From f6cfd7e068de7067cb1066ae356d64ba23015793 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 16 Sep 2024 20:09:07 +0200 Subject: Adding debian version 256.1-1. Signed-off-by: Daniel Baumann --- debian/changelog | 18 +++ debian/control | 15 +-- debian/extra/gen-signing-template | 4 +- debian/rules | 8 +- debian/signing-template/control | 1 - debian/signing-template/rules | 2 +- ...oot-efi-amd64-signed-template.lintian-overrides | 1 + ...oot-efi-arm64-signed-template.lintian-overrides | 1 + debian/systemd-cryptsetup.lintian-overrides | 2 + .../systemd-standalone-shutdown.lintian-overrides | 2 + debian/tests/control | 121 +++++++------------ debian/tests/upstream | 134 +++++++++++++++++---- 12 files changed, 193 insertions(+), 116 deletions(-) create mode 100644 debian/systemd-boot-efi-amd64-signed-template.lintian-overrides create mode 100644 debian/systemd-boot-efi-arm64-signed-template.lintian-overrides create mode 100644 debian/systemd-cryptsetup.lintian-overrides create mode 100644 debian/systemd-standalone-shutdown.lintian-overrides (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 2f38fc4..c372313 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +systemd (256.1-1) unstable; urgency=medium + + * Bump versioned breaks against dracut to 102-2 (Closes: #1073290) + * autopkgtest: switch upstream suite to mkosi-based builds + * Add conflict against sysv-rc, insserv and startpar in systemd-sysv. + They are not needed, and having them installed causes problems. + (Closes: #1072562) + * New upstream version 256.1 + * Drop section from binary packages where it matches the source package + * Override Lintian false positives about spare manpages + * Deduplicate template packages descriptions + * Add Lintian override for template package false positives + * Rename EFI architecture variable to avoid dpkg clash. Fixes Lintian + warning: debian-rules-sets-dpkg-architecture-variable + * Upload to unstable. + + -- Luca Boccassi Tue, 18 Jun 2024 23:19:16 +0100 + systemd (256-2) experimental; urgency=medium * Add templated packages for UEFI Secure Boot signing of systemd-boot. diff --git a/debian/control b/debian/control index b45bf3c..6a7736e 100644 --- a/debian/control +++ b/debian/control @@ -114,7 +114,7 @@ Conflicts: consolekit, opensysusers, Breaks: less (<< 563), sicherboot (<< 0.1.6), - dracut (<= 060+5-7), + dracut-core (<< 102-2~), Provides: systemd-sysusers (= ${binary:Version}), systemd-tmpfiles (= ${binary:Version}), Description: system and service manager @@ -136,6 +136,9 @@ Conflicts: sysvinit-core, systemd-shim, initscripts, orphan-sysvinit-scripts, + sysv-rc, + insserv, + startpar, bfh-container (<< 20211009-22~), molly-guard (<< 0.8.2~), progress-linux-container (<< 20221002-11~), @@ -571,17 +574,17 @@ Package: systemd-boot-efi-amd64-signed-template Architecture: amd64 Depends: ${shlibs:Depends}, ${misc:Depends}, Build-Profiles: -Description: Template for signed systemd-boot-efi package +Description: Template for signed systemd-boot-efi package (amd64) This package is used to control code signing by the Debian signing - service. + service (amd64 variant). Package: systemd-boot-efi-arm64-signed-template Architecture: arm64 Depends: ${shlibs:Depends}, ${misc:Depends}, Build-Profiles: -Description: Template for signed systemd-boot-efi package +Description: Template for signed systemd-boot-efi package (arm64) This package is used to control code signing by the Debian signing - service. + service (arm64 variant). Package: systemd-ukify Build-Profiles: @@ -642,7 +645,6 @@ Description: systemd development files Package: systemd-repart Architecture: linux-any -Section: admin Depends: ${shlibs:Depends}, ${misc:Depends}, Recommends: ${dlopen:Recommends}, @@ -657,7 +659,6 @@ Description: Provides the systemd-repart utility Package: systemd-cryptsetup Build-Profiles: Architecture: linux-any -Section: admin Depends: ${shlibs:Depends}, ${misc:Depends}, Recommends: ${dlopen:Recommends}, diff --git a/debian/extra/gen-signing-template b/debian/extra/gen-signing-template index 6c13571..3a25c7e 100755 --- a/debian/extra/gen-signing-template +++ b/debian/extra/gen-signing-template @@ -4,7 +4,7 @@ set -euE export DEB_VERSION="$1" export DEB_HOST_ARCH="$2" -export DEB_HOST_ARCH_EFI="$3" +export TEMPLATE_EFI_ARCH="$3" DISTRIBUTION="$(dpkg-parsechangelog -SDistribution)" URGENCY="$(dpkg-parsechangelog -SUrgency)" @@ -16,7 +16,7 @@ DEB_VERSION_SOURCE="$(echo "$DEB_VERSION" | sed -re 's/\+b[[:digit:]]+$//')" export DEB_VERSION_SOURCE SIGN_TEMPLATE_DIR="debian/systemd-boot-efi-${DEB_HOST_ARCH}-signed-template/usr/share/code-signing/systemd-boot-efi-${DEB_HOST_ARCH}-signed-template" SIGN_SOURCE_DIR="${SIGN_TEMPLATE_DIR}/source-template/debian" -FILE=usr/lib/systemd/boot/efi/systemd-boot${DEB_HOST_ARCH_EFI}.efi +FILE=usr/lib/systemd/boot/efi/systemd-boot${TEMPLATE_EFI_ARCH}.efi for i in $(find debian/signing-template -type f -printf '%P\n'); do mkdir -p "$SIGN_SOURCE_DIR/$(dirname "$i")" diff --git a/debian/rules b/debian/rules index 30dbaa1..e43b781 100755 --- a/debian/rules +++ b/debian/rules @@ -9,9 +9,9 @@ include /usr/share/dpkg/default.mk include /usr/share/debhelper/dh_package_notes/package-notes.mk ifeq (amd64,$(DEB_HOST_ARCH)) -export DEB_HOST_ARCH_EFI=x64 +export TEMPLATE_EFI_ARCH=x64 else ifeq (arm64,$(DEB_HOST_ARCH)) -export DEB_HOST_ARCH_EFI=aa64 +export TEMPLATE_EFI_ARCH=aa64 endif @@ -293,8 +293,8 @@ endif ifeq (, $(filter pkg.systemd.upstream, $(DEB_BUILD_PROFILES))) ifeq ($(DEB_VENDOR),Debian) -ifneq ($(DEB_HOST_ARCH_EFI),) - debian/extra/gen-signing-template $(DEB_VERSION) $(DEB_HOST_ARCH) $(DEB_HOST_ARCH_EFI) +ifneq ($(TEMPLATE_EFI_ARCH),) + debian/extra/gen-signing-template $(DEB_VERSION) $(DEB_HOST_ARCH) $(TEMPLATE_EFI_ARCH) endif endif endif diff --git a/debian/signing-template/control b/debian/signing-template/control index 8baaf83..cfe456f 100644 --- a/debian/signing-template/control +++ b/debian/signing-template/control @@ -11,7 +11,6 @@ Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git Vcs-Browser: https://salsa.debian.org/systemd-team/systemd Package: systemd-boot-efi-${DEB_HOST_ARCH}-signed -Section: admin Architecture: ${DEB_HOST_ARCH} Provides: systemd-boot-efi-signed Built-Using: systemd (= ${DEB_VERSION_SOURCE}) diff --git a/debian/signing-template/rules b/debian/signing-template/rules index 0887e3e..b248342 100755 --- a/debian/signing-template/rules +++ b/debian/signing-template/rules @@ -2,7 +2,7 @@ include /usr/share/dpkg/default.mk -BINARY = systemd-boot${DEB_HOST_ARCH_EFI}.efi +BINARY = systemd-boot${TEMPLATE_EFI_ARCH}.efi INSTALLED = usr/lib/systemd/boot/efi/$(BINARY) SIGNATURE = debian/signatures/systemd-boot-efi/$(INSTALLED).sig diff --git a/debian/systemd-boot-efi-amd64-signed-template.lintian-overrides b/debian/systemd-boot-efi-amd64-signed-template.lintian-overrides new file mode 100644 index 0000000..170a3f6 --- /dev/null +++ b/debian/systemd-boot-efi-amd64-signed-template.lintian-overrides @@ -0,0 +1 @@ +systemd-boot-efi-amd64-signed-template: script-not-executable [usr/share/code-signing/systemd-boot-efi-amd64-signed-template/source-template/debian/rules] diff --git a/debian/systemd-boot-efi-arm64-signed-template.lintian-overrides b/debian/systemd-boot-efi-arm64-signed-template.lintian-overrides new file mode 100644 index 0000000..ccdf68c --- /dev/null +++ b/debian/systemd-boot-efi-arm64-signed-template.lintian-overrides @@ -0,0 +1 @@ +systemd-boot-efi-arm64-signed-template: script-not-executable [usr/share/code-signing/systemd-boot-efi-arm64-signed-template/source-template/debian/rules] diff --git a/debian/systemd-cryptsetup.lintian-overrides b/debian/systemd-cryptsetup.lintian-overrides new file mode 100644 index 0000000..590612b --- /dev/null +++ b/debian/systemd-cryptsetup.lintian-overrides @@ -0,0 +1,2 @@ +# Lintian is really bad at associating manpages +systemd-cryptsetup: spare-manual-page diff --git a/debian/systemd-standalone-shutdown.lintian-overrides b/debian/systemd-standalone-shutdown.lintian-overrides new file mode 100644 index 0000000..88e99c1 --- /dev/null +++ b/debian/systemd-standalone-shutdown.lintian-overrides @@ -0,0 +1,2 @@ +# Lintian is really bad at associating manpages +systemd-standalone-shutdown: spare-manual-page diff --git a/debian/tests/control b/debian/tests/control index dcc19eb..fb7db14 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -131,15 +131,19 @@ Depends: systemd-tests, Restrictions: needs-root, isolation-container, breaks-testbed Tests: upstream -Depends: systemd-tests, - systemd-dev, +Depends: systemd (>= 254~), + systemd-container (>= 254~), systemd-journal-remote, systemd-container, + systemd-ukify, + systemd-dev, + systemd-tests, systemd-coredump, systemd-timesyncd, systemd-oomd, systemd-homed, systemd-resolved, + systemd-boot [amd64 arm64 armhf i386 riscv64], systemd-repart, systemd-cryptsetup, systemd-boot-efi [amd64 arm64 armhf i386 riscv64], @@ -147,92 +151,53 @@ Depends: systemd-tests, libnss-mymachines, libnss-resolve, libnss-systemd, - attr, - tree, - perl, - xz-utils, - libcap2-bin, - iproute2, - lz4, - acl, - dmeventd, - kbd, - cryptsetup-bin, - cryptsetup-initramfs, - net-tools, - isc-dhcp-client, - iputils-ping, - strace, qemu-system-x86 [amd64 i386], qemu-system-arm [arm64 armhf], qemu-system-ppc [ppc64el], qemu-system-s390x [s390x], - seabios, - less, + qemu-system-misc [!amd64 !arm64 !armhf !i386 !ppc64el !s390x], + ovmf [amd64], + ovmf-ia32 [i386], + qemu-efi-aarch64 [arm64], + qemu-efi-arm [armhf], + qemu-efi-riscv64 [riscv64], + seabios [ppc64el s390x], + swtpm, + swtpm-tools, + tpm2-tools, + git, + ca-certificates, + build-essential, pkgconf, - gcc, - libc6-dev | libc-dev, - make, - quota, + libcap-dev, + mount, + libmount-dev, + python3-jinja2, + meson, + gperf, + libblkid-dev, + libcap-dev, + python3-pefile, + sbsigntool [amd64 arm64 armhf i386 riscv64], + mtools, + bash, + bubblewrap (>= 0.4~), + reprepro, fdisk, - netcat-openbsd, - socat, - busybox-static, - plymouth, + cryptsetup-bin, + gnupg, + openssh-client, + python3-cryptography, e2fsprogs, - zstd, - squashfs-tools, - vim-tiny, dosfstools, - mtools, erofs-utils, - libdw-dev, - libelf-dev, - dbus-user-session, - libtss2-dev, - libfido2-dev, - libqrencode-dev, - libpwquality-dev, - libarchive-dev, - libp11-kit-dev, - libssl-dev, - libgcrypt20-dev, - libkmod-dev, - python3-pexpect, - screen, - swtpm, - tpm2-tools, - openssl, - bsdutils, - knot, - knot-dnssecutils | knot-dnsutils, - bind9-dnsutils, - bind9-host, - nftables, - jq, - psmisc, - xkb-data, - locales, - locales-all, - stress, - curl, - tzdata-legacy | tzdata (<< 2024a-1), - python3-pefile, - nvme-cli, - mdadm, - lvm2, + squashfs-tools, btrfs-progs, - multipath-tools, - kpartx, - gnutls-bin, - opensc, - softhsm2, - openssh-client, - openssh-server, - polkitd, - open-iscsi, - tgt, -Restrictions: needs-root, allow-stderr, isolation-machine + xz-utils, + zstd, + uidmap, + jq, +Restrictions: needs-root, allow-stderr, isolation-machine, needs-internet, breaks-testbed Tests: boot-smoke Depends: systemd-sysv, diff --git a/debian/tests/upstream b/debian/tests/upstream index 850add1..6b7899a 100755 --- a/debian/tests/upstream +++ b/debian/tests/upstream @@ -1,31 +1,119 @@ #!/bin/sh -# run upstream system integration tests -# Author: Martin Pitt +# run upstream system integration tests via mkosi set -e +set -x + +cleanup () { + if [ -f "${workdir}/btrfs/build/meson-logs/testlog.txt" ]; then + cp "${workdir}/btrfs/build/meson-logs/testlog.txt" "$AUTOPKGTEST_ARTIFACTS" + fi + if [ -d "${workdir}/btrfs/build/test/journal" ]; then + cp -r "${workdir}/btrfs/build/test/journal" "$AUTOPKGTEST_ARTIFACTS" + fi + if [ -n "$workdir" ]; then + umount "$workdir/btrfs" || true + losetup --detach "$loop" || true + rm -rf "$workdir" + fi +} + +# apparmor is not compatible with swtpm +aa-teardown >/dev/null 2>&1 || true +# we need user namespaces for some tests running in nspawn +sysctl -we kernel.apparmor_restrict_unprivileged_unconfined=0 +sysctl -we kernel.apparmor_restrict_unprivileged_userns=0 + +mkdir -p /run/systemd/resolved.conf.d/ +tee /run/systemd/resolved.conf.d/dns.conf <