstream release. + - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460) + - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326) + - Fix group of RuntimeDirectory dirs. (Closes: #798391) + - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324) + - Bump util-linux/libmount-dev dependencies to >= 2.27. + * debian/libsystemd0.symbols: Add new symbols for this release. + * debian/extra/initramfs-tools/hooks/udev: Copy all + /etc/udev/rules.d/*.rules rules which are not merely overriding the one in + /lib/, not just 70-persistent-net.rules. They might contain network names + or other bits which are relevant for the initramfs. (Closes: #795494) + * ifup@.service: Drop PartOf=network.target; we don't want to stop these + units during shutdown. Stopping networking.service already shuts down the + interfaces, but contains the safeguard for NFS or other network file + systems. Isolating emergency.target still keeps working as before as well, + as this also stops networking.service. (Closes: #761909, LP: #1492546) + + -- Martin Pitt <mpitt@debian.org> Thu, 08 Oct 2015 11:34:35 +0200 + +systemd (226-4) unstable; urgency=medium + + * debian/tests/logind: Be more verbose on failures. + * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the + existing hooks are not relevant or even actively detrimental when running + with networkd. For the relevant ones, a lot of them should be fixed in the + projects themselves (using IP_FREEBIND etc.). (Closes: #798625) + * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS + server updates from networkd to resolvconf, if installed and enabled. + * Don't restart logind on upgrades any more. This kills X.org (#798097) + while logind doesn't save/restore its open fds (issue #1163), and also + gets confused about being idle in between (LP: #1473800) + + -- Martin Pitt <mpitt@debian.org> Fri, 02 Oct 2015 13:44:28 +0200 + +systemd (226-3) unstable; urgency=medium + + [ Martin Pitt ] + * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso. + (Closes: #798737) + + [ Michael Biebl ] + * Stop building the compat library packages and drop them for good. + * Update debian/copyright. + + -- Michael Biebl <biebl@debian.org> Sat, 19 Sep 2015 19:06:51 +0200 + +systemd (226-2) unstable; urgency=medium + + * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960) + * udev.postinst: udev 226 introduced predictable interface names for virtio. + Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to + disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances + and similar environments. (Closes: #799034) + + -- Martin Pitt <mpitt@debian.org> Tue, 15 Sep 2015 15:21:09 +0200 + +systemd (226-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix scheduled shutdown to not shut down immediately. (Closes: #797763) + - Fix description of CPE_NAME in os-release(5). (Closes: #797768) + * debian/libsystemd0.symbols: Add new symbols from this release. + * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403) + * debian/tests/networkd: Add hotplug tests. + * Make networkd call if-up.d/ scripts when it brings up interfaces, to + become compatible with ifupdown and NetworkManager for packages shipping + hooks. (LP: #1492129) + - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for + calling if-up.d/ or if-post-down.d/ hook scripts. Install it as + root:systemd-networkd 4754 so that only networkd can run it. + - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the + above wrapper when links go up/down. + - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts + get run for a networkd managed interface. + - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as + they are often not applicable for networkd (if-pre-up.d) and unreliable + (if-down.d). + * Drop udev-finish. We needed this for the autogenerated CD and network + interface names, but both are gone now. + * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has + been compiled into the kernel in both Debian and Ubuntu for a fair while, + this never had a systemd equivalent, and Debian never shipped the + accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY. + * debian/control: Remove some boilerplate from the long descriptions, to + more easily get to the point what a specific package actually does. + * debian/README.Debian: As systemd is the default init now, replace the + documentation how to switch to systemd with how to switch back + (temporarily or permanently) to SysV init. Also move that paragraph to the + bottom as it's now less important. + * debian/README.Debian: Add a hint why you may want to enable persistent + journal, and suggest to uninstall system-log-daemon to avoid duplicate + logging. + * debian/README.Debian: Add documentation about networkd integration. + * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes + easier to override. + * debian-fixup.service just has one purpose now (make /etc/mtab a symlink), + so drop the debian/extra/debian-fixup shell script and put the ln command + directly into debian-fixup.service. Update the description. + * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's + nameserver in case it is a symlink (i. e. dynamically managed by + systemd-resolved or resolvconf). + * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/ + as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as + expected. + * Drop debian/systemd-journal-remote.postrm: Removing system users is + potentially dangerous (there might be a leftover process after purging). + + [ Michael Biebl ] + * Drop libsystemd-login-dev. All reverse dependencies have been updated to + use libsystemd-dev directly. + * Update build instructions to use "gbp clone" instead of "gbp-clone" as all + gbp-* commands have been removed from git-buildpackage. + + -- Martin Pitt <mpitt@debian.org> Thu, 10 Sep 2015 16:53:53 +0200 + +systemd (225-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release. + - Fixes FTBFS on alpha. (Closes: #792551) + - Fixes machined state tracking logic. (Closes: #788269) + * Add better fix for "systemctl link/enable" breakage with full paths. + (LP: #1480310) + * debian/rules: Add missing $(dh_options) in overridden debhelper targets. + + [ Felipe Sateler ] + * Move conffile from systemd to systemd-container package (Closes: #797048) + + [ Michael Biebl ] + * Drop unnecessary Conflicts/Replaces from systemd-journal-remote. + None of the files in this package were previously shipped by systemd. + * Create system users for systemd-journal-{gateway,remote,upload} when + installing the systemd-journal-remote package. + * Explicitly turn off the features we don't want in a stage1 build. + Otherwise ./configure might enable them automatically if the build + dependencies are installed and "dh_install --fail-missing" will then fail + due to uninstalled files. + * Enable GnuTLS support as systemd-journal-remote makes sense mostly with + encryption enabled. + * Rely on build profiles to determine which packages should be skipped + during build and no longer specify that manually. + * Drop our patch which removes rc-local-generator. + rc-local.service acts as an ordering barrier even if its condition is + false, because conditions are evaluated when the service is about to be + started, not when it is enqueued. We don't want this ordering barrier on + systems that don't need/use /etc/rc.local. + + -- Michael Biebl <biebl@debian.org> Sun, 30 Aug 2015 21:18:59 +0200 + +systemd (224-2) unstable; urgency=medium + + [ Martin Pitt ] + * Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e. + the initramfs already ran fsck. + * Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552) + * Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310. + * Add a hack to unbreak "systemctl link". (LP: #1480310) + * debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and + rename to 40-vm-hotadd.rules. + * Fix networkd crash. (Closes: #796358) + * debian/rules: Remove all files/empty dirs in systemd which are already + shipped by systemd-* or udev, instead of an explicit list. + * Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability. + (Closes: #796389) + * Install /lib/systemd/network/* into udev instead of systemd, as it's + really udev which is evaluating these. + * Split out "systemd-container" package with machined and nspawn and enable + importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps. + (LP: #1448900) + * Move transitional libgcrypt11-dev build dep to libgcrypt20-dev. + * debian/rules: Limit check for libraries in /usr to systemd and udev + packages, as other packages like systemd-containers can (and do) link to + /usr. + * Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build + profiles support. + * Drop "display-managers" autopkgtest, obsolete with dropped + default-display-manager-generator. + * boot-and-services autopkgtest: Add systemd-container test dependency for + the nspawn tests. + * Don't enable audit support when building with "stage1" profile, to avoid + circular build dep. + + [ Helmut Grohne ] + * Improve support for cross-building and bootstrapping. + + [ Michael Biebl ] + * Drop default-display-manager-generator. All major desktops now use a + display manager which support the new scheme and setup the + /etc/systemd/system/display-manager.service symlink correctly. + * Add new binary package "systemd-journal-remote" with tools for + sending/receiving remote journal logs: + systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952) + + -- Martin Pitt <mpitt@debian.org> Tue, 25 Aug 2015 12:40:35 +0200 + +systemd (224-1) unstable; urgency=medium + + * New upstream release. + * boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by + default, but fails in most virtual envs. + + -- Martin Pitt <mpitt@debian.org> Sat, 01 Aug 2015 13:38:57 +0200 + +systemd (223-2) unstable; urgency=medium + + * Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as + there is no available hardware. + * debian/extra/initramfs-tools/hooks/udev: Don't fail if + /etc/systemd/network/ does not exist. (Closes: #794050) + + -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 08:25:51 +0200 + +systemd (223-1) unstable; urgency=medium + + * New upstream release: + - Fix systemd-bootchart crash. (Closes: #792403) + - Trim list of files in /usr/share/doc/systemd/. (Closes: #791839) + - Fix "Invalid argument" failure with some journal files. + (Closes: #792090) + - tmpfiles: Don't recursively descend into journal directories in /var. + (Closes: #791897) + - Don't frequently wake up on disabled TimeoutIdleSec=, in particular in + automount timers. (LP: #1470845) + - tmpfiles: Don't delete lost+found/. (Closes: #788193) + + [ Michael Biebl ] + * udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst. + The udev package is using dpkg-maintscripts-helper now to remove obsolete + conffiles. + * systemd: Remove obsolete conffile clean up from pre-wheezy. + * udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well. + + [ Martin Pitt ] + * Enable GNU EFI support and add gnu-efi build dep. This enables/ships the + systemd EFI boot loader. (Closes: #787720, LP: #1472283) + * networkd autopkgtest: More robust/forceful killing of dnsmasq. + * ifup@.service: Drop "oneshot" to run ifup in the background during boot. + This avoids blocking network.target on boot with unavailable hotplug + interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376) + * systemd.postinst: Avoid confusing error message about + /run/systemd/was-enabled not existing on reconfiguring. + * debian/extra/initramfs-tools/hooks/udev: Drop some redundant code. + * Fix networkd-wait-online -i to properly wait for the given interfaces + only. + * Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default + now, thus we don't need to copy 70-persistent-*.rules any more. + * debian/extra/start-udev: Run d-i's udevd with "notice" log level, just + like we did in the initramfs in 219-10. + * Fix size explosion of networkd (post-223 patch from trunk). + + [ Julian Wollrath ] + * Copy all .link interface naming definitions to initramfs. (Closes: #793374) + + [ Felipe Sateler ] + * nss-my*.postinst: configure at the end of the hosts line, not before + files. (Closes: #789006) + + -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 00:02:26 +0200 + +systemd (222-2) unstable; urgency=medium + + [ Adam Conrad ] + * debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542) + * debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools. + + [ Martin Pitt ] + * emergency.service: Wait for plymouth to shut down. Fixes invisible + emergency shell with plymouth running endlessly. (LP: #1471258) + * Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth + device. + + [ Michael Biebl ] + * Bump package priorities of systemd and systemd-sysv to important to match + what has been used in the Debian archive since Jessie. + * Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux + kernel module has been broken since 2.6.30 and as a result was removed in + 3.5. The Debian Jessie kernel no longer ships this module. + (Closes: #752775) + * Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no + reverse dependencies left and we want to avoid new packages picking up + a build dependency on those obsolete transitional packages. + + -- Michael Biebl <biebl@debian.org> Wed, 15 Jul 2015 23:51:15 +0200 + +systemd (222-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix reload killing BusName= units. (Closes: #746151) + - sysv-generator: detect invalid names and escape them. (Closes: #677075) + - Document removal of PIDFile on daemon shutdown. (Closes: #734006) + - Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend + rules now got dropped entirely. + * Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse + patches which alternately broke lightdm and gdm. + * debian/libsystemd0.symbols: Add new symbols from this release. + * Disable test-netlink during package build, fails on some buildds. + * udev.postinst: Don't call addgroup with --quiet, so that if the "input" + group already exists as a non-system group you get a sensible error + message. Some broken tutorials forget the --system option. + (Closes: #769948, LP: #1455956) + * systemd.postinst: Drop the --quiet from the addgroup calls as well, same + reason as above. (Closes: #762275) + * udev: Drop doc dir symlinking. It has caused too much trouble and only + marginally helps to avoid duplication. Such duplication should be dealt + with at the distro, not package level. + * debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in + the link check, to also avoid libeatmydata. (Closes: #790546) + * boot-and-services, display-managers autopkgtests: Install and configure + dummy X.org driver, so that these work in headless machines/VMs. + * systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check + that default.target is active. lightdm is prone to fail in test + environments, and fiddling with it in two other autopkgtests is + sufficient. + * debian/watch: Adjust to new upstream release model of only providing the + github tag tarballs. + * Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few + if any people actually use this, and this doesn't belong into udev. + + [ Michael Biebl ] + * Stop building the Python 3 bindings. They were split into a separate + source package upstream and are now built from src:python-systemd. See + http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html + * Remove obsolete --disable-chkconfig configure option. + * Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf + from systemd into the correct package. Move the zsh completion file for + udevadm into the udev package as well. Add Breaks/Replaces accordingly. + (Closes: #790879) + * Drop rules which remove pre-generated files before build. The upstream + tarball no longer ships any pre-generated files so this is no longer + necessary. + * Fix cleanup rule for Python byte code files. + + -- Michael Biebl <biebl@debian.org> Wed, 08 Jul 2015 18:56:07 +0200 + +systemd (221-1) unstable; urgency=medium + + * New upstream release 221: + - Fix persistent storage links for Xen devices. (LP: #1467151) + - Drop all backported patches and port the others to new upstream release. + - debian/rules: Drop workarounds for broken 220 tarball, 221 is fine. + + [ Michael Biebl ] + * initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules, + 60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules. + The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays + to make sure their udev rules files are installed into the initramfs. + Having the copy rules at two places is confusing and makes debugging + harder. + * Make it possible to skip building udeb packages via + DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing + and is benefical for derivatives that don't use d-i. + * Install API documentation for libudev and libsystemd in their respective + packages. Both libraries use man pages now, so we need to be explicit + about what is installed where. + + [ Martin Pitt ] + * ifupdown-hotplug autopkgtest: Different cloud/desktop environments have + different ways of including /etc/network/interfaces.d/, try to get along + wit either and skip the test if interfaces.d/ does not get included at + all. + * Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and + ./configure options. + * libudev-dev.install: Drop gtk-doc files, not built by upstream any more + and replaced with manpages. + * libsystemd0.symbols: Add new symbols for this release. + * debian/rules: Fix paths in manpages as we don't currently have a merged + /usr in Debian but have most systemd things in /lib. This replaces the + previous huge and maintenance-intense patch. + * Drop Accept-mountall-specific-fstab-options.patch. Replaced with + systemd.postinst migration code in Ubuntu. + * Revert overly aggressive USB autosuspend udev rules change which broke + various USB keyboards. (Closes: #789723) + * Have rc-local.service output also go to the console. /etc/rc.local often + contains status messages which users expect to see during boot. + (LP: #1468102) + * debian/rules: Install udev.NEWS into libudev1, to get along with Debian's + udev -> libudev1 doc dir symlinking. (Closes: #790042) + + -- Martin Pitt <mpitt@debian.org> Sun, 28 Jun 2015 12:05:36 +0200 + +systemd (220-7) unstable; urgency=medium + + [ Michael Biebl ] + * Enable seccomp support on arm64 as well. + * Replace the remainder of Fix-paths-in-man-pages.patch with an upstream + provided patch. + + [ Martin Pitt ] + * Switch to net.ifnames persistent network interfaces (on new + installations/for new hardware), and deprecate the old + 75-persistent-net-generator.rules. See the ML discussion for details: + https://lists.debian.org/debian-devel/2015/05/msg00170.html + https://lists.debian.org/debian-devel/2015/06/msg00018.html + - Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use + net.ifnames by default. + - Revert-udev-network-device-renaming-immediately-give.patch: Adjust + patch comment. + - Drop 75-persistent-net-generator.rules, write_net_rules helper and + rule_generator.functions. + - Adjust udev's README.Debian accordingly, and describe the migration. + This needs to happen manually as there is no robust way of doing this + automatically. + - Add udev NEWS file for announcing this change and pointing to udev's + README. + - udev.postinst: Drop write_interfaces_rules(). + - udev.postinst: Disable net.ifnames on systems which did not support + 75-persistent-net-generator.rules (most importantly, virtualized guests) + to avoid changing network interface names on upgrade. + - LP: #1454254 + * fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to + POTFILES.in. + * ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must + not have a suffix in Debian. Also clean up the file after the test. + * net.agent: When running under systemd, run everything in the foreground. + This avoids killing the forked child in the middle of its operation under + systemd when the parent exits. + * Check during build that systemd and systemd-journald don't link against + anything in /usr, to prevent bugs like #771652 and #788913 in the future. + * Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules + mostly just attach tags systemd specific properties which are harmless + under other init systems, and systemd-sysctl also works there. + * 80-networking.rules: Only call agents for add|remove, as they don't handle + other events. + * Restore udev watches on block device changes. (Closes: #789060, + LP: #1466081) + + -- Martin Pitt <mpitt@debian.org> Wed, 17 Jun 2015 22:48:53 +0200 + +systemd (220-6) unstable; urgency=medium + + * Enable seccomp support on the architectures that provide libseccomp. + (Closes: #760299) + * boot-and-services autopkgtest: Add SeccompTest for the above. + * boot-and-services autopkgtest: Check that we don't get an unwanted + tmp.mount unless /etc/fstab explicitly specifies it. + * Bump libcap-dev build dep to the version that provides libcap2-udeb. + (Closes: #787542) + * Stop installing tmp.mount by default; there are still situations where it + becomes active through dependencies from other units, which is surprising, + hides existing data in /tmp during runtime, and it isn't safe to have a + tmpfs /tmp on every install scenario. (Closes: #783509) + - d/rules: Ship tmp.mount in /usr/share/systemd/ instead of + /lib/systemd/systemd. + - systemd.postinst: When tmp.mount already was enabled, install tmp.mount + into /etc and keep it enabled. + - systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it + from /usr/share. + - Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and + PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more. + + -- Martin Pitt <mpitt@debian.org> Thu, 11 Jun 2015 09:25:49 +0200 + +systemd (220-5) unstable; urgency=medium + + * debian/README.source: Upstream repository moved to github, adjust + cherry-picking instructions accordingly. + * debian/control: Replace obsolete Python2 version header with + X-Python3-Version. + * dracut: Fix path to systemd-fsck. (Closes: #787553) + * Ignore test failures during build if /etc/machine-id is missing (which is + the case in a few buildd chroots still). (Closes: #787258) + * debian/udev.README.Debian: Move network interface hotplug documentation + into separate section. Point out that "lo" does not need to be configured + in ifupdown under systemd. + * debian/udev.README.Debian: Document net.ifnames, and how to write udev + rules for custom network names. + * Add debian/extra/01-mac-for-usb.link: Use MAC based names for network + interfaces which are (directly or indirectly) on USB. Path based names + are inadequate for dynamic buses like USB. + * Fix another escape parsing regression in Exec*= lines. (Closes: #787256) + * Disable EFI support for udeb build. + * Refine detection of touch screen devices. + + -- Martin Pitt <mpitt@debian.org> Sun, 07 Jun 2015 16:52:33 +0200 + +systemd (220-4) unstable; urgency=medium + + [ Martin Pitt ] + * debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait. + This does not concern udev in particular, but is handled by + initramfs-tools itself (scripts/local). The intention of this parameter is + not to statically wait for the given time, but wait *up to* that time for + the root device to appear. + * Add debian/extra/units/rc-local.service.d/wait-online.conf: Make + rc-local.service wait for network-online.target (if it gets started). This + not specified by LSB, but has been behaving that way in Debian under SysV + init and upstart. (LP: #1451797) + * Fix parsing of escape characters in Exec*= lines. (Closes: #787256) + * Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was + already not applied in 220-1). This needs to be re-thought and re-done + against the current code, and overlayfs in general. On overlayfs this + still reports false positives for files that changed in the upperdir, but + this does not break systemd-machine-id-commit any more. + * Add debian/extra/rules/80-debian-compat.rules, replacing three of our + patches. These are independent udev rules to change device permissions and + add CD/DVD symlinks for compatibility with earlier Debian releases. + + [ Michael Biebl ] + * Bump Depends on util-linux to make sure we have a sulogin implementation + which properly cleans up its children when emergency.service is restarted. + (Closes: #784238) + * Stop using /sbin/udevd and drop the compat symlink. + * Remove any vestiges of /dev/.udev/. This directory has been replaced by + /run/udev/ since wheezy. + * Drop udev migration code from pre-wheezy. + + -- Martin Pitt <mpitt@debian.org> Tue, 02 Jun 2015 08:16:36 +0200 + +systemd (220-3) unstable; urgency=medium + + * Fix ProtectSystem=yes to actually protect /usr, not /home. + (Closes: #787343) + * sd-device: fix device_get_properties_strv(). Fixes environment for + processes spawned by udev, in particular "allow-hoplug" ifupdown + interfaces via ifup@.service. (Closes: #787263) + * Ignore test failures on mipsel; the three failures are not reproducible on + the porter box (different kernel?). (See #787258) + * Add ifupdown-hotplug autopkgtest. Reproduces #787263. + * udev: Bring back persistent storage symlinks for bcache. Thanks David + Mohr! (Closes: #787367) + * sd-device: Fix invalid property strv pointers. This unbreaks the + environment of udev callouts. + + -- Martin Pitt <mpitt@debian.org> Mon, 01 Jun 2015 12:58:20 +0200 + +systemd (220-2) unstable; urgency=low + + * 220-1 was meant to go to experimental, but was accidentally uploaded to + unstable. This was planned for next week anyway, just not on a Friday; + we don't revert, but keep an RC bug open for a few days to get broader + testing. Reupload 220-1 with its changelog actually pointing to unstable + and with all versions in the .changes. + + -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 18:54:09 +0200 + +systemd (220-1) unstable; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650) + - Drop non-working "journalctl /dev/sda" example from manpage + (Closes: #781604) + - man systemd.network: Explain UseDomains a bit more (not used by + default). (Closes: #766413) + - Ignore comments in /etc/hostname (LP: #1053048) + - Drop all backported patches and port the others to new upstream release. + * Cherry-pick patch to fix udevd --daemon assertion regression. + * Cherry-pick patch to fix udevd worker hang. + * systemd.install: systemd.pc moved back into /usr/share/pkgconfig/. + * libsystemd0.symbols: Add new symbols from this release. + * Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version, + and it's not nearly as often updated any more as it used to be. + * debian/rules: Remove shipped audit_type-to-name.h and + keyboard-keys-from-name.gperf and regenerate them during build (bug in + upstream 220 tarball). + * autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the + 220 tarball. + * Add libnss-mymachines binary package. (Closes: #784858) + * Add libnss-myhostname binary package, taking over from the very old and + unmaintained standalone source package as per its maintainer's request. + (Closes: #760514) + * Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in + debian/rules on sparc only. This can be dropped entirely once we build + GUdev from a separate source. + * bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e. + the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this. + * systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust + was_running() for that. + * systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(), + fix plymouthd status check to work under both Debian and Ubuntu. + * Replace almost all of Fix-paths-in-man-pages.patch with upstreamed + patches. (The remainder is planned to get fixed upstream as well.) + * Remove our update-rc.d patches, replace them with upstream patches for + /lib/systemd/systemd-sysv-install abstraction, and provide one for + update-rc.d. Also implement "is-enabled" command by directly checking for + the presence of rcS or rc5 symlinks. (Closes: #760616) + * Fix path_is_mount_point for files (regression in 220). + * debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically. + * Use Ubuntu's default NTP server for timesyncd when building on Ubuntu. + + [ Michael Biebl ] + * Remove /var/run and /var/lock migration code from debian-fixup. The /run + migration was completed in wheezy so this is no longer necessary. + * Drop our versioned Depends on initscripts. This was initially added for + the /run migration and later to ensure we have a mountnfs hook which + doesn't cause a deadlock under systemd. The /run migration was completed + in wheezy and jessie ships a fixed mountnfs hook. In addition we now use + the ignore-dependencies job mode in our lsb init-functions hook, so it's + safe to drop this dependency. + * Stop building gudev packages. Upstream has moved the gudev code into a + separate repository which is now managed on gnome.org. The gudev packages + will be built from src:libgudev from now on. See also + http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html + + -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 10:37:40 +0200 + +systemd (219-10) experimental; urgency=medium + + * Fix assertion crash with empty Exec*= paths. (LP: #1454173) + * Drop Avoid-reload-and-re-start-requests-during-early-boot.patch + and Avoid-reloading-services-when-shutting-down.patch: This was fixed more + robustly in invoke-rc.d and service now, see #777113. + * debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down. + * Fix "tentative" state of devices which are not in /dev (mostly in + containers), and avoid overzealous cleanup unmounting of mounts from them. + (LP: #1444402) + * debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls. + * Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long + obsolete, CD ejection with the hardware button works properly without it. + * Re-enable-journal-forwarding-to-syslog.patch: Update patch description, + journal.conf.d/ exists now. + * journal: Gracefully handle failure to bind to audit socket, which is known + to fail in namespaces (containers) with current kernels. Also + conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ. + (LP: #1457054) + * Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping + of unit names, reduces the delta, and will make it easier to get a common + solution for integrating ifup.d/ scripts with networkd. + * When booting with "quiet", run the initramfs' udevd with "notice" log + level. (LP: #1432171) + * Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in + a container. This makes lxc-stop work for systemd containers. + (LP: #1457321) + * write_net_rules: Escape '{' and '}' characters as well, to make this work + with busybox grep. Thanks Faidon Liambotis! (Closes: #765577) + + -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 09:43:52 +0200 + +systemd (219-9) experimental; urgency=medium + + * 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver, + not a subsystem). (LP: #1437375) + * debian/tests/unit-config: Add tests for systemctl enable/disable on a + SysV-only unit. Reproduces LP #1447807. + * Fix systemctl enable for SysV scripts without a native unit. We must not + try and enable the nonexisting unit then. (LP: #1447807) + * Drop Add-env-variable-for-machine-ID-path.patch. systemd should always + be installed via the essential "init" in buildd schroots now. + * debian/README.source: Update git-buildpackage commands for the renames in + 0.6.24. + * Make apparmor run before networking, to ensure that profiles apply to + e. g. dhclient (LP: #1438249): + - Rename networking.service.d/network-pre.conf to systemd.conf, and add + After=apparmor.service. + - ifup@.service: Add After=apparmor.service. + - Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to + $remote_fs. + * Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and + login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only + needed for upgrades from wheezy to jessie. + * systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade + fixes. + * systemd-fsckd autopkgtest: Stop assuming that + /etc/default/grub.d/90-autopkgtest.cfg exists. + * systemd-fsckd autopkgtest: Add missing plymouth test dependency. + * Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump + util-linux dependency to the version which enables + --enable-libmount-force-mountinfo. + + -- Martin Pitt <mpitt@debian.org> Wed, 13 May 2015 12:27:21 +0200 + +systemd (219-8) experimental; urgency=medium + + [ Michael Biebl ] + * Skip filesystem check if already done by the initramfs. (Closes: #782522) + * Drop hard-coded versioned dependency on libapparmor1. Bump the + Build-Depends on libapparmor-dev instead. This ensures a proper versioned + dependency via Build-Depends-Package. + * Revert "Make apparmor run before networking". This causes dependency + cycles while apparmor still depends on $remote_fs. + * Cleanup hwclock-save.service symlinks when upgrading from the jessie + version. + + [ Martin Pitt ] + * cryptsetup: Implement offset and skip options. (Closes: #751707, + LP: #953875) + * logind autopkgtest: Add test for suspending on lid switch close. + This reproduces LP #1444166 (lid switch not working in the first few + minutes after boot). + * Reduce the initial suspend supression time from 3 minutes to 30 seconds, + and make it configurable. (LP: #1444166) + * Fix double free crash in "systemctl enable" when calling update-rc.d and + the latter fails. (Closes: #764613, LP: #1426588) + * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849) + * Fix assertion crash when reading a service file with missing ' and + trailing space. (LP: #1447243) + * ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not + shut down network interfaces. (Closes: #762953, LP: #1449380). + Add PartOf=network.target, so that stopping network.target also stops + network interfaces (so that isolating emergency.target and similar work as + before). + * Revert upstream commit 743970d which immediately SIGKILLs units during + shutdown. This leads to problems like bash not being able to write its + history, mosh not saving its state, and similar failed cleanup actions. + (Closes: #784720, LP: #1448259) + * Drop the reversion of "journald: allow restarting journald without losing + stream connections", and replace with proper upstream fix for + sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896) + + -- Martin Pitt <mpitt@debian.org> Wed, 29 Apr 2015 17:13:41 +0200 + +systemd (219-7) experimental; urgency=medium + + [ Martin Pitt ] + * Make systemd-sysv's dependency to systemd unversioned. The package just + contains 6 symlinks and thus isn't sensitive at all against version + mismatches. This avoids running into circular dependencies when testing + local debs. + * Revert "udev: Drop hwdb-update dependency" and replace with upstream patch + which moves it to systemd-udev-trigger.service. + * display-managers autopkgtest: Properly wait until all jobs are finished. + * display-managers autopkgtest: Reset failed units between tests, to avoid + running into restart limits and for better test isolation. + * Enable timesyncd in virtual machines. (Closes: #762343) + + [ Adam Conrad ] + * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload + when init scripts are installed or removed (Closes: #766429) + + [ Didier Roche ] + * Squash all fsckd patches in one (as fsckd and such will be removed + soon upstream), containing various fixes from upstream git and refactor + the connection flow to upstream's suggestion. Modify the man pages to match + those modifications as well. Amongst others, this suppresses "Couldn't + connect to plymouth" errors if plymouth is not running. + (Closes: #782265, LP: #1429171) + * Keep plymouth localized messages in a separate patch for easier updates in + the future and refresh to latest upstream. + * display-managers autopkgtest: Use ExecStart=sleep instead of the actual + lightdm binary, to avoid errors from lightdm startup. Drop the now + unnecessary "needs-recommends" to speed up the test. + + -- Martin Pitt <mpitt@debian.org> Fri, 10 Apr 2015 11:08:33 +0200 + +systemd (219-6) experimental; urgency=medium + + [ Martin Pitt ] + * Import patches from v219-stable branch (up to 85a6fab). + * boot-and-services autopkgtest: Add missing python3 test dependency. + * Make apparmor run before networking, to ensure that profiles apply to + e. g. dhclient (LP: #1438249): + - Rename networking.service.d/network-pre.conf to systemd.conf, and add + After=apparmor.service. + - ifup@.service: Add After=apparmor.service. + * udev: Drop hwdb-update dependency, which got introduced by the above + v219-stable branch. This causes udev and plymouth to start too late and + isn't really needed in Debian yet as we don't support stateless systems + yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301) + + [ Didier Roche ] + * Fix mount point detection on overlayfs and similar file systems without + name_to_handle_at() and st_dev support. (LP: #1411140) + + [ Christian Seiler ] + * Make the journald to syslog forwarding more robust by increasing the + maximum datagram queue length from 10 to 512. (Closes: #762700) + + [ Marco d'Itri ] + * Avoid writing duplicate entries in 70-persistent-net.rules by double + checking if the new udev rule has already been written for the given + interface. This happens if multiple add events are generated before the + write_net_rules script returns and udevd renames the interface. + (Closes: #765577) + + -- Martin Pitt <mpitt@debian.org> Thu, 02 Apr 2015 09:14:48 +0200 + +systemd (219-5) experimental; urgency=medium + + [ Didier Roche ] + * Add "systemd-fsckd" autopkgtest. (LP: #1427312) + * cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split + (test gets skipped on Debian while upstart-sysv does not yet exist there). + * Cherry-pick a couple of upstream commits for adding transient state, + fixing a race where mounts become available before the device being + available. + * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds + an After relationship. (Closes: #779902) + + [ Martin Pitt ] + * journald: Suppress expected cases of "Failed to set file attributes" + errors. (LP: #1427899) + * Add systemd-sysv.postinst: Update grub on first installation, so that the + alternative init system boot entries get updated. + * debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >= + 3.11.1. + * Check for correct architecture identifiers for SuperH. (Closes: #779710) + * Fix tmpfiles.d to only apply the first match again (regression in 219). + (LP: #1428540) + * /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit + dependencies in "degraded" mode. (LP: #1429734) + + [ Michael Biebl ] + * debian/udev.init: Recognize '!' flag with static device lists, to work + with kmod 20. (Closes: #780263) + + [ Craig Magina ] + * rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant + m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811) + + [ Scott Wakeling ] + * Rework package description to be more accurate. (Closes: #740372) + + -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 16:31:04 +0100 + +systemd (219-4) experimental; urgency=medium + + * tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean + them up on upgrade. (Closes: #778656) + * bootchart: Fix path to default init. (LP: #1423867) + * Add "bootchart" autopkgtest, to spot regressions like the above. + * autopkgtests: Factorize out "assert.sh" utility functions, and use them in + the tests for useful failure messages. + * Downgrade requirement for timedated, hostnamed, localed-locale, and + logind autopkgtests from machine to container isolation. + * boot-and-services and display-manager autopkgtest: Add systemd-sysv as + proper test dependency instead of apt-get installing it. This works now + also under Ubuntu 15.04. + * boot-and-services autopkgtest: Check cleanup of temporary files during + boot. Reproduces #779169. + * Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992) + + -- Martin Pitt <mpitt@debian.org> Fri, 27 Feb 2015 07:02:09 +0100 + +systemd (219-3) experimental; urgency=medium + + * sysv-generator: fix wrong "Overwriting existing symlink" warnings. + (Closes: #778700) + * Add systemd-fsckd multiplexer and feed its output to plymouth. This + provides an aggregate progress report of running file system checks and + also allows cancelling them with ^C, in both text mode and Plymouth. + (Closes: #775093, #758902; LP: #1316796) + * Revert "journald: allow restarting journald without losing stream + connections". This was a new feature in 219, but currently causes boot + failures due to logind and other services not starting up properly. + (Closes: #778970; LP: #1423811) + * Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and + that there are no connection timeouts or stalled jobs. This reproduces the + above regression. + * debian/tests/localed-locale: Set up locale and keyboard default files on a + minimal unconfigured testbed. + * Add missing python3 test dependency to cmdline-upstart-boot and + display-managers autopkgtests. + * debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not + enabled. + * debian/tests/boot-and-services: Reboot also if lightdm was just installed + but isn't running yet. + + -- Martin Pitt <mpitt@debian.org> Mon, 23 Feb 2015 09:52:12 +0100 + +systemd (219-2) experimental; urgency=medium + + * Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654) + * Disable new new test-sigbus, it fails on some buildds due to too old + kernels. (part of #778654) + * debian/README.Debian, debian/systemd.postinst: Drop setfacl call for + /var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf. + * Drop "acl" dependency, not necessary any more with the above. + * debian/tests/boot-and-services: Move to using /var/lib/machines/, + /var/lib/containers is deprecated. + + -- Martin Pitt <mpitt@debian.org> Wed, 18 Feb 2015 15:29:42 +0100 + +systemd (219-1) experimental; urgency=medium + + [ Martin Pitt ] + * New upstream release: + - Fix spelling mistake in systemd.unit(5). (Closes: #773302) + - Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012) + - Fix load/save of multiple rfkill states. (Closes: #759489) + - Non-persistent journal (/run/log/journal) is now readable by group adm. + (Closes: #771980) + - Read netdev user mount option to correctly order network mounts after + network.target. (Closes: #769186) + - Fix 60-keyboard.hwdb documentation and whitespace handling. + (Closes: #757367) + - Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930) + - Drop all backported patches and port the others to new upstream release. + * Bump libblkid-dev build dependency as per upstream configure.ac. + * debian/systemd.install: Add new language-fallback-map file. + * debian/udev.install: Add new systemd-hwdb tool. + * debian/libsystemd0.symbols: Add new symbols from this release. + * tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in + Debian) to make the ACL for "adm" actually work. + * debian/rules: Explicitly disable importd for now; it should still mature a + bit. Explicitly enable hwdb support. + * /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running + with --quiet. (LP: #1421058) + * debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target + enablement symlinks on purge. (Closes: #778499) + * Move all Debian specific units in the systemd package into + debian/extra/units/ and simplify debian/systemd.install. + * Enable timesyncd by default. Add a config drop-in to not start if ntp, + openntpd, or chrony is installed. (Closes: #755722) + * debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this + was dropped in wheezy's util-linux already. + * debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb. + + [ Michael Biebl ] + * Stop removing firstboot man pages. They are now installed conditionally. + + -- Martin Pitt <mpitt@debian.org> Tue, 17 Feb 2015 15:51:38 +0100 + +systemd (218-10) experimental; urgency=medium + + * Pull latest keymaps from upstream git. (LP: #1334968, #1409721) + * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids + kernel buffer I/O errors and timeouts. (LP: #1333140) + * Clean up stale mounts when ejecting CD drives with the hardware eject + button. (LP: #1168742) + * Document systemctl --failed option. (Closes: #767267) + * Quiesce confusing and irrelevant "failed to reset devices.list" warning. + (LP: #1413193) + * When booting with systemd-bootchart, default to run systemd rather than + /sbin/init (which might not be systemd). (LP: #1417059) + * boot-and-services autopkgtest: Add CgroupsTest to check cgroup + creation/cleanup behaviour. This reproduces #777601 and verifies the fix + for it. + + -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:25:06 +0100 + +systemd (218-9) experimental; urgency=medium + + [ Martin Pitt ] + * debian/tests/logind: With dropped systemd-logind-launch we don't have a + visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the + test to check /proc/self/cgroup instead. + * Add unit-config autopkgtest to check systemd unit/sysv init enabling and + disabling via systemctl. This also reproduces #777613. + * systemctl: Always install/enable/disable native units, even if there is a + corresponding SysV script and we call update-rc.d; while the latter + handles WantedBy=, it does not handle Alias=. (Closes: #777613) + * cgroup: Don't trim cgroup trees created by someone else, just the ones + that systemd itself created. This avoids cleaning up empty cgroups from + e.g. LXC. (Closes: #777601) + * Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the + former is a file, it's most likely outdated on boot, leading to race + conditions and unmounts during boot. (LP: #1419623) + + [ Michael Biebl ] + * Explicitly disable the features we don't want to build for those with + autodetection. This ensures reliable build results in dirty build + environments. + * Disable AppArmor support in the udeb build. + * core: Don't fail to run services in --user instances if $HOME is missing. + (Closes: #759320) + + [ Didier Roche ] + * default-display-manager-generator: Avoid unnecessary /dev/null symlink and + warning if there is no display-manager.service unit. + + -- Michael Biebl <biebl@debian.org> Thu, 12 Feb 2015 18:45:12 +0100 + +systemd (218-8) experimental; urgency=medium + + [ Martin Pitt ] + * boot-and-services autopkgtest: Ensure that there are no failed units, + except possibly systemd-modules-load.service (as that notoriously fails + with cruft in /etc/modules). + * Revert "input" system group creation in systemd.postinst from 218-7. It's + already done in udev.postinst. + * ifup@.service: Revert checking for existance of ifupdown config for that + interface, net.agent already does that. + * Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not + necessary any more with the current version (mangle_names() already takes + care of this). + * Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch: + - Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it + partially reverts the above, and is just fixing it. + - Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just + adding some missing functionality for the same purpose. + * Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into + Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former + is fixing the latter and is not an independent change. + * Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch + wrapper. The only remaining thing that we need from it is to create + /run/systemd/, move that into the D-BUS service file directly. + * /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and + shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo + reload" can easily cause deadlocks, since the synchronous wait plus + systemd's normal behaviour of transactionally processing all dependencies + first easily causes dependency loops. Thus during boot/shutdown operate + only on the unit and not on its dependencies, just like SysV behaves. + (Closes: #777115, LP: #1417010) + * Only start logind if dbus is installed. This fixes the noisy startup + failure in environments without dbus, such as LXC containers or servers. + (part of #772700) + * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if + dbus is not installed, and hence logind cannot auto-start them on demand. + (Closes: #772700) + + [ Michael Biebl ] + * Update insserv-generator and map $x-display-manager to + display-manager.service, following the recent change in sysv-generator. + This avoids creating references to a no longer existing + x-display-manager.target unit. + + -- Martin Pitt <mpitt@debian.org> Mon, 09 Feb 2015 18:07:22 +0100 + +systemd (218-7) experimental; urgency=medium + + [ Martin Pitt ] + * Don't attempt to mount the same swap partition twice through different + device node aliases. (Closes: #772182, LP: #1399595) + * logind: handle closing sessions over daemon restarts. (Closes: #759515, + LP: #1415104) + * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release + after log out actually work. + * debian/rules: Drop obsolete --disable-multi-seat-x and + --with-firmware-path configure options. + * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or + described in manpages. Only keep the Debian specific bits. + (Part of #776546) + * Actually install udev's README.Debian when building for Debian. + (Closes: #776546) + * Create system group "input" which was introduced in 215. (LP: #1414409) + * ifup@.service: Don't fail if the interface is not configured in + /etc/network/interfaces at all. (LP: #1414426) + + [ Michael Biebl ] + * Update Vcs-Browser URL to use cgit and https. + * Map $x-display-manager LSB facility to display-manager.service instead of + making it a target. Using a target had the downside that multiple display + managers could hook into it at the same time which could lead to several + failed start attempts for the non-default display manager. + + -- Martin Pitt <mpitt@debian.org> Sun, 01 Feb 2015 20:48:49 +0100 + +systemd (218-6) experimental; urgency=medium + + [ Martin Pitt ] + * initramfs hook: Install 61-persistent-storage-android.rules if it exists. + * Generate POT file during package build, for translators. + * Pull latest keymaps from upstream git. + * Order ifup@.service and networking.service after network-pre.target. + (Closes: #766938) + * Tone down "Network interface NamePolicy= disabled on kernel commandline, + ignoring" info message to debug, as we expect this while we disable + net.ifnames by default. (Closes: #762101, LP: #1411992) + + [ Michael Biebl ] + * Ship bash-completion for udevadm. (Closes: #776166) + * Drop rc-local generator in favor of statically enabling rc-local.service, + and drop halt-local.service which is unnecessary on Debian. + (Closes: #776170) + * Drop the obsolete libsystemd-* libraries, there are no reverse + dependencies left. + + -- Martin Pitt <mpitt@debian.org> Mon, 26 Jan 2015 15:45:45 +0100 + +systemd (218-5) experimental; urgency=medium + + * Drop logger.agent. It hasn't been called from any udev rule for a long + time, and looks obsolete. + * debian/rules: Configure with --disable-firstboot to replace some manual + file removals. + * debian/rules: Remove manual file installation, move them to + debian/*.install. Move all Debian specific installed files to + debian/extra/. + * Merge some changes from the Ubuntu package to reduce the delta; these only + apply when building on/for Ubuntu: + - Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466. + - Add 61-persistent-storage-android.rules to create persistent symlinks + for partitions with PARTNAME. By Ricardo Salveti. + - Add 71-power-switch-proliant.rules for supporting the power switches of + ProLiant Server Cartridges. By Dann Frazier. + - Add 78-graphics-card.rules: Mark KMS capable graphics devices as + PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth. + By Scott James Remnant. + - Don't install the Debian *.agent scripts. Instead, have Ubuntu's + 80-networking.rules directly pull in ifup@.service, which is much easier + and more efficient. + * Make EPERM/EACCESS when applying OOM adjustment for forked processes + non-fatal. This happens in user namespaces like unprivileged LXC + containers. + * Fix assertion failure due to /dev/urandom being unmounted when shutting + down unprivileged containers. Thanks Stéphane Graber. + * Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but + also provides a generator for auto-detecting the root and the /boot/efi + partition if they aren't in /etc/fstab. (Closes: #773533) + + -- Martin Pitt <mpitt@debian.org> Thu, 22 Jan 2015 16:13:46 +0100 + +systemd (218-4) experimental; urgency=medium + + [ Michael Biebl ] + * sysv-generator: handle Provides: for non-virtual facility names. + (Closes: #774335) + * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr + isn't mounted yet. This happens with initramfs-tools < 0.118 which we + might not get into Jessie any more. (Closes: #742048) + + [ Martin Pitt ] + * fstab-generator: Handle mountall's non-standard "nobootwait" and + "optional" options. ("bootwait" is already the systemd default behaviour, + and "showthrough" is irrelevant here, so both can be ignored). + * Add autopkgtest for one-time boot with upstart when systemd-sysv is + installed. This test only works under Ubuntu which has a split out + upstart-bin package, and will be skipped under Debian. + * debian/ifup@.service: Check if ifup succeeds by calling ifquery, to + work around ifup not failing on invalid interfaces (see #773539) + * debian/ifup@.service: Set proper service type (oneshot). + * sysv-generator: Handle .sh suffixes when translating Provides:. + (Closes: #775889) + * sysv-generator: Make real units overwrite symlinks generated by Provides: + from other units. Fixes failures due to presence of backup or old init.d + scripts. (Closes: #775404) + * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN. + (Closes: #775067) + * Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add + versioned dependency as long as this is still only in experimental. + (Closes: #775331) + * Add some missing dpkg and ucf temp files to the "hidden file" filter, to + e. g. avoid creating units for them through the sysv-generator. + (Closes: #775903) + * Silence useless warning about /etc/localtime not being a symlink. This is + deliberate in Debian with /usr (possibly) being on a separate partition. + (LP: #1409594) + + [ Christian Kastner ] + * Use common-session-noninteractive in systemd-user's PAM config, instead of + common-session. The latter can include PAM modules like libpam-mount which + expect to be called just once and/or interactively, which already happens + for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as + it's not included in -noninteractive, but is always required (and + idempotent). There is no net change on systemd which don't use manually + installed PAM modules. (Closes: #739676) + + [ Michael Biebl ] + * Make sure we run debian-fixup.service after /var has been mounted if /var + is on a separate partition. Otherwise we might end up creating the + /var/lock and /var/run symlink in the underlying root filesystem. + (Closes: #768644) + + -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 15:57:50 +0100 + +systemd (218-3) experimental; urgency=medium + + * build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds, + and restrict this test to isolation-container. (Reproduces LP #1400203) + * Bring back patch to make sd_login_monitor_new() work under other init + systems where /sys/fs/cgroup/systemd/machine does not exist. + (LP: #1400203) + * build-login autopkgtest: Build against libsystemd, not libsystemd-login + any more. + * Add debian/extra/systemd-vconsole-setup.service dependency shim for + the console-setup init script, to avoid breaking dependencies of + third-party packages. Install it for Ubuntu only for now, as in Debian + plymouth's unit got adjusted. (LP: #1392970, Debian #755194) + * Mark systemd{,-sysv} as M-A: foreign (thanks lintian). + * Quiesce maintainer-script-calls-systemctl lintian warning. + * Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's + wrong there (we are handling tmpfiles.d/ files which are not in a temp + dir). + * Use dh_installinit's --noscript instead of --no-start for the upstart + jobs without sysvinit scripts (thanks lintian). + * Put systemd.pc into arch specific pkgconfig dir, as it contains the arch + specific libdir value. + * Don't enable audit by default. It causes flooding of dmesg and syslog, + suppressing actually important messages. (Closes: #773528) + * Cherrypick various bug fixes in loopback device setup and netlink socket + communication. Fixes massive CPU usage due to tight retry loops in user + LXC containers. + + -- Martin Pitt <mpitt@debian.org> Mon, 29 Dec 2014 14:55:35 +0100 + +systemd (218-2) experimental; urgency=medium + + * boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is + racy as sometimes message bursts are suppressed. + * Fix crash in timedatectl with Etc/UTC. + * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong + copy&paste'd comment, fix log strings. Thanks Adam D. Barratt. + * boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output + on failure. + * Disable tests which fail on buildds, presumably due to too old kernels, + misconfigured /etc/hosts, and similar problems. Make failures of the test + suite fatal now. + + -- Martin Pitt <mpitt@debian.org> Tue, 16 Dec 2014 08:24:38 +0100 + +systemd (218-1) experimental; urgency=medium + + * New upstream release. Drop all cherry-picked patches and port the Debian + specific ones. + - Create /etc/machine-id on boot if missing. (LP: #1387090) + * Add new libmount-dev build dependency. + * Configure with --enable-split-usr. + * Merge some permanent Ubuntu changes, using dpkg-vendor: + - Don't symlink udev doc directories. + - Add epoch to gudev packages; Ubuntu packaged the standalone gudev before + it got merged into udev. + - Add Apport hooks for udev and systemd. + * udev-fallback-graphics upstart job: Guard the modprobe with || true to + avoid a failure when vesafb is compiled in. (LP: #1367241) + + -- Martin Pitt <mpitt@debian.org> Sun, 14 Dec 2014 13:58:39 +0100 + +systemd (217-4) experimental; urgency=medium + + [ Martin Pitt ] + * Reinstate a debian/extra/rules/50-firmware.rules which immediately tells + the kernel that userspace firmware loading failed. Otherwise it tries for a + minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is + enabled) in vain, which causes long delays with devices which have a range + of possible firmware versions. (LP: #1398458) + * debian/systemd.postinst: Don't always restart journald, as this currently + can't be done without losing the current journal and breaking attached + processes. So only restart it from upgrades < 215-3 (where the socket + location got moved) as an one-time upgrade path from wheezy. + (Closes: #771122) + * Revert "Modify insserv generator to mask sysvinit-only display managers". + This is still under dispute, a bit risky, and might get a different + implementation. Also, nodm really needs to be fixed properly, working + around it is both too risky and also too hard to get right. + + [ Didier Roche ] + * Add display managers autopkgtests. + * Reset display-manager symlink to match /e/X/d-d-m even if + display-manager.service was removed. Adapt the autopkgtests for it. + (LP: #1400680) + + -- Martin Pitt <mpitt@debian.org> Thu, 11 Dec 2014 18:06:54 +0200 + +systemd (217-3) experimental; urgency=medium + + [ Martin Pitt ] + * systemd.bug-script: Really capture stderr of systemd-delta. + (Closes: #771498) + * boot-and-services autopkgtest: Give test apparmor job some time to + actually finish. + + [ Didier Roche ] + * updated debian/patches/insserv.conf-generator.patch: + - if /etc/X11/default-display-manager doesn't match a systemd unit + (or doesn't exist), be less agressive about what to mask: we let + all sysvinit-only display-manager units enabled to fallback to previous + behavior and let them starting. (Closes: #771739) + + -- Martin Pitt <mpitt@debian.org> Tue, 02 Dec 2014 16:53:36 +0100 + +systemd (217-2) experimental; urgency=medium + + * Re-enable journal forwarding to syslog, until Debian's sysloggers + can/do all read from the journal directly. + * Fix hostnamectl exit code on success. + * Fix "diff failed with error code 1" spew with systemd-delta. + (Closes: #771397) + * Re-enable systemd-resolved. This wasn't meant to break the entire + networkd, just disable the new NSS module. Remove that one manually + instead. (Closes: #771423, LP: #1397361) + * Import v217-stable patches (up to commit bfb4c47 from 2014-11-07). + * Disable AppArmor again. This first requires moving libapparmor to /lib + (see #771667). (Closes: #771652) + * systemd.bug-script: Capture stderr of systemd-{delta,analyze}. + (Closes: #771498) + + -- Martin Pitt <mpitt@debian.org> Mon, 01 Dec 2014 15:09:09 +0100 + +systemd (217-1) experimental; urgency=medium + + [ Martin Pitt ] + * New upstream release. Drop all cherry-picked patches and port the Debian + specific ones. + * Disable systemd-resolved for now. It still needs to mature, and + integration into Debian should be discussed first. + * Bump util-linux dependency to >= 2.25 as per NEWS. + * Drop installation of 50-firmware.rules, not shipped upstream any more. + Firmware loading is now exclusively done by the kernel. + * Drop installation of readahead related services and code, readahead got + dropped in this version. + * Ship new networkctl CLI tool. + * debian/libsystemd0.symbols: Add new symbols from this release. + * debian/rules: Call dpkg-gensymbols with -c4 to immediately spot + changed/missing symbols during build. + * boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270) + * Create new "systemd-journal-remote" system group, for + systemd-tmpfiles-setup.service. + + [ Marc Deslauriers ] + * Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270) + + [ Didier Roche ] + * Handle display-manager transitions: (Closes: #748668) + - Add a generator to ensure /etc/X11/default-display-manager is controlling + which display-manager is started. + - Modify insserv generator to mask of sysvinit-only dms with insserv + $x-display-manager tag if they don't match + /etc/X11/default-display-manager. This avoids starting multiple dms at + boot. + * Cherry-pick Shared-add-readlink_value.patch as using that function in the + generator. + + -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 10:53:58 +0100 + +systemd (215-18) unstable; urgency=medium + + [ Michael Biebl ] + * manager: Pass correct errno to strerror(), have_ask_password contains + negative error values which have to be negated when being passed to + strerror(). + + [ Martin Pitt ] + * Revert upstream commit 743970d which immediately SIGKILLs units during + shutdown. This leads to problems like bash not being able to write its + history, mosh not saving its state, and similar failed cleanup actions. + (Closes: #784720, LP: #1448259) + * write_net_rules: Escape '{' and '}' characters as well, to make this work + with busybox grep. Thanks Faidon Liambotis! (Closes: #765577) + + -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 15:49:30 +0200 + +systemd (215-17) unstable; urgency=high + + * cryptsetup: Implement offset and skip options. (Closes: #751707, + LP: #953875) + + -- Martin Pitt <mpitt@debian.org> Thu, 16 Apr 2015 10:26:46 -0500 + +systemd (215-16) unstable; urgency=medium + + [ Christian Seiler ] + * Don't run hwclock-save.service in containers. (Closes: #782377) + + [ Michael Biebl ] + * Do not print anything while passwords are being queried. This should make + password prompts without plymouth more usable. (Closes: #765013) + * Skip filesystem check if already done by the initramfs. (Closes: #782522) + + -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2015 19:42:32 +0200 + +systemd (215-15) unstable; urgency=medium + + [ Adam Conrad ] + * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload + when init scripts are installed or removed (Closes: #766429) + + [ Martin Pitt ] + * Fix getty restart loop when PTS device is gone. (Closes: #780711) + * Run timesyncd in virtual machines. (Closes: #762343) + * Make logind work in environments without CAP_SYS_ADMIN (mostly + containers). Thanks Christian Seiler for the backporting! + (Closes: #778608) + * Check for correct signatures when setting properties. Fixes systemd + getting stuck on trying to set invalid property types. (Closes: #781602) + + -- Martin Pitt <mpitt@debian.org> Thu, 09 Apr 2015 10:12:37 +0200 + +systemd (215-14) unstable; urgency=medium + + [ Michael Biebl ] + * Map $x-display-manager LSB facility to display-manager.service instead of + making it a target. Using a target had the downside that multiple display + managers could hook into it at the same time which could lead to several + failed start attempts for the non-default display manager. + * Update insserv-generator and map $x-display-manager to + display-manager.service, following the recent change in sysv-generator. + This avoids creating references to a no longer existing + x-display-manager.target unit. + * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M. + + [ Martin Pitt ] + * scope: Make attachment of initial PIDs more robust. Fixes crash with + processes that get started by an init.d script with a different (aliased) + name when the cgroup becomes empty. (Closes: #781210) + * boot-and-services, display-managers autopkgtests: Add missing python3 test + dependency. + * Don't attempt to mount the same swap partition twice through different + device node aliases. (Closes: #772182, LP: #1399595) + + [ Christian Seiler ] + * Make the journald to syslog forwarding more robust by increasing the + maximum datagram queue length from 10 to 512. (Closes: #762700) + + [ Marco d'Itri ] + * Avoid writing duplicate entries in 70-persistent-net.rules by double + checking if the new udev rule has already been written for the given + interface. This happens if multiple add events are generated before the + write_net_rules script returns and udevd renames the interface. + (Closes: #765577) + + -- Michael Biebl <biebl@debian.org> Mon, 30 Mar 2015 13:26:52 +0200 + +systemd (215-13) unstable; urgency=medium + + [ Martin Pitt ] + * Add hwclock-save.service to sync the system clock to the hardware clock on + shutdown, to provide monotonic time for reboots. (Note: this is a hack for + jessie; the next Debian release will enable timesyncd by default). + (Closes: #755722) + * Check for correct architecture identifiers for SuperH. (Closes: #779710) + * networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks + Christos Trochalakis! (Closes: #779571) + * Fix segfault with units that depend on themselves. (Closes: #780675) + * tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device + creation. Fixes creation of static device nodes with kmod 20. + (Closes: #780263) + + [ Christian Seiler ] + * core: Don't migrate PIDs for units that may contain subcgroups. + This stops messing up lxc/libvirt/other custom cgroup layouts after + daemon-reload. (Closes: #777164) + * sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001) + + [ Michael Biebl ] + * debian/udev.init: Recognize '!' flag with static device lists, to work + with kmod 20. (Closes: #780263) + + [ Didier Roche ] + * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds + an After relationship. (Closes: #779902) + + -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 14:23:35 +0100 + +systemd (215-12) unstable; urgency=medium + + [ Martin Pitt ] + * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or + described in manpages. Only keep the Debian specific bits. + (Part of #776546) + * Actually install udev's README.Debian when building for Debian. + (Closes: #776546) + * Only start logind if dbus is installed. This fixes the noisy startup + failure in environments without dbus such as LXC containers or servers. + (part of #772700) + * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if + dbus is not installed, and hence logind cannot auto-start them on demand. + (Closes: #772700) + * Add unit-config autopkgtest to check systemd unit/sysv init enabling and + disabling via systemctl. This avoids bugs like #777613 (did not affect + unstable). + * cgroup: Don't trim cgroup trees created by someone else, just the ones + that systemd itself created. This avoids cleaning up empty cgroups from + e.g. LXC. (Closes: #777601) + * boot-and-services autopkgtest: Add CgroupsTest to check cgroup + creation/cleanup behaviour. This reproduces #777601 and verifies the fix + for it. + * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids + kernel buffer I/O errors and timeouts. (LP: #1333140) + * Document systemctl --failed option. (Closes: #767267) + + [ Michael Biebl ] + * core: Don't fail to run services in --user instances if $HOME is missing. + (Closes: #759320) + + [ Didier Roche ] + * default-display-manager-generator: Avoid unnecessary /dev/null symlink and + warning if there is no display-manager.service unit. + + -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:08:31 +0100 + +systemd (215-11) unstable; urgency=medium + + [ Martin Pitt ] + * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling + symlink, to work around regression in recent patch (see #776257). + * Order ifup@.service and networking.service after network-pre.target. + (Closes: #766938) + * Tone down "Network interface NamePolicy= disabled on kernel commandline, + ignoring" info message to debug, as we expect this while we disable + net.ifnames by default. (Closes: #762101, LP: #1411992) + * logind: handle closing sessions over daemon restarts. (Closes: #759515, + LP: #1415104) + * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release + after log out actually work. + * debian/patches/series: Move upstreamed patches into the appropriate + section. + + [ Michael Biebl ] + * Make sure we run debian-fixup.service after /var has been mounted if /var + is on a separate partition. Otherwise we might end up creating the + /var/lock and /var/run symlink in the underlying root filesystem. + (Closes: #768644) + + -- Martin Pitt <mpitt@debian.org> Thu, 29 Jan 2015 09:01:54 +0100 + +systemd (215-10) unstable; urgency=medium + + [ Martin Pitt ] + * sysv-generator: Handle .sh suffixes when translating Provides:. + (Closes: #775889) + * sysv-generator: Make real units overwrite symlinks generated by Provides: + from other units. Fixes failures due to presence of backup or old init.d + scripts. (Closes: #775404) + * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN. + (Closes: #775067) + + [ Christian Kastner ] + * Use common-session-noninteractive in systemd-user's PAM config, instead of + common-session. The latter can include PAM modules like libpam-mount which + expect to be called just once and/or interactively, which already happens + for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as + it's not included in -noninteractive, but is always required (and + idempotent). There is no net change on systemd which don't use manually + installed PAM modules. (Closes: #739676) + + -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 13:18:05 +0100 + +systemd (215-9) unstable; urgency=medium + + [ Didier Roche ] + * Add display managers autopkgtests. + * Reset display-manager symlink to match /e/X/d-d-m even if + display-manager.service was removed. Adapt the autopkgtests for it. + + [ Martin Pitt ] + * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong + copy&paste'd comment, fix log strings. Thanks Adam D. Barratt. + * Log all members of cyclic dependencies (loops) even with quiet on the + kernel cmdline. (Closes: #770504) + * Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to + clean /var/tmp/ automatically. (Closes: #773313) + + [ Michael Biebl ] + * sysv-generator: handle Provides: for non-virtual facility names. + (Closes: #774335) + * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr + isn't mounted yet. This happens with initramfs-tools < 0.118 which we + might not get into Jessie any more. (Closes: #742048) + + -- Martin Pitt <mpitt@debian.org> Tue, 13 Jan 2015 11:24:43 +0100 + +systemd (215-8) unstable; urgency=medium + + [ Didier Roche ] + * Cherry-pick shared-add-readlink_value.patch, we will use that function in + the generator. + * Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we + will use that function in the generator. + * Handle multiple display managers which don't ship a systemd unit or the + corresponding postinst logic for updating display-manager.service: Add a + generator to ensure /etc/X11/default-display-manager is controlling which + display-manager is started. (Closes: #771287) + + [ Sjoerd Simons ] + * d/p/core-Fix-bind-error-message.patch: + + Added. Fix error message on bind failure to print the full path + * d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch: + + Added. Be more robust when binding private unix sockets (Based on current + upstream logic) (Closes: #761306) + + [ Martin Pitt ] + * Clean up ...journal~ files from unclean shutdowns. (Closes: #771707) + * debian/systemd.postinst: Don't always restart journald, as this currently + can't be done without losing the current journal and breaking attached + processes. So only restart it from upgrades < 215-3 (where the socket + location got moved) as an one-time upgrade path from wheezy. + (Closes: #771122) + * journalctl: Fix help text for --until. (Closes: #766598) + * Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we + make sure that the udev package has appropriate Breaks:. In particular, + this avoids installing current udev with kmod << 14. (Closes: #771726) + + [ Michael Biebl ] + * systemd.postinst: Move unit enablement after restarting systemd, so that + we don't fail to enable units with keywords that wheezy's systemd does not + understand yet. Fixes enabling getty units on wheezy upgrades with + systemd. (Closes: #771204) + + -- Martin Pitt <mpitt@debian.org> Fri, 05 Dec 2014 10:01:24 +0100 + +systemd (215-7) unstable; urgency=medium + + [ Martin Pitt ] + * Add myself to Uploaders. + * Add boot-and-services autopkgtest: Check booting with systemd-sysv and + that the most crucial services behave as expected. + * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug. + * Add nspawn test to boot-and-services autopkgtest. + * Make systemd-nspawn@.service work out of the box: (Closes: #770275) + - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d. + - Add new try-{guest,host} modes for --link-journal to silently skip + setting up the guest journal if the host has no persistent journal. + - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service. + * Cherry-pick upstream patch to fix SELinux unit access check (regression + in 215). + * sysv-generator: Avoid wrong dependencies for failing units. Thanks to + Michael Biebl for the patch! (Closes: #771118) + * Cherry-pick patches to recognize and respect the "discard" mount option + for swap devices. Thanks to Aurelien Jarno for finding and testing! + (Closes: #769734) + + [ Jon Severinsson] + * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This + avoids breakage in Jessie for packages which still refer to /run/shm, and + while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official. + (LP: #1320534, Closes: #674755). + + -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 06:43:15 +0100 + +systemd (215-6) unstable; urgency=medium + + [ Martin Pitt ] + * Cherry-pick upstream patch to fix udev crash in link_config_get(). + * Cherry-pick upstream patch to fix tests in limited schroot environments. + * Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an + alternate /etc/machine-id location. This is necessary for running tests + as long as it isn't in our base images (see Debian #745876) + * Run tests during package build. For the first round don't make them fatal + for now (that will happen once we see results from all the architectures). + * Drop our Check-for-kmod-binary.patch as the upstream patch + units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it. + * Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as + our util-linux is now recent enough. Bump dependency to >= 2.21. + * Adjust timedated and hostnamed autopkgtests to current upstream version. + * Replace our Debian hwdb.bin location patch with what got committed + upstream. Run hwdb update with the new --usr option to keep current + behaviour. + * debian/README.Debian: Document how to debug boot or shutdown problems with + the debug shell. (Closes: #766039) + * Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id + under all init systems, to get consistent ID_PATH attributes. This is + required so that tools like systemd-rfkill can be used with SysVinit or + upstart scripts, too. (LP: #1387282) + * Switch libpam-systemd dependencies to prefer systemd-shim over + systemd-sysv, to implement the CTTE decision #746578. This is a no-op on + systems which already have systemd-sysv installed, but will prevent + installing that on upgrades. (Closes: #769747) + * Remove Tollef from Uploaders: as per his request. Thanks Tollef for all + you work! + * net.agent: Properly close stdout/err FDs, to avoid long hangs during udev + settle. Thanks to Ben Hutchings! (Closes: #754987) + * Bump Standards-Version to 3.9.6 (no changes necessary). + + [ Didier Roche ] + * debian/ifup@.service: add a ConditionPath on /run/network, to avoid + failing the unit if /etc/init.d/networking is disabled. (Closes: #769528) + + -- Martin Pitt <mpitt@debian.org> Tue, 18 Nov 2014 12:37:22 +0100 + +systemd (215-5) unstable; urgency=medium + + [ Martin Pitt ] + * Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V + platforms. Thanks Andy Whitcroft! (LP: #1359933) + * Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade. + (Closes: #761947) + + [ Sjoerd Simons ] + * d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch + + Fix compatibility between systemctl v215 and v208. Resolves issue when + reloads of services is requested before systemd is re-execed + (Closes: #762146) + + [ Michael Biebl ] + * Don't overmount existing /run/user/<UID> directories with a per-user tmpfs + on upgrades. (Closes: #762041) + * Re-enable mount propagation for udevd. This avoids that broken software + like laptop-mode-tools, which runs mount from within udev rules, causes + the root file system to end up read-only. (Closes: #762018) + + -- Michael Biebl <biebl@debian.org> Sat, 27 Sep 2014 17:49:47 +0200 + +systemd (215-4) unstable; urgency=medium + + * Upload to unstable. + + -- Michael Biebl <biebl@debian.org> Mon, 15 Sep 2014 17:38:30 +0200 + +systemd (215-3) experimental; urgency=medium + + [ Ben Howard ] + * 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272) + + [ Martin Pitt ] + * 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae. + (LP: #1367883) + + [ Michael Biebl ] + * Update upstream v215-stable patch series. + * The /dev/log socket and /dev/initctl FIFO have been moved to /run and + replaced by symlinks. Create the symlinks manually on upgrades as well. + (Closes: #761340) + * Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491) + * Make systemd recommend dbus so it is installed on upgrades. The dbus + system bus is required to run systemd-logind and the autovt feature relies + on logind. (Closes: #758111) + * Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version + which supports systemd >= 209. + * Rework bug-script to be more upfront about what kind of data is gathered + and ask the user for permission before attaching the information to the + bug report. (Closes: #756248) + + [ Sjoerd Simons ] + * d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch + + Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc + (Closes: #760879) + + -- Sjoerd Simons <sjoerd@debian.org> Sun, 14 Sep 2014 20:14:49 +0200 + +systemd (215-2) experimental; urgency=medium + + * debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch + + Added. Fix checking of system endianness. Fixes FTBFS on powerpc + * debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch: + + Let timesyncd go online even if networkd isn't running (from upstream + git) (Closes: #760087) + * debian/rules: add systemd-update-utmp-runlevel.service to + {poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger + the runlevel target to be loaded + + -- Sjoerd Simons <sjoerd@debian.org> Sun, 07 Sep 2014 23:46:02 +0200 + +systemd (215-1) experimental; urgency=medium + + * New upstream release. + * Import upstream v215-stable patch series. + * Rebase remaining Debian patches on top of v215-stable. + * Drop our Debian-specific run-user.mount unit as upstream now creates a + per-user tmpfs via logind. + * Don't rely on new mount from experimental for now and re-add the patch + which updates the documentation accordingly. + * Cherry-pick upstream fix to use correct versions for the new symbols that + were introduced in libudev. + * Update symbols files + - Add two new symbols for libudev1. + - Remove private symbol from libgudev-1.0-0. This symbol was never part of + the public API and not used anywhere so we don't need a soname bump. + * Cherry-pick upstream commit to not install busname units if kdbus support + is disabled. + * Make /run/lock tmpfs an API fs so it is available during early boot. + (Closes: #751392) + * Install new systemd-path and systemd-escape binaries. + * Cherry-pick upstream commit which fixes the references to the systemctl + man page. (Closes: #760613) + * Use the new systemd-escape utility to properly escape the network + interface name when starting an ifup@.service instance for hotplugged + network interfaces. Make sure a recent enough systemd version is installed + by bumping the versioned Breaks accordingly. (Closes: #747044) + * Order ifup@.service after networking.service so we don't need to setup the + runtime directory ourselves and we have a defined point during boot when + hotplugged network interfaces are started. + * Disable factory-reset feature and remove files associated with it. This + feature needs more integration work first before it can be enabled in + Debian. + * Cherry-pick upstream commit to fix ProtectSystem=full and make the + ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists) + on Debian systems. (Closes: #759689) + * Use adduser in quiet mode when creating the system users/groups to avoid + warning messages about the missing home directories. Those are created + dynamically during runtime. (Closes: #759175) + * Set the gecos field when creating the system users. + * Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop + its privileges. + * Re-exec systemd and restart services at the end of postinst. + * Cherry-pick upstream commit for sd-journal to properly convert + object->size on big endian which fixes a crash in journalctl --list-boots. + (Closes: #758392) + + -- Michael Biebl <biebl@debian.org> Sun, 07 Sep 2014 09:58:48 +0200 + +systemd (214-1) experimental; urgency=medium + + * New upstream release v214. + (Closes: #750793, #749268, #747939) + + [ Jon Severinsson ] + * Import upstream v214-stable patch series. + - Rebase remaining Debian patches on top of v214-stable. + - Drop modifications to the now-removed built-in sysvinit support. + * Install the new combined libsystemd0 library, this library combines all + functionality of the various libsystemd-* libraries. + - Deprecate the old libsystemd-* libraries as they've been bundled into + libsystemd0. The old -dev files now just carry a transitional .pc file. + - Add new symbols file for libsystemd0. + * Update symbols file for libgudev-1.0-0. + * Remove pre-generated rules and unit files in debian/rules clean target. + * Add new systemd service users in systemd postinst (systemd-timesync, + systemd-network, systemd-resolve) + * Add new system group "input" used by udev rules in udev postinst. + * Try-restart networkd, resolved, and timesyncd after an upgrade. + * Do not force-enable default-on services on every upgrade. + * Add support for rcS.d init scripts to the sysv-generator. + - Do not order rcS.d services after local-fs.target if they do not + explicitly depend on $local_fs. + - Map rcS.d init script dependencies to their systemd equivalent. + - Special-case some dependencies for sysv init scripts for better + backwards compatibility. (Closes: #726027, #738965). + * Add systemd depends on new mount. (Closes: #754411) + * Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf. + * Remove stored backlog state, rfkill state, random-seed and clock + information from /var/lib/systemd on systemd purge. + + [ Sjoerd Simons ] + * debian/patches/shared-include-stdbool.h-in-mkdir.h.patch + + Added. Include stdbool before using bool in function prototypes. Fixes + build of the insserv generator + * Add python-lxml to build-depends for python-systemd + * Turn on parallel build support + * Install the new busctl binary and translations + * Explicitly disable microhttp so the package build doesn't fail if the + required dependencies for it happen to be installed. + * debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths + assume udev implementation details that have changed slightly since v213 + * debian/control: Remove b-d on librwap0-dev + * debian/control: Bump libkmod-dev b-d to >= 15 + * debian/rules: Drop outdated --enable-tcpwrap + * debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved + for the udeb build + * debian/rules: Use the debian ntp pool as default ntp servers + * debian/rules: explicitely configure the maximum system uid/gids instead of + relying on autodetection + + -- Sjoerd Simons <sjoerd@debian.org> Sun, 24 Aug 2014 14:54:27 +0200 + +systemd (208-8) unstable; urgency=medium + + [ Martin Pitt ] + * Fix duplicate line in copyright. (Closes: #756899) + * Drop --disable-xattr configure option for udeb, does not exist any more. + * Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498) + * Backport fix for lazy session-activation on non-seat0 seats. + (LP: #1355331) + + [ Michael Biebl ] + * Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as + we can't rely on /dev/stdout to exist at this point during boot. + (Closes: #757830) + * Fix udev SysV init script and d-i start script to not write to + /sys/kernel/uevent_helper unconditionally to not fail on a kernel with + CONFIG_UEVENT_HELPER unset. (Closes: #756312) + * Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version + supporting the static-nodes command. + * Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev + versions rely on kmod-static-nodes.service being provided by systemd. + (Closes: #757777) + * Updated upstream v208-stable patch series to 53b1b6c. + * Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302) + * Make emergency.service conflict with rescue.service. + Otherwise if rescue mode is selected during boot and the emergency mode + is triggered (e.g. via a broken fstab entry), we have two sulogin + processes fighting over the tty. (Closes: #757072) + * Stop syslog.socket when entering emergency mode as otherwise every log + message triggers the start of the syslog service and its dependencies + which conflicts with emergency.target. (Closes: #755581) + + -- Michael Biebl <biebl@debian.org> Thu, 21 Aug 2014 00:14:21 +0200 + +systemd (208-7) unstable; urgency=medium + + [ Michael Biebl ] + * Mask remaining services provided by the initscripts package and document + in more detail why certain services have been masked. (Closes: #659264) + * Install zsh completions to the correct place. (Closes: #717540) + + [ Jon Severinsson ] + * Cherry-pick upstream fix for journal file permissions. (Closes: #755062) + * Map some rcS.d init script dependencies to their systemd equivalent. + * Update Depends on initscripts to the version with a systemd-compatible + mountnfs ifup hook. (Closes: #746358) + * Add Breaks on lvm2 versions without native systemd support. + (Closes: #678438, #692120) + * Do not fail udev upgrades if the udev service is already runtime-masked + when the preinst script is run. (Closes: #755746) + * Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the + sysv-compatible symlinks become dangling on a partial install. + * Ensure that systemctl is usable right after being unpacked, by adding the + required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589) + * Add support for TuxOnIce hibernation. (Closes: #746463) + + [ Martin Pitt ] + * Rename "api" autopkgtest to "build-login", and stop requiring that + sd_login_monitor_new() succeeds. It doesn't in many environments like + schroot or after upgrades from < 204, and the main point of the test is + to check that libsystemd-login-dev has correct contents and dependencies. + Drop "isolation-machine" requirement. + * Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with + latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build + dependency. (Closes: #756097) + * Build python3-systemd for Python 3 bindings. Drop python-systemd; it does + not have any reverse dependencies, and we want to encourage moving to + Python 3. (LP: #1258089) + * Add simple autopkgtest for python3-systemd. + * Add dbus dependency to libpam-systemd. (Closes: #755968) + * Fix /dev/cdrom symlink to appear for all types of drives, not just for + pure CD-ROM ones. Also, fix the symlinks to stay after change events. + (LP: #1323777) + * 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't + violate the assignment schema, they should just not be persistent. + Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776) + * Reinstate patches to make logind D-BUS activatable. + * Re-add systemd-shim alternative dependency to libpam-systemd. Version it + to ensure cgmanager support. (Closes: #754984, LP: #1343802) + * Convert udev-finish.upstart from a task to a job, to avoid hangs with + startpar. (Closes: #756631) + * Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git. + This makes it trivial to backport keymap fixes to stable releases. + (Closes: #657809; LP: #1322770, #1339998) + * udev.init: Create static device nodes, as this moved out of udevd. + Thanks to Michael Biebl for the script! (Closes: #749021) + + -- Martin Pitt <mpitt@debian.org> Wed, 06 Aug 2014 13:33:22 +0200 + +systemd (208-6) unstable; urgency=medium + + [ Jon Severinsson ] + * Add v208-stable patch series. + - Update Debian patches to apply on top of v208-stable. + - Move new manpages to libsystemd-*-dev as appropriate. + + [ Michael Biebl ] + * Upload to unstable. + + -- Michael Biebl <biebl@debian.org> Wed, 16 Jul 2014 00:44:15 +0200 + +systemd (208-5) experimental; urgency=medium + + * Merge changes from unstable branch. + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:41:32 +0200 + +systemd (208-4) experimental; urgency=medium + + * Merge changes from unstable branch. + * Drop alternative dependency on systemd-shim in libpam-systemd. The + systemd-shim package no longer provides an environment to run + systemd-logind standalone. See #752939 for further details. + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 01:22:11 +0200 + +systemd (208-3) experimental; urgency=medium + + * Merge changes from unstable branch. + + -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 11:29:07 +0200 + +systemd (208-2) experimental; urgency=medium + + [ Sjoerd Simons ] + * Don't stop a running user manager from garbage collecting the users. Fixes + long shutdown times when using a systemd user session + + [ Michael Stapelberg ] + * Fix bug-script: “systemctl dump” is now “systemd-analyze dump” + (Closes: #748311) + + [ Michael Biebl ] + * Merge changes from unstable branch. + * Cherry-pick upstream fixes to make sd_session_get_vt() actually work. + + -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:45:26 +0200 + +systemd (208-1) experimental; urgency=medium + + [ Michael Biebl ] + * New upstream release. (Closes: #729566) + * Update patches. + * Update symbols files for libsystemd-journal and libsystemd-login. + * Install new files and remove the ones we don't use. + * Install zsh completion files. (Closes: #717540) + * Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no + longer reads /etc/sysctl.conf. + * Bump Build-Depends on kmod to (>= 14). + * Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt + support. + * Make kmod-static-nodes.service check for the kmod binary since we don't + want a hard dependency on kmod e.g. for container installations. + * Disable various features which aren't required for the udeb build. + * Move new sd_pid_get_slice and sd_session_get_vt man pages into + libsystemd-login-dev. + * Make no-patch-numbers the default for gbp-pq. + * Adjust systemd-user pam config file for Debian. + This pam config file is used by libpam-systemd/systemd-logind when + launching systemd user instances. + * Drop patches to make logind D-Bus activatable. The cgroup handling has + been reworked in v205 and logind no longer creates cgroup hierarchies on + its own. That means that the standalone logind is no longer functional + without support from systemd (or an equivalent cgroup manager). + + [ Martin Pitt ] + * Explain patch management in debian/README.source. + + -- Michael Biebl <biebl@debian.org> Mon, 28 Apr 2014 00:22:57 +0200 + +systemd (204-14) unstable; urgency=medium + + * Fix SIGABRT in insserv generator caused by incorrect usage of strcat(). + (Closes: #752992) + * Mark -dev packages as Multi-Arch: same. (Closes: #720017) + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:22:43 +0200 + +systemd (204-13) unstable; urgency=medium + + * Switch back to load the sg module via the kmod builtin. The problem was + not that the kmod builtin is faster then modprobe but rather the incorrect + usage of the "=" assignment operator. We need to use "+=" here, so the sg + module is loaded in addition to other scsi modules, which are loaded via + the modalias rule. Thanks to Tommaso Colombo for the analysis. + * Cherry-pick upstream fix which prevents systemd from entering an infinite + loop when trying to break an ordering cycle. (Closes: #752259) + * Update insserv generator to not create any drop-in files for services + where the corresponding SysV init script does not exist. + * Drop the check for /sys/kernel/uevent_helper from postinst and the SysV + init script and do not unconditionally overwrite it in the initramfs hook. + Since a long time now udev has been using the netlink interface to + communicate with the kernel and with Linux 3.16 it is possible to disable + CONFIG_UEVENT_HELPER completely. (Closes: #752742) + + -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 00:01:16 +0200 + +systemd (204-12) unstable; urgency=medium + + [ Martin Pitt ] + * Change the sg loading rule (for Debian #657948) back to using modprobe. + kmod is too fast and then sg races with sd, causing the latter to not see + SCSI disks. (Closes: #752591, #752605) + + [ Michael Biebl ] + * Update udev bug-script to attach instead of paste extra info if a new + enough reportbug version is available. + + -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 10:55:12 +0200 + +systemd (204-11) unstable; urgency=medium + + [ Martin Pitt ] + * Explain patch management in debian/README.source. (Closes: #739113) + * Replace "Always probe cpu support drivers" patch with cherry-picked + upstream fix which is more general. + * Advertise hibernation only if there's enough free swap. Patches backported + from current upstream. (LP: #1313522) + * Fix typo in sg loading rule to make it actually work. + + [ Michael Biebl ] + * Make no-patch-numbers the default for gbp-pq. + * Cherry-pick upstream fix to properly handle multiline syslog messages. + (Closes: #746351) + * Cherry-pick upstream fix for libudev which fixes a memleak in + parent_add_child(). + * Drop "-b debian" from Vcs-Git since we use the master branch for + packaging now. + * Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this + breaks dist-upgrades from wheezy when switching from sysvinit to + systemd-sysv as default init. While downgrading the Pre-Depends in + sysvinit would have been an alternative, dropping the Conflicts and only + keeping the Replaces was deemed the lesser evil. (Closes: #748355) + * Use Conflicts instead of Breaks against sysvinit-core. This avoids + /sbin/init going missing when switching from systemd-sysv to sysvinit. + While at it, add a Replaces: upstart. (Closes: #751589) + * Make the SysV compat tools try both /run/initctl and /dev/initctl. This + makes them usable under sysvinit as PID 1 without requiring any symlinks. + * Various ifupdown integration fixes + - Use DefaultDependencies=no in ifup@.service so the service can be + started as early as possible. + - Create the ifupdown runtime directory in ifup@.service as we can no + longer rely on the networking service to do that for us. + - Don't stop ifup@.service on shutdown but let the networking service take + care of stopping all hotplugged interfaces. + - Only start ifup@.service for interfaces configured as allow-hotplug. + + [ Michael Stapelberg ] + * Clarify that “systemd” does not influence init whereas “systemd-sysv” does + (Closes: #747741) + + [ Ansgar Burchardt ] + * Don't use "set +e; set +u" unconditionally in the lsb init-functions hook + as this might change the behaviour of existing SysV init scripts. + (Closes: #751472) + + -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:03:43 +0200 + +systemd (204-10) unstable; urgency=medium + + * In the udeb's udev.startup, make sure that /dev/pts exists. + * systemd-logind-launch: Set the #files ulimit, for unprivileged LXC + containers. + * Drop udev.NEWS, it only applies to pre-squeeze. + * Remove /var/log/udev on purge. + * Always probe cpu support drivers. (LP #1207705) + * On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC + for management. Name this interface "idrac" to avoid confusion with "real" + network interfaces. + * Drop numerical prefixes from patches, to avoid future diff noise when + removing, cherry-picking, and merging patches. From now on, always use + "gbp-pq export --no-patch-numbers" to update them. + + -- Martin Pitt <mpitt@debian.org> Sun, 27 Apr 2014 11:53:52 +0200 + +systemd (204-9) unstable; urgency=medium + + * The "Flemish Beef and Beer Stew" release. + + [ Steve Langasek ] + * Do proper refcounting of the PAM module package on prerm, so that we + don't drop the module from the PAM config when uninstalling a + foreign-arch package. Related to Ubuntu bug #1295521. + + [ Martin Pitt ] + * debian/udev.udev-finish.upstart: Fix path to tmp-rules, + debian/extra/rule_generator.functions creates them in /run/udev/. + * rules: Remove the kernel-install bits; we don't want that in Debian and + thus it shouldn't appear in dh_install --list-missing output. + * Ship sd-shutdown.h in libsystemd-daemon-dev. + * Run dh_install with --fail-missing, to avoid forgetting files when we move + to new versions. + * Mount /dev/pts with the correct permissions in the udev, to avoid needing + pt_chown (not available on all architectures). Thanks Adam Conrad. + * Add new block of Windows Azure ethernet hardware address to + 75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018) + * Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the + upstream rules. They are compatible and do a superset of the + functionality. (Closes: #645466) + * Drop our Debian specific 80-drivers.rules and use the upstream rules with + a patch for the sg module (see #657948). These now stop calling modprobe + and use the kmod builtin, giving some nice boot speed improvement. + (Closes: #717404) + * Drop our Debian specific 50-udev-default.rules and 91-permissions.rules + and use the upstream rules with a patch for the remaining Debian specific + default device permissions. Many thanks to Marco d'Itri for researching + which Debian-specific rules are obsolete! Amongst other things, this now + also reads the hwdb info for USB devices (Closes: #717405) and gets rid of + some syntax errors (Closes: #706221) + * Set default polling interval on removable devices as well, for kernels + which have "block" built in instead of being a module. (Closes: #713877) + * Make sd_login_monitor_new() work for logind without systemd. + * Cherry-pick upstream fix for polkit permissions for rebooting with + multiple sessions. + * Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's + obsolete with devtmpfs (which is required now), and doesn't run with + systemd or upstart anyway. + * Drop unnecessary udev.dirs. + * Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed, + and a compile/link/run test against libsystemd-login-dev. + + [ Marco d'Itri ] + * preinst: check for all the system calls required by modern releases + of udev. (Closes: #648325) + * Updated fbdev-blacklist.conf for recent kernels. + * Do not blacklist viafb because it is required on the OLPC XO-1.5. + (Closes: #705792) + * Remove write_cd_rules and the associated rules which create "persistent" + symlinks for CD/DVD devices and replace them with more rules in + 60-cdrom_id, which will create symlinks for one at random among the + devices installed. Since the common case is having a single device + then everything will work out just fine most of the times... + (Closes: #655924) + * Fix write_net_rules for systemd and sysvinit users by copying the + temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563) + * Do not install sysctl.d/50-default.conf because the systemd package + should not change kernel policies, at least until it will become + the only supported init system. + + [ Michael Stapelberg ] + * Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724). + * Switch from gitpkg to git-buildpackage. Update README.source accordingly. + * Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that + need logind functionality should depend on libpam-systemd. + + [ Michael Biebl ] + * Do not send potentially private fstab information without prior user + confirmation. (Closes: #743158) + * Add support for LSB facilities defined by insserv. + Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate + systemd unit drop-in files to add corresponding dependencies. Also ship + targets for the Debian specific $x-display-manager and + $mail-transport-agent system facilities. (Closes: #690892) + * Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME + setting from /etc/default/rcS. Fix up existing broken configurations. + (Closes: #738862) + + -- Michael Biebl <biebl@debian.org> Sat, 26 Apr 2014 21:37:29 +0200 + +systemd (204-8) unstable; urgency=low + + [ Michael Stapelberg ] + * move manpages from systemd to libsystemd-*-dev as appropriate + (Closes: #738723) + * fix systemctl enable/disable/… error message “Failed to issue method call: + No such file or directory” (the previous upload did actually not contain + this fix due to a merge conflict) (Closes: #738843) + * add explicit “Depends: sysv-rc” so that initscript’s “Depends: sysv-rc | + file-rc” will not be satisfied with file-rc. We need the invoke-rc.d and + update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd. + (Closes: #739679) + * set capabilities cap_dac_override,cap_sys_ptrace=ep for + systemd-detect-virt, so that it works for unprivileged users. + (Closes: #739699) + * pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300) + * Ignore chkconfig headers entirely, they are often broken in Debian + (Closes: #634472) + + [ Michael Biebl ] + * do a one-time migration of RAMTMP= from /etc/default/rcS and + /etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687) + * Bump Standards-Version to 3.9.5. + + -- Michael Biebl <biebl@debian.org> Wed, 19 Mar 2014 18:57:35 +0100 + +systemd (204-7) unstable; urgency=low + + * fix systemctl enable/disable/… error message “Failed to issue method call: + No such file or directory” (Closes: #734809) + * bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0 + (Closes: #722530) + * add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel + Schepler) + * cherry-pick: + order remote mounts from mountinfo before remote-fs.target (77009452cfd) + (Closes: #719945) + Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156) + fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316) + + -- Michael Stapelberg <stapelberg@debian.org> Tue, 11 Feb 2014 23:34:42 +0100 + +systemd (204-6) unstable; urgency=low + + [ Michael Stapelberg ] + * Run update-rc.d defaults before update-rc.d <enable|disable> + (Closes: #722523) + * preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204 + (Closes: #723936) + * fstab-generator: don’t rely on /usr being mounted in the initrd + (Closes: #724797) + * systemctl: mangle names when avoiding dbus (Closes: #723855) + * allow group adm read access on /var/log/journal (Closes: #717386) + * add systemd-journal group (Thanks Guido Günther) (Closes: #724668) + * copy /etc/localtime instead of symlinking (Closes: #726256) + * don’t try to start autovt units when not running with systemd as pid 1 + (Closes: #726466) + * Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida) + (Closes: #733240) + * Add myself to uploaders + + [ Tollef Fog Heen ] + * Make 99-systemd.rules check for /run/systemd/systemd instead of the + ill-named cgroups directory. + + [ Martin Pitt ] + * debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink + should go away at some point. + * debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they + are potentially useful in a d-i environment. + * debian/shlibs.local: Drop libudev; this unnecessarily generates overly + strict dependencies, the libudev ABI is stable. + * debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems + (LP: #1099278) + + -- Michael Stapelberg <stapelberg@debian.org> Tue, 31 Dec 2013 14:39:44 +0100 + +systemd (204-5) unstable; urgency=high + + * Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit + by avoiding a race condition in scraping /proc (CVE-2013-4327). + Closes: #723713 + + -- Michael Biebl <biebl@debian.org> Mon, 23 Sep 2013 11:59:53 +0200 + +systemd (204-4) unstable; urgency=low + + * Add preinst check to abort udev upgrade if the currently running kernel + lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no + longer creates any device nodes itself. This only affects self-compiled + kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580 + * Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This + only affects users without an initramfs, which usually is responsible for + mounting the devtmpfs. Closes: #722604 + * Drop pre-squeeze upgrade code from maintainer scripts and simplify the + various upgrade checks. + * Suppress errors about unknown hwdb builtin. udev 196 introduced a new + "hwdb" builtin which is not understood by the old udev daemon. + * Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a + proper dependency on libudev1-udeb and not libudev1. Closes: #722939 + * Remove udev-udeb dependency from libudev1-udeb to avoid a circular + dependency between the two packages. This dependency was copied over from + the old udev-gtk-udeb package and no longer makes any sense since + libudev1-udeb only contains a library nowadays. + + -- Michael Biebl <biebl@debian.org> Wed, 18 Sep 2013 00:05:21 +0200 + +systemd (204-3) unstable; urgency=low + + [ Michael Biebl ] + * Upload to unstable. + * Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell. + * Only import net.ifaces cmdline property for network devices. + * Generate strict dependencies between the binary packages using a + shlibs.local file and add an explicit versioned dependency on + libsystemd-login0 to systemd to ensure packages are upgraded in sync. + Closes: #719444 + * Drop obsolete Replaces: libudev0 from udev package. + * Use correct paths for various binaries, like /sbin/quotaon, which are + installed in / and not /usr in Debian. Closes: #721347 + * Don't install kernel-install(8) man page since we don't install the + corresponding binary either. Closes: #722180 + * Cherry-pick upstream fixes to make switching runlevels and starting + reboot via ctrl-alt-del more robust. + * Cherry-pick upstream fix to properly apply ACLs to Journal files. + Closes: #717863 + + [ Michael Stapelberg ] + * Make systemctl enable|disable call update-rc.d for SysV init scripts. + Closes: #709780 + * Don't mount /tmp as tmpfs by default and make it possible to enable this + feature via "systemctl enable tmp.mount". Closes: #718906 + + [ Daniel Schaal ] + * Add bug-script to systemd and udev. Closes: #711245 + + [ Ondrej Balaz ] + * Recognize discard option in /etc/crypttab. Closes: #719167 + + -- Michael Biebl <biebl@debian.org> Thu, 12 Sep 2013 00:13:11 +0200 + +systemd (204-2) experimental; urgency=low + + [ Daniel Schaal ] + * Enable verbose build logs. Closes: #717465 + * Add handling of Message Catalog files to provide additional information + for log entries. Closes: #717427 + * Remove leftover symlink to debian-enable-units.service. Closes: #717349 + + [ Michael Stapelberg ] + * Install 50-firmware.rules in the initramfs and udeb. Closes: #717635 + + [ Michael Biebl ] + * Don't pass static start priorities to dh_installinit anymore. + * Switch the hwdb trigger to interest-noawait. + * Remove obsolete support for configurable udev root from initramfs. + * Bind ifup@.service to the network device. This ensures that ifdown is run + when the device is removed and the service is stopped. + Closes: #660861, #703033 + * Bump Standards-Version to 3.9.4. No further changes. + * Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385 + * Make all packages Priority: optional, with the exception of udev and + libudev1, which remain Priority: important, and systemd-sysv, which + remains Priority: extra due to the conflict with sysvinit. + Closes: #717365 + * Restart systemd-logind.service on upgrades due to changes in the + CreateSession D-Bus API between v44 and v204. Closes: #717403 + + -- Michael Biebl <biebl@debian.org> Wed, 24 Jul 2013 23:47:59 +0200 + +systemd (204-1) experimental; urgency=low + + * New upstream release. Closes: #675175, #675177 + - In v183 the udev sources have been merged into the systemd source tree. + As a result, the udev binary packages will now be built from the systemd + source package. To align the version numbers 139 releases were skipped. + - For a complete list of changes, please refer to the NEWS file. + * Add Marco to Uploaders. + * Drop Suggests on the various python packages from systemd. The + systemd-analyze tool has been reimplemented in C. + * Add binary packages as found in the udev 175-7.2 source package. + * Wrap dependencies for better readability. + * Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0. + * Drop old Conflicts, Replaces and Breaks, which are no longer necessary. + * Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject + introspection mini-policy. Closes: #691313 + * The hwdb builtin has replaced pci-db and usb-db in udev. Drop the + Recommends on pciutils and usbutils accordingly. + * Drop our faketime hack. Upstream uses a custom xsl style sheet now to + generate the man pages which no longer embeds the build date. + * Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are + using pam-auth-update. + * Explicitly set Section and Priority for the udev binary package. + * Update Build-Depends: + - Drop libudev-dev, no longer required. + - Add gtk-doc-tools and libglib2.0-doc for the API documentation in + libudev and libgudev. + - Add libgirepository1.0-dev and gobject-introspection for GObject + introspection support in libgudev. + - Add libgcrypt11-dev for encryption support in the journal. + - Add libblkid-dev for the blkid udev builtin. + * Use gir dh addon to ensure ${gir:Depends} is properly set. + * Rename libudev0 → libudev1 for the SONAME bump. + * Update symbols files. libudev now uses symbols versioning as the other + libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from + the old udev package. + * Run gtkdocize on autoreconf. + * Enable python bindings for the systemd libraries and ship them in a new + package named python-systemd. + * Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per + libsystemd-journal.pc. + * Remove obsolete bash-completion scripts on upgrades. Nowadays they are + installed in /usr/share/bash-completion/completions. + * Rename conffiles for logind and journald. + * Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents. + * Build two flavours: a regular build and one for the udev udebs with + reduced features/dependencies. + * Create a few compat symlinks for the udev package, most notably + /sbin/udevadm and /sbin/udevd. + * Remove the dpkg-triggered debian-enable-units script. This was a temporary + workaround for wheezy. Packages should use dh-systemd now to properly + integrate service files with systemd. + * Update debian/copyright using the machine-readable copyright format 1.0. + * Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2 + non-maintainer uploads. + * Keep the old persistent network interface naming scheme for now and make + the new one opt-in via net.ifnames=1 on the kernel command line. + * Drop the obsolete udev-mtab SysV init script and properly clean up on + upgrades. + * Simplify the udev SysV init script and remove experimental and obsolete + features. + * Revert upstream commits which dropped support for distro specific + features and config files. + * Make logind, hostnamed, localed and timedated D-Bus activatable and + usable when systemd is not running. + * Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on + install and upgrades. + * Provide a dpkg file trigger for hwdb, so the database is automatically + updated when packages install files into /lib/udev/hwdb.d. + + -- Michael Biebl <biebl@debian.org> Fri, 19 Jul 2013 00:32:36 +0200 + +systemd (44-12) unstable; urgency=low + + * Cherry-pick e17187 from upstream to fix build failures with newer glibc + where the clock_* symbols have been moved from librt to libc. + Closes: #701364 + * If the new init-system-helpers package is installed, make the + debian-enable-units script a no-op. The auto-enabler was meant as a + temporary workaround and will be removed once all packages use the new + helper. + * Update the checks which test if systemd is the active init. The + recommended check is [ -d /run/systemd/system ] as this will also work + with a standalone systemd-logind. + * Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add + Tollef and myself as Uploaders. + * Stop building the GUI bits. They have been split into a separate source + package called systemd-ui. + + -- Michael Biebl <biebl@debian.org> Thu, 20 Jun 2013 01:32:16 +0200 + +systemd (44-11) unstable; urgency=low + + * Team upload. + * Run debian-enable-units.service after sysinit.target to ensure our tmp + files aren't nuked by systemd-tmpfiles. + * The mountoverflowtmp SysV init script no longer exists so remove that + from remount-rootfs.service to avoid an unnecessary diff to upstream. + * Do not fail on purge if /var/lib/systemd is empty and has been removed + by dpkg. + + -- Michael Biebl <biebl@debian.org> Wed, 13 Mar 2013 08:03:06 +0100 + +systemd (44-10) unstable; urgency=low + + * Team upload. + * Using the return code of "systemctl is-enabled" to determine whether we + enable a service or not is unreliable since it also returns a non-zero + exit code for masked services. As we don't want to enable masked services, + grep for the string "disabled" instead. + + -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 17:01:24 +0100 + +systemd (44-9) unstable; urgency=low + + * Team upload. + * Fix typo in systemd.socket man page. Closes: #700038 + * Use color specification in "systemctl dot" which is actually + understood by dot. Closes: #643689 + * Fix mounting of remote filesystems like NFS. Closes: #673309 + * Use a file trigger to automatically enable service and socket units. A lot + of packages simply install systemd units but do not enable them. As a + result they will be inactive after the next boot. This is a workaround for + wheezy which will be removed again in jessie. Closes: #692150 + + -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 13:35:39 +0100 + +systemd (44-8) unstable; urgency=low + + * Team upload. + * Use comment=systemd.* syntax in systemd.mount man page. The + mount/util-linux version in wheezy is not recent enough to support the new + x-systemd* syntax. Closes: #697141 + * Don't enable persistent storage of journal log files. The journal in v44 + is not yet mature enough. + + -- Michael Biebl <biebl@debian.org> Sat, 19 Jan 2013 20:05:05 +0100 + +systemd (44-7) unstable; urgency=low + + * Fix a regression in the init-functions hook wrt reload handling that was + introduced when dropping the X-Interactive hack. Closes: #696355 + + -- Michael Biebl <biebl@debian.org> Fri, 21 Dec 2012 00:00:12 +0100 + +systemd (44-6) unstable; urgency=low + + [ Michael Biebl ] + * No longer ship the /sys directory in the systemd package since it is + provided by base-files nowadays. + * Don't run udev rules if systemd is not active. + * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time + migration so don't run the debian-fixup script on every boot. + + [ Tollef Fog Heen ] + * Prevent the systemd package from being removed if it's the active init + system, since that doesn't work. + + [ Michael Biebl ] + * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M). + Those directories are user-writable which could lead to DoS by filling up + /run. Closes: #635131 + + -- Michael Biebl <biebl@debian.org> Sun, 16 Dec 2012 21:58:37 +0100 + +systemd (44-5) unstable; urgency=low + + * Team upload. + + [ Tollef Fog Heen ] + * disable killing on entering START_PRE, START, thanks to Michael + Stapelberg for patch. This avoids killing VMs run through libvirt + when restarting libvirtd. Closes: #688635. + * Avoid reloading services when shutting down, since that won't work and + makes no sense. Thanks to Michael Stapelberg for the patch. + Closes: #635777. + * Try to determine which init scripts support the reload action + heuristically. Closes: #686115, #650382. + + [ Michael Biebl ] + * Update Vcs-* fields, the Git repository is hosted on alioth now. Set the + default branch to "debian". + * Avoid reload and (re)start requests during early boot which can lead to + deadlocks. Closes: #624599 + * Make systemd-cgroup work even if not all cgroup mounts are available on + startup. Closes: #690916 + * Fix typos in the systemd.path and systemd.unit man page. Closes: #668344 + * Add watch file to track new upstream releases. + + -- Michael Biebl <biebl@debian.org> Thu, 25 Oct 2012 21:41:23 +0200 + +systemd (44-4) unstable; urgency=low + + [ Michael Biebl ] + * Override timestamp for man page building, thereby avoiding skew + between architectures which caused problems for multi-arch. + Closes: #680011 + + [ Tollef Fog Heen ] + * Move diversion removal from postinst to preinst. Closes: #679728 + * Prevent the journal from crashing when running out of disk space. + This is 499fb21 from upstream. Closes: #668047. + * Stop mounting a tmpfs on /media. Closes: #665943 + + -- Tollef Fog Heen <tfheen@debian.org> Sun, 01 Jul 2012 08:17:50 +0200 + +systemd (44-3) unstable; urgency=low + + [ Michael Biebl ] + * Bump to debhelper 9. + * Convert to Multi-Arch: same where possible. Closes: #676615 + + [ Tollef Fog Heen ] + * Cherry-pick d384c7 from upstream to stop journald from leaking + memory. Thanks to Andreas Henriksson for testing. Closes: #677701 + * Ship lsb init script override/integration in /lib/lsb/init-functions.d + rather than diverting /lib/lsb/init-functions itself. Add appropriate + Breaks to ensure upgrades happen. + + -- Tollef Fog Heen <tfheen@debian.org> Fri, 29 Jun 2012 22:34:16 +0200 + +systemd (44-2) unstable; urgency=low + + [ Michael Biebl ] + * Tighten the versions in the maintscript file + * Ship the /sys directory in the package + * Re-add workaround for non-interactive PAM sessions + * Mask checkroot-bootclean (Closes: #670591) + * Don't ignore errores in systemd-sysv postinst + + [ Tollef Fog Heen ] + * Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422 + * Make sure /run/sensigs.omit.d exists. + * Add python-dbus and python-cairo to Suggests, for systemd-analyze. + Closes: #672965 + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 08 May 2012 18:04:22 +0200 + +systemd (44-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream version. + - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other + archs + - Backport 5a2a2a1: journal: react with immediate rotation to a couple + of more errors + - Backport 693ce21: util: never follow symlinks in rm_rf_children() + Fixes CVE-2012-1174, closes: #664364 + * Drop output message from init-functions hook, it's pointless. + * Only rmdir /lib/init/rw if it exists. + * Explicitly order debian-fixup before sysinit.target to prevent a + possible race condition with the creation of sockets. Thanks to + Michael Biebl for debugging this. + * Always restart the initctl socket on upgrades, to mask sysvinit + removing it. + + [ Michael Biebl ] + * Remove workaround for non-interactive sessions from pam config again. + * Create compat /dev/initctl symlink in case we are upgrading from a system + running a newer version of sysvinit (using /run/initctl) and sysvinit is + replaced with systemd-sysv during the upgrade. Closes: #663219 + * Install new man pages. + * Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323 + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 03 Apr 2012 19:59:17 +0200 + +systemd (43-1) experimental; urgency=low + + [ Tollef Fog Heen ] + * Target upload at experimental due to libkmod dependency + * New upstream release + - Update bash-completion for new verbs and arguments. Closes: #650739 + - Fixes local DoS (CVE-2012-1101). Closes: #662029 + - No longer complains if the kernel lacks audit support. Closes: #642503 + * Fix up git-to-source package conversion script which makes gitpkg + happier. + * Add libkmod-dev to build-depends + * Add symlink from /bin/systemd to /lib/systemd/systemd. + * Add --with-distro=debian to configure flags, due to no /etc/os-release + yet. + * Add new symbols for libsystemd-login0 to symbols file. + * Install a tmpfiles.d file for the /dev/initctl → /run/initctl + migration. Closes: #657979 + * Disable coredump handling, it's not ready yet. + * If /run is a symlink, don't try to do the /var/run → /run migration. + Ditto for /var/lock → /run/lock. Closes: #647495 + + [ Michael Biebl ] + * Add Build-Depends on liblzma-dev for journal log compression. + * Add Build-Depends on libgee-dev, required to build systemadm. + * Bump Standards-Version to 3.9.2. No further changes. + * Add versioned Build-Depends on automake and autoconf to ensure we have + recent enough versions. Closes: #657284 + * Add packages for libsystemd-journal and libsystemd-id128. + * Update symbols file for libsystemd-login. + * Update configure flags, use rootprefix instead of rootdir. + * Copy intltool files instead of symlinking them. + * Re-indent init-functions script. + * Remove workarounds for services using X-Interactive. The LSB X-Interactive + support turned out to be broken and has been removed upstream so we no + longer need any special handling for those type of services. + * Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries. + * Install /var/lib/systemd directory. + * Install /var/log/journal directory where the journal files are stored + persistently. + * Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no). + * Avoid error messages from systemctl in postinst if systemd is not running + by checking for /sys/fs/cgroup/systemd before executing systemctl. + Closes: #642749 + * Stop installing lib-init-rw (auto)mount units and try to cleanup + /lib/init/rw in postinst. Bump dependency on initscripts accordingly. + Closes: #643699 + * Disable pam_systemd for non-interactive sessions to work around an issue + with sudo. + * Use new dh_installdeb maintscript facility to handle obsolete conffiles. + Bump Build-Depends on debhelper accordingly. + * Rename bash completion file systemctl-bash-completion.sh → + systemd-bash-completion.sh. + * Update /sbin/init symlink. The systemd binary was moved to $pkglibdir. + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 07 Feb 2012 21:36:34 +0100 + +systemd (37-1.1) unstable; urgency=low + + * Non-maintainer upload with Tollef's consent. + * Remove --parallel to workaround a bug in automake 1.11.3 which doesn't + generate parallel-safe build rules. Closes: #661842 + * Create a compat symlink /run/initctl → /dev/initctl to work with newer + versions of sysvinit. Closes: #657979 + + -- Michael Biebl <biebl@debian.org> Sat, 03 Mar 2012 17:42:10 +0100 + +systemd (37-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream version + * Change the type of the debian-fixup service to oneshot. + Closes: #642961 + * Add ConditionPathIsDirectory to lib-init-rw.automount and + lib-init-rw.mount so we only activate the unit if the directory + exists. Closes: #633059 + * If a sysv service exists in both rcS and rcN.d runlevels, drop the + rcN.d ones to avoid loops. Closes: #637037 + * Blacklist fuse init script, we do the same work already internally. + Closes: #643700 + * Update README.Debian slightly for /run rather than /lib/init/rw + + [ Josh Triplett ] + * Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to + /etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of + "infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that + overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing + /tmp. Closes: #643698 + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 28 Sep 2011 20:04:13 +0200 + +systemd (36-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream release. Closes: #634618 + - Various man page fixes. Closes: #623521 + * Add debian-fixup service that symlinks mtab to /proc/mounts and + migrates /var/run and /var/lock to symlinks to /run + + [ Michael Biebl ] + * Build for libnotify 0.7. + * Bump Build-Depends on libudev to (>= 172). + * Add Build-Depends on libacl1-dev. Required for building systemd-logind + with ACL support. + * Split libsystemd-login and libsystemd-daemon into separate binary + packages. + * As autoreconf doesn't like intltool, override dh_autoreconf and call + intltoolize and autoreconf ourselves. + * Add Build-Depends on intltool. + * Do a one-time migration of the hwclock configuration. If UTC is set to + "no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting. + * Remove /cgroup cleanup code from postinst. + * Add Build-Depends on gperf. + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 14 Sep 2011 08:25:17 +0200 + +systemd (29-1) unstable; urgency=low + + [ Tollef Fog Heen ] + * New upstream version, Closes: #630510 + - Includes typo fixes in documentation. Closes: #623520 + * Fall back to the init script reload function if a native .service file + doesn't know how to reload. Closes: #628186 + * Add hard dependency on udev. Closes: #627921 + + [ Michael Biebl ] + * hwclock-load.service is no longer installed, so we don't need to remove it + anymore in debian/rules. + * Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and + sysctl.d. + * Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files + are installed in /usr/lib/tmpfiles.d now. + * Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking + support in fsck and remove our revert patch. + * Don't choke when systemd was compiled with a different CAP_LAST_CAP then + what it is run with. Patch cherry-picked from upstream Git. + Closes: #628081 + * Enable dev-hugepages.automount and dev-mqueue.automount only when enabled + in kernel. Patch cherry-picked from upstream Git. Closes: #624522 + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 08 Jun 2011 16:14:31 +0200 + +systemd (25-2) experimental; urgency=low + + * Handle downgrades more gracefully by removing diversion of + /lib/lsb/init-functions on downgrades to << 25-1. + * Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream, + avoids assert when dumping properties. Closes: #624094 + * Remove "local" in non-function context in init-functions wrapper. + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 27 Apr 2011 22:20:04 +0200 + +systemd (25-1) experimental; urgency=low + + * New upstream release, target experimental due to initscripts + dependency. + - Fixes where to look for locale config. Closes: #619166 + * Depend on initscripts >= 2.88dsf-13.4 for /run transition. + * Add Conflicts on klogd, since it doesn't work correctly with the + kmg→/dev/log bridge. Closes: #622555 + * Add suggests on Python for systemd-analyze. + * Divert /lib/lsb/init-functions instead of (ab)using + /etc/lsb-base-logging.sh for diverting calls to /etc/init.d/* + * Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093 + * Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master: + mkdir /run/systemd/system when starting up + + -- Tollef Fog Heen <tfheen@debian.org> Sun, 24 Apr 2011 09:02:04 +0200 + +systemd (20-1) unstable; urgency=low + + * New upstream version + * Install systemd-machine-id-setup + * Call systemd-machine-id-setup in postinst + * Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to + prevent dbus assert error. + * Enable TCP wrapper support. Closes: #618409 + * Enable SELinux support. Closes: #618412 + * Make getty start after Apache2 and OpenVPN (which are the only two + known users of X-Interactive: yes). Closes: #618419 + + -- Tollef Fog Heen <tfheen@debian.org> Fri, 11 Mar 2011 19:14:21 +0100 + +systemd (19-1) experimental; urgency=low + + * New upstream release + * Add systemd-tmpfiles to systemd package. + * Add ifup@.service for handling hotplugged interfaces from + udev. Closes: #610871 + * Mask mtab.service and udev-mtab.service as they are pointless when + /etc/mtab is a symlink to /proc/mounts + * Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules + that don't work well with systemd causing delays on bootup. + + -- Tollef Fog Heen <tfheen@debian.org> Thu, 17 Feb 2011 07:36:22 +0100 + +systemd (17-1) experimental; urgency=low + + [ Tollef Fog Heen ] + * New upstream release + * Clarify ifupdown instructions in README.Debian somewhat. + Closes: #613320 + * Silently skip masked services in lsb-base-logging.sh instead of + failing. Initial implementation by Michael Biebl. Closes: #612551 + * Disable systemd-vconsole-setup.service for now. + + [ Michael Biebl ] + * Bump build dependency on valac-0.10 to (>= 0.10.3). + * Improve regex in lsb-base-logging.sh for X-Interactive scripts. + Closes: #613325 + + -- Tollef Fog Heen <tfheen@debian.org> Wed, 16 Feb 2011 21:06:16 +0100 + +systemd (16-1) experimental; urgency=low + + [ Tollef Fog Heen ] + * New upstream release. Closes: #609611 + * Get rid of now obsolete patches that are upstream. + * Use the built-in cryptsetup support in systemd, build-depend on + libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib. + * Don't use systemctl redirect for init scripts with X-Interactive: true + + [ Michael Biebl ] + * Update package description + * Use v8 debhelper syntax + * Make single-user mode work + * Run hwclock-save.service on shutdown + * Remove dependencies on legacy sysv mount scripts, as we use native + mounting. + + -- Tollef Fog Heen <tfheen@debian.org> Sun, 16 Jan 2011 11:04:13 +0100 + +systemd (15-1) UNRELEASED; urgency=low + + [ Tollef Fog Heen ] + * New upstream version, thanks a lot to Michael Biebl for help with + preparing this version. + - This version handles cycle breaking better. Closes: #609225 + * Add libaudit-dev to build-depends + * /usr/share/systemd/session has been renamed to /usr/share/systemd/user + upstream, adjust build system accordingly. + * Remove -s from getty serial console invocation. + * Add dependency on new util-linux to make sure /sbin/agetty exists + * Don't mount /var/lock with gid=lock (Debian has no such group). + * Document problem with ifupdown's /etc/network/run being a normal + directory. + + [ Michael Biebl ] + * Revert upstream change which requires libnotify 0.7 (not yet available in + Debian). + * Use dh-autoreconf for updating the build system. + * Revert upstream commit which uses fsck -l (needs a newer version of + util-linux). + * Explicitly disable cryptsetup support to not accidentally pick up a + libcryptsetup dependency in a tainted build environment, as the library + is currently installed in /usr/lib. + * Remove autogenerated man pages and vala C sources, so they are rebuilt. + * Use native systemd mount support: + - Use MountAuto=yes and SwapAuto=yes (default) in system.conf + - Mask SysV init mount, check and cleanup scripts. + - Create an alias (symlink) for checkroot (→ remount-rootfs.service) as + synchronization point for SysV init scripts. + * Mask x11-common, rmnologin, hostname, bootmisc and bootlogd. + * Create an alias for procps (→ systemd-sysctl.service) and + urandom (→ systemd-random-seed-load.service). + * Create an alias for module-init-tools (→ systemd-modules-load.service) and + a symlink from /etc/modules-load.d/modules.conf → /etc/modules. + * Install lsb-base hook which redirects calls to SysV init scripts to + systemctl: /etc/init.d/<foo> <action> → systemctl <action> <foo.service> + * Install a (auto)mount unit to mount /lib/init/rw early during boot. + + -- Tollef Fog Heen <tfheen@debian.org> Sat, 20 Nov 2010 09:28:01 +0100 + +systemd (11-2) UNRELEASED; urgency=low + + * Tighten depends from systemd-* on systemd to ensure they're upgraded + in lockstep. Thanks to Michael Biebl for the patch. + * Add missing #DEBHELPER# token to libpam-systemd + * Stop messing with runlevel5/multi-user.target symlink, this is handled + correctly upstream. + * Stop shipping /cgroup in the package. + * Remove tmpwatch services, Debian doesn't have or use tmpwatch. + * Make sure to enable GTK bits. + * Ship password agent + * Clean up cgroups properly on upgrades, thanks to Michael Biebl for the + patch. Closes: #599577 + + -- Tollef Fog Heen <tfheen@debian.org> Tue, 02 Nov 2010 21:47:10 +0100 + +systemd (11-1) experimental; urgency=low + + * New upstream version. Closes: #597284 + * Add pam-auth-update calls to libpam-systemd's postinst and prerm + * Make systemd-sysv depend on systemd + * Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966 + * Add libnotify-dev to build-depends (needed for systemadm) + + -- Tollef Fog Heen <tfheen@debian.org> Thu, 07 Oct 2010 22:01:19 +0200 + +systemd (8-2) experimental; urgency=low + + * Hardcode udev rules dir in configure call. + * Remove README.source as it's no longer accurate. + + -- Tollef Fog Heen <tfheen@debian.org> Mon, 30 Aug 2010 21:10:26 +0200 + +systemd (8-1) experimental; urgency=low + + * New upstream release + * Only ship the top /cgroup + * Pass --with-rootdir= to configure, to make it think / is / rather + than // + * Add PAM module package + * Fix up dependencies in local-fs.target. Closes: #594420 + * Move systemadm to its own package. Closes: #588451 + * Update standards-version (no changes needed) + * Update README.Debian to explain how to use systemd. + * Add systemd-sysv package that provides /sbin/init and friends. + + -- Tollef Fog Heen <tfheen@debian.org> Sat, 07 Aug 2010 07:31:38 +0200 + +systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low + + * Initial release, upload to experimental. Closes: #580814 + + -- Tollef Fog Heen <tfheen@debian.org> Fri, 30 Apr 2010 21:02:25 +0200 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..c0cc0dc --- /dev/null +++ b/debian/control @@ -0,0 +1,402 @@ +Source: systemd +Section: admin +Priority: optional +Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org> +Uploaders: Michael Biebl <biebl@debian.org>, + Marco d'Itri <md@linux.it>, + Sjoerd Simons <sjoerd@debian.org>, + Martin Pitt <mpitt@debian.org>, + Felipe Sateler <fsateler@debian.org> +Standards-Version: 4.5.1 +Rules-Requires-Root: no +Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git +Vcs-Browser: https://salsa.debian.org/systemd-team/systemd +Homepage: https://www.freedesktop.org/wiki/Software/systemd +Build-Depends: debhelper-compat (= 13), + pkg-config, + xsltproc, + docbook-xsl, + docbook-xml, + m4, + meson (>= 0.52.1), + gettext, + gperf, + gnu-efi [amd64 i386 arm64 armhf], + libcap-dev (>= 1:2.24-9~), + libpam0g-dev, + libapparmor-dev (>= 2.13) <!stage1>, + libidn2-dev <!stage1>, + libiptc-dev <!stage1>, + libaudit-dev <!stage1>, + libdbus-1-dev (>= 1.3.2) <!nocheck> <!noinsttest>, + libcryptsetup-dev (>= 2:1.6.0) <!stage1>, + libselinux1-dev (>= 2.1.9), + libacl1-dev, + liblzma-dev, + liblz4-dev (>= 0.0~r125), + liblz4-tool <!nocheck>, + libbz2-dev <!stage1>, + zlib1g-dev <!stage1> | libz-dev <!stage1>, + libcurl4-gnutls-dev <!stage1> | libcurl-dev <!stage1>, + libmicrohttpd-dev <!stage1>, + libgnutls28-dev <!stage1>, + libpcre2-dev <!stage1>, + libgcrypt20-dev, + libkmod-dev (>= 15), + libblkid-dev (>= 2.24), + libmount-dev (>= 2.30), + libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el riscv64 s390x], + libdw-dev (>= 0.158) <!stage1>, + libpolkit-gobject-1-dev <!stage1>, + libzstd-dev (>= 1.4.0), + linux-base <!nocheck>, + acl <!nocheck>, + python3:native, + python3-lxml:native, + python3-pyparsing <!nocheck>, + python3-evdev <!nocheck>, + tzdata <!nocheck>, + libcap2-bin <!nocheck>, + iproute2 <!nocheck>, + zstd <!nocheck>, + +Package: systemd +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: important +Recommends: dbus, + systemd-timesyncd | time-daemon, +Suggests: systemd-container, + policykit-1 +Pre-Depends: ${shlibs:Pre-Depends}, + ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libsystemd0 (= ${binary:Version}), + util-linux (>= 2.27.1), + mount (>= 2.26), + adduser, +Conflicts: consolekit, + libpam-ck-connector, +Breaks: systemd-shim (<< 10-4~), + python-dbusmock (<< 0.18), + python3-dbusmock (<< 0.18), + resolvconf (<< 1.83~), + udev (<< 247~), +Description: system and service manager + systemd is a system and service manager for Linux. It provides aggressive + parallelization capabilities, uses socket and D-Bus activation for starting + services, offers on-demand starting of daemons, keeps track of processes using + Linux control groups, maintains mount and automount points and implements an + elaborate transactional dependency-based service control logic. + . + systemd is compatible with SysV and LSB init scripts and can work as a + drop-in replacement for sysvinit. + . + Installing the systemd package will not switch your init system unless you + boot with init=/lib/systemd/systemd or install systemd-sysv in addition. + +Package: systemd-sysv +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: important +Conflicts: sysvinit-core, + upstart (<< 1.13.2-0ubuntu10~), + file-rc, + systemd-shim, +Replaces: sysvinit-core, + upstart (<< 1.13.2-0ubuntu10~), +Pre-Depends: systemd +Depends: ${shlibs:Depends}, + ${misc:Depends} +Recommends: libpam-systemd, + libnss-systemd +Description: system and service manager - SysV links + systemd is a system and service manager for Linux. It provides aggressive + parallelization capabilities, uses socket and D-Bus activation for starting + services, offers on-demand starting of daemons, keeps track of processes using + Linux control groups, maintains mount and automount points and implements an + elaborate transactional dependency-based service control logic. + . + systemd is compatible with SysV and LSB init scripts and can work as a + drop-in replacement for sysvinit. + . + This package provides the manual pages and links needed for systemd + to replace sysvinit. Installing systemd-sysv will overwrite /sbin/init with a + link to systemd. + +Package: systemd-container +Build-Profiles: <!stage1> +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd, + dbus +Recommends: libnss-mymachines, +Description: systemd container/nspawn tools + This package provides systemd's tools for nspawn and container/VM management: + * systemd-nspawn + * systemd-machined and machinectl + * systemd-importd + * systemd-portabled and portablectl + +Package: systemd-journal-remote +Build-Profiles: <!stage1> +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd, + adduser +Breaks: systemd (<< 239-6) +Replaces: systemd (<< 239-6) +Description: tools for sending and receiving remote journal logs + This package provides tools for sending and receiving remote journal logs: + * systemd-journal-remote + * systemd-journal-upload + * systemd-journal-gatewayd + +Package: systemd-coredump +Build-Profiles: <!stage1> +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + adduser, + systemd +Conflicts: core-dump-handler +Replaces: core-dump-handler +Provides: core-dump-handler +Description: tools for storing and retrieving coredumps + This package provides systemd tools for storing and retrieving coredumps: + * systemd-coredump + * coredumpctl + +Package: systemd-timesyncd +Architecture: linux-any +Multi-Arch: foreign +Section: admin +Priority: standard +Depends: ${shlibs:Depends}, + ${misc:Depends}, + adduser, + systemd +Breaks: systemd (<< 245.4-2~), +Conflicts: time-daemon +Replaces: time-daemon, + systemd (<< 245.4-2~), +Provides: time-daemon +Description: minimalistic service to synchronize local time with NTP servers + The package contains the systemd-timesyncd system service that may be used to + synchronize the local system clock with a remote Network Time Protocol server. + +Package: systemd-tests +Architecture: linux-any +Section: admin +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), + python3, +Build-Profiles: <!noinsttest> +Description: tests for systemd + This package contains the test binaries. Those binaries are primarily used + for autopkgtest and not meant to be installed on regular user systems. + +Package: libpam-systemd +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: standard +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), + libpam-runtime (>= 1.0.1-6), + dbus, + systemd-sysv +Provides: logind (= ${binary:Version}), default-logind (= ${binary:Version}) +Description: system and service manager - PAM module + This package contains the PAM module which registers user sessions in + the systemd control group hierarchy for logind. + . + If in doubt, do install this package. + . + Packages that depend on logind functionality need to depend on libpam-systemd. + +Package: libnss-myhostname +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, +Description: nss module providing fallback resolution for the current hostname + This package contains a plugin for the Name Service Switch, providing host + name resolution for the locally configured system hostname as returned by + gethostname(2). It returns all locally configured public IP addresses or -- if + none are configured, the IPv4 address 127.0.1.1 (which is on the local + loopback) and the IPv6 address ::1 (which is the local host). + . + A lot of software relies on that the local host name is resolvable. This + package provides an alternative to the fragile and error-prone manual editing + of /etc/hosts. + . + Installing this package automatically adds myhostname to /etc/nsswitch.conf. + +Package: libnss-mymachines +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd-container (= ${binary:Version}), +Description: nss module to resolve hostnames for local container instances + nss-mymachines is a plugin for the GNU Name Service Switch (NSS) functionality + of the GNU C Library (glibc) providing hostname resolution for local containers + that are registered with systemd-machined.service(8). The container names are + resolved to IP addresses of the specific container, ordered by their scope. + . + Installing this package automatically adds mymachines to /etc/nsswitch.conf. + +Package: libnss-resolve +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: optional +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), +Description: nss module to resolve names via systemd-resolved + nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality + of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via + the systemd-resolved daemon (provided in the systemd package). + . + Installing this package automatically adds resolve to /etc/nsswitch.conf. + +Package: libnss-systemd +Architecture: linux-any +Multi-Arch: same +Section: admin +Priority: standard +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + systemd (= ${binary:Version}), +Description: nss module providing dynamic user and group name resolution + nss-systemd is a plug-in module for the GNU Name Service Switch (NSS) + functionality of the GNU C Library (glibc), providing UNIX user and group name + resolution for dynamic users and groups allocated through the DynamicUser= + option in systemd unit files. See systemd.exec(5) for details on this + option. + . + Installing this package automatically adds the module to /etc/nsswitch.conf. + +Package: libsystemd0 +Architecture: linux-any +Multi-Arch: same +Section: libs +Priority: optional +Pre-Depends: ${shlibs:Depends}, + ${misc:Pre-Depends} +Depends: ${misc:Depends} +Description: systemd utility library + The libsystemd0 library provides interfaces to various systemd components. + +Package: libsystemd-dev +Architecture: linux-any +Multi-Arch: same +Section: libdevel +Priority: optional +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libsystemd0 (= ${binary:Version}) +Description: systemd utility library - development files + The libsystemd0 library provides interfaces to various systemd components. + . + This package contains the development files. + +Package: udev +Section: admin +Priority: important +Architecture: linux-any +Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + adduser, + dpkg (>= 1.19.3) | systemd-sysv, + libudev1 (= ${binary:Version}), + util-linux (>= 2.27.1), + s390-tools (>> 1.6.2) [s390], +Conflicts: hal +Breaks: systemd (<< 233-4), +Replaces: systemd (<< 233-4) +Description: /dev/ and hotplug management daemon + udev is a daemon which dynamically creates and removes device nodes from + /dev/, handles hotplug events and loads drivers at boot time. + +Package: libudev1 +Section: libs +Priority: optional +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: libudev shared library + This library provides access to udev device information. + +Package: libudev-dev +Section: libdevel +Priority: optional +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libudev1 (= ${binary:Version}) +Description: libudev development files + This package contains the files needed for developing applications that + use libudev. + +Package: udev-udeb +Build-Profiles: <!noudeb> +Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: linux-any +Depends: ${shlibs:Depends}, + ${misc:Depends}, + util-linux-udeb +Description: /dev/ and hotplug management daemon + udev is a daemon which dynamically creates and removes device nodes from + /dev/, handles hotplug events and loads drivers at boot time. + . + This is a minimal version, only for use in the installation system. + +Package: libudev1-udeb +Build-Profiles: <!noudeb> +Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: linux-any +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: libudev shared library + This library provides access to udev device information. + . + This is a minimal version, only for use in the installation system. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..8dc9bd1 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,262 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: systemd +Upstream-Contact: systemd-devel@lists.freedesktop.org +Source: https://www.freedesktop.org/wiki/Software/systemd/ + +Files: * +Copyright: 2008-2015 Kay Sievers <kay@vrfy.org> + 2010-2015 Lennart Poettering + 2012-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> + 2013-2015 Tom Gundersen <teg@jklm.no> + 2013-2015 Daniel Mack + 2010-2015 Harald Hoyer + 2013-2015 David Herrmann + 2013, 2014 Thomas H.P. Andersen + 2013, 2014 Daniel Buch + 2014 Susant Sahani + 2009-2015 Intel Corporation + 2000, 2005 Red Hat, Inc. + 2009 Alan Jenkins <alan-jenkins@tuffmail.co.uk> + 2010 ProFUSION embedded systems + 2010 Maarten Lankhorst + 1995-2004 Miquel van Smoorenburg + 1999 Tom Tromey + 2011 Michal Schmidt + 2012 B. Poettering + 2012 Holger Hans Peter Freyther + 2012 Dan Walsh + 2012 Roberto Sassu + 2013 David Strauss + 2013 Marius Vollmer + 2013 Jan Janssen + 2013 Simon Peeters +License: LGPL-2.1+ + +Files: src/basic/siphash24.h + src/basic/siphash24.c +Copyright: 2012 Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> + 2012 Daniel J. Bernstein <djb@cr.yp.to> +License: CC0-1.0 + +Files: src/basic/ioprio.h +Copyright: Jens Axboe <axboe@suse.de> +License: GPL-2 + +Files: src/shared/linux/* + src/basic/linux/* +Copyright: 2004-2009 Red Hat, Inc. + 2011-2014 PLUMgrid + 2001-2003 Sistina Software (UK) Limited. + 2008 Ian Kent <raven@themaw.net> + 1998 David S. Miller >davem@redhat.com> + 2001 Jeff Garzik <jgarzik@pobox.com> + 2006-2010 Johannes Berg <johannes@sipsolutions.net + 2008 Michael Wu <flamingice@sourmilk.net> + 2008 Luis Carlos Cobo <luisca@cozybit.com> + 2008 Michael Buesch <m@bues.ch> + 2008, 2009 Luis R. Rodriguez <lrodriguez@atheros.com> + 2008 Jouni Malinen <jouni.malinen@atheros.com> + 2008 Colin McCabe <colin@cozybit.com> + 2018-2019 Intel Corporation + 2007 Oracle. + 2009 Wolfgang Grandegger <wg@grandegger.com> + 1999 Thomas Davis <tadavis@lbl.gov> + 2015 Sabrina Dubroca <sd@queasysnail.net> + 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com> + 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com> +License: GPL-2 with Linux-syscall-note exception + +Files: src/basic/sparse-endian.h +Copyright: 2012 Josh Triplett <josh@joshtriplett.org> +License: Expat + +Files: src/journal/lookup3.c + src/journal/lookup3.h +Copyright: none +License: public-domain + You can use this free for any purpose. It's in the public domain. It has no + warranty. + +Files: src/udev/ata_id/ata_id.c + src/udev/cdrom_id/cdrom_id.c + src/udev/mtd_probe/mtd_probe.c + src/udev/mtd_probe/mtd_probe.h + src/udev/mtd_probe/probe_smartmedia.c + src/udev/scsi_id/scsi.h + src/udev/scsi_id/scsi_id.c + src/udev/scsi_id/scsi_id.h + src/udev/scsi_id/scsi_serial.c + src/udev/udevadm.c + src/udev/udevadm-control.c + src/udev/udevadm.h + src/udev/udevadm-info.c + src/udev/udevadm-monitor.c + src/udev/udevadm-settle.c + src/udev/udevadm-test-builtin.c + src/udev/udevadm-test.c + src/udev/udevadm-trigger.c + src/udev/udevadm-util.c + src/udev/udevadm-util.h + src/udev/udev-builtin-blkid.c + src/udev/udev-builtin.h + src/udev/udev-builtin-input_id.c + src/udev/udev-builtin-kmod.c + src/udev/udev-builtin-path_id.c + src/udev/udev-builtin-uaccess.c + src/udev/udev-builtin-usb_id.c + src/udev/udev-ctrl.h + src/udev/udevd.c + src/udev/udev-event.c + src/udev/udev-event.h + src/udev/udev-node.c + src/udev/udev-node.h + src/udev/udev-rules.c + src/udev/udev-rules.h + src/udev/udev-watch.c + src/udev/udev-watch.h + src/udev/v4l_id/v4l_id.c +Copyright: 2003-2012 Kay Sievers <kay@vrfy.org> + 2003-2004 Greg Kroah-Hartman <greg@kroah.com> + 2004 Chris Friesen <chris_friesen@sympatico.ca> + 2004, 2009, 2010 David Zeuthen <david@fubar.dk> + 2005, 2006 SUSE Linux Products GmbH + 2003 IBM Corp. + 2007 Hannes Reinecke <hare@suse.de> + 2009 Canonical Ltd. + 2009 Scott James Remnant <scott@netsplit.com> + 2009 Martin Pitt <martin.pitt@ubuntu.com> + 2009 Piter Punk <piterpunk@slackware.com> + 2009, 2010 Lennart Poettering + 2009 Filippo Argiolas <filippo.argiolas@gmail.com> + 2010 Maxim Levitsky + 2011 ProFUSION embedded systems + 2011 Karel Zak <kzak@redhat.com> + 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> + 2014 David Herrmann <dh.herrmann@gmail.com> + 2014 Carlos Garnacho <carlosg@gnome.org> +License: GPL-2+ + +Files: src/udev/scsi_id/* +Copyright: 2003 IBM Corp. +License: GPL-2+ + +Files: debian/* +Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org> + 2013-2018 Michael Biebl <biebl@debian.org> + 2013 Michael Stapelberg <stapelberg@debian.org> +License: LGPL-2.1+ + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to + deal in the Software without restriction, including without limitation the + rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + IN THE SOFTWARE. + +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian and systems the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2` + +License: GPL-2 with Linux-syscall-note exception + NOTE! This copyright does *not* cover user programs that use kernel services + by normal system calls - this is merely considered normal use of the kernel, + and does *not* fall under the heading of "derived work". Also note that the + GPL below is copyrighted by the Free Software Foundation, but the instance of + code that it refers to (the Linux kernel) is copyrighted by me and others who + actually wrote it. + . + Also note that the only valid version of the GPL as far as the kernel is + concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x + or whatever), unless explicitly otherwise stated. + . + Linus Torvalds + . + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian and systems the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2` + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in ‘/usr/share/common-licenses/GPL-2’. + +License: LGPL-2.1+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1, or (at your option) + any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in ‘/usr/share/common-licenses/LGPL-2.1’. + +License: CC0-1.0 + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + . + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. + . + On Debian systems, the complete text of the CC0 1.0 Universal license can be + found in ‘/usr/share/common-licenses/CC0-1.0’. diff --git a/debian/extra/checkout-upstream b/debian/extra/checkout-upstream new file mode 100755 index 0000000..2cf9409 --- /dev/null +++ b/debian/extra/checkout-upstream @@ -0,0 +1,132 @@ +#!/bin/sh +# Prepare systemd source package in current directory for testing an upstream +# commit, branch, or PR, without Debian patches. This replaces everything +# except the debian/ directory with an upstream checkout. +# NEVER run this in your actual packaging work directory! This is only meant +# for upstream CI. +# +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +set -eu +test -x debian/rules +if [ -z "${TEST_UPSTREAM:-}" ]; then + echo "Not in upstream testing mode. Do *not* run this script unless you know what you are doing." >&2 + exit 1 +fi +if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then + FETCH="git fetch -fu origin refs/pull/$UPSTREAM_PULL_REQUEST/head:pr" + CO='git checkout pr' + DESC="PR #$UPSTREAM_PULL_REQUEST" +elif [ -n "${UPSTREAM_HEAD:-}" ]; then + FETCH='' + CO="git checkout $UPSTREAM_HEAD" + DESC="$UPSTREAM_HEAD" +else + echo "WARNING: $0: Neither UPSTREAM_PULL_REQUEST nor UPSTREAM_HEAD set, ignoring" >&2 + exit 0 +fi + +DUMMY_USER_NAME="Merge dummy user" +DUMMY_USER_EMAIL="invalid@example.com" + +UPSTREAM_REPO="${UPSTREAM_REPO:-https://github.com/systemd/systemd.git}" +BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) + +# Use git, if in a git repo +if [ -d .git ]; then + # make sure user.name/user.email are set, git commit wants them + git config --get user.name || git config user.name "$DUMMY_USER_NAME" + git config --get user.email || git config user.email "$DUMMY_USER_EMAIL" +fi + +if [ -n "${KEEP_DEBIAN_PATCHES:-}" ]; then + # set up pq branch if it does not exist + if [ "$BRANCH_NAME" = HEAD ]; then + echo "ERROR: $0 must be started from a branch when using KEEP_DEBIAN_PATCHES" >&2 + exit 1 + fi + gbp pq import 2> /dev/null && gbp pq switch || true + if ! git branch --contains "$BRANCH_NAME" | grep -q patch-queue/"$BRANCH_NAME"; then + echo "ERROR: patch-queue/$BRANCH_NAME exists but it is not rebased, please rebase it." >&2 + exit 1 + fi +fi + +# switch to native instead of quilt +echo '3.0 (native)' > debian/source/format + +# drop our patches +rm -rf debian/patches + +# disable tests which are not for upstream +[ -n "${KEEP_DEBIAN_TESTS:-}" ] || sed -i '/# NOUPSTREAM/ q' debian/tests/control + +# create new git commit with debian/ changes +if [ -d .git -a -n "$(git status --short debian)" ]; then + git add debian + git commit -n -m "checkout-upstream: edit debian/ files for upstream testing" +fi + +######## +# Everything below this changes only code outside debian/ +# besides temporary use of debian/tmp/ +# and the update to debian/changelog +######## + +mkdir -p debian/tmp +(cd debian/tmp + git clone "${UPSTREAM_REPO}" upstream || (rm -rf upstream; sleep 60; git clone "${UPSTREAM_REPO}" upstream) + cd upstream + $FETCH + $CO + git config user.email "$DUMMY_USER_EMAIL" + git config user.name "$DUMMY_USER_NAME" + if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then + git rebase master + fi + git submodule update --init --recursive) +UPSTREAM_VER=$(cd debian/tmp/upstream; git describe | sed 's/^v//;s/-/./g') + +# clean out original upstream sources +find -mindepth 1 -maxdepth 1 -name debian -o -name .git -prune -o -print0 | xargs -0n1 rm -rf + +# replace with checkout +mv debian/tmp/upstream/* . +rm -rf debian/tmp + +# create new git commit with upstream code +if [ -d .git -a -n "$(git status --short)" ] ; then + git add . + git commit -n -m "checkout-upstream: replace with upstream code at version ${UPSTREAM_VER}" +fi + +# import Debian patches which apply cleanly +if [ -n "${KEEP_DEBIAN_PATCHES:-}" ]; then + for c in $(git log "$BRANCH_NAME"..patch-queue/"$BRANCH_NAME" --format='%H' --reverse); do + if ! git cherry-pick $c; then + git cherry-pick --abort + git reset --hard + git clean -dxf + fi + done +fi + +if [ -z "${UPSTREAM_KEEP_CHANGELOG:-}" ] ; then + # craft changelog + cat << EOF > debian/changelog.new +systemd (${UPSTREAM_VER}.0) UNRELEASED; urgency=low + + * Automatic build from upstream $DESC + + -- systemd test <pkg-systemd-maintainers@lists.alioth.debian.org> $(date -R) + +EOF + cat debian/changelog >> debian/changelog.new + mv debian/changelog.new debian/changelog + + # create new git commit with changelog entry + if [ -d .git ] ; then + git add debian + git commit -n -m "checkout-upstream: update changelog to version ${UPSTREAM_VER}.0" + fi +fi diff --git a/debian/extra/dhclient-exit-hooks.d/timesyncd b/debian/extra/dhclient-exit-hooks.d/timesyncd new file mode 100644 index 0000000..bb98cab --- /dev/null +++ b/debian/extra/dhclient-exit-hooks.d/timesyncd @@ -0,0 +1,52 @@ +TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf + +timesyncd_servers_setup_remove() { + if [ ! -d /run/systemd/system ]; then + return + fi + if [ ! -x /lib/systemd/systemd-timesyncd ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ]; then + rm -f $TIMESYNCD_CONF + systemctl try-restart systemd-timesyncd.service || true + fi +} + +timesyncd_servers_setup_add() { + if [ ! -d /run/systemd/system ]; then + return + fi + if [ ! -x /lib/systemd/systemd-timesyncd ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then + return + fi + + if [ -z "$new_ntp_servers" ]; then + timesyncd_servers_setup_remove + return + fi + + mkdir -p $(dirname $TIMESYNCD_CONF) + cat <<EOF > ${TIMESYNCD_CONF}.new +# NTP server entries received from DHCP server +[Time] +NTP=$new_ntp_servers +EOF + mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF} + systemctl try-restart systemd-timesyncd.service || true +} + + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + timesyncd_servers_setup_add + ;; + EXPIRE|FAIL|RELEASE|STOP) + timesyncd_servers_setup_remove + ;; +esac diff --git a/debian/extra/fbdev-blacklist.conf b/debian/extra/fbdev-blacklist.conf new file mode 100644 index 0000000..00a9170 --- /dev/null +++ b/debian/extra/fbdev-blacklist.conf @@ -0,0 +1,20 @@ +# This file blacklists most old-style PCI framebuffer drivers. + +blacklist arkfb +blacklist aty128fb +blacklist atyfb +blacklist radeonfb +blacklist cirrusfb +blacklist cyber2000fb +blacklist kyrofb +blacklist matroxfb_base +blacklist mb862xxfb +blacklist neofb +blacklist pm2fb +blacklist pm3fb +blacklist s3fb +blacklist savagefb +blacklist sisfb +blacklist tdfxfb +blacklist tridentfb +blacklist vt8623fb diff --git a/debian/extra/init-functions.d/40-systemd b/debian/extra/init-functions.d/40-systemd new file mode 100644 index 0000000..d1dc03e --- /dev/null +++ b/debian/extra/init-functions.d/40-systemd @@ -0,0 +1,101 @@ +# -*-Shell-script-*- +# /lib/lsb/init-functions + +_use_systemctl=0 +if [ -d /run/systemd/system ]; then + + if [ -n "${__init_d_script_name:-}" ]; then # scripts run with new init-d-script + executable="$__init_d_script_name" + argument="$1" + elif [ "${0##*/}" = "init-d-script" ] || + [ "${0##*/}" = "${1:-}" ]; then # scripts run with old init-d-script + executable="$1" + argument="$2" + else # plain old scripts + executable="$0" + argument="${1:-}" + fi + + prog=${executable##*/} + service="${prog%.sh}.service" + + # Don't try to run masked services. systemctl <= 230 always succeeds here, + # but later systemctls fail on nonexisting units; be compatible with both + state=$(systemctl -p LoadState --value show $service 2>/dev/null) || state="not-found" + [ "$state" = "masked" ] && exit 0 + + # Redirect SysV init scripts when executed by the user + if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then + case $(readlink -f "$executable") in + /etc/init.d/*) + # If the state is not-found, this might be a newly installed SysV init + # script where systemd-sysv-generator has not been run yet. + [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload + + _use_systemctl=1 + # Some services can't reload through the .service file, + # but can through the init script. + if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then + _use_systemctl=0 + fi + ;; + esac + fi +fi + +systemctl_redirect () { + local s + local rc + local prog=${1##*/} + local command=$2 + + case "$command" in + start) + s="Starting $prog (via systemctl)" + ;; + stop) + s="Stopping $prog (via systemctl)" + ;; + reload|force-reload) + s="Reloading $prog configuration (via systemctl)" + ;; + try-restart) + s="Restarting $prog if running (via systemctl)" + ;; + restart) + s="Restarting $prog (via systemctl)" + ;; + esac + + service="${prog%.sh}.service" + + # avoid deadlocks during bootup and shutdown from units/hooks + # which call "invoke-rc.d service reload" and similar, since + # the synchronous wait plus systemd's normal behaviour of + # transactionally processing all dependencies first easily + # causes dependency loops + if ! systemctl --quiet is-system-running && [ "$command" = "reload" ]; then + sctl_args="--no-block" + fi + + [ "$command" = status ] || log_daemon_msg "$s" "$service" + systemctl --no-pager $sctl_args $command "$service" + rc=$? + [ "$command" = status ] || log_end_msg $rc + + return $rc +} + +if [ "$_use_systemctl" = "1" ]; then + # Some init scripts use "set -e" and "set -u", we don't want that + # here + set +e + set +u + + case "$argument" in + start|stop|restart|reload|force-reload|try-restart|status) + systemctl_redirect $executable $argument + exit $? + ;; + esac +fi diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev new file mode 100755 index 0000000..d7f26c4 --- /dev/null +++ b/debian/extra/initramfs-tools/hooks/udev @@ -0,0 +1,55 @@ +#!/bin/sh -e + +PREREQS="" + +prereqs() { echo "$PREREQS"; } + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. /usr/share/initramfs-tools/hook-functions + +mkdir -p "$DESTDIR/lib/systemd" +copy_exec /lib/systemd/systemd-udevd /lib/systemd +copy_exec /bin/udevadm /bin + +mkdir -p "$DESTDIR/etc/udev" +cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/" + +# copy .link files containing interface naming definitions +mkdir -p "$DESTDIR/lib/systemd/network/" +find -L /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + +if [ -d /etc/systemd/network ]; then + find -L /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + +fi + +mkdir -p "$DESTDIR/lib/udev/rules.d/" +for rules in 50-firmware.rules 50-udev-default.rules \ + 60-block.rules 60-persistent-storage.rules \ + 61-persistent-storage-android.rules 71-seat.rules \ + 73-special-net-names.rules 75-net-description.rules \ + 80-net-setup-link.rules 80-drivers.rules; do + if [ -e /etc/udev/rules.d/$rules ]; then + cp -p /etc/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/" + elif [ -e /lib/udev/rules.d/$rules ]; then + cp -p /lib/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/" + fi +done + +# now copy all custom udev rules which don't have an equivalent in /lib (e. g. +# 70-persistent-net.rules or similar); They might contain network names or +# other bits which are relevant for the initramfs. +for rules in /etc/udev/rules.d/*.rules; do + if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then + cp -p "$rules" "$DESTDIR/lib/udev/rules.d/" + fi +done + +for program in ata_id scsi_id; do + copy_exec /lib/udev/$program /lib/udev +done +copy_exec /sbin/blkid /sbin diff --git a/debian/extra/initramfs-tools/scripts/init-bottom/udev b/debian/extra/initramfs-tools/scripts/init-bottom/udev new file mode 100755 index 0000000..73887ea --- /dev/null +++ b/debian/extra/initramfs-tools/scripts/init-bottom/udev @@ -0,0 +1,28 @@ +#!/bin/sh -e + +PREREQS="" + +prereqs() { echo "$PREREQS"; } + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +# Stop udevd, we'll miss a few events while we run init, but we catch up +udevadm control --exit + +# move the /dev tmpfs to the rootfs; fall back to util-linux mount that does +# not understand -o move +mount -n -o move /dev "${rootmnt:?}/dev" || mount -n --move /dev "${rootmnt}/dev" + +# create a temporary symlink to the final /dev for other initramfs scripts +if command -v nuke >/dev/null; then + nuke /dev +else + # shellcheck disable=SC2114 + rm -rf /dev +fi +ln -s "${rootmnt}/dev" /dev diff --git a/debian/extra/initramfs-tools/scripts/init-top/udev b/debian/extra/initramfs-tools/scripts/init-top/udev new file mode 100755 index 0000000..9bdfe86 --- /dev/null +++ b/debian/extra/initramfs-tools/scripts/init-top/udev @@ -0,0 +1,31 @@ +#!/bin/sh -e + +PREREQS="" + +prereqs() { echo "$PREREQS"; } + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper +fi + +if [ "${quiet:-n}" = "y" ]; then + log_level=notice +else + log_level=info +fi + +SYSTEMD_LOG_LEVEL=$log_level /lib/systemd/systemd-udevd --daemon --resolve-names=never + +udevadm trigger --type=subsystems --action=add +udevadm trigger --type=devices --action=add +udevadm settle || true + +# Leave udev running to process events that come in out-of-band (like USB +# connections) diff --git a/debian/extra/kernel-install.d/85-initrd.install b/debian/extra/kernel-install.d/85-initrd.install new file mode 100755 index 0000000..4f8b101 --- /dev/null +++ b/debian/extra/kernel-install.d/85-initrd.install @@ -0,0 +1,38 @@ +#!/bin/sh +set -eu +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" + +INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION" +INITRD_DEST="$BOOT_DIR_ABS/initrd" + +if [ "$COMMAND" = remove ]; then + exec rm -f "$INITRD_DEST" +fi + +if [ "$COMMAND" != add ]; then + echo "Invalid command $COMMAND" >&2 + exit 1 +fi + +if [ "$#" -ge 5 ]; then + # An explicit initrd path was passed, 90-loaderentry.install knows how to handle this; + # copying here would just duplicate the file, since the basename is very likely different + exit 0 +fi + +if [ -e "$INITRD_SRC" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing '$INITRD_SRC' as '$INITRD_DEST'" + install -m 0644 -o root -g root "$INITRD_SRC" "$INITRD_DEST" || { + echo "Could not copy '$INITRD_SRC' to '$INITRD_DEST'." >&2 + exit 1 + } +else + echo "$INITRD_SRC does not exist, not installing an initrd" +fi + +exit 0 diff --git a/debian/extra/make-fbdev-blacklist b/debian/extra/make-fbdev-blacklist new file mode 100644 index 0000000..decdbbd --- /dev/null +++ b/debian/extra/make-fbdev-blacklist @@ -0,0 +1,47 @@ +#!/bin/sh +# This script should be run before building the package every time a new +# kernel is released. +# +# You should pass the name of the modules directory for a 486 flavour +# kernel, as that has the most framebuffer modules. +# +# Also, obsolete modules should not be removed from the list until after +# at least one stable release. + +set -e + +if [ $# = 0 ]; then + MODULES_DIR=/lib/modules/$(uname -r) +else + MODULES_DIR="$1" +fi + +BL='fbdev-blacklist.conf' + +if [ -e extra/$BL ]; then cd extra; fi + +{ +printf "# This file blacklists most old-style PCI framebuffer drivers.\n\n" + +find "$MODULES_DIR"/kernel/drivers/video -type f | sort | \ +while read file; do + name="$(basename $file .ko)" + case $name in + lxfb) + # This is needed for text consoles on OLPC XO-1, and it used to be + # built-in anyway. + ;; + viafb) ;; # Needed by OLPC XO-1.5 + *) + /sbin/modinfo $file | grep -q '^alias: *pci:' \ + && echo blacklist $name || true + ;; + esac +done +} > $BL.tmp + +if diff --unified=0 $BL $BL.tmp; then + rm $BL.tmp +else + printf "\n\n\n$BL.tmp has changes!\n\n\n\n" +fi diff --git a/debian/extra/make-sysusers-basic b/debian/extra/make-sysusers-basic new file mode 100755 index 0000000..8ff1b15 --- /dev/null +++ b/debian/extra/make-sysusers-basic @@ -0,0 +1,18 @@ +#!/bin/sh +# generate a sysusers.d(5) file from Debian's static master passwd/group files +set -eu + +echo '# generated from /usr/share/base-passwd/{passwd,group}.master' + +# only take groups whose name+gid != the corresponding user in passwd.master +export IFS=: +while read name _ id _; do + if ! grep -q "^$name:\*:$id:$id:" /usr/share/base-passwd/passwd.master; then + printf "g %-10s %-5s -\n" $name $id + fi +done < /usr/share/base-passwd/group.master + +echo + +# treat "nobody:nogroup" specially: same ID, but different name, so prevent creating a "nobody" group +awk -F: '{ i = ($3 == $4 && $4 != 65534) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master diff --git a/debian/extra/network/73-usb-net-by-mac.link b/debian/extra/network/73-usb-net-by-mac.link new file mode 100644 index 0000000..98800cd --- /dev/null +++ b/debian/extra/network/73-usb-net-by-mac.link @@ -0,0 +1,5 @@ +[Match] +Path=*-usb-* + +[Link] +NamePolicy=mac diff --git a/debian/extra/pam-configs/systemd b/debian/extra/pam-configs/systemd new file mode 100644 index 0000000..5b56996 --- /dev/null +++ b/debian/extra/pam-configs/systemd @@ -0,0 +1,7 @@ +Name: Register user sessions in the systemd control group hierarchy +Default: yes +Priority: 0 +Session-Interactive-Only: yes +Session-Type: Additional +Session: + optional pam_systemd.so diff --git a/debian/extra/pam.d/systemd-user b/debian/extra/pam.d/systemd-user new file mode 100644 index 0000000..65279f9 --- /dev/null +++ b/debian/extra/pam.d/systemd-user @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +@include common-account + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session required pam_limits.so +@include common-session-noninteractive +session optional pam_keyinit.so force revoke +session optional pam_systemd.so diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules new file mode 100644 index 0000000..7f2640b --- /dev/null +++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules @@ -0,0 +1,14 @@ +# On Hyper-V and Xen Virtual Machines we want to add memory and cpus as soon as they appear +ATTR{[dmi/id]sys_vendor}=="Microsoft Corporation", ATTR{[dmi/id]product_name}=="Virtual Machine", GOTO="vm_hotadd_apply" +ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply" +GOTO="vm_hotadd_end" + +LABEL="vm_hotadd_apply" + +# Memory hotadd request +SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}!="online", ATTR{state}="online" + +# CPU hotadd request +SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}!="1", ATTR{online}="1" + +LABEL="vm_hotadd_end" diff --git a/debian/extra/rules-ubuntu/61-persistent-storage-android.rules b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules new file mode 100644 index 0000000..369d5a6 --- /dev/null +++ b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules @@ -0,0 +1,6 @@ +# Android based kernel exports the uevent property PARTNAME, which can be +# used to find out at run time the named partitions (e.g. boot) for the +# device. This is specially useful for the Touch based images and flash-kernel, +# to automatically update the kernel by writing at the correct partition +# (independently of the hardware revision). +ACTION!="remove", KERNEL=="mmcblk[0-9]p[0-9]", ENV{PARTNAME}=="?*", SYMLINK+="disk/by-partlabel/$env{PARTNAME}" diff --git a/debian/extra/rules-ubuntu/71-power-switch-proliant.rules b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules new file mode 100644 index 0000000..022baeb --- /dev/null +++ b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules @@ -0,0 +1,2 @@ +ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.6|soc:gpio_keys", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m400 Server Cartridge", TAG+="power-switch" +ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.12", ATTRS{keys}=="116", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m800 Server Cartridge", TAG+="power-switch" diff --git a/debian/extra/rules-ubuntu/78-graphics-card.rules b/debian/extra/rules-ubuntu/78-graphics-card.rules new file mode 100644 index 0000000..b3b906c --- /dev/null +++ b/debian/extra/rules-ubuntu/78-graphics-card.rules @@ -0,0 +1,30 @@ +# do not edit this file, it will be overwritten on update + +ACTION!="add", GOTO="graphics_end" + +# Tag the drm device for KMS-supporting drivers as the primary device for +# the display; for non-KMS drivers tag the framebuffer device instead. + +SUBSYSTEM!="drm", GOTO="drm_end" +KERNEL!="card[0-9]*", GOTO="drm_end" +ENV{DEVTYPE}!="drm_minor", GOTO="drm_end" + +DRIVERS=="i915", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" +DRIVERS=="radeon", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" +DRIVERS=="nouveau", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" +DRIVERS=="vmwgfx", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" + +LABEL="drm_end" + +SUBSYSTEM!="graphics", GOTO="graphics_end" + +DRIVERS=="i915", GOTO="graphics_end" +DRIVERS=="radeon", GOTO="graphics_end" +DRIVERS=="nouveau", GOTO="graphics_end" +DRIVERS=="efifb", GOTO="graphics_end" +DRIVERS=="efi-framebuffer", GOTO="graphics_end" +DRIVERS=="vesa-framebuffer", GOTO="graphics_end" + +KERNEL=="fb[0-9]*", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1" + +LABEL="graphics_end" diff --git a/debian/extra/rules/50-firmware.rules b/debian/extra/rules/50-firmware.rules new file mode 100644 index 0000000..f7a08ce --- /dev/null +++ b/debian/extra/rules/50-firmware.rules @@ -0,0 +1,3 @@ +# stub for immediately telling the kernel that userspace firmware loading +# failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y +SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1" diff --git a/debian/extra/rules/73-special-net-names.rules b/debian/extra/rules/73-special-net-names.rules new file mode 100644 index 0000000..3b145ed --- /dev/null +++ b/debian/extra/rules/73-special-net-names.rules @@ -0,0 +1,14 @@ +# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC +# which terminates in the iDRAC. Help identify this with 'idrac' +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" + +# On IBM systems the Integrated Management Module is reachable using a +# # USB Virtual NIC. +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", \ + ATTRS{idVendor}=="04b3", ATTRS{idProduct}=="0325", NAME="ibmimm" + +# ibmveth devices' $DEVPATH number is tied to (virtual) hardware (slot id +# selected in the HMC), thus this provides a reliable naming (e. g. +# "/devices/vio/30000002/net/eth1"); we ignore the bus number, as +# there should only ever be one bus, and then remove leading zeros +ACTION=="add", SUBSYSTEM=="net", NAME=="", DRIVERS=="ibmveth", PROGRAM="/bin/sh -ec 'D=$${DEVPATH#*/vio/}; D=$${D%%%%/*}; D=$${D#????}; D=$${D#0}; D=$${D#0}; D=$${D#0}; D=$${D#0}; echo $${D:-0}'", NAME="ibmveth$result" diff --git a/debian/extra/rules/80-debian-compat.rules b/debian/extra/rules/80-debian-compat.rules new file mode 100644 index 0000000..fb8477f --- /dev/null +++ b/debian/extra/rules/80-debian-compat.rules @@ -0,0 +1,30 @@ +# Debian specific udev rules for backwards compatibility + +# needed for old tape drivers, http://bugs.debian.org/657948 +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg" + +# device permissions +KERNEL=="mISDNtimer", GROUP="dialout" +KERNEL=="mwave", GROUP="dialout" +KERNEL=="nvram", GROUP="kmem", MODE="0640" +KERNEL=="pktcdvd", GROUP="cdrom", MODE="0644" +KERNEL=="lirc[0-9]*", GROUP="video" +KERNEL=="legousbtower*", MODE="0666" +KERNEL=="sonypi", MODE="0666" +KERNEL=="mmtimer", MODE="0644" +KERNEL=="sgi_*", MODE="0666" +KERNEL=="z90crypt", MODE="0666" + +# These rules will create symlinks for CD/DVD drives, to help old +# programs which are unable to automatically discover the devices. +# The first detected device gets the symlink, but this is not stable across +# reboots. +ENV{ID_CDROM_CD_RW}=="?*", \ + PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.cdrw 2>/dev/null; [ `readlink /run/udev/link.cdrw` = %k ]", \ + SYMLINK+="cdrw", OPTIONS+="link_priority=-100" +ENV{ID_CDROM_DVD}=="?*", \ + PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvd 2>/dev/null; [ `readlink /run/udev/link.dvd` = %k ]", \ + SYMLINK+="dvd", OPTIONS+="link_priority=-100" +ENV{ID_CDROM_DVD_RW}=="?*", \ + PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvdrw 2>/dev/null; [ `readlink /run/udev/link.dvdrw` = %k ]", \ + SYMLINK+="dvdrw", OPTIONS+="link_priority=-100" diff --git a/debian/extra/start-udev b/debian/extra/start-udev new file mode 100755 index 0000000..0a8b284 --- /dev/null +++ b/debian/extra/start-udev @@ -0,0 +1,23 @@ +#!/bin/sh -e + +if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper +fi + +if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then + mount -n -o mode=0755 -t devtmpfs devtmpfs /dev + # Setup a few /dev symlinks, see #975018 + [ ! -h /dev/fd ] && ln -s /proc/self/fd /dev/fd + [ ! -h /dev/stdin ] && ln -s /proc/self/fd/0 /dev/stdin + [ ! -h /dev/stdout ] && ln -s /proc/self/fd/1 /dev/stdout + [ ! -h /dev/stderr ] && ln -s /proc/self/fd/2 /dev/stderr +fi + +SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never + +udevadm trigger --action=add + +mkdir -p /dev/pts +mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts + +udevadm settle || true diff --git a/debian/extra/systemd-sysv-install b/debian/extra/systemd-sysv-install new file mode 100755 index 0000000..7e90dc2 --- /dev/null +++ b/debian/extra/systemd-sysv-install @@ -0,0 +1,56 @@ +#!/bin/sh +# This script is called by "systemctl enable/disable" when the given unit is a +# SysV init.d script. It needs to call the distribution's mechanism for +# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This +# can optionally take a --root argument for enabling a SysV init script +# in a chroot or similar. +set -eu + +usage() { + echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2 + exit 1 +} + +ROOT= + +# parse options +eval set -- "$(getopt -o r: --long root: -- "$@")" +while true; do + case "$1" in + -r|--root) + ROOT="$2" + shift 2 ;; + --) shift ; break ;; + *) usage ;; + esac +done + +NAME="${2:-}" + +run() { + if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then + _SKIP_SYSTEMD_NATIVE=1 chroot "$ROOT" /usr/sbin/update-rc.d "$@" + else + _SKIP_SYSTEMD_NATIVE=1 /usr/sbin/update-rc.d "$@" + fi +} + +[ -n "$NAME" ] || usage + +case "$1" in + enable) + # call the command to enable SysV init script $NAME here.. + run "$NAME" defaults + run "$NAME" enable + ;; + disable) + run "$NAME" defaults + run "$NAME" disable + ;; + is-enabled) + # exit with 0 if $NAME is enabled, non-zero if it is disabled + ls "$ROOT"/etc/rc[S5].d/S??"$NAME" >/dev/null 2>&1 + ;; + *) + usage ;; +esac diff --git a/debian/extra/systemd.py b/debian/extra/systemd.py new file mode 100644 index 0000000..d79e0eb --- /dev/null +++ b/debian/extra/systemd.py @@ -0,0 +1,28 @@ +'''apport package hook for systemd + +(c) 2014 Canonical Ltd. +Author: Martin Pitt <martin.pitt@ubuntu.com> +''' + +import os.path +import apport.hookutils + +def add_info(report): + apport.hookutils.attach_hardware(report) + + report['SystemdDelta'] = apport.hookutils.command_output(['systemd-delta']) + + if not os.path.exists('/run/systemd/system'): + return + + # Add details about all failed units, if any + out = apport.hookutils.command_output(['systemctl', '--state=failed', '--full', + '--no-legend']).strip() + if out: + failed = '' + for line in out.splitlines(): + unit = line.split()[0] + if failed: + failed += '------\n' + failed += apport.hookutils.command_output(['systemctl', 'status', '--full', unit]) + report['SystemdFailedUnits'] = failed diff --git a/debian/extra/tmpfiles.d/debian.conf b/debian/extra/tmpfiles.d/debian.conf new file mode 100644 index 0000000..9061084 --- /dev/null +++ b/debian/extra/tmpfiles.d/debian.conf @@ -0,0 +1,14 @@ +# This file is part of the debianisation of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Type Path Mode UID GID Age Argument +L /run/shm - - - - /dev/shm +d /run/sendsigs.omit.d 0755 root root - + +L+ /etc/mtab - - - - ../proc/self/mounts diff --git a/debian/extra/udev.py b/debian/extra/udev.py new file mode 100644 index 0000000..d8bc76f --- /dev/null +++ b/debian/extra/udev.py @@ -0,0 +1,19 @@ +'''apport package hook for udev + +(c) 2009 Canonical Ltd. +Author: Martin Pitt <martin.pitt@ubuntu.com> +''' + +import os +import apport.hookutils + +def add_info(report): + apport.hookutils.attach_hardware(report) + + user_rules = [] + for f in os.listdir('/etc/udev/rules.d'): + if not f.startswith('70-persistent-') and f != 'README': + user_rules.append(f) + + if user_rules: + report['CustomUdevRuleFiles'] = ' '.join(user_rules) diff --git a/debian/extra/units-ubuntu/user@.service.d/timeout.conf b/debian/extra/units-ubuntu/user@.service.d/timeout.conf new file mode 100644 index 0000000..213eb65 --- /dev/null +++ b/debian/extra/units-ubuntu/user@.service.d/timeout.conf @@ -0,0 +1,4 @@ +# Avoid long hangs during shutdown if user services fail/hang due to X.org +# going away too early +[Service] +TimeoutStopSec=5 diff --git a/debian/extra/units/getty-static.service b/debian/extra/units/getty-static.service new file mode 100644 index 0000000..25c5c72 --- /dev/null +++ b/debian/extra/units/getty-static.service @@ -0,0 +1,10 @@ +[Unit] +Description=getty on tty2-tty6 if dbus and logind are not available +ConditionPathExists=/dev/tty0 +ConditionPathExists=!/usr/bin/dbus-daemon +ConditionPathExists=!/usr/bin/dbus-broker + +[Service] +Type=oneshot +ExecStart=systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service +RemainAfterExit=true diff --git a/debian/extra/units/rc-local.service.d/debian.conf b/debian/extra/units/rc-local.service.d/debian.conf new file mode 100644 index 0000000..ec77220 --- /dev/null +++ b/debian/extra/units/rc-local.service.d/debian.conf @@ -0,0 +1,10 @@ +[Unit] +# not specified by LSB, but has been behaving that way in Debian under SysV +# init and upstart +After=network-online.target + +# Often contains status messages which users expect to see on the console +# during boot +[Service] +StandardOutput=journal+console +StandardError=journal+console diff --git a/debian/extra/units/systemd-localed.service.d/locale-gen.conf b/debian/extra/units/systemd-localed.service.d/locale-gen.conf new file mode 100644 index 0000000..7c09403 --- /dev/null +++ b/debian/extra/units/systemd-localed.service.d/locale-gen.conf @@ -0,0 +1,5 @@ +[Service] +# systemd-localed may run locale-gen which writes to /etc as well as to +# /usr/lib/locale. This change softens the service hardening a bit so +# both of these paths are writable. +ReadWritePaths=/usr/lib/locale/ diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..a34c597 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,9 @@ +[DEFAULT] +pristine-tar = True +patch-numbers = False +debian-branch = debian/bullseye +upstream-branch = upstream/latest + +[dch] +full = True +multimaint-merge = True diff --git a/debian/git-cherry-pick b/debian/git-cherry-pick new file mode 100755 index 0000000..1fabd32 --- /dev/null +++ b/debian/git-cherry-pick @@ -0,0 +1,53 @@ +#!/bin/bash + +set -e + +if [ -z "$*" ] ; then + echo "Usage: $0 [commit [commit ..]]" + exit 1 +fi + + +curbranch=$(git rev-parse --abbrev-ref HEAD) + +# assert we got a branch +[ -n "$curbranch" ] + +if [ $curbranch = HEAD ] ; then + echo "You are not currently on a branch, cannot cherry-pick" + exit 1 +fi + +case $curbranch in + patch-queue/*) + debbranch=${curbranch/patch-queue\/} + pqbranch=$curbranch + ;; + *) + debbranch=$curbranch + pqbranch=patch-queue/$curbranch + ;; +esac + +commits=$(git rev-parse "$@") + +if git rev-parse $pqbranch &>/dev/null ; then + echo + echo "Will recreate patch-queue branch $pqbranch" + echo "It was pointing to" $(git rev-parse $pqbranch) + echo +fi + +gbp pq import --force + +echo "Cherry-picking the following commits:" +echo "$commits" + +picks=$(echo "$commits" | xargs echo exec git cherry-pick -x --no-edit --commit) + +# find the first debian commit +firstdebian=$(git log -i --grep "topic.*debian" --pretty=%h --reverse $debbranch..$pqbranch | head -1) + +sedexpr="/$firstdebian/i$picks" + +GIT_EDITOR="sed -i -e '$sedexpr'" git rebase --interactive --no-autosquash $debbranch diff --git a/debian/libnss-myhostname.install b/debian/libnss-myhostname.install new file mode 100644 index 0000000..758fe00 --- /dev/null +++ b/debian/libnss-myhostname.install @@ -0,0 +1,3 @@ +usr/lib/*/libnss_myhostname*.so.* +usr/share/man/man8/libnss_myhostname.so.2.8 +usr/share/man/man8/nss-myhostname.8 diff --git a/debian/libnss-myhostname.lintian-overrides b/debian/libnss-myhostname.lintian-overrides new file mode 100644 index 0000000..ff4d266 --- /dev/null +++ b/debian/libnss-myhostname.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-myhostname: package-name-doesnt-match-sonames diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst new file mode 100644 index 0000000..1ee0c99 --- /dev/null +++ b/debian/libnss-myhostname.postinst @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +# This code was taken from libnss-myhostname + +# try to insert myhostname entries to the "hosts" line in /etc/nsswitch.conf to +# automatically enable libnss-myhostname support; do not change the +# configuration if the "hosts" line already references some myhostname lookups +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the "hosts" line already references + # myhostname + if (grep { $_ eq "myhostname"} @bits) { + return $line; + } + # add myhostname at the end + return $line . " myhostname"; + } + s/^(hosts:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains myhostname entries) + insert_nss_entry +fi + +#DEBHELPER# diff --git a/debian/libnss-myhostname.postrm b/debian/libnss-myhostname.postrm new file mode 100644 index 0000000..90e3c38 --- /dev/null +++ b/debian/libnss-myhostname.postrm @@ -0,0 +1,29 @@ +#!/bin/sh + +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-myhostname myhostname +fi + +#DEBHELPER# diff --git a/debian/libnss-mymachines.install b/debian/libnss-mymachines.install new file mode 100644 index 0000000..1923505 --- /dev/null +++ b/debian/libnss-mymachines.install @@ -0,0 +1,3 @@ +usr/lib/*/libnss_mymachines*.so.* +usr/share/man/man8/libnss_mymachines.so.2.8 +usr/share/man/man8/nss-mymachines.8 diff --git a/debian/libnss-mymachines.lintian-overrides b/debian/libnss-mymachines.lintian-overrides new file mode 100644 index 0000000..c9661e8 --- /dev/null +++ b/debian/libnss-mymachines.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-mymachines: package-name-doesnt-match-sonames diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst new file mode 100644 index 0000000..165a80a --- /dev/null +++ b/debian/libnss-mymachines.postinst @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +# This code was taken from libnss-myhostname + +# try to insert mymachines entries to the "hosts" line in /etc/nsswitch.conf to +# automatically enable libnss-mymachines support; do not change the +# configuration if the "hosts" line already references some mymachines lookups +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the "hosts" line already references + # mymachines + if (grep { $_ eq "mymachines"} @bits) { + return $line; + } + # add mymachines at the end + return $line . " mymachines"; + } + s/^(hosts:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains mymachines entries) + insert_nss_entry +fi + +#DEBHELPER# diff --git a/debian/libnss-mymachines.postrm b/debian/libnss-mymachines.postrm new file mode 100644 index 0000000..c8fb09c --- /dev/null +++ b/debian/libnss-mymachines.postrm @@ -0,0 +1,29 @@ +#!/bin/sh + +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-mymachines mymachines +fi + +#DEBHELPER# diff --git a/debian/libnss-resolve.install b/debian/libnss-resolve.install new file mode 100644 index 0000000..871aac0 --- /dev/null +++ b/debian/libnss-resolve.install @@ -0,0 +1,3 @@ +usr/lib/*/libnss_resolve*.so.* +usr/share/man/man8/libnss_resolve.so.2.8 +usr/share/man/man8/nss-resolve.8 diff --git a/debian/libnss-resolve.lintian-overrides b/debian/libnss-resolve.lintian-overrides new file mode 100644 index 0000000..dfd9ec4 --- /dev/null +++ b/debian/libnss-resolve.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-resolve: package-name-doesnt-match-sonames diff --git a/debian/libnss-resolve.postinst b/debian/libnss-resolve.postinst new file mode 100644 index 0000000..382364e --- /dev/null +++ b/debian/libnss-resolve.postinst @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +# This code was taken from libnss-myhostname + +# try to insert resolve entries to the "hosts" line in /etc/nsswitch.conf to +# automatically enable libnss-resolve support; do not change the +# configuration if the "hosts" line already references some resolve lookups +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the "hosts" line already references + # resolve + if (grep { $_ eq "resolve"} @bits) { + return $line; + } + # add resolve before dns + return join " ", map { + $_ eq "dns" ? ("resolve [!UNAVAIL=return]", "$_") : $_ + } @bits; + } + s/^(hosts:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains resolve entries) + insert_nss_entry + # ... and enable resolved + systemctl enable systemd-resolved.service + if [ -d /run/systemd/system ]; then + deb-systemd-invoke start systemd-resolved.service || true + fi +fi + +#DEBHELPER# diff --git a/debian/libnss-resolve.postrm b/debian/libnss-resolve.postrm new file mode 100644 index 0000000..c951b86 --- /dev/null +++ b/debian/libnss-resolve.postrm @@ -0,0 +1,33 @@ +#!/bin/sh + +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve + systemctl disable systemd-resolved.service + if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop systemd-resolved.service || true + fi +fi + +#DEBHELPER# diff --git a/debian/libnss-systemd.install b/debian/libnss-systemd.install new file mode 100644 index 0000000..858f307 --- /dev/null +++ b/debian/libnss-systemd.install @@ -0,0 +1,3 @@ +usr/lib/*/libnss_systemd*.so.* +usr/share/man/man8/libnss_systemd* +usr/share/man/man8/nss-systemd* diff --git a/debian/libnss-systemd.lintian-overrides b/debian/libnss-systemd.lintian-overrides new file mode 100644 index 0000000..8e9c4cb --- /dev/null +++ b/debian/libnss-systemd.lintian-overrides @@ -0,0 +1,2 @@ +# package is a NSS module, not a system library +libnss-systemd: package-name-doesnt-match-sonames diff --git a/debian/libnss-systemd.postinst b/debian/libnss-systemd.postinst new file mode 100644 index 0000000..16040bc --- /dev/null +++ b/debian/libnss-systemd.postinst @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +# try to insert the systemd entry to the "passwd" and "group" lines in +# /etc/nsswitch.conf to automatically enable libnss-systemd support; do not +# change the configuration if the lines already contain "systemd" +insert_nss_entry() { + echo "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + my $line = shift; + # this also splits on tab + my @bits=split(" ", $line); + # do not break configuration if the line already references + # systemd + if (grep { $_ eq "systemd"} @bits) { + return $line; + } + # add systemd at the end + return $line . " systemd"; + } + s/^(passwd:\s+)(.*)/$1.insert($2)/e; + s/^(group:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected..." + # first install: setup the recommended configuration + insert_nss_entry +fi + +#DEBHELPER# diff --git a/debian/libnss-systemd.postrm b/debian/libnss-systemd.postrm new file mode 100644 index 0000000..ce8e954 --- /dev/null +++ b/debian/libnss-systemd.postrm @@ -0,0 +1,29 @@ +#!/bin/sh + +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + echo "Checking NSS setup..." + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + # we must remove possible [foo=bar] options as well + sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-systemd systemd +fi + +#DEBHELPER# diff --git a/debian/libpam-systemd.install b/debian/libpam-systemd.install new file mode 100644 index 0000000..df749da --- /dev/null +++ b/debian/libpam-systemd.install @@ -0,0 +1,3 @@ +lib/*/security/pam_systemd.so +usr/share/man/man8/pam_systemd.8 +../../extra/pam-configs usr/share/ diff --git a/debian/libpam-systemd.postinst b/debian/libpam-systemd.postinst new file mode 100644 index 0000000..7e37590 --- /dev/null +++ b/debian/libpam-systemd.postinst @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +pam-auth-update --package + +#DEBHELPER# diff --git a/debian/libpam-systemd.prerm b/debian/libpam-systemd.prerm new file mode 100644 index 0000000..15284c5 --- /dev/null +++ b/debian/libpam-systemd.prerm @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +# pam-auth-update --remove removes the named profile from the active config. +# It arguably should be called during deconfigure as well, but deconfigure +# can happen in some cases during a dist-upgrade and we don't want to +# deconfigure all PAM modules in the middle of a dist-upgrade by accident. +# +# More importantly, with the current implementation, --remove also removes +# all local preferences for the named config (such as whether it's enabled +# or disabled), which we don't want to do on deconfigure. +# +# This may need to change later as pam-auth-update evolves. + +if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then + pam-auth-update --package --remove systemd +fi + +#DEBHELPER# diff --git a/debian/libsystemd-dev.install b/debian/libsystemd-dev.install new file mode 100644 index 0000000..a170141 --- /dev/null +++ b/debian/libsystemd-dev.install @@ -0,0 +1,5 @@ +usr/lib/*/libsystemd.so +usr/lib/*/pkgconfig/libsystemd.pc +usr/include/systemd/ +usr/share/man/man3/sd* +usr/share/man/man3/SD* diff --git a/debian/libsystemd0.install b/debian/libsystemd0.install new file mode 100644 index 0000000..13c96e6 --- /dev/null +++ b/debian/libsystemd0.install @@ -0,0 +1 @@ +usr/lib/*/libsystemd.so.* diff --git a/debian/libsystemd0.symbols b/debian/libsystemd0.symbols new file mode 100644 index 0000000..fdd6ade --- /dev/null +++ b/debian/libsystemd0.symbols @@ -0,0 +1,607 @@ +libsystemd.so.0 libsystemd0 #MINVER# +* Build-Depends-Package: libsystemd-dev + LIBSYSTEMD_209@LIBSYSTEMD_209 0 + LIBSYSTEMD_211@LIBSYSTEMD_211 211 + LIBSYSTEMD_213@LIBSYSTEMD_213 213 + LIBSYSTEMD_214@LIBSYSTEMD_214 214 + LIBSYSTEMD_216@LIBSYSTEMD_216 217 + LIBSYSTEMD_217@LIBSYSTEMD_217 217 + LIBSYSTEMD_219@LIBSYSTEMD_219 219 + LIBSYSTEMD_220@LIBSYSTEMD_220 220 + LIBSYSTEMD_221@LIBSYSTEMD_221 221 + LIBSYSTEMD_222@LIBSYSTEMD_222 222 + LIBSYSTEMD_226@LIBSYSTEMD_226 226 + LIBSYSTEMD_227@LIBSYSTEMD_227 227 + LIBSYSTEMD_229@LIBSYSTEMD_229 229 + LIBSYSTEMD_230@LIBSYSTEMD_230 230 + LIBSYSTEMD_231@LIBSYSTEMD_231 231 + LIBSYSTEMD_232@LIBSYSTEMD_232 232 + LIBSYSTEMD_233@LIBSYSTEMD_233 233 + LIBSYSTEMD_234@LIBSYSTEMD_234 234 + LIBSYSTEMD_236@LIBSYSTEMD_236 236 + LIBSYSTEMD_237@LIBSYSTEMD_237 237 + LIBSYSTEMD_238@LIBSYSTEMD_238 238 + LIBSYSTEMD_239@LIBSYSTEMD_239 239 + LIBSYSTEMD_240@LIBSYSTEMD_240 240 + LIBSYSTEMD_241@LIBSYSTEMD_241 241 + LIBSYSTEMD_243@LIBSYSTEMD_243 243 + LIBSYSTEMD_245@LIBSYSTEMD_245 245 + LIBSYSTEMD_246@LIBSYSTEMD_246 246 + LIBSYSTEMD_247@LIBSYSTEMD_247 247 + sd_booted@LIBSYSTEMD_209 0 + sd_bus_add_fallback@LIBSYSTEMD_221 221 + sd_bus_add_fallback_vtable@LIBSYSTEMD_221 221 + sd_bus_add_filter@LIBSYSTEMD_221 221 + sd_bus_add_match@LIBSYSTEMD_221 221 + sd_bus_add_match_async@LIBSYSTEMD_237 237 + sd_bus_add_node_enumerator@LIBSYSTEMD_221 221 + sd_bus_add_object@LIBSYSTEMD_221 221 + sd_bus_add_object_manager@LIBSYSTEMD_221 221 + sd_bus_add_object_vtable@LIBSYSTEMD_221 221 + sd_bus_attach_event@LIBSYSTEMD_221 221 + sd_bus_call@LIBSYSTEMD_221 221 + sd_bus_call_async@LIBSYSTEMD_221 221 + sd_bus_call_method@LIBSYSTEMD_221 221 + sd_bus_call_method_async@LIBSYSTEMD_221 221 + sd_bus_call_method_asyncv@LIBSYSTEMD_246 246 + sd_bus_call_methodv@LIBSYSTEMD_246 246 + sd_bus_can_send@LIBSYSTEMD_221 221 + sd_bus_close@LIBSYSTEMD_221 221 + sd_bus_close_unref@LIBSYSTEMD_241 241 + sd_bus_creds_get_audit_login_uid@LIBSYSTEMD_221 221 + sd_bus_creds_get_audit_session_id@LIBSYSTEMD_221 221 + sd_bus_creds_get_augmented_mask@LIBSYSTEMD_221 221 + sd_bus_creds_get_cgroup@LIBSYSTEMD_221 221 + sd_bus_creds_get_cmdline@LIBSYSTEMD_221 221 + sd_bus_creds_get_comm@LIBSYSTEMD_221 221 + sd_bus_creds_get_description@LIBSYSTEMD_221 221 + sd_bus_creds_get_egid@LIBSYSTEMD_221 221 + sd_bus_creds_get_euid@LIBSYSTEMD_221 221 + sd_bus_creds_get_exe@LIBSYSTEMD_221 221 + sd_bus_creds_get_fsgid@LIBSYSTEMD_221 221 + sd_bus_creds_get_fsuid@LIBSYSTEMD_221 221 + sd_bus_creds_get_gid@LIBSYSTEMD_221 221 + sd_bus_creds_get_mask@LIBSYSTEMD_221 221 + sd_bus_creds_get_owner_uid@LIBSYSTEMD_221 221 + sd_bus_creds_get_pid@LIBSYSTEMD_221 221 + sd_bus_creds_get_ppid@LIBSYSTEMD_221 221 + sd_bus_creds_get_selinux_context@LIBSYSTEMD_221 221 + sd_bus_creds_get_session@LIBSYSTEMD_221 221 + sd_bus_creds_get_sgid@LIBSYSTEMD_221 221 + sd_bus_creds_get_slice@LIBSYSTEMD_221 221 + sd_bus_creds_get_suid@LIBSYSTEMD_221 221 + sd_bus_creds_get_supplementary_gids@LIBSYSTEMD_221 221 + sd_bus_creds_get_tid@LIBSYSTEMD_221 221 + sd_bus_creds_get_tid_comm@LIBSYSTEMD_221 221 + sd_bus_creds_get_tty@LIBSYSTEMD_221 221 + sd_bus_creds_get_uid@LIBSYSTEMD_221 221 + sd_bus_creds_get_unique_name@LIBSYSTEMD_221 221 + sd_bus_creds_get_unit@LIBSYSTEMD_221 221 + sd_bus_creds_get_user_slice@LIBSYSTEMD_221 221 + sd_bus_creds_get_user_unit@LIBSYSTEMD_221 221 + sd_bus_creds_get_well_known_names@LIBSYSTEMD_221 221 + sd_bus_creds_has_bounding_cap@LIBSYSTEMD_221 221 + sd_bus_creds_has_effective_cap@LIBSYSTEMD_221 221 + sd_bus_creds_has_inheritable_cap@LIBSYSTEMD_221 221 + sd_bus_creds_has_permitted_cap@LIBSYSTEMD_221 221 + sd_bus_creds_new_from_pid@LIBSYSTEMD_221 221 + sd_bus_creds_ref@LIBSYSTEMD_221 221 + sd_bus_creds_unref@LIBSYSTEMD_221 221 + sd_bus_default@LIBSYSTEMD_221 221 + sd_bus_default_flush_close@LIBSYSTEMD_227 227 + sd_bus_default_system@LIBSYSTEMD_221 221 + sd_bus_default_user@LIBSYSTEMD_221 221 + sd_bus_detach_event@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_added@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_added_strv@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_removed@LIBSYSTEMD_221 221 + sd_bus_emit_interfaces_removed_strv@LIBSYSTEMD_221 221 + sd_bus_emit_object_added@LIBSYSTEMD_222 222 + sd_bus_emit_object_removed@LIBSYSTEMD_222 222 + sd_bus_emit_properties_changed@LIBSYSTEMD_221 221 + sd_bus_emit_properties_changed_strv@LIBSYSTEMD_221 221 + sd_bus_emit_signal@LIBSYSTEMD_221 221 + sd_bus_emit_signalv@LIBSYSTEMD_246 246 + sd_bus_enqueue_for_read@LIBSYSTEMD_245 245 + sd_bus_error_add_map@LIBSYSTEMD_221 221 + sd_bus_error_copy@LIBSYSTEMD_221 221 + sd_bus_error_free@LIBSYSTEMD_221 221 + sd_bus_error_get_errno@LIBSYSTEMD_221 221 + sd_bus_error_has_name@LIBSYSTEMD_221 221 + sd_bus_error_has_names_sentinel@LIBSYSTEMD_247 247 + sd_bus_error_is_set@LIBSYSTEMD_221 221 + sd_bus_error_move@LIBSYSTEMD_240 240 + sd_bus_error_set@LIBSYSTEMD_221 221 + sd_bus_error_set_const@LIBSYSTEMD_221 221 + sd_bus_error_set_errno@LIBSYSTEMD_221 221 + sd_bus_error_set_errnof@LIBSYSTEMD_221 221 + sd_bus_error_set_errnofv@LIBSYSTEMD_221 221 + sd_bus_error_setf@LIBSYSTEMD_221 221 + sd_bus_flush@LIBSYSTEMD_221 221 + sd_bus_flush_close_unref@LIBSYSTEMD_222 222 + sd_bus_get_address@LIBSYSTEMD_221 221 + sd_bus_get_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_get_bus_id@LIBSYSTEMD_221 221 + sd_bus_get_close_on_exit@LIBSYSTEMD_240 240 + sd_bus_get_connected_signal@LIBSYSTEMD_237 237 + sd_bus_get_creds_mask@LIBSYSTEMD_221 221 + sd_bus_get_current_handler@LIBSYSTEMD_221 221 + sd_bus_get_current_message@LIBSYSTEMD_221 221 + sd_bus_get_current_slot@LIBSYSTEMD_221 221 + sd_bus_get_current_userdata@LIBSYSTEMD_221 221 + sd_bus_get_description@LIBSYSTEMD_221 221 + sd_bus_get_event@LIBSYSTEMD_221 221 + sd_bus_get_events@LIBSYSTEMD_221 221 + sd_bus_get_exit_on_disconnect@LIBSYSTEMD_232 232 + sd_bus_get_fd@LIBSYSTEMD_221 221 + sd_bus_get_method_call_timeout@LIBSYSTEMD_240 240 + sd_bus_get_n_queued_read@LIBSYSTEMD_238 238 + sd_bus_get_n_queued_write@LIBSYSTEMD_238 238 + sd_bus_get_name_creds@LIBSYSTEMD_221 221 + sd_bus_get_name_machine_id@LIBSYSTEMD_221 221 + sd_bus_get_owner_creds@LIBSYSTEMD_221 221 + sd_bus_get_property@LIBSYSTEMD_221 221 + sd_bus_get_property_string@LIBSYSTEMD_221 221 + sd_bus_get_property_strv@LIBSYSTEMD_221 221 + sd_bus_get_property_trivial@LIBSYSTEMD_221 221 + sd_bus_get_scope@LIBSYSTEMD_221 221 + sd_bus_get_sender@LIBSYSTEMD_237 237 + sd_bus_get_tid@LIBSYSTEMD_221 221 + sd_bus_get_timeout@LIBSYSTEMD_221 221 + sd_bus_get_unique_name@LIBSYSTEMD_221 221 + sd_bus_get_watch_bind@LIBSYSTEMD_237 237 + sd_bus_interface_name_is_valid@LIBSYSTEMD_246 246 + sd_bus_is_anonymous@LIBSYSTEMD_221 221 + sd_bus_is_bus_client@LIBSYSTEMD_221 221 + sd_bus_is_monitor@LIBSYSTEMD_221 221 + sd_bus_is_open@LIBSYSTEMD_221 221 + sd_bus_is_ready@LIBSYSTEMD_237 237 + sd_bus_is_server@LIBSYSTEMD_221 221 + sd_bus_is_trusted@LIBSYSTEMD_221 221 + sd_bus_list_names@LIBSYSTEMD_221 221 + sd_bus_match_signal@LIBSYSTEMD_237 237 + sd_bus_match_signal_async@LIBSYSTEMD_237 237 + sd_bus_member_name_is_valid@LIBSYSTEMD_246 246 + sd_bus_message_append@LIBSYSTEMD_221 221 + sd_bus_message_append_array@LIBSYSTEMD_221 221 + sd_bus_message_append_array_iovec@LIBSYSTEMD_221 221 + sd_bus_message_append_array_memfd@LIBSYSTEMD_221 221 + sd_bus_message_append_array_space@LIBSYSTEMD_221 221 + sd_bus_message_append_basic@LIBSYSTEMD_221 221 + sd_bus_message_append_string_iovec@LIBSYSTEMD_221 221 + sd_bus_message_append_string_memfd@LIBSYSTEMD_221 221 + sd_bus_message_append_string_space@LIBSYSTEMD_221 221 + sd_bus_message_append_strv@LIBSYSTEMD_221 221 + sd_bus_message_appendv@LIBSYSTEMD_234 234 + sd_bus_message_at_end@LIBSYSTEMD_221 221 + sd_bus_message_close_container@LIBSYSTEMD_221 221 + sd_bus_message_copy@LIBSYSTEMD_221 221 + sd_bus_message_dump@LIBSYSTEMD_245 245 + sd_bus_message_enter_container@LIBSYSTEMD_221 221 + sd_bus_message_exit_container@LIBSYSTEMD_221 221 + sd_bus_message_get_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_message_get_auto_start@LIBSYSTEMD_221 221 + sd_bus_message_get_bus@LIBSYSTEMD_221 221 + sd_bus_message_get_cookie@LIBSYSTEMD_221 221 + sd_bus_message_get_creds@LIBSYSTEMD_221 221 + sd_bus_message_get_destination@LIBSYSTEMD_221 221 + sd_bus_message_get_errno@LIBSYSTEMD_221 221 + sd_bus_message_get_error@LIBSYSTEMD_221 221 + sd_bus_message_get_expect_reply@LIBSYSTEMD_221 221 + sd_bus_message_get_interface@LIBSYSTEMD_221 221 + sd_bus_message_get_member@LIBSYSTEMD_221 221 + sd_bus_message_get_monotonic_usec@LIBSYSTEMD_221 221 + sd_bus_message_get_path@LIBSYSTEMD_221 221 + sd_bus_message_get_priority@LIBSYSTEMD_221 221 + sd_bus_message_get_realtime_usec@LIBSYSTEMD_221 221 + sd_bus_message_get_reply_cookie@LIBSYSTEMD_221 221 + sd_bus_message_get_sender@LIBSYSTEMD_221 221 + sd_bus_message_get_seqnum@LIBSYSTEMD_221 221 + sd_bus_message_get_signature@LIBSYSTEMD_221 221 + sd_bus_message_get_type@LIBSYSTEMD_221 221 + sd_bus_message_has_signature@LIBSYSTEMD_221 221 + sd_bus_message_is_empty@LIBSYSTEMD_221 221 + sd_bus_message_is_method_call@LIBSYSTEMD_221 221 + sd_bus_message_is_method_error@LIBSYSTEMD_221 221 + sd_bus_message_is_signal@LIBSYSTEMD_221 221 + sd_bus_message_new@LIBSYSTEMD_236 236 + sd_bus_message_new_method_call@LIBSYSTEMD_221 221 + sd_bus_message_new_method_errno@LIBSYSTEMD_221 221 + sd_bus_message_new_method_errnof@LIBSYSTEMD_221 221 + sd_bus_message_new_method_error@LIBSYSTEMD_221 221 + sd_bus_message_new_method_errorf@LIBSYSTEMD_221 221 + sd_bus_message_new_method_return@LIBSYSTEMD_221 221 + sd_bus_message_new_signal@LIBSYSTEMD_221 221 + sd_bus_message_open_container@LIBSYSTEMD_221 221 + sd_bus_message_peek_type@LIBSYSTEMD_221 221 + sd_bus_message_read@LIBSYSTEMD_221 221 + sd_bus_message_read_array@LIBSYSTEMD_221 221 + sd_bus_message_read_basic@LIBSYSTEMD_221 221 + sd_bus_message_read_strv@LIBSYSTEMD_221 221 + sd_bus_message_readv@LIBSYSTEMD_240 240 + sd_bus_message_ref@LIBSYSTEMD_221 221 + sd_bus_message_rewind@LIBSYSTEMD_221 221 + sd_bus_message_seal@LIBSYSTEMD_236 236 + sd_bus_message_sensitive@LIBSYSTEMD_245 245 + sd_bus_message_set_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_message_set_auto_start@LIBSYSTEMD_221 221 + sd_bus_message_set_destination@LIBSYSTEMD_221 221 + sd_bus_message_set_expect_reply@LIBSYSTEMD_221 221 + sd_bus_message_set_priority@LIBSYSTEMD_221 221 + sd_bus_message_set_sender@LIBSYSTEMD_237 237 + sd_bus_message_skip@LIBSYSTEMD_221 221 + sd_bus_message_unref@LIBSYSTEMD_221 221 + sd_bus_message_verify_type@LIBSYSTEMD_221 221 + sd_bus_negotiate_creds@LIBSYSTEMD_221 221 + sd_bus_negotiate_fds@LIBSYSTEMD_221 221 + sd_bus_negotiate_timestamp@LIBSYSTEMD_221 221 + sd_bus_new@LIBSYSTEMD_221 221 + sd_bus_object_path_is_valid@LIBSYSTEMD_246 246 + sd_bus_object_vtable_format@LIBSYSTEMD_243 243 + sd_bus_open@LIBSYSTEMD_221 221 + sd_bus_open_system@LIBSYSTEMD_221 221 + sd_bus_open_system_machine@LIBSYSTEMD_221 221 + sd_bus_open_system_remote@LIBSYSTEMD_221 221 + sd_bus_open_system_with_description@LIBSYSTEMD_239 239 + sd_bus_open_user@LIBSYSTEMD_221 221 + sd_bus_open_user_with_description@LIBSYSTEMD_239 239 + sd_bus_open_with_description@LIBSYSTEMD_239 239 + sd_bus_path_decode@LIBSYSTEMD_221 221 + sd_bus_path_decode_many@LIBSYSTEMD_227 227 + sd_bus_path_encode@LIBSYSTEMD_221 221 + sd_bus_path_encode_many@LIBSYSTEMD_227 227 + sd_bus_process@LIBSYSTEMD_221 221 + sd_bus_process_priority@LIBSYSTEMD_221 221 + sd_bus_query_sender_creds@LIBSYSTEMD_221 221 + sd_bus_query_sender_privilege@LIBSYSTEMD_221 221 + sd_bus_ref@LIBSYSTEMD_221 221 + sd_bus_release_name@LIBSYSTEMD_221 221 + sd_bus_release_name_async@LIBSYSTEMD_237 237 + sd_bus_reply_method_errno@LIBSYSTEMD_221 221 + sd_bus_reply_method_errnof@LIBSYSTEMD_221 221 + sd_bus_reply_method_errnofv@LIBSYSTEMD_246 246 + sd_bus_reply_method_error@LIBSYSTEMD_221 221 + sd_bus_reply_method_errorf@LIBSYSTEMD_221 221 + sd_bus_reply_method_errorfv@LIBSYSTEMD_246 246 + sd_bus_reply_method_return@LIBSYSTEMD_221 221 + sd_bus_reply_method_returnv@LIBSYSTEMD_246 246 + sd_bus_request_name@LIBSYSTEMD_221 221 + sd_bus_request_name_async@LIBSYSTEMD_237 237 + sd_bus_send@LIBSYSTEMD_221 221 + sd_bus_send_to@LIBSYSTEMD_221 221 + sd_bus_service_name_is_valid@LIBSYSTEMD_246 246 + sd_bus_set_address@LIBSYSTEMD_221 221 + sd_bus_set_allow_interactive_authorization@LIBSYSTEMD_221 221 + sd_bus_set_anonymous@LIBSYSTEMD_221 221 + sd_bus_set_bus_client@LIBSYSTEMD_221 221 + sd_bus_set_close_on_exit@LIBSYSTEMD_240 240 + sd_bus_set_connected_signal@LIBSYSTEMD_237 237 + sd_bus_set_description@LIBSYSTEMD_221 221 + sd_bus_set_exec@LIBSYSTEMD_221 221 + sd_bus_set_exit_on_disconnect@LIBSYSTEMD_232 232 + sd_bus_set_fd@LIBSYSTEMD_221 221 + sd_bus_set_method_call_timeout@LIBSYSTEMD_240 240 + sd_bus_set_monitor@LIBSYSTEMD_221 221 + sd_bus_set_property@LIBSYSTEMD_221 221 + sd_bus_set_propertyv@LIBSYSTEMD_246 246 + sd_bus_set_sender@LIBSYSTEMD_237 237 + sd_bus_set_server@LIBSYSTEMD_221 221 + sd_bus_set_trusted@LIBSYSTEMD_221 221 + sd_bus_set_watch_bind@LIBSYSTEMD_237 237 + sd_bus_slot_get_bus@LIBSYSTEMD_221 221 + sd_bus_slot_get_current_handler@LIBSYSTEMD_221 221 + sd_bus_slot_get_current_message@LIBSYSTEMD_221 221 + sd_bus_slot_get_current_userdata@LIBSYSTEMD_221 221 + sd_bus_slot_get_description@LIBSYSTEMD_221 221 + sd_bus_slot_get_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_slot_get_floating@LIBSYSTEMD_239 239 + sd_bus_slot_get_userdata@LIBSYSTEMD_221 221 + sd_bus_slot_ref@LIBSYSTEMD_221 221 + sd_bus_slot_set_description@LIBSYSTEMD_221 221 + sd_bus_slot_set_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_slot_set_floating@LIBSYSTEMD_239 239 + sd_bus_slot_set_userdata@LIBSYSTEMD_221 221 + sd_bus_slot_unref@LIBSYSTEMD_221 221 + sd_bus_start@LIBSYSTEMD_221 221 + sd_bus_track_add_name@LIBSYSTEMD_221 221 + sd_bus_track_add_sender@LIBSYSTEMD_221 221 + sd_bus_track_contains@LIBSYSTEMD_221 221 + sd_bus_track_count@LIBSYSTEMD_221 221 + sd_bus_track_count_name@LIBSYSTEMD_232 232 + sd_bus_track_count_sender@LIBSYSTEMD_232 232 + sd_bus_track_first@LIBSYSTEMD_221 221 + sd_bus_track_get_bus@LIBSYSTEMD_221 221 + sd_bus_track_get_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_track_get_recursive@LIBSYSTEMD_232 232 + sd_bus_track_get_userdata@LIBSYSTEMD_221 221 + sd_bus_track_new@LIBSYSTEMD_221 221 + sd_bus_track_next@LIBSYSTEMD_221 221 + sd_bus_track_ref@LIBSYSTEMD_221 221 + sd_bus_track_remove_name@LIBSYSTEMD_221 221 + sd_bus_track_remove_sender@LIBSYSTEMD_221 221 + sd_bus_track_set_destroy_callback@LIBSYSTEMD_239 239 + sd_bus_track_set_recursive@LIBSYSTEMD_232 232 + sd_bus_track_set_userdata@LIBSYSTEMD_221 221 + sd_bus_track_unref@LIBSYSTEMD_221 221 + sd_bus_try_close@LIBSYSTEMD_221 221 + sd_bus_unref@LIBSYSTEMD_221 221 + sd_bus_wait@LIBSYSTEMD_221 221 + sd_device_enumerator_add_match_parent@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_property@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_subsystem@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_sysattr@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_sysname@LIBSYSTEMD_240 240 + sd_device_enumerator_add_match_tag@LIBSYSTEMD_240 240 + sd_device_enumerator_allow_uninitialized@LIBSYSTEMD_240 240 + sd_device_enumerator_get_device_first@LIBSYSTEMD_240 240 + sd_device_enumerator_get_device_next@LIBSYSTEMD_240 240 + sd_device_enumerator_get_subsystem_first@LIBSYSTEMD_240 240 + sd_device_enumerator_get_subsystem_next@LIBSYSTEMD_240 240 + sd_device_enumerator_new@LIBSYSTEMD_240 240 + sd_device_enumerator_ref@LIBSYSTEMD_240 240 + sd_device_enumerator_unref@LIBSYSTEMD_240 240 + sd_device_get_current_tag_first@LIBSYSTEMD_247 247 + sd_device_get_current_tag_next@LIBSYSTEMD_247 247 + sd_device_get_devlink_first@LIBSYSTEMD_240 240 + sd_device_get_devlink_next@LIBSYSTEMD_240 240 + sd_device_get_devname@LIBSYSTEMD_240 240 + sd_device_get_devnum@LIBSYSTEMD_240 240 + sd_device_get_devpath@LIBSYSTEMD_240 240 + sd_device_get_devtype@LIBSYSTEMD_240 240 + sd_device_get_driver@LIBSYSTEMD_240 240 + sd_device_get_ifindex@LIBSYSTEMD_240 240 + sd_device_get_is_initialized@LIBSYSTEMD_240 240 + sd_device_get_parent@LIBSYSTEMD_240 240 + sd_device_get_parent_with_subsystem_devtype@LIBSYSTEMD_240 240 + sd_device_get_property_first@LIBSYSTEMD_240 240 + sd_device_get_property_next@LIBSYSTEMD_240 240 + sd_device_get_property_value@LIBSYSTEMD_240 240 + sd_device_get_subsystem@LIBSYSTEMD_240 240 + sd_device_get_sysattr_first@LIBSYSTEMD_240 240 + sd_device_get_sysattr_next@LIBSYSTEMD_240 240 + sd_device_get_sysattr_value@LIBSYSTEMD_240 240 + sd_device_get_sysname@LIBSYSTEMD_240 240 + sd_device_get_sysnum@LIBSYSTEMD_240 240 + sd_device_get_syspath@LIBSYSTEMD_240 240 + sd_device_get_tag_first@LIBSYSTEMD_240 240 + sd_device_get_tag_next@LIBSYSTEMD_240 240 + sd_device_get_usec_since_initialized@LIBSYSTEMD_240 240 + sd_device_has_current_tag@LIBSYSTEMD_247 247 + sd_device_has_tag@LIBSYSTEMD_240 240 + sd_device_monitor_attach_event@LIBSYSTEMD_240 240 + sd_device_monitor_detach_event@LIBSYSTEMD_240 240 + sd_device_monitor_filter_add_match_subsystem_devtype@LIBSYSTEMD_240 240 + sd_device_monitor_filter_add_match_tag@LIBSYSTEMD_240 240 + sd_device_monitor_filter_remove@LIBSYSTEMD_240 240 + sd_device_monitor_filter_update@LIBSYSTEMD_240 240 + sd_device_monitor_get_event@LIBSYSTEMD_240 240 + sd_device_monitor_get_event_source@LIBSYSTEMD_240 240 + sd_device_monitor_new@LIBSYSTEMD_240 240 + sd_device_monitor_ref@LIBSYSTEMD_240 240 + sd_device_monitor_set_receive_buffer_size@LIBSYSTEMD_240 240 + sd_device_monitor_start@LIBSYSTEMD_240 240 + sd_device_monitor_stop@LIBSYSTEMD_240 240 + sd_device_monitor_unref@LIBSYSTEMD_240 240 + sd_device_new_from_device_id@LIBSYSTEMD_240 240 + sd_device_new_from_devnum@LIBSYSTEMD_240 240 + sd_device_new_from_subsystem_sysname@LIBSYSTEMD_240 240 + sd_device_new_from_syspath@LIBSYSTEMD_240 240 + sd_device_ref@LIBSYSTEMD_240 240 + sd_device_set_sysattr_value@LIBSYSTEMD_240 240 + sd_device_set_sysattr_valuef@LIBSYSTEMD_247 247 + sd_device_unref@LIBSYSTEMD_240 240 + sd_event_add_child@LIBSYSTEMD_221 221 + sd_event_add_child_pidfd@LIBSYSTEMD_245 245 + sd_event_add_defer@LIBSYSTEMD_221 221 + sd_event_add_exit@LIBSYSTEMD_221 221 + sd_event_add_inotify@LIBSYSTEMD_239 239 + sd_event_add_io@LIBSYSTEMD_221 221 + sd_event_add_post@LIBSYSTEMD_221 221 + sd_event_add_signal@LIBSYSTEMD_221 221 + sd_event_add_time@LIBSYSTEMD_221 221 + sd_event_add_time_relative@LIBSYSTEMD_247 247 + sd_event_default@LIBSYSTEMD_221 221 + sd_event_dispatch@LIBSYSTEMD_221 221 + sd_event_exit@LIBSYSTEMD_221 221 + sd_event_get_exit_code@LIBSYSTEMD_221 221 + sd_event_get_fd@LIBSYSTEMD_221 221 + sd_event_get_iteration@LIBSYSTEMD_231 231 + sd_event_get_state@LIBSYSTEMD_221 221 + sd_event_get_tid@LIBSYSTEMD_221 221 + sd_event_get_watchdog@LIBSYSTEMD_221 221 + sd_event_loop@LIBSYSTEMD_221 221 + sd_event_new@LIBSYSTEMD_221 221 + sd_event_now@LIBSYSTEMD_221 221 + sd_event_prepare@LIBSYSTEMD_221 221 + sd_event_ref@LIBSYSTEMD_221 221 + sd_event_run@LIBSYSTEMD_221 221 + sd_event_set_watchdog@LIBSYSTEMD_221 221 + sd_event_source_disable_unref@LIBSYSTEMD_243 243 + sd_event_source_get_child_pid@LIBSYSTEMD_221 221 + sd_event_source_get_child_pidfd@LIBSYSTEMD_245 245 + sd_event_source_get_child_pidfd_own@LIBSYSTEMD_245 245 + sd_event_source_get_child_process_own@LIBSYSTEMD_245 245 + sd_event_source_get_description@LIBSYSTEMD_221 221 + sd_event_source_get_destroy_callback@LIBSYSTEMD_239 239 + sd_event_source_get_enabled@LIBSYSTEMD_221 221 + sd_event_source_get_event@LIBSYSTEMD_221 221 + sd_event_source_get_exit_on_failure@LIBSYSTEMD_247 247 + sd_event_source_get_floating@LIBSYSTEMD_240 240 + sd_event_source_get_inotify_mask@LIBSYSTEMD_239 239 + sd_event_source_get_io_events@LIBSYSTEMD_221 221 + sd_event_source_get_io_fd@LIBSYSTEMD_221 221 + sd_event_source_get_io_fd_own@LIBSYSTEMD_237 237 + sd_event_source_get_io_revents@LIBSYSTEMD_221 221 + sd_event_source_get_pending@LIBSYSTEMD_221 221 + sd_event_source_get_priority@LIBSYSTEMD_221 221 + sd_event_source_get_signal@LIBSYSTEMD_221 221 + sd_event_source_get_time@LIBSYSTEMD_221 221 + sd_event_source_get_time_accuracy@LIBSYSTEMD_221 221 + sd_event_source_get_time_clock@LIBSYSTEMD_221 221 + sd_event_source_get_userdata@LIBSYSTEMD_221 221 + sd_event_source_ref@LIBSYSTEMD_221 221 + sd_event_source_send_child_signal@LIBSYSTEMD_245 245 + sd_event_source_set_child_pidfd_own@LIBSYSTEMD_245 245 + sd_event_source_set_child_process_own@LIBSYSTEMD_245 245 + sd_event_source_set_description@LIBSYSTEMD_221 221 + sd_event_source_set_destroy_callback@LIBSYSTEMD_239 239 + sd_event_source_set_enabled@LIBSYSTEMD_221 221 + sd_event_source_set_exit_on_failure@LIBSYSTEMD_247 247 + sd_event_source_set_floating@LIBSYSTEMD_240 240 + sd_event_source_set_io_events@LIBSYSTEMD_221 221 + sd_event_source_set_io_fd@LIBSYSTEMD_221 221 + sd_event_source_set_io_fd_own@LIBSYSTEMD_237 237 + sd_event_source_set_prepare@LIBSYSTEMD_221 221 + sd_event_source_set_priority@LIBSYSTEMD_221 221 + sd_event_source_set_time@LIBSYSTEMD_221 221 + sd_event_source_set_time_accuracy@LIBSYSTEMD_221 221 + sd_event_source_set_time_relative@LIBSYSTEMD_247 247 + sd_event_source_set_userdata@LIBSYSTEMD_221 221 + sd_event_source_unref@LIBSYSTEMD_221 221 + sd_event_unref@LIBSYSTEMD_221 221 + sd_event_wait@LIBSYSTEMD_221 221 + sd_get_machine_names@LIBSYSTEMD_209 0 + sd_get_seats@LIBSYSTEMD_209 0 + sd_get_sessions@LIBSYSTEMD_209 0 + sd_get_uids@LIBSYSTEMD_209 0 + sd_hwdb_enumerate@LIBSYSTEMD_240 240 + sd_hwdb_get@LIBSYSTEMD_240 240 + sd_hwdb_new@LIBSYSTEMD_240 240 + sd_hwdb_ref@LIBSYSTEMD_240 240 + sd_hwdb_seek@LIBSYSTEMD_240 240 + sd_hwdb_unref@LIBSYSTEMD_240 240 + sd_id128_from_string@LIBSYSTEMD_209 0 + sd_id128_get_boot@LIBSYSTEMD_209 0 + sd_id128_get_boot_app_specific@LIBSYSTEMD_240 240 + sd_id128_get_invocation@LIBSYSTEMD_232 232 + sd_id128_get_machine@LIBSYSTEMD_209 0 + sd_id128_get_machine_app_specific@LIBSYSTEMD_233 233 + sd_id128_randomize@LIBSYSTEMD_209 0 + sd_id128_to_string@LIBSYSTEMD_209 0 + sd_is_fifo@LIBSYSTEMD_209 0 + sd_is_mq@LIBSYSTEMD_209 0 + sd_is_socket@LIBSYSTEMD_209 0 + sd_is_socket_inet@LIBSYSTEMD_209 0 + sd_is_socket_sockaddr@LIBSYSTEMD_233 233 + sd_is_socket_unix@LIBSYSTEMD_209 0 + sd_is_special@LIBSYSTEMD_209 0 + sd_journal_add_conjunction@LIBSYSTEMD_209 0 + sd_journal_add_disjunction@LIBSYSTEMD_209 0 + sd_journal_add_match@LIBSYSTEMD_209 0 + sd_journal_close@LIBSYSTEMD_209 0 + sd_journal_enumerate_available_data@LIBSYSTEMD_246 246 + sd_journal_enumerate_available_unique@LIBSYSTEMD_246 246 + sd_journal_enumerate_data@LIBSYSTEMD_209 0 + sd_journal_enumerate_fields@LIBSYSTEMD_229 229 + sd_journal_enumerate_unique@LIBSYSTEMD_209 0 + sd_journal_flush_matches@LIBSYSTEMD_209 0 + sd_journal_get_catalog@LIBSYSTEMD_209 0 + sd_journal_get_catalog_for_message_id@LIBSYSTEMD_209 0 + sd_journal_get_cursor@LIBSYSTEMD_209 0 + sd_journal_get_cutoff_monotonic_usec@LIBSYSTEMD_209 0 + sd_journal_get_cutoff_realtime_usec@LIBSYSTEMD_209 0 + sd_journal_get_data@LIBSYSTEMD_209 0 + sd_journal_get_data_threshold@LIBSYSTEMD_209 0 + sd_journal_get_events@LIBSYSTEMD_209 0 + sd_journal_get_fd@LIBSYSTEMD_209 0 + sd_journal_get_monotonic_usec@LIBSYSTEMD_209 0 + sd_journal_get_realtime_usec@LIBSYSTEMD_209 0 + sd_journal_get_timeout@LIBSYSTEMD_209 0 + sd_journal_get_usage@LIBSYSTEMD_209 0 + sd_journal_has_persistent_files@LIBSYSTEMD_229 229 + sd_journal_has_runtime_files@LIBSYSTEMD_229 229 + sd_journal_next@LIBSYSTEMD_209 0 + sd_journal_next_skip@LIBSYSTEMD_209 0 + sd_journal_open@LIBSYSTEMD_209 0 + sd_journal_open_container@LIBSYSTEMD_209 0 + sd_journal_open_directory@LIBSYSTEMD_209 0 + sd_journal_open_directory_fd@LIBSYSTEMD_230 230 + sd_journal_open_files@LIBSYSTEMD_209 0 + sd_journal_open_files_fd@LIBSYSTEMD_230 230 + sd_journal_open_namespace@LIBSYSTEMD_245 245 + sd_journal_perror@LIBSYSTEMD_209 0 + sd_journal_perror_with_location@LIBSYSTEMD_209 0 + sd_journal_previous@LIBSYSTEMD_209 0 + sd_journal_previous_skip@LIBSYSTEMD_209 0 + sd_journal_print@LIBSYSTEMD_209 0 + sd_journal_print_with_location@LIBSYSTEMD_209 0 + sd_journal_printv@LIBSYSTEMD_209 0 + sd_journal_printv_with_location@LIBSYSTEMD_209 0 + sd_journal_process@LIBSYSTEMD_209 0 + sd_journal_query_unique@LIBSYSTEMD_209 0 + sd_journal_reliable_fd@LIBSYSTEMD_209 0 + sd_journal_restart_data@LIBSYSTEMD_209 0 + sd_journal_restart_fields@LIBSYSTEMD_229 229 + sd_journal_restart_unique@LIBSYSTEMD_209 0 + sd_journal_seek_cursor@LIBSYSTEMD_209 0 + sd_journal_seek_head@LIBSYSTEMD_209 0 + sd_journal_seek_monotonic_usec@LIBSYSTEMD_209 0 + sd_journal_seek_realtime_usec@LIBSYSTEMD_209 0 + sd_journal_seek_tail@LIBSYSTEMD_209 0 + sd_journal_send@LIBSYSTEMD_209 0 + sd_journal_send_with_location@LIBSYSTEMD_209 0 + sd_journal_sendv@LIBSYSTEMD_209 0 + sd_journal_sendv_with_location@LIBSYSTEMD_209 0 + sd_journal_set_data_threshold@LIBSYSTEMD_209 0 + sd_journal_stream_fd@LIBSYSTEMD_209 0 + sd_journal_test_cursor@LIBSYSTEMD_209 0 + sd_journal_wait@LIBSYSTEMD_209 0 + sd_listen_fds@LIBSYSTEMD_209 0 + sd_listen_fds_with_names@LIBSYSTEMD_227 227 + sd_login_monitor_flush@LIBSYSTEMD_209 0 + sd_login_monitor_get_events@LIBSYSTEMD_209 0 + sd_login_monitor_get_fd@LIBSYSTEMD_209 0 + sd_login_monitor_get_timeout@LIBSYSTEMD_209 0 + sd_login_monitor_new@LIBSYSTEMD_209 0 + sd_login_monitor_unref@LIBSYSTEMD_209 0 + sd_machine_get_class@LIBSYSTEMD_211 211 + sd_machine_get_ifindices@LIBSYSTEMD_216 217 + sd_notify@LIBSYSTEMD_209 0 + sd_notify_barrier@LIBSYSTEMD_246 246 + sd_notifyf@LIBSYSTEMD_209 0 + sd_path_lookup@LIBSYSTEMD_246 246 + sd_path_lookup_strv@LIBSYSTEMD_246 246 + sd_peer_get_cgroup@LIBSYSTEMD_226 226 + sd_peer_get_machine_name@LIBSYSTEMD_211 211 + sd_peer_get_owner_uid@LIBSYSTEMD_211 211 + sd_peer_get_session@LIBSYSTEMD_211 211 + sd_peer_get_slice@LIBSYSTEMD_211 211 + sd_peer_get_unit@LIBSYSTEMD_211 211 + sd_peer_get_user_slice@LIBSYSTEMD_220 220 + sd_peer_get_user_unit@LIBSYSTEMD_211 211 + sd_pid_get_cgroup@LIBSYSTEMD_226 226 + sd_pid_get_machine_name@LIBSYSTEMD_209 0 + sd_pid_get_owner_uid@LIBSYSTEMD_209 0 + sd_pid_get_session@LIBSYSTEMD_209 0 + sd_pid_get_slice@LIBSYSTEMD_209 0 + sd_pid_get_unit@LIBSYSTEMD_209 0 + sd_pid_get_user_slice@LIBSYSTEMD_220 220 + sd_pid_get_user_unit@LIBSYSTEMD_209 0 + sd_pid_notify@LIBSYSTEMD_214 214 + sd_pid_notify_with_fds@LIBSYSTEMD_219 219 + sd_pid_notifyf@LIBSYSTEMD_214 214 + sd_seat_can_graphical@LIBSYSTEMD_209 0 + sd_seat_can_multi_session@LIBSYSTEMD_209 0 + sd_seat_can_tty@LIBSYSTEMD_209 0 + sd_seat_get_active@LIBSYSTEMD_209 0 + sd_seat_get_sessions@LIBSYSTEMD_209 0 + sd_session_get_class@LIBSYSTEMD_209 0 + sd_session_get_desktop@LIBSYSTEMD_217 217 + sd_session_get_display@LIBSYSTEMD_209 0 + sd_session_get_remote_host@LIBSYSTEMD_209 0 + sd_session_get_remote_user@LIBSYSTEMD_209 0 + sd_session_get_seat@LIBSYSTEMD_209 0 + sd_session_get_service@LIBSYSTEMD_209 0 + sd_session_get_state@LIBSYSTEMD_209 0 + sd_session_get_tty@LIBSYSTEMD_209 0 + sd_session_get_type@LIBSYSTEMD_209 0 + sd_session_get_uid@LIBSYSTEMD_209 0 + sd_session_get_vt@LIBSYSTEMD_209 0 + sd_session_is_active@LIBSYSTEMD_209 0 + sd_session_is_remote@LIBSYSTEMD_209 0 + sd_uid_get_display@LIBSYSTEMD_213 213 + sd_uid_get_seats@LIBSYSTEMD_209 0 + sd_uid_get_sessions@LIBSYSTEMD_209 0 + sd_uid_get_state@LIBSYSTEMD_209 0 + sd_uid_is_on_seat@LIBSYSTEMD_209 0 + sd_watchdog_enabled@LIBSYSTEMD_209 0 diff --git a/debian/libudev-dev.install b/debian/libudev-dev.install new file mode 100644 index 0000000..2a6f929 --- /dev/null +++ b/debian/libudev-dev.install @@ -0,0 +1,5 @@ +usr/lib/*/libudev.so +usr/include/libudev.h +usr/lib/*/pkgconfig/libudev.pc +usr/share/man/man3/udev* +usr/share/man/man3/libudev* diff --git a/debian/libudev1-udeb.install b/debian/libudev1-udeb.install new file mode 100644 index 0000000..1b214e5 --- /dev/null +++ b/debian/libudev1-udeb.install @@ -0,0 +1 @@ +usr/lib/*/libudev.so.* diff --git a/debian/libudev1.install b/debian/libudev1.install new file mode 100644 index 0000000..1b214e5 --- /dev/null +++ b/debian/libudev1.install @@ -0,0 +1 @@ +usr/lib/*/libudev.so.* diff --git a/debian/libudev1.symbols b/debian/libudev1.symbols new file mode 100644 index 0000000..cd976ed --- /dev/null +++ b/debian/libudev1.symbols @@ -0,0 +1,100 @@ +libudev.so.1 libudev1 #MINVER# +* Build-Depends-Package: libudev-dev + LIBUDEV_183@LIBUDEV_183 183 + LIBUDEV_189@LIBUDEV_189 189 + LIBUDEV_196@LIBUDEV_196 196 + LIBUDEV_199@LIBUDEV_199 199 + LIBUDEV_215@LIBUDEV_215 215 + LIBUDEV_247@LIBUDEV_247 247 + udev_device_get_action@LIBUDEV_183 183 + udev_device_get_current_tags_list_entry@LIBUDEV_247 247 + udev_device_get_devlinks_list_entry@LIBUDEV_183 183 + udev_device_get_devnode@LIBUDEV_183 183 + udev_device_get_devnum@LIBUDEV_183 183 + udev_device_get_devpath@LIBUDEV_183 183 + udev_device_get_devtype@LIBUDEV_183 183 + udev_device_get_driver@LIBUDEV_183 183 + udev_device_get_is_initialized@LIBUDEV_183 183 + udev_device_get_parent@LIBUDEV_183 183 + udev_device_get_parent_with_subsystem_devtype@LIBUDEV_183 183 + udev_device_get_properties_list_entry@LIBUDEV_183 183 + udev_device_get_property_value@LIBUDEV_183 183 + udev_device_get_seqnum@LIBUDEV_183 183 + udev_device_get_subsystem@LIBUDEV_183 183 + udev_device_get_sysattr_list_entry@LIBUDEV_183 183 + udev_device_get_sysattr_value@LIBUDEV_183 183 + udev_device_get_sysname@LIBUDEV_183 183 + udev_device_get_sysnum@LIBUDEV_183 183 + udev_device_get_syspath@LIBUDEV_183 183 + udev_device_get_tags_list_entry@LIBUDEV_183 183 + udev_device_get_udev@LIBUDEV_183 183 + udev_device_get_usec_since_initialized@LIBUDEV_183 183 + udev_device_has_current_tag@LIBUDEV_247 247 + udev_device_has_tag@LIBUDEV_183 183 + udev_device_new_from_device_id@LIBUDEV_189 189 + udev_device_new_from_devnum@LIBUDEV_183 183 + udev_device_new_from_environment@LIBUDEV_183 183 + udev_device_new_from_subsystem_sysname@LIBUDEV_183 183 + udev_device_new_from_syspath@LIBUDEV_183 183 + udev_device_ref@LIBUDEV_183 183 + udev_device_set_sysattr_value@LIBUDEV_199 199 + udev_device_unref@LIBUDEV_183 183 + udev_enumerate_add_match_is_initialized@LIBUDEV_183 183 + udev_enumerate_add_match_parent@LIBUDEV_183 183 + udev_enumerate_add_match_property@LIBUDEV_183 183 + udev_enumerate_add_match_subsystem@LIBUDEV_183 183 + udev_enumerate_add_match_sysattr@LIBUDEV_183 183 + udev_enumerate_add_match_sysname@LIBUDEV_183 183 + udev_enumerate_add_match_tag@LIBUDEV_183 183 + udev_enumerate_add_nomatch_subsystem@LIBUDEV_183 183 + udev_enumerate_add_nomatch_sysattr@LIBUDEV_183 183 + udev_enumerate_add_syspath@LIBUDEV_183 183 + udev_enumerate_get_list_entry@LIBUDEV_183 183 + udev_enumerate_get_udev@LIBUDEV_183 183 + udev_enumerate_new@LIBUDEV_183 183 + udev_enumerate_ref@LIBUDEV_183 183 + udev_enumerate_scan_devices@LIBUDEV_183 183 + udev_enumerate_scan_subsystems@LIBUDEV_183 183 + udev_enumerate_unref@LIBUDEV_183 183 + udev_get_log_priority@LIBUDEV_183 183 + udev_get_userdata@LIBUDEV_183 183 + udev_hwdb_get_properties_list_entry@LIBUDEV_196 196 + udev_hwdb_new@LIBUDEV_196 196 + udev_hwdb_ref@LIBUDEV_196 196 + udev_hwdb_unref@LIBUDEV_196 196 + udev_list_entry_get_by_name@LIBUDEV_183 183 + udev_list_entry_get_name@LIBUDEV_183 183 + udev_list_entry_get_next@LIBUDEV_183 183 + udev_list_entry_get_value@LIBUDEV_183 183 + udev_monitor_enable_receiving@LIBUDEV_183 183 + udev_monitor_filter_add_match_subsystem_devtype@LIBUDEV_183 183 + udev_monitor_filter_add_match_tag@LIBUDEV_183 183 + udev_monitor_filter_remove@LIBUDEV_183 183 + udev_monitor_filter_update@LIBUDEV_183 183 + udev_monitor_get_fd@LIBUDEV_183 183 + udev_monitor_get_udev@LIBUDEV_183 183 + udev_monitor_new_from_netlink@LIBUDEV_183 183 + udev_monitor_receive_device@LIBUDEV_183 183 + udev_monitor_ref@LIBUDEV_183 183 + udev_monitor_set_receive_buffer_size@LIBUDEV_183 183 + udev_monitor_unref@LIBUDEV_183 183 + udev_new@LIBUDEV_183 183 + udev_queue_flush@LIBUDEV_215 215 + udev_queue_get_fd@LIBUDEV_215 215 + udev_queue_get_kernel_seqnum@LIBUDEV_183 183 + udev_queue_get_queue_is_empty@LIBUDEV_183 183 + udev_queue_get_queued_list_entry@LIBUDEV_183 183 + udev_queue_get_seqnum_is_finished@LIBUDEV_183 183 + udev_queue_get_seqnum_sequence_is_finished@LIBUDEV_183 183 + udev_queue_get_udev@LIBUDEV_183 183 + udev_queue_get_udev_is_active@LIBUDEV_183 183 + udev_queue_get_udev_seqnum@LIBUDEV_183 183 + udev_queue_new@LIBUDEV_183 183 + udev_queue_ref@LIBUDEV_183 183 + udev_queue_unref@LIBUDEV_183 183 + udev_ref@LIBUDEV_183 183 + udev_set_log_fn@LIBUDEV_183 183 + udev_set_log_priority@LIBUDEV_183 183 + udev_set_userdata@LIBUDEV_183 183 + udev_unref@LIBUDEV_183 183 + udev_util_encode_string@LIBUDEV_183 183 diff --git a/debian/patches/Add-helper-for-case-independent-string-equality-checks.patch b/debian/patches/Add-helper-for-case-independent-string-equality-checks.patch new file mode 100644 index 0000000..8e69db9 --- /dev/null +++ b/debian/patches/Add-helper-for-case-independent-string-equality-checks.patch @@ -0,0 +1,24 @@ +From: Matthias Klumpp <matthias@tenstral.net> +Date: Sat, 10 Oct 2020 04:40:23 +0200 +Subject: Add helper for case-independent string equality checks + +(cherry picked from commit bd47b0dac4a1ff6e686c99b9958693e86d44007b) +--- + src/basic/string-util.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index fdd3ce7..6c99335 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -33,6 +33,10 @@ static inline bool streq_ptr(const char *a, const char *b) { + return strcmp_ptr(a, b) == 0; + } + ++static inline bool strcaseeq_ptr(const char *a, const char *b) { ++ return strcasecmp_ptr(a, b) == 0; ++} ++ + static inline char* strstr_ptr(const char *haystack, const char *needle) { + if (!haystack || !needle) + return NULL; diff --git a/debian/patches/Always-free-deserialized_subscribed-on-reload.patch b/debian/patches/Always-free-deserialized_subscribed-on-reload.patch new file mode 100644 index 0000000..f0f6129 --- /dev/null +++ b/debian/patches/Always-free-deserialized_subscribed-on-reload.patch @@ -0,0 +1,25 @@ +From: Ali Abdallah <ali.abdallah@suse.com> +Date: Thu, 21 Jan 2021 07:37:21 +0100 +Subject: Always free deserialized_subscribed on reload + +Otherwise, it will keep consuming memory on systemctl daemon-reload. + +(cherry picked from commit 3deed59afdc2c18ecb76fe90b9bba0cd66045dfa) +--- + src/core/manager.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/core/manager.c b/src/core/manager.c +index a1d6f7c..6858950 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3842,6 +3842,9 @@ int manager_reload(Manager *m) { + /* Clean up runtime objects no longer referenced */ + manager_vacuum(m); + ++ /* Clean up deserialized tracked clients */ ++ m->deserialized_subscribed = strv_free(m->deserialized_subscribed); ++ + /* Consider the reload process complete now. */ + assert(m->n_reloading > 0); + m->n_reloading--; diff --git a/debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch b/debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch new file mode 100644 index 0000000..83a6f2c --- /dev/null +++ b/debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch @@ -0,0 +1,219 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 15 Sep 2021 16:33:05 +0200 +Subject: Drop bundled copy of linux/if_arp.h +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +As far as I can see, we use this to get a list of ARPHRD_* defines (used in +particular for Type= in .link files). If we drop our copy, and build against +old kernel headers, the user will have a shorter list of types available. This +seems OK, and I don't think it's worth carrying our own version of this file +just to have newest possible entries. + +7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd +have to update it every time the kernel adds new entries. But if we look at +the failure carefully: + +src/basic/arphrd-from-name.gperf:65:16: error: ‘ARPHRD_MCTP’ undeclared (first use in this function); did you mean ‘ARPHRD_FCPP’? + 65 | MCTP, ARPHRD_MCTP + | ^~ + | ARPHRD_FCPP + +we see that the list we were generating was from the system headers, so it was +only as good as the system headers anyway, without the newer entries in our +bundled copy, if there were any. So let's make things simpler by always using +system headers. + +And if somebody wants to fix things so that we always have the newest list, +then we should just generate and store the converted list, not the full header. + +(cherry picked from commit e7f46ee3ae1cc66a94b293957721d68dc09d7449) +--- + src/basic/linux/if_arp.h | 164 ----------------------------------------------- + src/basic/meson.build | 1 - + 2 files changed, 165 deletions(-) + delete mode 100644 src/basic/linux/if_arp.h + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +deleted file mode 100644 +index c3cc5a9..0000000 +--- a/src/basic/linux/if_arp.h ++++ /dev/null +@@ -1,164 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +-/* +- * INET An implementation of the TCP/IP protocol suite for the LINUX +- * operating system. INET is implemented using the BSD Socket +- * interface as the means of communication with the user level. +- * +- * Global definitions for the ARP (RFC 826) protocol. +- * +- * Version: @(#)if_arp.h 1.0.1 04/16/93 +- * +- * Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988 +- * Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source. +- * Ross Biro +- * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> +- * Florian La Roche, +- * Jonathan Layes <layes@loran.com> +- * Arnaldo Carvalho de Melo <acme@conectiva.com.br> ARPHRD_HWX25 +- * +- * This program is free software; you can redistribute it and/or +- * modify it under the terms of the GNU General Public License +- * as published by the Free Software Foundation; either version +- * 2 of the License, or (at your option) any later version. +- */ +-#ifndef _UAPI_LINUX_IF_ARP_H +-#define _UAPI_LINUX_IF_ARP_H +- +-#include <linux/netdevice.h> +- +-/* ARP protocol HARDWARE identifiers. */ +-#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */ +-#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */ +-#define ARPHRD_EETHER 2 /* Experimental Ethernet */ +-#define ARPHRD_AX25 3 /* AX.25 Level 2 */ +-#define ARPHRD_PRONET 4 /* PROnet token ring */ +-#define ARPHRD_CHAOS 5 /* Chaosnet */ +-#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */ +-#define ARPHRD_ARCNET 7 /* ARCnet */ +-#define ARPHRD_APPLETLK 8 /* APPLEtalk */ +-#define ARPHRD_DLCI 15 /* Frame Relay DLCI */ +-#define ARPHRD_ATM 19 /* ATM */ +-#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */ +-#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */ +-#define ARPHRD_EUI64 27 /* EUI-64 */ +-#define ARPHRD_INFINIBAND 32 /* InfiniBand */ +- +-/* Dummy types for non ARP hardware */ +-#define ARPHRD_SLIP 256 +-#define ARPHRD_CSLIP 257 +-#define ARPHRD_SLIP6 258 +-#define ARPHRD_CSLIP6 259 +-#define ARPHRD_RSRVD 260 /* Notional KISS type */ +-#define ARPHRD_ADAPT 264 +-#define ARPHRD_ROSE 270 +-#define ARPHRD_X25 271 /* CCITT X.25 */ +-#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ +-#define ARPHRD_CAN 280 /* Controller Area Network */ +-#define ARPHRD_PPP 512 +-#define ARPHRD_CISCO 513 /* Cisco HDLC */ +-#define ARPHRD_HDLC ARPHRD_CISCO +-#define ARPHRD_LAPB 516 /* LAPB */ +-#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */ +-#define ARPHRD_RAWHDLC 518 /* Raw HDLC */ +-#define ARPHRD_RAWIP 519 /* Raw IP */ +- +-#define ARPHRD_TUNNEL 768 /* IPIP tunnel */ +-#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */ +-#define ARPHRD_FRAD 770 /* Frame Relay Access Device */ +-#define ARPHRD_SKIP 771 /* SKIP vif */ +-#define ARPHRD_LOOPBACK 772 /* Loopback device */ +-#define ARPHRD_LOCALTLK 773 /* Localtalk device */ +-#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */ +-#define ARPHRD_BIF 775 /* AP1000 BIF */ +-#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */ +-#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */ +-#define ARPHRD_IPGRE 778 /* GRE over IP */ +-#define ARPHRD_PIMREG 779 /* PIMSM register interface */ +-#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */ +-#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */ +-#define ARPHRD_ECONET 782 /* Acorn Econet */ +-#define ARPHRD_IRDA 783 /* Linux-IrDA */ +-/* ARP works differently on different FC media .. so */ +-#define ARPHRD_FCPP 784 /* Point to point fibrechannel */ +-#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */ +-#define ARPHRD_FCPL 786 /* Fibrechannel public loop */ +-#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */ +- /* 787->799 reserved for fibrechannel media types */ +-#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */ +-#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */ +-#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */ +-#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */ +-#define ARPHRD_IEEE802154 804 +-#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */ +- +-#define ARPHRD_PHONET 820 /* PhoNet media type */ +-#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */ +-#define ARPHRD_CAIF 822 /* CAIF media type */ +-#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */ +-#define ARPHRD_NETLINK 824 /* Netlink header */ +-#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */ +-#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */ +- +-#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */ +-#define ARPHRD_NONE 0xFFFE /* zero header length */ +- +-/* ARP protocol opcodes. */ +-#define ARPOP_REQUEST 1 /* ARP request */ +-#define ARPOP_REPLY 2 /* ARP reply */ +-#define ARPOP_RREQUEST 3 /* RARP request */ +-#define ARPOP_RREPLY 4 /* RARP reply */ +-#define ARPOP_InREQUEST 8 /* InARP request */ +-#define ARPOP_InREPLY 9 /* InARP reply */ +-#define ARPOP_NAK 10 /* (ATM)ARP NAK */ +- +- +-/* ARP ioctl request. */ +-struct arpreq { +- struct sockaddr arp_pa; /* protocol address */ +- struct sockaddr arp_ha; /* hardware address */ +- int arp_flags; /* flags */ +- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ +- char arp_dev[IFNAMSIZ]; +-}; +- +-struct arpreq_old { +- struct sockaddr arp_pa; /* protocol address */ +- struct sockaddr arp_ha; /* hardware address */ +- int arp_flags; /* flags */ +- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ +-}; +- +-/* ARP Flag values. */ +-#define ATF_COM 0x02 /* completed entry (ha valid) */ +-#define ATF_PERM 0x04 /* permanent entry */ +-#define ATF_PUBL 0x08 /* publish entry */ +-#define ATF_USETRAILERS 0x10 /* has requested trailers */ +-#define ATF_NETMASK 0x20 /* want to use a netmask (only +- for proxy entries) */ +-#define ATF_DONTPUB 0x40 /* don't answer this addresses */ +- +-/* +- * This structure defines an ethernet arp header. +- */ +- +-struct arphdr { +- __be16 ar_hrd; /* format of hardware address */ +- __be16 ar_pro; /* format of protocol address */ +- unsigned char ar_hln; /* length of hardware address */ +- unsigned char ar_pln; /* length of protocol address */ +- __be16 ar_op; /* ARP opcode (command) */ +- +-#if 0 +- /* +- * Ethernet looks like this : This bit is variable sized however... +- */ +- unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ +- unsigned char ar_sip[4]; /* sender IP address */ +- unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ +- unsigned char ar_tip[4]; /* target IP address */ +-#endif +- +-}; +- +- +-#endif /* _UAPI_LINUX_IF_ARP_H */ +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 1183ea8..2c13cf4 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -98,7 +98,6 @@ basic_sources = files(''' + linux/hdlc/ioctl.h + linux/if.h + linux/if_addr.h +- linux/if_arp.h + linux/if_bonding.h + linux/if_bridge.h + linux/if_ether.h diff --git a/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch b/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch new file mode 100644 index 0000000..c9e3500 --- /dev/null +++ b/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch @@ -0,0 +1,34 @@ +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 1 Apr 2021 22:18:29 +0100 +Subject: LoadCredentials: do not assert on invalid syntax + +LoadCredentials=foo causes an assertion to be triggered, as we +are not checking that the rvalue's right hand side part is non-empty +before using it in unit_full_printf. + +Fixes #19178 + +# printf [Service]nLoadCredential=passwd.hashed-password.rootn > hello.service +# systemd-analyze verify ./hello.service +... +Assertion 'format' failed at src/core/unit-printf.c:232, function unit_full_printf(). Aborting. +Aborted (core dumped) + +(cherry picked from commit f7a6f1226e800f7695c2073675523062ea697aa4) +--- + src/core/load-fragment.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 4964249..5b66fb1 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -4569,7 +4569,7 @@ int config_parse_load_credential( + r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS); + if (r == -ENOMEM) + return log_oom(); +- if (r <= 0) { ++ if (r <= 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); + return 0; + } diff --git a/debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch b/debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch new file mode 100644 index 0000000..fa14d0d --- /dev/null +++ b/debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch @@ -0,0 +1,52 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 10 Mar 2021 10:17:23 +0100 +Subject: Revert "udev: do not execute hwdb builtin import twice or thrice" + +This reverts commit 876c75fe870846b09b54423a6b719d80bc879b27. + +The patch seems to cause usb devices to get some attributes set from the parent +PCI device. 'hwdb' builtin has support for breaking iteration upwards on usb +devices. But when '--subsystem=foo' is specified, iteration is continued. I'm +sure it *could* be figured out, but it seems hard to get all the combinations +correct. So let's revert to functional status quo ante, even if does the lookup +more than once unnecessarily. + +Fixes #18125. + +(cherry picked from commit 451ba55fecd8b494add2001b3ca3c1915c8fd655) +--- + rules.d/50-udev-default.rules.in | 3 +-- + rules.d/60-serial.rules | 5 ++--- + 2 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in +index cef78f9..50747a1 100644 +--- a/rules.d/50-udev-default.rules.in ++++ b/rules.d/50-udev-default.rules.in +@@ -10,9 +10,8 @@ SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio- + SUBSYSTEM=="rtc", ATTR{hctosys}=="1", SYMLINK+="rtc" + SUBSYSTEM=="rtc", KERNEL=="rtc0", SYMLINK+="rtc", OPTIONS+="link_priority=-100" + +-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb", GOTO="default_hwdb_imported" ++SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb" + ENV{MODALIAS}!="", IMPORT{builtin}="hwdb --subsystem=$env{SUBSYSTEM}" +-LABEL="default_hwdb_imported" + + ACTION!="add", GOTO="default_end" + +diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules +index b162665..f303e27 100644 +--- a/rules.d/60-serial.rules ++++ b/rules.d/60-serial.rules +@@ -4,9 +4,8 @@ ACTION=="remove", GOTO="serial_end" + SUBSYSTEM!="tty", GOTO="serial_end" + + SUBSYSTEMS=="pci", ENV{ID_BUS}="pci", ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}" +-# We already ran the hwdb builtin for devices with MODALIAS in 50-default.rules. +-# Let's cover the remaining case here, where we walk up the tree to find a node with $MODALIAS. +-ENV{MODALIAS}=="", SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci" ++SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci" ++SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb" + + # /dev/serial/by-path/, /dev/serial/by-id/ for USB devices + KERNEL!="ttyUSB[0-9]*|ttyACM[0-9]*", GOTO="serial_end" diff --git a/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch b/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch new file mode 100644 index 0000000..e6d9f1a --- /dev/null +++ b/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch @@ -0,0 +1,26 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 10 Feb 2021 10:50:23 +0100 +Subject: analyze: slightly reword PrivateTmp= message + +Apparently there way confusion about "does not apply". Let's say "is not +appropriate". + +Fixes: #13095 +(cherry picked from commit 77552b9520ba0d47cbf33cdbe1ddedb9ce9b5bf3) +--- + src/analyze/analyze-security.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c +index 8d94fbc..99ec7b5 100644 +--- a/src/analyze/analyze-security.c ++++ b/src/analyze/analyze-security.c +@@ -1545,7 +1545,7 @@ static int assess(const struct security_info *info, Table *overview_table, Analy + + if (a->default_dependencies_only && !info->default_dependencies) { + badness = UINT64_MAX; +- d = strdup("Service runs in special boot phase, option does not apply"); ++ d = strdup("Service runs in special boot phase, option is not appropriate"); + if (!d) + return log_oom(); + } else { diff --git a/debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch b/debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch new file mode 100644 index 0000000..de1b1f2 --- /dev/null +++ b/debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch @@ -0,0 +1,37 @@ +From: Aleksey Vasenev <margtu-fivt@ya.ru> +Date: Wed, 5 Oct 2022 22:33:53 +0300 +Subject: ata_id: Fixed getting Response Code from SCSI Sense Data (#24921) + +The Response Code is contained in the first byte of the SCSI Sense Data. +Bit number 7 is reserved or has a different meaning for some Response Codes +and is set to 1 for some drives. + +(cherry picked from commit 2be1ae54badf7a3a12908a8094ebaba8f91887ca) +--- + src/udev/ata_id/ata_id.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/udev/ata_id/ata_id.c b/src/udev/ata_id/ata_id.c +index ce0bf5d..c86e40b 100644 +--- a/src/udev/ata_id/ata_id.c ++++ b/src/udev/ata_id/ata_id.c +@@ -162,8 +162,8 @@ static int disk_identify_command( + return ret; + } + +- if (!(sense[0] == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) && +- !(sense[0] == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) { ++ if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) && ++ !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) { + errno = EIO; + return -1; + } +@@ -240,7 +240,7 @@ static int disk_identify_packet_device_command( + return ret; + } + +- if (!(sense[0] == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c)) { ++ if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c)) { + errno = EIO; + return -1; + } diff --git a/debian/patches/basic-add-make_mount_point_inode-helper.patch b/debian/patches/basic-add-make_mount_point_inode-helper.patch new file mode 100644 index 0000000..49207c3 --- /dev/null +++ b/debian/patches/basic-add-make_mount_point_inode-helper.patch @@ -0,0 +1,239 @@ +From: Luca Boccassi <bluca@debian.org> +Date: Sat, 19 Dec 2020 21:40:47 +0000 +Subject: basic: add make_mount_point_inode helper + +Creates a file or a directory depending on the source path, useful +for creating mount points. + +(cherry picked from commit 8bab8029105e44ce78c5e11bffa203a1135fe201) +--- + src/basic/mountpoint-util.c | 25 +++++++++++++++++++++ + src/basic/mountpoint-util.h | 4 ++++ + src/core/namespace.c | 26 +++++++-------------- + src/machine/machine-dbus.c | 14 ++++-------- + src/test/test-mountpoint-util.c | 50 +++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 91 insertions(+), 28 deletions(-) + +diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c +index a6602ad..ed7457f 100644 +--- a/src/basic/mountpoint-util.c ++++ b/src/basic/mountpoint-util.c +@@ -8,14 +8,17 @@ + #include "fd-util.h" + #include "fileio.h" + #include "fs-util.h" ++#include "label.h" + #include "missing_stat.h" + #include "missing_syscall.h" ++#include "mkdir.h" + #include "mountpoint-util.h" + #include "parse-util.h" + #include "path-util.h" + #include "stat-util.h" + #include "stdio-util.h" + #include "strv.h" ++#include "user-util.h" + + /* This is the original MAX_HANDLE_SZ definition from the kernel, when the API was introduced. We use that in place of + * any more currently defined value to future-proof things: if the size is increased in the API headers, and our code +@@ -509,3 +512,25 @@ int mount_propagation_flags_from_string(const char *name, unsigned long *ret) { + return -EINVAL; + return 0; + } ++ ++int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode) { ++ assert(st); ++ assert(dest); ++ ++ if (S_ISDIR(st->st_mode)) ++ return mkdir_label(dest, mode); ++ else ++ return mknod(dest, S_IFREG|(mode & ~0111), 0); ++} ++ ++int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode) { ++ struct stat st; ++ ++ assert(source); ++ assert(dest); ++ ++ if (stat(source, &st) < 0) ++ return -errno; ++ ++ return make_mount_point_inode_from_stat(&st, dest, mode); ++} +diff --git a/src/basic/mountpoint-util.h b/src/basic/mountpoint-util.h +index aadb212..cebcec5 100644 +--- a/src/basic/mountpoint-util.h ++++ b/src/basic/mountpoint-util.h +@@ -23,3 +23,7 @@ int dev_is_devtmpfs(void); + + const char *mount_propagation_flags_to_string(unsigned long flags); + int mount_propagation_flags_from_string(const char *name, unsigned long *ret); ++ ++/* Creates a mount point (not parents) based on the source path or stat - ie, a file or a directory */ ++int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode); ++int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode); +diff --git a/src/core/namespace.c b/src/core/namespace.c +index cdf427a..02381da 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -1176,29 +1176,19 @@ static int apply_mount( + bool try_again = false; + + if (r == -ENOENT && make) { +- struct stat st; ++ int q; + + /* Hmm, either the source or the destination are missing. Let's see if we can create + the destination, then try again. */ + +- if (stat(what, &st) < 0) +- log_error_errno(errno, "Mount point source '%s' is not accessible: %m", what); +- else { +- int q; ++ (void) mkdir_parents(mount_entry_path(m), 0755); + +- (void) mkdir_parents(mount_entry_path(m), 0755); +- +- if (S_ISDIR(st.st_mode)) +- q = mkdir(mount_entry_path(m), 0755) < 0 ? -errno : 0; +- else +- q = touch(mount_entry_path(m)); +- +- if (q < 0) +- log_error_errno(q, "Failed to create destination mount point node '%s': %m", +- mount_entry_path(m)); +- else +- try_again = true; +- } ++ q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755); ++ if (q < 0) ++ log_error_errno(q, "Failed to create destination mount point node '%s': %m", ++ mount_entry_path(m)); ++ else ++ try_again = true; + } + + if (try_again) +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index bb67beb..1105008 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -32,6 +32,7 @@ + #include "missing_capability.h" + #include "mkdir.h" + #include "mount-util.h" ++#include "mountpoint-util.h" + #include "namespace-util.h" + #include "os-util.h" + #include "path-util.h" +@@ -908,10 +909,7 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu + + /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */ + mount_tmp = strjoina(mount_slave, "/mount"); +- if (S_ISDIR(st.st_mode)) +- r = mkdir_errno_wrapper(mount_tmp, 0700); +- else +- r = touch(mount_tmp); ++ r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700); + if (r < 0) { + sd_bus_error_set_errnof(error, r, "Failed to create temporary mount point %s: %m", mount_tmp); + goto finish; +@@ -1003,12 +1001,8 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu + } + + if (make_file_or_directory) { +- if (S_ISDIR(st.st_mode)) +- (void) mkdir_p(dest, 0755); +- else { +- (void) mkdir_parents(dest, 0755); +- (void) mknod(dest, S_IFREG|0600, 0); +- } ++ (void) mkdir_parents(dest, 0755); ++ (void) make_mount_point_inode_from_stat(&st, dest, 0700); + } + + mount_inside = strjoina("/run/host/incoming/", basename(mount_outside)); +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 47fde5c..1ce3d5d 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -8,13 +8,16 @@ + #include "def.h" + #include "fd-util.h" + #include "fileio.h" ++#include "fs-util.h" + #include "hashmap.h" + #include "log.h" ++#include "mkdir.h" + #include "mountpoint-util.h" + #include "path-util.h" + #include "rm-rf.h" + #include "string-util.h" + #include "tests.h" ++#include "tmpfile-util.h" + + static void test_mount_propagation_flags(const char *name, int ret, unsigned long expected) { + long unsigned flags; +@@ -287,6 +290,52 @@ static void test_fd_is_mount_point(void) { + assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0)); + } + ++static void test_make_mount_point_inode(void) { ++ _cleanup_(rm_rf_physical_and_freep) char *d = NULL; ++ const char *src_file, *src_dir, *dst_file, *dst_dir; ++ struct stat st; ++ ++ log_info("/* %s */", __func__); ++ ++ assert_se(mkdtemp_malloc(NULL, &d) >= 0); ++ ++ src_file = strjoina(d, "/src/file"); ++ src_dir = strjoina(d, "/src/dir"); ++ dst_file = strjoina(d, "/dst/file"); ++ dst_dir = strjoina(d, "/dst/dir"); ++ ++ assert_se(mkdir_p(src_dir, 0755) >= 0); ++ assert_se(mkdir_parents(dst_file, 0755) >= 0); ++ assert_se(touch(src_file) >= 0); ++ ++ assert_se(make_mount_point_inode_from_path(src_file, dst_file, 0755) >= 0); ++ assert_se(make_mount_point_inode_from_path(src_dir, dst_dir, 0755) >= 0); ++ ++ assert_se(stat(dst_dir, &st) == 0); ++ assert_se(S_ISDIR(st.st_mode)); ++ assert_se(stat(dst_file, &st) == 0); ++ assert_se(S_ISREG(st.st_mode)); ++ assert_se(!(S_IXUSR & st.st_mode)); ++ assert_se(!(S_IXGRP & st.st_mode)); ++ assert_se(!(S_IXOTH & st.st_mode)); ++ ++ assert_se(unlink(dst_file) == 0); ++ assert_se(rmdir(dst_dir) == 0); ++ ++ assert_se(stat(src_file, &st) == 0); ++ assert_se(make_mount_point_inode_from_stat(&st, dst_file, 0755) >= 0); ++ assert_se(stat(src_dir, &st) == 0); ++ assert_se(make_mount_point_inode_from_stat(&st, dst_dir, 0755) >= 0); ++ ++ assert_se(stat(dst_dir, &st) == 0); ++ assert_se(S_ISDIR(st.st_mode)); ++ assert_se(stat(dst_file, &st) == 0); ++ assert_se(S_ISREG(st.st_mode)); ++ assert_se(!(S_IXUSR & st.st_mode)); ++ assert_se(!(S_IXGRP & st.st_mode)); ++ assert_se(!(S_IXOTH & st.st_mode)); ++} ++ + int main(int argc, char *argv[]) { + test_setup_logging(LOG_DEBUG); + +@@ -311,6 +360,7 @@ int main(int argc, char *argv[]) { + test_mnt_id(); + test_path_is_mount_point(); + test_fd_is_mount_point(); ++ test_make_mount_point_inode(); + + return 0; + } diff --git a/debian/patches/basic-unit-name-adjust-comments.patch b/debian/patches/basic-unit-name-adjust-comments.patch new file mode 100644 index 0000000..d83b1d7 --- /dev/null +++ b/debian/patches/basic-unit-name-adjust-comments.patch @@ -0,0 +1,36 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 23 Jun 2021 11:52:56 +0200 +Subject: basic/unit-name: adjust comments +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +We already checked for "too long" right above… + +(cherry picked from commit 4e2544c30bfb95e7cb4d1551ba066b1a56520ad6) +--- + src/basic/unit-name.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c +index 9b6cacd..e286831 100644 +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { + if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ + return -ENAMETOOLONG; + +- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ ++ /* Refuse if this for some other reason didn't result in a valid name */ + if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) + return -EINVAL; + +@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha + if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ + return -ENAMETOOLONG; + +- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ ++ /* Refuse if this for some other reason didn't result in a valid name */ + if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) + return -EINVAL; + diff --git a/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch b/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch new file mode 100644 index 0000000..b080d25 --- /dev/null +++ b/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch @@ -0,0 +1,65 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 23 Jun 2021 11:46:41 +0200 +Subject: basic/unit-name: do not use strdupa() on a path + +The path may have unbounded length, for example through a fuse mount. + +CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and +ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo +and each mountpoint is passed to mount_setup_unit(), which calls +unit_name_path_escape() underneath. A local attacker who is able to mount a +filesystem with a very long path can crash systemd and the whole system. + +https://bugzilla.redhat.com/show_bug.cgi?id=1970887 + +The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we +can't easily check the length after simplification before doing the +simplification, which in turns uses a copy of the string we can write to. +So we can't reject paths that are too long before doing the duplication. +Hence the most obvious solution is to switch back to strdup(), as before +7410616cd9dbbec97cf98d75324da5cda2b2f7a2. + +(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) +(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce) +(cherry picked from commit 4a1c5f34bd3e1daed4490e9d97918e504d19733b) +(cherry picked from commit b00674347337b7531c92fdb65590ab253bb57538) +--- + src/basic/unit-name.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c +index 5f595af..9b6cacd 100644 +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { + } + + int unit_name_path_escape(const char *f, char **ret) { +- char *p, *s; ++ _cleanup_free_ char *p = NULL; ++ char *s; + + assert(f); + assert(ret); + +- p = strdupa(f); ++ p = strdup(f); + if (!p) + return -ENOMEM; + +@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { + if (!path_is_normalized(p)) + return -EINVAL; + +- /* Truncate trailing slashes */ ++ /* Truncate trailing slashes and skip leading slashes */ + delete_trailing_chars(p, "/"); +- +- /* Truncate leading slashes */ +- p = skip_leading_chars(p, "/"); +- +- s = unit_name_escape(p); ++ s = unit_name_escape(skip_leading_chars(p, "/")); + } + if (!s) + return -ENOMEM; diff --git a/debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch b/debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch new file mode 100644 index 0000000..0dffcf3 --- /dev/null +++ b/debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch @@ -0,0 +1,106 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 26 Feb 2021 17:39:55 +0100 +Subject: btrfs-util: add helper that abstracts "might be btrfs subvol?" check + +Let#s not hardcode inode nr 256 everywhere, but abstract this check +slightly. + +(cherry picked from commit 674b04ff1b6deab17f5d36c036c0275ba94e1ebc) +(cherry picked from commit 190c6bcfc3518bec964ab740085ac88ccc86dcc7) +--- + src/basic/btrfs-util.c | 6 +++--- + src/basic/btrfs-util.h | 10 ++++++++++ + src/basic/rm-rf.c | 2 +- + src/import/export-tar.c | 2 +- + src/shared/machine-image.c | 3 +-- + 5 files changed, 16 insertions(+), 7 deletions(-) + +diff --git a/src/basic/btrfs-util.c b/src/basic/btrfs-util.c +index 2634659..f0df51a 100644 +--- a/src/basic/btrfs-util.c ++++ b/src/basic/btrfs-util.c +@@ -91,7 +91,7 @@ int btrfs_is_subvol_fd(int fd) { + if (fstat(fd, &st) < 0) + return -errno; + +- if (!S_ISDIR(st.st_mode) || st.st_ino != 256) ++ if (!btrfs_might_be_subvol(&st)) + return 0; + + return btrfs_is_filesystem(fd); +@@ -194,7 +194,7 @@ int btrfs_subvol_set_read_only_fd(int fd, bool b) { + if (fstat(fd, &st) < 0) + return -errno; + +- if (!S_ISDIR(st.st_mode) || st.st_ino != 256) ++ if (!btrfs_might_be_subvol(&st)) + return -EINVAL; + + if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0) +@@ -229,7 +229,7 @@ int btrfs_subvol_get_read_only_fd(int fd) { + if (fstat(fd, &st) < 0) + return -errno; + +- if (!S_ISDIR(st.st_mode) || st.st_ino != 256) ++ if (!btrfs_might_be_subvol(&st)) + return -EINVAL; + + if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0) +diff --git a/src/basic/btrfs-util.h b/src/basic/btrfs-util.h +index c8b44f6..0f569b6 100644 +--- a/src/basic/btrfs-util.h ++++ b/src/basic/btrfs-util.h +@@ -127,3 +127,13 @@ static inline int btrfs_log_dev_root(int level, int ret, const char *p) { + "File system behind %s is reported by btrfs to be backed by pseudo-device /dev/root, which is not a valid userspace accessible device node. " + "Cannot determine correct backing block device.", p); + } ++ ++static inline bool btrfs_might_be_subvol(const struct stat *st) { ++ if (!st) ++ return false; ++ ++ /* Returns true if this 'struct stat' looks like it could refer to a btrfs subvolume. To make a final ++ * decision, needs to be combined with an fstatfs() check to see if this is actually btrfs. */ ++ ++ return S_ISDIR(st->st_mode) && st->st_ino == 256; ++} +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index b0d682f..4c39ce8 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -147,7 +147,7 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { + if (r > 0) + continue; + +- if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { ++ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { + + /* This could be a subvolume, try to remove it */ + +diff --git a/src/import/export-tar.c b/src/import/export-tar.c +index b8b650f..1e6b2c1 100644 +--- a/src/import/export-tar.c ++++ b/src/import/export-tar.c +@@ -283,7 +283,7 @@ int tar_export_start(TarExport *e, const char *path, int fd, ImportCompressType + + e->quota_referenced = (uint64_t) -1; + +- if (e->st.st_ino == 256) { /* might be a btrfs subvolume? */ ++ if (btrfs_might_be_subvol(&e->st)) { + BtrfsQuotaInfo q; + + r = btrfs_subvol_get_subtree_quota_fd(sfd, 0, &q); +diff --git a/src/shared/machine-image.c b/src/shared/machine-image.c +index 671a56b..c7cf5e9 100644 +--- a/src/shared/machine-image.c ++++ b/src/shared/machine-image.c +@@ -248,8 +248,7 @@ static int image_make( + if (fd < 0) + return -errno; + +- /* btrfs subvolumes have inode 256 */ +- if (st->st_ino == 256) { ++ if (btrfs_might_be_subvol(st)) { + + r = btrfs_is_filesystem(fd); + if (r < 0) diff --git a/debian/patches/core-fix-mtime-calculation-of-dropin-files.patch b/debian/patches/core-fix-mtime-calculation-of-dropin-files.patch new file mode 100644 index 0000000..4c6b1e8 --- /dev/null +++ b/debian/patches/core-fix-mtime-calculation-of-dropin-files.patch @@ -0,0 +1,100 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 4 Mar 2021 00:36:24 +0100 +Subject: core: fix mtime calculation of dropin files + +Nominally, the bug was in unit_load_dropin(), which just took the last mtime +instead of calculating the maximum. But instead of adding code to wrap the +loop, this patch goes in the other direction. + +All (correct) callers of config_parse() followed a very similar pattern to +calculate the maximum mtime. So let's simplify things by making config_parse() +assume that mtime is initialized and update it to the maximum. This makes all +the callers that care about mtime simpler and also fixes the issue in +unit_load_dropin(). + +config_parse_many_nulstr() and config_parse_many() are different, because it +makes sense to call them just once, and current ret_mtime behaviour make sense. + +Fixes #17730, https://bugzilla.redhat.com/show_bug.cgi?id=1933137. + +(cherry picked from commit da46a1bc3cd28ac36114002c216196dae004b05c) +--- + src/core/load-dropin.c | 1 + + src/shared/conf-parser.c | 15 +++++++-------- + src/shared/conf-parser.h | 2 +- + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c +index d1c85e2..3bb4856 100644 +--- a/src/core/load-dropin.c ++++ b/src/core/load-dropin.c +@@ -112,6 +112,7 @@ int unit_load_dropin(Unit *u) { + return log_oom(); + } + ++ u->dropin_mtime = 0; + STRV_FOREACH(f, u->dropin_paths) + (void) config_parse( + u->id, *f, NULL, +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index 35d301d..099c47a 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -259,7 +259,7 @@ int config_parse(const char *unit, + const void *table, + ConfigParseFlags flags, + void *userdata, +- usec_t *ret_mtime) { ++ usec_t *latest_mtime) { + + _cleanup_free_ char *section = NULL, *continuation = NULL; + _cleanup_fclose_ FILE *ours = NULL; +@@ -271,6 +271,9 @@ int config_parse(const char *unit, + assert(filename); + assert(lookup); + ++ /* latest_mtime is an input-output parameter: it will be updated if the mtime of the file we're ++ * looking at is later than the current *latest_mtime value. */ ++ + if (!f) { + f = ours = fopen(filename, "re"); + if (!f) { +@@ -413,8 +416,8 @@ int config_parse(const char *unit, + } + } + +- if (ret_mtime) +- *ret_mtime = mtime; ++ if (latest_mtime) ++ *latest_mtime = MAX(*latest_mtime, mtime); + + return 0; + } +@@ -440,13 +443,9 @@ static int config_parse_many_files( + } + + STRV_FOREACH(fn, files) { +- usec_t t; +- +- r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &t); ++ r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &mtime); + if (r < 0) + return r; +- if (t > mtime) /* Find the newest */ +- mtime = t; + } + + if (ret_mtime) +diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h +index f115cb2..84c9bf6 100644 +--- a/src/shared/conf-parser.h ++++ b/src/shared/conf-parser.h +@@ -89,7 +89,7 @@ int config_parse( + const void *table, + ConfigParseFlags flags, + void *userdata, +- usec_t *ret_mtime); /* possibly NULL */ ++ usec_t *latest_mtime); /* input/output, possibly NULL */ + + int config_parse_many_nulstr( + const char *conf_file, /* possibly NULL */ diff --git a/debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch b/debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch new file mode 100644 index 0000000..f1029d3 --- /dev/null +++ b/debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch @@ -0,0 +1,388 @@ +From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> +Date: Mon, 28 Nov 2022 12:12:55 +0100 +Subject: coredump: do not allow user to access coredumps with changed + uid/gid/capabilities + +When the user starts a program which elevates its permissions via setuid, +setgid, or capabilities set on the file, it may access additional information +which would then be visible in the coredump. We shouldn't make the the coredump +visible to the user in such cases. + +Reported-by: Matthias Gerstner <mgerstner@suse.de> + +This reads the /proc/<pid>/auxv file and attaches it to the process metadata as +PROC_AUXV. Before the coredump is submitted, it is parsed and if either +at_secure was set (which the kernel will do for processes that are setuid, +setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file +is not made accessible to the user. If we can't access this data, we assume the +file should not be made accessible either. In principle we could also access +the auxv data from a note in the core file, but that is much more complex and +it seems better to use the stand-alone file that is provided by the kernel. + +Attaching auxv is both convient for this patch (because this way it's passed +between the stages along with other fields), but I think it makes sense to save +it in general. + +We use the information early in the core file to figure out if the program was +32-bit or 64-bit and its endianness. This way we don't need heuristics to guess +whether the format of the auxv structure. This test might reject some cases on +fringe architecutes. But the impact would be limited: we just won't grant the +user permissions to view the coredump file. If people report that we're missing +some cases, we can always enhance this to support more architectures. + +I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and +ppc64el, but not the whole coredump handling. + +(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03) +(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c) +(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57) +(cherry picked from commit 1d5e0e9910500f3c3584485f77bfc35e601036e3) +(cherry picked from commit 8215e1527d859e77dd1378fd7e42bbd32130edb3) +(cherry picked from commit 786df410b1cb3a2294c9a5d118c958525e7439e6) +--- + src/basic/io-util.h | 9 +++ + src/coredump/coredump.c | 200 ++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 194 insertions(+), 15 deletions(-) + +diff --git a/src/basic/io-util.h b/src/basic/io-util.h +index d817714..dacec71 100644 +--- a/src/basic/io-util.h ++++ b/src/basic/io-util.h +@@ -85,7 +85,16 @@ struct iovec_wrapper *iovw_new(void); + struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw); + struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw); + void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors); ++ + int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len); ++static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) { ++ /* Move data into iovw or free on error */ ++ int r = iovw_put(iovw, data, len); ++ if (r < 0) ++ free(data); ++ return r; ++} ++ + int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value); + int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value); + void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new); +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index 0a1cb91..b60dff3 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -3,6 +3,7 @@ + #include <errno.h> + #include <stdio.h> + #include <sys/prctl.h> ++#include <sys/auxv.h> + #include <sys/xattr.h> + #include <unistd.h> + +@@ -96,6 +97,7 @@ enum { + + META_EXE = _META_MANDATORY_MAX, + META_UNIT, ++ META_PROC_AUXV, + _META_MAX + }; + +@@ -110,10 +112,12 @@ static const char * const meta_field_names[_META_MAX] = { + [META_COMM] = "COREDUMP_COMM=", + [META_EXE] = "COREDUMP_EXE=", + [META_UNIT] = "COREDUMP_UNIT=", ++ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=", + }; + + typedef struct Context { + const char *meta[_META_MAX]; ++ size_t meta_size[_META_MAX]; + pid_t pid; + bool is_pid1; + bool is_journald; +@@ -175,14 +179,17 @@ static uint64_t storage_size_max(void) { + return 0; + } + +-static int fix_acl(int fd, uid_t uid) { +- +-#if HAVE_ACL +- int r; +- ++static int fix_acl(int fd, uid_t uid, bool allow_user) { + assert(fd >= 0); + assert(uid_is_valid(uid)); + ++#if HAVE_ACL ++ int r; ++ ++ /* We don't allow users to read coredumps if the uid or capabilities were changed. */ ++ if (!allow_user) ++ return 0; ++ + if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) + return 0; + +@@ -242,7 +249,8 @@ static int fix_permissions( + const char *filename, + const char *target, + const Context *context, +- uid_t uid) { ++ uid_t uid, ++ bool allow_user) { + + int r; + +@@ -252,7 +260,7 @@ static int fix_permissions( + + /* Ignore errors on these */ + (void) fchmod(fd, 0640); +- (void) fix_acl(fd, uid); ++ (void) fix_acl(fd, uid, allow_user); + (void) fix_xattr(fd, context); + + if (fsync(fd) < 0) +@@ -323,6 +331,153 @@ static int make_filename(const Context *context, char **ret) { + return 0; + } + ++static int parse_auxv64( ++ const uint64_t *auxv, ++ size_t size_bytes, ++ int *at_secure, ++ uid_t *uid, ++ uid_t *euid, ++ gid_t *gid, ++ gid_t *egid) { ++ ++ assert(auxv || size_bytes == 0); ++ ++ if (size_bytes % (2 * sizeof(uint64_t)) != 0) ++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); ++ ++ size_t words = size_bytes / sizeof(uint64_t); ++ ++ /* Note that we set output variables even on error. */ ++ ++ for (size_t i = 0; i + 1 < words; i += 2) ++ switch (auxv[i]) { ++ case AT_SECURE: ++ *at_secure = auxv[i + 1] != 0; ++ break; ++ case AT_UID: ++ *uid = auxv[i + 1]; ++ break; ++ case AT_EUID: ++ *euid = auxv[i + 1]; ++ break; ++ case AT_GID: ++ *gid = auxv[i + 1]; ++ break; ++ case AT_EGID: ++ *egid = auxv[i + 1]; ++ break; ++ case AT_NULL: ++ if (auxv[i + 1] != 0) ++ goto error; ++ return 0; ++ } ++ error: ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), ++ "AT_NULL terminator not found, cannot parse auxv structure."); ++} ++ ++static int parse_auxv32( ++ const uint32_t *auxv, ++ size_t size_bytes, ++ int *at_secure, ++ uid_t *uid, ++ uid_t *euid, ++ gid_t *gid, ++ gid_t *egid) { ++ ++ assert(auxv || size_bytes == 0); ++ ++ size_t words = size_bytes / sizeof(uint32_t); ++ ++ if (size_bytes % (2 * sizeof(uint32_t)) != 0) ++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); ++ ++ /* Note that we set output variables even on error. */ ++ ++ for (size_t i = 0; i + 1 < words; i += 2) ++ switch (auxv[i]) { ++ case AT_SECURE: ++ *at_secure = auxv[i + 1] != 0; ++ break; ++ case AT_UID: ++ *uid = auxv[i + 1]; ++ break; ++ case AT_EUID: ++ *euid = auxv[i + 1]; ++ break; ++ case AT_GID: ++ *gid = auxv[i + 1]; ++ break; ++ case AT_EGID: ++ *egid = auxv[i + 1]; ++ break; ++ case AT_NULL: ++ if (auxv[i + 1] != 0) ++ goto error; ++ return 0; ++ } ++ error: ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), ++ "AT_NULL terminator not found, cannot parse auxv structure."); ++} ++ ++static int grant_user_access(int core_fd, const Context *context) { ++ int at_secure = -1; ++ uid_t uid = UID_INVALID, euid = UID_INVALID; ++ uid_t gid = GID_INVALID, egid = GID_INVALID; ++ int r; ++ ++ assert(core_fd >= 0); ++ assert(context); ++ ++ if (!context->meta[META_PROC_AUXV]) ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions."); ++ ++ uint8_t elf[EI_NIDENT]; ++ errno = 0; ++ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf)) ++ return log_warning_errno(errno_or_else(EIO), ++ "Failed to pread from coredump fd: %s", errno != 0 ? strerror_safe(errno) : "Unexpected EOF"); ++ ++ if (elf[EI_MAG0] != ELFMAG0 || ++ elf[EI_MAG1] != ELFMAG1 || ++ elf[EI_MAG2] != ELFMAG2 || ++ elf[EI_MAG3] != ELFMAG3 || ++ elf[EI_VERSION] != EV_CURRENT) ++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), ++ "Core file does not have ELF header, not adjusting permissions."); ++ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) || ++ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB)) ++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), ++ "Core file has strange ELF class, not adjusting permissions."); ++ ++ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN)) ++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), ++ "Core file has non-native endianness, not adjusting permissions."); ++ ++ if (elf[EI_CLASS] == ELFCLASS64) ++ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV], ++ context->meta_size[META_PROC_AUXV], ++ &at_secure, &uid, &euid, &gid, &egid); ++ else ++ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV], ++ context->meta_size[META_PROC_AUXV], ++ &at_secure, &uid, &euid, &gid, &egid); ++ if (r < 0) ++ return r; ++ ++ /* We allow access if we got all the data and at_secure is not set and ++ * the uid/gid matches euid/egid. */ ++ bool ret = ++ at_secure == 0 && ++ uid != UID_INVALID && euid != UID_INVALID && uid == euid && ++ gid != GID_INVALID && egid != GID_INVALID && gid == egid; ++ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)", ++ ret ? "permit" : "restrict", ++ uid, euid, gid, egid, yes_no(at_secure)); ++ return ret; ++} ++ + static int save_external_coredump( + const Context *context, + int input_fd, +@@ -403,6 +558,8 @@ static int save_external_coredump( + goto fail; + } + ++ bool allow_user = grant_user_access(fd, context) > 0; ++ + #if HAVE_COMPRESSION + /* If we will remove the coredump anyway, do not compress. */ + if (arg_compress && !maybe_remove_external_coredump(NULL, st.st_size)) { +@@ -428,7 +585,7 @@ static int save_external_coredump( + goto fail_compressed; + } + +- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); ++ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user); + if (r < 0) + goto fail_compressed; + +@@ -451,7 +608,7 @@ static int save_external_coredump( + uncompressed: + #endif + +- r = fix_permissions(fd, tmp, fn, context, uid); ++ r = fix_permissions(fd, tmp, fn, context, uid, allow_user); + if (r < 0) + goto fail; + +@@ -700,7 +857,7 @@ static int change_uid_gid(const Context *context) { + } + + static int submit_coredump( +- Context *context, ++ const Context *context, + struct iovec_wrapper *iovw, + int input_fd) { + +@@ -822,16 +979,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { + struct iovec *iovec = iovw->iovec + n; + + for (i = 0; i < ELEMENTSOF(meta_field_names); i++) { +- char *p; +- + /* Note that these strings are NUL terminated, because we made sure that a + * trailing NUL byte is in the buffer, though not included in the iov_len + * count (see process_socket() and gather_pid_metadata_*()) */ + assert(((char*) iovec->iov_base)[iovec->iov_len] == 0); + +- p = startswith(iovec->iov_base, meta_field_names[i]); ++ const char *p = startswith(iovec->iov_base, meta_field_names[i]); + if (p) { + context->meta[i] = p; ++ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]); + count++; + break; + } +@@ -1074,6 +1230,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { + uid_t owner_uid; + pid_t pid; + char *t; ++ size_t size; + const char *p; + int r; + +@@ -1139,13 +1296,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { + (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t); + + p = procfs_file_alloca(pid, "cgroup"); +- if (read_full_file(p, &t, NULL) >=0) ++ if (read_full_file(p, &t, NULL) >= 0) + (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t); + + p = procfs_file_alloca(pid, "mountinfo"); +- if (read_full_file(p, &t, NULL) >=0) ++ if (read_full_file(p, &t, NULL) >= 0) + (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t); + ++ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */ ++ p = procfs_file_alloca(pid, "auxv"); ++ if (read_full_virtual_file(p, &t, &size) >= 0) { ++ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1); ++ if (buf) { ++ /* Add a dummy terminator to make save_context() happy. */ ++ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0'; ++ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV=")); ++ } ++ ++ free(t); ++ } ++ + if (get_process_cwd(pid, &t) >= 0) + (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t); + diff --git a/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch new file mode 100644 index 0000000..7645d97 --- /dev/null +++ b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch @@ -0,0 +1,77 @@ +From: Martin Pitt <mpitt@debian.org> +Date: Wed, 18 Jan 2017 11:21:35 +0100 +Subject: Add env variable for machine ID path + +During package build, in minimal chroots, or other systems which do not already +have an /etc/machine-id we get six test failures. Introduce a +$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location +other than /etc/machine-id, so that the unit tests are independent from the +environment. + +Also adjust test-fs-util to not assume that /etc/machine-id exists. Use +/etc/passwd instead which is created by base-files. + +Closes: #851445 + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344 +--- + src/libsystemd/sd-id128/sd-id128.c | 2 +- + src/test/test-fs-util.c | 11 +++++++---- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c +index d5de935..78612a0 100644 +--- a/src/libsystemd/sd-id128/sd-id128.c ++++ b/src/libsystemd/sd-id128/sd-id128.c +@@ -88,7 +88,7 @@ _public_ int sd_id128_get_machine(sd_id128_t *ret) { + assert_return(ret, -EINVAL); + + if (sd_id128_is_null(saved_machine_id)) { +- r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id); ++ r = id128_read(getenv("SYSTEMD_MACHINE_ID_PATH") ?: "/etc/machine-id", ID128_PLAIN, &saved_machine_id); + if (r < 0) + return r; + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index d1f9252..4c93adb 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -211,7 +211,7 @@ static void test_chase_symlinks(void) { + assert_se(streq(result, "/test-chase.fsldajfl")); + result = mfree(result); + +- r = chase_symlinks("/etc/machine-id/foo", NULL, 0, &result, NULL); ++ r = chase_symlinks("/etc/passwd/foo", NULL, 0, &result, NULL); + assert_se(r == -ENOTDIR); + result = mfree(result); + +@@ -284,23 +284,26 @@ static void test_chase_symlinks(void) { + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL, NULL) >= 0); + } + +- p = strjoina(temp, "/machine-id-test"); +- assert_se(symlink("/usr/../etc/./machine-id", p) >= 0); ++ p = strjoina(temp, "/passwd-test"); ++ assert_se(symlink("/usr/../etc/./passwd", p) >= 0); + + r = chase_symlinks(p, NULL, 0, NULL, &pfd); + if (r != -ENOENT) { + _cleanup_close_ int fd = -1; ++/* + sd_id128_t a, b; ++*/ + + assert_se(pfd >= 0); + + fd = fd_reopen(pfd, O_RDONLY|O_CLOEXEC); + assert_se(fd >= 0); + safe_close(pfd); +- ++/* + assert_se(id128_read_fd(fd, ID128_PLAIN, &a) >= 0); + assert_se(sd_id128_get_machine(&b) >= 0); + assert_se(sd_id128_equal(a, b)); ++*/ + } + + /* Test CHASE_NOFOLLOW */ diff --git a/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch new file mode 100644 index 0000000..226dea2 --- /dev/null +++ b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch @@ -0,0 +1,30 @@ +From: Julien Muchembled <jm@jmuchemb.eu> +Date: Tue, 29 Apr 2014 11:40:50 +0200 +Subject: Add support for TuxOnIce hibernation + +systemd does not support non-mainline kernel features so upstream rejected this +patch. +It is however required for systemd integration by tuxonice-userui package. + +Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html +--- + src/shared/sleep-config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c +index cea5148..66e1675 100644 +--- a/src/shared/sleep-config.c ++++ b/src/shared/sleep-config.c +@@ -471,6 +471,12 @@ static bool enough_swap_for_hibernation(void) { + if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0) + return true; + ++ /* TuxOnIce is an alternate implementation for hibernation. ++ * It can be configured to compress the image to a file or an inactive ++ * swap partition, so there's nothing more we can do here. */ ++ if (access("/sys/power/tuxonice", F_OK) == 0) ++ return true; ++ + r = find_hibernate_location(&hibernate_location); + if (r < 0) + return false; diff --git a/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch new file mode 100644 index 0000000..d99ea42 --- /dev/null +++ b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch @@ -0,0 +1,21 @@ +From: Tollef Fog Heen <tfheen@err.no> +Date: Tue, 5 Jun 2012 20:59:36 +0200 +Subject: Bring tmpfiles.d/tmp.conf in line with Debian defaults + +Closes: #675422 +--- + tmpfiles.d/tmp.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf +index fe5225d..39cb5cc 100644 +--- a/tmpfiles.d/tmp.conf ++++ b/tmpfiles.d/tmp.conf +@@ -8,5 +8,5 @@ + # See tmpfiles.d(5) for details + + # Clear tmp directories separately, to make them easier to override +-q /tmp 1777 root root 10d +-q /var/tmp 1777 root root 30d ++D /tmp 1777 root root - ++#q /var/tmp 1777 root root 30d diff --git a/debian/patches/debian/Don-t-enable-audit-by-default.patch b/debian/patches/debian/Don-t-enable-audit-by-default.patch new file mode 100644 index 0000000..b4cf902 --- /dev/null +++ b/debian/patches/debian/Don-t-enable-audit-by-default.patch @@ -0,0 +1,53 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Sun, 28 Dec 2014 12:49:35 +0100 +Subject: Don't enable audit by default + +It causes flooding of dmesg and syslog, suppressing actually important +messages. + +Don't enable it for now, until a better solution is found: +http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html + +Bug-Debian: https://bugs.debian.org/773528 +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 2 +- + src/journal/journald.conf | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 2134a1d..a4a42a4 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -417,7 +417,7 @@ + <command>systemd-journald</command> collects generated audit records, it just controls whether it + tells the kernel to generate them. This means if another tool turns on auditing even if + <command>systemd-journald</command> left it off, it will still collect the generated +- messages. Defaults to on.</para></listitem> ++ messages. Defaults to off.</para></listitem> + </varlistentry> + + <varlistentry> +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index ce15766..bd7fa8f 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2188,7 +2188,7 @@ int server_init(Server *s, const char *namespace) { + .compress.threshold_bytes = (uint64_t) -1, + .seal = true, + +- .set_audit = true, ++ .set_audit = false, + + .watchdog_usec = USEC_INFINITY, + +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index d6cd5b1..5e4b0e2 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -41,4 +41,4 @@ + #MaxLevelWall=emerg + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++#Audit=no diff --git a/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch b/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch new file mode 100644 index 0000000..1b5b03d --- /dev/null +++ b/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch @@ -0,0 +1,74 @@ +From: Michael Biebl <biebl@debian.org> +Date: Tue, 16 Feb 2021 00:18:50 +0100 +Subject: Downgrade a couple of warnings to debug + +If a package still ships only a SysV init script or if a service file or +tmpfile uses /var/run, downgrade those messages to debug. We can use +lintian to detect those issues. +For service files and tmpfiles in /etc, keep the warning, as those files +are typically added locally and aren't checked by lintian. + +Closes: #981407 +--- + src/core/load-fragment.c | 4 +++- + src/sysv-generator/sysv-generator.c | 2 +- + src/tmpfiles/tmpfiles.c | 4 +++- + 3 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 5b66fb1..df5669a 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -372,6 +372,7 @@ static int patch_var_run( + + const char *e; + char *z; ++ int log_level; + + e = path_startswith(*path, "/var/run/"); + if (!e) +@@ -381,7 +382,8 @@ static int patch_var_run( + if (!z) + return log_oom(); + +- log_syntax(unit, LOG_NOTICE, filename, line, 0, ++ log_level = path_startswith(filename, "/etc") ? LOG_NOTICE : LOG_DEBUG; ++ log_syntax(unit, log_level, filename, line, 0, + "%s= references a path below legacy directory /var/run/, updating %s → %s; " + "please update the unit file accordingly.", lvalue, *path, z); + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index 008a825..ab0054e 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -787,7 +787,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) { + if (!fpath) + return log_oom(); + +- log_warning("SysV service '%s' lacks a native systemd unit file. " ++ log_debug("SysV service '%s' lacks a native systemd unit file. " + "Automatically generating a unit file for compatibility. " + "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 9906c70..31e5707 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -2538,6 +2538,7 @@ static int specifier_expansion_from_arg(Item *i) { + static int patch_var_run(const char *fname, unsigned line, char **path) { + const char *k; + char *n; ++ int log_level; + + assert(path); + assert(*path); +@@ -2563,7 +2564,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) { + /* Also log about this briefly. We do so at LOG_NOTICE level, as we fixed up the situation automatically, hence + * there's no immediate need for action by the user. However, in the interest of making things less confusing + * to the user, let's still inform the user that these snippets should really be updated. */ +- log_syntax(NULL, LOG_NOTICE, fname, line, 0, "Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", *path, n); ++ log_level = path_startswith(fname, "/etc") ? LOG_NOTICE : LOG_DEBUG; ++ log_syntax(NULL, log_level, fname, line, 0, "Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", *path, n); + + free_and_replace(*path, n); + diff --git a/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch new file mode 100644 index 0000000..4ce4884 --- /dev/null +++ b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch @@ -0,0 +1,31 @@ +From: Michael Biebl <biebl@debian.org> +Date: Wed, 18 Jul 2018 23:49:16 +0200 +Subject: Drop seccomp system call filter for udev + +The seccomp based system call whitelist requires at least systemd 239 to +be the active init and during a dist-upgrade we can't guarantee that +systemd has been fully configured before udev is restarted. + +This partially reverts upstream commit +ee8f26180d01e3ddd4e5f20b03b81e5e737657ae. + +Once buster is released, this patch can be dropped. + +Closes: #903224 +--- + units/systemd-udevd.service.in | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in +index f3458d9..225eac2 100644 +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -35,8 +35,6 @@ MemoryDenyWriteExecute=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 + RestrictRealtime=yes + RestrictSUIDSGID=yes +-SystemCallFilter=@system-service @module @raw-io +-SystemCallErrorNumber=EPERM + SystemCallArchitectures=native + LockPersonality=yes + IPAddressDeny=any diff --git a/debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch b/debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch new file mode 100644 index 0000000..3e9aa5a --- /dev/null +++ b/debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch @@ -0,0 +1,69 @@ +From: Michael Biebl <biebl@debian.org> +Date: Mon, 17 Aug 2020 22:11:19 +0200 +Subject: Keep journal files compatible with older versions + +Disable the KEYED-HASH journal feature by default and keep LZ4 (instead +of ZSTD) as default compression for new journal files. Otherwise journal +files are incompatible and can't be read by older journalctl +implementations. + +This patch can be dropped in bullseye+1, as journalctl from bullseye +will then be able to read journal files with those features. + +Closes: #968055 +--- + src/journal/compress.h | 10 +++++----- + src/journal/journal-file.c | 8 ++++---- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/journal/compress.h b/src/journal/compress.h +index db7f399..6cd9290 100644 +--- a/src/journal/compress.h ++++ b/src/journal/compress.h +@@ -18,14 +18,14 @@ int compress_blob_zstd(const void *src, uint64_t src_size, + static inline int compress_blob(const void *src, uint64_t src_size, + void *dst, size_t dst_alloc_size, size_t *dst_size) { + int r; +-#if HAVE_ZSTD +- r = compress_blob_zstd(src, src_size, dst, dst_alloc_size, dst_size); +- if (r == 0) +- return OBJECT_COMPRESSED_ZSTD; +-#elif HAVE_LZ4 ++#if HAVE_LZ4 + r = compress_blob_lz4(src, src_size, dst, dst_alloc_size, dst_size); + if (r == 0) + return OBJECT_COMPRESSED_LZ4; ++#elif HAVE_ZSTD ++ r = compress_blob_zstd(src, src_size, dst, dst_alloc_size, dst_size); ++ if (r == 0) ++ return OBJECT_COMPRESSED_ZSTD; + #elif HAVE_XZ + r = compress_blob_xz(src, src_size, dst, dst_alloc_size, dst_size); + if (r == 0) +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index 15336be..6ce18c9 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -3411,10 +3411,10 @@ int journal_file_open( + .prot = prot_from_flags(flags), + .writable = (flags & O_ACCMODE) != O_RDONLY, + +-#if HAVE_ZSTD +- .compress_zstd = compress, +-#elif HAVE_LZ4 ++#if HAVE_LZ4 + .compress_lz4 = compress, ++#elif HAVE_ZSTD ++ .compress_zstd = compress, + #elif HAVE_XZ + .compress_xz = compress, + #endif +@@ -3432,7 +3432,7 @@ int journal_file_open( + if (r < 0) { + if (r != -ENXIO) + log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_KEYED_HASH environment variable, ignoring."); +- f->keyed_hash = true; ++ f->keyed_hash = false; + } else + f->keyed_hash = r; + diff --git a/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch new file mode 100644 index 0000000..cf8db56 --- /dev/null +++ b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch @@ -0,0 +1,22 @@ +From: Iain Lane <iain@orangesquash.org.uk> +Date: Mon, 22 Aug 2016 07:03:27 +0200 +Subject: Let graphical-session-pre.target be manually started + +This is needed until https://github.com/systemd/systemd/issues/3750 is fixed. + +Forwarded: not-needed +Bug-Ubuntu: https://launchpad.net/bugs/1615341 +--- + units/user/graphical-session-pre.target | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target +index 4b9e3dc..dffaf85 100644 +--- a/units/user/graphical-session-pre.target ++++ b/units/user/graphical-session-pre.target +@@ -12,5 +12,4 @@ Description=Session services which should run early before the graphical session + Documentation=man:systemd.special(7) + Requires=basic.target + Before=graphical-session.target +-RefuseManualStart=yes + StopWhenUnneeded=yes diff --git a/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch new file mode 100644 index 0000000..a596b7a --- /dev/null +++ b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch @@ -0,0 +1,42 @@ +From: Michael Biebl <biebl@debian.org> +Date: Fri, 5 Sep 2014 01:15:16 +0200 +Subject: Make /run/lock tmpfs an API fs + +The /run/lock directory is world-writable in Debian due to historic +reasons. To avoid user processes filling up /run, we mount a separate +tmpfs for /run/lock. As this directory needs to be available during +early boot, we make it an API fs. + +Drop it from tmpfiles.d/legacy.conf to not clobber the permissions. + +Closes: #751392 +--- + src/core/mount-setup.c | 2 ++ + tmpfiles.d/legacy.conf | 1 - + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index 915b101..7a330dd 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -86,6 +86,8 @@ static const MountPoint mount_table[] = { + #endif + { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, ++ { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NOEXEC|MS_NODEV, ++ NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate,memory_recursiveprot", MS_NOSUID|MS_NOEXEC|MS_NODEV, + cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, +diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf +index 62e2ae0..ea5e735 100644 +--- a/tmpfiles.d/legacy.conf ++++ b/tmpfiles.d/legacy.conf +@@ -10,7 +10,6 @@ + # These files are considered legacy and are unnecessary on legacy-free + # systems. + +-d /run/lock 0755 root root - + L /var/lock - - - - ../run/lock + + # /run/lock/subsys is used for serializing SysV service execution, and diff --git a/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch b/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch new file mode 100644 index 0000000..ae0bb3f --- /dev/null +++ b/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch @@ -0,0 +1,68 @@ +From: Michael Biebl <biebl@debian.org> +Date: Thu, 15 Oct 2020 23:11:01 +0200 +Subject: Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr + +In Debian, late mounting of /usr is no longer supported, so it is safe +to install those files in /usr. +We want those facilities in /usr, not /, as this will make an eventual +switch to a merged-usr setup easier. + +Closes: #971282 +--- + src/core/systemd.pc.in | 8 ++++---- + src/libsystemd/sd-path/sd-path.c | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index b5cc8f9..21dbf30 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -65,16 +65,16 @@ systemdshutdowndir=${systemd_shutdown_dir} + tmpfiles_dir=${prefix}/lib/tmpfiles.d + tmpfilesdir=${tmpfiles_dir} + +-sysusers_dir=${rootprefix}/lib/sysusers.d ++sysusers_dir=${prefix}/lib/sysusers.d + sysusersdir=${sysusers_dir} + +-sysctl_dir=${rootprefix}/lib/sysctl.d ++sysctl_dir=${prefix}/lib/sysctl.d + sysctldir=${sysctl_dir} + +-binfmt_dir=${rootprefix}/lib/binfmt.d ++binfmt_dir=${prefix}/lib/binfmt.d + binfmtdir=${binfmt_dir} + +-modules_load_dir=${rootprefix}/lib/modules-load.d ++modules_load_dir=${prefix}/lib/modules-load.d + modulesloaddir=${modules_load_dir} + + catalog_dir=${prefix}/lib/systemd/catalog +diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c +index 61ed7cb..682e3f1 100644 +--- a/src/libsystemd/sd-path/sd-path.c ++++ b/src/libsystemd/sd-path/sd-path.c +@@ -369,19 +369,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) { + return 0; + + case SD_PATH_SYSUSERS: +- *ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d"; ++ *ret = "/usr/lib/sysusers.d"; + return 0; + + case SD_PATH_SYSCTL: +- *ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d"; ++ *ret = "/usr/lib/sysctl.d"; + return 0; + + case SD_PATH_BINFMT: +- *ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d"; ++ *ret = "/usr/lib/binfmt.d"; + return 0; + + case SD_PATH_MODULES_LOAD: +- *ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d"; ++ *ret = "/usr/lib/modules-load.d"; + return 0; + + case SD_PATH_CATALOG: diff --git a/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch new file mode 100644 index 0000000..4683aae --- /dev/null +++ b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch @@ -0,0 +1,24 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Mon, 9 Feb 2015 10:53:43 +0100 +Subject: Only start logind if dbus is installed + +logind fails to start in environments without dbus, such as LXC containers or +servers. Add a startup condition to avoid the very noisy startup failure. + +Part of #772700 +--- + units/systemd-logind.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in +index f131b60..952a07c 100644 +--- a/units/systemd-logind.service.in ++++ b/units/systemd-logind.service.in +@@ -16,6 +16,7 @@ Documentation=man:org.freedesktop.login1(5) + + Wants=user.slice modprobe@drm.service + After=nss-user-lookup.target user.slice modprobe@drm.service ++ConditionPathExists=/lib/systemd/system/dbus.service + + # Ask for the dbus socket. + Wants=dbus.socket diff --git a/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch new file mode 100644 index 0000000..68b08a0 --- /dev/null +++ b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch @@ -0,0 +1,56 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Fri, 28 Nov 2014 14:43:25 +0100 +Subject: Re-enable journal forwarding to syslog + +Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers +can/do all read from the journal directly. See + + http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html + +for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved +to pulling from the journal one by one and disable forwarding again in such a +conf.d snippet. +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 1 + + src/journal/journald.conf | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 959815a..2134a1d 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -344,7 +344,7 @@ + traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall + messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is + enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default, +- only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel ++ only forwarding to syslog and wall is enabled. These settings may be overridden at boot time with the kernel + command line options <literal>systemd.journald.forward_to_syslog</literal>, + <literal>systemd.journald.forward_to_kmsg</literal>, + <literal>systemd.journald.forward_to_console</literal>, and +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 10ebc3e..ce15766 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2198,6 +2198,7 @@ int server_init(Server *s, const char *namespace) { + .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL, + .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST, + ++ .forward_to_syslog = true, + .forward_to_wall = true, + + .max_file_usec = DEFAULT_MAX_FILE_USEC, +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 2e1aacd..d6cd5b1 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -29,7 +29,7 @@ + #RuntimeMaxFiles=100 + #MaxRetentionSec= + #MaxFileSec=1month +-#ForwardToSyslog=no ++#ForwardToSyslog=yes + #ForwardToKMsg=no + #ForwardToConsole=no + #ForwardToWall=yes diff --git a/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch new file mode 100644 index 0000000..3346001 --- /dev/null +++ b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch @@ -0,0 +1,37 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Mon, 27 Apr 2015 15:29:13 +0200 +Subject: Revert "core: one step back again, + for nspawn we actually can't wait for cgroups running empty since systemd + will get exactly zero notifications about it" + +This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. + +Bug-Debian: https://bugs.debian.org/784720 +Bug-Ubuntu: https://launchpad.net/bugs/1448259 +Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137 +--- + src/core/unit.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 45a417a..811e038 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -5106,16 +5106,7 @@ int unit_kill_context( + + } else if (r > 0) { + +- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if +- * we are running in a container or if this is a delegation unit, simply because cgroup +- * notification is unreliable in these cases. It doesn't work at all in containers, and outside +- * of containers it can be confused easily by left-over directories in the cgroup — which +- * however should not exist in non-delegated units. On the unified hierarchy that's different, +- * there we get proper events. Hence rely on them. */ +- +- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 || +- (detect_container() == 0 && !unit_cgroup_delegate(u))) +- wait_for_exit = true; ++ wait_for_exit = true; + + if (send_sighup) { + set_free(pid_set); diff --git a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch new file mode 100644 index 0000000..7ed358b --- /dev/null +++ b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch @@ -0,0 +1,46 @@ +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Sat, 27 Feb 2016 12:27:06 +0100 +Subject: Revert "core: set RLIMIT_CORE to unlimited by default" + +Partially revert commit 15a900327ab as this completely breaks core dumps +without systemd-coredump. It's also contradicting core(8), and it's not +systemd's place to redefine the kernel definitions of core files. + +Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This +isn't what RLIMIT_CORE is supposed to do (it limits the size of the core +*file*, but the kernel deliberately ignores it for piping), so set a static +2^63 core size limit for systemd-coredump to go back to the previous behaviour +(otherwise the change above would break systemd-coredump). + +Bug-Debian: https://bugs.debian.org/815020 +--- + src/core/main.c | 2 -- + sysctl.d/50-coredump.conf.in | 2 +- + 2 files changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index a280b75..5c2a73a 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2669,8 +2669,6 @@ int main(int argc, char *argv[]) { + kernel_timestamp = DUAL_TIMESTAMP_NULL; + } + +- initialize_coredump(skip_setup); +- + r = fixup_environment(); + if (r < 0) { + log_emergency_errno(r, "Failed to fix up PID 1 environment: %m"); +diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in +index 4338756..8e501c4 100644 +--- a/sysctl.d/50-coredump.conf.in ++++ b/sysctl.d/50-coredump.conf.in +@@ -13,7 +13,7 @@ + # the core dump. + # + # See systemd-coredump(8) and core(5). +-kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h ++kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t 9223372036854775808 %h + + # Allow that 16 coredumps are dispatched in parallel by the kernel. We want to + # be able to collect process metadata from /proc/%P/ while processing diff --git a/debian/patches/debian/Revert-udev-fix-memleak.patch b/debian/patches/debian/Revert-udev-fix-memleak.patch new file mode 100644 index 0000000..ed90a10 --- /dev/null +++ b/debian/patches/debian/Revert-udev-fix-memleak.patch @@ -0,0 +1,30 @@ +From: Michael Biebl <biebl@debian.org> +Date: Sat, 25 Sep 2021 21:07:17 +0200 +Subject: Revert "udev: fix memleak" + +This reverts commit 5dd2b56443e2ed81c238094f516a622804b35518. +--- + src/udev/udev-node.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index b8b93ee..2cc78c9 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -194,7 +194,7 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, + + /* manage "stack of names" with possibly specified device priorities */ + static int link_update(sd_device *dev, const char *slink, bool add) { +- _cleanup_free_ char *filename = NULL, *dirname = NULL; ++ _cleanup_free_ char *target = NULL, *filename = NULL, *dirname = NULL; + char name_enc[PATH_MAX]; + const char *id_filename; + int i, r, retries; +@@ -237,7 +237,6 @@ static int link_update(sd_device *dev, const char *slink, bool add) { + retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1; + + for (i = 0; i < retries; i++) { +- _cleanup_free_ char *target = NULL; + struct stat st1 = {}, st2 = {}; + + r = stat(dirname, &st1); diff --git a/debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch b/debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch new file mode 100644 index 0000000..e3f1c64 --- /dev/null +++ b/debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch @@ -0,0 +1,47 @@ +From: Michael Biebl <biebl@debian.org> +Date: Sat, 25 Sep 2021 21:08:26 +0200 +Subject: Revert "udev: link_update() should fail if the entry in symlink dir + couldn't have been created" + +This reverts commit c07dc6cedc6e6fbc28a0da3e8c8b12900423b409. +--- + src/udev/udev-node.c | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 2cc78c9..bde18f7 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -214,23 +214,20 @@ static int link_update(sd_device *dev, const char *slink, bool add) { + if (!filename) + return log_oom(); + +- if (!add) { +- if (unlink(filename) == 0) +- (void) rmdir(dirname); +- } else +- for (;;) { ++ if (!add && unlink(filename) == 0) ++ (void) rmdir(dirname); ++ ++ if (add) ++ do { + _cleanup_close_ int fd = -1; + + r = mkdir_parents(filename, 0755); + if (!IN_SET(r, 0, -ENOENT)) +- return r; +- +- fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444); +- if (fd >= 0) + break; +- if (errno != ENOENT) +- return -errno; +- } ++ fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444); ++ if (fd < 0) ++ r = -errno; ++ } while (r == -ENOENT); + + /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink + * will be fixed in the second invocation. */ diff --git a/debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch b/debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch new file mode 100644 index 0000000..36bdbb5 --- /dev/null +++ b/debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch @@ -0,0 +1,163 @@ +From: Michael Biebl <biebl@debian.org> +Date: Sat, 25 Sep 2021 21:08:36 +0200 +Subject: Revert "udev: make algorithm that selects highest priority devlink + less susceptible to race conditions" + +This reverts commit 30f6dce62cb3a738b20253f2192270607c31b55b. +--- + src/udev/udev-event.c | 7 ----- + src/udev/udev-node.c | 75 +++++++++++---------------------------------------- + 2 files changed, 15 insertions(+), 67 deletions(-) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index 5159d19..9cf5190 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -1041,13 +1041,6 @@ int udev_event_execute_rules(UdevEvent *event, + if (r < 0) + return log_device_debug_errno(dev, r, "Failed to update database under /run/udev/data/: %m"); + +- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database, +- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure +- * symlinks point to devices that claim them with the highest priority. */ +- r = update_devnode(event); +- if (r < 0) +- return r; +- + device_set_is_initialized(dev); + + return 0; +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index bde18f7..9d4b7d9 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -20,15 +20,12 @@ + #include "path-util.h" + #include "selinux-util.h" + #include "smack-util.h" +-#include "stat-util.h" + #include "stdio-util.h" + #include "string-util.h" + #include "strxcpyx.h" + #include "udev-node.h" + #include "user-util.h" + +-#define LINK_UPDATE_MAX_RETRIES 128 +- + static int node_symlink(sd_device *dev, const char *node, const char *slink) { + _cleanup_free_ char *slink_dirname = NULL, *target = NULL; + const char *id_filename, *slink_tmp; +@@ -102,9 +99,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { + if (rename(slink_tmp, slink) < 0) { + r = log_device_error_errno(dev, errno, "Failed to rename '%s' to '%s': %m", slink_tmp, slink); + (void) unlink(slink_tmp); +- } else +- /* Tell caller that we replaced already existing symlink. */ +- r = 1; ++ } + + return r; + } +@@ -197,7 +192,7 @@ static int link_update(sd_device *dev, const char *slink, bool add) { + _cleanup_free_ char *target = NULL, *filename = NULL, *dirname = NULL; + char name_enc[PATH_MAX]; + const char *id_filename; +- int i, r, retries; ++ int r; + + assert(dev); + assert(slink); +@@ -217,6 +212,14 @@ static int link_update(sd_device *dev, const char *slink, bool add) { + if (!add && unlink(filename) == 0) + (void) rmdir(dirname); + ++ r = link_find_prioritized(dev, add, dirname, &target); ++ if (r < 0) { ++ log_device_debug(dev, "No reference left, removing '%s'", slink); ++ if (unlink(slink) == 0) ++ (void) rmdir_parents(slink, "/"); ++ } else ++ (void) node_symlink(dev, target, slink); ++ + if (add) + do { + _cleanup_close_ int fd = -1; +@@ -229,49 +232,7 @@ static int link_update(sd_device *dev, const char *slink, bool add) { + r = -errno; + } while (r == -ENOENT); + +- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink +- * will be fixed in the second invocation. */ +- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1; +- +- for (i = 0; i < retries; i++) { +- struct stat st1 = {}, st2 = {}; +- +- r = stat(dirname, &st1); +- if (r < 0 && errno != ENOENT) +- return -errno; +- +- r = link_find_prioritized(dev, add, dirname, &target); +- if (r == -ENOENT) { +- log_device_debug(dev, "No reference left, removing '%s'", slink); +- if (unlink(slink) == 0) +- (void) rmdir_parents(slink, "/"); +- +- break; +- } else if (r < 0) +- return log_device_error_errno(dev, r, "Failed to determine highest priority symlink: %m"); +- +- r = node_symlink(dev, target, slink); +- if (r < 0) { +- (void) unlink(filename); +- break; +- } else if (r == 1) +- /* We have replaced already existing symlink, possibly there is some other device trying +- * to claim the same symlink. Let's do one more iteration to give us a chance to fix +- * the error if other device actually claims the symlink with higher priority. */ +- continue; +- +- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ +- if ((st1.st_mode & S_IFMT) != 0) { +- r = stat(dirname, &st2); +- if (r < 0 && errno != ENOENT) +- return -errno; +- +- if (stat_inode_unmodified(&st1, &st2)) +- break; +- } +- } +- +- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; ++ return r; + } + + int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { +@@ -490,11 +451,8 @@ int udev_node_add(sd_device *dev, bool apply, + (void) node_symlink(dev, devnode, filename); + + /* create/update symlinks, add symlinks to name index */ +- FOREACH_DEVICE_DEVLINK(dev, devlink) { +- r = link_update(dev, devlink, true); +- if (r < 0) +- log_device_info_errno(dev, r, "Failed to update device symlinks: %m"); +- } ++ FOREACH_DEVICE_DEVLINK(dev, devlink) ++ (void) link_update(dev, devlink, true); + + return 0; + } +@@ -507,11 +465,8 @@ int udev_node_remove(sd_device *dev) { + assert(dev); + + /* remove/update symlinks, remove symlinks from name index */ +- FOREACH_DEVICE_DEVLINK(dev, devlink) { +- r = link_update(dev, devlink, false); +- if (r < 0) +- log_device_info_errno(dev, r, "Failed to update device symlinks: %m"); +- } ++ FOREACH_DEVICE_DEVLINK(dev, devlink) ++ (void) link_update(dev, devlink, false); + + r = xsprintf_dev_num_path_from_sd_device(dev, &filename); + if (r < 0) diff --git a/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch new file mode 100644 index 0000000..659692f --- /dev/null +++ b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch @@ -0,0 +1,57 @@ +From: Nis Martensen <nis.martensen@web.de> +Date: Tue, 19 Jan 2016 22:01:43 +0100 +Subject: Skip filesystem check if already done by the initramfs + +Newer versions of initramfs-tools already fsck and mount / and /usr in +the initramfs. Skip the filesystem check in this case. + +Based on a previous patch by Michael Biebl <biebl@debian.org>. + +Closes: #782522 +Closes: #810748 +--- + src/fstab-generator/fstab-generator.c | 11 ++++++++--- + units/systemd-fsck-root.service.in | 1 + + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index 15f5892..e38d9a9 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -357,6 +357,7 @@ static int add_mount( + _cleanup_strv_free_ char **wanted_by = NULL, **required_by = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; ++ struct stat sb; + + assert(what); + assert(where); +@@ -434,9 +435,13 @@ static int add_mount( + return r; + + if (passno != 0) { +- r = generator_write_fsck_deps(f, dest, what, where, fstype); +- if (r < 0) +- return r; ++ if (streq(where, "/usr") && stat("/run/initramfs/fsck-usr", &sb) == 0) ++ ; /* skip /usr fsck if it has already been checked in the initramfs */ ++ else { ++ r = generator_write_fsck_deps(f, dest, what, where, fstype); ++ if (r < 0) ++ return r; ++ } + } + + r = generator_write_blockdev_dependency(f, what); +diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in +index 1dce176..908d931 100644 +--- a/units/systemd-fsck-root.service.in ++++ b/units/systemd-fsck-root.service.in +@@ -16,6 +16,7 @@ Before=local-fs.target shutdown.target + Wants=systemd-fsckd.socket + After=systemd-fsckd.socket + ConditionPathIsReadWrite=!/ ++ConditionPathExists=!/run/initramfs/fsck-root + + [Service] + Type=oneshot diff --git a/debian/patches/debian/Use-Debian-specific-config-files.patch b/debian/patches/debian/Use-Debian-specific-config-files.patch new file mode 100644 index 0000000..0c0a82a --- /dev/null +++ b/debian/patches/debian/Use-Debian-specific-config-files.patch @@ -0,0 +1,459 @@ +From: Michael Biebl <biebl@debian.org> +Date: Thu, 18 Jul 2013 20:11:02 +0200 +Subject: Use Debian specific config files + +Use /etc/default/locale instead of /etc/locale.conf for locale settings. + +Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for +keyboard configuration. + +Read/write /etc/timezone if /etc/localtime does not exist. +--- + src/basic/time-util.c | 34 ++++++-- + src/core/locale-setup.c | 21 +++++ + src/locale/keymap-util.c | 208 ++++++++++++++++++++++++----------------------- + src/timedate/timedated.c | 21 ++++- + 4 files changed, 173 insertions(+), 111 deletions(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 5318d63..fa3409d 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1456,19 +1456,43 @@ int get_timezone(char **ret) { + const char *e; + char *z; + int r; ++ bool use_utc_fallback = false; + + r = readlink_malloc("/etc/localtime", &t); +- if (r == -ENOENT) { +- /* If the symlink does not exist, assume "UTC", like glibc does*/ +- z = strdup("UTC"); ++ if (r < 0) { ++ if (r == -ENOENT) ++ use_utc_fallback = true; ++ else if (r != -EINVAL) ++ return r; /* returns EINVAL if not a symlink */ ++ ++ r = read_one_line_file("/etc/timezone", &t); ++ if (r < 0) { ++ if (r != -ENOENT) ++ log_warning_errno(r, "Failed to read /etc/timezone: %m"); ++ ++ if (use_utc_fallback) { ++ /* If the /etc/localtime symlink does not exist and we failed ++ * to read /etc/timezone, assume "UTC", like glibc does. */ ++ z = strdup("UTC"); ++ if (!z) ++ return -ENOMEM; ++ ++ *ret = z; ++ return 0; ++ } ++ ++ return -EINVAL; ++ } ++ ++ if (!timezone_is_valid(t, LOG_DEBUG)) ++ return -EINVAL; ++ z = strdup(t); + if (!z) + return -ENOMEM; + + *ret = z; + return 0; + } +- if (r < 0) +- return r; /* returns EINVAL if not a symlink */ + + e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); + if (!e) +diff --git a/src/core/locale-setup.c b/src/core/locale-setup.c +index 64761dd..b4ea9e2 100644 +--- a/src/core/locale-setup.c ++++ b/src/core/locale-setup.c +@@ -58,6 +58,27 @@ int locale_setup(char ***environment) { + log_warning_errno(r, "Failed to read /etc/locale.conf: %m"); + } + ++ if (r <= 0) { ++ r = parse_env_file(NULL, "/etc/default/locale", ++ "LANG", &variables[VARIABLE_LANG], ++ "LANGUAGE", &variables[VARIABLE_LANGUAGE], ++ "LC_CTYPE", &variables[VARIABLE_LC_CTYPE], ++ "LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC], ++ "LC_TIME", &variables[VARIABLE_LC_TIME], ++ "LC_COLLATE", &variables[VARIABLE_LC_COLLATE], ++ "LC_MONETARY", &variables[VARIABLE_LC_MONETARY], ++ "LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES], ++ "LC_PAPER", &variables[VARIABLE_LC_PAPER], ++ "LC_NAME", &variables[VARIABLE_LC_NAME], ++ "LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS], ++ "LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE], ++ "LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT], ++ "LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION]); ++ ++ if (r < 0 && r != -ENOENT) ++ log_warning_errno(r, "Failed to read /etc/default/locale: %m"); ++ } ++ + for (i = 0; i < _VARIABLE_LC_MAX; i++) { + char *s; + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index 697133a..4e1fedb 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -95,6 +95,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) { + int locale_read_data(Context *c, sd_bus_message *m) { + struct stat st; + int r; ++ const char *path = "/etc/locale.conf"; + + /* Do not try to re-read the file within single bus operation. */ + if (m) { +@@ -105,7 +106,11 @@ int locale_read_data(Context *c, sd_bus_message *m) { + c->locale_cache = sd_bus_message_ref(m); + } + +- r = stat("/etc/locale.conf", &st); ++ r = stat(path, &st); ++ if (r < 0 && errno == ENOENT) { ++ path = "/etc/default/locale"; ++ r = stat(path, &st); ++ } + if (r < 0 && errno != ENOENT) + return -errno; + +@@ -120,7 +125,7 @@ int locale_read_data(Context *c, sd_bus_message *m) { + c->locale_mtime = t; + context_free_locale(c); + +- r = parse_env_file(NULL, "/etc/locale.conf", ++ r = parse_env_file(NULL, path, + "LANG", &c->locale[VARIABLE_LANG], + "LANGUAGE", &c->locale[VARIABLE_LANGUAGE], + "LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE], +@@ -201,8 +206,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) { + } + + int x11_read_data(Context *c, sd_bus_message *m) { +- _cleanup_fclose_ FILE *f = NULL; +- bool in_section = false; + struct stat st; + usec_t t; + int r; +@@ -216,7 +219,7 @@ int x11_read_data(Context *c, sd_bus_message *m) { + c->x11_cache = sd_bus_message_ref(m); + } + +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) { ++ if (stat("/etc/default/keyboard", &st) < 0) { + if (errno != ENOENT) + return -errno; + +@@ -233,60 +236,14 @@ int x11_read_data(Context *c, sd_bus_message *m) { + c->x11_mtime = t; + context_free_x11(c); + +- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re"); +- if (!f) +- return -errno; +- +- for (;;) { +- _cleanup_free_ char *line = NULL; +- char *l; +- +- r = read_line(f, LONG_LINE_MAX, &line); +- if (r < 0) +- return r; +- if (r == 0) +- break; +- +- l = strstrip(line); +- if (IN_SET(l[0], 0, '#')) +- continue; +- +- if (in_section && first_word(l, "Option")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_full(&a, l, WHITESPACE, EXTRACT_UNQUOTE); +- if (r < 0) +- return r; +- +- if (strv_length(a) == 3) { +- char **p = NULL; +- +- if (streq(a[1], "XkbLayout")) +- p = &c->x11_layout; +- else if (streq(a[1], "XkbModel")) +- p = &c->x11_model; +- else if (streq(a[1], "XkbVariant")) +- p = &c->x11_variant; +- else if (streq(a[1], "XkbOptions")) +- p = &c->x11_options; +- +- if (p) +- free_and_replace(*p, a[2]); +- } +- +- } else if (!in_section && first_word(l, "Section")) { +- _cleanup_strv_free_ char **a = NULL; ++ r = parse_env_file(NULL, "/etc/default/keyboard", ++ "XKBMODEL", &c->x11_model, ++ "XKBLAYOUT", &c->x11_layout, ++ "XKBVARIANT", &c->x11_variant, ++ "XKBOPTIONS", &c->x11_options); + +- r = strv_split_full(&a, l, WHITESPACE, EXTRACT_UNQUOTE); +- if (r < 0) +- return -ENOMEM; +- +- if (strv_length(a) == 2 && streq(a[1], "InputClass")) +- in_section = true; +- +- } else if (in_section && first_word(l, "EndSection")) +- in_section = false; +- } ++ if (r < 0) ++ return r; + + return 0; + } +@@ -295,9 +252,18 @@ int locale_write_data(Context *c, char ***settings) { + _cleanup_strv_free_ char **l = NULL; + struct stat st; + int r, p; ++ const char *path = "/etc/locale.conf"; + + /* Set values will be returned as strv in *settings on success. */ + ++ r = load_env_file(NULL, path, &l); ++ if (r < 0 && r == -ENOENT) { ++ path = "/etc/default/locale"; ++ r = load_env_file(NULL, path, &l); ++ } ++ if (r < 0 && r != -ENOENT) ++ return r; ++ + for (p = 0; p < _VARIABLE_LC_MAX; p++) { + _cleanup_free_ char *t = NULL; + char **u; +@@ -320,20 +286,20 @@ int locale_write_data(Context *c, char ***settings) { + } + + if (strv_isempty(l)) { +- if (unlink("/etc/locale.conf") < 0) ++ if (unlink(path) < 0) + return errno == ENOENT ? 0 : -errno; + + c->locale_mtime = USEC_INFINITY; + return 0; + } + +- r = write_env_file_label("/etc/locale.conf", l); ++ r = write_env_file_label(path, l); + if (r < 0) + return r; + + *settings = TAKE_PTR(l); + +- if (stat("/etc/locale.conf", &st) >= 0) ++ if (stat(path, &st) >= 0) + c->locale_mtime = timespec_load(&st.st_mtim); + + return 0; +@@ -401,68 +367,104 @@ int vconsole_write_data(Context *c) { + } + + int x11_write_data(Context *c) { +- _cleanup_fclose_ FILE *f = NULL; +- _cleanup_free_ char *temp_path = NULL; + struct stat st; + int r; ++ char *t, **u, **l = NULL; + +- if (isempty(c->x11_layout) && +- isempty(c->x11_model) && +- isempty(c->x11_variant) && +- isempty(c->x11_options)) { ++ r = load_env_file(NULL, "/etc/default/keyboard", &l); ++ if (r < 0 && r != -ENOENT) ++ return r; + +- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) +- return errno == ENOENT ? 0 : -errno; ++ /* This could perhaps be done more elegantly using an array ++ * like we do for the locale, instead of struct ++ */ ++ if (isempty(c->x11_layout)) { ++ l = strv_env_unset(l, "XKBLAYOUT"); ++ } else { ++ if (asprintf(&t, "XKBLAYOUT=%s", c->x11_layout) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- c->vc_mtime = USEC_INFINITY; +- return 0; ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); ++ ++ if (!u) ++ return -ENOMEM; ++ ++ l = u; + } + +- (void) mkdir_p_label("/etc/X11/xorg.conf.d", 0755); +- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path); +- if (r < 0) +- return r; ++ if (isempty(c->x11_model)) { ++ l = strv_env_unset(l, "XKBMODEL"); ++ } else { ++ if (asprintf(&t, "XKBMODEL=%s", c->x11_model) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- (void) fchmod(fileno(f), 0644); ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); + +- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n" +- "# probably wise not to edit this file manually. Use localectl(1) to\n" +- "# instruct systemd-localed to update it.\n" +- "Section \"InputClass\"\n" +- " Identifier \"system-keyboard\"\n" +- " MatchIsKeyboard \"on\"\n", f); ++ if (!u) ++ return -ENOMEM; ++ ++ l = u; ++ } ++ ++ if (isempty(c->x11_variant)) { ++ l = strv_env_unset(l, "XKBVARIANT"); ++ } else { ++ if (asprintf(&t, "XKBVARIANT=%s", c->x11_variant) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- if (!isempty(c->x11_layout)) +- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout); ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); + +- if (!isempty(c->x11_model)) +- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model); ++ if (!u) ++ return -ENOMEM; + +- if (!isempty(c->x11_variant)) +- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant); ++ l = u; ++ } + +- if (!isempty(c->x11_options)) +- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options); ++ if (isempty(c->x11_options)) { ++ l = strv_env_unset(l, "XKBOPTIONS"); ++ } else { ++ if (asprintf(&t, "XKBOPTIONS=%s", c->x11_options) < 0) { ++ strv_free(l); ++ return -ENOMEM; ++ } + +- fputs("EndSection\n", f); ++ u = strv_env_set(l, t); ++ free(t); ++ strv_free(l); + +- r = fflush_sync_and_check(f); +- if (r < 0) +- goto fail; ++ if (!u) ++ return -ENOMEM; + +- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) { +- r = -errno; +- goto fail; ++ l = u; + } + +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0) +- c->x11_mtime = timespec_load(&st.st_mtim); ++ if (strv_isempty(l)) { ++ strv_free(l); + +- return 0; ++ if (unlink("/etc/default/keyboard") < 0) ++ return errno == ENOENT ? 0 : -errno; + +-fail: +- if (temp_path) +- (void) unlink(temp_path); ++ c->vc_mtime = USEC_INFINITY; ++ return 0; ++ } ++ ++ r = write_env_file("/etc/default/keyboard", l); ++ strv_free(l); ++ ++ if (r >= 0 && stat("/etc/default/keyboard", &st) >= 0) ++ c->x11_mtime = timespec_load(&st.st_mtim); + + return r; + } +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 8149fac..42c8277 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -283,6 +283,8 @@ static int context_read_data(Context *c) { + static int context_write_data_timezone(Context *c) { + _cleanup_free_ char *p = NULL; + const char *source; ++ int r = 0; ++ struct stat st; + + assert(c); + +@@ -296,9 +298,12 @@ static int context_write_data_timezone(Context *c) { + if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { + + if (unlink("/etc/localtime") < 0 && errno != ENOENT) +- return -errno; ++ r = -errno; + +- return 0; ++ if (unlink("/etc/timezone") < 0 && errno != ENOENT) ++ r = -errno; ++ ++ return r; + } + + source = "../usr/share/zoneinfo/UTC"; +@@ -310,7 +315,17 @@ static int context_write_data_timezone(Context *c) { + source = p; + } + +- return symlink_atomic(source, "/etc/localtime"); ++ r = symlink_atomic(source, "/etc/localtime"); ++ if (r < 0) ++ return r; ++ ++ if (stat("/etc/timezone", &st) == 0 && S_ISREG(st.st_mode)) { ++ r = write_string_file("/etc/timezone", c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); ++ if (r < 0) ++ return r; ++ } ++ ++ return 0; + } + + static int context_write_data_local_rtc(Context *c) { diff --git a/debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch b/debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch new file mode 100644 index 0000000..ee49d27 --- /dev/null +++ b/debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch @@ -0,0 +1,17 @@ +From: Dan Streetman <ddstreet@canonical.com> +Date: Wed, 6 Nov 2019 09:14:54 -0500 +Subject: deny-list-upstream-test-02-ppc64el + +Bug: https://github.com/systemd/systemd/issues/11612 +--- + test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el + +diff --git a/test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el b/test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el +new file mode 100644 +index 0000000..52877fc +--- /dev/null ++++ b/test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el +@@ -0,0 +1 @@ ++# unknown reason for failing, tracked in https://github.com/systemd/systemd/issues/11612 diff --git a/debian/patches/debian/deny-list-upstream-test-25.patch b/debian/patches/debian/deny-list-upstream-test-25.patch new file mode 100644 index 0000000..ec6c211 --- /dev/null +++ b/debian/patches/debian/deny-list-upstream-test-25.patch @@ -0,0 +1,17 @@ +From: Dan Streetman <ddstreet@canonical.com> +Date: Wed, 6 Nov 2019 09:14:50 -0500 +Subject: deny-list-upstream-test-25 + +Bug: https://github.com/systemd/systemd/issues/13973 +--- + test/TEST-25-IMPORT/deny-list-upstream-ci | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 test/TEST-25-IMPORT/deny-list-upstream-ci + +diff --git a/test/TEST-25-IMPORT/deny-list-upstream-ci b/test/TEST-25-IMPORT/deny-list-upstream-ci +new file mode 100644 +index 0000000..47a5f15 +--- /dev/null ++++ b/test/TEST-25-IMPORT/deny-list-upstream-ci +@@ -0,0 +1 @@ ++# unknown failure; tracked in https://github.com/systemd/systemd/issues/13973 diff --git a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch new file mode 100644 index 0000000..6e61355 --- /dev/null +++ b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch @@ -0,0 +1,1065 @@ +From: Didier Roche <didrocks@ubuntu.com> +Date: Fri, 22 May 2015 13:04:38 +0200 +Subject: fsckd daemon for inter-fsckd communication + +Global logic: +Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's +/run/systemd/fsck.progress socket) fsck instances to connect to it and sends +progress report. systemd-fsckd then computes and writes to /dev/console the +number of devices currently being checked and the minimum fsck progress. + +Plymouth and user interaction: +Forward the progress to plymouth and support canellation of in progress fsck. +Try to connect and send to plymouth (if running) some checked report progress, +using direct plymouth protocole. + +Update message is the following: +fsckd:<num_devices>:<progress>:<string> +* num_devices corresponds to the current number of devices being checked (int) +* progress corresponds to the current minimum percentage of all devices being + checked (float, from 0 to 100) +* string is a translated message ready to be displayed by the plymouth theme + displaying the information above. It can be overridden by plymouth themes + supporting i18n. + +Grab in fsckd plymouth watch key Control+C, and propagate this cancel request +to systemd-fsck which will terminate fsck. + +Send a message to signal to user what key we are grabbing for fsck cancel. + +Message is: fsckd-cancel-msg:<string> +Where string is a translated string ready to be displayed by the plymouth theme +indicating that Control+C can be used to cancel current checks. It can be +overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n. + +Misc: +systemd-fsckd stops on idle when no fsck is connected. +Add man page explaining the plymouth theme protocol, usage of the daemon +as well as the socket activation part. Adapt existing fsck man page. + +Note that fsckd had lived in the upstream tree for a while, but was removed. +More information at +http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html +- +--- + man/rules/meson.build | 1 + + man/systemd-fsckd.service.xml | 162 +++++++++ + meson.build | 9 + + po/POTFILES.in | 1 + + src/fsckd/fsckd.c | 699 +++++++++++++++++++++++++++++++++++++ + units/meson.build | 2 + + units/systemd-fsck-root.service.in | 2 + + units/systemd-fsck@.service.in | 3 +- + units/systemd-fsckd.service.in | 17 + + units/systemd-fsckd.socket | 15 + + 10 files changed, 910 insertions(+), 1 deletion(-) + create mode 100644 man/systemd-fsckd.service.xml + create mode 100644 src/fsckd/fsckd.c + create mode 100644 units/systemd-fsckd.service.in + create mode 100644 units/systemd-fsckd.socket + +diff --git a/man/rules/meson.build b/man/rules/meson.build +index cacbbd7..285f5b8 100644 +--- a/man/rules/meson.build ++++ b/man/rules/meson.build +@@ -840,6 +840,7 @@ manpages = [ + '8', + ['systemd-fsck', 'systemd-fsck-root.service'], + ''], ++ ['systemd-fsckd.service', '8', ['systemd-fsckd.socket', 'systemd-fsckd'], ''], + ['systemd-fstab-generator', '8', [], ''], + ['systemd-getty-generator', '8', [], ''], + ['systemd-gpt-auto-generator', '8', [], 'HAVE_BLKID'], +diff --git a/man/systemd-fsckd.service.xml b/man/systemd-fsckd.service.xml +new file mode 100644 +index 0000000..b7ad58d +--- /dev/null ++++ b/man/systemd-fsckd.service.xml +@@ -0,0 +1,162 @@ ++<?xml version="1.0"?> ++<!--*-nxml-*--> ++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> ++<!-- ++ This file is part of systemd. ++ ++ Copyright 2015 Canonical ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see <http://www.gnu.org/licenses/>. ++--> ++<refentry id="systemd-fsckd.service" xmlns:xi="http://www.w3.org/2001/XInclude"> ++ ++ <refentryinfo> ++ <title>systemd-fsckd.service</title> ++ <productname>systemd</productname> ++ ++ <authorgroup> ++ <author> ++ <contrib>Developer</contrib> ++ <firstname>Didier</firstname> ++ <surname>Roche</surname> ++ <email>didrocks@ubuntu.com</email> ++ </author> ++ </authorgroup> ++ </refentryinfo> ++ ++ <refmeta> ++ <refentrytitle>systemd-fsckd.service</refentrytitle> ++ <manvolnum>8</manvolnum> ++ </refmeta> ++ ++ <refnamediv> ++ <refname>systemd-fsckd.service</refname> ++ <refname>systemd-fsckd.socket</refname> ++ <refname>systemd-fsckd</refname> ++ <refpurpose>File system check progress reporting</refpurpose> ++ </refnamediv> ++ ++ <refsynopsisdiv> ++ <para><filename>systemd-fsckd.service</filename></para> ++ <para><filename>systemd-fsckd.socket</filename></para> ++ <para><filename>/usr/lib/systemd/systemd-fsckd</filename></para> ++ </refsynopsisdiv> ++ ++ <refsect1> ++ <title>Description</title> ++ ++ <para><filename>systemd-fsckd.service</filename> is a service responsible ++ for receiving file system check progress, and communicating some ++ consolidated data to console and plymouth (if running). It also handles ++ possible check cancellations.</para> ++ ++ <para><command>systemd-fsckd</command> receives messages about file ++ system check progress from <command>fsck</command> through an ++ UNIX domain socket. It can display the progress of the least advanced ++ fsck as well as the total number of devices being checked in parallel ++ to the console. It will also send progress messages to plymouth. ++ Both the raw data and translated messages are sent, so compiled ++ plymouth themes can use the raw data to display custom messages, and ++ scripted themes, not supporting i18n, can display the translated ++ versions.</para> ++ ++ <para><command>systemd-fsckd</command> will instruct plymouth to grab ++ Control+C keypresses. When the key is pressed, running checks will be ++ terminated. It will also cancel any newly connected fsck instances for ++ the lifetime of <filename>systemd-fsckd</filename>.</para> ++ </refsect1> ++ ++ <refsect1> ++ <title>Protocol for communication with plymouth</title> ++ ++ <para><filename>systemd-fsckd</filename> passes the ++ following messages to the theme:</para> ++ ++ <para>Progress update, sent as a plymouth update message: ++ <literal>fsckd:<num_devices>:<progress>:<string></literal> ++ <variablelist> ++ <varlistentry> ++ <term><literal><num_devices></literal></term> ++ <listitem><para>the current number of devices ++ being checked (int)</para></listitem> ++ </varlistentry> ++ <varlistentry> ++ <term><literal><progress></literal></term> ++ <listitem><para>the current minimum percentage of ++ all devices being checking (float, from 0 to 100)</para></listitem> ++ </varlistentry> ++ <varlistentry> ++ <term><literal><string></literal></term> ++ <listitem><para>a translated message ready to be displayed ++ by the plymouth theme displaying the data above. It can be overridden ++ by themes supporting i18n.</para></listitem> ++ </varlistentry> ++ </variablelist> ++ </para> ++ ++ <para>Cancel message, sent as a traditional plymouth message: ++ <literal>fsckd-cancel-msg:<string></literal> ++ <variablelist> ++ <varlistentry> ++ <term><literal><strings></literal></term> ++ <listitem><para>a translated string ready to be displayed ++ by the plymouth theme indicating that Control+C can be used to cancel ++ current checks. It can be overridden (matching only ++ <literal>fsckd-cancel-msg</literal> prefix) ++ by themes supporting i18n.</para></listitem> ++ </varlistentry> ++ </variablelist> ++ </para> ++ </refsect1> ++ ++ <refsect1> ++ <title>Options</title> ++ ++ <para>The following options are understood:</para> ++ ++ <variablelist> ++ <xi:include href="standard-options.xml" xpointer="help" /> ++ <xi:include href="standard-options.xml" xpointer="version" /> ++ </variablelist> ++ ++ </refsect1> ++ ++ <refsect1> ++ <title>Exit status</title> ++ ++ <para>On success, 0 is returned, a non-zero failure ++ code otherwise. Note that the daemon stays idle for ++ a while to accept new <filename>fsck</filename> ++ connections before exiting.</para> ++ </refsect1> ++ ++ <refsect1> ++ <title>See Also</title> ++ <para> ++ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>systemd-fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.cramfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.ext4</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.fat</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.hfsplus</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.minix</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.ntfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry project='man-pages'><refentrytitle>fsck.xfs</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ </para> ++ </refsect1> ++ ++</refentry> +diff --git a/meson.build b/meson.build +index cf93f38..e33b729 100644 +--- a/meson.build ++++ b/meson.build +@@ -2895,6 +2895,15 @@ executable( + install : true, + install_dir : rootlibexecdir) + ++executable( ++ 'systemd-fsckd', ++ 'src/fsckd/fsckd.c', ++ include_directories : includes, ++ link_with : [libshared], ++ install_rpath : rootlibexecdir, ++ install : true, ++ install_dir : rootlibexecdir) ++ + executable( + 'systemd-sleep', + 'src/sleep/sleep.c', +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 0346a19..5ea2444 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -10,3 +10,4 @@ src/portable/org.freedesktop.portable1.policy + src/resolve/org.freedesktop.resolve1.policy + src/timedate/org.freedesktop.timedate1.policy + src/core/dbus-unit.c ++src/fsckd/fsckd.c +diff --git a/src/fsckd/fsckd.c b/src/fsckd/fsckd.c +new file mode 100644 +index 0000000..4af8e45 +--- /dev/null ++++ b/src/fsckd/fsckd.c +@@ -0,0 +1,699 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2015 Canonical ++ ++ Author: ++ Didier Roche <didrocks@ubuntu.com> ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see <http://www.gnu.org/licenses/>. ++***/ ++ ++#include <getopt.h> ++#include <errno.h> ++#include <libintl.h> ++#include <math.h> ++#include <stdbool.h> ++#include <stdlib.h> ++#include <stdio.h> ++#include <sys/socket.h> ++#include <sys/types.h> ++#include <sys/un.h> ++#include <unistd.h> ++ ++#include "sd-daemon.h" ++#include "build.h" ++#include "def.h" ++#include "sd-event.h" ++#include "log.h" ++#include "list.h" ++#include "macro.h" ++#include "socket-netlink.h" ++#include "socket-util.h" ++#include "fd-util.h" ++#include "string-util.h" ++#include "io-util.h" ++#include "util.h" ++#include "alloc-util.h" ++#include "locale-util.h" ++ ++#define FSCKD_SOCKET_PATH "/run/systemd/fsck.progress" ++#define IDLE_TIME_SECONDS 30 ++#define PLYMOUTH_REQUEST_KEY "K\2\2\3" ++#define CLIENTS_MAX 128 ++ ++struct Manager; ++ ++typedef struct Client { ++ struct Manager *manager; ++ char *device_name; ++ /* device id refers to "fd <fd>" until it gets a name as "device_name" */ ++ char *device_id; ++ ++ pid_t fsck_pid; ++ FILE *fsck_f; ++ ++ size_t cur; ++ size_t max; ++ int pass; ++ ++ double percent; ++ ++ bool cancelled; ++ bool bad_input; ++ ++ sd_event_source *event_source; ++ ++ LIST_FIELDS(struct Client, clients); ++} Client; ++ ++typedef struct Manager { ++ sd_event *event; ++ ++ LIST_HEAD(Client, clients); ++ unsigned n_clients; ++ ++ size_t clear; ++ ++ int connection_fd; ++ sd_event_source *connection_event_source; ++ ++ bool show_status_console; ++ ++ double percent; ++ int numdevices; ++ ++ int plymouth_fd; ++ sd_event_source *plymouth_event_source; ++ bool plymouth_cancel_sent; ++ ++ bool cancel_requested; ++} Manager; ++ ++static void client_free(Client *c); ++static void manager_free(Manager *m); ++ ++DEFINE_TRIVIAL_CLEANUP_FUNC(Client*, client_free); ++DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); ++ ++static bool plymouth_running(void) { ++ return access("/run/plymouth/pid", F_OK) >= 0; ++} ++ ++static int manager_write_console(Manager *m, const char *message) { ++ _cleanup_fclose_ FILE *console = NULL; ++ int l; ++ size_t j; ++ ++ assert(m); ++ ++ if (!m->show_status_console) ++ return 0; ++ ++ /* Nothing to display, and nothing to clear: return now. */ ++ if (message == NULL && m->clear == 0) { ++ return 0; ++ } ++ ++ /* Reduce the SAK window by opening and closing console on every request */ ++ console = fopen("/dev/console", "we"); ++ if (!console) ++ return -errno; ++ ++ if (message) { ++ fprintf(console, "\r%s\r%n", message, &l); ++ if (m->clear < (size_t)l) ++ m->clear = (size_t)l; ++ } else { ++ fputc('\r', console); ++ for (j = 0; j < m->clear; j++) ++ fputc(' ', console); ++ fputc('\r', console); ++ } ++ fflush(console); ++ ++ return 0; ++} ++ ++static double compute_percent(int pass, size_t cur, size_t max) { ++ /* Values stolen from e2fsck */ ++ ++ static const double pass_table[] = { ++ 0, 70, 90, 92, 95, 100 ++ }; ++ ++ if (pass <= 0) ++ return 0.0; ++ ++ if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0) ++ return 100.0; ++ ++ return pass_table[pass-1] + ++ (pass_table[pass] - pass_table[pass-1]) * ++ (double) cur / max; ++} ++ ++static int client_request_cancel(Client *c) { ++ assert(c); ++ ++ if (c->cancelled) ++ return 0; ++ ++ log_info("Request to cancel fsck for %s from fsckd", c->device_id); ++ if (kill(c->fsck_pid, SIGTERM) < 0) { ++ /* ignore the error and consider that cancel was sent if fsck just exited */ ++ if (errno != ESRCH) ++ return log_error_errno(errno, "Cannot send cancel to fsck for %s: %m", c->device_id); ++ } ++ ++ c->cancelled = true; ++ return 1; ++} ++ ++static void client_free(Client *c) { ++ assert(c); ++ ++ if (c->manager) { ++ LIST_REMOVE(clients, c->manager->clients, c); ++ c->manager->n_clients--; ++ } ++ ++ sd_event_source_unref(c->event_source); ++ fclose(c->fsck_f); ++ if (c->device_name) ++ free(c->device_name); ++ if (c->device_id) ++ free(c->device_id); ++ free(c); ++} ++ ++static void manager_disconnect_plymouth(Manager *m) { ++ assert(m); ++ ++ m->plymouth_event_source = sd_event_source_unref(m->plymouth_event_source); ++ m->plymouth_fd = safe_close(m->plymouth_fd); ++ m->plymouth_cancel_sent = false; ++} ++ ++static int manager_plymouth_feedback_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { ++ Manager *m = userdata; ++ Client *current; ++ char buffer[6]; ++ ssize_t l; ++ ++ assert(m); ++ ++ l = read(m->plymouth_fd, buffer, sizeof(buffer)); ++ if (l < 0) { ++ log_warning_errno(errno, "Got error while reading from plymouth: %m"); ++ manager_disconnect_plymouth(m); ++ return -errno; ++ } ++ if (l == 0) { ++ manager_disconnect_plymouth(m); ++ return 0; ++ } ++ ++ if (l > 1 && buffer[0] == '\15') ++ log_error("Message update to plymouth wasn't delivered successfully"); ++ ++ /* the only answer support type we requested is a key interruption */ ++ if (l > 2 && buffer[0] == '\2' && buffer[5] == '\3') { ++ m->cancel_requested = true; ++ ++ /* cancel all connected clients */ ++ LIST_FOREACH(clients, current, m->clients) ++ client_request_cancel(current); ++ } ++ ++ return 0; ++} ++ ++static int manager_connect_plymouth(Manager *m) { ++ union sockaddr_union sa = PLYMOUTH_SOCKET; ++ int r; ++ ++ if (!plymouth_running()) ++ return 0; ++ ++ /* try to connect or reconnect if sending a message */ ++ if (m->plymouth_fd >= 0) ++ return 1; ++ ++ m->plymouth_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); ++ if (m->plymouth_fd < 0) ++ return log_warning_errno(errno, "Connection to plymouth socket failed: %m"); ++ ++ if (connect(m->plymouth_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) { ++ r = log_warning_errno(errno, "Couldn't connect to plymouth: %m"); ++ goto fail; ++ } ++ ++ r = sd_event_add_io(m->event, &m->plymouth_event_source, m->plymouth_fd, EPOLLIN, manager_plymouth_feedback_handler, m); ++ if (r < 0) { ++ log_warning_errno(r, "Can't listen to plymouth socket: %m"); ++ goto fail; ++ } ++ ++ return 1; ++ ++fail: ++ manager_disconnect_plymouth(m); ++ return r; ++} ++ ++static int plymouth_send_message(int plymouth_fd, const char *message, bool update) { ++ _cleanup_free_ char *packet = NULL; ++ int n; ++ char mode = 'M'; ++ ++ if (update) ++ mode = 'U'; ++ ++ if (asprintf(&packet, "%c\002%c%s%n", mode, (int) (strlen(message) + 1), message, &n) < 0) ++ return log_oom(); ++ ++ return loop_write(plymouth_fd, packet, n + 1, true); ++} ++ ++static int manager_send_plymouth_message(Manager *m, const char *message) { ++ const char *plymouth_cancel_message = NULL, *l10n_cancel_message = NULL; ++ int r; ++ ++ r = manager_connect_plymouth(m); ++ if (r < 0) ++ return r; ++ /* 0 means that plymouth isn't running, do not send any message yet */ ++ else if (r == 0) ++ return 0; ++ ++ if (!m->plymouth_cancel_sent) { ++ ++ /* Indicate to plymouth that we listen to Ctrl+C */ ++ r = loop_write(m->plymouth_fd, PLYMOUTH_REQUEST_KEY, sizeof(PLYMOUTH_REQUEST_KEY), true); ++ if (r < 0) ++ return log_warning_errno(r, "Can't send to plymouth cancel key: %m"); ++ ++ m->plymouth_cancel_sent = true; ++ ++ l10n_cancel_message = _("Press Ctrl+C to cancel all filesystem checks in progress"); ++ plymouth_cancel_message = strjoina("fsckd-cancel-msg:", l10n_cancel_message); ++ ++ r = plymouth_send_message(m->plymouth_fd, plymouth_cancel_message, false); ++ if (r < 0) ++ log_warning_errno(r, "Can't send filesystem cancel message to plymouth: %m"); ++ ++ } else if (m->numdevices == 0) { ++ ++ m->plymouth_cancel_sent = false; ++ ++ r = plymouth_send_message(m->plymouth_fd, "", false); ++ if (r < 0) ++ log_warning_errno(r, "Can't clear plymouth filesystem cancel message: %m"); ++ } ++ ++ r = plymouth_send_message(m->plymouth_fd, message, true); ++ if (r < 0) ++ return log_warning_errno(r, "Couldn't send \"%s\" to plymouth: %m", message); ++ ++ return 0; ++} ++ ++static int manager_update_global_progress(Manager *m) { ++ Client *current = NULL; ++ _cleanup_free_ char *console_message = NULL; ++ _cleanup_free_ char *fsck_message = NULL; ++ int current_numdevices = 0, r; ++ double current_percent = 100; ++ ++ /* get the overall percentage */ ++ LIST_FOREACH(clients, current, m->clients) { ++ current_numdevices++; ++ ++ /* right now, we only keep the minimum % of all fsckd processes. We could in the future trying to be ++ linear, but max changes and corresponds to the pass. We have all the informations into fsckd ++ already if we can treat that in a smarter way. */ ++ current_percent = MIN(current_percent, current->percent); ++ } ++ ++ /* update if there is anything user-visible to update */ ++ if (fabs(current_percent - m->percent) > 0.001 || current_numdevices != m->numdevices) { ++ m->numdevices = current_numdevices; ++ m->percent = current_percent; ++ ++ if (asprintf(&console_message, ++ ngettext("Checking in progress on %d disk (%3.1f%% complete)", ++ "Checking in progress on %d disks (%3.1f%% complete)", m->numdevices), ++ m->numdevices, m->percent) < 0) ++ return -ENOMEM; ++ ++ if (asprintf(&fsck_message, "fsckd:%d:%3.1f:%s", m->numdevices, m->percent, console_message) < 0) ++ return -ENOMEM; ++ ++ r = manager_write_console(m, console_message); ++ if (r < 0) ++ return r; ++ ++ /* try to connect to plymouth and send message */ ++ r = manager_send_plymouth_message(m, fsck_message); ++ if (r < 0) ++ return r; ++ } ++ return 0; ++} ++ ++static int client_progress_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { ++ Client *client = userdata; ++ char line[LINE_MAX]; ++ Manager *m; ++ ++ assert(client); ++ m = client->manager; ++ ++ /* check first if we need to cancel this client */ ++ if (m->cancel_requested) ++ client_request_cancel(client); ++ ++ while (fgets(line, sizeof(line), client->fsck_f) != NULL) { ++ int pass; ++ size_t cur, max; ++ _cleanup_free_ char *device = NULL, *old_device_id = NULL; ++ ++ if (sscanf(line, "%i %zu %zu %ms", &pass, &cur, &max, &device) == 4) { ++ if (!client->device_name) { ++ client->device_name = strdup(device); ++ if (!client->device_name) { ++ log_oom(); ++ continue; ++ } ++ old_device_id = client->device_id; ++ client->device_id = strdup(device); ++ if (!client->device_id) { ++ log_oom(); ++ client->device_id = old_device_id; ++ old_device_id = NULL; ++ continue; ++ } ++ } ++ client->pass = pass; ++ client->cur = cur; ++ client->max = max; ++ client->bad_input = false; ++ client->percent = compute_percent(client->pass, client->cur, client->max); ++ log_debug("Getting progress for %s (%zu, %zu, %d) : %3.1f%%", client->device_id, ++ client->cur, client->max, client->pass, client->percent); ++ } else { ++ if (errno == ENOMEM) { ++ log_oom(); ++ continue; ++ } ++ ++ /* if previous input was already garbage, kick it off from progress report */ ++ if (client->bad_input) { ++ log_warning("Closing connection on incorrect input of fsck connection for %s", client->device_id); ++ client_free(client); ++ manager_update_global_progress(m); ++ return 0; ++ } ++ client->bad_input = true; ++ } ++ ++ } ++ ++ if (feof(client->fsck_f)) { ++ log_debug("Fsck client %s disconnected", client->device_id); ++ client_free(client); ++ } ++ ++ manager_update_global_progress(m); ++ return 0; ++} ++ ++static int manager_new_connection_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { ++ _cleanup_(client_freep) Client *c = NULL; ++ _cleanup_close_ int new_fsck_fd = -1; ++ _cleanup_fclose_ FILE *new_fsck_f = NULL; ++ struct ucred ucred = {}; ++ Manager *m = userdata; ++ int r; ++ ++ assert(m); ++ ++ /* Initialize and list new clients */ ++ new_fsck_fd = accept4(m->connection_fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK); ++ if (new_fsck_fd < 0) { ++ log_error_errno(errno, "Couldn't accept a new connection: %m"); ++ return 0; ++ } ++ ++ if (m->n_clients >= CLIENTS_MAX) { ++ log_error("Too many clients, refusing connection."); ++ return 0; ++ } ++ ++ ++ new_fsck_f = fdopen(new_fsck_fd, "r"); ++ if (!new_fsck_f) { ++ log_error_errno(errno, "Couldn't fdopen new connection for fd %d: %m", new_fsck_fd); ++ return 0; ++ } ++ new_fsck_fd = -1; ++ ++ r = getpeercred(fileno(new_fsck_f), &ucred); ++ if (r < 0) { ++ log_error_errno(r, "Couldn't get credentials for fsck: %m"); ++ return 0; ++ } ++ ++ c = new0(Client, 1); ++ if (!c) { ++ log_oom(); ++ return 0; ++ } ++ ++ c->fsck_pid = ucred.pid; ++ c->fsck_f = new_fsck_f; ++ new_fsck_f = NULL; ++ ++ if (asprintf(&(c->device_id), "fd %d", fileno(c->fsck_f)) < 0) { ++ log_oom(); ++ return 0; ++ } ++ ++ r = sd_event_add_io(m->event, &c->event_source, fileno(c->fsck_f), EPOLLIN, client_progress_handler, c); ++ if (r < 0) { ++ log_oom(); ++ return 0; ++ } ++ ++ LIST_PREPEND(clients, m->clients, c); ++ m->n_clients++; ++ c->manager = m; ++ ++ log_debug("New fsck client connected: %s", c->device_id); ++ ++ /* only request the client to cancel now in case the request is dropped by the client (chance to recancel) */ ++ if (m->cancel_requested) ++ client_request_cancel(c); ++ ++ c = NULL; ++ return 0; ++} ++ ++static void manager_free(Manager *m) { ++ if (!m) ++ return; ++ ++ /* clear last line */ ++ manager_write_console(m, NULL); ++ ++ sd_event_source_unref(m->connection_event_source); ++ safe_close(m->connection_fd); ++ ++ while (m->clients) ++ client_free(m->clients); ++ ++ manager_disconnect_plymouth(m); ++ ++ sd_event_unref(m->event); ++ ++ free(m); ++} ++ ++static int manager_new(Manager **ret, int fd) { ++ _cleanup_(manager_freep) Manager *m = NULL; ++ int r; ++ ++ assert(ret); ++ ++ m = new0(Manager, 1); ++ if (!m) ++ return -ENOMEM; ++ ++ m->plymouth_fd = -1; ++ m->connection_fd = fd; ++ m->percent = 100; ++ ++ r = sd_event_default(&m->event); ++ if (r < 0) ++ return r; ++ ++ if (access("/run/systemd/show-status", F_OK) >= 0) ++ m->show_status_console = true; ++ ++ r = sd_event_add_io(m->event, &m->connection_event_source, fd, EPOLLIN, manager_new_connection_handler, m); ++ if (r < 0) ++ return r; ++ ++ *ret = m; ++ m = NULL; ++ ++ return 0; ++} ++ ++static int run_event_loop_with_timeout(Manager *m, usec_t timeout) { ++ int r, code; ++ sd_event *e = m->event; ++ ++ assert(e); ++ ++ for (;;) { ++ r = sd_event_get_state(e); ++ if (r < 0) ++ return r; ++ if (r == SD_EVENT_FINISHED) ++ break; ++ ++ r = sd_event_run(e, timeout); ++ if (r < 0) ++ return r; ++ ++ /* Exit if we reached the idle timeout and no more clients are ++ connected. If there is still an fsck process running but ++ simply slow to send us progress updates, exiting would mean ++ that this fsck process receives SIGPIPE resulting in an ++ aborted file system check. */ ++ if (r == 0 && m->n_clients == 0) { ++ sd_event_exit(e, 0); ++ break; ++ } ++ } ++ ++ r = sd_event_get_exit_code(e, &code); ++ if (r < 0) ++ return r; ++ ++ return code; ++} ++ ++static void help(void) { ++ printf("%s [OPTIONS...]\n\n" ++ "Capture fsck progress and forward one stream to plymouth\n\n" ++ " -h --help Show this help\n" ++ " --version Show package version\n", ++ program_invocation_short_name); ++} ++ ++static int parse_argv(int argc, char *argv[]) { ++ ++ enum { ++ ARG_VERSION = 0x100, ++ ARG_ROOT, ++ }; ++ ++ static const struct option options[] = { ++ { "help", no_argument, NULL, 'h' }, ++ { "version", no_argument, NULL, ARG_VERSION }, ++ {} ++ }; ++ ++ int c; ++ ++ assert(argc >= 0); ++ assert(argv); ++ ++ while ((c = getopt_long(argc, argv, "hv", options, NULL)) >= 0) ++ switch (c) { ++ ++ case 'h': ++ help(); ++ return 0; ++ ++ case ARG_VERSION: ++ version(); ++ return 0; ++ ++ case '?': ++ return -EINVAL; ++ ++ default: ++ assert_not_reached("Unhandled option"); ++ } ++ ++ if (optind < argc) { ++ log_error("Extraneous arguments"); ++ return -EINVAL; ++ } ++ ++ return 1; ++} ++ ++int main(int argc, char *argv[]) { ++ _cleanup_(manager_freep) Manager *m = NULL; ++ int fd = -1; ++ int r, n; ++ ++ log_set_target(LOG_TARGET_AUTO); ++ log_parse_environment(); ++ log_open(); ++ init_gettext(); ++ ++ r = parse_argv(argc, argv); ++ if (r <= 0) ++ goto finish; ++ ++ n = sd_listen_fds(0); ++ if (n > 1) { ++ log_error("Too many file descriptors received."); ++ r = -EINVAL; ++ goto finish; ++ } else if (n == 1) ++ fd = SD_LISTEN_FDS_START + 0; ++ else { ++ fd = make_socket_fd(LOG_DEBUG, FSCKD_SOCKET_PATH, SOCK_STREAM, SOCK_CLOEXEC); ++ if (fd < 0) { ++ r = log_error_errno(fd, "Couldn't create listening socket fd on %s: %m", FSCKD_SOCKET_PATH); ++ goto finish; ++ } ++ } ++ ++ r = manager_new(&m, fd); ++ if (r < 0) { ++ log_error_errno(r, "Failed to allocate manager: %m"); ++ goto finish; ++ } ++ ++ r = run_event_loop_with_timeout(m, IDLE_TIME_SECONDS * USEC_PER_SEC); ++ if (r < 0) { ++ log_error_errno(r, "Failed to run event loop: %m"); ++ goto finish; ++ } ++ ++ sd_event_get_exit_code(m->event, &r); ++ ++finish: ++ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; ++} +diff --git a/units/meson.build b/units/meson.build +index ba60eb7..95d7eda 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -103,6 +103,7 @@ units = [ + ['systemd-exit.service', ''], + ['systemd-firstboot.service', 'ENABLE_FIRSTBOOT', + 'sysinit.target.wants/'], ++ ['systemd-fsckd.socket', ''], + ['systemd-halt.service', ''], + ['systemd-homed-activate.service', 'ENABLE_HOMED'], + ['systemd-initctl.socket', 'HAVE_SYSV_COMPAT', +@@ -174,6 +175,7 @@ in_units = [ + ['systemd-pstore.service', 'ENABLE_PSTORE'], + ['systemd-fsck-root.service', ''], + ['systemd-fsck@.service', ''], ++ ['systemd-fsckd.service', ''], + ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'], + ['systemd-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hybrid-sleep.service', 'ENABLE_HIBERNATE'], +diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in +index c4a2948..1dce176 100644 +--- a/units/systemd-fsck-root.service.in ++++ b/units/systemd-fsck-root.service.in +@@ -13,6 +13,8 @@ Documentation=man:systemd-fsck-root.service(8) + DefaultDependencies=no + Conflicts=shutdown.target + Before=local-fs.target shutdown.target ++Wants=systemd-fsckd.socket ++After=systemd-fsckd.socket + ConditionPathIsReadWrite=!/ + + [Service] +diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in +index 6d9c9ab..48d5f29 100644 +--- a/units/systemd-fsck@.service.in ++++ b/units/systemd-fsck@.service.in +@@ -13,7 +13,8 @@ Documentation=man:systemd-fsck@.service(8) + DefaultDependencies=no + BindsTo=%i.device + Conflicts=shutdown.target +-After=%i.device systemd-fsck-root.service local-fs-pre.target ++Wants=systemd-fsckd.socket ++After=%i.device systemd-fsck-root.service local-fs-pre.target systemd-fsckd.socket + Before=systemd-quotacheck.service shutdown.target + + [Service] +diff --git a/units/systemd-fsckd.service.in b/units/systemd-fsckd.service.in +new file mode 100644 +index 0000000..9c7ed51 +--- /dev/null ++++ b/units/systemd-fsckd.service.in +@@ -0,0 +1,17 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=File System Check Daemon to report status ++Documentation=man:systemd-fsckd.service(8) ++DefaultDependencies=no ++Requires=systemd-fsckd.socket ++Before=shutdown.target ++ ++[Service] ++ExecStart=@rootlibexecdir@/systemd-fsckd ++StandardOutput=journal+console +diff --git a/units/systemd-fsckd.socket b/units/systemd-fsckd.socket +new file mode 100644 +index 0000000..61fec97 +--- /dev/null ++++ b/units/systemd-fsckd.socket +@@ -0,0 +1,15 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=fsck to fsckd communication Socket ++Documentation=man:systemd-fsckd.service(8) man:systemd-fsck@.service(8) man:systemd-fsck-root.service(8) ++DefaultDependencies=no ++ ++[Socket] ++ListenStream=/run/systemd/fsck.progress ++SocketMode=0600 diff --git a/debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch b/debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch new file mode 100644 index 0000000..68fca31 --- /dev/null +++ b/debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch @@ -0,0 +1,52 @@ +From: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com> +Date: Thu, 17 Dec 2020 14:52:07 +0000 +Subject: systemctl: do not shutdown immediately on scheduled shutdown + +When, for whatever reason, a scheduled shutdown fails to be set, systemd +will proceed with immediate shutdown without allowing the user to react. +This is counterintuitive because when a scheduled shutdown is issued, +it means the user wants to shutdown at a specified time in the future, +not immediately. This patch prevents the immediate shutdown and informs +the user that no action will be taken. + +Fixes: #17575 +--- + src/systemctl/systemctl-compat-halt.c | 8 ++++---- + src/systemctl/systemctl-logind.c | 3 ++- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/systemctl/systemctl-compat-halt.c b/src/systemctl/systemctl-compat-halt.c +index 8e41bd6..239a780 100644 +--- a/src/systemctl/systemctl-compat-halt.c ++++ b/src/systemctl/systemctl-compat-halt.c +@@ -149,11 +149,11 @@ int halt_main(void) { + if (r < 0) + return r; + +- /* Delayed shutdown requested, and was successful */ +- if (arg_when > 0 && logind_schedule_shutdown() == 0) +- return 0; ++ /* Delayed shutdown requested */ ++ if (arg_when > 0) ++ return logind_schedule_shutdown(); + +- /* No delay, or logind failed or is not at all available */ ++ /* No delay, or logind is not at all available */ + if (geteuid() != 0) { + if (arg_dry_run || arg_force > 0) { + (void) must_be_root(); +diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c +index 405f12a..fd0b143 100644 +--- a/src/systemctl/systemctl-logind.c ++++ b/src/systemctl/systemctl-logind.c +@@ -315,8 +315,9 @@ int logind_schedule_shutdown(void) { + (void) logind_set_wall_message(); + + r = bus_call_method(bus, bus_login_mgr, "ScheduleShutdown", &error, NULL, "st", action, arg_when); ++ /* logind fails, cannot schedule reboot, do nothing */ + if (r < 0) +- return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r)); ++ return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, no action will be taken: %s", bus_error_message(&error, r)); + + if (!arg_quiet) + log_info("%s scheduled for %s, use 'shutdown -c' to cancel.", log_action, format_timestamp_style(date, sizeof(date), arg_when, arg_timestamp_style)); diff --git a/debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch b/debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch new file mode 100644 index 0000000..0a48308 --- /dev/null +++ b/debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch @@ -0,0 +1,131 @@ +From: Michael Biebl <biebl@debian.org> +Date: Mon, 18 Jan 2021 13:33:10 +0100 +Subject: test: disable DnsmasqClientTest.test_resolved_etc_hosts in + networkd-test.py + +This test appears to be flaky. + +See: #979716 +--- + test/networkd-test.py | 108 +++++++++++++++++++++++++------------------------- + 1 file changed, 54 insertions(+), 54 deletions(-) + +diff --git a/test/networkd-test.py b/test/networkd-test.py +index 8496ec8..ca158bf 100755 +--- a/test/networkd-test.py ++++ b/test/networkd-test.py +@@ -674,60 +674,60 @@ Domains= ~company ~lab''') + self.assertRegex(general_log, 'query.*megasearch.net') + self.assertNotIn('megasearch.net', vpn_log) + +- def test_resolved_etc_hosts(self): +- '''resolved queries to /etc/hosts''' +- +- # FIXME: -t MX query fails with enabled DNSSEC (even when using +- # the known negative trust anchor .internal instead of .example.com) +- conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf' +- os.makedirs(os.path.dirname(conf), exist_ok=True) +- with open(conf, 'w') as f: +- f.write('[Resolve]\nDNSSEC=no\nLLMNR=no\nMulticastDNS=no\n') +- self.addCleanup(os.remove, conf) +- +- # create /etc/hosts bind mount which resolves my.example.com for IPv4 +- hosts = os.path.join(self.workdir, 'hosts') +- with open(hosts, 'w') as f: +- f.write('172.16.99.99 my.example.com\n') +- subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts']) +- self.addCleanup(subprocess.call, ['umount', '/etc/hosts']) +- subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service']) +- +- # note: different IPv4 address here, so that it's easy to tell apart +- # what resolved the query +- self.create_iface(dnsmasq_opts=['--host-record=my.example.com,172.16.99.1,2600::99:99', +- '--host-record=other.example.com,172.16.0.42,2600::42', +- '--mx-host=example.com,mail.example.com'], +- ipv6=True) +- self.do_test(coldplug=None, ipv6=True) +- +- try: +- # family specific queries +- out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example.com']) +- self.assertIn(b'my.example.com: 172.16.99.99', out) +- # we don't expect an IPv6 answer; if /etc/hosts has any IP address, +- # it's considered a sufficient source +- self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example.com']), 0) +- # "any family" query; IPv4 should come from /etc/hosts +- out = subprocess.check_output(['resolvectl', 'query', 'my.example.com']) +- self.assertIn(b'my.example.com: 172.16.99.99', out) +- # IP → name lookup; again, takes the /etc/hosts one +- out = subprocess.check_output(['resolvectl', 'query', '172.16.99.99']) +- self.assertIn(b'172.16.99.99: my.example.com', out) +- +- # non-address RRs should fall back to DNS +- out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example.com']) +- self.assertIn(b'example.com IN MX 1 mail.example.com', out) +- +- # other domains query DNS +- out = subprocess.check_output(['resolvectl', 'query', 'other.example.com']) +- self.assertIn(b'172.16.0.42', out) +- out = subprocess.check_output(['resolvectl', 'query', '172.16.0.42']) +- self.assertIn(b'172.16.0.42: other.example.com', out) +- except (AssertionError, subprocess.CalledProcessError): +- self.show_journal('systemd-resolved.service') +- self.print_server_log() +- raise ++# def test_resolved_etc_hosts(self): ++# '''resolved queries to /etc/hosts''' ++# ++# # FIXME: -t MX query fails with enabled DNSSEC (even when using ++# # the known negative trust anchor .internal instead of .example.com) ++# conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf' ++# os.makedirs(os.path.dirname(conf), exist_ok=True) ++# with open(conf, 'w') as f: ++# f.write('[Resolve]\nDNSSEC=no\nLLMNR=no\nMulticastDNS=no\n') ++# self.addCleanup(os.remove, conf) ++# ++# # create /etc/hosts bind mount which resolves my.example.com for IPv4 ++# hosts = os.path.join(self.workdir, 'hosts') ++# with open(hosts, 'w') as f: ++# f.write('172.16.99.99 my.example.com\n') ++# subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts']) ++# self.addCleanup(subprocess.call, ['umount', '/etc/hosts']) ++# subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service']) ++# ++# # note: different IPv4 address here, so that it's easy to tell apart ++# # what resolved the query ++# self.create_iface(dnsmasq_opts=['--host-record=my.example.com,172.16.99.1,2600::99:99', ++# '--host-record=other.example.com,172.16.0.42,2600::42', ++# '--mx-host=example.com,mail.example.com'], ++# ipv6=True) ++# self.do_test(coldplug=None, ipv6=True) ++# ++# try: ++# # family specific queries ++# out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example.com']) ++# self.assertIn(b'my.example.com: 172.16.99.99', out) ++# # we don't expect an IPv6 answer; if /etc/hosts has any IP address, ++# # it's considered a sufficient source ++# self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example.com']), 0) ++# # "any family" query; IPv4 should come from /etc/hosts ++# out = subprocess.check_output(['resolvectl', 'query', 'my.example.com']) ++# self.assertIn(b'my.example.com: 172.16.99.99', out) ++# # IP → name lookup; again, takes the /etc/hosts one ++# out = subprocess.check_output(['resolvectl', 'query', '172.16.99.99']) ++# self.assertIn(b'172.16.99.99: my.example.com', out) ++# ++# # non-address RRs should fall back to DNS ++# out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example.com']) ++# self.assertIn(b'example.com IN MX 1 mail.example.com', out) ++# ++# # other domains query DNS ++# out = subprocess.check_output(['resolvectl', 'query', 'other.example.com']) ++# self.assertIn(b'172.16.0.42', out) ++# out = subprocess.check_output(['resolvectl', 'query', '172.16.0.42']) ++# self.assertIn(b'172.16.0.42: other.example.com', out) ++# except (AssertionError, subprocess.CalledProcessError): ++# self.show_journal('systemd-resolved.service') ++# self.print_server_log() ++# raise + + def test_transient_hostname(self): + '''networkd sets transient hostname from DHCP''' diff --git a/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch new file mode 100644 index 0000000..f5432e8 --- /dev/null +++ b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch @@ -0,0 +1,25 @@ +From: Michael Biebl <biebl@debian.org> +Date: Tue, 19 Nov 2019 09:10:23 +0100 +Subject: udev: drop SystemCallArchitectures=native from systemd-udevd.service + +We can't really control what helper programs are run from other udev +rules. E.g. running i386 binaries under amd64 is a valid use case and +should not trigger a SIGSYS failure. + +Closes: #869719 +--- + units/systemd-udevd.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in +index 225eac2..f541ff6 100644 +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -35,7 +35,6 @@ MemoryDenyWriteExecute=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 + RestrictRealtime=yes + RestrictSUIDSGID=yes +-SystemCallArchitectures=native + LockPersonality=yes + IPAddressDeny=any + @SERVICE_WATCHDOG@ diff --git a/debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch b/debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch new file mode 100644 index 0000000..6752b9d --- /dev/null +++ b/debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch @@ -0,0 +1,448 @@ +From: Matthias Klumpp <matthias@tenstral.net> +Date: Fri, 8 Jan 2021 23:59:38 +0100 +Subject: localed: Run locale-gen if available to generate missing locale + +This change improves integration with distributions using locale-gen to +generate missing locale on-demand, like Debian-based distributions +(Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux. +We only ever enable new locales for generation, and never disable them. +Furthermore, we only generate UTF-8 locale. + +This feature is only used if explicitly enabled at compile-time, and +will also be inert at runtime if the locale-gen binary is missing. + +(cherry picked from commit 8f20232fcb52dbe6255f3df6101fc057af90bcfa) +--- + meson.build | 8 ++ + meson_options.txt | 2 + + src/locale/keymap-util.c | 211 +++++++++++++++++++++++++++++++++++++++++++++++ + src/locale/keymap-util.h | 4 + + src/locale/localectl.c | 6 +- + src/locale/localed.c | 59 ++++++++++++- + 6 files changed, 286 insertions(+), 4 deletions(-) + +diff --git a/meson.build b/meson.build +index 580964c..cf93f38 100644 +--- a/meson.build ++++ b/meson.build +@@ -833,6 +833,14 @@ if default_locale == '' + endif + conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale) + ++localegen_path = get_option('localegen-path') ++have = false ++if localegen_path != '' ++ conf.set_quoted('LOCALEGEN_PATH', localegen_path) ++ have = true ++endif ++conf.set10('HAVE_LOCALEGEN', have) ++ + conf.set_quoted('GETTEXT_PACKAGE', meson.project_name()) + + service_watchdog = get_option('service-watchdog') +diff --git a/meson_options.txt b/meson_options.txt +index 2435cce..4ffdf7f 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -238,6 +238,8 @@ option('gshadow', type : 'boolean', + description : 'support for shadow group') + option('default-locale', type : 'string', value : '', + description : 'default locale used when /etc/locale.conf does not exist') ++option('localegen-path', type : 'string', value : '', ++ description : 'absolute path to the locale-gen binary in case the system is using locale-gen') + option('service-watchdog', type : 'string', value : '3min', + description : 'default watchdog setting for systemd services') + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index cb8153f..697133a 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -6,18 +6,21 @@ + #include <unistd.h> + + #include "bus-polkit.h" ++#include "copy.h" + #include "env-file-label.h" + #include "env-file.h" + #include "env-util.h" + #include "fd-util.h" + #include "fileio-label.h" + #include "fileio.h" ++#include "fs-util.h" + #include "kbd-util.h" + #include "keymap-util.h" + #include "locale-util.h" + #include "macro.h" + #include "mkdir.h" + #include "nulstr-util.h" ++#include "process-util.h" + #include "string-util.h" + #include "strv.h" + #include "tmpfile-util.h" +@@ -780,3 +783,211 @@ int x11_convert_to_vconsole(Context *c) { + + return modified; + } ++ ++bool locale_gen_check_available(void) { ++#if HAVE_LOCALEGEN ++ if (access(LOCALEGEN_PATH, X_OK) < 0) { ++ if (errno != ENOENT) ++ log_warning_errno(errno, "Unable to determine whether " LOCALEGEN_PATH " exists and is executable, assuming it is not: %m"); ++ return false; ++ } ++ if (access("/etc/locale.gen", F_OK) < 0) { ++ if (errno != ENOENT) ++ log_warning_errno(errno, "Unable to determine whether /etc/locale.gen exists, assuming it does not: %m"); ++ return false; ++ } ++ return true; ++#else ++ return false; ++#endif ++} ++ ++#if HAVE_LOCALEGEN ++static bool locale_encoding_is_utf8_or_unspecified(const char *locale) { ++ const char *c = strchr(locale, '.'); ++ return !c || strcaseeq(c, ".UTF-8") || strcasestr(locale, ".UTF-8@"); ++} ++ ++static int locale_gen_locale_supported(const char *locale_entry) { ++ /* Returns an error valus <= 0 if the locale-gen entry is invalid or unsupported, ++ * 1 in case the locale entry is valid, and -EOPNOTSUPP specifically in case ++ * the distributor has not provided us with a SUPPORTED file to check ++ * locale for validity. */ ++ ++ _cleanup_fclose_ FILE *f = NULL; ++ int r; ++ ++ assert(locale_entry); ++ ++ /* Locale templates without country code are never supported */ ++ if (!strstr(locale_entry, "_")) ++ return -EINVAL; ++ ++ f = fopen("/usr/share/i18n/SUPPORTED", "re"); ++ if (!f) { ++ if (errno == ENOENT) ++ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), ++ "Unable to check validity of locale entry %s: /usr/share/i18n/SUPPORTED does not exist", ++ locale_entry); ++ return -errno; ++ } ++ ++ for (;;) { ++ _cleanup_free_ char *line = NULL; ++ ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to read /usr/share/i18n/SUPPORTED: %m"); ++ if (r == 0) ++ return 0; ++ ++ line = strstrip(line); ++ if (strcaseeq_ptr(line, locale_entry)) ++ return 1; ++ } ++} ++#endif ++ ++int locale_gen_enable_locale(const char *locale) { ++#if HAVE_LOCALEGEN ++ _cleanup_fclose_ FILE *fr = NULL, *fw = NULL; ++ _cleanup_(unlink_and_freep) char *temp_path = NULL; ++ _cleanup_free_ char *locale_entry = NULL; ++ bool locale_enabled = false, first_line = false; ++ bool write_new = false; ++ int r; ++ ++ if (isempty(locale)) ++ return 0; ++ ++ if (locale_encoding_is_utf8_or_unspecified(locale)) { ++ locale_entry = strjoin(locale, " UTF-8"); ++ if (!locale_entry) ++ return -ENOMEM; ++ } else ++ return -ENOEXEC; /* We do not process non-UTF-8 locale */ ++ ++ r = locale_gen_locale_supported(locale_entry); ++ if (r == 0) ++ return -EINVAL; ++ if (r < 0 && r != -EOPNOTSUPP) ++ return r; ++ ++ fr = fopen("/etc/locale.gen", "re"); ++ if (!fr) { ++ if (errno != ENOENT) ++ return -errno; ++ write_new = true; ++ } ++ ++ r = fopen_temporary("/etc/locale.gen", &fw, &temp_path); ++ if (r < 0) ++ return r; ++ ++ if (write_new) ++ (void) fchmod(fileno(fw), 0644); ++ else { ++ /* apply mode & xattrs of the original file to new file */ ++ r = copy_access(fileno(fr), fileno(fw)); ++ if (r < 0) ++ return r; ++ r = copy_xattr(fileno(fr), fileno(fw)); ++ if (r < 0) ++ return r; ++ } ++ ++ if (!write_new) { ++ /* The config file ends with a line break, which we do not want to include before potentially appending a new locale ++ * instead of uncommenting an existing line. By prepending linebreaks, we can avoid buffering this file but can still write ++ * a nice config file without empty lines */ ++ first_line = true; ++ for (;;) { ++ _cleanup_free_ char *line = NULL; ++ char *line_locale; ++ ++ r = read_line(fr, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ break; ++ ++ if (locale_enabled) { ++ /* Just complete writing the file if the new locale was already enabled */ ++ if (!first_line) ++ fputc('\n', fw); ++ fputs(line, fw); ++ first_line = false; ++ continue; ++ } ++ ++ line = strstrip(line); ++ if (isempty(line)) { ++ fputc('\n', fw); ++ first_line = false; ++ continue; ++ } ++ ++ line_locale = line; ++ if (line_locale[0] == '#') ++ line_locale = strstrip(line_locale + 1); ++ else if (strcaseeq_ptr(line_locale, locale_entry)) ++ return 0; /* the file already had our locale activated, so skip updating it */ ++ ++ if (strcaseeq_ptr(line_locale, locale_entry)) { ++ /* Uncomment existing line for new locale */ ++ if (!first_line) ++ fputc('\n', fw); ++ fputs(locale_entry, fw); ++ locale_enabled = true; ++ first_line = false; ++ continue; ++ } ++ ++ /* The line was not for the locale we want to enable, just copy it */ ++ if (!first_line) ++ fputc('\n', fw); ++ fputs(line, fw); ++ first_line = false; ++ } ++ } ++ ++ /* Add locale to enable to the end of the file if it was not found as commented line */ ++ if (!locale_enabled) { ++ if (!write_new) ++ fputc('\n', fw); ++ fputs(locale_entry, fw); ++ } ++ fputc('\n', fw); ++ ++ r = fflush_sync_and_check(fw); ++ if (r < 0) ++ return r; ++ ++ if (rename(temp_path, "/etc/locale.gen") < 0) ++ return -errno; ++ temp_path = mfree(temp_path); ++ ++ return 0; ++#else ++ return -EOPNOTSUPP; ++#endif ++} ++ ++int locale_gen_run(void) { ++#if HAVE_LOCALEGEN ++ pid_t pid; ++ int r; ++ ++ r = safe_fork("(sd-localegen)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, &pid); ++ if (r < 0) ++ return r; ++ if (r == 0) { ++ execl(LOCALEGEN_PATH, LOCALEGEN_PATH, NULL); ++ _exit(EXIT_FAILURE); ++ } ++ ++ return 0; ++#else ++ return -EOPNOTSUPP; ++#endif ++} +diff --git a/src/locale/keymap-util.h b/src/locale/keymap-util.h +index 4997647..c087dbc 100644 +--- a/src/locale/keymap-util.h ++++ b/src/locale/keymap-util.h +@@ -42,3 +42,7 @@ int x11_convert_to_vconsole(Context *c); + int x11_write_data(Context *c); + void locale_simplify(char *locale[_VARIABLE_LC_MAX]); + int locale_write_data(Context *c, char ***settings); ++ ++bool locale_gen_check_available(void); ++int locale_gen_enable_locale(const char *locale); ++int locale_gen_run(void); +diff --git a/src/locale/localectl.c b/src/locale/localectl.c +index 7d2e887..7d3d3f8 100644 +--- a/src/locale/localectl.c ++++ b/src/locale/localectl.c +@@ -26,6 +26,9 @@ + #include "verbs.h" + #include "virt.h" + ++/* Enough time for locale-gen to finish server-side (in case it is in use) */ ++#define LOCALE_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE) ++ + static PagerFlags arg_pager_flags = 0; + static bool arg_ask_password = true; + static BusTransport arg_transport = BUS_TRANSPORT_LOCAL; +@@ -176,7 +179,8 @@ static int set_locale(int argc, char **argv, void *userdata) { + if (r < 0) + return bus_log_create_error(r); + +- r = sd_bus_call(bus, m, 0, &error, NULL); ++ /* We use a longer timeout for the method call in case localed is running locale-gen */ ++ r = sd_bus_call(bus, m, LOCALE_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL); + if (r < 0) + return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r)); + +diff --git a/src/locale/localed.c b/src/locale/localed.c +index 736dacd..12073bd 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -262,6 +262,7 @@ static int property_get_xkb( + static int process_locale_list_item( + const char *assignment, + char *new_locale[static _VARIABLE_LC_MAX], ++ bool use_localegen, + sd_bus_error *error) { + + assert(assignment); +@@ -283,7 +284,7 @@ static int process_locale_list_item( + + if (!locale_is_valid(e)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale %s is not valid, refusing.", e); +- if (locale_is_installed(e) <= 0) ++ if (!use_localegen && locale_is_installed(e) <= 0) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale %s not installed, refusing.", e); + if (new_locale[p]) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale variable %s set twice, refusing.", name); +@@ -298,6 +299,47 @@ static int process_locale_list_item( + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale assignment %s not valid, refusing.", assignment); + } + ++static int locale_gen_process_locale(char *new_locale[static _VARIABLE_LC_MAX], ++ sd_bus_error *error) { ++ int r; ++ assert(new_locale); ++ ++ for (LocaleVariable p = 0; p < _VARIABLE_LC_MAX; p++) { ++ if (p == VARIABLE_LANGUAGE) ++ continue; ++ if (isempty(new_locale[p])) ++ continue; ++ if (locale_is_installed(new_locale[p])) ++ continue; ++ ++ r = locale_gen_enable_locale(new_locale[p]); ++ if (r == -ENOEXEC) { ++ log_error_errno(r, "Refused to enable locale for generation: %m"); ++ return sd_bus_error_setf(error, ++ SD_BUS_ERROR_INVALID_ARGS, ++ "Specified locale is not installed and non-UTF-8 locale will not be auto-generated: %s", ++ new_locale[p]); ++ } else if (r == -EINVAL) { ++ log_error_errno(r, "Failed to enable invalid locale %s for generation.", new_locale[p]); ++ return sd_bus_error_setf(error, ++ SD_BUS_ERROR_INVALID_ARGS, ++ "Can not enable locale generation for invalid locale: %s", ++ new_locale[p]); ++ } else if (r < 0) { ++ log_error_errno(r, "Failed to enable locale for generation: %m"); ++ return sd_bus_error_set_errnof(error, r, "Failed to enable locale generation: %m"); ++ } ++ ++ r = locale_gen_run(); ++ if (r < 0) { ++ log_error_errno(r, "Failed to generate locale: %m"); ++ return sd_bus_error_set_errnof(error, r, "Failed to generate locale: %m"); ++ } ++ } ++ ++ return 0; ++} ++ + static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *error) { + _cleanup_(locale_variables_freep) char *new_locale[_VARIABLE_LC_MAX] = {}; + _cleanup_strv_free_ char **settings = NULL, **l = NULL; +@@ -305,6 +347,7 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + bool modified = false; + int interactive, r; + char **i; ++ bool use_localegen; + + assert(m); + assert(c); +@@ -317,11 +360,13 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + if (r < 0) + return r; + ++ use_localegen = locale_gen_check_available(); ++ + /* If single locale without variable name is provided, then we assume it is LANG=. */ + if (strv_length(l) == 1 && !strchr(l[0], '=')) { + if (!locale_is_valid(l[0])) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid locale specification: %s", l[0]); +- if (locale_is_installed(l[0]) <= 0) ++ if (!use_localegen && locale_is_installed(l[0]) <= 0) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified locale is not installed: %s", l[0]); + + new_locale[VARIABLE_LANG] = strdup(l[0]); +@@ -333,7 +378,7 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + + /* Check whether a variable is valid */ + STRV_FOREACH(i, l) { +- r = process_locale_list_item(*i, new_locale, error); ++ r = process_locale_list_item(*i, new_locale, use_localegen, error); + if (r < 0) + return r; + } +@@ -392,9 +437,17 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + ++ /* Generate locale in case it is missing and the system is using locale-gen */ ++ if (use_localegen) { ++ r = locale_gen_process_locale(new_locale, error); ++ if (r < 0) ++ return r; ++ } ++ + for (LocaleVariable p = 0; p < _VARIABLE_LC_MAX; p++) + free_and_replace(c->locale[p], new_locale[p]); + ++ /* Write locale configuration */ + r = locale_write_data(c, &settings); + if (r < 0) { + log_error_errno(r, "Failed to set locale: %m"); diff --git a/debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch b/debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch new file mode 100644 index 0000000..509dfc7 --- /dev/null +++ b/debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch @@ -0,0 +1,36 @@ +From: Michael Biebl <biebl@debian.org> +Date: Wed, 12 Oct 2022 11:07:57 +0200 +Subject: logind: fix getting property OnExternalPower via D-Bus + +The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third +argument, so we need to call manager_is_on_external_power(). Otherwise +the function pointer is interpreted as a boolean and always returns +true: + +``` +$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower +b true +$ /lib/systemd/systemd-ac-power --verbose +no +``` + +Thanks: Helmut Grohne <helmut@subdivi.de> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644 +(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150) +--- + src/login/logind-dbus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index b95af1a..cf2be79 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -352,7 +352,7 @@ static int property_get_scheduled_shutdown( + static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction); + static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays); + static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed); +-static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power); ++static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power()); + static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX); + static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size); + diff --git a/debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch b/debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch new file mode 100644 index 0000000..50ae974 --- /dev/null +++ b/debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch @@ -0,0 +1,28 @@ +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Tue, 15 Dec 2020 18:26:34 +0000 +Subject: machine: adjust error message to use 'normalized' instead of ../ + +(cherry picked from commit 724e689715c8d9f23d035ab20d8c87b6b6c06e33) +--- + src/machine/machine-dbus.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index 3c8f4fd..5ed892f 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -827,12 +827,12 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu + return r; + + if (!path_is_absolute(src) || !path_is_normalized(src)) +- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../."); ++ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and normalized."); + + if (isempty(dest)) + dest = src; + else if (!path_is_absolute(dest) || !path_is_normalized(dest)) +- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../."); ++ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and normalized."); + + r = bus_verify_polkit_async( + message, diff --git a/debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch b/debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch new file mode 100644 index 0000000..965e925 --- /dev/null +++ b/debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch @@ -0,0 +1,499 @@ +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 13 Aug 2020 14:01:34 +0100 +Subject: machine/basic: factor out helper function to add airlocked mount to + namespace + +(cherry picked from commit 6af52c3a458691b016bedeba34c1e72294a67c81) +--- + src/machine/machine-dbus.c | 214 ++------------------------------------------ + src/shared/mount-util.c | 217 +++++++++++++++++++++++++++++++++++++++++++++ + src/shared/mount-util.h | 2 + + 3 files changed, 227 insertions(+), 206 deletions(-) + +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index 1105008..3c8f4fd 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -810,17 +810,9 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu + } + + int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bus_error *error) { +- _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; +- char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p; +- bool mount_slave_created = false, mount_slave_mounted = false, +- mount_tmp_created = false, mount_tmp_mounted = false, +- mount_outside_created = false, mount_outside_mounted = false; +- _cleanup_free_ char *chased_src = NULL; + int read_only, make_file_or_directory; +- const char *dest, *src; ++ const char *dest, *src, *propagate_directory; + Machine *m = userdata; +- struct stat st; +- pid_t child; + uid_t uid; + int r; + +@@ -862,205 +854,15 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu + if (uid != 0) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Can't bind mount on container with user namespacing applied."); + +- /* One day, when bind mounting /proc/self/fd/n works across +- * namespace boundaries we should rework this logic to make +- * use of it... */ +- +- p = strjoina("/run/systemd/nspawn/propagate/", m->name, "/"); +- if (laccess(p, F_OK) < 0) +- return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Container does not allow propagation of mount points."); +- +- r = chase_symlinks(src, NULL, CHASE_TRAIL_SLASH, &chased_src, NULL); ++ propagate_directory = strjoina("/run/systemd/nspawn/propagate/", m->name); ++ r = bind_mount_in_namespace(m->leader, ++ propagate_directory, ++ "/run/host/incoming/", ++ src, dest, read_only, make_file_or_directory); + if (r < 0) +- return sd_bus_error_set_errnof(error, r, "Failed to resolve source path: %m"); +- +- if (lstat(chased_src, &st) < 0) +- return sd_bus_error_set_errnof(error, errno, "Failed to stat() source path: %m"); +- if (S_ISLNK(st.st_mode)) /* This shouldn't really happen, given that we just chased the symlinks above, but let's better be safe… */ +- return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Source directory can't be a symbolic link"); +- +- /* Our goal is to install a new bind mount into the container, +- possibly read-only. This is irritatingly complex +- unfortunately, currently. +- +- First, we start by creating a private playground in /tmp, +- that we can mount MS_SLAVE. (Which is necessary, since +- MS_MOVE cannot be applied to mounts with MS_SHARED parent +- mounts.) */ +- +- if (!mkdtemp(mount_slave)) +- return sd_bus_error_set_errnof(error, errno, "Failed to create playground %s: %m", mount_slave); +- +- mount_slave_created = true; +- +- r = mount_nofollow_verbose(LOG_DEBUG, mount_slave, mount_slave, NULL, MS_BIND, NULL); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to make bind mount %s: %m", mount_slave); +- goto finish; +- } +- +- mount_slave_mounted = true; +- +- r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_slave, NULL, MS_SLAVE, NULL); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to remount slave %s: %m", mount_slave); +- goto finish; +- } +- +- /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */ +- mount_tmp = strjoina(mount_slave, "/mount"); +- r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to create temporary mount point %s: %m", mount_tmp); +- goto finish; +- } +- +- mount_tmp_created = true; +- +- r = mount_nofollow_verbose(LOG_DEBUG, chased_src, mount_tmp, NULL, MS_BIND, NULL); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to mount %s: %m", chased_src); +- goto finish; +- } +- +- mount_tmp_mounted = true; +- +- /* Third, we remount the new bind mount read-only if requested. */ +- if (read_only) { +- r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to remount read-only %s: %m", mount_tmp); +- goto finish; +- } +- } +- +- /* Fourth, we move the new bind mount into the propagation directory. This way it will appear there read-only +- * right-away. */ +- +- mount_outside = strjoina("/run/systemd/nspawn/propagate/", m->name, "/XXXXXX"); +- if (S_ISDIR(st.st_mode)) +- r = mkdtemp(mount_outside) ? 0 : -errno; +- else { +- r = mkostemp_safe(mount_outside); +- safe_close(r); +- } +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Cannot create propagation file or directory %s: %m", mount_outside); +- goto finish; +- } +- +- mount_outside_created = true; +- +- r = mount_nofollow_verbose(LOG_DEBUG, mount_tmp, mount_outside, NULL, MS_MOVE, NULL); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to move %s to %s: %m", mount_tmp, mount_outside); +- goto finish; +- } +- +- mount_outside_mounted = true; +- mount_tmp_mounted = false; +- +- if (S_ISDIR(st.st_mode)) +- (void) rmdir(mount_tmp); +- else +- (void) unlink(mount_tmp); +- mount_tmp_created = false; +- +- (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW); +- mount_slave_mounted = false; +- +- (void) rmdir(mount_slave); +- mount_slave_created = false; +- +- if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) { +- r = sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m"); +- goto finish; +- } +- +- r = safe_fork("(sd-bindmnt)", FORK_RESET_SIGNALS, &child); +- if (r < 0) { +- sd_bus_error_set_errnof(error, r, "Failed to fork(): %m"); +- goto finish; +- } +- if (r == 0) { +- const char *mount_inside, *q; +- int mntfd; +- +- errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); +- +- q = procfs_file_alloca(m->leader, "ns/mnt"); +- mntfd = open(q, O_RDONLY|O_NOCTTY|O_CLOEXEC); +- if (mntfd < 0) { +- r = log_error_errno(errno, "Failed to open mount namespace of leader: %m"); +- goto child_fail; +- } +- +- if (setns(mntfd, CLONE_NEWNS) < 0) { +- r = log_error_errno(errno, "Failed to join namespace of leader: %m"); +- goto child_fail; +- } +- +- if (make_file_or_directory) { +- (void) mkdir_parents(dest, 0755); +- (void) make_mount_point_inode_from_stat(&st, dest, 0700); +- } +- +- mount_inside = strjoina("/run/host/incoming/", basename(mount_outside)); +- r = mount_nofollow_verbose(LOG_ERR, mount_inside, dest, NULL, MS_MOVE, NULL); +- if (r < 0) +- goto child_fail; +- +- _exit(EXIT_SUCCESS); +- +- child_fail: +- (void) write(errno_pipe_fd[1], &r, sizeof(r)); +- errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); +- +- _exit(EXIT_FAILURE); +- } +- +- errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); ++ return sd_bus_error_set_errnof(error, r, "Failed to mount %s on %s in machine's namespace: %m", src, dest); + +- r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0); +- if (r < 0) { +- r = sd_bus_error_set_errnof(error, r, "Failed to wait for child: %m"); +- goto finish; +- } +- if (r != EXIT_SUCCESS) { +- if (read(errno_pipe_fd[0], &r, sizeof(r)) == sizeof(r)) +- r = sd_bus_error_set_errnof(error, r, "Failed to mount: %m"); +- else +- r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Child failed."); +- goto finish; +- } +- +- r = sd_bus_reply_method_return(message, NULL); +- +-finish: +- if (mount_outside_mounted) +- (void) umount_verbose(LOG_DEBUG, mount_outside, UMOUNT_NOFOLLOW); +- if (mount_outside_created) { +- if (S_ISDIR(st.st_mode)) +- (void) rmdir(mount_outside); +- else +- (void) unlink(mount_outside); +- } +- +- if (mount_tmp_mounted) +- (void) umount_verbose(LOG_DEBUG, mount_tmp, UMOUNT_NOFOLLOW); +- if (mount_tmp_created) { +- if (S_ISDIR(st.st_mode)) +- (void) rmdir(mount_tmp); +- else +- (void) unlink(mount_tmp); +- } +- +- if (mount_slave_mounted) +- (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW); +- if (mount_slave_created) +- (void) rmdir(mount_slave); +- +- return r; ++ return sd_bus_reply_method_return(message, NULL); + } + + int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_error *error) { +diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c +index b19b384..4cfbb55 100644 +--- a/src/shared/mount-util.c ++++ b/src/shared/mount-util.c +@@ -14,15 +14,18 @@ + #include "fs-util.h" + #include "hashmap.h" + #include "libmount-util.h" ++#include "mkdir.h" + #include "mount-util.h" + #include "mountpoint-util.h" + #include "parse-util.h" + #include "path-util.h" ++#include "process-util.h" + #include "set.h" + #include "stat-util.h" + #include "stdio-util.h" + #include "string-util.h" + #include "strv.h" ++#include "tmpfile-util.h" + + int mount_fd(const char *source, + int target_fd, +@@ -742,3 +745,217 @@ int mount_option_mangle( + + return 0; + } ++ ++int bind_mount_in_namespace( ++ pid_t target, ++ const char *propagate_path, ++ const char *incoming_path, ++ const char *src, ++ const char *dest, ++ bool read_only, ++ bool make_file_or_directory) { ++ ++ _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; ++ char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p; ++ bool mount_slave_created = false, mount_slave_mounted = false, ++ mount_tmp_created = false, mount_tmp_mounted = false, ++ mount_outside_created = false, mount_outside_mounted = false; ++ _cleanup_free_ char *chased_src = NULL; ++ struct stat st; ++ pid_t child; ++ int r; ++ ++ assert(target > 0); ++ assert(propagate_path); ++ assert(incoming_path); ++ assert(src); ++ assert(dest); ++ ++ /* One day, when bind mounting /proc/self/fd/n works across ++ * namespace boundaries we should rework this logic to make ++ * use of it... */ ++ ++ p = strjoina(propagate_path, "/"); ++ r = laccess(p, F_OK); ++ if (r < 0) ++ return log_debug_errno(r == -ENOENT ? SYNTHETIC_ERRNO(EOPNOTSUPP) : r, "Target does not allow propagation of mount points"); ++ ++ r = chase_symlinks(src, NULL, CHASE_TRAIL_SLASH, &chased_src, NULL); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to resolve source path of %s: %m", src); ++ ++ if (lstat(chased_src, &st) < 0) ++ return log_debug_errno(errno, "Failed to stat() resolved source path %s: %m", chased_src); ++ if (S_ISLNK(st.st_mode)) /* This shouldn't really happen, given that we just chased the symlinks above, but let's better be safe… */ ++ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Source directory %s can't be a symbolic link", chased_src); ++ ++ /* Our goal is to install a new bind mount into the container, ++ possibly read-only. This is irritatingly complex ++ unfortunately, currently. ++ ++ First, we start by creating a private playground in /tmp, ++ that we can mount MS_SLAVE. (Which is necessary, since ++ MS_MOVE cannot be applied to mounts with MS_SHARED parent ++ mounts.) */ ++ ++ if (!mkdtemp(mount_slave)) ++ return log_debug_errno(errno, "Failed to create playground %s: %m", mount_slave); ++ ++ mount_slave_created = true; ++ ++ r = mount_nofollow_verbose(LOG_DEBUG, mount_slave, mount_slave, NULL, MS_BIND, NULL); ++ if (r < 0) ++ goto finish; ++ ++ mount_slave_mounted = true; ++ ++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_slave, NULL, MS_SLAVE, NULL); ++ if (r < 0) ++ goto finish; ++ ++ /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */ ++ mount_tmp = strjoina(mount_slave, "/mount"); ++ r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700); ++ if (r < 0) { ++ log_debug_errno(r, "Failed to create temporary mount point %s: %m", mount_tmp); ++ goto finish; ++ } ++ ++ mount_tmp_created = true; ++ ++ r = mount_nofollow_verbose(LOG_DEBUG, chased_src, mount_tmp, NULL, MS_BIND, NULL); ++ if (r < 0) ++ goto finish; ++ ++ mount_tmp_mounted = true; ++ ++ /* Third, we remount the new bind mount read-only if requested. */ ++ if (read_only) { ++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL); ++ if (r < 0) ++ goto finish; ++ } ++ ++ /* Fourth, we move the new bind mount into the propagation directory. This way it will appear there read-only ++ * right-away. */ ++ ++ mount_outside = strjoina(propagate_path, "/XXXXXX"); ++ if (S_ISDIR(st.st_mode)) ++ r = mkdtemp(mount_outside) ? 0 : -errno; ++ else { ++ r = mkostemp_safe(mount_outside); ++ safe_close(r); ++ } ++ if (r < 0) { ++ log_debug_errno(r, "Cannot create propagation file or directory %s: %m", mount_outside); ++ goto finish; ++ } ++ ++ mount_outside_created = true; ++ ++ r = mount_nofollow_verbose(LOG_DEBUG, mount_tmp, mount_outside, NULL, MS_MOVE, NULL); ++ if (r < 0) ++ goto finish; ++ ++ mount_outside_mounted = true; ++ mount_tmp_mounted = false; ++ ++ if (S_ISDIR(st.st_mode)) ++ (void) rmdir(mount_tmp); ++ else ++ (void) unlink(mount_tmp); ++ mount_tmp_created = false; ++ ++ (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW); ++ mount_slave_mounted = false; ++ ++ (void) rmdir(mount_slave); ++ mount_slave_created = false; ++ ++ if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) { ++ log_debug_errno(errno, "Failed to create pipe: %m"); ++ goto finish; ++ } ++ ++ r = safe_fork("(sd-bindmnt)", FORK_RESET_SIGNALS, &child); ++ if (r < 0) ++ goto finish; ++ if (r == 0) { ++ const char *mount_inside, *q; ++ int mntfd; ++ ++ errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); ++ ++ q = procfs_file_alloca(target, "ns/mnt"); ++ mntfd = open(q, O_RDONLY|O_NOCTTY|O_CLOEXEC); ++ if (mntfd < 0) { ++ r = log_error_errno(errno, "Failed to open mount namespace of leader: %m"); ++ goto child_fail; ++ } ++ ++ if (setns(mntfd, CLONE_NEWNS) < 0) { ++ r = log_error_errno(errno, "Failed to join namespace of leader: %m"); ++ goto child_fail; ++ } ++ ++ if (make_file_or_directory) { ++ (void) mkdir_parents(dest, 0755); ++ (void) make_mount_point_inode_from_stat(&st, dest, 0700); ++ } ++ ++ /* Fifth, move the mount to the right place inside */ ++ mount_inside = strjoina(incoming_path, basename(mount_outside)); ++ r = mount_nofollow_verbose(LOG_ERR, mount_inside, dest, NULL, MS_MOVE, NULL); ++ if (r < 0) ++ goto child_fail; ++ ++ _exit(EXIT_SUCCESS); ++ ++ child_fail: ++ (void) write(errno_pipe_fd[1], &r, sizeof(r)); ++ errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); ++ ++ _exit(EXIT_FAILURE); ++ } ++ ++ errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]); ++ ++ r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0); ++ if (r < 0) { ++ log_debug_errno(r, "Failed to wait for child: %m"); ++ goto finish; ++ } ++ if (r != EXIT_SUCCESS) { ++ if (read(errno_pipe_fd[0], &r, sizeof(r)) == sizeof(r)) ++ log_debug_errno(r, "Failed to mount: %m"); ++ else ++ log_debug("Child failed."); ++ goto finish; ++ } ++ ++finish: ++ if (mount_outside_mounted) ++ (void) umount_verbose(LOG_DEBUG, mount_outside, UMOUNT_NOFOLLOW); ++ if (mount_outside_created) { ++ if (S_ISDIR(st.st_mode)) ++ (void) rmdir(mount_outside); ++ else ++ (void) unlink(mount_outside); ++ } ++ ++ if (mount_tmp_mounted) ++ (void) umount_verbose(LOG_DEBUG, mount_tmp, UMOUNT_NOFOLLOW); ++ if (mount_tmp_created) { ++ if (S_ISDIR(st.st_mode)) ++ (void) rmdir(mount_tmp); ++ else ++ (void) unlink(mount_tmp); ++ } ++ ++ if (mount_slave_mounted) ++ (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW); ++ if (mount_slave_created) ++ (void) rmdir(mount_slave); ++ ++ return r; ++} +diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h +index 6202008..c3500a0 100644 +--- a/src/shared/mount-util.h ++++ b/src/shared/mount-util.h +@@ -97,3 +97,5 @@ static inline char* umount_and_rmdir_and_free(char *p) { + return NULL; + } + DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free); ++ ++int bind_mount_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory); diff --git a/debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch b/debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch new file mode 100644 index 0000000..e9cd9dd --- /dev/null +++ b/debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch @@ -0,0 +1,105 @@ +From: Luca Boccassi <bluca@debian.org> +Date: Wed, 13 Jan 2021 23:52:00 +0000 +Subject: machine: enter target PID namespace when adding a live mount + +machinectl fails since 21935150a0c42b91a322105f6a9129116bfc8e2e as it's now +mounting onto a file descriptor in a target namespace, without joining the +target's PID namespace. +Note that it's not enough to setns CLONE_NEWPID, but a double-fork is required +as well, as implemented by namespace_fork(). + +Add a test case to TEST-13-NSPAWN to cover this use case. + +(cherry picked from commit 98f654fdeab1e1b6df2be76e29e4ccbb6624898d) +--- + src/shared/mount-util.c | 6 +++--- + test/create-busybox-container | 3 +++ + test/units/testsuite-13.sh | 25 +++++++++++++++++++++++++ + 3 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c +index 368c5f0..2e374cc 100644 +--- a/src/shared/mount-util.c ++++ b/src/shared/mount-util.c +@@ -757,7 +757,7 @@ int bind_mount_in_namespace( + bool make_file_or_directory) { + + _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; +- _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1; ++ _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1, pidns_fd = -1; + char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p; + bool mount_slave_created = false, mount_slave_mounted = false, + mount_tmp_created = false, mount_tmp_mounted = false, +@@ -773,7 +773,7 @@ int bind_mount_in_namespace( + assert(src); + assert(dest); + +- r = namespace_open(target, NULL, &mntns_fd, NULL, NULL, &root_fd); ++ r = namespace_open(target, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd); + if (r < 0) + return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m"); + +@@ -898,7 +898,7 @@ int bind_mount_in_namespace( + } + + r = namespace_fork("(sd-bindmnt)", "(sd-bindmnt-inner)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, +- -1, mntns_fd, -1, -1, root_fd, &child); ++ pidns_fd, mntns_fd, -1, -1, root_fd, &child); + if (r < 0) + goto finish; + if (r == 0) { +diff --git a/test/create-busybox-container b/test/create-busybox-container +index 5ded429..b2b7b26 100755 +--- a/test/create-busybox-container ++++ b/test/create-busybox-container +@@ -28,6 +28,9 @@ ln -s busybox "$root/bin/cat" + ln -s busybox "$root/bin/tr" + ln -s busybox "$root/bin/ps" + ln -s busybox "$root/bin/ip" ++ln -s busybox "$root/bin/seq" ++ln -s busybox "$root/bin/sleep" ++ln -s busybox "$root/bin/test" + + mkdir -p "$root/sbin" + cat <<'EOF' >"$root/sbin/init" +diff --git a/test/units/testsuite-13.sh b/test/units/testsuite-13.sh +index 969ca4a..1844323 100755 +--- a/test/units/testsuite-13.sh ++++ b/test/units/testsuite-13.sh +@@ -93,6 +93,29 @@ if echo test >> /run/host/os-release; then exit 1; fi + fi + } + ++function check_machinectl_bind { ++ local _cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; sleep 0.5; done; exit 1;' ++ ++ cat <<EOF > /run/systemd/system/nspawn_machinectl_bind.service ++[Service] ++Type=notify ++ExecStart=systemd-nspawn $SUSE_OPTS -D /testsuite-13.nc-container --notify-ready=no /bin/sh -x -e -c "$_cmd" ++EOF ++ ++ systemctl start nspawn_machinectl_bind.service ++ ++ touch /tmp/marker ++ ++ machinectl bind --mkdir testsuite-13.nc-container /tmp/marker ++ ++ while systemctl show -P SubState nspawn_machinectl_bind.service | grep -q running ++ do ++ sleep 0.1 ++ done ++ ++ return $(systemctl show -P ExecMainStatus nspawn_machinectl_bind.service) ++} ++ + function run { + if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then + printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2 +@@ -186,4 +209,6 @@ for api_vfs_writable in yes no network; do + run yes yes $api_vfs_writable + done + ++check_machinectl_bind ++ + touch /testok diff --git a/debian/patches/machined-varlink-fix-double-free.patch b/debian/patches/machined-varlink-fix-double-free.patch new file mode 100644 index 0000000..80ccaca --- /dev/null +++ b/debian/patches/machined-varlink-fix-double-free.patch @@ -0,0 +1,22 @@ +From: David Tardon <dtardon@redhat.com> +Date: Mon, 2 Aug 2021 13:31:04 +0200 +Subject: machined-varlink: fix double free + +Fixes: #18599 +--- + src/machine/machined-varlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index 2d6c199..8c2e456 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -297,7 +297,7 @@ static int group_lookup_name(Manager *m, const char *name, gid_t *ret_gid, char + desc = mfree(desc); + + *ret_gid = converted_gid; +- *ret_description = desc; ++ *ret_description = TAKE_PTR(desc); + return 0; + } + diff --git a/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch b/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch new file mode 100644 index 0000000..055c598 --- /dev/null +++ b/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch @@ -0,0 +1,86 @@ +From: "Kevin P. Fleming" <kevin@km6g.us> +Date: Sat, 6 Feb 2021 10:58:43 -0500 +Subject: network: Delay addition of IPv6 Proxy NDP addresses + +Setting of IPv6 Proxy NDP addresses must be done at the same +time as static addresses, static routes, and other link attributes +that must be configured when the link is up. Doing this ensures +that they are reconfigured on the link if the link goes down +and returns to service. + +(cherry picked from commit 12f7469bbe0142d7f360a29ca2b407ce7f5ff096) + +Fixes https://github.com/systemd/systemd-stable/issues/89 + +(cherry picked from commit d5ea028e46673ef627843e90c3d01ebac8fe0e62) +--- + src/network/networkd-address.c | 11 +++++++++++ + src/network/networkd-link.c | 5 ----- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 961b248..ef47af4 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -9,6 +9,7 @@ + #include "netlink-util.h" + #include "networkd-address-pool.h" + #include "networkd-address.h" ++#include "networkd-ipv6-proxy-ndp.h" + #include "networkd-manager.h" + #include "networkd-network.h" + #include "parse-util.h" +@@ -903,6 +904,7 @@ int address_configure( + static int static_address_ready_callback(Address *address) { + Address *a; + Link *link; ++ int r; + + assert(address); + assert(address->link); +@@ -927,6 +929,10 @@ static int static_address_ready_callback(Address *address) { + + link->addresses_ready = true; + ++ r = link_set_ipv6_proxy_ndp_addresses(link); ++ if (r < 0) ++ return r; ++ + return link_set_routes(link); + } + +@@ -1046,6 +1052,11 @@ int link_set_addresses(Link *link) { + if (link->address_messages == 0) { + link->addresses_configured = true; + link->addresses_ready = true; ++ ++ r = link_set_ipv6_proxy_ndp_addresses(link); ++ if (r < 0) ++ return r; ++ + r = link_set_routes(link); + if (r < 0) + return r; +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 8120343..e8a7223 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -28,7 +28,6 @@ + #include "networkd-dhcp6.h" + #include "networkd-fdb.h" + #include "networkd-ipv4ll.h" +-#include "networkd-ipv6-proxy-ndp.h" + #include "networkd-link-bus.h" + #include "networkd-link.h" + #include "networkd-lldp-tx.h" +@@ -2056,10 +2055,6 @@ int link_configure(Link *link) { + if (r < 0) + return r; + +- r = link_set_ipv6_proxy_ndp_addresses(link); +- if (r < 0) +- return r; +- + r = link_set_mac(link); + if (r < 0) + return r; diff --git a/debian/patches/pkg-config-make-prefix-overridable-again.patch b/debian/patches/pkg-config-make-prefix-overridable-again.patch new file mode 100644 index 0000000..68e50bc --- /dev/null +++ b/debian/patches/pkg-config-make-prefix-overridable-again.patch @@ -0,0 +1,75 @@ +From: Jan Tojnar <jtojnar@gmail.com> +Date: Sat, 2 Jan 2021 02:46:33 +0100 +Subject: pkg-config: make prefix overridable again + +While we don't support prefix being != /usr, and this is hardcoded +all over the place, variables in pkg-config file are expected +to have overridable base directory. + +This is important for at least the following two use cases: + +- Installing projects to non-FHS package-specific prefixes for Nix-style + package managers. Of course, it is then their responsibility + to ensure systemd can find the service files. +- Installing to local path for development purposes. + This is a compromise between running a program from a build directory, + and running it fully installed to system prefix. + +You will not want to write to system prefix in either case. + +For more information, see also +https://www.bassi.io/articles/2018/03/15/pkg-config-and-paths/ + +Fixes https://github.com/systemd/systemd/issues/18082 + +Partially reverts 6e65df89c348242dbd10036abc7dd5e8181cf733 + +(cherry picked from commit 60bce7c6d9606185114df1bdcd5ea100407688b8) +--- + src/core/systemd.pc.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index f2c0455..b5cc8f9 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -26,10 +26,10 @@ systemdsystemunitdir=${systemd_system_unit_dir} + systemd_system_preset_dir=${rootprefix}/lib/systemd/system-preset + systemdsystempresetdir=${systemd_system_preset_dir} + +-systemd_user_unit_dir=/usr/lib/systemd/user ++systemd_user_unit_dir=${prefix}/lib/systemd/user + systemduserunitdir=${systemd_user_unit_dir} + +-systemd_user_preset_dir=/usr/lib/systemd/user-preset ++systemd_user_preset_dir=${prefix}/lib/systemd/user-preset + systemduserpresetdir=${systemd_user_preset_dir} + + systemd_system_conf_dir=${sysconfdir}/systemd/system +@@ -47,7 +47,7 @@ systemduserunitpath=${systemd_user_unit_path} + systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators + systemdsystemgeneratordir=${systemd_system_generator_dir} + +-systemd_user_generator_dir=/usr/lib/systemd/user-generators ++systemd_user_generator_dir=${prefix}/lib/systemd/user-generators + systemdusergeneratordir=${systemd_user_generator_dir} + + systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir} +@@ -62,7 +62,7 @@ systemdsleepdir=${systemd_sleep_dir} + systemd_shutdown_dir=${root_prefix}/lib/systemd/system-shutdown + systemdshutdowndir=${systemd_shutdown_dir} + +-tmpfiles_dir=/usr/lib/tmpfiles.d ++tmpfiles_dir=${prefix}/lib/tmpfiles.d + tmpfilesdir=${tmpfiles_dir} + + sysusers_dir=${rootprefix}/lib/sysusers.d +@@ -77,7 +77,7 @@ binfmtdir=${binfmt_dir} + modules_load_dir=${rootprefix}/lib/modules-load.d + modulesloaddir=${modules_load_dir} + +-catalog_dir=/usr/lib/systemd/catalog ++catalog_dir=${prefix}/lib/systemd/catalog + catalogdir=${catalog_dir} + + system_uid_max=@SYSTEM_UID_MAX@ diff --git a/debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch b/debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch new file mode 100644 index 0000000..67d959c --- /dev/null +++ b/debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch @@ -0,0 +1,128 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 26 Jan 2021 16:47:07 +0100 +Subject: rm-rf: fstatat() might fail if containing dir has limited access + mode, patch that too + +(cherry picked from commit 1b55621dabf741dd963f59ac706ea62cd6e3e95c) +(cherry picked from commit ce53b81a600e2162ee86e2f4d202e7f28eceb2c6) +--- + src/basic/rm-rf.c | 82 ++++++++++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 66 insertions(+), 16 deletions(-) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index 4c39ce8..2f2ebc3 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -23,13 +23,38 @@ static bool is_physical_fs(const struct statfs *sfs) { + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); + } + ++static int patch_dirfd_mode( ++ int dfd, ++ mode_t *ret_old_mode) { ++ ++ struct stat st; ++ ++ assert(dfd >= 0); ++ assert(ret_old_mode); ++ ++ if (fstat(dfd, &st) < 0) ++ return -errno; ++ if (!S_ISDIR(st.st_mode)) ++ return -ENOTDIR; ++ if (FLAGS_SET(st.st_mode, 0700)) /* Already set? */ ++ return -EACCES; /* original error */ ++ if (st.st_uid != geteuid()) /* this only works if the UID matches ours */ ++ return -EACCES; ++ ++ if (fchmod(dfd, (st.st_mode | 0700) & 07777) < 0) ++ return -errno; ++ ++ *ret_old_mode = st.st_mode; ++ return 0; ++} ++ + static int unlinkat_harder( + int dfd, + const char *filename, + int unlink_flags, + RemoveFlags remove_flags) { + +- struct stat st; ++ mode_t old_mode; + int r; + + /* Like unlinkat(), but tries harder: if we get EACCESS we'll try to set the r/w/x bits on the +@@ -41,22 +66,46 @@ static int unlinkat_harder( + if (errno != EACCES || !FLAGS_SET(remove_flags, REMOVE_CHMOD)) + return -errno; + +- if (fstat(dfd, &st) < 0) +- return -errno; +- if (!S_ISDIR(st.st_mode)) +- return -ENOTDIR; +- if (FLAGS_SET(st.st_mode, 0700)) /* Already set? */ +- return -EACCES; /* original error */ +- if (st.st_uid != geteuid()) /* this only works if the UID matches ours */ +- return -EACCES; +- +- if (fchmod(dfd, (st.st_mode | 0700) & 07777) < 0) +- return -errno; ++ r = patch_dirfd_mode(dfd, &old_mode); ++ if (r < 0) ++ return r; + + if (unlinkat(dfd, filename, unlink_flags) < 0) { + r = -errno; + /* Try to restore the original access mode if this didn't work */ +- (void) fchmod(dfd, st.st_mode & 07777); ++ (void) fchmod(dfd, old_mode); ++ return r; ++ } ++ ++ /* If this worked, we won't reset the old mode, since we'll need it for other entries too, and we ++ * should destroy the whole thing */ ++ return 0; ++} ++ ++static int fstatat_harder( ++ int dfd, ++ const char *filename, ++ struct stat *ret, ++ int fstatat_flags, ++ RemoveFlags remove_flags) { ++ ++ mode_t old_mode; ++ int r; ++ ++ /* Like unlink_harder() but does the same for fstatat() */ ++ ++ if (fstatat(dfd, filename, ret, fstatat_flags) >= 0) ++ return 0; ++ if (errno != EACCES || !FLAGS_SET(remove_flags, REMOVE_CHMOD)) ++ return -errno; ++ ++ r = patch_dirfd_mode(dfd, &old_mode); ++ if (r < 0) ++ return r; ++ ++ if (fstatat(dfd, filename, ret, fstatat_flags) < 0) { ++ r = -errno; ++ (void) fchmod(dfd, old_mode); + return r; + } + +@@ -112,9 +161,10 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { + + if (de->d_type == DT_UNKNOWN || + (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) { +- if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; ++ r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags); ++ if (r < 0) { ++ if (ret == 0 && r != -ENOENT) ++ ret = r; + continue; + } + diff --git a/debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch b/debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch new file mode 100644 index 0000000..66a1ef5 --- /dev/null +++ b/debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch @@ -0,0 +1,39 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 5 Oct 2021 10:32:56 +0200 +Subject: rm-rf: optionally fsync() after removing directory tree + +(cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2) +(cherry picked from commit 2426beacca09d84091759be45b25c88116302184) +(cherry picked from commit 0e180f8e9c25c707b0465ad1b9447a4360f785f1) +(cherry picked from commit 9a9c2220cd3cb61c2de9c482f8ed7fa60807b14a) +--- + src/basic/rm-rf.c | 3 +++ + src/basic/rm-rf.h | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index f1b8445..cf671c2 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -249,6 +249,9 @@ int rm_rf_children( + ret = r; + } + ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) ++ ret = -errno; ++ + return ret; + } + +diff --git a/src/basic/rm-rf.h b/src/basic/rm-rf.h +index b0d5b63..2619fc5 100644 +--- a/src/basic/rm-rf.h ++++ b/src/basic/rm-rf.h +@@ -12,6 +12,7 @@ typedef enum RemoveFlags { + REMOVE_SUBVOLUME = 1 << 3, /* Drop btrfs subvolumes in the tree too */ + REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ + REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete something */ ++ REMOVE_SYNCFS = 1 << 6, /* syncfs() the root of the specified directory after removing everything in it */ + } RemoveFlags; + + int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); diff --git a/debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch b/debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch new file mode 100644 index 0000000..8692c2f --- /dev/null +++ b/debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch @@ -0,0 +1,320 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 26 Jan 2021 16:30:06 +0100 +Subject: rm-rf: refactor rm_rf_children(), + split out body of directory iteration loop + +This splits out rm_rf_children_inner() as body of the loop. We can use +that to implement rm_rf_child() for deleting one specific entry in a +directory. + +(cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74) +(cherry picked from commit ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab) +(cherry picked from commit 85ccac3393e78d4bf2776ffb8c3a1d8a2a909a2a) +(cherry picked from commit a87d7ff1a60fe359978e12eb34224255a8f33e27) +--- + src/basic/rm-rf.c | 223 +++++++++++++++++++++++++++++++----------------------- + src/basic/rm-rf.h | 3 +- + 2 files changed, 131 insertions(+), 95 deletions(-) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index 2f2ebc3..f1b8445 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -19,6 +19,9 @@ + #include "stat-util.h" + #include "string-util.h" + ++/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after ++ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove ++ * those again. */ + static bool is_physical_fs(const struct statfs *sfs) { + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); + } +@@ -112,133 +115,145 @@ static int fstatat_harder( + return 0; + } + +-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { +- _cleanup_closedir_ DIR *d = NULL; +- struct dirent *de; +- int ret = 0, r; +- struct statfs sfs; ++static int rm_rf_children_inner( ++ int fd, ++ const char *fname, ++ int is_dir, ++ RemoveFlags flags, ++ const struct stat *root_dev) { + +- assert(fd >= 0); ++ struct stat st; ++ int r; + +- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed +- * fd, in all cases, including on failure.. */ ++ assert(fd >= 0); ++ assert(fname); + +- if (!(flags & REMOVE_PHYSICAL)) { ++ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { + +- r = fstatfs(fd, &sfs); +- if (r < 0) { +- safe_close(fd); +- return -errno; +- } ++ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); ++ if (r < 0) ++ return r; + +- if (is_physical_fs(&sfs)) { +- /* We refuse to clean physical file systems with this call, +- * unless explicitly requested. This is extra paranoia just +- * to be sure we never ever remove non-state data. */ +- _cleanup_free_ char *path = NULL; ++ is_dir = S_ISDIR(st.st_mode); ++ } + +- (void) fd_get_path(fd, &path); +- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.", +- strna(path)); ++ if (is_dir) { ++ _cleanup_close_ int subdir_fd = -1; ++ int q; + +- safe_close(fd); +- return -EPERM; +- } +- } ++ /* if root_dev is set, remove subdirectories only if device is same */ ++ if (root_dev && st.st_dev != root_dev->st_dev) ++ return 0; + +- d = fdopendir(fd); +- if (!d) { +- safe_close(fd); +- return errno == ENOENT ? 0 : -errno; +- } ++ /* Stop at mount points */ ++ r = fd_is_mount_point(fd, fname, 0); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ return 0; + +- FOREACH_DIRENT_ALL(de, d, return -errno) { +- bool is_dir; +- struct stat st; ++ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { + +- if (dot_or_dot_dot(de->d_name)) +- continue; ++ /* This could be a subvolume, try to remove it */ + +- if (de->d_type == DT_UNKNOWN || +- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) { +- r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags); ++ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); + if (r < 0) { +- if (ret == 0 && r != -ENOENT) +- ret = r; +- continue; +- } ++ if (!IN_SET(r, -ENOTTY, -EINVAL)) ++ return r; + +- is_dir = S_ISDIR(st.st_mode); +- } else +- is_dir = de->d_type == DT_DIR; ++ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ ++ } else ++ /* It was a subvolume, done. */ ++ return 1; ++ } + +- if (is_dir) { +- _cleanup_close_ int subdir_fd = -1; ++ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (subdir_fd < 0) ++ return -errno; + +- /* if root_dev is set, remove subdirectories only if device is same */ +- if (root_dev && st.st_dev != root_dev->st_dev) +- continue; ++ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type ++ * again for each directory */ ++ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); + +- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (subdir_fd < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- continue; +- } ++ r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); ++ if (r < 0) ++ return r; ++ if (q < 0) ++ return q; + +- /* Stop at mount points */ +- r = fd_is_mount_point(fd, de->d_name, 0); +- if (r < 0) { +- if (ret == 0 && r != -ENOENT) +- ret = r; ++ return 1; + +- continue; +- } +- if (r > 0) +- continue; ++ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { ++ r = unlinkat_harder(fd, fname, 0, flags); ++ if (r < 0) ++ return r; + +- if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { ++ return 1; ++ } + +- /* This could be a subvolume, try to remove it */ ++ return 0; ++} + +- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); +- if (r < 0) { +- if (!IN_SET(r, -ENOTTY, -EINVAL)) { +- if (ret == 0) +- ret = r; ++int rm_rf_children( ++ int fd, ++ RemoveFlags flags, ++ const struct stat *root_dev) { + +- continue; +- } ++ _cleanup_closedir_ DIR *d = NULL; ++ struct dirent *de; ++ int ret = 0, r; + +- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ +- } else +- /* It was a subvolume, continue. */ +- continue; +- } ++ assert(fd >= 0); ++ ++ /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed ++ * fd, in all cases, including on failure. */ ++ ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } + +- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file +- * system type again for each directory */ +- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); +- if (r < 0 && ret == 0) +- ret = r; ++ if (!(flags & REMOVE_PHYSICAL)) { ++ struct statfs sfs; + +- r = unlinkat_harder(fd, de->d_name, AT_REMOVEDIR, flags); +- if (r < 0 && r != -ENOENT && ret == 0) +- ret = r; ++ if (fstatfs(dirfd(d), &sfs) < 0) ++ return -errno; ++ ++ if (is_physical_fs(&sfs)) { ++ /* We refuse to clean physical file systems with this call, unless explicitly ++ * requested. This is extra paranoia just to be sure we never ever remove non-state ++ * data. */ + +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { ++ _cleanup_free_ char *path = NULL; + +- r = unlinkat_harder(fd, de->d_name, 0, flags); +- if (r < 0 && r != -ENOENT && ret == 0) +- ret = r; ++ (void) fd_get_path(fd, &path); ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", ++ strna(path)); + } + } ++ ++ FOREACH_DIRENT_ALL(de, d, return -errno) { ++ int is_dir; ++ ++ if (dot_or_dot_dot(de->d_name)) ++ continue; ++ ++ is_dir = ++ de->d_type == DT_UNKNOWN ? -1 : ++ de->d_type == DT_DIR; ++ ++ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); ++ if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ } ++ + return ret; + } + + int rm_rf(const char *path, RemoveFlags flags) { + int fd, r; +- struct statfs s; + + assert(path); + +@@ -283,9 +298,10 @@ int rm_rf(const char *path, RemoveFlags flags) { + if (FLAGS_SET(flags, REMOVE_ROOT)) { + + if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { ++ struct statfs s; ++ + if (statfs(path, &s) < 0) + return -errno; +- + if (is_physical_fs(&s)) + return log_error_errno(SYNTHETIC_ERRNO(EPERM), + "Attempted to remove files from a disk file system under \"%s\", refusing.", +@@ -313,3 +329,22 @@ int rm_rf(const char *path, RemoveFlags flags) { + + return r; + } ++ ++int rm_rf_child(int fd, const char *name, RemoveFlags flags) { ++ ++ /* Removes one specific child of the specified directory */ ++ ++ if (fd < 0) ++ return -EBADF; ++ ++ if (!filename_is_valid(name)) ++ return -EINVAL; ++ ++ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */ ++ return -EINVAL; ++ ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) ++ return -EINVAL; ++ ++ return rm_rf_children_inner(fd, name, -1, flags, NULL); ++} +diff --git a/src/basic/rm-rf.h b/src/basic/rm-rf.h +index ec56232..b0d5b63 100644 +--- a/src/basic/rm-rf.h ++++ b/src/basic/rm-rf.h +@@ -14,7 +14,8 @@ typedef enum RemoveFlags { + REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete something */ + } RemoveFlags; + +-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev); ++int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); ++int rm_rf_child(int fd, const char *name, RemoveFlags flags); + int rm_rf(const char *path, RemoveFlags flags); + + /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */ diff --git a/debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch b/debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch new file mode 100644 index 0000000..d338f49 --- /dev/null +++ b/debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch @@ -0,0 +1,41 @@ +From: Vincent Pelletier <plr.vincent@gmail.com> +Date: Sat, 27 Feb 2021 00:17:06 +0000 +Subject: rules: Move ID_SMARTCARD_READER definition to a <70 configuration. + +70-uaccess.rules sets the uaccess tag on devices with ID_SMARTCARD_READER +set, but it is set in 99-systemd.rules . +Move this to a 60-*.rules which already matches USB CCID class, factorising +the matching, so 70-uaccess.rules sets up these devices as expected. + +(cherry picked from commit dbdcd51f78bde5e9033d98d61bbb750c868bde9d) +--- + rules.d/60-fido-id.rules | 3 ++- + rules.d/99-systemd.rules.in | 1 - + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rules.d/60-fido-id.rules b/rules.d/60-fido-id.rules +index c7d5d2f..48c259e 100644 +--- a/rules.d/60-fido-id.rules ++++ b/rules.d/60-fido-id.rules +@@ -7,7 +7,8 @@ SUBSYSTEM=="hidraw", IMPORT{program}="fido_id" + # Tag any form of security token as such + ENV{ID_SECURITY_TOKEN}=="1", TAG+="security-device" + ++SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1" + # Tag any CCID device (i.e. Smartcard Reader) as security token +-SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="0b", TAG+="security-device" ++ENV{ID_SMARTCARD_READER}=="1", TAG+="security-device" + + LABEL="fido_id_end" +diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in +index 7c22eef..0abca6e 100644 +--- a/rules.d/99-systemd.rules.in ++++ b/rules.d/99-systemd.rules.in +@@ -49,7 +49,6 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys + SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k", \ + ENV{SYSTEMD_WANTS}+="bluetooth.target", ENV{SYSTEMD_USER_WANTS}+="bluetooth.target" + +-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1" + ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target", ENV{SYSTEMD_USER_WANTS}+="smartcard.target" + SUBSYSTEM=="sound", KERNEL=="controlC*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target", ENV{SYSTEMD_USER_WANTS}+="sound.target" + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..f81d7b4 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,66 @@ +Add-helper-for-case-independent-string-equality-checks.patch +localed-Run-locale-gen-if-available-to-generate-missing-l.patch +core-fix-mtime-calculation-of-dropin-files.patch +analyze-slightly-reword-PrivateTmp-message.patch +rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch +table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch +pkg-config-make-prefix-overridable-again.patch +LoadCredentials-do-not-assert-on-invalid-syntax.patch +network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch +unit-name-generate-a-clear-error-code-when-convertin.patch +basic-unit-name-do-not-use-strdupa-on-a-path.patch +basic-unit-name-adjust-comments.patch +udevadm-trigger-do-not-return-immediately-on-EACCES.patch +btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch +rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch +rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch +rm-rf-optionally-fsync-after-removing-directory-tree.patch +tmpfiles-st-may-have-been-used-uninitialized.patch +shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch +shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch +shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch +basic-add-make_mount_point_inode-helper.patch +machine-basic-factor-out-helper-function-to-add-airlocked.patch +machine-adjust-error-message-to-use-normalized-instead-of.patch +shared-mount-util-use-namespace_fork-utils.patch +machine-enter-target-PID-namespace-when-adding-a-live-mou.patch +Drop-bundled-copy-of-linux-if_arp.h.patch +virt-Support-detection-for-ARM64-Hyper-V-guests.patch +virt-Fix-the-detection-for-Hyper-V-VMs.patch +virt-detect-OpenStack-Nova-instance.patch +ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch +udev-always-create-device-symlinks-for-USB-disks.patch +Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch +udev-first-set-properties-based-on-usb-subsystem.patch +logind-fix-getting-property-OnExternalPower-via-D-Bus.patch +coredump-do-not-allow-user-to-access-coredumps-with-chang.patch +time-util-fix-buffer-over-run.patch +machined-varlink-fix-double-free.patch +Always-free-deserialized_subscribed-on-reload.patch +shared-calendarspec-abort-calculation-after-1000-iteratio.patch +shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch +debian/Use-Debian-specific-config-files.patch +debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch +debian/Make-run-lock-tmpfs-an-API-fs.patch +debian/Add-support-for-TuxOnIce-hibernation.patch +debian/Re-enable-journal-forwarding-to-syslog.patch +debian/Don-t-enable-audit-by-default.patch +debian/Only-start-logind-if-dbus-is-installed.patch +debian/fsckd-daemon-for-inter-fsckd-communication.patch +debian/Skip-filesystem-check-if-already-done-by-the-initram.patch +debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch +debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch +debian/Let-graphical-session-pre.target-be-manually-started.patch +debian/Add-env-variable-for-machine-ID-path.patch +debian/Drop-seccomp-system-call-filter-for-udev.patch +debian/deny-list-upstream-test-25.patch +debian/deny-list-upstream-test-02-ppc64el.patch +debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch +debian/Keep-journal-files-compatible-with-older-versions.patch +debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch +debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch +debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch +debian/Downgrade-a-couple-of-warnings-to-debug.patch +debian/Revert-udev-fix-memleak.patch +debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch +debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch diff --git a/debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch b/debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch new file mode 100644 index 0000000..49562a7 --- /dev/null +++ b/debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch @@ -0,0 +1,55 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sun, 21 Mar 2021 20:59:32 +0100 +Subject: shared/calendarspec: abort calculation after 1000 iterations + +We have a bug where we seem to enter an infinite loop when running in the +Europe/Dublin timezone. The timezone is "special" because it has negative SAVE +values. The handling of this should obviously be fixed, but let's use a +belt-and-suspenders approach, and gracefully fail if we fail to find an answer +within a specific number of attempts. The code in this function is rather +complex, and it's hard to rule out another bug in the future. + +(cherry picked from commit 169615c9a8cdc54d748d4dfc8279be9b3c2bec44) +--- + src/shared/calendarspec.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c +index 7162592..80acc57 100644 +--- a/src/shared/calendarspec.c ++++ b/src/shared/calendarspec.c +@@ -1211,6 +1211,10 @@ static bool matches_weekday(int weekdays_bits, const struct tm *tm, bool utc) { + return (weekdays_bits & (1 << k)); + } + ++/* A safety valve: if we get stuck in the calculation, return an error. ++ * C.f. https://bugzilla.redhat.com/show_bug.cgi?id=1941335. */ ++#define MAX_CALENDAR_ITERATIONS 1000 ++ + static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { + struct tm c; + int tm_usec; +@@ -1224,7 +1228,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { + c = *tm; + tm_usec = *usec; + +- for (;;) { ++ for (unsigned iteration = 0; iteration < MAX_CALENDAR_ITERATIONS; iteration++) { + /* Normalize the current date */ + (void) mktime_or_timegm(&c, spec->utc); + c.tm_isdst = spec->dst; +@@ -1321,6 +1325,14 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { + *usec = tm_usec; + return 0; + } ++ ++ /* It seems we entered an infinite loop. Let's gracefully return an error instead of hanging or ++ * aborting. This code is also exercised when timers.target is brought up during early boot, so ++ * aborting here is problematic and hard to diagnose for users. */ ++ _cleanup_free_ char *s = NULL; ++ (void) calendar_spec_to_string(spec, &s); ++ return log_warning_errno(SYNTHETIC_ERRNO(EDEADLK), ++ "Infinite loop in calendar calculation: %s", strna(s)); + } + + static int calendar_spec_next_usec_impl(const CalendarSpec *spec, usec_t usec, usec_t *ret_next) { diff --git a/debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch b/debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch new file mode 100644 index 0000000..9503c1e --- /dev/null +++ b/debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch @@ -0,0 +1,105 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 22 Mar 2021 12:51:47 +0100 +Subject: shared/calendarspec: when mktime() moves us backwards, jump forward +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +When trying to calculate the next firing of 'Sun *-*-* 01:00:00', we'd fall +into an infinite loop, because mktime() moves us "backwards": + +Before this patch: +tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00 +tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00 +tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00 +... + +We rely on mktime() normalizing the time. The man page does not say that it'll +move the time forward, but our algorithm relies on this. So let's catch this +case explicitly. + +With this patch: +$ TZ=Europe/Dublin faketime 2021-03-21 build/systemd-analyze calendar --iterations=5 'Sun *-*-* 01:00:00' +Normalized form: Sun *-*-* 01:00:00 + Next elapse: Sun 2021-03-21 01:00:00 GMT + (in UTC): Sun 2021-03-21 01:00:00 UTC + From now: 59min left + Iter. #2: Sun 2021-04-04 01:00:00 IST + (in UTC): Sun 2021-04-04 00:00:00 UTC + From now: 1 weeks 6 days left <---- note the 2 week jump here + Iter. #3: Sun 2021-04-11 01:00:00 IST + (in UTC): Sun 2021-04-11 00:00:00 UTC + From now: 2 weeks 6 days left + Iter. #4: Sun 2021-04-18 01:00:00 IST + (in UTC): Sun 2021-04-18 00:00:00 UTC + From now: 3 weeks 6 days left + Iter. #5: Sun 2021-04-25 01:00:00 IST + (in UTC): Sun 2021-04-25 00:00:00 UTC + From now: 1 months 4 days left + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1941335. + +(cherry picked from commit 129cb6e249bef30dc33e08f98f0b27a6de976f6f) +--- + src/shared/calendarspec.c | 19 +++++++++++-------- + src/test/test-calendarspec.c | 3 +++ + test/test-functions | 1 + + 3 files changed, 15 insertions(+), 8 deletions(-) + +diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c +index 80acc57..c8d97c3 100644 +--- a/src/shared/calendarspec.c ++++ b/src/shared/calendarspec.c +@@ -1185,15 +1185,18 @@ static int tm_within_bounds(struct tm *tm, bool utc) { + return negative_errno(); + + /* Did any normalization take place? If so, it was out of bounds before */ +- bool good = t.tm_year == tm->tm_year && +- t.tm_mon == tm->tm_mon && +- t.tm_mday == tm->tm_mday && +- t.tm_hour == tm->tm_hour && +- t.tm_min == tm->tm_min && +- t.tm_sec == tm->tm_sec; +- if (!good) ++ int cmp = CMP(t.tm_year, tm->tm_year) ?: ++ CMP(t.tm_mon, tm->tm_mon) ?: ++ CMP(t.tm_mday, tm->tm_mday) ?: ++ CMP(t.tm_hour, tm->tm_hour) ?: ++ CMP(t.tm_min, tm->tm_min) ?: ++ CMP(t.tm_sec, tm->tm_sec); ++ ++ if (cmp < 0) ++ return -EDEADLK; /* Refuse to go backward */ ++ if (cmp > 0) + *tm = t; +- return good; ++ return cmp == 0; + } + + static bool matches_weekday(int weekdays_bits, const struct tm *tm, bool utc) { +diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c +index e0b7f22..1b04186 100644 +--- a/src/test/test-calendarspec.c ++++ b/src/test/test-calendarspec.c +@@ -218,6 +218,9 @@ int main(int argc, char* argv[]) { + // Confirm that timezones in the Spec work regardless of current timezone + test_next("2017-09-09 20:42:00 Pacific/Auckland", "", 12345, 1504946520000000); + test_next("2017-09-09 20:42:00 Pacific/Auckland", "EET", 12345, 1504946520000000); ++ /* Check that we don't start looping if mktime() moves us backwards */ ++ test_next("Sun *-*-* 01:00:00 Europe/Dublin", "", 1616412478000000, 1617494400000000); ++ test_next("Sun *-*-* 01:00:00 Europe/Dublin", "IST", 1616412478000000, 1617494400000000); + + assert_se(calendar_spec_from_string("test", &c) < 0); + assert_se(calendar_spec_from_string(" utc", &c) < 0); +diff --git a/test/test-functions b/test/test-functions +index 52b52bf..beaf4fa 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1120,6 +1120,7 @@ install_zoneinfo() { + inst_any /usr/share/zoneinfo/Asia/Vladivostok + inst_any /usr/share/zoneinfo/Australia/Sydney + inst_any /usr/share/zoneinfo/Europe/Berlin ++ inst_any /usr/share/zoneinfo/Europe/Dublin + inst_any /usr/share/zoneinfo/Europe/Kiev + inst_any /usr/share/zoneinfo/Pacific/Auckland + inst_any /usr/share/zoneinfo/Pacific/Honolulu diff --git a/debian/patches/shared-mount-util-use-namespace_fork-utils.patch b/debian/patches/shared-mount-util-use-namespace_fork-utils.patch new file mode 100644 index 0000000..f870a3e --- /dev/null +++ b/debian/patches/shared-mount-util-use-namespace_fork-utils.patch @@ -0,0 +1,92 @@ +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 13 Aug 2020 14:47:01 +0100 +Subject: shared/mount-util: use namespace_fork utils + +(cherry picked from commit 2338a175fdec3859eab03115ca82a0d58453f5d7) +--- + src/shared/mount-util.c | 40 ++++++++++++++++++++++++---------------- + 1 file changed, 24 insertions(+), 16 deletions(-) + +diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c +index 4cfbb55..368c5f0 100644 +--- a/src/shared/mount-util.c ++++ b/src/shared/mount-util.c +@@ -17,6 +17,7 @@ + #include "mkdir.h" + #include "mount-util.h" + #include "mountpoint-util.h" ++#include "namespace-util.h" + #include "parse-util.h" + #include "path-util.h" + #include "process-util.h" +@@ -756,12 +757,13 @@ int bind_mount_in_namespace( + bool make_file_or_directory) { + + _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 }; ++ _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1; + char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p; + bool mount_slave_created = false, mount_slave_mounted = false, + mount_tmp_created = false, mount_tmp_mounted = false, + mount_outside_created = false, mount_outside_mounted = false; + _cleanup_free_ char *chased_src = NULL; +- struct stat st; ++ struct stat st, self_mntns_st; + pid_t child; + int r; + +@@ -771,6 +773,24 @@ int bind_mount_in_namespace( + assert(src); + assert(dest); + ++ r = namespace_open(target, NULL, &mntns_fd, NULL, NULL, &root_fd); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m"); ++ ++ if (fstat(mntns_fd, &st) < 0) ++ return log_debug_errno(errno, "Failed to fstat mount namespace FD of target process: %m"); ++ ++ r = namespace_open(0, NULL, &self_mntns_fd, NULL, NULL, NULL); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to retrieve FDs of systemd's namespace: %m"); ++ ++ if (fstat(self_mntns_fd, &self_mntns_st) < 0) ++ return log_debug_errno(errno, "Failed to fstat mount namespace FD of systemd: %m"); ++ ++ /* We can't add new mounts at runtime if the process wasn't started in a namespace */ ++ if (st.st_ino == self_mntns_st.st_ino && st.st_dev == self_mntns_st.st_dev) ++ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to activate bind mount in target, not running in a mount namespace"); ++ + /* One day, when bind mounting /proc/self/fd/n works across + * namespace boundaries we should rework this logic to make + * use of it... */ +@@ -877,27 +897,15 @@ int bind_mount_in_namespace( + goto finish; + } + +- r = safe_fork("(sd-bindmnt)", FORK_RESET_SIGNALS, &child); ++ r = namespace_fork("(sd-bindmnt)", "(sd-bindmnt-inner)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, ++ -1, mntns_fd, -1, -1, root_fd, &child); + if (r < 0) + goto finish; + if (r == 0) { +- const char *mount_inside, *q; +- int mntfd; ++ const char *mount_inside; + + errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); + +- q = procfs_file_alloca(target, "ns/mnt"); +- mntfd = open(q, O_RDONLY|O_NOCTTY|O_CLOEXEC); +- if (mntfd < 0) { +- r = log_error_errno(errno, "Failed to open mount namespace of leader: %m"); +- goto child_fail; +- } +- +- if (setns(mntfd, CLONE_NEWNS) < 0) { +- r = log_error_errno(errno, "Failed to join namespace of leader: %m"); +- goto child_fail; +- } +- + if (make_file_or_directory) { + (void) mkdir_parents(dest, 0755); + (void) make_mount_point_inode_from_stat(&st, dest, 0700); diff --git a/debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch b/debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch new file mode 100644 index 0000000..5ab54bf --- /dev/null +++ b/debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch @@ -0,0 +1,264 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 30 Nov 2021 22:29:05 +0100 +Subject: shared/rm-rf: loop over nested directories instead of instead of + recursing + +To remove directory structures, we need to remove the innermost items first, +and then recursively remove higher-level directories. We would recursively +descend into directories and invoke rm_rf_children and rm_rm_children_inner. +This is problematic when too many directories are nested. + +Instead, let's create a "TODO" queue. In the the queue, for each level we +hold the DIR* object we were working on, and the name of the directory. This +allows us to leave a partially-processed directory, and restart the removal +loop one level down. When done with the inner directory, we use the name to +unlinkat() it from the parent, and proceed with the removal of other items. + +Because the nesting is increased by one level, it is best to view this patch +with -b/--ignore-space-change. + +This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. +The issue was reported and patches reviewed by Qualys Team. +Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. + +(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1) +(cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105) +(cherry picked from commit 6a28f8b55904c818b25e4db2e1511faac79fd471) +(cherry picked from commit c752f27b7647c99b4a17477c99d84fd8c950ddf0) +(cherry picked from commit 921810ea23357988ce67f49190f43abef1788a9c) +--- + src/basic/rm-rf.c | 160 ++++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 113 insertions(+), 47 deletions(-) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index 2901307..77ffed9 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -115,12 +115,13 @@ static int fstatat_harder( + return 0; + } + +-static int rm_rf_children_inner( ++static int rm_rf_inner_child( + int fd, + const char *fname, + int is_dir, + RemoveFlags flags, +- const struct stat *root_dev) { ++ const struct stat *root_dev, ++ bool allow_recursion) { + + struct stat st; + int r, q = 0; +@@ -140,9 +141,7 @@ static int rm_rf_children_inner( + } + + if (is_dir) { +- _cleanup_close_ int subdir_fd = -1; +- +- /* if root_dev is set, remove subdirectories only if device is same */ ++ /* If root_dev is set, remove subdirectories only if device is same */ + if (root_dev && st.st_dev != root_dev->st_dev) + return 0; + +@@ -154,7 +153,6 @@ static int rm_rf_children_inner( + return 0; + + if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { +- + /* This could be a subvolume, try to remove it */ + + r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); +@@ -168,13 +166,16 @@ static int rm_rf_children_inner( + return 1; + } + +- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (!allow_recursion) ++ return -EISDIR; ++ ++ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); + if (subdir_fd < 0) + return -errno; + + /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type + * again for each directory */ +- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); ++ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); + + } else if (flags & REMOVE_ONLY_DIRECTORIES) + return 0; +@@ -187,63 +188,128 @@ static int rm_rf_children_inner( + return 1; + } + ++typedef struct TodoEntry { ++ DIR *dir; /* A directory that we were operating on. */ ++ char *dirname; /* The filename of that directory itself. */ ++} TodoEntry; ++ ++static void free_todo_entries(TodoEntry **todos) { ++ for (TodoEntry *x = *todos; x && x->dir; x++) { ++ closedir(x->dir); ++ free(x->dirname); ++ } ++ ++ freep(todos); ++} ++ + int rm_rf_children( + int fd, + RemoveFlags flags, + const struct stat *root_dev) { + +- _cleanup_closedir_ DIR *d = NULL; +- struct dirent *de; ++ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; ++ size_t n_todo = 0, n_todo_alloc = 0; ++ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ + int ret = 0, r; + +- assert(fd >= 0); ++ /* Return the first error we run into, but nevertheless try to go on. ++ * The passed fd is closed in all cases, including on failure. */ ++ ++ for (;;) { /* This loop corresponds to the directory nesting level. */ ++ _cleanup_closedir_ DIR *d = NULL; ++ ++ if (n_todo > 0) { ++ /* We know that we are in recursion here, because n_todo is set. ++ * We need to remove the inner directory we were operating on. */ ++ assert(dirname); ++ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags); ++ if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ dirname = mfree(dirname); ++ ++ /* And now let's back out one level up */ ++ n_todo --; ++ d = TAKE_PTR(todos[n_todo].dir); ++ dirname = TAKE_PTR(todos[n_todo].dirname); ++ ++ assert(d); ++ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ ++ assert(fd >= 0); ++ } else { ++ next_fd: ++ assert(fd >= 0); ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } ++ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have ++ * the right descriptor even if it were to internally invalidate the ++ * one we passed. */ ++ ++ if (!(flags & REMOVE_PHYSICAL)) { ++ struct statfs sfs; ++ ++ if (fstatfs(fd, &sfs) < 0) ++ return -errno; ++ ++ if (is_physical_fs(&sfs)) { ++ /* We refuse to clean physical file systems with this call, unless ++ * explicitly requested. This is extra paranoia just to be sure we ++ * never ever remove non-state data. */ ++ ++ _cleanup_free_ char *path = NULL; ++ ++ (void) fd_get_path(fd, &path); ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", ++ strna(path)); ++ } ++ } ++ } + +- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed +- * fd, in all cases, including on failure. */ ++ struct dirent *de; ++ FOREACH_DIRENT_ALL(de, d, return -errno) { ++ int is_dir; + +- d = fdopendir(fd); +- if (!d) { +- safe_close(fd); +- return -errno; +- } ++ if (dot_or_dot_dot(de->d_name)) ++ continue; + +- if (!(flags & REMOVE_PHYSICAL)) { +- struct statfs sfs; ++ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; + +- if (fstatfs(dirfd(d), &sfs) < 0) +- return -errno; ++ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); ++ if (r == -EISDIR) { ++ /* Push the current working state onto the todo list */ + +- if (is_physical_fs(&sfs)) { +- /* We refuse to clean physical file systems with this call, unless explicitly +- * requested. This is extra paranoia just to be sure we never ever remove non-state +- * data. */ ++ if (!GREEDY_REALLOC0(todos, n_todo_alloc, n_todo + 2)) ++ return log_oom(); + +- _cleanup_free_ char *path = NULL; ++ _cleanup_free_ char *newdirname = strdup(de->d_name); ++ if (!newdirname) ++ return log_oom(); + +- (void) fd_get_path(fd, &path); +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), +- "Attempted to remove disk file system under \"%s\", and we can't allow that.", +- strna(path)); +- } +- } ++ int newfd = openat(fd, de->d_name, ++ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (newfd >= 0) { ++ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; ++ fd = newfd; ++ dirname = TAKE_PTR(newdirname); + +- FOREACH_DIRENT_ALL(de, d, return -errno) { +- int is_dir; ++ goto next_fd; + +- if (dot_or_dot_dot(de->d_name)) +- continue; ++ } else if (errno != -ENOENT && ret == 0) ++ ret = -errno; + +- is_dir = +- de->d_type == DT_UNKNOWN ? -1 : +- de->d_type == DT_DIR; ++ } else if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ } + +- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); +- if (r < 0 && r != -ENOENT && ret == 0) +- ret = r; +- } ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) ++ ret = -errno; + +- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) +- ret = -errno; ++ if (n_todo == 0) ++ break; ++ } + + return ret; + } +@@ -336,5 +402,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) { + if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) + return -EINVAL; + +- return rm_rf_children_inner(fd, name, -1, flags, NULL); ++ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); + } diff --git a/debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch b/debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch new file mode 100644 index 0000000..6f1d1c0 --- /dev/null +++ b/debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch @@ -0,0 +1,99 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 23 Nov 2021 16:56:42 +0100 +Subject: shared/rm_rf: refactor rm_rf() to shorten code a bit + +(cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69) +(cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3) +(cherry picked from commit 811b137d6137cc3e8932599e6ef9254ba43ff5eb) +(cherry picked from commit 39a53d4f1445a8981efd0adcc1734dfad46647c5) +(cherry picked from commit aaad978868bd6ac84d463a94357ddcbc43b24248) +--- + src/basic/rm-rf.c | 54 ++++++++++++++++++++++++------------------------------ + 1 file changed, 24 insertions(+), 30 deletions(-) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index 343a097..2901307 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -249,7 +249,7 @@ int rm_rf_children( + } + + int rm_rf(const char *path, RemoveFlags flags) { +- int fd, r; ++ int fd, r, q = 0; + + assert(path); + +@@ -281,49 +281,43 @@ int rm_rf(const char *path, RemoveFlags flags) { + } + + fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (fd < 0) { ++ if (fd >= 0) { ++ /* We have a dir */ ++ r = rm_rf_children(fd, flags, NULL); ++ ++ if (FLAGS_SET(flags, REMOVE_ROOT) && rmdir(path) < 0) ++ q = -errno; ++ } else { + if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) + return 0; + + if (!IN_SET(errno, ENOTDIR, ELOOP)) + return -errno; + +- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) + return 0; + +- if (FLAGS_SET(flags, REMOVE_ROOT)) { +- +- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { +- struct statfs s; +- +- if (statfs(path, &s) < 0) +- return -errno; +- if (is_physical_fs(&s)) +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), +- "Attempted to remove files from a disk file system under \"%s\", refusing.", +- path); +- } +- +- if (unlink(path) < 0) { +- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) +- return 0; ++ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { ++ struct statfs s; + ++ if (statfs(path, &s) < 0) + return -errno; +- } ++ if (is_physical_fs(&s)) ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove files from a disk file system under \"%s\", refusing.", ++ path); + } + +- return 0; ++ r = 0; ++ if (unlink(path) < 0) ++ q = -errno; + } + +- r = rm_rf_children(fd, flags, NULL); +- +- if (FLAGS_SET(flags, REMOVE_ROOT) && +- rmdir(path) < 0 && +- r >= 0 && +- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) +- r = -errno; +- +- return r; ++ if (r < 0) ++ return r; ++ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) ++ return q; ++ return 0; + } + + int rm_rf_child(int fd, const char *name, RemoveFlags flags) { diff --git a/debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch b/debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch new file mode 100644 index 0000000..7a7f85a --- /dev/null +++ b/debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch @@ -0,0 +1,66 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 23 Nov 2021 15:55:45 +0100 +Subject: shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit + +(cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11) +(cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a) +(cherry picked from commit 89395b63f04f1acc0db533c32637ea20379f97c0) +(cherry picked from commit 3976f244990aa1210ebe018647f32ab060e1c3d3) +(cherry picked from commit 988e43630bb7592947c75fe530a6f7dfebc00c4f) +--- + src/basic/rm-rf.c | 27 +++++++++------------------ + 1 file changed, 9 insertions(+), 18 deletions(-) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index a78aa4f..343a097 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -123,7 +123,7 @@ static int rm_rf_children_inner( + const struct stat *root_dev) { + + struct stat st; +- int r; ++ int r, q = 0; + + assert(fd >= 0); + assert(fname); +@@ -141,7 +141,6 @@ static int rm_rf_children_inner( + + if (is_dir) { + _cleanup_close_ int subdir_fd = -1; +- int q; + + /* if root_dev is set, remove subdirectories only if device is same */ + if (root_dev && st.st_dev != root_dev->st_dev) +@@ -177,23 +176,15 @@ static int rm_rf_children_inner( + * again for each directory */ + q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); + +- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); +- if (r < 0) +- return r; +- if (q < 0) +- return q; +- +- return 1; +- +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { +- r = unlinkat_harder(fd, fname, 0, flags); +- if (r < 0) +- return r; +- +- return 1; +- } ++ } else if (flags & REMOVE_ONLY_DIRECTORIES) ++ return 0; + +- return 0; ++ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags); ++ if (r < 0) ++ return r; ++ if (q < 0) ++ return q; ++ return 1; + } + + int rm_rf_children( diff --git a/debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch b/debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch new file mode 100644 index 0000000..fea1aec --- /dev/null +++ b/debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch @@ -0,0 +1,167 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 2 Feb 2021 01:47:58 +0900 +Subject: table: drop trailing white spaces of the last cell in row + +Fixes #18415. + +(cherry picked from commit 71894e18313e41a72cecdc77fea5037f95d6903f) +--- + src/shared/format-table.c | 6 ++++++ + src/test/test-format-table.c | 40 ++++++++++++++++++++-------------------- + 2 files changed, 26 insertions(+), 20 deletions(-) + +diff --git a/src/shared/format-table.c b/src/shared/format-table.c +index a13a198..2dc95e9 100644 +--- a/src/shared/format-table.c ++++ b/src/shared/format-table.c +@@ -2155,6 +2155,12 @@ int table_print(Table *t, FILE *f) { + if (!aligned) + return -ENOMEM; + ++ /* Drop trailing white spaces of last column when no cosmetics is set. */ ++ if (j == display_columns - 1 && ++ (!colors_enabled() || !table_data_color(d)) && ++ (!urlify_enabled() || !d->url)) ++ delete_trailing_chars(aligned, NULL); ++ + free_and_replace(buffer, aligned); + field = buffer; + } +diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c +index 24ee1df..b2943e6 100644 +--- a/src/test/test-format-table.c ++++ b/src/test/test-format-table.c +@@ -29,7 +29,7 @@ static void test_issue_9549(void) { + + printf("%s\n", formatted); + assert_se(streq(formatted, +- "NAME TYPE RO USAGE CREATED MODIFIED \n" ++ "NAME TYPE RO USAGE CREATED MODIFIED\n" + "foooo raw no 673.6M Wed 2018-07-11 00:10:33 J… Wed 2018-07-11 00:16:00 JST\n" + )); + } +@@ -72,7 +72,7 @@ static void test_multiline(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n")); ++ "lines \n")); + formatted = mfree(formatted); + + table_set_cell_height_max(table, (size_t) -1); +@@ -82,7 +82,7 @@ static void test_multiline(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n")); ++ "lines \n")); + formatted = mfree(formatted); + + assert_se(table_add_many(table, +@@ -123,7 +123,7 @@ static void test_multiline(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n" ++ "lines \n" + "short a\n" + " pair\n" + "short2 a\n" +@@ -138,7 +138,7 @@ static void test_multiline(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n" ++ "lines \n" + "short a\n" + " pair\n" + "short2 a\n" +@@ -186,7 +186,7 @@ static void test_strv(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n")); ++ "lines \n")); + formatted = mfree(formatted); + + table_set_cell_height_max(table, (size_t) -1); +@@ -196,7 +196,7 @@ static void test_strv(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n")); ++ "lines \n")); + formatted = mfree(formatted); + + assert_se(table_add_many(table, +@@ -237,7 +237,7 @@ static void test_strv(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n" ++ "lines \n" + "short a\n" + " pair\n" + "short2 a\n" +@@ -252,7 +252,7 @@ static void test_strv(void) { + "FOO BAR\n" + "three two\n" + "different lines\n" +- "lines \n" ++ "lines \n" + "short a\n" + " pair\n" + "short2 a\n" +@@ -333,7 +333,7 @@ static void test_strv_wrapped(void) { + assert_se(streq(formatted, + "FOO BAR\n" + "three different two lines\n" +- "lines \n" ++ "lines \n" + "short a pair\n" + "short2 a eight line ćęłł\n" + " ___5___ ___6___…\n")); +@@ -345,7 +345,7 @@ static void test_strv_wrapped(void) { + assert_se(streq(formatted, + "FOO BAR\n" + "three different two lines\n" +- "lines \n" ++ "lines \n" + "short a pair\n" + "short2 a eight line ćęłł\n" + " ___5___ ___6___\n" +@@ -358,7 +358,7 @@ static void test_strv_wrapped(void) { + assert_se(streq(formatted, + "FOO BAR\n" + "three different two lines\n" +- "lines \n" ++ "lines \n" + "short a pair\n" + "short2 a eight line ćęłł\n" + " ___5___ ___6___\n" +@@ -493,17 +493,17 @@ int main(int argc, char *argv[]) { + if (isatty(STDOUT_FILENO)) + assert_se(streq(formatted, + " no a long f… no a long f… a long fi…\n" +- " no fäää no fäää fäää \n" +- " yes fäää yes fäää fäää \n" +- " yes xxx yes xxx xxx \n" +- "5min 5min \n")); ++ " no fäää no fäää fäää\n" ++ " yes fäää yes fäää fäää\n" ++ " yes xxx yes xxx xxx\n" ++ "5min 5min \n")); + else + assert_se(streq(formatted, + " no a long field no a long field a long field\n" +- " no fäää no fäää fäää \n" +- " yes fäää yes fäää fäää \n" +- " yes xxx yes xxx xxx \n" +- "5min 5min \n")); ++ " no fäää no fäää fäää\n" ++ " yes fäää yes fäää fäää\n" ++ " yes xxx yes xxx xxx\n" ++ "5min 5min \n")); + + test_issue_9549(); + test_multiline(); diff --git a/debian/patches/time-util-fix-buffer-over-run.patch b/debian/patches/time-util-fix-buffer-over-run.patch new file mode 100644 index 0000000..65a6ed0 --- /dev/null +++ b/debian/patches/time-util-fix-buffer-over-run.patch @@ -0,0 +1,55 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 7 Jul 2022 18:27:02 +0900 +Subject: time-util: fix buffer-over-run + +Fixes #23928. + +(cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e) +(cherry picked from commit 72d4c15a946d20143cd4c6783c802124bc894dc7) +(cherry picked from commit c32530f5bdd11c74e8f5a86eecd7c36b3bae739f) +(cherry picked from commit b2a25b5e64345bd0bb7697a956d33afd6980286a) +(cherry picked from commit 858dc1ad609290cc4ca288acf87046ee295c3d51) +--- + src/basic/time-util.c | 2 +- + src/test/test-time-util.c | 8 ++++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 5318d63..1909710 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -574,7 +574,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { + t = b; + } + +- n = MIN((size_t) k, l); ++ n = MIN((size_t) k, l-1); + + l -= n; + p += n; +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index cc391e8..877b24c 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -243,6 +243,13 @@ static void test_format_timespan(usec_t accuracy) { + test_format_timespan_one(USEC_INFINITY, accuracy); + } + ++static void test_format_timespan2(void) { ++ /* See issue #23928. */ ++ _cleanup_free_ char *buf; ++ assert_se(buf = new(char, 5)); ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); ++} ++ + static void test_timezone_is_valid(void) { + log_info("/* %s */", __func__); + +@@ -533,6 +540,7 @@ int main(int argc, char *argv[]) { + test_format_timespan(1); + test_format_timespan(USEC_PER_MSEC); + test_format_timespan(USEC_PER_SEC); ++ test_format_timespan2(); + test_timezone_is_valid(); + test_get_timezones(); + test_usec_add(); diff --git a/debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch b/debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch new file mode 100644 index 0000000..a8877b3 --- /dev/null +++ b/debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch @@ -0,0 +1,27 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 23 Nov 2021 15:05:58 +0100 +Subject: tmpfiles: 'st' may have been used uninitialized + +(cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca) +(cherry picked from commit 7563de501246dccf5a9ea229933481aa1e7bd5c9) +(cherry picked from commit f54b97b1d05052bfee824ecc03ae9f07f6c37be8) +(cherry picked from commit ab927db9a7698ee1eceae14ecef7ab43ee3f104e) +--- + src/basic/rm-rf.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c +index cf671c2..a78aa4f 100644 +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -128,7 +128,9 @@ static int rm_rf_children_inner( + assert(fd >= 0); + assert(fname); + +- if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { ++ if (is_dir < 0 || ++ root_dev || ++ (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { + + r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); + if (r < 0) diff --git a/debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch b/debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch new file mode 100644 index 0000000..f373b68 --- /dev/null +++ b/debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch @@ -0,0 +1,111 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 30 Oct 2022 09:43:05 +0900 +Subject: udev: always create device symlinks for USB disks + +Previously, ata_id might not be able to retrieve attributes correctly, +and properties from usb_id were used as a fallback. See issue #24921 +and PR #24923. To keep backward compatibility, still we need to create +symlinks based on USB serial. + +Fixes #25179. +--- + rules.d/60-persistent-storage.rules | 10 +++++-- + src/udev/udev-builtin-usb_id.c | 55 +++++++++++++++++++++++++++++-------- + 2 files changed, 51 insertions(+), 14 deletions(-) + +diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules +index fc7f733..99e0c9a 100644 +--- a/rules.d/60-persistent-storage.rules ++++ b/rules.d/60-persistent-storage.rules +@@ -59,14 +59,20 @@ KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{type}== + # Run ata_id on non-removable USB Mass Storage (SATA/PATA disks in enclosures) + KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", ATTR{removable}=="0", SUBSYSTEMS=="usb", IMPORT{program}="ata_id --export $devnode" + +-# Fall back usb_id for USB devices +-KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" ++# Also import properties from usb_id for USB devices ++KERNEL=="sd*[!0-9]|sr*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" + + # SCSI devices + KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="scsi" + KERNEL=="cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="cciss" + KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" + KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n" ++# Previously, ata_id in the above might not be able to retrieve attributes correctly, ++# and properties from usb_id were used as a fallback. See issue #24921 and PR #24923. ++# To keep backward compatibility, still we need to create symlinks based on USB serial. ++# See issue #25179. ++KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_USB_SERIAL}=="?*", SYMLINK+="disk/by-id/usb-$env{ID_USB_SERIAL}" ++KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_USB_SERIAL}=="?*", SYMLINK+="disk/by-id/usb-$env{ID_USB_SERIAL}-part%n" + + # PMEM devices + KERNEL=="pmem*", ENV{DEVTYPE}=="disk", ATTRS{uuid}=="?*", SYMLINK+="disk/by-id/pmem-$attr{uuid}" +diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c +index fa554e7..3910ffa 100644 +--- a/src/udev/udev-builtin-usb_id.c ++++ b/src/udev/udev-builtin-usb_id.c +@@ -430,21 +430,52 @@ fallback: + if (!isempty(instance_str)) + strpcpyl(&s, l, "-", instance_str, NULL); + +- udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str); +- udev_builtin_add_property(dev, test, "ID_VENDOR_ENC", vendor_str_enc); +- udev_builtin_add_property(dev, test, "ID_VENDOR_ID", vendor_id); +- udev_builtin_add_property(dev, test, "ID_MODEL", model_str); +- udev_builtin_add_property(dev, test, "ID_MODEL_ENC", model_str_enc); +- udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id); +- udev_builtin_add_property(dev, test, "ID_REVISION", revision_str); +- udev_builtin_add_property(dev, test, "ID_SERIAL", serial); ++ if (sd_device_get_property_value(dev, "ID_BUS", NULL) >= 0) ++ log_device_debug(dev, "ID_BUS property is already set, setting only properties prefixed with \"ID_USB_\"."); ++ else { ++ udev_builtin_add_property(dev, test, "ID_BUS", "usb"); ++ ++ udev_builtin_add_property(dev, test, "ID_MODEL", model_str); ++ udev_builtin_add_property(dev, test, "ID_MODEL_ENC", model_str_enc); ++ udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id); ++ ++ udev_builtin_add_property(dev, test, "ID_SERIAL", serial); ++ if (!isempty(serial_str)) ++ udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str); ++ ++ udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str); ++ udev_builtin_add_property(dev, test, "ID_VENDOR_ENC", vendor_str_enc); ++ udev_builtin_add_property(dev, test, "ID_VENDOR_ID", vendor_id); ++ ++ udev_builtin_add_property(dev, test, "ID_REVISION", revision_str); ++ ++ if (!isempty(type_str)) ++ udev_builtin_add_property(dev, test, "ID_TYPE", type_str); ++ ++ if (!isempty(instance_str)) ++ udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str); ++ } ++ ++ /* Also export the same values in the above by prefixing ID_USB_. */ ++ udev_builtin_add_property(dev, test, "ID_USB_MODEL", model_str); ++ udev_builtin_add_property(dev, test, "ID_USB_MODEL_ENC", model_str_enc); ++ udev_builtin_add_property(dev, test, "ID_USB_MODEL_ID", product_id); ++ udev_builtin_add_property(dev, test, "ID_USB_SERIAL", serial); + if (!isempty(serial_str)) +- udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str); ++ udev_builtin_add_property(dev, test, "ID_USB_SERIAL_SHORT", serial_str); ++ ++ udev_builtin_add_property(dev, test, "ID_USB_VENDOR", vendor_str); ++ udev_builtin_add_property(dev, test, "ID_USB_VENDOR_ENC", vendor_str_enc); ++ udev_builtin_add_property(dev, test, "ID_USB_VENDOR_ID", vendor_id); ++ ++ udev_builtin_add_property(dev, test, "ID_USB_REVISION", revision_str); ++ + if (!isempty(type_str)) +- udev_builtin_add_property(dev, test, "ID_TYPE", type_str); ++ udev_builtin_add_property(dev, test, "ID_USB_TYPE", type_str); ++ + if (!isempty(instance_str)) +- udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str); +- udev_builtin_add_property(dev, test, "ID_BUS", "usb"); ++ udev_builtin_add_property(dev, test, "ID_USB_INSTANCE", instance_str); ++ + if (!isempty(packed_if_str)) + udev_builtin_add_property(dev, test, "ID_USB_INTERFACES", packed_if_str); + if (ifnum) diff --git a/debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch b/debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch new file mode 100644 index 0000000..0aee515 --- /dev/null +++ b/debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch @@ -0,0 +1,34 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 3 Nov 2022 09:39:36 +0900 +Subject: udev: first set properties based on usb subsystem + +After 479da1107a0d4e2f7ef5cd938512b87a0e45f180, the usb_id builtin +command does not set ID_SERIAL if ID_BUS is already set. +Before the commit, all properties set based on pci bus were overwritten +by the usb_id, hence now it is sufficient setting them only when ID_BUS is +not set yet. + +Fixes #25238. + +(cherry picked from commit 01e704eba982fbc1517287cd261d229ff8e0a779) +--- + rules.d/60-serial.rules | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules +index f303e27..c133f26 100644 +--- a/rules.d/60-serial.rules ++++ b/rules.d/60-serial.rules +@@ -3,9 +3,10 @@ + ACTION=="remove", GOTO="serial_end" + SUBSYSTEM!="tty", GOTO="serial_end" + +-SUBSYSTEMS=="pci", ENV{ID_BUS}="pci", ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}" +-SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci" + SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb" ++SUBSYSTEMS=="pci", ENV{ID_BUS}=="", ENV{ID_BUS}="pci", \ ++ ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}", \ ++ IMPORT{builtin}="hwdb --subsystem=pci" + + # /dev/serial/by-path/, /dev/serial/by-id/ for USB devices + KERNEL!="ttyUSB[0-9]*|ttyACM[0-9]*", GOTO="serial_end" diff --git a/debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch b/debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch new file mode 100644 index 0000000..cabec71 --- /dev/null +++ b/debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch @@ -0,0 +1,58 @@ +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 20 Feb 2021 16:30:23 +0900 +Subject: udevadm-trigger: do not return immediately on EACCES + +Prompted by https://github.com/systemd/systemd/pull/18559. + +(cherry picked from commit 0e789e6d48046d43c50dd949a71ac56f1127bb96) +--- + src/udev/udevadm-trigger.c | 32 +++++++++++++++++++++++++++++--- + 1 file changed, 29 insertions(+), 3 deletions(-) + +diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c +index 5c74184..da9b89a 100644 +--- a/src/udev/udevadm-trigger.c ++++ b/src/udev/udevadm-trigger.c +@@ -45,13 +45,39 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set **settle_s + + r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER); + if (r < 0) { ++ /* ENOENT may be returned when a device does not have /uevent or is already ++ * removed. Hence, this is logged at debug level and ignored. ++ * ++ * ENODEV may be returned by some buggy device drivers e.g. /sys/devices/vio. ++ * See, ++ * https://github.com/systemd/systemd/issues/13652#issuecomment-535129791 and ++ * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845319. ++ * So, this error is ignored, but logged at warning level to encourage people to ++ * fix the driver. ++ * ++ * EROFS is returned when /sys is read only. In that case, all subsequent ++ * writes will also fail, hence return immediately. ++ * ++ * EACCES or EPERM may be returned when this is invoked by non-priviledged user. ++ * We do NOT return immediately, but continue operation and propagate the error. ++ * Why? Some device can be owned by a user, e.g., network devices configured in ++ * a network namespace. See, https://github.com/systemd/systemd/pull/18559 and ++ * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ebb4a4bf76f164457184a3f43ebc1552416bc823 ++ * ++ * All other errors are logged at error level, but let's continue the operation, ++ * and propagate the error. ++ */ ++ + bool ignore = IN_SET(r, -ENOENT, -ENODEV); ++ int level = ++ r == -ENOENT ? LOG_DEBUG : ++ r == -ENODEV ? LOG_WARNING : LOG_ERR; + +- log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r, ++ log_full_errno(level, r, + "Failed to write '%s' to '%s'%s: %m", + action, filename, ignore ? ", ignoring" : ""); +- if (IN_SET(r, -EACCES, -EROFS)) +- /* Inovoked by unpriviledged user, or read only filesystem. Return earlier. */ ++ ++ if (r == -EROFS) + return r; + if (ret == 0 && !ignore) + ret = r; diff --git a/debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch b/debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch new file mode 100644 index 0000000..c28266b --- /dev/null +++ b/debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch @@ -0,0 +1,59 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 1 Jun 2021 19:43:55 +0200 +Subject: unit-name: generate a clear error code when converting an overly + long fs path to a unit name + +(cherry picked from commit 9d5acfab20c5f1177d877d0bec18063c0a6c5929) +(cherry picked from commit 1579dce2c2a162bb09afb9a8a46fd4f7e8fbf1d5) +(cherry picked from commit 0488b743e9c6ab1e885933eebda4ba9232003a2a) +--- + src/basic/unit-name.c | 6 ++++++ + src/test/test-unit-name.c | 4 ++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c +index c1529bb..5f595af 100644 +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -528,6 +528,9 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { + if (!s) + return -ENOMEM; + ++ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ ++ return -ENAMETOOLONG; ++ + /* Refuse this if this got too long or for some other reason didn't result in a valid name */ + if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) + return -EINVAL; +@@ -559,6 +562,9 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha + if (!s) + return -ENOMEM; + ++ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ ++ return -ENAMETOOLONG; ++ + /* Refuse this if this got too long or for some other reason didn't result in a valid name */ + if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) + return -EINVAL; +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index ece78aa..c0b7971 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -130,7 +130,7 @@ static void test_unit_name_from_path(void) { + test_unit_name_from_path_one("///", ".mount", "-.mount", 0); + test_unit_name_from_path_one("/foo/../bar", ".mount", NULL, -EINVAL); + test_unit_name_from_path_one("/foo/./bar", ".mount", NULL, -EINVAL); +- test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -EINVAL); ++ test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -ENAMETOOLONG); + } + + static void test_unit_name_from_path_instance_one(const char *pattern, const char *path, const char *suffix, const char *expected, int ret) { +@@ -160,7 +160,7 @@ static void test_unit_name_from_path_instance(void) { + test_unit_name_from_path_instance_one("waldo", "..", ".mount", NULL, -EINVAL); + test_unit_name_from_path_instance_one("waldo", "/foo", ".waldi", NULL, -EINVAL); + test_unit_name_from_path_instance_one("wa--ldo", "/--", ".mount", "wa--ldo@\\x2d\\x2d.mount", 0); +- test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -EINVAL); ++ test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -ENAMETOOLONG); + } + + static void test_unit_name_to_path_one(const char *unit, const char *path, int ret) { diff --git a/debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch b/debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch new file mode 100644 index 0000000..9757987 --- /dev/null +++ b/debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch @@ -0,0 +1,38 @@ +From: Boqun Feng <boqun.feng@gmail.com> +Date: Tue, 23 Nov 2021 15:09:26 +0800 +Subject: virt: Fix the detection for Hyper-V VMs + +Use product_version instead of product_name in DMI table and the string +"Hyper-V" to avoid misdetection. + +Fixes: #21468 + +Signed-off-by: Boqun Feng <boqun.feng@gmail.com> +(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4) +--- + src/basic/virt.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 0d45ee6..54befd9 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -140,7 +140,8 @@ static int detect_vm_dmi(void) { + "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ + "/sys/class/dmi/id/sys_vendor", + "/sys/class/dmi/id/board_vendor", +- "/sys/class/dmi/id/bios_vendor" ++ "/sys/class/dmi/id/bios_vendor", ++ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */ + }; + + static const struct { +@@ -158,7 +159,7 @@ static int detect_vm_dmi(void) { + { "Parallels", VIRTUALIZATION_PARALLELS }, + /* https://wiki.freebsd.org/bhyve */ + { "BHYVE", VIRTUALIZATION_BHYVE }, +- { "Microsoft", VIRTUALIZATION_MICROSOFT }, ++ { "Hyper-V", VIRTUALIZATION_MICROSOFT }, + }; + unsigned i; + int r; diff --git a/debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch b/debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch new file mode 100644 index 0000000..373a77f --- /dev/null +++ b/debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch @@ -0,0 +1,28 @@ +From: Boqun Feng <boqun.feng@gmail.com> +Date: Wed, 13 Oct 2021 11:32:09 +0800 +Subject: virt: Support detection for ARM64 Hyper-V guests + +The detection of Microsoft Hyper-V VMs is done by cpuid currently, +however there is no cpuid on ARM64. And since ARM64 is now a supported +architecture for Microsoft Hyper-V guests[1], then use DMI tables to +detect a Hyper-V guest, which is more generic and works for ARM64. + +[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467 + +(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87) +--- + src/basic/virt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 7d78a40..0d45ee6 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -158,6 +158,7 @@ static int detect_vm_dmi(void) { + { "Parallels", VIRTUALIZATION_PARALLELS }, + /* https://wiki.freebsd.org/bhyve */ + { "BHYVE", VIRTUALIZATION_BHYVE }, ++ { "Microsoft", VIRTUALIZATION_MICROSOFT }, + }; + unsigned i; + int r; diff --git a/debian/patches/virt-detect-OpenStack-Nova-instance.patch b/debian/patches/virt-detect-OpenStack-Nova-instance.patch new file mode 100644 index 0000000..87686b2 --- /dev/null +++ b/debian/patches/virt-detect-OpenStack-Nova-instance.patch @@ -0,0 +1,21 @@ +From: Michael Biebl <biebl@debian.org> +Date: Sun, 7 Aug 2022 15:21:12 +0200 +Subject: virt: detect OpenStack Nova instance + +(cherry picked from commit 01d9fbccddd694bc584aed24eaa0543f831dc929) +--- + src/basic/virt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 54befd9..78ee1b8 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -149,6 +149,7 @@ static int detect_vm_dmi(void) { + int id; + } dmi_vendor_table[] = { + { "KVM", VIRTUALIZATION_KVM }, ++ { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ + { "QEMU", VIRTUALIZATION_QEMU }, + { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ + { "VMW", VIRTUALIZATION_VMWARE }, diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..b67f29a --- /dev/null +++ b/debian/rules @@ -0,0 +1,315 @@ +#! /usr/bin/make -f + +#export DH_VERBOSE = 1 +#export DEB_BUILD_OPTIONS = nostrip + +export LC_ALL = C.UTF-8 + +include /usr/share/dpkg/default.mk + +ifeq ($(DEB_VENDOR),Ubuntu) + DEFAULT_NTP_SERVERS = ntp.ubuntu.com + SUPPORT_URL = http://www.ubuntu.com/support + CONFFLAGS_DISTRO = +else + DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org + SUPPORT_URL = https://www.debian.org/support + CONFFLAGS_DISTRO = +endif + +TEST_TIMEOUT_MULTIPLIER = "-t 10" + +# fail on missing files and symbols changes on distro builds, but not if we +# build/test upstream master +ifeq ($(TEST_UPSTREAM),) + DH_MISSING = --fail-missing + GENSYMBOLS_LEVEL = 4 +else + DH_MISSING = --list-missing + GENSYMBOLS_LEVEL = 1 +endif + +ifneq (, $(filter noudeb, $(DEB_BUILD_OPTIONS))) +export DEB_BUILD_PROFILES += noudeb +endif + +CONFFLAGS = \ + -Db_lto=true \ + -Db_pie=true \ + -Dmode=release \ + -Drootlibdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ + -Dsplit-usr=true \ + -Dversion-tag="$(DEB_VERSION)" \ + -Dquotaon-path=/sbin/quotaon \ + -Dquotacheck-path=/sbin/quotacheck \ + -Dkmod-path=/bin/kmod \ + -Dkexec-path=/sbin/kexec \ + -Dsulogin-path=/sbin/sulogin \ + -Dmount-path=/bin/mount \ + -Dumount-path=/bin/umount \ + -Dloadkeys-path=/bin/loadkeys \ + -Dsetfont-path=/bin/setfont \ + -Dnologin-path=/usr/sbin/nologin \ + -Dtelinit-path=/lib/sysvinit/telinit \ + -Dsysvinit-path=/etc/init.d \ + -Dsysvrcnd-path=/etc \ + -Dlocalegen-path=/usr/sbin/locale-gen \ + -Ddebug-shell=/bin/bash \ + -Dzshcompletiondir=/usr/share/zsh/vendor-completions \ + -Ddbuspolicydir=/usr/share/dbus-1/system.d/ \ + -Dsupport-url=$(SUPPORT_URL) \ + -Ddefault-kill-user-processes=false \ + -Ddefault-hierarchy=unified \ + -Ddefault-dnssec=no \ + -Dpamconfdir=no \ + -Dpamlibdir=/lib/$(DEB_HOST_MULTIARCH)/security \ + -Drpmmacrosdir=no \ + -Dqrencode=false \ + -Dvconsole=false \ + -Dfirstboot=false \ + -Dxkbcommon=false \ + -Dwheel-group=false \ + -Drepart=false \ + -Duserdb=false \ + -Dhomed=false \ + -Dlibfido2=false \ + -Dfdisk=false \ + -Dpwquality=false \ + -Dp11kit=false \ + -Doomd=false \ + -Dntp-servers="$(DEFAULT_NTP_SERVERS)" \ + -Ddns-servers='' \ + -Dlink-udev-shared=false \ + -Dsystem-uid-max=999 \ + -Dsystem-gid-max=999 \ + -Dnobody-user=nobody \ + -Dnobody-group=nogroup \ + -Dbump-proc-sys-fs-nr-open=false \ + -Ddev-kvm-mode=0660 \ + -Dgroup-render-mode=0660 + +CONFFLAGS_deb = \ + -Dselinux=true \ + -Dhwdb=true \ + -Dsysusers=true \ + -Dinstall-tests=$(if $(filter noinsttest,$(DEB_BUILD_PROFILES)),false,true) \ + -Defi=true \ + -Dman=true \ + -Dnss-myhostname=true \ + -Dnss-mymachines=true \ + -Dnss-resolve=true \ + -Dnss-systemd=true \ + -Dresolve=true \ + -Dlink-systemctl-shared=false + +ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES))) +CONFFLAGS_deb += \ + -Daudit=true \ + -Dlibcryptsetup=true \ + -Dcoredump=true \ + -Delfutils=true \ + -Dapparmor=true \ + -Dlibidn2=true \ + -Dlibiptc=true \ + -Dlibcurl=true \ + -Dimportd=true \ + -Dmicrohttpd=true \ + -Dgnutls=true \ + -Dpcre2=true +else +CONFFLAGS_deb += \ + -Daudit=false \ + -Dlibcryptsetup=false \ + -Dcoredump=false \ + -Delfutils=false \ + -Dapparmor=false \ + -Dlibidn2=false \ + -Dlibiptc=false \ + -Dlibcurl=false \ + -Dimportd=false \ + -Dmicrohttpd=false \ + -Dgnutls=false \ + -Dpcre2=false +endif + +CONFFLAGS_udeb = \ + -Dlibcryptsetup=false \ + -Dcoredump=false \ + -Delfutils=false \ + -Dpam=false \ + -Daudit=false \ + -Dselinux=false\ + -Dapparmor=false \ + -Dlibidn2=false \ + -Dlibiptc=false \ + -Dsmack=false \ + -Dima=false \ + -Dbinfmt=false \ + -Dquotacheck=false \ + -Dtmpfiles=false \ + -Drandomseed=false \ + -Dbacklight=false \ + -Dlogind=false \ + -Dmachined=false \ + -Dlibcurl=false \ + -Dimportd=false \ + -Dmicrohttpd=false \ + -Dgnutls=false \ + -Dhostnamed=false \ + -Dtimedated=false \ + -Dnetworkd=false \ + -Dtimesyncd=false \ + -Dlocaled=false \ + -Dnss-myhostname=false \ + -Dnss-mymachines=false \ + -Dnss-resolve=false \ + -Dnss-systemd=false \ + -Dresolve=false \ + -Dportabled=false \ + -Dpolkit=false \ + -Dacl=false \ + -Dgcrypt=false \ + -Drfkill=false \ + -Dhwdb=false \ + -Dman=false \ + -Defi=false \ + -Dseccomp=false \ + -Dsysusers=false \ + -Dpcre2=false + +override_dh_auto_configure: + dh_auto_configure --builddirectory=build-deb \ + -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_deb) $(CONFFLAGS_UPSTREAM) +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_configure --builddirectory=build-udeb \ + -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_udeb) $(CONFFLAGS_UPSTREAM) +endif + +override_dh_auto_build: + dh_auto_build --builddirectory=build-deb +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_build --builddirectory=build-udeb +endif + # generate POT file for translators + ninja -C build-deb/ systemd-pot + +override_dh_auto_install: + dh_auto_install --builddirectory=build-deb \ + --destdir=debian/install/deb +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_install --builddirectory=build-udeb \ + --destdir=debian/install/udeb +endif + # fix paths in manpages; manually check the remaining /usr occurrences + # occasionally, with filtering out paths which are known to be in /usr: + # grep -r /usr debian/install/deb/usr/share/man/|egrep -v '/usr/local|os.*release|factory|zoneinfo|tmpfiles|kernel|foo|machines|sysctl|dbus|include|binfmt' + find debian/install/deb/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g' + +override_dh_auto_clean: +ifneq (, $(TEST_UPSTREAM)) + debian/extra/checkout-upstream +endif + dh_auto_clean --builddirectory=build-deb +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_auto_clean --builddirectory=build-udeb +endif + rm -rf debian/install/ debian/shlibs.local + # remove Python byte code files + rm -rf tools/__pycache__/ + rm -rf tools/chromiumos/__pycache__/ + rm -f po/systemd.pot + +override_dh_install: + # remove unnecessary / unused files + rm -f debian/install/*/usr/share/doc/systemd/LICENSE.* + rm -f debian/install/*/var/log/README + rm -f debian/install/*/etc/init.d/README + rm -f debian/install/*/usr/lib/sysctl.d/50-default.conf + rm -f debian/install/*/etc/X11/xinit/xinitrc.d/50-systemd-user.sh + rmdir -p --ignore-fail-on-non-empty debian/install/*/etc/X11/xinit/xinitrc.d/ + # remove files related to factory-reset feature + find debian/install/ \( -name 'systemd-update-done*' -o \ + -name systemd-journal-catalog-update.service -o \ + -name systemd-udev-hwdb-update.service -o \ + -name ldconfig.service -o \ + -name etc.conf \) -delete + rm -rf debian/install/*/usr/share/factory/ + # replace upstream sysusers.d/basic.conf with proper users for Debian + debian/extra/make-sysusers-basic > debian/install/deb/usr/lib/sysusers.d/basic.conf + # remove resolvconf compat symlink + rm -f debian/install/*/sbin/resolvconf +ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES))) + dh_install -pudev-udeb -plibudev1-udeb --sourcedir=debian/install/udeb +endif + + dh_install --remaining-packages --sourcedir=debian/install/deb + + # we don't want /tmp to be a tmpfs by default + mv debian/systemd/lib/systemd/system/tmp.mount debian/systemd/usr/share/systemd/ + printf '\n[Install]\nWantedBy=local-fs.target\n' >> debian/systemd/usr/share/systemd/tmp.mount + rm debian/systemd/lib/systemd/system/local-fs.target.wants/tmp.mount + + # files shipped by cryptsetup +ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES))) + rm debian/systemd/usr/share/man/man5/crypttab.5 +endif + + # files shipped by systemd + rm debian/udev/lib/udev/rules.d/70-uaccess.rules + rm debian/udev/lib/udev/rules.d/73-seat-late.rules + rm debian/udev/lib/udev/rules.d/71-seat.rules + rm debian/udev/lib/udev/rules.d/99-systemd.rules + + # remove duplicate files shipped by systemd-*/udev + echo "Removing duplicate files in systemd package:" + set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd); do \ + echo "... from $$pkg..."; \ + (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \ + (cd debian/$$pkg; find -mindepth 1 -type d | sort -r) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \ + done + + # Ubuntu specific files +ifeq ($(DEB_VENDOR),Ubuntu) + install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py + install -D --mode=644 debian/extra/systemd.py debian/systemd/usr/share/apport/package-hooks/systemd.py + install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/lib/udev/rules.d/ + cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/ +endif + +override_dh_missing: + dh_missing --sourcedir debian/install/deb $(DH_MISSING) + +override_dh_installinit: + dh_installinit --no-start + +override_dh_installsystemd: + dh_installsystemd -psystemd-timesyncd + +override_dh_installsystemduser: + +PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' build-deb/config.h | tr -d \") + +# The SysV compat tools (which are symlinks to systemctl) are +# quasi-essential, so add their dependencies to Pre-Depends +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589 +override_dh_shlibdeps: + dh_shlibdeps -psystemd -- -dPre-Depends \ + -edebian/systemd/bin/systemctl \ + -dDepends + dh_shlibdeps --remaining-packages -Lsystemd + +override_dh_makeshlibs: + sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local + dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL) + dh_makeshlibs -psystemd -Xlibsystemd-shared -- -c$(GENSYMBOLS_LEVEL) + dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL) + +override_dh_auto_test: +ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS))) + echo "01234567890123456789012345678901" > build-deb/machine-id + # some tests hang under fakeroot, so disable fakeroot + env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/build-deb/machine-id meson test -C build-deb --print-errorlogs $(TEST_TIMEOUT_MULTIPLIER) +endif + +%: + dh $@ --without autoreconf --buildsystem=meson diff --git a/debian/shlibs.local.in b/debian/shlibs.local.in new file mode 100644 index 0000000..432b726 --- /dev/null +++ b/debian/shlibs.local.in @@ -0,0 +1,3 @@ +udeb: libudev 1 libudev1-udeb +libsystemd 0 libsystemd0 (= ${binary:Version}) +libsystemd-shared SHARED_LIB_VERSION systemd (= ${binary:Version}) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/systemd-container.install b/debian/systemd-container.install new file mode 100644 index 0000000..a092998 --- /dev/null +++ b/debian/systemd-container.install @@ -0,0 +1,44 @@ +bin/machinectl +bin/portablectl +lib/systemd/import-pubring.gpg +lib/systemd/portable +lib/systemd/systemd-machined +lib/systemd/systemd-export +lib/systemd/systemd-import* +lib/systemd/systemd-portabled +lib/systemd/systemd-pull +lib/systemd/system/systemd-nspawn@.service +lib/systemd/system/systemd-importd.service +lib/systemd/system/systemd-machined.service +lib/systemd/system/systemd-portabled.service +lib/systemd/system/var-lib-machines.mount +lib/systemd/system/machines.target +lib/systemd/system/*.target.wants/var-lib-machines.mount +lib/systemd/system/dbus-org.freedesktop.import1.service +lib/systemd/system/dbus-org.freedesktop.machine1.service +lib/systemd/system/dbus-org.freedesktop.portable1.service +usr/bin/systemd-dissect +usr/bin/systemd-nspawn +usr/lib/tmpfiles.d/portables.conf +usr/lib/tmpfiles.d/systemd-nspawn.conf +usr/share/dbus-1/system.d/org.freedesktop.import1.conf +usr/share/dbus-1/system.d/org.freedesktop.machine1.conf +usr/share/dbus-1/system.d/org.freedesktop.portable1.conf +usr/share/dbus-1/system-services/org.freedesktop.import1.service +usr/share/dbus-1/system-services/org.freedesktop.machine1.service +usr/share/dbus-1/system-services/org.freedesktop.portable1.service +usr/share/man/man*/*nspawn* +usr/share/man/man*/machinectl* +usr/share/man/man*/portablectl* +usr/share/man/man*/systemd-dissect* +usr/share/man/man*/systemd-machined* +usr/share/man/man*/systemd-portabled* +usr/share/polkit-1/actions/org.freedesktop.import1.policy +usr/share/polkit-1/actions/org.freedesktop.machine1.policy +usr/share/polkit-1/actions/org.freedesktop.portable1.policy +usr/share/zsh/vendor-completions/_systemd-nspawn +usr/share/zsh/vendor-completions/_sd_machines +usr/share/zsh/vendor-completions/_machinectl +usr/share/bash-completion/completions/machinectl +usr/share/bash-completion/completions/portablectl +usr/share/bash-completion/completions/systemd-nspawn diff --git a/debian/systemd-container.lintian-overrides b/debian/systemd-container.lintian-overrides new file mode 100644 index 0000000..c9665ff --- /dev/null +++ b/debian/systemd-container.lintian-overrides @@ -0,0 +1,2 @@ +# False positive: nspawn containers are supposed to be started via machines.target +systemd-container: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/systemd-nspawn@.service machines.target diff --git a/debian/systemd-container.maintscript b/debian/systemd-container.maintscript new file mode 100644 index 0000000..470978c --- /dev/null +++ b/debian/systemd-container.maintscript @@ -0,0 +1,2 @@ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.import1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 233-3~ diff --git a/debian/systemd-container.postinst b/debian/systemd-container.postinst new file mode 100644 index 0000000..3d1c8b6 --- /dev/null +++ b/debian/systemd-container.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +# Enable machines.target by default on new installs +if [ -z "$2" ]; then + systemctl enable machines.target || true +fi + +#DEBHELPER# diff --git a/debian/systemd-container.postrm b/debian/systemd-container.postrm new file mode 100644 index 0000000..2140680 --- /dev/null +++ b/debian/systemd-container.postrm @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + # clean up after manually enabled units in postinst + rm -f /etc/systemd/system/multi-user.target.wants/machines.target + ;; +esac + +#DEBHELPER# diff --git a/debian/systemd-coredump.install b/debian/systemd-coredump.install new file mode 100644 index 0000000..3efcecb --- /dev/null +++ b/debian/systemd-coredump.install @@ -0,0 +1,11 @@ +usr/bin/coredumpctl +lib/systemd/systemd-coredump +lib/systemd/system/systemd-coredump* +lib/systemd/system/*/systemd-coredump* +usr/share/man/man1/coredumpctl* +usr/share/man/man5/coredump.conf* +usr/share/man/man8/systemd-coredump* +usr/share/bash-completion/completions/coredumpctl +usr/share/zsh/vendor-completions/_coredumpctl +usr/lib/sysctl.d/50-coredump.conf +etc/systemd/coredump.conf diff --git a/debian/systemd-coredump.postinst b/debian/systemd-coredump.postinst new file mode 100644 index 0000000..1b93506 --- /dev/null +++ b/debian/systemd-coredump.postinst @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +if [ "$1" = configure ]; then + adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Core Dumper" systemd-coredump + + # enable systemd-coredump right after package installation + if [ -d /run/systemd/system ]; then + systemctl daemon-reload && systemctl start systemd-coredump.socket || true + fi + /lib/systemd/systemd-sysctl /usr/lib/sysctl.d/50-coredump.conf || true +fi + +#DEBHELPER# diff --git a/debian/systemd-coredump.prerm b/debian/systemd-coredump.prerm new file mode 100644 index 0000000..16fbf69 --- /dev/null +++ b/debian/systemd-coredump.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +if [ "$1" = remove ]; then + # disable systemd-coredump on removal + if [ -w /proc/sys/kernel/core_pattern ] && grep -q '^|.*systemd-coredump' /proc/sys/kernel/core_pattern; then + echo core > /proc/sys/kernel/core_pattern + fi + if [ -d /run/systemd/system ]; then + systemctl stop systemd-coredump.socket || true + fi +fi + +#DEBHELPER# diff --git a/debian/systemd-journal-remote.install b/debian/systemd-journal-remote.install new file mode 100644 index 0000000..188628b --- /dev/null +++ b/debian/systemd-journal-remote.install @@ -0,0 +1,29 @@ +# systemd-journal-upload +etc/systemd/journal-upload.conf +lib/systemd/systemd-journal-upload +lib/systemd/system/systemd-journal-upload.service +usr/share/man/man5/journal-upload.conf.d.5 +usr/share/man/man5/journal-upload.conf.5 +usr/share/man/man8/systemd-journal-upload.8 +usr/share/man/man8/systemd-journal-upload.service.8 + +# systemd-journal-remote +etc/systemd/journal-remote.conf +lib/systemd/systemd-journal-remote +lib/systemd/system/systemd-journal-remote.service +lib/systemd/system/systemd-journal-remote.socket +usr/lib/sysusers.d/systemd-remote.conf +usr/share/man/man5/journal-remote.conf.d.5 +usr/share/man/man5/journal-remote.conf.5 +usr/share/man/man8/systemd-journal-remote.service.8 +usr/share/man/man8/systemd-journal-remote.socket.8 +usr/share/man/man8/systemd-journal-remote.8 + +# systemd-journal-gatewayd +lib/systemd/systemd-journal-gatewayd +lib/systemd/system/systemd-journal-gatewayd.service +lib/systemd/system/systemd-journal-gatewayd.socket +usr/share/systemd/gatewayd/ +usr/share/man/man8/systemd-journal-gatewayd.service.8 +usr/share/man/man8/systemd-journal-gatewayd.socket.8 +usr/share/man/man8/systemd-journal-gatewayd.8 diff --git a/debian/systemd-journal-remote.postinst b/debian/systemd-journal-remote.postinst new file mode 100644 index 0000000..8ef91ad --- /dev/null +++ b/debian/systemd-journal-remote.postinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +adduser --quiet --system \ + --home /run/systemd --no-create-home \ + --gecos "systemd Journal Remote" \ + --group systemd-journal-remote + +#DEBHELPER# diff --git a/debian/systemd-sysv.install b/debian/systemd-sysv.install new file mode 100644 index 0000000..9c104a9 --- /dev/null +++ b/debian/systemd-sysv.install @@ -0,0 +1,14 @@ +usr/share/man/man1/init.1 +usr/share/man/man8/telinit.8 +usr/share/man/man8/runlevel.8 +usr/share/man/man8/shutdown.8 +usr/share/man/man8/poweroff.8 +usr/share/man/man8/reboot.8 +usr/share/man/man8/halt.8 +sbin/init +sbin/telinit +sbin/runlevel +sbin/shutdown +sbin/poweroff +sbin/reboot +sbin/halt diff --git a/debian/systemd-sysv.postinst b/debian/systemd-sysv.postinst new file mode 100644 index 0000000..a67eddb --- /dev/null +++ b/debian/systemd-sysv.postinst @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# update grub on first install, so that the alternative init system boot +# entries get updated +if [ "$1" = configure ] && [ -z "$2" ] && [ -e /boot/grub/grub.cfg ] && which update-grub >/dev/null 2>&1; then + update-grub || true +fi + +#DEBHELPER# diff --git a/debian/systemd-tests.install b/debian/systemd-tests.install new file mode 100644 index 0000000..28b745c --- /dev/null +++ b/debian/systemd-tests.install @@ -0,0 +1 @@ +usr/lib/systemd/tests diff --git a/debian/systemd-tests.lintian-overrides b/debian/systemd-tests.lintian-overrides new file mode 100644 index 0000000..9784f46 --- /dev/null +++ b/debian/systemd-tests.lintian-overrides @@ -0,0 +1,2 @@ +# test programs only, need to link against internal library +systemd-tests: binary-or-shlib-defines-rpath usr/lib/systemd/tests/* diff --git a/debian/systemd-timesyncd.install b/debian/systemd-timesyncd.install new file mode 100644 index 0000000..7d978ba --- /dev/null +++ b/debian/systemd-timesyncd.install @@ -0,0 +1,7 @@ +../../extra/dhclient-exit-hooks.d/ etc/dhcp/ +etc/systemd/timesyncd.conf +lib/systemd/ntp-units.d/80-systemd-timesync.list +lib/systemd/systemd-timesyncd +lib/systemd/system/systemd-timesyncd.service +usr/share/dbus-1/*/*timesync* +usr/share/man/man*/*timesyncd* diff --git a/debian/systemd-timesyncd.postinst b/debian/systemd-timesyncd.postinst new file mode 100644 index 0000000..c098216 --- /dev/null +++ b/debian/systemd-timesyncd.postinst @@ -0,0 +1,29 @@ +#!/bin/sh + +set -e + +_adopt_conffile() { + conffile=$1 + pkg=$2 + + [ -f ${conffile}.dpkg-bak ] || return 0 + + md5sum="$(md5sum ${conffile} | sed -e 's/ .*//')" + old_md5sum="$(dpkg-query -W -f='${Conffiles}' $pkg | \ + sed -n -e "\' ${conffile} ' { s/ obsolete$//; s/.* //; p }")" + # On new installs, if the policy file was preserved on systemd upgrade + # by dpkg-maintscript helper, copy it back if the new file has not been modified yet + if [ "$md5sum" = "$old_md5sum" ]; then + mv ${conffile}.dpkg-bak ${conffile} + fi +} + +adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Time Synchronization" systemd-timesync + +if [ "$1" = configure ] && [ -z "$2" ]; then + _adopt_conffile /etc/dhcp/dhclient-exit-hooks.d/timesyncd systemd-timesyncd + _adopt_conffile /etc/systemd/timesyncd.conf systemd-timesyncd +fi + +#DEBHELPER# diff --git a/debian/systemd-timesyncd.postrm b/debian/systemd-timesyncd.postrm new file mode 100644 index 0000000..b333c6c --- /dev/null +++ b/debian/systemd-timesyncd.postrm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + rm -rf /var/lib/systemd/timesync/ + ;; +esac + +#DEBHELPER# diff --git a/debian/systemd.NEWS b/debian/systemd.NEWS new file mode 100644 index 0000000..cc72643 --- /dev/null +++ b/debian/systemd.NEWS @@ -0,0 +1,65 @@ +systemd (247.2-2) unstable; urgency=medium + + systemd now defaults to the "unified" cgroup hierarchy (i.e. cgroupv2). + This change reflects the fact that cgroupsv2 support has matured + substantially in both systemd and in the kernel. + All major container tools nowadays should support cgroupv2. + If you run into problems with cgroupv2, you can switch back to the previous, + hybrid setup by adding "systemd.unified_cgroup_hierarchy=false" to the + kernel command line. + You can read more about the benefits of cgroupv2 at + https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html + + -- Michael Biebl <biebl@debian.org> Mon, 21 Dec 2020 18:40:10 +0100 + +systemd (247.2-1) unstable; urgency=medium + + KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents + "bind" and "unbind" to the Linux device model. When this kernel + change was made, systemd-udevd was only minimally updated to handle + and propagate these new event types. The introduction of these new + uevents (which are typically generated for USB devices and devices + needing a firmware upload before being functional) resulted in a + number of issues which we so far didn't address. We hoped the kernel + maintainers would themselves address these issues in some form, but + that did not happen. To handle them properly, many (if not most) udev + rules files shipped in various packages need updating, and so do many + programs that monitor or enumerate devices with libudev or sd-device, + or otherwise process uevents. Please note that this incompatibility + is not fault of systemd or udev, but caused by an incompatible kernel + change that happened back in Linux 4.14, but is becoming more and + more visible as the new uevents are generated by more kernel drivers. + + To learn more about the required udev rules changes please check the + "CHANGES WITH 247" section of /usr/share/doc/systemd/NEWS.gz. + + -- Balint Reczey <rbalint@ubuntu.com> Fri, 11 Dec 2020 18:22:42 +0100 + +systemd (236-1) unstable; urgency=medium + + DynamicUser=yes has been enabled for systemd-journal-upload.service and + systemd-journal-gatewayd.service. + This means we no longer need to statically allocate a systemd-journal-upload + and systemd-journal-gateway user and you can now safely remove those system + users along with their associated groups. + + -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:17:32 +0100 + +systemd (231-1) unstable; urgency=low + + This version drops support for running /etc/rcS.d SysV init scripts. + These are prone to cause dependency loops, and almost all Debian packages + with rcS scripts now ship a native systemd service. If you have custom or + third-party rcS scripts you need to convert them or change them to run + in rc2.d/ - rc5.d/; see this page for details: + <https://wiki.debian.org/Teams/pkg-systemd/rcSMigration>. + + -- Martin Pitt <mpitt@debian.org> Thu, 14 Jul 2016 12:54:34 +0200 + +systemd (224-2) unstable; urgency=medium + + This version splits out systemd-nspawn, systemd-machined, and machinectl + into the new "systemd-container" package. That now also enables + systemd-importd. + + -- Martin Pitt <mpitt@debian.org> Sat, 22 Aug 2015 15:58:43 +0200 diff --git a/debian/systemd.bug-control b/debian/systemd.bug-control new file mode 100644 index 0000000..c7c3850 --- /dev/null +++ b/debian/systemd.bug-control @@ -0,0 +1 @@ +package-status: udev dracut initramfs-tools libpam-systemd libnss-systemd diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script new file mode 100644 index 0000000..b1099e7 --- /dev/null +++ b/debian/systemd.bug-script @@ -0,0 +1,43 @@ +#!/bin/bash + +cat <<EOF + +Providing additional information can help diagnose problems with systemd. +Specifically, this would include: +- fstab configuration (copy of /etc/fstab). +- local modifications of unit files (output of systemd-delta). +- state of running services and units (output of systemd-analyze dump). +- enabled/disabled state of installed services. +If this information is not relevant for your bug report or you have privacy +concerns, please choose no. + +EOF + +yesno "Do you want to provide additional information [Y|n]? " yep +[ "$REPLY" = yep ] || exit 0 + +# We don’t clean up this directory because there is no way to know when +# reportbug finished running, and reportbug needs the files around. +# Given that those are just a couple of kilobytes in size and people +# generally don’t file a lot of bugs, I don’t think it’s a big deal. +DIR=$(mktemp -d) + +echo "-- BEGIN ATTACHMENTS --" >&3 + +# remove highlighting escape codes from systemd-delta output +systemd-delta --no-pager 2>&1 |sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt +echo "$DIR/systemd-delta.txt" >&3 + +if [ -d /run/systemd/system ]; then + systemd-analyze --no-pager dump >$DIR/systemd-analyze-dump.txt 2>&1 + echo "$DIR/systemd-analyze-dump.txt" >&3 +fi + +if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then + head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >$DIR/dsh-enabled.txt + echo "$DIR/dsh-enabled.txt" >&3 +fi + +echo "/etc/fstab" >&3 + +echo "-- END ATTACHMENTS --" >&3 diff --git a/debian/systemd.dirs b/debian/systemd.dirs new file mode 100644 index 0000000..fac35d6 --- /dev/null +++ b/debian/systemd.dirs @@ -0,0 +1 @@ +var/lib/systemd diff --git a/debian/systemd.install b/debian/systemd.install new file mode 100644 index 0000000..1e51051 --- /dev/null +++ b/debian/systemd.install @@ -0,0 +1,71 @@ +etc/ +bin/systemctl +bin/journalctl +bin/loginctl +bin/machinectl +bin/networkctl +bin/systemd-notify +bin/systemd-tty-ask-password-agent +bin/systemd-ask-password +bin/systemd-machine-id-setup +bin/systemd-tmpfiles +bin/systemd-inhibit +bin/systemd-escape +bin/systemd-sysusers +lib/modprobe.d/ +lib/systemd/ +lib/udev/rules.d/70-uaccess.rules +lib/udev/rules.d/73-seat-late.rules +lib/udev/rules.d/71-seat.rules +lib/udev/rules.d/99-systemd.rules +usr/bin/systemd-cgls +usr/bin/systemd-cgtop +usr/bin/systemd-nspawn +usr/bin/systemd-stdio-bridge +usr/bin/systemd-analyze +usr/bin/systemd-cat +usr/bin/systemd-detect-virt +usr/bin/systemd-delta +usr/bin/systemd-run +usr/bin/systemd-path +usr/bin/systemd-socket-activate +usr/bin/systemd-mount +usr/bin/systemd-umount +usr/bin/systemd-id128 +usr/bin/kernel-install +usr/bin/bootctl +usr/bin/busctl +usr/bin/timedatectl +usr/bin/localectl +usr/bin/hostnamectl +usr/bin/resolvectl +usr/bin/systemd-resolve +usr/share/man/man1/ +usr/share/man/man5/ +usr/share/man/man7/ +usr/share/man/man8/ +usr/share/bash-completion/ +usr/share/zsh/vendor-completions/ +usr/share/dbus-1/ +usr/share/doc/ +usr/share/pkgconfig/systemd.pc +usr/share/polkit-1/ +usr/share/systemd/kbd-model-map +usr/share/systemd/language-fallback-map +usr/lib/binfmt.d/ +usr/lib/environment.d/ +usr/lib/modules-load.d/ +usr/lib/sysctl.d/ +usr/lib/sysusers.d/basic.conf +usr/lib/sysusers.d/systemd.conf +usr/lib/systemd/ +usr/lib/tmpfiles.d/ +usr/lib/kernel +usr/share/locale/ +var/lib +../../extra/init-functions.d lib/lsb/ +../../extra/tmpfiles.d/*.conf usr/lib/tmpfiles.d/ +../../extra/systemd-sysv-install lib/systemd/ +../../extra/units/* lib/systemd/system/ +../../extra/kernel-install.d/* usr/lib/kernel/install.d +../../extra/pam.d/* usr/lib/pam.d/ diff --git a/debian/systemd.links b/debian/systemd.links new file mode 100644 index 0000000..f43cc94 --- /dev/null +++ b/debian/systemd.links @@ -0,0 +1,32 @@ +# These are all services which have native implementations +# So we mask them by linking against /dev/null or create an alias +/lib/systemd/system/systemd-sysctl.service /lib/systemd/system/procps.service + +/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/kmod.service +/etc/modules /etc/modules-load.d/modules.conf + +# X server and ICE socket directories are created by /usr/lib/tmpfiles.d/x11.conf +/dev/null /lib/systemd/system/x11-common.service + +# Don't set the hwclock, as the kernel does that on its own when using NTP +# Without NTP, we shouldn't store the time either +# https://github.com/systemd/systemd/commit/da2617378523e007ec0c6efe99d0cebb2be994e1 +/dev/null /lib/systemd/system/hwclock.service + +# We use the built-in cryptsetup support +/dev/null /lib/systemd/system/cryptdisks.service +/dev/null /lib/systemd/system/cryptdisks-early.service + +# Those services are useless under systemd. Mask them so they can't +# be run manually by accident. +/dev/null /lib/systemd/system/rc.service +/dev/null /lib/systemd/system/rcS.service + +# Enable Debian specific units +/lib/systemd/system/getty-static.service /lib/systemd/system/getty.target.wants/getty-static.service + +# Compat symlink +/lib/systemd/systemd /bin/systemd + +# Create a compat symlink as systemd-sysctl no longer reads /etc/sysctl.conf +/etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf diff --git a/debian/systemd.lintian-overrides b/debian/systemd.lintian-overrides new file mode 100644 index 0000000..e38976a --- /dev/null +++ b/debian/systemd.lintian-overrides @@ -0,0 +1 @@ +systemd: maintainer-script-calls-systemctl diff --git a/debian/systemd.maintscript b/debian/systemd.maintscript new file mode 100644 index 0000000..fb0ce62 --- /dev/null +++ b/debian/systemd.maintscript @@ -0,0 +1,12 @@ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.hostname1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.locale1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.login1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 228-5~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.network1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.resolve1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.timedate1.conf 233-3~ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf 239-15~ systemd-shim +rm_conffile /etc/dhcp/dhclient-exit-hooks.d/timesyncd 245.4-2~ +rm_conffile /etc/systemd/timesyncd.conf 245.4-2~ +rm_conffile /etc/pam.d/systemd-user 247~rc2-3~ diff --git a/debian/systemd.postinst b/debian/systemd.postinst new file mode 100644 index 0000000..d706588 --- /dev/null +++ b/debian/systemd.postinst @@ -0,0 +1,148 @@ +#!/bin/sh + +set -e + +_systemctl() { + if [ -d /run/systemd/system ]; then + systemctl "$@" + fi +} + +_update_catalog() { + journalctl --update-catalog || true +} + +# Update Message Catalogs database in response to dpkg trigger +if [ "$1" = "triggered" ]; then + _update_catalog + exit 0 +fi + +# Enable getty and remote-fs.target by default on new installs +if [ -z "$2" ]; then + systemctl enable getty@tty1.service || true + systemctl enable remote-fs.target || true +fi + +# Enable systemd-pstore by default on new installs and upgrades, see #952767 +if dpkg --compare-versions "$2" lt "245.4-4~"; then + systemctl enable systemd-pstore.service || true +fi + +# Do a one-time migration of the local time setting +if [ -z "$2" ]; then + if [ -f /etc/default/rcS ]; then + . /etc/default/rcS + fi + if [ "$UTC" = "no" ] && [ ! -e /etc/adjtime ]; then + printf "0.0 0 0.0\n0\nLOCAL\n" > /etc/adjtime + fi +fi + +# Do a one-time migration of the TMPTIME setting +if [ -z "$2" ]; then + if [ -f /etc/default/rcS ]; then + . /etc/default/rcS + fi + if [ ! -e /etc/tmpfiles.d/tmp.conf ]; then + case "$TMPTIME" in + -*|infinite|infinity) + cat > /etc/tmpfiles.d/tmp.conf <<EOF +# Avoid clearing /tmp by shipping an empty /etc/tmpfiles.d/tmp.conf file +# which overrides /usr/lib/tmpfiles.d/tmp.conf. +# This file was automatically created because of local modifications in +# /etc/default/rcS where TMPTIME was set to infinite. +EOF + ;; + esac + fi +fi + +# Do a one-time migration of the RAMTMP setting +if [ -z "$2" ]; then + if [ -f /etc/default/rcS ]; then + . /etc/default/rcS + fi + if [ -f /etc/default/tmpfs ]; then + . /etc/default/tmpfs + fi + if [ "$RAMTMP" = "yes" ]; then + # systemctl enable will work even when systemd is not the active PID 1. + if [ ! -e /etc/systemd/system/tmp.mount ]; then + cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount + systemctl enable tmp.mount || true + fi + fi +fi + +# Create /etc/machine-id +systemd-machine-id-setup + +# Setup system users and groups +addgroup --quiet --system systemd-journal + +adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Network Management" systemd-network +adduser --quiet --system --group --no-create-home --home /run/systemd \ + --gecos "systemd Resolver" systemd-resolve + +# Enable persistent journal, in auto-mode, by default on new installs and upgrades +if dpkg --compare-versions "$2" lt "244.1-2~"; then + mkdir -p /var/log/journal + # Applying ACLs requires a mounted /proc and systemd-tmpfiles will fail if + # /proc is not available. Skip systemd-tmpfiles in this case. This should + # be fine, as this typically means we are inside a chroot and systemd is + # not currently active. The permissions will be applied on the next boot. + # https://github.com/systemd/systemd/issues/14745 + if mountpoint -q /proc; then + systemd-tmpfiles --create --prefix /var/log/journal + fi +fi + +# Initial update of the Message Catalogs database +_update_catalog + +if [ -n "$2" ]; then + _systemctl daemon-reexec || true + # don't restart logind; this can be done again once this gets implemented: + # https://github.com/systemd/systemd/issues/1163 + if dpkg --compare-versions "$2" lt-nl "246.2-2~"; then + # the socket configuration changed + _systemctl stop systemd-networkd.socket || true + fi + _systemctl try-restart systemd-networkd.service || true + _systemctl try-restart systemd-resolved.service || true + _systemctl try-restart systemd-journald.service || true +fi + +if dpkg --compare-versions "$2" lt-nl "235-3~"; then + # systemd-bus-proxyd got dropped before stretch, and never created any file + deluser --system systemd-bus-proxy || true +fi + +if dpkg --compare-versions "$2" lt-nl "236-1~"; then + # Clean up old /var/lib/systemd/clock on upgrade. + # The clock file used by systemd-timesyncd is now stored in + # StateDirectory=systemd/timesync. + rm -f /var/lib/systemd/clock +fi + +if dpkg --compare-versions "$2" lt-nl "239-12~"; then + # clean up bogus "nobody" group from #912525; ensure that it's a system group + if getent group nobody >/dev/null; then + delgroup --system nobody || true + fi +fi + +if dpkg --compare-versions "$2" lt-nl "245.4-4~"; then + # systemd-pstore.service is now enabled via sysinit.target + rm -f /etc/systemd/system/systemd-remount-fs.service.wants/systemd-pstore.service + rmdir --ignore-fail-on-non-empty /etc/systemd/system/systemd-remount-fs.service.wants 2> /dev/null || true +fi + +if dpkg --compare-versions "$2" lt-nl "245.4-5~"; then + # Clean up removed ondemand service + rm -f /etc/systemd/system/multi-user.target.wants/ondemand.service +fi + +#DEBHELPER# diff --git a/debian/systemd.postrm b/debian/systemd.postrm new file mode 100644 index 0000000..8599864 --- /dev/null +++ b/debian/systemd.postrm @@ -0,0 +1,30 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + # clean up after manually enabled units in postinst + rm -f /etc/systemd/system/getty.target.wants/getty@tty1.service + rm -f /etc/systemd/system/multi-user.target.wants/remote-fs.target + rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service + rm -f /etc/systemd/system/dbus-org.freedesktop.timesync1.service + rm -f /etc/systemd/system/sysinit.target.wants/systemd-pstore.service + rmdir --ignore-fail-on-non-empty /etc/systemd/system/getty.target.wants 2> /dev/null || true + rmdir --ignore-fail-on-non-empty /etc/systemd/system/multi-user.target.wants 2> /dev/null || true + rmdir --ignore-fail-on-non-empty /etc/systemd/system/sysinit.target.wants 2> /dev/null || true + + rm -f /var/lib/systemd/catalog/database + rmdir --ignore-fail-on-non-empty /var/lib/systemd/catalog 2> /dev/null || true + + rm -rf /var/lib/systemd/backlight/ + rm -rf /var/lib/systemd/rfkill/ + rm -rf /var/lib/systemd/timesync/ + + rm -f /var/lib/systemd/random-seed + + rmdir --ignore-fail-on-non-empty /var/log/journal 2> /dev/null || true + ;; +esac + +#DEBHELPER# diff --git a/debian/systemd.preinst b/debian/systemd.preinst new file mode 100644 index 0000000..122ee31 --- /dev/null +++ b/debian/systemd.preinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +_systemctl() { + if [ -d /run/systemd/system ]; then + systemctl "$@" + fi +} + +#DEBHELPER# + +# Clean up after package split. If the new systemd-timesyncd package is +# installed, it will enable and start the service again. +if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl "245.4-2~"; then + if _systemctl -q is-active systemd-timesyncd.service; then + _systemctl stop systemd-timesyncd.service || true + fi + rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service + # Don't bother with cleaning up the systemd-timesync group +fi diff --git a/debian/systemd.prerm b/debian/systemd.prerm new file mode 100644 index 0000000..b08c895 --- /dev/null +++ b/debian/systemd.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +# +# Prevent systemd from being removed if it's the active init. That +# will not work. +# + +if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then + echo "systemd is the active init system, please switch to another before removing systemd." + exit 1 +fi + +#DEBHELPER# diff --git a/debian/systemd.triggers b/debian/systemd.triggers new file mode 100644 index 0000000..69246ec --- /dev/null +++ b/debian/systemd.triggers @@ -0,0 +1 @@ +interest-noawait /usr/lib/systemd/catalog diff --git a/debian/tests/assert.sh b/debian/tests/assert.sh new file mode 100644 index 0000000..1d47bf4 --- /dev/null +++ b/debian/tests/assert.sh @@ -0,0 +1,34 @@ +# utility functions for shell tests + +assert_true() { + if ! $1; then + echo "FAIL: command '$1' failed with exit code $?" >&2 + exit 1 + fi +} + + +assert_eq() { + if [ "$1" != "$2" ]; then + echo "FAIL: expected: '$2' actual: '$1'" >&2 + exit 1 + fi +} + +assert_in() { + if ! echo "$2" | grep -q "$1"; then + echo "FAIL: '$1' not found in:" >&2 + echo "$2" >&2 + exit 1 + fi +} + +assert_rc() { + local exp=$1 + shift + set +e + $@ + RC=$? + set -e + assert_eq $RC $exp +} diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services new file mode 100755 index 0000000..5ab9135 --- /dev/null +++ b/debian/tests/boot-and-services @@ -0,0 +1,558 @@ +#!/usr/bin/python3 +# autopkgtest check: Boot with systemd and check critical desktop services +# (C) 2014 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +import sys +import os +import unittest +import subprocess +import tempfile +import shutil +import time +import re +from glob import glob + +is_container = subprocess.call(['systemd-detect-virt', '--container']) == 0 + + +def wait_unit_stop(unit, timeout=10): + '''Wait until given unit is not running any more + + Raise RuntimeError on timeout. + ''' + for i in range(timeout): + if subprocess.call(['systemctl', 'is-active', '--quiet', unit]) != 0: + return + time.sleep(1) + + raise RuntimeError('Timed out waiting for %s to stop' % unit) + + +class ServicesTest(unittest.TestCase): + '''Check that expected services are running''' + + def test_0_init(self): + '''Verify that init is systemd''' + + self.assertIn('systemd', os.readlink('/proc/1/exe')) + + def test_no_failed(self): + '''No failed units''' + + out = subprocess.check_output(['systemctl', '--state=failed', '--no-legend'], + universal_newlines=True) + failed = out.splitlines() + # ignore /etc/modules failure as stuff that we put there by default + # often fails + failed = [f for f in failed if 'systemd-modules-load' not in f] + # apparmor fails if not enabled in the kernel + if not os.path.exists('/sys/kernel/security/apparmor'): + failed = [f for f in failed if 'apparmor.service' not in f] + # ignore thermald as it doesn't start in most virtual envs + failed = [f for f in failed if 'thermald' not in f] + # console-setup.service fails on devices without keyboard (LP: #1516591) + failed = [f for f in failed if 'console-setup' not in f] + # cpi.service fails on s390x + failed = [f for f in failed if 'cpi.service' not in f] + # https://bugs.debian.org/926138 + if is_container: + failed = [f for f in failed if 'e2scrub_reap.service' not in f] + if failed: + for f in failed: + f = f.split()[0] + print('-------- journal for failed service %s -----------' % f) + sys.stdout.flush() + subprocess.call(['journalctl', '-b', '-u', f]) + self.assertEqual(failed, []) + + @unittest.skipUnless(shutil.which('gdm3') is not None, 'gdm3 not found') + def test_gdm3(self): + subprocess.check_call(['pgrep', '-af', '/gdm[-3]']) + self.active_unit('gdm') + + def test_dbus(self): + out = subprocess.check_output( + ['dbus-send', '--print-reply', '--system', + '--dest=org.freedesktop.DBus', '/', 'org.freedesktop.DBus.GetId']) + self.assertIn(b'string "', out) + self.active_unit('dbus') + + def test_network_manager(self): + # 0.9.10 changed the command name + _help = subprocess.check_output(['nmcli', '--help'], + stderr=subprocess.STDOUT) + if b' g[eneral]' in _help: + out = subprocess.check_output(['nmcli', 'general']) + else: + out = subprocess.check_output(['nmcli', 'nm']) + self.assertIn(b'enabled', out) + self.active_unit('NetworkManager') + + def test_cron(self): + out = subprocess.check_output(['ps', 'u', '-C', 'cron']) + self.assertIn(b'root', out) + self.active_unit('cron') + + def test_logind(self): + out = subprocess.check_output(['loginctl']) + self.assertNotEqual(b'', out) + self.active_unit('systemd-logind') + + @unittest.skipIf('TEST_UPSTREAM' in os.environ, + 'Forwarding to rsyslog is a Debian patch') + def test_rsyslog(self): + out = subprocess.check_output(['ps', 'u', '-C', 'rsyslogd']) + self.assertIn(b'bin/rsyslogd', out) + self.active_unit('rsyslog') + with open('/var/log/syslog') as f: + log = f.read() + if not is_container: + # has kernel messages + self.assertRegex(log, 'kernel:.*') + # has init messages + self.assertRegex(log, 'systemd.*Reached target Graphical Interface') + # has other services + self.assertRegex(log, 'NetworkManager.*:') + + @unittest.skipIf(is_container, 'udev does not work in containers') + def test_udev(self): + out = subprocess.check_output(['udevadm', 'info', '--export-db']) + self.assertIn(b'\nP: /devices/', out) + self.active_unit('systemd-udevd') + + def test_tmp_mount(self): + # check if we want to mount /tmp in fstab + want_tmp_mount = False + try: + with open('/etc/fstab') as f: + for l in f: + try: + if not l.startswith('#') and l.split()[1] in ('/tmp', '/tmp/'): + want_tmp_mount = True + break + except IndexError: + pass + except FileNotFoundError: + pass + + # ensure that we actually do/don't have a /tmp mount + (status, status_out) = subprocess.getstatusoutput('systemctl status tmp.mount') + findmnt = subprocess.call(['findmnt', '-n', '/tmp'], stdout=subprocess.PIPE) + if want_tmp_mount: + self.assertEqual(status, 0, status_out) + self.assertEqual(findmnt, 0) + else: + # 4 is correct (since upstream commit ca473d57), accept 3 for systemd <= 230 + self.assertIn(status, [3, 4], status_out) + self.assertNotEqual(findmnt, 0) + + @unittest.skipIf('TEST_UPSTREAM' in os.environ, + 'Debian specific configuration, N/A for upstream') + def test_tmp_cleanup(self): + # systemd-tmpfiles-clean.timer only runs 15 mins after boot, shortcut + # it + self.assertEqual(subprocess.call( + ['systemctl', 'status', 'systemd-tmpfiles-clean.timer'], + stdout=subprocess.PIPE), 0) + subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean']) + if not is_container: + # all files in /tmp/ should get cleaned up on boot + self.assertFalse(os.path.exists('/tmp/oldfile.test')) + self.assertFalse(os.path.exists('/tmp/newfile.test')) + # files in /var/tmp/ older than 30d should get cleaned up + # XXX FIXME: /var/tmp/ cleanup was disabled in #675422 + # if not is_container: + # self.assertFalse(os.path.exists('/var/tmp/oldfile.test')) + self.assertTrue(os.path.exists('/var/tmp/newfile.test')) + + # next run should leave the recent ones + os.close(os.open('/tmp/newfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean']) + wait_unit_stop('systemd-tmpfiles-clean') + self.assertTrue(os.path.exists('/tmp/newfile.test')) + + # Helper methods + + def active_unit(self, unit): + '''Check that given unit is active''' + + out = subprocess.check_output(['systemctl', 'status', unit]) + self.assertIn(b'active (running)', out) + + +class JournalTest(unittest.TestCase): + '''Check journal functionality''' + + def test_no_options(self): + out = subprocess.check_output(['journalctl']) + if not is_container: + # has kernel messages + self.assertRegex(out, b'kernel:.*') + # has init messages + self.assertRegex(out, b'systemd.*Reached target Graphical Interface') + # has other services + self.assertRegex(out, b'NetworkManager.*:.*starting') + + def test_log_for_service(self): + out = subprocess.check_output( + ['journalctl', '_SYSTEMD_UNIT=NetworkManager.service']) + self.assertRegex(out, b'NetworkManager.*:.*starting') + self.assertNotIn(b'kernel:', out) + self.assertNotIn(b'systemd:', out) + + +@unittest.skipIf(is_container, 'nspawn does not work in most containers') +class NspawnTest(unittest.TestCase): + '''Check nspawn''' + + @classmethod + def setUpClass(kls): + '''Build a bootable busybox mini-container''' + + kls.td_c_busybox = tempfile.TemporaryDirectory(prefix='c_busybox.') + kls.c_busybox = kls.td_c_busybox.name + for d in ['etc/init.d', 'bin', 'sbin']: + os.makedirs(os.path.join(kls.c_busybox, d)) + shutil.copy('/bin/busybox', os.path.join(kls.c_busybox, 'bin')) + shutil.copy('/etc/os-release', os.path.join(kls.c_busybox, 'etc')) + os.symlink('busybox', os.path.join(kls.c_busybox, 'bin', 'sh')) + os.symlink('../bin/busybox', os.path.join(kls.c_busybox, 'sbin/init')) + with open(os.path.join(kls.c_busybox, 'etc/init.d/rcS'), 'w') as f: + f.write('''#!/bin/sh +echo fake container started +ps aux +poweroff\n''') + os.fchmod(f.fileno(), 0o755) + subprocess.check_call(['systemd-machine-id-setup', '--root', + kls.c_busybox], stderr=subprocess.PIPE) + + def setUp(self): + self.workdir = tempfile.TemporaryDirectory() + + def test_boot(self): + cont = os.path.join(self.workdir.name, 'c1') + shutil.copytree(self.c_busybox, cont, symlinks=True) + os.sync() + nspawn = subprocess.Popen(['systemd-nspawn', '-D', cont, '-b'], + stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + out = nspawn.communicate(timeout=60)[0] + self.assertIn(b'Spawning container c1', out) + self.assertIn(b'fake container started', out) + self.assertRegex(out, b'\n\s+1\s+0\s+init[\r\n]') + self.assertRegex(out, b'\n\s+2+\s+0\s.*rcS[\r\n]') + self.assertRegex(out, b'Container c1.*shut down') + self.assertEqual(nspawn.returncode, 0) + + def test_service(self): + self.assertTrue(os.path.isdir('/var/lib/machines')) + cont = '/var/lib/machines/c1' + shutil.copytree(self.c_busybox, cont, symlinks=True) + self.addCleanup(shutil.rmtree, cont) + os.sync() + subprocess.check_call(['systemctl', 'start', 'systemd-nspawn@c1']) + wait_unit_stop('systemd-nspawn@c1') + + subprocess.call(['journalctl', '--sync']) + systemctl = subprocess.Popen( + ['systemctl', 'status', '-overbose', '-l', 'systemd-nspawn@c1'], + stdout=subprocess.PIPE) + out = systemctl.communicate()[0].decode('UTF-8', 'replace') + self.assertEqual(systemctl.returncode, 3, out) + self.assertNotIn('failed', out) + + +@unittest.skipUnless(os.path.exists('/sys/kernel/security/apparmor'), + 'AppArmor not enabled') +class AppArmorTest(unittest.TestCase): + def test_profile(self): + '''AppArmor confined unit''' + + # create AppArmor profile + aa_profile = tempfile.NamedTemporaryFile(prefix='aa_violator.') + aa_profile.write(b'''#include <tunables/global> + +profile "violator-test" { + #include <abstractions/base> + + /{usr/,}bin/** rix, + /etc/machine-id r, +} +''') + aa_profile.flush() + subprocess.check_call(['apparmor_parser', '-r', '-v', aa_profile.name]) + + # create confined unit + with open('/run/systemd/system/violator.service', 'w') as f: + f.write('''[Unit] +Description=AppArmor test + +[Service] +ExecStart=/bin/sh -euc 'echo CP1; cat /etc/machine-id; echo CP2; if cat /etc/passwd; then exit 1; fi; echo CP3' +AppArmorProfile=violator-test +''') + self.addCleanup(os.unlink, '/run/systemd/system/violator.service') + + # launch + subprocess.check_call(['systemctl', 'daemon-reload']) + subprocess.check_call(['systemctl', 'start', 'violator.service']) + wait_unit_stop('violator.service') + + # check status + st = subprocess.Popen(['systemctl', 'status', '-l', + 'violator.service'], stdout=subprocess.PIPE, + universal_newlines=True) + out = st.communicate()[0] + # unit should be stopped + self.assertEqual(st.returncode, 3) + + self.assertIn('inactive', out) + self.assertIn('CP1', out) + self.assertIn('CP2', out) + self.assertIn('CP3', out) + with open('/etc/machine-id') as f: + self.assertIn(f.read().strip(), out) + self.assertNotIn('root:x', out, 'unit can read /etc/passwd') + + +@unittest.skipIf(os.path.exists('/sys/fs/cgroup/cgroup.controllers'), + 'test needs to be reworked on unified cgroup hierarchy') +class CgroupsTest(unittest.TestCase): + '''Check cgroup setup''' + + @classmethod + def setUpClass(kls): + kls.controllers = [] + for controller in glob('/sys/fs/cgroup/*'): + if not os.path.islink(controller): + kls.controllers.append(controller) + + def setUp(self): + self.service = 'testsrv.service' + self.service_file = '/run/systemd/system/' + self.service + + def tearDown(self): + subprocess.call(['systemctl', 'stop', self.service], + stderr=subprocess.PIPE) + try: + os.unlink(self.service_file) + except OSError: + pass + subprocess.check_call(['systemctl', 'daemon-reload']) + + def create_service(self, extra_service=''): + '''Create test service unit''' + + with open(self.service_file, 'w') as f: + f.write('''[Unit] +Description=test service +[Service] +ExecStart=/bin/sleep 500 +%s +''' % extra_service) + subprocess.check_call(['systemctl', 'daemon-reload']) + + def assertNoControllers(self): + '''Assert that no cgroup controllers exist for test service''' + + cs = glob('/sys/fs/cgroup/*/system.slice/%s' % self.service) + self.assertEqual(cs, []) + + def assertController(self, name): + '''Assert that cgroup controller exists for test service''' + + c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service) + self.assertTrue(os.path.isdir(c)) + + def assertNoController(self, name): + '''Assert that cgroup controller does not exist for test service''' + + c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service) + self.assertFalse(os.path.isdir(c)) + + def test_simple(self): + '''simple service''' + + self.create_service() + self.assertNoControllers() + subprocess.check_call(['systemctl', 'start', self.service]) + self.assertController('systemd') + subprocess.check_call(['systemctl', 'stop', self.service]) + self.assertNoControllers() + + def test_cpushares(self): + '''service with CPUShares''' + + self.create_service('CPUShares=1000') + self.assertNoControllers() + subprocess.check_call(['systemctl', 'start', self.service]) + self.assertController('systemd') + self.assertController('cpu,cpuacct') + subprocess.check_call(['systemctl', 'stop', self.service]) + self.assertNoControllers() + + +class SeccompTest(unittest.TestCase): + '''Check seccomp syscall filtering''' + + def test_failing(self): + with open('/run/systemd/system/scfail.service', 'w') as f: + f.write('''[Unit] +Description=seccomp test +[Service] +ExecStart=/bin/cat /etc/machine-id +SystemCallFilter=access +''') + self.addCleanup(os.unlink, '/run/systemd/system/scfail.service') + + # launch + subprocess.check_call(['systemctl', 'daemon-reload']) + subprocess.check_call(['systemctl', 'start', 'scfail.service']) + wait_unit_stop('scfail.service') + + # check status + st = subprocess.Popen(['systemctl', 'status', '-l', + 'scfail.service'], stdout=subprocess.PIPE) + out = st.communicate()[0] + # unit should be stopped + self.assertEqual(st.returncode, 3) + + subprocess.check_call(['systemctl', 'reset-failed', 'scfail.service']) + + self.assertIn(b'failed', out) + self.assertRegex(out, b'code=(killed|dumped), signal=SYS') + with open('/etc/machine-id') as f: + self.assertNotIn(f.read().strip().encode('ASCII'), out) + + +@unittest.skipIf(is_container, 'systemd-coredump does not work in containers') +class CoredumpTest(unittest.TestCase): + '''Check systemd-coredump''' + + def test_bash_crash(self): + subprocess.call("ulimit -c unlimited; bash -c 'kill -SEGV $$'", shell=True, + cwd='/tmp', stderr=subprocess.DEVNULL) + + # with systemd-coredump installed we should get the core dumps in + # systemd's dir + for timeout in range(50): + cores = glob('/var/lib/systemd/coredump/core.bash.*') + if cores: + break + time.sleep(1) + self.assertNotEqual(cores, []) + self.assertEqual(glob('/tmp/core*'), []) + + # we should also get a message and stack trace in journal + for timeout in range(10): + subprocess.call(['journalctl', '--sync']) + journal = subprocess.check_output(['journalctl', '-t', 'systemd-coredump']) + if re.search(b'Process.*bash.*dumped core', journal) and \ + re.search(b'#[0-9] .*bash', journal): + break + time.sleep(1) + self.assertRegex(journal, b'Process.*bash.*dumped core') + self.assertIn(b'Stack trace', journal) + self.assertRegex(journal, b'#[0-9] .*bash') + + +class CLITest(unittest.TestCase): + def setUp(self): + self.programs = [] + for line in subprocess.check_output(['dpkg', '-L', 'systemd', 'systemd-container', 'systemd-coredump', 'udev'], + universal_newlines=True).splitlines(): + if '/bin/' in line: + self.programs.append(line.strip()) + + def test_help(self): + '--help works and succeeds''' + + for program in self.programs: + p = subprocess.Popen([program, '--help'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) + (out, err) = p.communicate() + try: + self.assertEqual(err, '') + self.assertEqual(p.returncode, 0) + self.assertIn(os.path.basename(program), out) + self.assertTrue('--help' in out or 'Usage' in out, out) + except AssertionError: + print('Failed program: %s' % program) + raise + + def test_version(self): + '--version works and succeeds''' + + version = subprocess.check_output(['pkg-config', '--modversion', 'systemd'], + universal_newlines=True).strip() + + for program in self.programs: + # known to not respond to --version + if os.path.basename(program) in ['kernel-install', 'systemd-ask-password', 'systemd-stdio-bridge']: + continue + p = subprocess.Popen([program, '--version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) + (out, err) = p.communicate() + try: + self.assertEqual(err, '') + self.assertEqual(p.returncode, 0) + self.assertIn(version, out) + except AssertionError: + print('Failed program: %s' % program) + raise + + def test_invalid_option(self): + '''Calling with invalid option fails''' + + for program in self.programs: + p = subprocess.Popen([program, '--invalid-option'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) + (out, err) = p.communicate() + try: + # kernel-install is an unique snowflake + if not program.endswith('/kernel-install'): + self.assertIn('--invalid-option', err) + self.assertNotEqual(p.returncode, 0) + except AssertionError: + print('Failed program: %s' % program) + raise + + +def pre_boot_setup(): + '''Test setup before rebooting testbed''' + + subprocess.check_call(['systemctl', 'set-default', 'graphical.target'], + stderr=subprocess.STDOUT) + + # create a few temporary files to ensure that they get cleaned up on boot + os.close(os.open('/tmp/newfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + os.close(os.open('/var/tmp/newfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + # we can't use utime() here, as systemd looks for ctime + if not is_container: + cur_time = time.clock_gettime(time.CLOCK_REALTIME) + time.clock_settime(time.CLOCK_REALTIME, cur_time - 2 * 30 * 86400) + try: + os.close(os.open('/tmp/oldfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + os.close(os.open('/var/tmp/oldfile.test', + os.O_CREAT | os.O_EXCL | os.O_WRONLY)) + finally: + time.clock_settime(time.CLOCK_REALTIME, cur_time) + + # allow X to start even on headless machines + os.makedirs('/etc/X11/xorg.conf.d/', exist_ok=True) + with open('/etc/X11/xorg.conf.d/dummy.conf', 'w') as f: + f.write('''Section "Device" + Identifier "test" + Driver "dummy" +EndSection''') + + +if __name__ == '__main__': + if not os.getenv('AUTOPKGTEST_REBOOT_MARK'): + pre_boot_setup() + print('Rebooting...') + subprocess.check_call(['/tmp/autopkgtest-reboot', 'boot1']) + + unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, + verbosity=2)) diff --git a/debian/tests/boot-smoke b/debian/tests/boot-smoke new file mode 100755 index 0000000..821c842 --- /dev/null +++ b/debian/tests/boot-smoke @@ -0,0 +1,86 @@ +#!/bin/sh +# test 20 successful reboots in a row +# Author: Martin Pitt <martin.pitt@ubuntu.com> +# For bisecting/testing you can replace individual binaries in /lib/systemd +# with --copy /host/path/systemd-foo:/tmp/systemd-replace/systemd-foo +set -e + +. `dirname $0`/assert.sh + +fail() { + [ -n "$1" ] && echo "$1" + set +e + journalctl --sync + journalctl -a > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-journal.txt" + systemctl --no-pager --no-legend list-jobs > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-running-jobs.txt" + udevadm info --export-db > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-udevdb.txt" + exit 1 +} + +if [ -z "$AUTOPKGTEST_REBOOT_MARK" ]; then + # enable persistent journal + mkdir -p /var/log/journal + # allow X to start even on headless machines + mkdir -p /etc/X11/xorg.conf.d/ + cat << EOF > /etc/X11/xorg.conf.d/dummy.conf +Section "Device" + Identifier "test" + Driver "dummy" +EndSection +EOF + + + AUTOPKGTEST_REBOOT_MARK=0 + if [ -d /tmp/systemd-replace/ ]; then + for f in /tmp/systemd-replace/*; do + echo "Installing $f..." + rm -f /lib/systemd/$(basename $f) + cp $f /lib/systemd/ + done + fi +else + echo "waiting to boot..." + TIMEOUT=35 + while [ $TIMEOUT -ge 0 ]; do + state="$(systemctl is-system-running || true)" + case $state in + running|degraded) + break + ;; + *) + sleep 1 + TIMEOUT=$((TIMEOUT - 1)) + ;; + esac + done + + echo "checking for running system" + if [ "$state" = "degraded" ]; then + systemctl --no-pager --no-legend --failed list-units > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-failed-units.txt" || true + echo "systemctl is-system-running: degraded (non-fatal)" + elif [ "$state" != "running" ]; then + fail "system not running after timeout $RUNNING_TIMEOUT, state: $state" + fi + + echo "checking for failed unmounts for user systemd" + # grep complete journal to catch shutdown messages + if journalctl | grep -E "systemd\[([2-9]|[1-9][0-9]+)\].*Failed unmounting"; then + fail "found failed unmount in journal" + fi + + # grep only this boot's journal, earlier ones complain about missing "render" group + echo "checking for connection timeouts" + if journalctl -b | grep "Connection timed out"; then + fail "found connection timeout in journal for this boot" + fi + + echo "checking that NetworkManager runs" + pidof NetworkManager || fail "NetworkManager was not running" +fi + +if [ "$AUTOPKGTEST_REBOOT_MARK" -ge 5 ]; then + exit 0 +fi + +echo "reboot #$AUTOPKGTEST_REBOOT_MARK" +/tmp/autopkgtest-reboot $(($AUTOPKGTEST_REBOOT_MARK + 1)) diff --git a/debian/tests/build-login b/debian/tests/build-login new file mode 100755 index 0000000..def83b1 --- /dev/null +++ b/debian/tests/build-login @@ -0,0 +1,38 @@ +#!/bin/sh +# autopkgtest check: Test build against libsystemd-login-dev +# (C) 2014 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +set -e + +WORKDIR=$(mktemp -d) +trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM +cd $WORKDIR +cat <<EOF > loginmonitor.c +#include <assert.h> +#include <stdio.h> +#include <systemd/sd-login.h> + +int main(int argc, char **argv) +{ + sd_login_monitor* mon = NULL; + int res; + + res = sd_login_monitor_new(NULL, &mon); + if (res < 0) { + fprintf(stderr, "sd_login_monitor_new failed with value %i\n", res); + return 1; + } + + assert(sd_login_monitor_get_fd(mon) > 0); + sd_login_monitor_unref(mon); + + return 0; +} +EOF + +gcc -Wall -Werror -o loginmonitor loginmonitor.c `pkg-config --cflags --libs libsystemd` +echo "build: OK" +[ -x loginmonitor ] +./loginmonitor +echo "run: OK" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..9c5f282 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,199 @@ +Tests: timedated, hostnamed, localed-locale, localed-x11-keymap +Depends: systemd, + systemd-timesyncd, + libpam-systemd, + libnss-systemd, + acl, + locales, +Restrictions: needs-root, isolation-container + +Tests: logind +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, +Restrictions: needs-root, isolation-container + +Tests: unit-config +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, +Restrictions: needs-root, allow-stderr + +Tests: storage +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, + cryptsetup-bin, +Restrictions: needs-root, isolation-machine + +Tests: networkd-test.py +Tests-Directory: test +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, + cryptsetup-bin, + systemd-sysv, + policykit-1, + dnsmasq-base +Restrictions: needs-root, isolation-container + +Tests: build-login +Depends: systemd, + libpam-systemd, + libnss-systemd, + acl, + locales, + evemu-tools, + python3, + pkg-config, + cryptsetup-bin, + systemd-sysv, + policykit-1, + dnsmasq-base, + build-essential, + libsystemd-dev, +Restrictions: isolation-container + +Tests: boot-and-services +Depends: systemd-sysv, + systemd-container, + systemd-coredump, + libpam-systemd, + xserver-xorg-video-dummy, + xserver-xorg, + gdm3 [!s390x], + cron, + network-manager, + busybox-static, + rsyslog, + apparmor, + pkg-config, + python3 +Restrictions: needs-root, isolation-container, breaks-testbed + +Tests: udev +Depends: systemd-tests, + python3, + tree, + perl, + xz-utils, +Restrictions: needs-root, allow-stderr, isolation-container, skippable + +Tests: root-unittests +Depends: systemd-tests, + libpam-systemd, + tree, + perl, + xz-utils, + libcap2-bin, + iproute2, + liblz4-tool, + acl, + iputils-ping, + dbus-user-session, + zstd, +Restrictions: needs-root, allow-stderr, isolation-container, breaks-testbed + +Tests: upstream +Depends: libsystemd-dev, + tree, + perl, + xz-utils, + libcap2-bin, + iproute2, + liblz4-tool, + acl, + dmeventd, + kbd, + cryptsetup-bin, + net-tools, + isc-dhcp-client, + iputils-ping, + strace, + qemu-system-x86 [amd64 i386], + qemu-system-arm [arm64 armhf], + qemu-system-ppc [ppc64el], + qemu-system-s390x [s390x], + seabios, + less, + pkg-config, + gcc, + libc6-dev | libc-dev, + make, + quota, + systemd-journal-remote, + systemd-container, + systemd-coredump, + fdisk | util-linux (<< 2.29.2-3~), + netcat-openbsd, + socat, + busybox-static, + plymouth, + e2fsprogs, + zstd, + squashfs-tools, +Restrictions: needs-root, allow-stderr, isolation-machine + +Tests: boot-smoke +Depends: libsystemd-dev, + tree, + perl, + xz-utils, + libcap2-bin, + iproute2, + liblz4-tool, + acl, + kbd, + cryptsetup-bin, + net-tools, + isc-dhcp-client, + iputils-ping, + strace, + qemu-system-x86 [amd64 i386], + qemu-system-arm [arm64 armhf], + qemu-system-s390x [s390x], + less, + pkg-config, + gcc, + libc6-dev | libc-dev, + make, + quota, + systemd-journal-remote, + systemd-container, + systemd-coredump, + systemd-sysv, + fdisk | util-linux (<< 2.29.2-3~), + netcat-openbsd, + busybox-static, + plymouth, + network-manager, + policykit-1, + gdm3 [!s390x], + xserver-xorg-video-dummy, +Restrictions: needs-root, isolation-container, allow-stderr, breaks-testbed + +# NOUPSTREAM: Do not run these tests for upstream builds + +Tests: systemd-fsckd +Depends: systemd-sysv, + python3, + plymouth +Restrictions: needs-root, isolation-machine, breaks-testbed diff --git a/debian/tests/fsck b/debian/tests/fsck new file mode 100755 index 0000000..77b50d7 --- /dev/null +++ b/debian/tests/fsck @@ -0,0 +1,27 @@ +#!/bin/bash +fd=0 + +OPTIND=1 +while getopts "C:aTlM" opt; do + case "$opt" in + C) + fd=$OPTARG + ;; + \?);; + esac +done + +shift "$((OPTIND-1))" +device=$1 + +echo "Running fake fsck on $device" + +declare -a maxpass=(30 5 2 30 60) + +for pass in {1..5}; do + maxprogress=${maxpass[$((pass-1))]} + for (( current=0; current<=${maxprogress}; current++)); do + echo "$pass $current $maxprogress $device">&$fd + sleep 0.1 + done +done diff --git a/debian/tests/hostnamed b/debian/tests/hostnamed new file mode 100755 index 0000000..1b22869 --- /dev/null +++ b/debian/tests/hostnamed @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +ORIG_HOST=`cat /etc/hostname` +echo "original hostname: $ORIG_HOST" + +# should activate daemon and work +STATUS="`hostnamectl`" +assert_in "Static hostname: $ORIG_HOST" "$STATUS" +assert_in "Kernel:.* `uname -r`" "$STATUS" + +# change hostname +assert_eq "`hostnamectl set-hostname testhost 2>&1`" "" +assert_eq "`cat /etc/hostname`" "testhost" +assert_in "Static hostname: testhost" "`hostnamectl`" + +# reset to original +assert_eq "`hostnamectl set-hostname $ORIG_HOST 2>&1`" "" +assert_eq "`cat /etc/hostname`" "$ORIG_HOST" +assert_in "Static hostname: $ORIG_HOST" "`hostnamectl`" diff --git a/debian/tests/lidswitch.evemu b/debian/tests/lidswitch.evemu new file mode 100644 index 0000000..de1d590 --- /dev/null +++ b/debian/tests/lidswitch.evemu @@ -0,0 +1,34 @@ +# EVEMU 1.2 +# Input device name: "Lid Switch" +# Input device ID: bus 0x19 vendor 0000 product 0x05 version 0000 +# Supported events: +# Event type 0 (EV_SYN) +# Event code 0 (SYN_REPORT) +# Event code 5 (FF_STATUS_MAX) +# Event type 5 (EV_SW) +# Event code 0 (SW_LID) +# Properties: +N: Fake Lid Switch +I: 0019 0000 0005 0000 +P: 00 00 00 00 00 00 00 00 +B: 00 21 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 01 00 00 00 00 00 00 00 00 +B: 02 00 00 00 00 00 00 00 00 +B: 03 00 00 00 00 00 00 00 00 +B: 04 00 00 00 00 00 00 00 00 +B: 05 01 00 00 00 00 00 00 00 +B: 11 00 00 00 00 00 00 00 00 +B: 12 00 00 00 00 00 00 00 00 +B: 15 00 00 00 00 00 00 00 00 +B: 15 00 00 00 00 00 00 00 00 diff --git a/debian/tests/localed-locale b/debian/tests/localed-locale new file mode 100755 index 0000000..472518f --- /dev/null +++ b/debian/tests/localed-locale @@ -0,0 +1,63 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +if [ -n "$TEST_UPSTREAM" ]; then + LOCALE_CONF=/etc/locale.conf +else + LOCALE_CONF=/etc/default/locale +fi + +if [ -f "$LOCALE_CONF" ]; then + cp "$LOCALE_CONF" "${LOCALE_CONF}.orig" +fi + +# ensure tested locale exist +mv /etc/locale.gen /etc/locale.gen.orig +echo "en_US.UTF-8 UTF-8" > /etc/locale.gen +locale-gen en_US.UTF-8 + +if ! [ -e /etc/default/keyboard ]; then + /bin/echo -e 'XKBMODEL=us\nXKBLAYOUT=pc105' > /etc/default/keyboard +fi + +# should activate daemon and work +assert_in "System Locale:" "`localectl --no-pager`" + +# change locale +assert_eq "`localectl --no-pager set-locale LANG=C LC_CTYPE=en_US.UTF-8 2>&1`" "" +sync +assert_eq "`cat $LOCALE_CONF`" "LANG=C +LC_CTYPE=en_US.UTF-8" + +if [ -z "$TEST_UPSTREAM" ]; then + ! [ -f /etc/locale.conf ] +fi + +STATUS=`localectl` +assert_in "System Locale: LANG=C" "$STATUS" +assert_in "LC_CTYPE=en_US.UTF-8" "$STATUS" + +# test if localed auto-runs locale-gen + +# ensure tested locale does not exist +assert_rc 1 validlocale de_DE.UTF-8 2>&1 + +# change locale +assert_eq "`localectl --no-pager set-locale de_DE.UTF-8 2>&1`" "" +sync +assert_eq "`cat $LOCALE_CONF`" "LANG=de_DE.UTF-8 +LC_CTYPE=en_US.UTF-8" + +# ensure tested locale exists and works now +assert_rc 0 validlocale de_DE.UTF-8 2>&1 + +# reset locale to original +if [ -f "${LOCALE_CONF}.orig" ]; then + mv "${LOCALE_CONF}.orig" "$LOCALE_CONF" +else + rm "$LOCALE_CONF" +fi +mv /etc/locale.gen.orig /etc/locale.gen +locale-gen diff --git a/debian/tests/localed-x11-keymap b/debian/tests/localed-x11-keymap new file mode 100755 index 0000000..34f4808 --- /dev/null +++ b/debian/tests/localed-x11-keymap @@ -0,0 +1,52 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +if [ -f /etc/default/keyboard ]; then + ORIG_KBD=`cat /etc/default/keyboard` +else + ORIG_KBD="" +fi + +cleanup() { + # reset locale to original + if [ -n "ORIG_KBD" ]; then + echo "$ORIG_KBD" > /etc/default/keyboard + else + rm -f /etc/default/keyboard + fi + rm -f /etc/X11/xorg.conf.d/00-keyboard.conf +} +trap cleanup EXIT INT QUIT PIPE + +# should activate daemon and work +STATUS=`localectl` +assert_in "X11 Layout:" "`localectl --no-pager`" + +# change layout +assert_eq "`localectl --no-pager set-x11-keymap et pc101 2>&1`" "" +sync + +if [ -n "$TEST_UPSTREAM" ]; then + # Upstream writes xorg.conf.d file + assert_in 'Option "XkbLayout" "et' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`" + assert_in 'Option "XkbModel" "pc101"' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`" +else + # Debian console-setup config file + assert_in 'XKBLAYOUT="\?et"\?' "`cat /etc/default/keyboard`" + assert_in 'XKBMODEL="\?pc101"\?' "`cat /etc/default/keyboard`" + + ! [ -f /etc/X11/xorg.conf.d/00-keyboard.conf ] +fi + +STATUS=`localectl --no-pager` +assert_in "X11 Layout: et" "$STATUS" +assert_in "X11 Model: pc101" "$STATUS" + +# gets along without config file +if [ -z "$TEST_UPSTREAM" ]; then + rm /etc/default/keyboard + systemctl stop systemd-localed + assert_in "X11 Layout: n/a" "`localectl --no-pager`" +fi diff --git a/debian/tests/logind b/debian/tests/logind new file mode 100755 index 0000000..28877ff --- /dev/null +++ b/debian/tests/logind @@ -0,0 +1,204 @@ +#!/bin/sh +set -e + +test_started() { + # ensure the *old* logind from before the upgrade isn't running + echo " * try-restarting systemd-logind" + systemctl try-restart systemd-logind + + echo " * daemon is started" + # should start at boot, not with D-BUS activation + LOGINDPID=$(pidof systemd-logind) + + # loginctl should succeed + echo " * loginctl succeeds" + LOGINCTL_OUT=`loginctl` +} + +test_properties() { + # Default KillUserProcesses should be off for debian/ubuntu builds + r=$(busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager KillUserProcesses) + [ "$r" = "b false" ] +} + +# args: <timeout> +wait_suspend() { + timeout=$1 + while [ $timeout -gt 0 ] && [ ! -e /run/suspend.flag ]; do + sleep 1 + timeout=$((timeout - 1)) + [ $(($timeout % 5)) -ne 0 ] || echo " waiting for suspend, ${timeout}s remaining..." + done + if [ ! -e /run/suspend.flag ]; then + echo "closing lid did not cause suspend" >&2 + exit 1 + fi + rm /run/suspend.flag + echo " * closing lid caused suspend" +} + +test_suspend_on_lid() { + if systemd-detect-virt --quiet --container; then + echo " * Skipping suspend test in container" + return + fi + if ! grep -s -q mem /sys/power/state; then + echo " * suspend not supported on this testbed, skipping" + return + fi + + # cleanup handler + trap 'rm -f /run/udev/rules.d/70-logindtest-*.rules; udevadm control --reload; + kill $KILL_PID; + rm /run/systemd/system/systemd-suspend.service; + if [ -d /sys/module/scsi_debug ]; then rmmod scsi_debug 2>/dev/null || (sleep 2; rmmod scsi_debug ) || true; fi' \ + EXIT INT QUIT TERM PIPE + + # watch what's going on + journalctl -f -u systemd-logind.service & + KILL_PID="$KILL_PID $!" + + # create fake suspend + UNIT=$(systemctl show -pFragmentPath --value systemd-suspend.service) + sed '/^ExecStart=/ s_=.*$_=/bin/touch /run/suspend.flag_' $UNIT > /run/systemd/system/systemd-suspend.service + sync + systemctl daemon-reload + + # create fake lid switch + mkdir -p /run/udev/rules.d + echo 'SUBSYSTEM=="input", KERNEL=="event*", ATTRS{name}=="Fake Lid Switch", TAG+="power-switch"' \ + > /run/udev/rules.d/70-logindtest-lid.rules + sync + udevadm control --reload + evemu-device $(dirname $0)/lidswitch.evemu & + KILL_PID="$KILL_PID $!" + while [ -z "$O" ]; do + sleep 0.1 + O=$(grep -l '^Fake Lid Switch' /sys/class/input/*/device/name) + done + O=${O%/device/name} + LID_DEV=/dev/${O#/sys/class/} + + # close lid + evemu-event $LID_DEV --sync --type 5 --code 0 --value 1 + # need to wait for 30s suspend inhibition after boot + wait_suspend 31 + # open lid again + evemu-event $LID_DEV --sync --type 5 --code 0 --value 0 + + echo " * waiting for 30s inhibition time between suspends" + sleep 30 + + # now closing lid should cause instant suspend + evemu-event $LID_DEV --sync --type 5 --code 0 --value 1 + wait_suspend 2 + evemu-event $LID_DEV --sync --type 5 --code 0 --value 0 + + P=$(pidof systemd-logind) + [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; } +} + +test_shutdown() { + echo " * scheduled shutdown with wall message" + shutdown 2>&1 + sleep 5 + shutdown -c || true + # logind should still be running + P=$(pidof systemd-logind) + [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; } + + echo " * scheduled shutdown without wall message" + shutdown --no-wall 2>&1 + sleep 5 + shutdown -c --no-wall || true + P=$(pidof systemd-logind) + [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; } +} + +test_in_logind_session() { + echo " * XDG_SESSION_ID=$XDG_SESSION_ID" + # cgroup v1: "1:name=systemd:/user.slice/..."; unified hierarchy: "0::/user.slice" + if grep -E '(name=systemd|^0:):.*session.*scope' /proc/self/cgroup; then + echo " * process is in session cgroup" + else + echo "FAIL: process is not in session cgroup" + echo "/proc/self/cgroup:" + cat /proc/self/cgroup + loginctl + loginctl show-session "$XDG_SESSION_ID" + exit 1 + fi +} + +test_acl() { + # ACL tests + if ! echo "$LOGINCTL_OUT" | grep -q "seat0"; then + echo " * Skipping ACL tests, as there is no seat" + return + fi + if systemd-detect-virt --quiet --container; then + echo " * Skipping ACL tests in container" + return + fi + + # determine user + USER=`echo "$OUT" | grep seat0 | awk '{print $3}'` + echo "seat user: $USER" + + # scsi_debug should not be loaded yet + ! test -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block + + # we use scsi_debug to create new devices which we can put ACLs on + # tell udev about the tagging, so that logind can pick it up + cat <<EOF > /run/udev/rules.d/70-logindtest-scsi_debug-user.rules +SUBSYSTEM=="block", ATTRS{model}=="scsi_debug*", TAG+="uaccess" +EOF + sync + udevadm control --reload + + echo " * coldplug: logind started with existing device" + killall systemd-logind + modprobe scsi_debug + while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block 2>/dev/null`; do sleep 0.1; done + test -b $dev + echo "got block device $dev" + udevadm settle + # trigger logind + loginctl > /dev/null + sleep 1 + if getfacl -p $dev | grep -q "user:$USER:rw-"; then + echo "$dev has ACL for user $USER" + else + echo "$dev has no ACL for user $USER:" >&2 + getfacl -p $dev >&2 + exit 1 + fi + + rmmod scsi_debug + + echo " * hotplug: new device appears while logind is running" + modprobe scsi_debug + while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block`; do sleep 0.1; done + test -b $dev + echo "got block device $dev" + udevadm settle + sleep 1 + if getfacl -p $dev | grep -q "user:$USER:rw-"; then + echo "$dev has ACL for user $USER" + else + echo "$dev has no ACL for user $USER:" >&2 + getfacl -p $dev >&2 + exit 1 + fi +} + +# +# main +# + +test_started +test_properties +test_in_logind_session +test_suspend_on_lid +test_shutdown +test_acl diff --git a/debian/tests/process-killer b/debian/tests/process-killer new file mode 100755 index 0000000..6ca10b8 --- /dev/null +++ b/debian/tests/process-killer @@ -0,0 +1,9 @@ +#!/bin/sh +# loop until we can kill the process given in arg + +while : +do + /usr/bin/pkill -x $* + [ $? -eq 0 ] && break + sleep 1 +done diff --git a/debian/tests/root-unittests b/debian/tests/root-unittests new file mode 100644 index 0000000..96416e2 --- /dev/null +++ b/debian/tests/root-unittests @@ -0,0 +1,26 @@ +#!/bin/sh +set -eu + +EXFAIL="" + +res=0 +for t in /usr/lib/systemd/tests/test-*; do + tname=$(basename $t) + # test-udev needs special prep and has its own test + [ "$tname" != test-udev ] || continue + echo "====== $tname =======" + # exit code 77 means "skip" + rc=0 + $t || rc=$? + if [ "$rc" = 0 ]; then + echo "PASS: $tname" + elif [ "$rc" = 77 ]; then + echo "SKIP: $tname" + elif [ "${EXFAIL%$tname*}" != "$EXFAIL" ]; then + echo "EXFAIL: $tname" + else + echo "FAIL: $tname (code: $rc)" + res=$rc + fi +done +exit $res diff --git a/debian/tests/storage b/debian/tests/storage new file mode 100755 index 0000000..b64cd63 --- /dev/null +++ b/debian/tests/storage @@ -0,0 +1,271 @@ +#!/usr/bin/env python3 +# systemd integration test: Handling of storage devices +# (C) 2015 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +import os +import random +import subprocess +import sys +import time +import unittest + +from glob import glob +from threading import Thread + + +TIMEOUT_SERVICE_START = 10 +TIMEOUT_PASSWORD_AGENT_STOP = 10 +TIMEOUT_PLAINTEXT_DEV = 30 +TIMEOUT_SCSI_DEBUG_ADD_HOST = 5 + +SCSI_DEBUG_DIR = '/sys/bus/pseudo/drivers/scsi_debug' + +class FakeDriveTestBase(unittest.TestCase): + @classmethod + def setUpClass(cls): + if os.path.isdir(SCSI_DEBUG_DIR): + return + + # Consider missing scsi_debug module a test failure + subprocess.check_call(['modprobe', 'scsi_debug', 'dev_size_mb=32']) + assert os.path.isdir(SCSI_DEBUG_DIR) + + def setUp(self): + existing_adapters = set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*'))) + with open(os.path.join(SCSI_DEBUG_DIR, 'add_host'), 'w') as f: + f.write('1') + new_adapters = set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*'))) - existing_adapters + self.assertEqual(len(new_adapters), 1) + self.adapter = new_adapters.pop() + for timeout in range(TIMEOUT_SCSI_DEBUG_ADD_HOST): + devices = set(glob(os.path.join(self.adapter, 'host*/target*/*:*/block/*'))) + if len(devices) > 0: + break + time.sleep(1) + else: + self.fail('Timed out waiting for scsi_debug block device name') + self.assertEqual(len(devices), 1) + self.device = os.path.join('/dev/', os.path.basename(devices.pop())) + + def tearDown(self): + existing_adapters = set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*'))) + with open(os.path.join(SCSI_DEBUG_DIR, 'add_host'), 'w') as f: + f.write('-1') + removed_adapters = existing_adapters - set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*'))) + self.assertEqual(len(removed_adapters), 1) + adapter = removed_adapters.pop() + self.assertEqual(self.adapter, adapter) + self.adapter = None + self.device = None + + +class CryptsetupTest(FakeDriveTestBase): + def setUp(self): + testname = self.id().split('.')[-1] + self.plaintext_name = 'testcrypt_%s' % testname + self.plaintext_dev = '/dev/mapper/' + self.plaintext_name + self.service_name = 'systemd-cryptsetup@%s.service' % self.plaintext_name + if os.path.exists(self.plaintext_dev): + self.fail('%s exists already' % self.plaintext_dev) + + super().setUp() + + if os.path.exists('/etc/crypttab'): + os.rename('/etc/crypttab', '/etc/crypttab.systemdtest') + self.password = 'pwd%i' % random.randint(1000, 10000) + self.password_agent = None + self.password_agent_stop = False + + def tearDown(self): + if self.password_agent: + self.password_agent_stop = True + self.password_agent.join(timeout=TIMEOUT_PASSWORD_AGENT_STOP) + self.assertFalse(self.password_agent.is_alive()) + self.password_agent = None + for timeout in range(TIMEOUT_SERVICE_START): + state = subprocess.run(['systemctl', 'show', '--no-pager', self.service_name, '--property', 'ActiveState'], + stdout=subprocess.PIPE, universal_newlines=True).stdout + state = state.strip().replace('ActiveState=', '', 1) + if state in ['active', 'failed']: + break + time.sleep(1) + else: + self.fail('Timed out waiting for %s to start (or fail)' % self.service_name) + subprocess.call(['umount', self.plaintext_dev], stderr=subprocess.DEVNULL) + if state == 'active': + subprocess.call(['systemctl', 'stop', self.service_name], stderr=subprocess.STDOUT) + if os.path.exists('/etc/crypttab'): + os.unlink('/etc/crypttab') + if os.path.exists('/etc/crypttab.systemdtest'): + os.rename('/etc/crypttab.systemdtest', '/etc/crypttab') + if os.path.exists(self.plaintext_dev): + subprocess.call(['dmsetup', 'remove', self.plaintext_dev], + stderr=subprocess.STDOUT) + subprocess.check_call(['systemctl', 'daemon-reload']) + + super().tearDown() + + def format_luks(self): + '''Format test device with LUKS''' + + p = subprocess.Popen(['cryptsetup', '--batch-mode', 'luksFormat', self.device, '-'], + stdin=subprocess.PIPE) + p.communicate(self.password.encode()) + self.assertEqual(p.returncode, 0) + os.sync() + subprocess.check_call(['udevadm', 'settle']) + + def start_password_agent(self): + '''Run password agent to answer passphrase request for crypt device''' + + # wait for incoming request + found = False + while not found: + for ask in glob('/run/systemd/ask-password/ask.*'): + with open(ask) as f: + contents = f.read() + if self.plaintext_name in contents: + found = True + break + if not found: + if self.password_agent_stop: + return + time.sleep(0.5) + + # parse Socket= + for line in contents.splitlines(): + if line.startswith('Socket='): + socket = line.split('=', 1)[1] + break + else: + self.fail('Could not find socket') + + # send reply + p = subprocess.Popen(['/lib/systemd/systemd-reply-password', '1', socket], + stdin=subprocess.PIPE) + p.communicate(self.password.encode()) + self.assertEqual(p.returncode, 0) + + def apply(self, target): + '''Tell systemd to generate and run the cryptsetup units''' + + subprocess.check_call(['systemctl', 'daemon-reload']) + + self.password_agent = Thread(target=self.start_password_agent); + self.password_agent.start() + subprocess.check_call(['systemctl', '--no-ask-password', 'restart', target]) + for timeout in range(TIMEOUT_PLAINTEXT_DEV): + if os.path.exists(self.plaintext_dev): + break + time.sleep(1) + else: + self.fail('Timed out waiting for %s to appear' % self.plaintext_dev) + + def test_luks_by_devname(self): + '''LUKS device by plain device name, empty''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks\n' % (self.plaintext_name, self.device)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should not have anything on it + p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE) + out = p.communicate()[0] + self.assertEqual(out, b'') + self.assertNotEqual(p.returncode, 0) + + def test_luks_by_uuid(self): + '''LUKS device by UUID, empty''' + + self.format_luks() + uuid = subprocess.check_output(['blkid', '-ovalue', '-sUUID', self.device], + universal_newlines=True).strip() + with open('/etc/crypttab', 'w') as f: + f.write('%s UUID=%s none luks\n' % (self.plaintext_name, uuid)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should not have anything on it + p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE) + out = p.communicate()[0] + self.assertEqual(out, b'') + self.assertNotEqual(p.returncode, 0) + + def test_luks_swap(self): + '''LUKS device with "swap" option''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks,swap\n' % (self.plaintext_name, self.device)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should be formatted with swap + out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev]) + self.assertEqual(out, b'swap\n') + + def test_luks_tmp(self): + '''LUKS device with "tmp" option''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device)) + self.apply('cryptsetup.target') + + # should not be mounted + with open('/proc/mounts') as f: + self.assertNotIn(self.plaintext_name, f.read()) + + # device should be formatted with ext2 or (with newer systemd) ext4 + out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev]) + self.assertRegex(out, b'ext[24]') + + def test_luks_fstab(self): + '''LUKS device in /etc/fstab''' + + self.format_luks() + with open('/etc/crypttab', 'w') as f: + f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device)) + + mountpoint = '/run/crypt1.systemdtest' + os.mkdir(mountpoint) + self.addCleanup(os.rmdir, mountpoint) + os.rename('/etc/fstab', '/etc/fstab.systemdtest') + self.addCleanup(os.rename, '/etc/fstab.systemdtest', '/etc/fstab') + with open('/etc/fstab', 'a') as f: + with open('/etc/fstab.systemdtest') as forig: + f.write(forig.read()) + f.write('%s %s auto defaults 0 0\n' % (self.plaintext_dev, mountpoint)) + + # this should now be a requirement of local-fs.target + self.apply('local-fs.target') + + # should be mounted + found = False + with open('/proc/mounts') as f: + for line in f: + fields = line.split() + if fields[0] == self.plaintext_dev: + self.assertEqual(fields[1], mountpoint) + self.assertRegex(fields[2], 'ext[24]') + found = True + break + if not found: + self.fail('%s is not mounted' % self.plaintext_dev) + + +if __name__ == '__main__': + unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, + verbosity=2)) diff --git a/debian/tests/systemd-fsckd b/debian/tests/systemd-fsckd new file mode 100755 index 0000000..09d68f5 --- /dev/null +++ b/debian/tests/systemd-fsckd @@ -0,0 +1,297 @@ +#!/usr/bin/python3 +# autopkgtest check: Ensure that systemd-fsckd can report progress and cancel +# (C) 2015 Canonical Ltd. +# Author: Didier Roche <didrocks@ubuntu.com> + +from contextlib import suppress +import inspect +import fileinput +import os +import subprocess +import shutil +import stat +import sys +import unittest +from time import sleep, time + +GRUB_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/50-cloudimg-settings.cfg" +TEST_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/99-fsckdtest.cfg" + +SYSTEMD_ETC_SYSTEM_UNIT_DIR = "/etc/systemd/system/" +SYSTEMD_PROCESS_KILLER_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, "process-killer.service") + +SYSTEMD_FSCK_ROOT_PATH = "/lib/systemd/system/systemd-fsck-root.service" +SYSTEMD_FSCK_ROOT_ENABLE_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, 'local-fs.target.wants/systemd-fsck-root.service') + +SYSTEM_FSCK_PATH = '/sbin/fsck' +PROCESS_KILLER_PATH = '/sbin/process-killer' +SAVED_FSCK_PATH = "{}.real".format(SYSTEM_FSCK_PATH) + +FSCKD_TIMEOUT = 30 + + +class FsckdTest(unittest.TestCase): + '''Check that we run, report and can cancel fsck''' + + def __init__(self, test_name, after_reboot, return_code): + super().__init__(test_name) + self._test_name = test_name + self._after_reboot = after_reboot + self._return_code = return_code + + def setUp(self): + super().setUp() + # ensure we have our root fsck enabled by default (it detects it runs in a vm and doesn't pull the target) + # note that it can already exists in case of a reboot (as there was no tearDown as we wanted) + os.makedirs(os.path.dirname(SYSTEMD_FSCK_ROOT_ENABLE_PATH), exist_ok=True) + with suppress(FileExistsError): + os.symlink(SYSTEMD_FSCK_ROOT_PATH, SYSTEMD_FSCK_ROOT_ENABLE_PATH) + enable_plymouth() + + # note that the saved real fsck can still exists in case of a reboot (as there was no tearDown as we wanted) + if not os.path.isfile(SAVED_FSCK_PATH): + os.rename(SYSTEM_FSCK_PATH, SAVED_FSCK_PATH) + + # install mock fsck and killer + self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'fsck'), + SYSTEM_FSCK_PATH) + self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'process-killer'), + PROCESS_KILLER_PATH) + + self.files_to_clean = [SYSTEMD_FSCK_ROOT_ENABLE_PATH, SYSTEM_FSCK_PATH, SYSTEMD_PROCESS_KILLER_PATH, PROCESS_KILLER_PATH] + + def tearDown(self): + # tearDown is only called once the test really ended (not while rebooting during tests) + for f in self.files_to_clean: + with suppress(FileNotFoundError): + os.remove(f) + os.rename(SAVED_FSCK_PATH, SYSTEM_FSCK_PATH) + super().tearDown() + + def test_fsckd_run(self): + '''Ensure we can reboot after a fsck was processed''' + if not self._after_reboot: + self.reboot() + else: + self.assertFsckdStop() + self.assertFsckProceeded() + self.assertSystemRunning() + + def test_fsckd_run_without_plymouth(self): + '''Ensure we can reboot without plymouth after a fsck was processed''' + if not self._after_reboot: + enable_plymouth(enable=False) + self.reboot() + else: + self.assertFsckdStop() + self.assertFsckProceeded(with_plymouth=False) + self.assertSystemRunning() + + def test_fsck_with_failure(self): + '''Ensure that a failing fsck doesn't prevent fsckd to stop''' + if not self._after_reboot: + self.install_process_killer_unit('fsck') + self.reboot() + else: + self.assertFsckdStop() + self.assertWasRunning('process-killer') + self.assertFalse(self.is_failed_unit('process-killer')) + self.assertFsckProceeded() + self.assertSystemRunning() + + def test_systemd_fsck_with_failure(self): + '''Ensure that a failing systemd-fsck doesn't prevent fsckd to stop''' + if not self._after_reboot: + self.install_process_killer_unit('systemd-fsck', kill=True) + self.reboot() + else: + self.assertFsckdStop() + self.assertProcessKilled() + self.assertTrue(self.is_failed_unit('systemd-fsck-root')) + self.assertWasRunning('systemd-fsckd') + self.assertWasRunning('plymouth-start') + self.assertSystemRunning() + + def test_systemd_fsckd_with_failure(self): + '''Ensure that a failing systemd-fsckd doesn't prevent system to boot''' + if not self._after_reboot: + self.install_process_killer_unit('systemd-fsckd', kill=True) + self.reboot() + else: + self.assertFsckdStop() + self.assertProcessKilled() + self.assertFalse(self.is_failed_unit('systemd-fsck-root')) + self.assertTrue(self.is_failed_unit('systemd-fsckd')) + self.assertWasRunning('plymouth-start') + self.assertSystemRunning() + + def test_systemd_fsck_with_plymouth_failure(self): + '''Ensure that a failing plymouth doesn't prevent fsckd to reconnect/exit''' + if not self._after_reboot: + self.install_process_killer_unit('plymouthd', kill=True) + self.reboot() + else: + self.assertFsckdStop() + self.assertWasRunning('process-killer') + self.assertFsckProceeded() + self.assertFalse(self.is_active_unit('plymouth-start')) + self.assertSystemRunning() + + def install_bin(self, source, dest): + '''install mock fsck''' + shutil.copy2(source, dest) + st = os.stat(dest) + os.chmod(dest, st.st_mode | stat.S_IEXEC) + + def is_active_unit(self, unit): + '''Check that given unit is active''' + + return subprocess.call(['systemctl', 'status', unit], + stdout=subprocess.PIPE) == 0 + + def is_failed_unit(self, unit): + '''Check that given unit failed''' + + p = subprocess.Popen(['systemctl', 'is-active', unit], stdout=subprocess.PIPE) + out, err = p.communicate() + if b'failed' in out: + return True + return False + + def assertWasRunning(self, unit, expect_running=True): + '''Assert that a given unit has been running''' + p = subprocess.Popen(['systemctl', 'status', '--no-pager', unit], + stdout=subprocess.PIPE, universal_newlines=True) + out = p.communicate()[0].strip() + if expect_running: + self.assertRegex(out, 'Active:.*since') + else: + self.assertNotRegex(out, 'Active:.*since') + self.assertIn(p.returncode, (0, 3)) + + def assertFsckdStop(self): + '''Ensure systemd-fsckd stops, which indicates no more fsck activity''' + timeout = time() + FSCKD_TIMEOUT + while time() < timeout: + if not self.is_active_unit('systemd-fsckd'): + return + sleep(1) + raise Exception("systemd-fsckd still active after {}s".format(FSCKD_TIMEOUT)) + + def assertFsckProceeded(self, with_plymouth=True): + '''Assert we executed most of the fsck-related services successfully''' + self.assertWasRunning('systemd-fsckd') + self.assertFalse(self.is_failed_unit('systemd-fsckd')) + self.assertTrue(self.is_active_unit('systemd-fsck-root')) # remains active after exit + if with_plymouth: + self.assertWasRunning('plymouth-start') + else: + self.assertWasRunning('plymouth-start', expect_running=False) + + def assertSystemRunning(self): + '''Assert that the system is running''' + + self.assertTrue(self.is_active_unit('default.target')) + + def assertProcessKilled(self): + '''Assert the targeted process was killed successfully''' + self.assertWasRunning('process-killer') + self.assertFalse(self.is_failed_unit('process-killer')) + + def reboot(self): + '''Reboot the system with the current test marker''' + subprocess.check_call(['/tmp/autopkgtest-reboot', "{}:{}".format(self._test_name, self._return_code)]) + + def install_process_killer_unit(self, process_name, kill=False): + '''Create a systemd unit which will kill process_name''' + with open(SYSTEMD_PROCESS_KILLER_PATH, 'w') as f: + f.write('''[Unit] +DefaultDependencies=no + +[Service] +Type=simple +ExecStart=/usr/bin/timeout 10 {} {} + +[Install] +WantedBy=systemd-fsck-root.service'''.format(PROCESS_KILLER_PATH, + '--signal SIGKILL {}'.format(process_name) if kill else process_name)) + subprocess.check_call(['systemctl', 'daemon-reload']) + subprocess.check_call(['systemctl', 'enable', 'process-killer'], stderr=subprocess.DEVNULL) + + +def enable_plymouth(enable=True): + '''ensure plymouth is enabled in grub config (doesn't reboot)''' + plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read() + if enable and not plymouth_enabled: + if os.path.exists(GRUB_AUTOPKGTEST_CONFIG_PATH): + shutil.copy2(GRUB_AUTOPKGTEST_CONFIG_PATH, TEST_AUTOPKGTEST_CONFIG_PATH) + for line in fileinput.input([TEST_AUTOPKGTEST_CONFIG_PATH], inplace=True): + if line.startswith("GRUB_CMDLINE_LINUX_DEFAULT"): + print(line[:line.rfind('"')] + ' splash quiet"\n') + else: + os.makedirs(os.path.dirname(TEST_AUTOPKGTEST_CONFIG_PATH), exist_ok=True) + with open(TEST_AUTOPKGTEST_CONFIG_PATH, 'w') as f: + f.write('GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 splash quiet"\n') + elif not enable and plymouth_enabled: + with suppress(FileNotFoundError): + os.remove(TEST_AUTOPKGTEST_CONFIG_PATH) + subprocess.check_call(['update-grub'], stderr=subprocess.DEVNULL) + + +def boot_with_systemd_distro(): + '''Reboot with systemd as init and distro setup for grub''' + enable_plymouth() + subprocess.check_call(['/tmp/autopkgtest-reboot', 'systemd-started']) + + +def getAllTests(unitTestClass): + '''get all test names in predictable sorted order from unitTestClass''' + return sorted([test[0] for test in inspect.getmembers(unitTestClass, predicate=inspect.isfunction) + if test[0].startswith('test_')]) + + +# AUTOPKGTEST_REBOOT_MARK contains the test name to pursue after reboot +# (to check results and states after reboot, mostly). +# we append the previous global return code (0 or 1) to it. +# Example: AUTOPKGTEST_REBOOT_MARK=test_foo:0 +if __name__ == '__main__': + if os.path.exists('/run/initramfs/fsck-root'): + print('SKIP: root file system is being checked by initramfs already') + sys.exit(0) + + all_tests = getAllTests(FsckdTest) + reboot_marker = os.getenv('AUTOPKGTEST_REBOOT_MARK') + + current_test_after_reboot = "" + if not reboot_marker: + boot_with_systemd_distro() + + # first test + if reboot_marker == "systemd-started": + current_test = all_tests[0] + return_code = 0 + else: + (current_test_after_reboot, return_code) = reboot_marker.split(':') + current_test = current_test_after_reboot + return_code = int(return_code) + + # loop on remaining tests to run + try: + remaining_tests = all_tests[all_tests.index(current_test):] + except ValueError: + print("Invalid value for AUTOPKGTEST_REBOOT_MARK, {} is not a valid test name".format(reboot_marker)) + sys.exit(2) + + # run all remaining tests + for test_name in remaining_tests: + after_reboot = False + # if this tests needed a reboot (and it has been performed), executes second part of it + if test_name == current_test_after_reboot: + after_reboot = True + suite = unittest.TestSuite() + suite.addTest(FsckdTest(test_name, after_reboot, return_code)) + result = unittest.TextTestRunner(stream=sys.stdout, verbosity=2).run(suite) + if len(result.failures) != 0 or len(result.errors) != 0: + return_code = 1 + + sys.exit(return_code) diff --git a/debian/tests/timedated b/debian/tests/timedated new file mode 100755 index 0000000..0d973df --- /dev/null +++ b/debian/tests/timedated @@ -0,0 +1,188 @@ +#!/bin/sh +set -e + +. `dirname $0`/assert.sh + +ORIG_TZ=`grep -v '^#' /etc/timezone` +echo "original tz: $ORIG_TZ" + +echo 'timedatectl works' +assert_in "Local time:" "`timedatectl --no-pager`" + +echo 'change timezone' +assert_eq "`timedatectl --no-pager set-timezone Europe/Moscow 2>&1`" "" +assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "Europe/Moscow" +[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "Europe/Moscow" +assert_in "Time.*zone: Europe/Moscow (MSK, +" "`timedatectl --no-pager`" + +echo 'reset timezone to original' +assert_eq "`timedatectl --no-pager set-timezone $ORIG_TZ 2>&1`" "" +assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "$ORIG_TZ" +[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "$ORIG_TZ" + +# test setting UTC vs. LOCAL in /etc/adjtime +if [ -e /etc/adjtime ]; then + ORIG_ADJTIME=`cat /etc/adjtime` + trap "echo '$ORIG_ADJTIME' > /etc/adjtime" EXIT INT QUIT PIPE +else + trap "rm -f /etc/adjtime" EXIT INT QUIT PIPE +fi + +echo 'no adjtime file' +rm -f /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' + +echo 'UTC set in adjtime file' +printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +UTC" +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'non-zero values in adjtime file' +printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_eq "`cat /etc/adjtime`" "0.1 123 0 +0 +UTC" +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.1 123 0 +0 +LOCAL" + +echo 'fourth line adjtime file' +printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +UTC +somethingelse" +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL +somethingelse" + +echo 'no final newline in adjtime file' +printf '0.0 0 0\n0\nUTC' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0\nUTC' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'only one line in adjtime file' +printf '0.0 0 0\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'only one line in adjtime file, no final newline' +printf '0.0 0 0' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'only two lines in adjtime file' +printf '0.0 0 0\n0\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0\n' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + + +echo 'only two lines in adjtime file, no final newline' +printf '0.0 0 0\n0' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +echo 'unknown value in 3rd line of adjtime file' +printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime +timedatectl set-local-rtc 0 +assert_true '[ ! -e /etc/adjtime ]' +printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime +timedatectl set-local-rtc 1 +assert_eq "`cat /etc/adjtime`" "0.0 0 0 +0 +LOCAL" + +# timesyncd has ConditionVirtualization=!container by default; drop/mock that for testing +if systemd-detect-virt --container --quiet; then + systemctl disable --quiet --now systemd-timesyncd + mkdir -p /run/systemd/system/systemd-timesyncd.service.d + printf '[Unit]\nConditionVirtualization=\n[Service]\nType=simple\nAmbientCapabilities=\nExecStart=\nExecStart=/bin/sleep infinity' > /run/systemd/system/systemd-timesyncd.service.d/container.conf + systemctl daemon-reload +fi + +mon=$(mktemp -t dbusmon.XXXXXX) +trap "rm -f $mon" EXIT INT QUIT PIPE + +assert_ntp() { + V=$(busctl get-property org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 NTP) + assert_eq "$V" "b $1" +} + +start_mon() { + dbus-monitor --system "type='signal', member='PropertiesChanged', path='/org/freedesktop/timedate1'" > $mon & + MONPID=$! +} + +wait_mon() { + for retry in $(seq 10); do + grep -q "$1" $mon && break + sleep 1 + done + assert_in "$2" "$(cat $mon)" + kill $MONPID + wait $MONPID 2>/dev/null || true +} + +echo 'disable NTP' +timedatectl set-ntp false +while [ "$(systemctl --no-pager show systemd-timesyncd --property ActiveState)" != "ActiveState=inactive" ]; do sleep 1; done +assert_ntp false +assert_rc 3 systemctl is-active --quiet systemd-timesyncd + +echo 'enable NTP' +start_mon +timedatectl set-ntp true +wait_mon "NTP" "boolean true" +assert_ntp true +while [ "$(systemctl --no-pager show systemd-timesyncd --property ActiveState)" != "ActiveState=active" ]; do sleep 1; done +assert_rc 0 systemctl is-active --quiet systemd-timesyncd + +echo 're-disable NTP' +start_mon +timedatectl set-ntp false +wait_mon "NTP" "boolean false" +assert_ntp false +assert_rc 3 systemctl is-active --quiet systemd-timesyncd diff --git a/debian/tests/udev b/debian/tests/udev new file mode 100755 index 0000000..b294cfb --- /dev/null +++ b/debian/tests/udev @@ -0,0 +1,13 @@ +#!/bin/sh +# autopkgtest check: Run upstream udev test script +# (C) 2016 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> +set -euC + +TEST_DIR=${AUTOPKGTEST_TMP:=$(mktemp -d)} +mkdir -p $TEST_DIR/test +test/sys-script.py $TEST_DIR/test +cp test/udev-test.pl $TEST_DIR +cp /usr/lib/systemd/tests/manual/test-udev $TEST_DIR +cd $TEST_DIR +./udev-test.pl diff --git a/debian/tests/unit-config b/debian/tests/unit-config new file mode 100755 index 0000000..1cfa4d4 --- /dev/null +++ b/debian/tests/unit-config @@ -0,0 +1,369 @@ +#!/usr/bin/python3 +# autopkgtest check: enable/disable/configure units +# (C) 2015 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> + +import unittest +import subprocess +import os +import sys +import tempfile +from glob import glob + +system_unit_dir = subprocess.check_output( + ['pkg-config', '--variable=systemdsystemunitdir', 'systemd'], + universal_newlines=True).strip() +systemd_sysv_install = os.path.join(os.path.dirname(system_unit_dir), + 'systemd-sysv-install') + + +class EnableTests(unittest.TestCase): + def tearDown(self): + # remove all traces from our test unit + f = glob(system_unit_dir + '/test_enable*.service') + f += glob(system_unit_dir + '/*/test_enable*.service') + f += glob('/etc/systemd/system/test_enable*.service') + f += glob('/etc/systemd/system/*/test_enable*.service') + f += glob('/etc/init.d/test_enable*') + f += glob('/etc/rc?.d/???test_enable*') + [os.unlink(i) for i in f] + subprocess.check_call(['systemctl', 'daemon-reload']) + + def create_unit(self, suffix='', enable=False): + '''Create a test unit''' + + unit = os.path.join(system_unit_dir, + 'test_enable%s.service' % suffix) + with open(unit, 'w') as f: + f.write('''[Unit] +Description=Testsuite unit %s +[Service] +ExecStart=/bin/echo hello +[Install] +WantedBy=multi-user.target +''' % suffix) + + if enable: + os.symlink(unit, '/etc/systemd/system/multi-user.target.wants/' + + os.path.basename(unit)) + + return unit + + def create_sysv(self, suffix='', enable=False): + '''Create a test SysV script''' + + script = '/etc/init.d/test_enable%s' % suffix + with open(script, 'w') as f: + f.write('''/bin/sh +### BEGIN INIT INFO +# Provides: test_enable%s +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Testsuite script%s +### END INIT INFO + +echo hello +''' % (suffix, suffix)) + os.chmod(script, 0o755) + + if enable: + subprocess.check_call( + [systemd_sysv_install, 'enable', os.path.basename(script)]) + + def assertEnabled(self, enabled, unit='test_enable.service'): + '''assert that given unit has expected state''' + + systemctl = subprocess.Popen(['systemctl', 'is-enabled', unit], + stdout=subprocess.PIPE, + universal_newlines=True) + out = systemctl.communicate()[0].strip() + if enabled: + self.assertEqual(systemctl.returncode, 0) + self.assertEqual(out, 'enabled') + else: + self.assertEqual(systemctl.returncode, 1) + self.assertEqual(out, 'disabled') + + def test_unit_enable(self): + '''no sysv: enable unit''' + + self.create_unit() + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # enable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable.service']) + self.assertEnabled(True) + + def test_unit_disable(self): + '''no sysv: disable unit''' + + self.create_unit(enable=True) + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # disable should be idempotent + subprocess.check_call(['systemctl', 'disable', 'test_enable.service']) + self.assertEnabled(False) + + def test_unit_sysv_enable(self): + '''with sysv: enable unit''' + + self.create_unit() + self.create_sysv() + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # enabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l)) + self.assertEqual(os.readlink(l[0]), '../init.d/test_enable') + + # enable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable.service']) + self.assertEnabled(True) + + def test_unit_sysv_disable(self): + '''with sysv: disable unit''' + + self.create_unit(enable=True) + self.create_sysv(enable=True) + self.assertEnabled(True) + # also works without .service suffix + self.assertEnabled(True, unit='test_enable') + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + self.assertEnabled(False) + # also works without .service suffix + self.assertEnabled(False, unit='test_enable') + + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # disabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(l, []) + + # disable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable.service']) + self.assertEnabled(True) + + def test_unit_alias_enable(self): + '''no sysv: enable unit with an alias''' + + u = self.create_unit() + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + + self.assertEnabled(False) + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + self.assertEnabled(True) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + def test_unit_alias_disable(self): + '''no sysv: disable unit with an alias''' + + u = self.create_unit() + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + os.symlink(system_unit_dir + '/test_enable.service', + '/etc/systemd/system/test_enablea.service') + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + self.assertEnabled(False) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertFalse(os.path.islink(l)) + + def test_unit_sysv_alias_enable(self): + '''with sysv: enable unit with an alias''' + + u = self.create_unit() + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + self.create_sysv() + + self.assertEnabled(False) + + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertTrue(os.path.islink(l)) + self.assertEqual(os.readlink(l), + system_unit_dir + '/test_enable.service') + + # enabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l)) + self.assertEqual(os.readlink(l[0]), '../init.d/test_enable') + + self.assertEnabled(True) + + def test_unit_sysv_alias_disable(self): + '''with sysv: disable unit with an alias''' + + u = self.create_unit(enable=True) + with open(u, 'a') as f: + f.write('Alias=test_enablea.service\n') + os.symlink(system_unit_dir + '/test_enable.service', + '/etc/systemd/system/test_enablea.service') + self.create_sysv(enable=True) + + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + # enablement symlink + l = '/etc/systemd/system/multi-user.target.wants/test_enable.service' + self.assertFalse(os.path.islink(l)) + + # alias symlink + l = '/etc/systemd/system/test_enablea.service' + self.assertFalse(os.path.islink(l)) + + # disabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(l, []) + + self.assertEnabled(False) + + def test_sysv_enable(self): + '''only sysv: enable''' + + self.create_sysv() + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + + # enabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l)) + self.assertEqual(os.readlink(l[0]), '../init.d/test_enable') + + # enable should be idempotent + subprocess.check_call(['systemctl', 'enable', 'test_enable']) + self.assertEnabled(True) + + def test_sysv_disable(self): + '''only sysv: disable''' + + self.create_sysv(enable=True) + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + + # disabled the sysv script + l = glob('/etc/rc2.d/S??test_enable') + self.assertEqual(l, []) + + # disable should be idempotent + subprocess.check_call(['systemctl', 'disable', 'test_enable']) + self.assertEnabled(False) + + def test_unit_link(self): + '''systemctl link''' + + with tempfile.NamedTemporaryFile(suffix='.service') as f: + f.write(b'[Unit]\n') + f.flush() + subprocess.check_call(['systemctl', 'link', f.name]) + + unit = os.path.basename(f.name) + l = os.path.join('/etc/systemd/system', unit) + self.assertEqual(os.readlink(l), f.name) + + # disable it again + subprocess.check_call(['systemctl', 'disable', unit]) + # this should also remove the unit symlink + self.assertFalse(os.path.islink(l)) + + def test_unit_enable_full_path(self): + '''systemctl enable a unit in a non-default path''' + + with tempfile.NamedTemporaryFile(suffix='.service') as f: + f.write(b'''[Unit] +Description=test +[Service] +ExecStart=/bin/true +[Install] +WantedBy=multi-user.target''') + f.flush() + unit = os.path.basename(f.name) + + # now enable it + subprocess.check_call(['systemctl', 'enable', f.name]) + self.assertEnabled(True, unit=unit) + l = os.path.join('/etc/systemd/system', unit) + self.assertEqual(os.readlink(l), f.name) + enable_l = '/etc/systemd/system/multi-user.target.wants/' + unit + self.assertEqual(os.readlink(enable_l), f.name) + + # disable it again + subprocess.check_call(['systemctl', 'disable', unit]) + # self.assertEnabled(False) does not work as now systemd does not + # know about the unit at all any more + self.assertFalse(os.path.islink(enable_l)) + # this should also remove the unit symlink + self.assertFalse(os.path.islink(l)) + + +if __name__ == '__main__': + unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, + verbosity=2)) diff --git a/debian/tests/upstream b/debian/tests/upstream new file mode 100755 index 0000000..04be11a --- /dev/null +++ b/debian/tests/upstream @@ -0,0 +1,65 @@ +#!/bin/sh +# run upstream system integration tests +# Author: Martin Pitt <martin.pitt@ubuntu.com> +set -e + +DPKGARCH=$(dpkg --print-architecture) + +# quiesce Makefile.guess; not really relevant as systemd/nspawn run from +# installed packages +export BUILD_DIR=. + +# modify the image build scripts to install systemd from the debs instead of +# from a "make/ninja install" as we don't have a built tree here. Also call +# systemd-nspawn from the system. +sed -i '/DESTDIR.* install/ s%^.*$% for p in `grep ^Package: '`pwd`'/debian/control | cut -f2 -d\\ |grep -Ev -- "-(udeb|dev)"`; do (cd /tmp; apt-get download $p \&\& dpkg-deb --fsys-tarfile ${p}[._]*deb | tar -C $initdir --dereference -x); done%; s_[^" ]*/systemd-nspawn_systemd-nspawn_g; s/\(_ninja_bin=\).*/\1dummy-ninja/' test/test-functions + +# adjust path +sed -i 's_/usr/libexec/selinux/hll/pp_/usr/lib/selinux/hll/pp_' test/TEST-06-SELINUX/test.sh + +FAILED="" + +# Because this test is used both by upstream and by Debian, we use different deny-list filenames. +# For more details see https://salsa.debian.org/systemd-team/systemd/merge_requests/52 +# The naming is transitioning from blacklist to deny-list, so currently both are supported +# More details in https://github.com/systemd/systemd/pull/16262 +if [ -n "$TEST_UPSTREAM" ]; then + DENY_LIST="deny-list-ubuntu-ci" + BLACKLIST="blacklist-ubuntu-ci" +else + DENY_LIST="deny-list-upstream-ci" + BLACKLIST="blacklist-upstream-ci" +fi + +for t in test/TEST*; do + testname=$(basename $t) + if [ -f "$t/${DENY_LIST}" -o -f "$t/${BLACKLIST}" ]; then + echo "========== DENY-LISTED: $testname ==========" + continue + elif [ -f "$t/${DENY_LIST}-$DPKGARCH" -o -f "$t/${BLACKLIST}-$DPKGARCH" ]; then + echo "========== DENY-LISTED (for arch $DPKGARCH): $testname ==========" + continue + fi + echo "========== START: $testname ==========" + rm -rf /var/tmp/systemd-test.* + if ! make -C $t clean setup run; then + for j in /var/tmp/systemd-test.*/journal/* /var/tmp/systemd-test.*/system.journal; do + [ -e "$j" ] || continue + # keep the entire journal in artifacts, in case one needs the debug messages + cp -r "$j" "$AUTOPKGTEST_ARTIFACTS/${testname}-$(basename $j)" + echo "---- $j ----" + [ -d "$j" ] && journalctl --priority=warning --directory=$j + [ -f "$j" ] && journalctl --priority=warning --file=$j + done + FAILED="$FAILED $testname" + fi + echo + # always cleanup each test run + make -C $t clean-again + echo "========== END: $testname ==========" +done + +if [ -n "$FAILED" ]; then + echo FAILED TESTS: "$FAILED" + exit 1 +fi diff --git a/debian/udev-udeb.dirs b/debian/udev-udeb.dirs new file mode 100644 index 0000000..eeba23d --- /dev/null +++ b/debian/udev-udeb.dirs @@ -0,0 +1 @@ +/etc/udev/rules.d/ diff --git a/debian/udev-udeb.install b/debian/udev-udeb.install new file mode 100644 index 0000000..d0995bb --- /dev/null +++ b/debian/udev-udeb.install @@ -0,0 +1,21 @@ +lib/systemd/network/99-default.link +lib/systemd/systemd-udevd +bin/udevadm +lib/udev/ata_id +lib/udev/scsi_id +lib/udev/cdrom_id +lib/udev/rules.d/50-udev-default.rules +lib/udev/rules.d/60-block.rules +lib/udev/rules.d/60-cdrom_id.rules +lib/udev/rules.d/60-input-id.rules +lib/udev/rules.d/60-persistent-input.rules +lib/udev/rules.d/60-persistent-storage.rules +lib/udev/rules.d/64-btrfs.rules +lib/udev/rules.d/75-net-description.rules +lib/udev/rules.d/75-probe_mtd.rules +lib/udev/rules.d/80-drivers.rules +lib/udev/rules.d/80-net-setup-link.rules +../../extra/network/73-usb-net-by-mac.link lib/systemd/network/ +../../extra/rules/50-firmware.rules lib/udev/rules.d/ +../../extra/rules/73-special-net-names.rules lib/udev/rules.d/ +../../extra/start-udev lib/debian-installer/ diff --git a/debian/udev.NEWS b/debian/udev.NEWS new file mode 100644 index 0000000..5a0194e --- /dev/null +++ b/debian/udev.NEWS @@ -0,0 +1,25 @@ +systemd (241-4) unstable; urgency=medium + + DRM render nodes (/dev/dri/renderD*) are now owned by group "render" + (previously group "video"). Dynamic ACLs via the "uaccess" udev tag are still + applied, so in the common case things should just continue to work. + If you rely on static permissions to access those devices, you need to update + group memberships accordingly to use group "render" now. + + -- Michael Biebl <biebl@debian.org> Fri, 17 May 2019 19:15:32 +0200 + +systemd (220-7) unstable; urgency=medium + + The mechanism for providing stable network interface names changed. + Previously they were kept in /etc/udev/rules.d/70-persistent-net.rules + which mapped device MAC addresses to the (arbitrary) name they got when + they first appeared (i. e. mostly at the time of installation). As this + had several problems and is not supported any more, this is deprecated in + favor of the "net.ifnames" mechanism. With this most of your network + interfaces will get location-based names. If you have ifupdown, firewall, + or other configuration that relies on the old names, you need to update + these by Debian 10/Ubuntu 18.04 LTS, and then remove + /etc/udev/rules.d/70-persistent-net.rules. Please see + /usr/share/doc/udev/README.Debian.gz for details about this. + + -- Martin Pitt <mpitt@debian.org> Mon, 15 Jun 2015 15:30:29 +0200 diff --git a/debian/udev.README.Debian b/debian/udev.README.Debian new file mode 100644 index 0000000..dfe1fb4 --- /dev/null +++ b/debian/udev.README.Debian @@ -0,0 +1,150 @@ +This documents udev integration Debian specifics. Please see man udev(7) and +its referenced manpages for general documentation. + +Network interface naming +~~~~~~~~~~~~~~~~~~~~~~~~ +Since version 197 udev has a builtin persistent name generator which checks +firmware/BIOS provided index numbers or slot names (similar to biosdevname), +falls back to slot names (PCI numbers, etc., in the spirit of +/dev/disks/by-path/), and then optionally falls back to MAC address, and +generates names based on these properties. This provides "location oriented" +names for PCI cards such as "enp0s1" for ethernet, or wlp1s0" for a WIFI card +so that replacing a broken network card does not change the name (as long +as the new card is fitted into the bus in the old card's slot.) As location +based naming does not work well for USB devices, these use a MAC based naming +schema (see /lib/systemd/network/73-usb-net-by-mac.link). + +This has been enabled by default since udev 220-7, which affects new +installations/hardware. Existing installations/hardware which already got +covered by the old 75-persistent-net-generator.rules may keep their existing +interface names until the release of Debian 10 / Ubuntu 18.04 LTS; see +below. + +You can disable these stable names and go back to the kernel-provided ones +(which don't have a stable order) in one of two ways: + + - Put "net.ifnames=0" into the kernel command line (e. g. in + /etc/default/grub's GRUB_CMDLINE_LINUX_DEFAULT, then run "update-grub"). + + - Disable the default *.link rules with + "ln -s /dev/null /etc/systemd/network/99-default.link" + "ln -s /dev/null /etc/systemd/network/73-usb-net-by-mac.link" + and rebuild the initrd with "update-initramfs -u". + +See this page for more information: +http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ + +Legacy persistent network interface naming +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Debian releases up to 8 ("Jessie") and Ubuntu up to 15.04 had an udev rule +/lib/udev/rules.d/75-persistent-net-generator.rules which fixed the name of a +network interface that it got when its MAC address first appeared in a +dynamically created /etc/udev/rules.d/70-persistent-net.rules file. + +This had inherent race conditions (which sometimes caused collisions and +interface names like "rename1"), required having to write state into /etc +(which isn't possible for read-only root), and did not work in virtualized +environments. + +This old schema is deprecated in Debian 9 ("Stretch"), and will not +be supported any more in Debian 10. + +Migration to the current network interface naming scheme +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Interface names must be be manually migrated to the new naming scheme before +upgrading to Debian 10 / Ubuntu 18.04 LTS. If you rely on the old names in +custom ifupdown stanzas, firewall scripts, or other networking configuration, +these will eventually need to be updated to the new names. + +WARNING: This process may render your machine inaccessible through ssh. Be sure +to have physical or serial console access to the machine or a way to revert to +your existing configuration. + +First, determine all relevant network interface names: those in +/etc/udev/rules.d/70-persistent-net.rules, or if that does not exist (in +the case of virtual machines), in "ip link" or /sys/class/net/. + +Then for every interface name use a command like + + grep -r eth0 /etc + +to find out where it is being used. + +Then on "real hardware" machines, rename the file to +70-persistent-net.rules.old; alternately, if you have multiple interfaces, +instead of renaming you may wish to comment out specific lines to convert a +single interface at a time. + +On VMs remove the files /etc/systemd/network/99-default.link and +/etc/systemd/network/50-virtio-kernel-names.link (the latter only exists on VMs +that use virtio network devices). + +Rebuild the initrd with + + update-initramfs -u + +and reboot. Then your system should have a new network interface name (or +names). Adjust configuration files as discovered with the grep above, and test +your system. + +Repeat for each network interface name, as necessary. + +Custom net interface naming +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +In some cases it is convenient to define your own specific names for network +interfaces. These can be customized in two different ways: + + * You can create your own names via *.link files (see systemd.link(5)) based + on hardware properties. For example, /etc/systemd/network/10-dmz.link: + + ------------ snip ------------ + [Match] + MACAddress=11:22:aa:bb:cc:33 + + [Link] + Name=eth-dmz + ------------ snip ------------ + + * If you need attributes that link files don't expose, or you need more + powerful pattern matching, you can create udev rules (see udev(7)) + like /etc/udev/rules.d/76-netnames.rules: + + ------------ snip ------------ + # identify by vendor/model ID + SUBSYSTEM=="net", ACTION=="add", ENV{ID_VENDOR_ID}=="0x8086", \ + ENV{ID_MODEL_ID}=="0x1502", NAME="eth-intel-gb" + + # USB device by path + # get ID_PATH if not present yet + ENV{ID_PATH}=="", IMPORT{builtin}="path_id" + SUBSYSTEM=="net", ACTION=="add", ENV{ID_PATH}=="*-usb-0:3:1*", NAME="eth-blue-hub" + ------------ snip ---------- + + The name of the rules file needs to have a prefix smaller than "80" so that + it runs before /lib/udev/rules.d/80-net-setup-link.rules, and should have a + prefix bigger than "75" so that it runs after 75-net-description.rules and + thus you can use matches on ID_VENDOR and similar properties. + + * Unless you disabled net.ifnames, you can change the policy + (kernel/bios/path/MAC based naming) in an /etc/systemd/network/*.link file, + for individual devices or entire device classes. See man systemd.link(5) for + details about this. /lib/systemd/network/99-default.link is the default + policy. Note that /lib/systemd/network/73-usb-net-by-mac.link uses MAC based + names for USB devices. + +Any of the above changes require an initrd update with "update-initramfs -u" to +get effective. + +Using udev with LDAP or NIS +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +If the rules files reference usernames or groups not present in the +/etc/{passwd,group} files and the system is configured to use a +network-based database like LDAP or NIS then udev may fail at boot time +because users and groups are looked up well before the network has been +initialized. +A possible solution is to configure /etc/nsswitch.conf like this: + + passwd: files ldap [UNAVAIL=return] + group: files ldap [UNAVAIL=return] + +The nsswitch.conf syntax is documented in the glibc manual. diff --git a/debian/udev.bug-control b/debian/udev.bug-control new file mode 100644 index 0000000..3134261 --- /dev/null +++ b/debian/udev.bug-control @@ -0,0 +1 @@ +package-status: systemd diff --git a/debian/udev.bug-script b/debian/udev.bug-script new file mode 100644 index 0000000..97f56f1 --- /dev/null +++ b/debian/udev.bug-script @@ -0,0 +1,14 @@ +#!/bin/sh + +# We don’t clean up this directory because there is no way to know when +# reportbug finished running, and reportbug needs the files around. +# Given that those are just a couple of kilobytes in size and people +# generally don’t file a lot of bugs, I don’t think it’s a big deal. +DIR=$(mktemp -d) + +echo "-- BEGIN ATTACHMENTS --" >&3 + +udevadm info --export-db >$DIR/udev-database.txt +echo "$DIR/udev-database.txt" >&3 + +echo "-- END ATTACHMENTS --" >&3 diff --git a/debian/udev.init b/debian/udev.init new file mode 100644 index 0000000..bb54f61 --- /dev/null +++ b/debian/udev.init @@ -0,0 +1,255 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: udev +# Required-Start: mountkernfs +# Required-Stop: umountroot +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Start systemd-udevd, populate /dev and load drivers. +### END INIT INFO + +PATH="/sbin:/bin" +NAME="systemd-udevd" +DAEMON="/lib/systemd/systemd-udevd" +DESC="hotplug events dispatcher" +PIDFILE="/run/udev.pid" +CTRLFILE="/run/udev/control" +OMITDIR="/run/sendsigs.omit.d" + +# we need to unmount /dev/pts/ and remount it later over the devtmpfs +unmount_devpts() { + if mountpoint -q /dev/pts/; then + umount -n -l /dev/pts/ + fi + + if mountpoint -q /dev/shm/; then + umount -n -l /dev/shm/ + fi +} + +# mount a devtmpfs over /dev, if somebody did not already do it +mount_devtmpfs() { + if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then + mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev + return + fi + + if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then + log_failure_msg "udev requires devtmpfs support, not started" + log_end_msg 1 + fi + + return 0 +} + +create_dev_makedev() { + if [ -e /sbin/MAKEDEV ]; then + ln -sf /sbin/MAKEDEV /dev/MAKEDEV + else + ln -sf /bin/true /dev/MAKEDEV + fi +} + +# shell version of /usr/bin/tty +my_tty() { + [ -x /bin/readlink ] || return 0 + [ -e /proc/self/fd/0 ] || return 0 + readlink --silent /proc/self/fd/0 || true +} + +warn_if_interactive() { + if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then + return + fi + + TTY=$(my_tty) + if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then + return + fi + + printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n" + printf "has been run from an interactive shell.\n" + printf "It will probably not do what you expect, so this script will wait\n" + printf "60 seconds before continuing. Press ^C to stop it.\n" + printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n" + sleep 60 +} + +make_static_nodes() { + [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0 + [ -x /bin/kmod ] || return 0 + + /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \ + while read type name mode uid gid age arg; do + [ -e $name ] && continue + case "$type" in + c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;; + d|d!) mkdir $name ;; + *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;; + esac + + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $name + fi + done +} + + +############################################################################## + + +[ -x $DAEMON ] || exit 0 + +# defaults +tmpfs_size="10M" + +if [ -e /etc/udev/udev.conf ]; then + . /etc/udev/udev.conf +fi + +. /lib/lsb/init-functions + +if [ ! -e /proc/filesystems ]; then + log_failure_msg "udev requires a mounted procfs, not started" + log_end_msg 1 +fi + +if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then + log_failure_msg "udev requires devtmpfs support, not started" + log_end_msg 1 +fi + +if [ ! -d /sys/class/ ]; then + log_failure_msg "udev requires a mounted sysfs, not started" + log_end_msg 1 +fi + +if [ ! -w /sys ]; then + log_warning_msg "udev does not support containers, not started" + exit 0 +fi + +if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \ + [ -e /sys/block -a ! -e /sys/class/block ]; then + log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected" + log_warning_msg "Booting will continue in 30 seconds but many things will be broken" + sleep 30 +fi + +# When modifying this script, do not forget that between the time that the +# new /dev has been mounted and udevadm trigger has been run there will be +# no /dev/null. This also means that you cannot use the "&" shell command. + +case "$1" in + start) + if [ ! -e "/run/udev/" ]; then + warn_if_interactive + fi + + if [ -w /sys/kernel/uevent_helper ]; then + echo > /sys/kernel/uevent_helper + fi + + if ! mountpoint -q /dev/; then + unmount_devpts + mount_devtmpfs + [ -d /proc/1 ] || mount -n /proc + fi + + make_static_nodes + + # clean up parts of the database created by the initramfs udev + udevadm info --cleanup-db + + # set the SELinux context for devices created in the initramfs + [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev + + log_daemon_msg "Starting $DESC" "$NAME" + if start-stop-daemon --start --name $NAME --user root --quiet \ + --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \ + --notify-await; then + # prevents udevd to be killed by sendsigs (see #791944) + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/$NAME + log_end_msg $? + else + log_warning_msg $? + log_warning_msg "Waiting 15 seconds and trying to continue anyway" + sleep 15 + fi + + log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)" + if udevadm trigger --type=subsystems --action=add; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + log_action_begin_msg "Synthesizing the initial hotplug events (devices)" + if udevadm trigger --type=devices --action=add; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + + create_dev_makedev + + # wait for the systemd-udevd childs to finish + log_action_begin_msg "Waiting for /dev to be fully populated" + if udevadm settle; then + log_action_end_msg 0 + else + log_action_end_msg 0 'timeout' + fi + ;; + + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if start-stop-daemon --stop --name $NAME --user root --quiet \ + --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then + # prevents cryptsetup/dmsetup hangs (see #791944) + rm -f $CTRLFILE + log_end_msg $? + else + log_end_msg $? + fi + ;; + + restart) + log_daemon_msg "Stopping $DESC" "$NAME" + if start-stop-daemon --stop --name $NAME --user root --quiet \ + --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then + # prevents cryptsetup/dmsetup hangs (see #791944) + rm -f $CTRLFILE + log_end_msg $? + else + log_end_msg $? || true + fi + + log_daemon_msg "Starting $DESC" "$NAME" + if start-stop-daemon --start --name $NAME --user root --quiet \ + --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \ + --notify-await; then + # prevents udevd to be killed by sendsigs (see #791944) + mkdir -p $OMITDIR + ln -sf $PIDFILE $OMITDIR/$NAME + log_end_msg $? + else + log_end_msg $? + fi + ;; + + reload|force-reload) + udevadm control --reload-rules + ;; + + status) + status_of_proc $DAEMON $NAME && exit 0 || exit $? + ;; + + *) + echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/udev.install b/debian/udev.install new file mode 100644 index 0000000..51323f1 --- /dev/null +++ b/debian/udev.install @@ -0,0 +1,26 @@ +etc/udev/ +lib/udev/* +lib/systemd/network/*.link +lib/systemd/system/systemd-udev* +lib/systemd/system/systemd-hwdb* +lib/systemd/system/*.target.wants/systemd-udev* +lib/systemd/system/*.target.wants/*hwdb* +lib/systemd/systemd-udevd +bin/udevadm +bin/systemd-hwdb +usr/lib/tmpfiles.d/static-nodes-permissions.conf +usr/share/man/man5/udev.conf.5 +usr/share/man/man5/systemd.link.5 +usr/share/man/man7/hwdb.7 +usr/share/man/man7/udev.7 +usr/share/man/man8/systemd-hwdb* +usr/share/man/man8/systemd-udevd* +usr/share/man/man8/udevadm.8 +usr/share/bash-completion/completions/udevadm +usr/share/zsh/vendor-completions/_udevadm +usr/share/pkgconfig/udev.pc +../../extra/initramfs-tools usr/share/ +../../extra/rules/*.rules lib/udev/rules.d/ +../../extra/network/*.link lib/systemd/network/ +#../../extra/*.hwdb lib/udev/hwdb.d/ +../../extra/fbdev-blacklist.conf lib/modprobe.d/ diff --git a/debian/udev.links b/debian/udev.links new file mode 100644 index 0000000..e2ba1e4 --- /dev/null +++ b/debian/udev.links @@ -0,0 +1 @@ +/lib/systemd/system/systemd-udevd.service /lib/systemd/system/udev.service diff --git a/debian/udev.lintian-overrides b/debian/udev.lintian-overrides new file mode 100644 index 0000000..0372d75 --- /dev/null +++ b/debian/udev.lintian-overrides @@ -0,0 +1,3 @@ +# False positive: SUBSYSTEM is tested at the beginning of the rules file. +# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945934 +udev: udev-rule-missing-subsystem lib/udev/rules.d/60-autosuspend-chromiumos.rules:* diff --git a/debian/udev.maintscript b/debian/udev.maintscript new file mode 100644 index 0000000..298b2a9 --- /dev/null +++ b/debian/udev.maintscript @@ -0,0 +1,3 @@ +rm_conffile /etc/init/udev.conf 233-1~ +rm_conffile /etc/init/udevmonitor.conf 233-1~ +rm_conffile /etc/init/udevtrigger.conf 233-1~ diff --git a/debian/udev.postinst b/debian/udev.postinst new file mode 100644 index 0000000..4206321 --- /dev/null +++ b/debian/udev.postinst @@ -0,0 +1,88 @@ +#!/bin/sh + +set -e + +chrooted() { + if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]; + then + # the devicenumber/inode pair of / is the same as that of /sbin/init's + # root, so we're *not* in a chroot and hence return false. + return 1 + fi + echo "A chroot environment has been detected, udev not started." + return 0 +} + +in_debootstrap() { + # debootstrap --second-stage may be run in an emulator instead of a chroot, + # we need to check for this special case because start-stop-daemon would + # not be available. (#520742) + if [ -d /debootstrap/ ]; then + echo "Being installed by debootstrap, udev not started." + return 0 + fi + return 1 +} + +can_start_udevd() { + if [ ! -d /sys/class/ ]; then + echo "udev requires a mounted sysfs, not started." + return 1 + fi + return 0 +} + +enable_udev() { + can_start_udevd || return 0 + invoke-rc.d udev start +} + +upgrade_fixes() { + # new Default-Stop (see #791944) + if dpkg --compare-versions "$2" lt-nl "239-8"; then + update-rc.d -f udev remove + fi +} + +update_hwdb() { + systemd-hwdb --usr update || true +} + +case "$1" in + configure) + # update/create hwdb before we (re)start udev + update_hwdb + + # Add new system group used by udev rules + addgroup --quiet --system input + + # Make /dev/kvm accessible to kvm group + addgroup --quiet --system kvm + + # Make /dev/dri/renderD* accessible to render group + addgroup --quiet --system render + + if [ -z "$2" ]; then # first install + if ! chrooted && ! in_debootstrap; then + enable_udev + fi + else # upgrades + upgrade_fixes "$@" + if ! chrooted; then + if can_start_udevd; then + if [ -d /run/systemd/system ] ; then + systemctl daemon-reload || true + fi + invoke-rc.d udev restart + fi + fi + fi + ;; + + triggered) + update_hwdb + exit 0 + ;; +esac + +#DEBHELPER# diff --git a/debian/udev.postrm b/debian/udev.postrm new file mode 100644 index 0000000..24a5a4f --- /dev/null +++ b/debian/udev.postrm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + rm -f /etc/udev/rules.d/70-persistent-*.rules + rmdir --ignore-fail-on-non-empty /etc/udev/rules.d/ 2> /dev/null || true + rm -f /lib/udev/hwdb.bin + rm -f /var/log/udev + ;; +esac + +#DEBHELPER# diff --git a/debian/udev.preinst b/debian/udev.preinst new file mode 100644 index 0000000..7af4e94 --- /dev/null +++ b/debian/udev.preinst @@ -0,0 +1,83 @@ +#!/bin/sh + +set -e + +# adapted from postinst +chrooted() { + if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]; + then + return 1 + fi + return 0 +} + +check_kernel_features() { + # skip the check if udev is not already active + [ -d /run/udev/ ] || return 0 + + if [ -e /proc/kallsyms ]; then + + local needed_symbols='inotify_init signalfd accept4 open_by_handle_at timerfd_create epoll_create' + for symbol in $needed_symbols; do + if ! egrep -q "^[a-fA-F0-9]+ T \.?sys_${symbol}$" /proc/kallsyms; then + cat <<END +Since release 198, udev requires support for the following features in +the running kernel: + +- inotify(2) (CONFIG_INOTIFY_USER) +- signalfd(2) (CONFIG_SIGNALFD) +- accept4(2) +- open_by_handle_at(2) (CONFIG_FHANDLE) +- timerfd_create(2) (CONFIG_TIMERFD) +- epoll_create(2) (CONFIG_EPOLL) +END + exit 1 + fi + done + + fi + + if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then + cat <<END +Since release 176, udev requires support for the following features in +the running kernel: + +- devtmpfs (CONFIG_DEVTMPFS) +END + exit 1 + fi + + if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || + [ -e /sys/block -a ! -e /sys/class/block ]; then + cat <<END +The currently running kernel has the CONFIG_SYSFS_DEPRECATED option +enabled, which is incompatible with udev. +END + exit 1 + fi +} + +check_version() { + # $2 is non-empty when installing from the "config-files" state + [ -n "$2" ] || return 0 + + if dpkg --compare-versions $2 lt 204-4; then + # these must be checked first to allow aborting before changing anything + if chrooted; then + echo 'Running in a chroot, skipping the kernel versions checks!' + else + check_kernel_features + # suppress errors when the new rules files contain options not supported by + # the old daemon + udevadm control --log-priority=0 || true + fi + fi # 204-4 +} + +case "$1" in + install|upgrade|abort-upgrade) + check_version "$@" + ;; +esac + +#DEBHELPER# diff --git a/debian/udev.prerm b/debian/udev.prerm new file mode 100644 index 0000000..bf65db6 --- /dev/null +++ b/debian/udev.prerm @@ -0,0 +1,31 @@ +#!/bin/sh + +set -e + +# adapted from postinst +chrooted() { + if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]; + then + return 1 + fi + return 0 +} + +kill_udevd() { + if [ -d /run/systemd/system ]; then + systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket + systemctl stop systemd-udevd.service + else + invoke-rc.d udev stop + fi +} + +case "$1" in + remove) + if ! chrooted; then + kill_udevd + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/udev.triggers b/debian/udev.triggers new file mode 100644 index 0000000..7f814f0 --- /dev/null +++ b/debian/udev.triggers @@ -0,0 +1 @@ +interest-noawait /lib/udev/hwdb.d diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..a400b84 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,4 @@ +Bug-Database: https://github.com/systemd/systemd/issues +Bug-Submit: https://github.com/systemd/systemd/issues/new +Repository: https://github.com/systemd/systemd.git +Repository-Browse: https://github.com/systemd/systemd diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..01dc560 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=uversionmangle=s/-rc/~rc/,filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/systemd-$1\.tar\.gz/ \ + https://github.com/systemd/systemd-stable/tags .*/v?(\d\S*)\.tar\.gz |